A U.S. court sentenced a Canadian man to 11 years in prison for his role in a global hacking and money laundering scheme allegedly spearheaded by North Korean cybercriminals.
Ghaleb Alaumary, a 36-year-old Ontario native, was sentenced Wednesday to 140 months in federal prison and to pay more than $30 million in restitution after pleading guilty to two counts of conspiracy to commit money laundering, the Justice Department announced.
The defendant’s role involved providing bank accounts into which North Korean hackers could funnel stolen currency, and then recruiting individuals to withdraw cash from ATMs around the world. The millions of dollars came from sources including the 2019 theft of a Maltese bank, a 2018 fraud from Pakistan’s BankIslami, as well as a professional soccer team based in the U.K., according to the Justice Department.
Alaumary was also reportedly connected to Ramon Abbas, a Nigerian Instagram influencer better known as “Hushpuppi” who prosecutors allege used email fraud to fund a life of luxury.
The Alaumary case, which is linked to a larger, ongoing matter in Los Angeles, provides a rare glimpse into the connections between individual money launderers and the groups that rely on their expertise to capitalize on financial windfalls while avoiding detection.
In this case, prosecutors alleged that Alaumary worked for three North Korean men who functioned as part of the country’s military intelligence agency, and had involvement in high profile cyberattacks ranging from the breach at Sony Pictures in 2014 and the WannaCry ransomware outbreak in 2017. (Alaumary is not accused of having a role in either of those cases.)
ATM cash-out conspiracies represent a significant revenue opportunity for Pyongyang-backed hackers, to the extent that the U.S. government has issued alerts warning that the scams pose a “significant threat to financial institutions.”
American investigators, for instance, have published numerous threat alerts about a hacking collective known loosely as “Hidden Cobra,” which intelligence agencies suggest helps the North Korean government make money in the face of international sanctions. The same group appears to have links, however murky, to the hacking group APT38, or Lazarus Group.
Alaumary’s case isn’t limited to his work with North Korea, however.
Prosecutors also described a scam in which he used spoofed emails to impersonate a construction company. By posing as a contractor, Alaumary duped a Canadian university into sending him $9.4 million. In another matter, Alaumary used a roster of other scammers to impersonate wealthy bankers to con victims out of their personal information, then take hundreds of thousands of dollars from their bank accounts.
Alaumary faced a maximum of 20 years in prison.