A Canadian-American citizen who laundered funds for North Korean military hackers using wire transfers and crypto exchanges has been sentenced to 11 years in prison and ordered to pay $30 million in restitution by a U.S. federal court.
In early 2020, the Department of Justice indicted three members of North Korea’s military intelligence agency with attempting to steal over $1.3 billion via a multitude of extortion plots and cyberattacks, including over $100 million in thefts from cryptocurrency companies and a cyberattack on Sony Pictures as retribution for its production of “The Interview,” a farcical take on the isolated nation and its leader.
Ghaleb Alaumary, based in Ontario, pled guilty in 2020 to conspiring to launder money for the North Koreans in 2018. As the point-person for the group’s ATM cash-out schemes, he recruited others to launder illicit funds received from BankIslami, in which the hackers bypassed fraud prevention mechanisms so they could change balances and increase withdrawal limits. They nabbed $6.1 million from the Pakistani commercial bank.
Alaumary had more clients than just the Democratic People’s Republic of Korea (DPRK). He also pled guilty to fraud for sending emails in which he pretended to represent a construction company seeking payment from a Canadian university; the university sent him $9.4 million. Other victims include banks across Asia and a British soccer club.
Per a Department of Justice press release yesterday: “Once the ill-gotten funds were in accounts he controlled, Alaumary further laundered the funds through wire transfers, cash withdrawals, and by exchanging the funds for cryptocurrency.”
“This defendant served as an integral conduit in a network of cybercriminals who siphoned tens of millions of dollars from multiple entities and institutions across the globe,” commented Acting U.S. Attorney David H. Estes of the Southern District of Georgia. “He laundered money for a rogue nation and some of the world’s worst cybercriminals, and he managed a team of co-conspirators who helped to line the pockets and digital wallets of thieves.”
The North Korean defendants remain at large and likely free from the U.S.’s grasp, as the two countries do not have an extradition agreement, although the U.S. successfully extradited a North Korean national based in Malaysia in 2021—a first.
North Korea, a hermited Communist nation that lacks much in the way of a functioning economy, has relied on criminal hacking by the military to keep the lights on. A May New Yorker profile noted an estimate from Chainalysis’ Jesse Spiro that DPRK hackers had taken a grand total of $1.75 billion in cryptocurrency from exchanges—a tenth of the country’s defense budget.