By Aruna Viswanatha and Dustin Volz
This article is being republished as part of our daily
reproduction of WSJ.com articles that also appeared in the U.S.
print edition of The Wall Street Journal (September 7, 2018).
The U.S. announced charges against a North Korean operative in
connection with cyberattacks including the 2014 Sony Pictures hack
and a global ransomware attack last year, intensifying pressure
against a cyber army that has morphed into one of the world's most
sophisticated hacking operations.
Park Jin Hyok was accused in a criminal complaint dated June 8
but unsealed Thursday of working with other unnamed co-conspirators
to conduct a series of cyberattacks on corporate and financial
networks to steal money and information at the direction of the
North Korean government.
Prosecutors also accused Mr. Park of playing a role in the theft
of $81 million from Bangladesh's account at the Federal Reserve
Bank of New York in 2016, which prosecutors said was the largest
ever successful cybertheft from a financial institution.
The case, the first to explicitly target North Korean
state-backed hackers, was filed days before President Trump's June
12 summit with North Korea's leader in Singapore.
Justice Department officials declined to comment on why the case
wasn't made public until nearly three months after it was filed,
saying only that decision on timing involve multiple factors
including when a case might have the "greatest impact."
The case comes as U.S.-North Korea denuclearization talks have
reached a standstill, and the State Department said Thursday that a
former Ford Motor Co. executive recently tapped to pursue
negotiations with North Korea will travel to Asia next week.
Stephen Biegun, named Special Representative for North Korea by
Secretary of State Mike Pompeo, will travel to Seoul, Tokyo and
Beijing between Sept. 10 and Sept. 15, although officials didn't
announce any travel by Mr. Biegun to North Korea.
A South Korean delegation met with North Korean leader Kim Jong
Un earlier this week and said Mr. Kim was interested in rekindling
talks and told the South Koreans he had faith in Mr. Trump. Mr.
Trump, in reply, tweeted Thursday: "Thank you to Chairman Kim. We
will get it done together!"
The complaint alleges Mr. Park worked with others in persistent
attempts to carry out the cyberattacks between 2014 and through
this year. Those include efforts to hack into and steal money from
banks in the U.S. and several other countries with attempted thefts
of more than $1 billion, prosecutors said.
"Working for a foreign government does not immunize criminal
conduct," John Demers, who runs the Justice Department's national
security division, said at a briefing about the case. "These
activities run afoul of norms of acceptable state behavior in
cyberspace," Mr. Demers said, urging the "international community"
to take action.
Prosecutors said they gathered evidence of Mr. Park's alleged
crimes by analyzing compromised computers and executing about 100
search warrants to access more than 1,000 email and social-media
accounts. Investigators said they issued 85 formal requests from
foreign countries for evidence from communications providers.
Mr. Park had been living in China and working for a North Korean
front company called Chosun Expo that is affiliated with one of the
government's hacking organizations, sometimes referred to as Lab
110, prosecutors said. He appeared to return to North Korea shortly
before the 2014 Sony breach, the complaint said.
As part of Thursday's actions, the Treasury Department levied
financial sanctions on Mr. Park and Chosun Expo, describing Chosun
as an entity controlled by North Korea.
Mr. Park is believed to be in North Korea and couldn't be
located for comment.
Soon after the Sony breach, which exposed thousands of
embarrassing emails between executives and led the studio to pull
the movie "The Interview" from theaters, the FBI publicly
identified North Korea as the likely perpetrator.
The movie involved a satirical plot to kill North Korean leader
Kim Jong Un. The new complaint said the hackers also targeted AMC
Theatres, which was scheduled to release and show "The Interview,"
sending sophisticated spear-phishing messages to multiple AMC
employees.
The U.S. case comes as North Korea built a cyberarmy that has
about 7,000 hackers and support staffers.
The team described in the complaint, often called "Lazarus" by
private security researchers, is known to attack foreign entities
and has previously been associated with North Korea's most
headline-grabbing campaigns. Those included the Sony attack and
last year's WannaCry ransomware, which locked digital files on
hundreds of thousands of computers and demanded bitcoin payment for
their release. The new cases throws the weight of the U.S.
government squarely behind those assessments.
The Justice Department has previously brought similar hacking
cases against Chinese, Iranian and Russian hackers, but most of the
defendants remain overseas. The goal of such cases, officials say,
is to publicly expose the hackers and try to deter such
activities.
Senior officials have conceded there is little they can do to
deter North Korea from using hacking tools to support its regime,
in part because it is already under heavy sanctions and has no
compunction about being shamed for its activities.
After the Sony breach, then-President Obama was alarmed at how
it had the effect of chilling free speech in the U.S. by forcing
Sony to not show "The Interview" in theaters.
"We cannot have a society in which some dictator someplace can
start imposing censorship here in the United States," Mr. Obama
said at the time.
Since then, North Korea has only become more emboldened to use
its cyberarsenal, and has developed more sophisticated
capabilities, experts say. They include the theft of bitcoin and
other cryptocurrencies to enrich its regime.
Last December, the White House publicly blamed Pyongyang for
unleashing the WannaCry worm, an unprecedented cyberattack that
infected more than 300,000 computers in more than 150 countries,
crippling banks, hospitals and other companies.
The Federal Bureau of Investigation and the Department of
Homeland Security also issued public alerts last year warning that
hackers working for the North Korean government had been targeting
critical infrastructure in the U.S. as well as the media, aerospace
and financial sectors, in a campaign of attacks dating back to
2009.
Some doubted the charges would have any real-world practical
effect or signaled a broader strategy from the Trump administration
on how to combat state-sponsored cyberthreats.
The charges were "cute, but ineffective," said Blake Darche, a
former National Security Agency hacker. "The attacks will
continue," said Mr. Darche, co-founder of the cyber firm Area 1
Security.
Write to Aruna Viswanatha at Aruna.Viswanatha@wsj.com
(END) Dow Jones Newswires
September 07, 2018 02:47 ET (06:47 GMT)
Copyright (c) 2018 Dow Jones & Company, Inc.