Cybercrime Money Launderer Handed 11-Year SentenceDOJ: High-Level Operative Moved Funds for North Korean Hackers
A dual U.S.-Canadian national has been sentenced to more than 11 years in federal prison for conspiring to launder tens of millions of dollars in wire and bank fraud schemes, according to the U.S. Department of Justice. Officials say the activity included cash-out scams for North Korean hackers, including the criminal gang Lazarus Group, which has been associated with a military unit for the authoritarian regime.
Ghaleb Alaumary, 36, of Ontario, Canada, was sentenced after pleading guilty to two counts of conspiracy to commit money laundering. He is required to pay more than $30 million in restitution to victims and serve another three years of supervised release.
"International money launderers provide critical services to cybercriminals, helping hackers and fraudsters to avoid detection and hide their illicit profits," says Assistant Attorney General Kenneth A. Polite Jr., for the Justice Department’s Criminal Division. "Small and large companies, a university, banks and others lost tens of millions of dollars in this scheme."
In one case, officials say Alaumary conspired with others on fraudulent, "spoofed" emails to an unnamed Canadian university - impersonating a construction company requesting payment for a building project. Investigators say the university wired the equivalent of $9.4 million to an account controlled by the cybercriminals, who then laundered the funds through separate financial institutions.
Investigators say Alaumary also arranged for a U.S. co-conspirator to visit Texas and impersonate wealthy bank customers in an effort to siphon hundreds of thousands of dollars from victims' accounts using personally identifiable information the criminals had stolen.
Various Cyber Heists
In another case, officials say, Alaumary oversaw ATM cash-out schemes and provided bank accounts in which cyber-heist gains could be stashed. Alaumary used wire transfers, cash withdrawals and cryptocurrency exchanges to launder the ill-gotten profits, according to the DOJ's announcement.
Specific crimes utilizing Alaumary's services, officials add, include a 2019 cyber heist of a Maltese bank perpetrated by North Korean hackers, and hits on other financial institutions in India, Pakistan and Malta, plus companies in the U.S. and U.K., and a professional U.K. soccer team.
In 2019, three other fraud felony co-conspirators linked with the investigation pleaded guilty and were handed prison sentences ranging from six months to 10 years.
"The sentencing … speaks to the value of investigative collaboration across borders,” says Special Agent in Charge Steven R. Baisel of the U.S. Secret Service’s Atlanta Field Office, which led the investigation. "In spite of the complicated, international nature of this criminal enterprise, the defendant and his co-conspirators were still brought to justice."
Additionally, Jon DiMaggio, a former Symantec threat intelligence analyst, notes that "money launderers are easier targets" in disrupting these types of cybercrime operations - as they typically do not reside in the same country or region as the attackers. They may be more accessible, he notes, compared to actors in certain nation-states that may harbor cybercriminals.
"Without launderers, cybercriminals would have a much harder time cashing in on their stolen profits and continuing operations," says DiMaggio, currently the chief security strategist at the firm Analyst1. "For these reasons, the U.S. will likely continue to target supporting elements of these operations."
Tim Wade, a former network and security technical manager with the U.S. Air Force and currently the technical director at firm Vectra AI, adds, "Prosecuting money laundering operations raises the friction associated with monetizing cybercrime" and is part of a "holistic strategy" to reduce its prevalence and profitability.
North Korean Hacking Group
David H. Estes, the acting U.S. attorney for the Southern District of Georgia, says of the Alaumary sentencing: "He laundered money for a rogue nation and some of the world's worst cybercriminals, and … helped to line the pockets and digital wallets of thieves."
Upon sharing his guilty plea in February, Justice Department officials also announced an indictment of three North Koreans for their alleged roles with the Lazarus Group - aka, APT38 or Hidden Cobra - to which Alaumary has been linked, and which has been associated with the regime's military intelligence operation, the Reconnaissance General Bureau (see: 3 North Koreans Indicted for Conspiring to Steal $1.3 Billion).
Prosecutors allege that this hacking group created malware used in the 2018 WannaCry global ransomware attack, the 2016 theft of $81 million from Bangladesh Bank and the 2014 attack on Sony Pictures Entertainment.
Believed to be located in North Korea, the three men - Kim Il, Park Jin Hyok and Jon Chang Hyok - are unlikely to face charges in the U.S., as North Korea does not extradite suspects to America.