February 17, 2021

The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and the theft of roughly $200 million and attempted theft of more than $1.2 billion from banks and other victims worldwide.

Investigators with the DOJ, U.S. Secret Service and Department of Homeland Security told reporters on Wednesday the trio’s activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Prosecutors say the hackers were part of an effort to circumvent ongoing international financial sanctions against the North Korean regime. The group is thought to be responsible for the attempted theft of approximately $1.2 billion, although it’s unclear how much of that was actually stolen.

Confirmed thefts attributed to the group include the 2016 hacking of the SWIFT payment system for Bangladesh Bank, which netted thieves $81 million; $6.1 million in a 2018 ATM cash out scheme targeting a Pakistani bank; and a total of $112 million in virtual currencies stolen between 2017 and 2020 from cryptocurrency companies in Slovenia, Indonesia and New York.

“The scope of the criminal conduct by the North Korean hackers was extensive and longrunning, and the range of crimes they have committed is staggering,” said Acting U.S. Attorney Tracy L. Wilkison for the Central District of California. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”

The indictments name Jon Chang Hyok (a.k.a “Alex/Quan Jiang”), Kim Il (a.k.a. “Julien Kim”/”Tony Walker”), and Park Jin Hyok (a.k.a. Pak Jin Hek/Pak Kwang Jin). U.S. prosecutors say the men were members of the Reconnaissance General Bureau (RGB), an intelligence division of the Democratic People’s Republic of Korea (DPRK) that manages the state’s clandestine operations.

The Justice Department says those indicted were members of a DPRK-sponsored cybercrime group variously identified by the security community as the Lazarus Group and Advanced Persistent Threat 38 (APT 38). The government alleges the men reside in North Korea but were frequently stationed by the DPRK in other countries, including China and Russia.

Park was previously charged in 2018 in connection with the WannaCry and Sony Pictures attacks. But today’s indictments expanded the range of crimes attributed to Park and his alleged co-conspirators, including cryptocurrency thefts, phony cryptocurrency investment schemes and apps, and efforts to launder the proceeds of their crimes.

Prosecutors in California also today unsealed an indictment against Ghaleb Alaumary, a 37-year-old from Mississauga, Ontario who pleaded guilty in November 2020 to charges of laundering tens of millions of dollars stolen by the DPRK hackers.

The accused allegedly developed and marketed a series of cryptocurrency applications that were advertised as tools to help people manage their crypto holdings. In reality, prosecutors say, the programs were malware or downloaded malware after the applications were installed.

A joint cyber advisory from the FBI, the Treasury and DHS’s Cybersecurity and Infrastructure Agency (CISA) delves deeper into these backdoored cryptocurrency apps, a family of malware activity referred to as “AppleJeus. “Hidden Cobra” is the collective handle assigned to the hackers behind the AppleJeus malware.

“In most instances, the malicious application—seen on both Windows and Mac operating systems—appears to be from a legitimate cryptocurrency trading company, thus fooling individuals into downloading it as a third-party application from a website that seems legitimate,” the advisory reads. “In addition to infecting victims through legitimate-looking websites, HIDDEN COBRA actors also use phishing, social networking, and social engineering techniques to lure users into downloading the malware.”

The alert notes that these apps have been posing as cryptocurrency trading platforms since 2018, and have been tied to cryptocurrency thefts in more than 30 countries.

Image: CISA.

For example, the DOJ indictments say these apps were involved in stealing $11.8 million in August 2020 from a financial services company based in New York. Warrants obtained by the government allowed the FBI to seize roughly $1.9 million from two different cryptocurrency exchanges used by the hackers, money that investigators say will be returned to the New York financial services firm.

Other moneymaking and laundering schemes attributed to the North Korean hackers include the development and marketing of an initial coin offering (ICO) in 2017 called Marine Chain Token.

That blockchain-based cryptocurrency offering promised early investors the ability to purchase “fractional ownership in marine shipping vessels,” which the government says was just another way for the North Korean government to “secretly obtain funds from investors, control interests in marine shipping vessels, and evade U.S. sanctions.”

A copy of the indictments is available here (PDF).


77 thoughts on “U.S. Indicts North Korean Hackers in Theft of $200 Million

  1. vb

    Note that none of the thefts targeted anyone inside Russia or China.

    I wonder if India and Pakistan will files charges for the $81 million Bangladesh Bank theft and $6.1 million Pakistani bank theft.

    1. Patrick S Tomlinson

      Looking at the map, it’s becoming clear the North Koreans are allying themselves with the French and the Czechoslovaks.
      Very disturbing development.

      1. Rudolph

        Oh and not to forget Mexico, Greenland and the dangerous Antarctica Hacker Gangs…

        But jokes aside, it’s pretty clear they’re probably working with help from China. No question. And they will never target a chinese company that’s for sure.

    2. JamminJ

      Russia, China, India, US, and Australia… are all on the map as being targeted

  2. Steve C#

    Hey! the Norsks need to do something to pay for all the oil they are importing…

  3. The Sunshine State

    I wonder how North Korea does all that with only a net block of around 1024 IP numbers with only a dedicated (fiber?) internet line into China to the north

    1. Balancer

      You’re right to question things like this… It’s so weird that the US just so happens to have an ally whose enemy is so unfortunate as to find their way I to these easily set traps over and over. For me personally, it’s completely dismissing the possibility of state puppetry right out of the gate. Really smacks of accurate and unbiased.

    2. JamminJ

      Why would public IP space or fiber trunk lines have anything to do with the capabilities of a cyber operation?

      1. The Sunshine State

        Because a small net block of IP numbers and reduced bandwidth limits their criminal activity within the city of Pyongyang , if that’s the location of where the North Korean operation is being taken place.

        1. JamminJ

          But how does it limit anything?

          Hackers don’t need large blocks of IP space. Maybe a DDOS, if they were only wanting to use their country’s IP space.
          But large numbers of source IPs are not something hackers need or really care about. A good hack has maybe half a dozen IPs… and most of those are proxies out of country.

          Bandwidth? They aren’t trying to stream Netflix here.

          Sorry, but this whole premise is ridiculous.

          1. Catwhisperer

            One fiber optic line and bingo, what more bandwidth would you need, especially if the other endpoint is in a friendly nation that won’t do a tcp/udpdump on your traffic. No competent nation state APT actor is going to actually do anything from their own IP addresses, do you think? Nope, just normal SSL traffic from those addresses, going hither and yon, maybe some diplomatic traffic, right?

            1. JamminJ

              What do you think packet capture will tell you if encrypted?
              Yes, that’s the point. Malicious traffic for even the most epic of hacks,… Is still a needle in the haystack, and won’t need significant bandwidth or IP space.

              The premise that North Korean hackers are limited by austerity compared to South Korea… Is ridiculous.

              1. Chris

                Block off internet access for those 1024 IPs or severe the fiber cable into the North. But China isn’t a friend.

                1. JamminJ

                  I agree. China is a geopolitical and economic enemy.

                  I don’t know where the number 1024 came from. Might have been hyperbole, but I doubt that North Korea (even being austere as it is) only has a single Class C network.

                  Who do you suggest would “block off internet access for those 1024 IPs”??? The Internet is kinda designed for resilience. No one country can really decide to block off another country from the Internet.
                  It would be interesting to try… but the US would have to have access to all the backbone routers BGP. That’s a big deal.

                  And the thing about the Internet, is it is more like a web. If North Korea has even a single path to another country… they can route through them and get access to the Internet.

                  “or severe the fiber cable”
                  Satellites still exist. LOS too. China and Russia have lots of assets to facilitate communications with NK.
                  Besides, severing cable turns a cold war into a hot one.

  4. Ron

    Well I guess these fellows will easy to nab because of that extradition treaty we have with NK.
    I don’t understand the strategy of releasing this info, why not just put out a quiet notice to border patrol to nab them if they come into a civilized country. Now they will never even try.
    Of course they can just saunter over the southern border now, with blind eye sleepy Joe at the helm.

    1. Kent Brockman

      Say how’d that “deal” your boy Trump made with ‘Dear Leader’ work out? LOL

    2. PetePall

      I see what you did there, Ron. Cleverly slipping in your tired political agenda. Good one!

      1. Patrick S Tomlinson

        If only the hackers were underage, we could keep ’em in on of Fonald Plump’s border cages.

  5. Mealy

    Dear sirs,

    You have been indicted! Please show up at such and such…

    1. JamminJ

      Are you confusing the words “indictment” and “summons”?

      Indictments are just charges that opens the door for further investigations into co-conspirators (such as the guy in Canada who was arrested), allows for seizure of criminal profits (such as the cryptocurrency seized), and provides other allies the justification to quickly apprehend the moment they slip up and step foot into a country with an extradition treaty (which many hackers have done after an indictment).

      1. Clyde Tolson

        I think he was pointing out the uselessness of these fbi name and shame campaigns. You can still indict someone and not go public with the hope
        of an arrest later down the line.

        1. JamminJ

          Indictments are public by their very nature. You wouldn’t want to live in a country that has secret indictments that weren’t public. (yes, I am aware of exceptions)

          It is the media that would decide which indictments to write articles about. And if you read Krebs on Security… then you have already subscribed to get this kind of “name and shame” news.

          If you don’t want to see it, don’t click on articles filed under “Ne’er-Do-Well News”…. because Krebs does a good job keeping up with cyber-criminal indictments.

          1. mealy

            Indictments and summons/wants/red notices tend to go together.
            Of course people know the difference. Weird segue.

            1. JamminJ

              Criminal justice is more complex and nuanced than, “tend to”.
              People with no legal understanding, are here commenting that indictments are somehow irrelevant or meaningless.
              These assertions are demonstrations of ignorance.

              1. mealy

                I said nothing like that though. Why tell me about it? Kinda weird.

                1. JamminJ

                  You did confuse the words “indictment” and “summons”.
                  And furthered the incorrect idea that an indictment is intended to only serve as a summons to court.

                  1. mealy

                    You did confuse the words “indictment” and “summons”.

                    Wrong entirely, nope. You misread. I didn’t specify.

                    Rather than trying to correct what you mistakenly believe people are saying but haven’t actually ever said or confused, how about you just focus on your own comments?

                    I don’t believe you’re a legal expert either way. They don’t tend to go up and down comment threads arguing with everybody while claiming to be an expert on simple topics of basic law but focusing instead on correcting jokes.

                    (In my experience, anyhow, actual legal experts don’t do that.)

                    Maybe take a break from being a pseudopedant picking on word choices in obvious jokes, it’d be restful for your ego.

                    1. JamminJ

                      You did confuse the two concepts, even without using specific words. You are now trying to backpedal by saying you were “joking”.
                      Even if it was intended as a joke, the misinformation is still the basis of your comment.

                      I am not a legal expert… but I do have experience in indictments of foreign cyber criminals. Just like many of the articles written on Krebs on Security filed under “ne’er do wells”… these indictments are featured quite heavily.
                      And the comment section quickly flooded with ignorant comments about how indictments are worthless because the accused won’t volunteer to self-extradite to the US, or more broadly that an arrest must be probable or imminent for an indictment to have value.

                      It is ignorance. And this kind of misinformation spreads to readers, unless checked by follow up comments.

                    2. mealy

                      Legal experts don’t tend to “correct” obvious “jokes” in forums.

                      YMMV, but that’s a fact before anyone has seen any expertise or credentials from someone who clearly read into a casual, vague joke well beyond what is even said in it or at all implied.

                      Summons and Indictments are related.

                      Neither one starts with “Dear Sirs” expert pedants.

                    3. JamminJ

                      So now you claim it was a joke? But you what is the joke? That indictments are normally intended to summon the accused to appear?

                      If that’s the basis of your joke… it is still misinformation.

                      And your comment isn’t taken in a vacuum. It is combined with several other comments on these “ne’er do wells” articles… which all seem to invoke comments that suggest indictments of foreign hackers as worthless.

                      But you had already read other comments here, suggesting that indictments are absurd… so you jumped on the bandwagon with your joke.

                      I am not a legal expert… but I do have experience in indictments of foreign cyber criminals. Just like many of the articles written on Krebs on Security filed under “ne’er do wells”… these indictments are featured quite heavily.
                      And the comment section quickly flooded with ignorant comments about how indictments are worthless because the accused won’t volunteer to self-extradite to the US, or more broadly that an arrest must be probable or imminent for an indictment to have value.

                      Just admit you were wrong and let it go. No need to backpedal and claim it was an innocent joke and you really didn’t mean it.

                    4. mealy

                      Read better. Neither summons nor indictment starts with

                      “Dear Sirs” – sorry “expert.”

            2. JamminJ

              Apparently people do NOT know the difference. There is a lot of ignorance and confusion about what an indictment is, how they are used, and why.

              Indictments are just charges that opens the door for further investigations into co-conspirators (such as the guy in Canada who was arrested), allows for seizure of criminal profits (such as the cryptocurrency seized), and provides other allies the justification to quickly apprehend the moment they slip up and step foot into a country with an extradition treaty (which many hackers have done after an indictment).

              1. mealy

                I wasn’t whoever you were replying to who was confused about it.

                You could reply to them I guess instead of me. It’s less confused.
                I said nothing of any sort indicating that confusion, you read into it.
                Let me suggest you take a break from trying to correct the world, though it may be entirely wrong to your momentary eye.

                1. JamminJ

                  Misinformation and disinformation spread because of comments like yours and others.

                  You conflated an indictment with a “summons” to appear in court, as if it were absurd to issue an indictment for someone who would not voluntarily agree to self-extradite.
                  You are, knowingly or not, contributing to a myth that devalues the criminal justice process… simply because you don’t understand how it works.

                  You are of course, free to comment with this misinformation…. but don’t act surprised when someone corrects you.

                  1. mealy

                    Sorry, I never confused what you said I did in my obvious joke.

                    Excess egotism correcting jokes isn’t information. Nor expertise.

                    Sorry, try to give your eyeballs a badly needed rest at least when it comes to putting words in people’s mouths over obvious humor you’re unable to parse as that, for whatever obsessive reason.

                    You’re not training any lawyers here troll.

                    1. JamminJ

                      Sounds like a classic blunder. Expressed ignorance, then after being called out… saying it was “a joke”.
                      Sorry, but with all the other comments here, your comment is not “obviously a joke”. It is far simply just misunderstanding of a something most laymen misunderstand.

                      People hate being corrected, I get it. But take the information with some humility. If you aren’t reading this blog to learn something, then you might be the troll.

                    2. mealy

                      Enjoy your own, alternate, classic blunder.
                      I leave you to it, and and everyone else also.

                      The conflation is all yours.

  6. Moneyhunter

    Where is the money?
    I see as bounty hunter Opportunity Here 😛
    Little squeese of the balls and singing a song of money location 😛 lol

  7. ht

    Empty indictments that are pure DOJ theatre and a waste of time. These individuals will never be extradicted and will never see a court of law for the offenses.

    1. security vet

      …yes but look at the activity!…

      …kabuki theatre at it’s best…

    2. JamminJ

      Learn a little bit about how indictments work.

      Their purpose isn’t only to physically arrest the persons indicted, even though that may be the only thing the public understands about them.

      An indictment of foreign actors, even if extradition is not possible… also allows the US to charge co-conspirators who ARE within reach. Such as the Canadian-American citizen, Ghaleb Alaumary, “a 37-year-old from Mississauga, Ontario who pleaded guilty in November 2020 to charges of laundering tens of millions of dollars stolen by the DPRK hackers”.

      It would not make sense to indict only the persons who are within reach to arrest. Indict them all, it opens up the doors for prosecutors to investigate further and even seize assets like cryptocurrency that wouldn’t stay in North Korea.

      US indictments also allow for easier apprehension from non US law enforcement. Many a US-indicted Russian hacker was caught in Europe or some other country, to then be extradited.

      Indictments are just charges that opens the door for further investigations into co-conspirators (such as the guy in Canada who was arrested), allows for seizure of criminal profits (such as the cryptocurrency seized), and provides other allies the justification to quickly apprehend the moment they slip up and step foot into a country with an extradition treaty (which many hackers have done after an indictment).

  8. Mahhn

    I read the pdf, I see lots of charges, lots of definition, but there was nothing in it that says how they identified the individuals at any point. They could have just made up the names – judging strictly from the information on the charges.
    I recall reading that the sony hack was an inside job by a disgruntled employee over discrimination, thought that was the final “real story”, but I guess that depends on politics maybe, or at least nobody has taken the blame/owned up to it.
    Hope they have a hell of a lot more than a list of crimes and a couple names if they plan on sticking any charges.

    1. JamminJ

      Indictments of members of a Foreign Intelligence Service (FIS) is a bit tricky. I never expect the details to be made public.

      And it’s not really taking them at their word either. The DOJ has intelligence sources that are protected. Whether classified by their own agency, or another… the Grand Jury is privy to information that isn’t contained in the publicly released indictment linked in the pdf.

      1. Aaron

        It’s a fake prosecution if you have no hope of actually arresting the guy.

        1. JamminJ

          First off, it’s not a prosecution. It’s an indictment.
          So many people are legal laypersons who don’t know the difference, and some refuse to learn the difference.

          Arrest isn’t the only thing in the world.

          Indictments are just charges that opens the door for further investigations into co-conspirators (such as the guy in Canada who was arrested), allows for seizure of criminal profits (such as the cryptocurrency seized), and provides other allies the justification to quickly apprehend the moment they slip up and step foot into a country with an extradition treaty (which many hackers have done after an indictment).

  9. JamminJ

    First off, it’s not a prosecution. It’s an indictment.
    So many people are legal laypersons who don’t know the difference, and some refuse to learn the difference.

    Arrest isn’t the only thing in the world.

    Indictments are just charges that opens the door for further investigations into co-conspirators (such as the guy in Canada who was arrested), allows for seizure of criminal profits (such as the cryptocurrency seized), and provides other allies the justification to quickly apprehend the moment they slip up and step foot into a country with an extradition treaty (which many hackers have done after an indictment).

    1. security vet

      …indictments are not the only tool available…

      …and most are classified and will never see the sight of the public…

      …NSL’s, FISA wiretaps, informants, sources, etc…

      …btw you completely misunderstand the use and meaning and purpose of any art, including kabuki theater – but maybe you missed the liberal arts part of your education…

      1. JamminJ

        There are other options, yes. But indictments of foreigners are more than just theater. Certain intelligence community actions for investigations, work in some countries, but not others.
        In five eyes Nations, maybe indictments would not be the first choice.

        But again, many of these secret actions would not work in allowing other countries to seize cryptocurrency.
        Sometimes these things have to be done through a public diplomatic channel and indictments allow the DOJ to work closer and achieve more with other nations.

        For someone who’s never worked in government, I’m sure it looks to you like theater. You just have to consider your own perspective as being an outsider with no understanding of how the inner workings operate.

        It only takes a few minutes to actually read how criminal justice system works, and you don’t need to assume that everything is Shadow government, some Grand conspiracy, or theater.

      2. JamminJ

        Indictments are not the only tool… but depending on the circumstance… they are often the BEST tool that the US has to cooperate with other countries who may not be part of an agreement like 5 eyes.

        Most indictments are NOT classified. The vast majority are public record, and are unclassified by default. In fact, sealing an indictment is done by exception and requires additional work and justification.

        Yes, there are obviously components of secrecy at play when it comes to indictments of foreign intelligence services. I mentioned that to Mahhn, who expected to see the entire investigation in the publicly released indictment, complete with information regarding how the US identifies the suspects which would reveal sources/collection methods.
        This stuff is NOT part of the indictment… but does feed into it. Most importantly, they do not “replace” the need for indictments.

        This is the inner workings of the criminal justice system. It’s not theater. It may only seem like theater to those who have never worked in the government/IC.

        1. security vet

          …actually five eyes is used a lot for non-extradition countries where laws are not so constraining…

          …again indictments are less than 5% compared to other methods…

          1. JamminJ

            No, all of the 5 eyes countries already have extradition treaties in place. So no… they aren’t used for non-extradition countries.

            What is “less than 5%”? For collecting intel alone, Maybe.
            But what about tracking down and seizing funds? Indictments do it. What about international sanctions? Indictments make sanctions possible and easier for individuals.

            Having indictments in the US make it very easy for other countries to quickly detain. What “other methods” do that as effectively?

            1. security vet

              …you’re constrained by your lack of knowledge…

              …five eyes are used all the time against non-extradition countries, just because you don’t know doesn’t make it untrue…

              …read, for example, about “Parallel Construction”…

              1. JamminJ

                Looks like you changed the original topic.

                I was the first to mention 5 eyes… as not the best tool when trying for “cooperation” with these countries.
                I said, “they are often the BEST tool that the US has to COOPERATE WITH other countries who may not be part of an agreement like 5 eyes.”

                You said, “five eyes are used all the time AGAINST non-extradition countries”

                Sounds like we are talking about very different things.

                Yes, obviously for intelligence operations “against” NK… 5 eyes are better than indictments.
                But if we don’t know exactly where or when the suspects might wander, or what country their money will pass through… indictments allow for quick seizure. 5 eyes do not.

                If we want a country to help us out, and they aren’t part of 5 eyes or any other partnership… then using other 5 eyes countries “against” them, isn’t going to foster cooperation. Indictments are necessary because it just means formal charges are drawn, and a country won’t have to involve the intelligence community to know that the suspect is a wanted criminal.

                Yes, I am aware that other agencies must have been involved prior to indictments in order to get the intel needed to even begin the indictment. In fact, I made that very point to Mahhn when he expressed suspicion that the public indictment didn’t have detailed intelligence regarding attribution. I responded that not every part of the investigation would be public. Indictments are only one part of the process. But that doesn’t mean it can be discarded.

                1. security vet

                  …my original point was that indictments against citizens of countries we don’t have extradition treaties with are theater as best…

                  …and it still stands…

                  …unless these three guys are lured to a country were we can arrest them…

                  1. JamminJ

                    Thanks for getting back on point.
                    Makes it easier to disagree clearly.

                    “indictments against citizens of countries we don’t have extradition treaties with are theater as best”
                    “unless these three guys are lured to a country were we can arrest them”

                    Arrest is NOT the only purpose of an indictment.
                    Just like removal is NOT the only purpose of impeachment.

                    Just because arrest is the best known and best possible outcome… doesn’t make it the only one.

                    The courts can still convict someone, even if jail time isn’t part of the sentence. Sometimes the sentence is “time served”. In case of impeachment conviction, the Constitution allows for disqualification (cannot hold public office in the future) too.

                    So it sounds like you are making a similar argument that the Republican party made about impeachment. Because “removal” was no longer an option, no other penalty of conviction should be applicable, even though explicitly mentioned in the Constitution.

                    Indictments do not only allow for arrest. Just as impeachment is not restricted to only removal.

                    I do understand how it seems like “theater” because of how legal laymen do not see past the most common result of a legal term like indictment.

                    But just because you don’t know that indictments can have other positive results, doesn’t mean they don’t exist.

                    1. security vet

                      …the *only* reason you ever do an indictment is you intend to arrest the person and/or go to court…

                      …since we’ll never do either in this case to the three NK citizens it’s theater to show action…

                      …period…

                      …now are there other things we can do, absolutely, and we’re doing them, but since it’s classified you’ll never know what those are…

                    2. JamminJ

                      “…the *only* reason you ever do an indictment”

                      You can say the word “period” all you like. But you are absolutely wrong.
                      It is obvious you are out of your field, and do not have experience with criminal justice matters or foreign legal affairs.

                      Yes, I agree that’s classified actions have contributed to this indictment and many are ongoing. And we’ll never know unless we are read on to that.

                      Similarly if you are not in the criminal justice field, you wouldn’t have any idea the scope, function, or purpose of an indictment.

                      We will keep hearing about these indictments of foreign actors from Krebs and others.
                      They will happen regardless of the politics or whoever is in the white house or running the DOJ.
                      Why? Because it’s not theater, it’s just bigger than you understand.

    2. Aaron

      Prosecution includes indicting. It’s the first step, the second is trying. The purpose of indictments is to warn the defendant so he can get a fair trial, do research, hire an attorney etc.

      1. JamminJ

        Basic logic Aaron.
        Prosecutions follow indictments but that does not mean indictments equate to prosecution.
        Remember A follows B, but A Not Equal to B.
        But I suspect you were just stretching to cover your mistake.

        Many indictments are simply never prosecuted because not enough evidence or other circumstances that the district attorney must calculate.

        Also, many indictments are under seal. And the secrecy of a grand jury. Indictments don’t become public until much later.
        Many suspects don’t know about indictments until after arrest. Many more suspects are given subpoenas, summons, notice to preserve documents, etc…. Way before indictments.
        So your claim regarding the purpose of indictments as the primary means to notify a suspect to prepare for court, is also wrong.

        1. thegreyfoxx

          Or never indicted and prosecuted because the subject party is a member of your protected political class.
          Plenty examples in recent memory, unless the subject is … DJT, then everyone associated including his ham sandwich is investigated or indicted.
          10 comments out of 37 = 28%.
          You should create your own blog. Cease polluting Brian’s.
          Just sayin’…

          1. JamminJ

            Exercising free speech, same as you.

            If anyone on the left did half the stuff DJT did… they too would investigated and indicted. HRC certainly was investigated for everything.

            DJT should not have filled his campaign staff with shady mobsters with Russian ties. It is insane that an American political campaign would be filled with so many people who do business in Russia. It is not a common thing for US businesses.

            Even conservative judges and justices are allowing the investigations and coming indictments. That should say a lot.

  10. FaceTime

    I am not a legal expert… but I do have experience in indictments of foreign cyber criminals. Just like many of the articles written on Krebs on Security filed under “ne’er do wells”… these indictments are featured quite heavily.
    And the comment section quickly flooded with ignorant comments about how indictments are worthless because the accused won’t volunteer to self-extradite to the US, or more broadly that an arrest must be probable or imminent for an indictment to have value.

  11. security vet

    …just so we’re clear – i’ve testified 20 times in court, written hundreds of expert reports, been deposed scores of times – so i have forgotten more than you’ll ever know…

    1. security vet

      …oh, i also teach a popular course on cybercrime and one on ethics…

    2. JamminJ

      Considering you only seem to write 3 fractions of a sentence at a time, I have seen nothing to validate your claims of experience. I won’t even bother flexing my experience like you have just tried, but yours is not impressive.

      You don’t appear to have the experience to understand the full complexity of the criminal justice system since you think an indictment only has such a narrow purpose.

      You are spreading misinformation. It has become a popular myth on nearly every KOS article. It is common to see an article written about an indictment of a foreigner seemingly unreachable by US law enforcement.
      But you people like you who believe everything is a conspiracy or political theater… start flooding the comments claiming indictments are worthless unless apprehension is likely or imminent.

      What you ignore, with this myth… is the fact that subsequent articles are often written years later, if ever. They describe tracking illicit funds from criminal activity, that get seized… due to indictments years before.
      Organized crime rings get huge multinational operations… taking down cyber crime elements in places that do extradite…. were built on indictments made years before.

      1. security vet

        …rampant cyber crime *proves* indictments alone don’t fix things…

        …but i repeat myself…

        1. security vet

          …btw i don’t believe in any conspiracy theories, not sure where you got that idea, or are you starting one yourself?…

        2. JamminJ

          So now your argument is that “indictments ALONE don’t fix things”

          Yes, duh. I have given several examples of how indictments have led to other actions, opening doors for law enforcement to fight cyber criminals.

          I agree that indictments are weakened if arrest isn’t feasible. But that is a far cry from labeling them as useless, or “theater”.

          But it sounds like you (and others) are making a black/white absolutist arguments. Which is why conspiracy theorists share the same opinion about indictments, even if you don’t believe in those theories yourself, it’s the same rationale I am seeing all over the comments.

          You don’t have to take an extreme viewpoint regarding indictments of foreigners (they work perfectly, they “fix things” / they are useless and nothing but theater).

          We can realize they have value and are useful for the bigger picture, but they aren’t going to give law enforcement the best outcome.

          1. security vet

            …you confuse theater with useless – your loss…

            …there are least seven reasons for crime, but i’ll let you discover them…

            …it’s not black and white or all we’d need were indictments – see 1984 for example…

            …if we just outlawed illegal behavior, oh wait it is illegal, yet continues, hmmm, must be something we don’t see, or are unwilling to address…

            …indicting people for cybercrime misses the point entirely, but i repeat myself…

            1. JamminJ

              You’re blabbering. You’re insistence on writing in only incomplete sentences, and unfinished thought doesn’t help your argument. Rather, in comes across as incoherent.

              You could correct yourself by just admitting the usefulness of indictments such as these. As I have already shown to you. But you insist on speaking in cryptic absolute claims. Using the word “only”. When I’ve shown you the exceptions.

              You said it’s nothing more than theater. And are still implying useless.
              It’s up to you to clarify by using real words and whole sentences.

  12. timeless

    @Brian (good writeup as always), minor typographical issues:

    > ”Tony Walker”

    First fancy close quote should be open

    > “AppleJeus. “Hidden Cobra”

    Missing close quote.

Comments are closed.