North Korean charged in crippling Sony hack, WannaCry virus
North Korean charged in crippling Sony hack, WannaCry virus
Park Jin Hyok, who is believed to be in North Korea, conspired to conduct a series of attacks that also stole $81 million from a bank in Bangladesh, according to charges unsealed in Los Angeles federal court following years of investigation. The US believes he was working for a North Korean-sponsored hacking organization.
The US government previously said North Korea was responsible for the 2014 Sony hack that led to the release of a trove of sensitive personal information about employees, including Social Security numbers, financial records, salary information, as well as embarrassing emails among top executives. The hack included four yet-to-be released Sony films, among them “Annie,” and one that was in theaters, the Brad Pitt film “Fury,” and cost the company tens of millions of dollars.
The FBI had long suspected North Korea was also behind last year’s WannaCry cyberattack, which used malware to scramble data on hundreds of thousands of computers at hospitals, factories, government agencies, banks and other businesses across the globe.
“The criminal conduct outlined in this case is intolerable,” said Tracy Wilkison, the first assistant US attorney in Los Angeles. “The North Korean-backed conspiracy attempted to crush freedom of speech in the US and the UK It robbed banks around the world. And it created indiscriminate malware that paralyzed computers and disrupted the delivery of medical care.”
The charges were filed under seal June 8, four days before President Trump’s historic meeting with North Korea’s leader, Kim Jong Un, to discuss ending decades of hostility between the two countries. Prosecutors said the complaint was sealed for a variety of reasons and wasn’t done to prevent derailing the Singapore talks.
“This has nothing to do with the summit and nothing to do with denuclearization,” Wilkison said.
US officials believe the Sony hack was retribution for “The Interview,” a comedy starring Seth Rogen and James Franco in a plot to assassinate Kim. Sony canceled the theatrical release of the film amid threats to moviegoers but released it online through YouTube and other sites.
A Sony spokeswoman declined comment Thursday. Attempts by The Associated Press to reach the alleged hacker were not immediately successful. Two Gmail addresses identified in the FBI in the complaint were listed as disabled.
Among the emails released in the hack was an exchange in which Amy Pascal, then co-chairman of the studio, and “The Social Network” producer Scott Rudin joked about what might be then-President Barack Obama’s favorite movies, listing “12 Years a Slave” and films by black comedian Kevin Hart.
The pair apologized. Pascal left her job months later.
In addition to targeting Sony, hackers sent spear-phishing emails to employees at AMC Theaters, which had planned to screen the movie, and to a British company producing a fictional television series about a scientist taken prisoner in North Korea, authorities said.
The hackers used the same aliases and accounts from the Sony attack when they sent spear-phishing emails to several US defense contractors, including Lockheed Martin, and others in South Korea, officials said.
The criminal complaint says the hackers committed several attacks from 2014 into 2018, attempting to steal more than $1 billion from banks around the world. The investigation is continuing.
The hackers also targeted technology and virtual currency industries, as well as academia and electric utilities, authorities said.
“This case warrants attention whether you are an individual, a small business or a major corporation,” FBI Special Agent Jennifer Boone said. “Terms you’ll see in the complaint, such as watering holes and back doors, don’t sound menacing, but in reality they describe malicious cyber techniques that wreak havoc on our computer systems and our lives.”
Cybersecurity experts have said portions of the WannaCry program used the same code as malware previously distributed by the hacker collective known as the Lazarus Group, which is believed to be responsible for the Sony hack.
The complaint said Park was on a team of programmers employed an organization called Chosun Expo that operated out of Dalian, China, and that the FBI described as “a government front company.”
A North Korea-registered website bearing that company’s name described it as the country’s “first Internet company,” established in 2002.
A 2015 version of the Chosun Expo website said it focused on gaming, gambling, e-payments and image recognition software. It looked in many ways like a typical tech company, boasting of its “pioneering” IT talent and customer satisfaction. By July 2016, Internet archival records show, the company dropped the reference to North Korea from its home page. The site later vanished from the web.
Emails sent to Chosun Expo’s generic email address and to the website’s original registrant, whose name was given as Won Sun Chol, went unreturned.
It is the first time the Justice Department has brought criminal charges against a hacker said to be from North Korea. In recent years the department has charged hackers from China, Iran and Russia in hopes of publicly shaming other countries for sponsoring cyberattacks on US corporations.
In 2014, for instance, the Obama administration charged five Chinese military hackers with a series of digital break-ins at American companies, and last year, the Justice Department charged Russian hackers with an intrusion at Yahoo Inc.
The Treasury Department also added Park Jin Hyok’s name to their sanction list, which prohibits banks that do business in the US from providing accounts to him or Chosun Expo.
Park, whose age is not known, is charged with two counts alleging conspiracies to commit computer and wire fraud — crimes that could carry a prison term up to 25 years.
It’s unlikely he will be extradited because the US has no formal relations with North Korea.
The North Korean government was not notified about the charges, which are likely to be a source of irritation.
Diplomatic efforts have sputtered since the June summit, though Kim said through South Korean security officials Thursday that he still has faith Trump is committed to ending hostile relations.
Trump thanked Kim on Twitter and said, “We will get it done together!“
Google looking to future after 20 years of search
- Google was launched in September 1998 in a garage rented in the Northern California city of Menlo Park
- The name is a play on the mathematical term ‘googol,’ which refers to the number 1 followed by 100 zeros
SAN FRANCISCO: Google celebrated its 20th birthday Monday, marking two decades in which it has grown from simply a better way to explore the Internet to a search engine so woven into daily life its name has become a verb.
The company was set to mark its 20th anniversary with an event in San Francisco devoted to the future of online search, promising a few surprise announcements.
Larry Page and Sergey Brin were students at Stanford University — known for its location near Silicon Valley — when they came up with a way to efficiently index and search the Internet.
The duo went beyond simply counting the number of times keywords were used, developing software that took into account factors such as relationships between webpages to help determine where they should rank in search results.
Google was launched in September 1998 in a garage rented in the Northern California city of Menlo Park. The name is a play on the mathematical term “googol,” which refers to the number 1 followed by 100 zeros.
Google reportedly ran for a while on computer servers at Stanford, where a version of the search had been tested.
And Silicon Valley legend has it that Brin and Page offered to sell the company early on for a million dollars or so, but no deal came together.
Google later moved its headquarters to Mountain View, where it remains.
In August 2004, Google went public on the stock market with shares priced at $85. Shares in the multi-billion-dollar company are now trading above $1,000.
Its early code of conduct included a now-legendary “don’t be evil” clause. Its stated mission is to make the world’s information available to anyone.
The company hit a revenue mother lode with tools that target online ads based on what users reveal and let marketers pay only if people clicked on links in advertising.
It has now launched an array of offerings including Maps, Gmail, the Chrome Internet browser, and an Android mobile device operating system that is free to smartphone or tablet makers.
Google also makes premium Pixel smartphones to showcase Android, which dominates the market with handsets made by an array of manufacturers.
Meanwhile, it bought the 18-month-old YouTube video sharing platform in 2006 in a deal valued at $1.65 billion — which seemed astronomical at the time but has proven shrewd as entertainment moved online.
The company also began pumping money into an X Lab devoted to technology “moon shots” such as Internet-linked glasses, self-driving cars, and using high-altitude balloons to provide Internet service in remote locations.
Some of those have evolved into companies, such as the Waymo self-driving car unit. But Google has also seen failures, such as much-maligned Google Glass eyewear.
Elsewhere, the Google+ social network launched to compete with Facebook has seen little meaningful traction.
In October 2015, corporate restructuring saw the creation of parent company Alphabet, making subsidiaries of Google, Waymo, health sciences unit Verily and other properties.
Google is also now a major player in artificial intelligence, its digital assistant infused into smart speakers and more. Its AI rivals include Amazon, Apple and Microsoft.
Despite efforts to diversify its business, Alphabet — which has over 80,000 employees worldwide — still makes most of its money from online ads. Industry tracker eMarketer forecast that Google and Facebook together will capture 57.7 percent US digital ad revenue this year.
In the second quarter of 2018, Google reported profit of $3.2 billion despite a fine of $5.1 billion imposed by the European Union.
Google’s rise put it in the crosshairs of regulators, especially in Europe, due to concerns it may be abusing its domination of online search and advertising as well as smartphone operating software.
There have been worries that Alphabet is more interested in making money from people’s data than it is in safeguarding their privacy.
Google has also been accused of siphoning money and readers away from mainstream news organizations by providing stories in online search results, where it can cash in on ads.
It is among the tech companies being called upon to better guard against the spread of misinformation — and has also been a target of US President Donald Trump, who added his voice to a chorus of Republicans who contend conservative viewpoints are downplayed in search results.