Cybersecurity

Charges against North Korea mark new phase in cyber crackdown

Department of Justice (DOJ) officials have unsealed a massive, 179-page complaint against a North Korean hacker, marking a significant benchmark in U.S. efforts to crack down on foreign cyberattacks.

The document alleges that a North Korean programmer, alongside others, executed major attacks with the backing of Kim Jong Un’s government. And DOJ officials are touting the findings as an example of their willingness to go after foreign cyber actors who engage in cyberattacks against the U.S. and its allies.

{mosads}“The charges reflect the department’s determination and ability to follow the facts and the law, and to hold individuals and nations accountable for their crimes,” Assistant Attorney General for National Security John Demers told reporters on Thursday.

The allegations date back to 2014, a sign that officials are not willing to let past attacks slide as they attempt to guard against foreign efforts to influence the November midterm elections.

Demers noted during a press call with reporters that with the complaint against North Korea, DOJ has now retaliated against four nations believed to be hostile cyber actors; the others are Russia, China and Iran.

He said that when the U.S. began issuing the charges, starting with those against Chinese nationals in 2015, U.S. officials “made clear that working with a foreign government does not immunize criminal conduct.”

The complaint goes into great detail about how the cyberattacks, believed to be backed by the North Korean government, were carried out. The 2014 hack on Sony, the theft of about $81 million from the national bank of Bangladesh and last year’s WannaCry ransomware attack are all described in the documents.

Experts say that lengthy and specific complaints like the one issued this past week help reveal the strategies and techniques used by hackers, while demonstrating that the U.S. is making strides in how it cracks down on malicious cyber actors.

Eric Chien, the technical director of cybersecurity firm Symantec’s Security Response, said that the continuing U.S. actions against hostile nation states shows a high level of commitment on the part of the federal government.

“I think the U.S. has demonstrated they’re willing to invest and go after these attacks and they’re not just going to let them slide,” he said, citing the similar cyber charges against Russia, China and Iran.

Symantec had been tracking the North Korean hackers and was referenced in the complaint.

Chien said that while the immediate impact of the complaint is unknown, “it’s pretty clear the U.S. is intent on taking steps to demonstrate that these types of actions aren’t acceptable.”

Richard Harknett, a cybersecurity researcher and head of the political science department at the University of Cincinnati, said that the complaint shows that the U.S. has some “sophisticated forensic capabilities” in tracking the actions of foreign hackers, and it serves as a warning to those targeting the U.S. that their American operations aren’t “as opaque as they think.”

The programmer named in the indictment, Park Jin Hyok, allegedly worked for a group on behalf of North Korean intelligence that was tasked with generating revenue. Several of the group’s hacks focused on financial institutions.

Harknett noted that the motivations of the North Korean hackers differed from those of other countries who usually engage in other cyber crimes. For example, special counsel Robert Mueller charged about a dozen Russian military intelligence officers with the 2016 hack of the Democratic National Committee.

Benjamin Read, head of cyber espionage analysis for FireEye, said the extensive detail in the this recent complaint could send a message to the North Korean hackers that U.S. officials are looking over their shoulder.

“I do think the detail is notable because you can really show all of their work,” Read said of the complaint. “We’ll see if that has a different effect than the other public statements.”

Researchers at FireEye helped DOJ with its analysis of some of the allegations in the document.

Still, Read noted that the U.S. had slapped sanctions against North Korea after the 2014 Sony hack, yet the hackers forged ahead, taking on more sophisticated forms of attacks.

Lawmakers on both sides of the aisle, however, raised questions about the effectiveness of a legal complaint, pointing out that the chances of North Korea extraditing the charged programmer are slim to none.

Sen. Mark Warner (Va.), the ranking Democrat on the Senate Intelligence Committee, called the complaint an example of why the U.S. needs to have a more cohesive strategy in place to deter cyberattacks.

And Sen. Ben Sasse (R-Neb.) highlighted how much time had passed between the complaint and the 2014 hack on Sony.

“Cyber war gives outsized opportunities to North Korea and it’s important to push back,” Sasse said in a statement.

Experts said that while the hackers are likely to continue their efforts, the legal documents nonetheless send a strong message that the U.S. is prioritizing the prosecution of cyber crimes.

Chien said that U.S. officials just five years ago may have struggled to determine who was behind cyberattacks, but the new charging document is a sign that attribution is no longer a major hurdle.

“I think anyone has to expect that the U.S. is not going to shy away from this and they’re going to continue to release these indictments,” he said.