Skip to main content
Canada’s most-awarded newsroom for a reason
Enjoy unlimited digital access
$1.99
per week
for 24 weeks
Canada’s most-awarded newsroom for a reason
$1.99
per week
for 24 weeks
// //

A Canadian man has pleaded guilty in what U.S. prosecutors described Wednesday as a scheme by hackers linked to military intelligence in North Korea to steal more than $1.3-billion from banks, governments and companies around the world.

Ghaleb Alaumary, 37, of Mississauga, Ont., was charged with conspiring to launder money on behalf of what the U.S. Department of Justice called a “wide-ranging criminal conspiracy” that targeted everything from a Hollywood movie studio to the U.S. State Department.

John Demers, the department’s assistant attorney general for national security, described the regime of North Korean Leader Kim Jong-Un as nothing short of “a criminal syndicate with a flag.”

Story continues below advertisement

“North Korea’s operatives – using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash – are the world’s leading bank robbers,” Mr. Demers said.

He said the DOJ has “obtained custody” of Mr. Alaumary, a dual U.S.-Canadian citizen “who organized the laundering of millions of dollars stolen by the DPRK hackers.”

“He has admitted his role in these criminal schemes in a plea agreement, and he will be held to account for his conduct.”

Prosecutors say Mr. Alaumary used co-conspirators “in the United States and Canada” to help launder the proceeds from “cash-out” schemes, which involve hacking ATMs to enable fraudulent withdrawals.

He also helped with cyber-enabled bank robberies as well as “business e-mail compromise” scams, where criminals use phishing e-mails to intercept legitimate fund transfers.

RCMP officials did not immediately respond to inquiries Wednesday about Mr. Alaumary’s alleged Canadian co-conspirators.

Mr. Alaumary pleaded guilty to one count of conspiracy to commit money laundering, which carries a maximum penalty of 20 years in prison. He is also currently facing charges in Georgia related to his alleged involvement in a separate business e-mail compromise scheme.

Story continues below advertisement

The indictment unsealed Wednesday in Los Angeles was just the latest stage in a long and wide-ranging investigation into North Korean cyberattacks that first came to prominence in November, 2014.

That’s when Sony Pictures Entertainment was targeted over The Interview, a controversial Seth Rogen-James Franco farce that mocked Mr. Kim, prompting the famously thin-skinned regime to declare the film “an act of war.”

The original 2018 indictment also charged a North Korean programmer in the $81-million cyber-robbery of the Bank of Bangladesh in 2016 and the 2017 WannaCry ransomware attack.

“The events as described in that complaint provided the first indications that the North Korean regime would become focused on, and adept at, stealing money from institutions around the world,” Mr. Demers said.

That same programmer, 36-year-old Park Jin Hyok, was newly charged in Wednesday’s indictment, along with two others: Jon Chang Hyok, 31, and Kim Il, 27.

The department described the three as members of the Reconnaissance General Bureau, “a military intelligence agency of the Democratic People’s Republic of Korea.” None of the three are in U.S. custody.

Story continues below advertisement

The alleged conspiracy laid out Wednesday was breathtaking in its scope. It included:

– The cyberattacks against Sony and AMC Theatres in 2014 in retaliation for The Interview, which documented a fictional assassination attempt against Mr. Kim;

– Four years’ worth of attempts to steal more than $1.2-billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa;

– Numerous ATM “cash-out” thefts – hacking the machines to facilitate fraudulent withdrawals – around the world, including $6.1-million from a Pakistani bank in October, 2018;

– The WannaCry attacks in 2017 and subsequent extortion and extortion attempts against victim companies, which continued through 2020;

– An array of “malicious cryptocurrency applications” designed to give hackers backdoor access to target computers;

Story continues below advertisement

– The theft of more than $100-million from cryptocurrency companies around the world;

– Extensive “spear-phishing” campaigns, aimed at tricking computer users into clicking on phoney e-mail links, against U.S. defence contractors, aerospace and technology companies, as well as the U.S. State Department and Department of Defense.

As a rogue nuclear power, North Korea has been the target of international economic and financial sanctions of varying severity for the better part of the past 15 years.

That, combined with the lingering effects of the Communist nation’s command economy, is likely the primary reason why North Korea has effectively turned to cybercrime, authorities say.

“The range of crimes they have committed is staggering,” said California acting U.S. Attorney Tracy Wilkison.

“The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”

Story continues below advertisement

Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies