Dual citizen sentenced to 11 years for role in North Korean crypto hacking scheme
Ontario resident laundered cash for North Korea from bank heists and BEC scams


A federal court in the Southern District of Georgia sentenced a dual US-Canadian citizen to 140 months in prison for his part in a global hacking and money laundering scheme by North Korea-based hackers.
Ghaleb Alaumary, a 36-year-old Ontario, Canada resident, was given an 11-year federal prison sentence and ordered to pay more than $30 million in restitution after pleading guilty to two counts of conspiracy to commit money laundering.
Alaumary and his co-conspirators used business email compromise schemes, ATM cash-outs, and bank cyber-heists to steal money from victims and then launder the money through bank accounts and digital currency, according to a Department of Justice (DOJ) announcement.
Alaumary also recruited and organized individuals to withdraw stolen cash from ATMs. He provided bank accounts that received funds from bank cyber heists and fraud schemes. He further laundered the funds through wire transfers, cash withdrawals, and exchanging the funds for cryptocurrency.
He also trained these people to impersonate wealthy bankers in Texas to obtain personally identifiable information from new victims’ accounts and embezzle hundreds of thousands of dollars.
The DoJ said the funds included those from North Korea-perpetrated crimes, including the 2019 cyber-heist of a Maltese bank and the 2018 ATM cash-out theft from BankIslami in Pakistan. He also received money stolen from a soccer team in the UK.
RELATED RESOURCE
Defeating ransomware with unified security from WatchGuard
How SMBs can defend against the onslaught of ransomware attacks
At the time, the hackers successfully circumvented the fraud-prevention mechanisms to change the balances and increase the withdrawal limits themselves.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Alaumary also pled guilty to fraud for sending multiple emails to a university where he pretended to be a construction company representative. The university, believing it was paying the construction company, wired 11.8 million Canadian dollars ($9.4 million) to a bank account controlled by Alaumary and his co-conspirators. Alaumary then arranged with individuals in the US and elsewhere to launder the stolen funds through various financial institutions.
US Attorney David Estes of the Southern District of Georgia noted that the defendant served as an integral conduit in a network of cybercriminals who siphoned tens of millions of dollars from multiple entities and institutions worldwide.
“He laundered money for a rogue nation and some of the world’s worst cybercriminals, and he managed a team of coconspirators who helped to line the pockets and digital wallets of thieves. But U.S. law enforcement, working in conjunction with its partners throughout the world, will bring to justice fraudsters who think they can hide behind a computer screen,” Estes said.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
LaunchDarkly to "double down" on observability with Highlight acquisition
News Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
By Daniel Todd
-
Samsung Galaxy Tab S10 FE review
Reviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
By Stuart Andrews
-
The UK cybersecurity sector is worth over £13 billion, but experts say there’s huge untapped potential if it can overcome these hurdles
Analysis A new report released by the DSIT revealed the UK’s cybersecurity sector generated £13.2 billion over the last year
By Solomon Klappholz
-
UK cyber experts on red alert after Salt Typhoon attacks on US telcos
Analysis The UK could be next in a spate of state-sponsored attacks on telecoms infrastructure
By Solomon Klappholz
-
"Thinly spread": Questions raised over UK government’s latest cyber funding scheme
The funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
By George Fitzmaurice
-
Healthcare data breaches are out of control – here's how the US plans to beef up security standards
News Changes to HIPAA security rules will require organizations to implement MFA, network segmentation, and more
By Solomon Klappholz
-
The US could be set to ban TP-Link routers
News US authorities could be lining up the largest equipment proscription since the 2019 ban on Huawei networking infrastructure
By Solomon Klappholz
-
US government IT contractor could face death penalty over espionage charges
News The IT pro faces two espionage charges, each of which could lead to a death sentence or life imprisonment, prosecutors said
By Ross Kelly
-
Threat of cyber attacks to national security compared to that of chemical weapons
News The UK government has raised the threat level posed by cyber attacks, deeming it greater on average than an event such as the Salisbury poisoning
By Rory Bathgate
-
US identifies and places $10 million bounty on LockBit, Hive ransomware kingpin
News Mikhail Pavlovich Matveev was linked to specific ransomware attacks, including a 2021 raid on the DC police department
By Rory Bathgate