Feds Charge North Korean Cyber-Operative In Sony Hack, Ransomware Attack

Enlarge this image toggle caption Terence Tan /Singapore Ministry of Communications and Information via Getty Images Terence Tan /Singapore Ministry of Communications and Information via Getty Images

Updated at 6:09 p.m. ET

The Justice Department announced charges Thursday against a North Korean man in connection with a series of infamous cyberattacks, including the 2014 hack of Sony Pictures Entertainment and the WannaCry ransomware that paralyzed computers across the globe.

Park Jin Hyok was part of a hacking group that conducted some of the most destructive recent online attacks in the world, according to a criminal complaint unsealed Thursday.

The malicious activities attributed to Park and his group include the cybertheft of $81 million from the Bangladesh Bank.

"The scale and scope of the cyber-crimes alleged by the complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations," said Assistant Attorney General for National Security John C. Demers.

The charges were announced as President Trump and his administration negotiate with North Korea to end its nuclear program. It was not immediately clear what effect they might have on those diplomatic efforts — whether, for example, North Korean strongman Kim Jong Un might walk away.

Statement of the charges

Park, 34, worked for a North Korean government front company called the Korea Expo Joint Venture, according to the complaint. But the Justice Department alleges that Park was in fact a member of a hacking team known as the "Lazarus Group," which is says is sponsored by the North Korean government.

Park faces charges that include conspiracy to commit wire fraud. His last known location was North Korea, according to U.S. officials, which means he is unlikely to ever stand trial in the United States.

Still, the allegations against him relate to two of the most destructive cyberattacks in recent years.

The 2014 hack against Sony took place ahead of the studio's release of "The Interview," a comedy about a CIA plot to assassinate North Korean leader Kim.

The hackers stole a cache of emails, which were later publicly released to the embarrassment of studio executives. They also destroyed much of Sony's computer infrastructure.

The Obama administration officially blamed North Korea for the attack and imposed sanctions against the country, but the Park charges are the first brought over the intrusion.

The WannaCry 2.0 attack, meanwhile, took place in 2017 and was stunning in its scale and speed. In essence, WannaCry locked more than 300,000 computers in some 150 countries worldwide and demanded money from victims in order to be unlocked.

It hit the British health care sector particularly hard, compromising computer systems at hospitals and causing chaos for patients and providers.

The attack exploited a vulnerability in old Microsoft Windows software. That vulnerability appears to trace back to a cache of cyber-weapons stolen from the National Security Agency.

Why charge those who won't be tried?

The charges against Park continue a strategy by the U.S. government to generate detailed, legally admissible cases against foreign cyber-attackers even though they're unlikely to see the inside of a U.S. courtroom.

The government also has charged or indicted Russian, Chinese and Iranian hackers.

The charges are seen as one tool the U.S. government can use to try to impose consequences for these sorts of cyberattacks.

"Things will never get better unless there are penalties," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington, D.C.

Lewis added that the U.S. still hasn't figured out what all of those penalties should be.

Senate intelligence committee vice chairman Mark Warner, D-Va., hailed the strategy on Thursday but said Washington has more work ahead in determining ways to try to prevent big cyberattacks before the fact.

"This indictment is the result of years of hard work by the FBI and the Department of Justice, and it is an important step in making clear to our adversaries that these kinds of criminal activities are unacceptable," Warner said. "It also points to the need for a clearly thought-out and articulated strategy for deterring and punishing state-sponsored cyberattacks."

The Trump administration did impose other punitive measures on Park and his employer on Thursday: the Treasury Department says it has sanctioned him and Korea Expo Joint Venture.

Potential effect on nuclear talks

The charges against Park were announced as the Trump administration's nuclear talks with North Korea have sputtered to a near standstill.

On Thursday, the State Department said the new U.S. special envoy for North Korea, Stephen Biegun, will head to the region next week to try to push the negotiations forward.

Before the charges were announced, North Korean's leader Kim reportedly told South Korean officials that he remains committed to denuclearization and still has faith in Trump.

Trump responded on Twitter, thanking Kim for his kind words and promising they will "get it done together."

It's unclear whether the charges against Park will register in those talks. Pyongyang could seize on them--or ignore them, depending on its broader intentions.

"North Koreans will always use whatever they can to their advantage," said Jean Lee, the director of the Korea program at the Wilson Center.

She noted that earlier this year, Pyongyang ignored the State Department's accusation that North Korea was behind the 2017 assassination of Kim's half-brother.

"There was no major fallout then," Lee said. "North Korea is strategic about what it responds to."