The three men were intelligence officers with the Reconnaissance General Bureau, the military intelligence agency that houses North Korea’s hacking operations. “As soon as they’re gone, three more people will take their place,” said Ms. Kleine-Ahlbrandt. “Deterrence doesn’t work in cyber like it does in conventional and nuclear areas because you can’t inflict unacceptable cost.”
The charges illustrate how adept North Korea has become at exploiting the world of cryptocurrencies, as the value of Bitcoin has surpassed $50,000 and large corporations and financial institutions have begun to embrace digital currencies.
The Justice Department accused the intelligence officers of luring investors into a fake digital coin investment scheme, stealing cryptocurrencies from financial institutions, and creating malware to target cryptocurrency apps and take control of victims’ computers.
Cryptocurrencies have made it easier for Pyongyang to generate illicit income “because the transactions take place through total or partial anonymity, and the uneven regulatory environment means that cryptocurrency businesses aren’t subject to the same security standards and regulations that banks are subject to,” Ms. Kleine-Ahlbrandt said.
Mr. Jon and Mr. Kim were accused of working with Mr. Park to operate illegal hacking schemes from North Korea, China and Russia beginning as early as 2014, when they attacked Sony in retaliation for the company’s decision to make and release a movie, “The Interview,” that depicted a plot to assassinate Kim Jong-un, the leader of North Korea.
The disastrous attack wiped out 70 percent of the company’s computer capabilities, crippled operations and contributed to the resignation of the studio’s chairwoman, Amy Pascal.
After the Sony attack, prosecutors said, the three men used malware-laden phishing emails to gain access to Bangladesh Bank computers, which are connected to the global banking communication system, and ultimately direct the Federal Reserve Bank of New York to transfer money from Bangladesh Bank to accounts controlled by the hackers. They were able to steal only $81 million because an official at the reserve bank noticed that the word “foundation” was misspelled, scrutinized the transaction and halted the transfer of an additional $900 million, according to government documents in the case against Mr. Park.