News

Dual citizen sentenced to 11 years for role in North Korean crypto hacking scheme

Ontario resident laundered cash for North Korea from bank heists and BEC scams

10 Sep 2021

Department of justice sign on a building

Shutterstock

A federal court in the Southern District of Georgia sentenced a dual US-Canadian citizen to 140 months in prison for his part in a global hacking and money laundering scheme by North Korea-based hackers.

Ghaleb Alaumary, a 36-year-old Ontario, Canada resident, was given an 11-year federal prison sentence and ordered to pay more than $30 million in restitution after pleading guilty to two counts of conspiracy to commit money laundering.

Alaumary and his co-conspirators used business email compromise schemes, ATM cash-outs, and bank cyber-heists to steal money from victims and then launder the money through bank accounts and digital currency, according to a Department of Justice (DOJ) announcement.

Alaumary also recruited and organized individuals to withdraw stolen cash from ATMs. He provided bank accounts that received funds from bank cyber heists and fraud schemes. He further laundered the funds through wire transfers, cash withdrawals, and exchanging the funds for cryptocurrency.

He also trained these people to impersonate wealthy bankers in Texas to obtain personally identifiable information from new victims’ accounts and embezzle hundreds of thousands of dollars.

The DoJ said the funds included those from North Korea-perpetrated crimes, including the 2019 cyber-heist of a Maltese bank and the 2018 ATM cash-out theft from BankIslami in Pakistan. He also received money stolen from a soccer team in the UK.

Related Resource

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Whitepaper title above a red triangle with an exclamation point inside

.imgHideOnJavaScriptDisabled_eexbtrkv3j8403 { display: none !important; }

Free download

At the time, the hackers successfully circumvented the fraud-prevention mechanisms to change the balances and increase the withdrawal limits themselves.

Alaumary also pled guilty to fraud for sending multiple emails to a university where he pretended to be a construction company representative. The university, believing it was paying the construction company, wired 11.8 million Canadian dollars ($9.4 million) to a bank account controlled by Alaumary and his co-conspirators. Alaumary then arranged with individuals in the US and elsewhere to launder the stolen funds through various financial institutions.

US Attorney David Estes of the Southern District of Georgia noted that the defendant served as an integral conduit in a network of cybercriminals who siphoned tens of millions of dollars from multiple entities and institutions worldwide.

“He laundered money for a rogue nation and some of the world’s worst cybercriminals, and he managed a team of coconspirators who helped to line the pockets and digital wallets of thieves. But U.S. law enforcement, working in conjunction with its partners throughout the world, will bring to justice fraudsters who think they can hide behind a computer screen,” Estes said.