Recently, the creator of WannaCry ransomware attack was zeroed in by the US investigators and the charges was framed by Department of Justice. Read on to know more how the US tracked the accused by using the vital clues…
Finally, United States has tracked the creator of WannaCry ransomware attack and the Justice Department has charged a North Korean computer programmer in major cybercrimes over the last four years, including the WannaCry ransomware attack and the 2014 Sony Pictures hack. The computer programmer identified as Park Jin Hyok, allegedly working for the North Korean government has been charged in the US with a series of massive cyberattacks around the world, that infected computers in 150 countries, crippled parts of the British health care system and $81 million bank heist in Bangladesh and numerous other attacks or intrusions on entertainment, financial services, defence, technology and virtual currency industries.
The complaint said “The Conspiracy attempted to and did gain access to several other banks in various countries from 2015 through 2018 using similar methods and watering hole attacks, attempting the theft of at least USD 1 billion through such operations,”
In a criminal complaint filed on June 8 and made public for the first time yesterday, the US Department of Justice (DoJ) alleged that the programmer, Park Jin Hyok, was part of ‘a wide-ranging multi-year conspiracy’ led by the North Korean government and carried out multiple cyberattacks through a front organisation. Park is charged with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire fraud.
The DoJ alleged that Park was a member of North Korean government-sponsored hacking team known to the private sector as the ‘Lazarus Group’, and worked for North Korean government front company Chosun Expo Joint Venture (Korea Expo Joint Venture or KEJV) to support the North Korean government’s ‘malicious’ cyber actions.
“The scale and scope of the cyber-crimes alleged by the complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations,” John Demers, head of the Justice Department’s National Security Division, said in a statement.
According to sources in the US DoJ, the crucial proof found in free email services such as Gmail helped US investigators track down a North Korean hacker. The email services were used for routine business as well as for phishing attacks and other crimes by a company identified as the Korean Expo Joint Venture that’s a front group for the North Korean government. Investigators accessed about 1,000 email and social media accounts using about 100 search warrants, and used them to piece together a picture of the hackers and their front operation.
The Korean Expo Joint Venture engaged both in hacking and regular business, working with clients on software and information technology projects and using free email services including Gmail, according to the criminal complaint. It said a clue that helped investigators break the case came when Park’s purported superior sent his resume and picture to another company in the course of doing its everyday technology operations.
Alphabet Inc.’s Google, which operates Gmail, responded to a request for comment by referring to a recent blog post written by Kent Walker, the company’s senior vice president of Global Affairs. Google, Walker wrote, “identifies bad actors, disables their accounts, warns our users about them, and shares intelligence with other companies and law enforcement officials.”