North Koreans using false identities to get US jobs and send millions home


IT workers from North Korea have for years secretly worked at American companies and sent millions of dollars to the regime back home. Now, the Federal Bureau of Investigation is acting.

They used stolen identity cards and Social Security numbers. They paid US workers to do video job interviews and conference calls for them. And they used US Wi-Fi and IP addresses to conceal their true location.

Millions of dollars in wages, paid to them by unsuspecting US companies, were sent back to their real home – North Korea. The regime in Pyongyang is using the money made by thousands of its IT workers to fund the country’s weapons program.

ADVERTISEMENT

The US has known about the issue for years. In the spring of 2022, the FBI said in an advisory that North Korea dispatched highly skilled IT workers around the world to generate revenue for the government.

Now, the FBI says that it has seized 17 websites used by these workers to disguise their identity and get hired by US companies. The Justice Department has also seized bank accounts holding $1.5 million in illicit funds.

North Korean IT workers designed the 17 website domains to appear like domains of legitimate, US-based IT services companies, thereby helping the IT workers to hide their true identities and location when applying online to do remote work for US and other businesses worldwide.

“The seizures announced protect US companies from being infiltrated with North Korean computer code and help ensure that American businesses are not used to finance that regime’s weapons program,” said Assistant Attorney General Matthew Olsen of the Justice Department’s National Security Division.

“The Department of Justice is committed to working with private sector partners to protect US business from this kind of fraud, to enhance our collective cybersecurity and to disrupt the funds fueling North Korean missiles.”

The FBI said that North Korean workers are primarily sent to live in China and Russia, where they attempt to get hired as freelance remote employees. They allegedly went out of their way to make it look like they were working from the US by, for example, paying Americans to use their home Wi-Fi connections.

The workers generated millions of dollars a year for the North Korean Ministry of Defense and other entities, directly involved in weapons programs prohibited by the United Nations.

Not only that – in some instances, the IT workers also infiltrated the computer networks of unwitting employers to steal information and maintain access for future hacking and extortion schemes.

ADVERTISEMENT

US officials said that companies should be extra vigilant in verifying whom they are actually hiring and require that all interviewees appear via video.

“Companies must be vigilant to verify whom they're hiring. At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities. Without due diligence, companies risk losing money or being compromised by insider threats they unknowingly invited inside their systems,” FBI Special Agent in Charge Jay Greenberg said.

The FBI has also issued updated guidance on how to spot and report North Korean IT workers. For instance, firms using third-party staffing agencies or outsourcing companies should conduct due diligence checks on the offered individuals themselves.