CORRECTED: 12:55 ET on 2021-02-18
The United States has charged three North Korean military intelligence operatives with attempting the cybertheft of $1.3 billion from banks and cryptocurrency companies around the world, including South and Southeast Asia, the U.S. Department of Justice said on Wednesday.
The conspirators hacked into the computers of victims to steal data and money, and further the strategic and financial interests of the North Korean regime and its leader, Kim Jong Un, U.S. justice officials said.
Jon Chang Hyok, 31, Kim Il, 27, and Park Jin Hyok, 36, also stole around $100 million from Bangladesh’s central bank in 2016, said a Dec. 8, 2020 federal indictment in California that was unsealed on Wednesday.
“The hackers attempted to steal or extort more than $1.3 billion from victims in cyber-enabled heists and Automated Teller Machine (“ATM”) cash-outs from banks, cyber-enabled heists from cryptocurrency companies, and cyber-enabled extortion schemes,” the indictment said.
“The hackers hacked and defrauded victims around the world - including in Bangladesh, Malta, Mexico, Indonesia, Pakistan, the Philippines, Poland, the Republic of Korea, Slovenia, Taiwan, the United Kingdom, Vietnam, Central America, and Africa - as well as in the United States and, specifically, the Central District of California,” the indictment said.
Of the three accused, Park Jin Hyok had been previously charged in an indictment unsealed in 2018.
“Today’s unsealed indictment expands upon the FBI’s 2018 charges for the unprecedented cyberattacks conducted by the North Korean regime,” Paul Abbate, deputy director of the Federal Bureau of Investigation, said in a statement.
While the conspiracy was in operation, the three North Korean hackers, who were working at units of the country’s Reconnaissance General Bureau, traveled to and worked from other countries, including China and Russia, the indictment said. The bureau, a military intelligence agency headquartered in Pyongyang, comprised multiple units, according to the court document.
The North Korean hackers’ successful thefts in South and Southeast Asia were from institutions in Bangladesh, Indonesia, Taiwan, and Vietnam, according to a copy of the indictment.
About 2 million euros (U.S. $ 2.4 million) was fraudulently transferred by the hackers from a Vietnamese bank to accounts in Bulgaria and Slovenia in December 2015, the indictment said.
Taiwan’s Far Eastern International Bank became a target of the North Korean hackers in October 2017. About $60 million was transferred by the hackers from this Taipei-based bank to accounts in Sri Lanka, Cambodia, and the United States.
The indictment said that on Feb. 4, 2016, the North Korean hackers attempted to conduct fraudulent wire transfers worth about $951 million from Bangladesh Bank, the country’s central bank, and succeeded in fraudulent wire transfers of $81 million to bank accounts in the Philippines and $20 million to a bank account in Sri Lanka.
The $20 million transfer was immediately detected and returned to Bangladesh Bank's account at Federal Reserve Bank of New York.
In Indonesia, the North Korean hackers “fraudulently transferred cryptocurrency, valued at approximately $24.9 million” from a cryptocurrency exchange based in Jakarta in September 2018, the indictment said.
In a plan to create a digital token called “Marine Chain Token,” which would allow investors to purchase fractional ownership interests in marine shipping vessels, the hackers also tried to receive approval from the Securities and Futures Commission of Hong Kong to trade the Marine Chain Token as a security.
While the hackers didn’t steal from institutions in Cambodia, the Philippines, Taiwan, and Thailand, they did transfer funds to accounts there, creating at least one bilateral controversy.
Bangladeshi bank heist
Bangladesh sued the Philippines in February 2019, saying bankers there conspired with the North Korean hackers in the theft of the $81 million, which was stolen from Bangladesh Bank and wire transferred to a Philippine bank.
The lawsuit said Makati-based Rizal Commercial Banking Corp. (RCBC) of the Philippines along with eight of its officers conspired with casino operators, Chinese citizens, and the hackers to rob Bangladesh Bank funds kept in an account at the U.S. Federal Reserve Bank in New York.
To pull off the heist, “the North Korean hackers aligned with co-conspirators in the Philippines, most importantly, RCBC. ... The conspirators used RCBC’s New York City correspondent accounts to receive the fraudulent transfers from the New York Fed,” said the Bangladesh government complaint filed in New York.
The techniques used by the North Korean hackers differed vastly from, say, the infamous American bank robber John Dillinger’s methods, and Assistant Attorney General John C. Demers of the Justice Department’s National Security Division described the contrast.
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” Demers said in a statement.
Reported by BenarNews, an RFA-affiliated online news service.
CORRECTION: An earlier version of this story incorrectly implied that the indictment unsealed Wednesday revealed the extent of the Bangladesh Bank heist for the first time.