DOJ Releases Charges Against Last of Four Top U.S. Cyber Adversaries

The Justice Department filed a criminal complaint against a hacker with links to the North Korean government Thursday for a slew of cyberattacks, including the 2014 strike against Sony Pictures Entertainment and the WannaCry malware attack that compromised computers across the world last year.

The complaint marks a milestone for the Justice Department, which has now taken criminal legal action against “four out of four” of the U.S.’s four main cyber adversaries, assistant Attorney General John Demers said during a news conference.

The hacker, Park Jin Hyok, was also instrumental in the digital theft of $81 billion from Bangladesh Bank in 2016, according to the charging documents.

The charges, which come more than three years after the Obama White House officially attributed the Sony hack to the North Korean regime, describe Park as part of a North Korean hacking group called the Lazarus Group but doesn’t name any other members.

Officials linked Park to the North Korean regime but did not name any government officials who directed him.

According to the complaint, Park worked for a government-linked company called the Korea Expo Joint Venture, or KEJV. The Treasury Department imposed sanctions on Park and KJEV in connection with the complaint.

The Trump administration previously released a criminal charge and sanctions double punch in March against Iranian hackers targeting U.S. universities. The Treasury Department sanctioned the Russian hackers who targeted the Democratic National Committee in March after Special Counsel Robert Mueller filed indictments.

The Justice Department has not contacted the North Korean government about turning Park over, an official said.

The 179-page complaint against Park was originally filed June 8, but unsealed Thursday. Justice declined to say whether the release was delayed because of President Donald Trump’s Singapore summit with North Korean leader Kim Jong Un later in June or efforts since then toward a nuclear détente between the two nations.

The Obama White House previously imposed broad sanctions against North Korea over the Sony hack in 2015. That marked the first time the U.S. government sanctioned a foreign nation for cyber meddling.

That attack, which leaked reams of Sony emails and unreleased films, came as the movie studio was preparing to release “The Interview,” a comedy that played the killing of Kim Jong Un for laughs.

Despite Thursday’s criminal charges, it’s highly unlikely Park will ever be arrested or face a trail in the U.S. While the U.S. has successfully extradited numerous criminal hackers from Russia and elsewhere, none of the government-linked hackers the U.S. has indicted from China, Russia, Iran and elsewhere has ever reached a U.S. courtroom.

Both the Trump and Obama administrations have struggled to demonstrate that the U.S. will punch back in a meaningful way to adversary cyber strikes while also evading the negative second and third order consequences that some of the harshest responses might draw, such as imposing serious sanctions on a major U.S. trading partner.

Officials regularly intimate that the U.S. is covertly responding to some cyber strikes.

Many cyber experts and former officials warn against the U.S. taking too many escalatory actions in cyberspace, though, because, as the world’s most digitally-connected and dependent nation, the U.S. is also the most vulnerable to large scale cyberattacks.

During a panel discussion at the Billington Cybersecurity Conference in Washington Thursday, Federal Chief Information Security Officer Grant Schneider pointed to the North Korea complaint as a model for how allied nations can work together in cyberspace.

Homeland Security cyber official Jeanette Manfra declined to discuss the complaint specifically, but said that it’s “important to hold people accountable for their actions and use the tools that the government has available.”