Mississauga man pleads guilty to laundering money in alleged North Korean cyberhack

·4 min read

WASHINGTON — A Canadian man has pleaded guilty in what U.S. prosecutors described Wednesday as a scheme by hackers linked to military intelligence in North Korea to steal more than $1.3 billion from banks, governments and companies around the world.

Ghaleb Alaumary, 37, of Mississauga, Ont., was charged with conspiring to launder money on behalf of what the U.S. Department of Justice called a "wide-ranging criminal conspiracy" that targeted everything from a Hollywood movie studio to the U.S. State Department.

John Demers, the department's assistant attorney general for national security, described the regime of North Korean leader Kim Jong Un as nothing short of "a criminal syndicate with a flag."

"North Korea's operatives — using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash — are the world’s leading bank robbers," Demers said.

He said the DOJ has "obtained custody" of Alaumary, a dual U.S.-Canadian citizen "who organized the laundering of millions of dollars stolen by the DPRK hackers."

"He has admitted his role in these criminal schemes in a plea agreement, and he will be held to account for his conduct."

Prosecutors say Alaumary used co-conspirators "in the United States and Canada" to help launder the proceeds from "cash-out" schemes, which involve hacking ATMs to enable fraudulent withdrawals.

He also helped with cyber-enabled bank robberies as well as "business email compromise" scams, where criminals use phishing emails to intercept legitimate fund transfers.

RCMP officials did not immediately respond to inquiries Wednesday about Alaumary's alleged Canadian co-conspirators.

Alaumary pleaded guilty to one count of conspiracy to commit money laundering, which carries a maximum penalty of 20 years in prison. He is also currently facing charges in Georgia related to his alleged involvement in a separate business email compromise scheme.

The indictment unsealed Wednesday in Los Angeles was just the latest stage in a long and wide-ranging investigation into North Korean cyberattacks that first came to prominence in November 2014.

That's when Sony Pictures Entertainment was targeted over "The Interview," a controversial Seth Rogen-James Franco farce that mocked Kim, prompting the famously thin-skinned regime to declare the film "an act of war."

The original 2018 indictment also charged a North Korean programmer in the $81-million cyber-robbery of the Bank of Bangladesh in 2016 and the 2017 WannaCry ransomware attack.

"The events as described in that complaint provided the first indications that the North Korean regime would become focused on, and adept at, stealing money from institutions around the world," Demers said.

That same programmer, 36-year-old Park Jin Hyok, was newly charged in Wednesday's indictment, along with two others: Jon Chang Hyok, 31, and Kim Il, 27.

The department described the three as members of the Reconnaissance General Bureau, "a military intelligence agency of the Democratic People's Republic of Korea." None of the three are in U.S. custody.

The alleged conspiracy laid out Wednesday was breathtaking in its scope. It included:

— The cyberattacks against Sony and AMC Theatres in 2014 in retaliation for "The Interview," which documented a fictional assassination attempt against Kim;

— Four years' worth of attempts to steal more than $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa;

— Numerous ATM "cash-out" thefts — hacking the machines to facilitate fraudulent withdrawals — around the world, including $6.1 million from a Pakistani bank in October 2018;

— The WannaCry attacks in 2017 and subsequent extortion and extortion attempts against victim companies, which continued through 2020;

— An array of "malicious cryptocurrency applications" designed to give hackers backdoor access to target computers;

— The theft of more than $100 million from cryptocurrency companies around the world;

— Extensive "spear-phishing" campaigns, aimed at tricking computer users into clicking on phoney email links, against U.S. defence contractors, aerospace and technology companies, as well as the U.S. State Department and Department of Defense.

As a rogue nuclear power, North Korea has been the target of international economic and financial sanctions of varying severity for the better part of the last 15 years.

That, combined with the lingering effects of the Communist nation's command economy, is likely the primary reason why North Korea has effectively turned to cybercrime, authorities say.

"The range of crimes they have committed is staggering," said California acting U.S. Attorney Tracy Wilkison.

"The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime."

This report by The Canadian Press was first published Feb. 17, 2021.

James McCarten, The Canadian Press