Remote work might be the way of the future but according to the U.S. Department of Justice, that remote IT person at your company could be a North Korean national, and the money you pay him or her might go straight back to their home country, the Democratic People’s Republic of Korea, or DPRK.
According to the DOJ, two North Korean nationals, two U.S. Nationals, and one man from Mexico were indicted on Jan. 23 on charges they ran a multiyear “laptop farm” in the United States, through which North Korea‘s Jin Sung-Il and Pak Jin-Song obtained remote IT work with at least 64 U.S. companies, generating nearly $900,000 in revenue for the DPRK while evading sanctions. Erick Ntekereze Prince and Emanuel Ashtor, both from the U.S., and Pedro Ernesto Alonso De Los Reyes, from Mexico, were also indicted for their role in facilitating the scam.
American laptops, DPRK workers
According to the DOJ, the five men indicted scammed American companies between 2018 and 2024. The companies provided the laptops, thinking they’d hired American workers, but in fact, the laptops resided in so-called “laptop farms,” in this case, in North Carolina. The DPRK knowingly sends workers to other countries, most often Russia or China, who then get hired as freelance IT workers and remotely access those laptops. A Chinese bank then launders the money they’re paid, directly funding the DPR and the Kim Jong Un regime, including the DPRK’s weapons of mass destruction programs.
The DOJ says fraudulent DPRK IT employees have earned up to $300,000 a year, and various “laptop farm” schemes have generated hundreds of millions for North Korea. The hiring companies all provided fake email addresses, social media accounts, online job site accounts, and more. The IT workers in this case used stolen or assumed U.S. identities to secure the work.
“The indictments announced today should highlight to all American companies the risk posed by the North Korean government,” the FBI’s Cyber Division’s Assistant Director Bryan Vorndran said, referring to the most recent case, adding, “As always, the FBI is available to assist victims of the DPRK. Please reach out to your local FBI field office should you have any questions or concerns.”
Post-COVID, the problem got worse
According to John Hultquist, head of threat intelligence at the cybersecurity firm Mandiant, the shift to remote work around the world and gig economy jobs in general have left U.S. companies particularly vulnerable to such scams. FBI special agent Jay Greenberg told the AP if your company has hired a remote IT professional, then at some point, it has “more than likely” hired a North Korean national working under an assumed identity.
“At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities,” Greenberg said. Cybersecurity expert Hultquist added, “I think the post-COVID world has created a lot more opportunity for them because freelancing and remote hiring are a far more natural part of the business than they were in the past.”