A Canadian-American citizen, who laundered tens of millions of dollars for cybercriminals including North Korea’s military intelligence agency hackers, has been sentenced to 11 years in prison, the U.S. Department of Justice announced.

Fast facts

  • Ghaleb Alaumary, 36, pleaded guilty to money laundering in 2020 and has been asked to pay US$30 million in restitution to victims in the U.S. and beyond by a U.S. federal court. His sentence requires him to serve three years of supervised release after completing his prison term.
  • According to court documents, Alaumary was the money man — or the chief point of contact — for cybercriminals to hide their dirty money while he also partnered with others and carried out his own schemes. In other words, he was a professional money and crypto launderer with his own team — much like a banking service, except he catered to a very selective clientele that included hackers, scammers and cybercriminals. “He laundered money for a rogue nation and some of the world’s worst cybercriminals, and he managed a team of co-conspirators who helped to line the pockets and digital wallets of thieves,” acting U.S. Attorney David H. Estes said.
  • Alaumary and his partners used business email compromise schemes, ATM cash-outs and bank cyber thefts to steal money and then laundered it through wire transfers and by converting it into cryptocurrencies, according to court records. Alaumary had previously pleaded guilty to two counts of money laundering — a phishing attack on a Canadian university that led to the loss of US$9.4 million in 2017, and a case in which Alaumary recruited minions to withdraw stolen cash from ATMs and laundered money stolen from multiple cyber attacks and Ponzi schemes.
  • “International money launderers provide critical services to cybercriminals, helping hackers and fraudsters to avoid detection and hide their illicit profits,” assistant Attorney General Kenneth A. Polite Jr. of the DOJ’s criminal division said. “Small and large companies, a university, banks and others lost tens of millions of dollars in this scheme.” Other victims of Alaumary’s crimes include banks based in India, Pakistan and Malta, U.K. and U.S. companies, a professional soccer club in the U.K., and other American citizens.   
  • The funds laundered by Alaumary included the proceeds from a 2019 cyber heist of a Maltese bank orchestrated by North Korean hackers with military ties. These hackers, who called themselves “Guardians of Peace,” were also behind the massive hack of Sony Pictures in 2014, as revenge for producing the movie “The Interview,” a satire depicting North Korean leader Kim Jong Un. The hack caused a huge scandal in Hollywood as the hackers released troves of internal emails that shone an unfavorable light on studio chiefs and other entertainment industry hotshots. The hackers were indicted earlier this year for extorting over US$1.3 billion from financial institutions and companies, and for launching fraudulent and malicious crypto applications and blockchain platforms.
  • Elsewhere in the country, Michael Ackerman, who led a fraudulent cryptocurrency investment scheme that resulted in victims losing over US$30 million, pleaded guilty to fraud on Wednesday. Ackerman promised 15% monthly returns to his customers from an investment pool and conned them by claiming the fund’s total balance had reached US$315 million, when in reality, it never exceeded US$5 million. Instead of managing the fund and investing it, Ackerman used it to support a lavish lifestyle and stole at least US$9 million. Ackerman has agreed to return US$30.6 million in restitution as well as forfeit US$36 million in assets.