Dual citizen sentenced to 11 years for role in North Korean crypto hacking scheme

Department of justice sign on a building
(Image credit: Shutterstock)

A federal court in the Southern District of Georgia sentenced a dual US-Canadian citizen to 140 months in prison for his part in a global hacking and money laundering scheme by North Korea-based hackers.

Ghaleb Alaumary, a 36-year-old Ontario, Canada resident, was given an 11-year federal prison sentence and ordered to pay more than $30 million in restitution after pleading guilty to two counts of conspiracy to commit money laundering.

Alaumary and his co-conspirators used business email compromise schemes, ATM cash-outs, and bank cyber-heists to steal money from victims and then launder the money through bank accounts and digital currency, according to a Department of Justice (DOJ) announcement.

Alaumary also recruited and organized individuals to withdraw stolen cash from ATMs. He provided bank accounts that received funds from bank cyber heists and fraud schemes. He further laundered the funds through wire transfers, cash withdrawals, and exchanging the funds for cryptocurrency.

He also trained these people to impersonate wealthy bankers in Texas to obtain personally identifiable information from new victims’ accounts and embezzle hundreds of thousands of dollars.

The DoJ said the funds included those from North Korea-perpetrated crimes, including the 2019 cyber-heist of a Maltese bank and the 2018 ATM cash-out theft from BankIslami in Pakistan. He also received money stolen from a soccer team in the UK.


Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks


At the time, the hackers successfully circumvented the fraud-prevention mechanisms to change the balances and increase the withdrawal limits themselves.

Alaumary also pled guilty to fraud for sending multiple emails to a university where he pretended to be a construction company representative. The university, believing it was paying the construction company, wired 11.8 million Canadian dollars ($9.4 million) to a bank account controlled by Alaumary and his co-conspirators. Alaumary then arranged with individuals in the US and elsewhere to launder the stolen funds through various financial institutions.

US Attorney David Estes of the Southern District of Georgia noted that the defendant served as an integral conduit in a network of cybercriminals who siphoned tens of millions of dollars from multiple entities and institutions worldwide.

“He laundered money for a rogue nation and some of the world’s worst cybercriminals, and he managed a team of coconspirators who helped to line the pockets and digital wallets of thieves. But U.S. law enforcement, working in conjunction with its partners throughout the world, will bring to justice fraudsters who think they can hide behind a computer screen,” Estes said.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.