Justice Department Brings Charges Against North Koreans for Sony Hack

The government lays blame for a sophisticated cyber operation that caused the 2014 attack on the same day that President Trump thanks North Korea leader Kim Jong-un.
Illustration by: Thomas Kuhlenbeck

Nearly four years after an infamous hacking that nearly crippled Sony Pictures, the U.S. Department of Justice is charging North Korean nationals with being behind the attack. A criminal complaint spells out a "wide-ranging, multi-year conspiracy to conduct computer intrusions and commit wire fraud by co-conspirators working on behalf of" North Korea.

The hack, which came just before Sony's release of the Kim Jong-un assassination flick The Interview, exposed a massive trove of Internal emails and financial information for the studio. A hacking group identifying itself as "Guardians of Peace" published the hacked materials and alerted journalists to their existence. What followed was months of stories about the inner doings of Sony and eventually the departure of some of Sony's top executives. Sony scrambled to distribute The Interview upon further threats of terrorism, and the company also faced a class action from former employees that it later settled for $8 million.

The U.S. government has long attributed the attack to North Korea, but now, federal prosecutors are laying out what happened in court for the first time. According to the complaint, the targeting of Sony Pictures involved "internet reconnaissance and spear-phishing messages directed at them beginning in September 2014." 

Investigators found the hackers researched their victims on the Internet and social media then used the information they found to send highly-targeted and personalized emails that reflected the interests of the victims in an effort to breach their employers’ network security.

The FBI's investigation revealed that employees of AMC Theaters, which was scheduled to show The Interview, were also targeted with malware. The perpetrator sent emails using the names of real AMC employees and registered bogus Facebook pages — but the FBI has no evidence any of the spear-phishing attempts were successful. 

British production company Mammoth Screen was also targeted. It had been working on a series called Opposite Number, which, according to the complaint, centered on a British nuclear scientist who was taken prison in North Korea while on a covert mission. Investigators found 17 employee email addresses that had been collected, largely using social media, and their evidence shows an intrusion was detected and remediated.  

Park Jin Hyok is one of the individuals charged. Park was allegedly employed by Chosun Expo Joint Venture, said to be a "front" for the North Korea government. 

The charges not only go into the Sony Hack, but detail an allegedly fraudulent $81 million transfer from Bangladesh Bank and the targeting of U.S. defense contractors, university faculty, technology companies, virtual currency exchanges, and U.S. electric utilities. The alleged perpetrators of the Sony Hack are also said to be responsible for authoring the malware used in a ransomware cyber-attack known as "WannaCry 2.0."

"In sum, the scope and damage of the computer intrusions perpetrated and caused by the subjects of this investigation, including Park, is virtually unparalleled," states the complaint.

In a strange bit of timing, news of the charges comes on the same day that President Donald Trump tweeted, "Kim Jong Un of North Korea proclaims 'unwavering faith in President Trump.' Thank you to Chairman Kim. We will get it done together!"

Meanwhile the justice department wants to send a message that "we will track down malicious actors no matter how or where they hide."

“The complaint alleges that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars’ worth of damage," said Assistant Attorney General for National Security John C. Demers in a Thursday press release. "The investigation, prosecution, and other disruption of malicious state-sponsored cyber activity remains among the highest priorities of the National Security Division.”

Park is charged with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire fraud, which carry a combined maximum sentence of 25 years in prison.