North Korean IT workers: elaborate Schemes to Fund the Regime Exposed
North Korea continues to employ increasingly sophisticated methods to generate revenue, often through illicit activities conducted by its IT workforce.Recent legal proceedings have unveiled a complex network of deception, revealing how North Korean operatives infiltrate legitimate companies under false pretenses to steal funds and funnel them back to Pyongyang.A Pattern of Impersonation and Fraud
Investigations reveal a consistent pattern: North Korean IT workers assume fabricated identities, secure employment at companies worldwide, and then exploit their positions for financial gain. These individuals aren’t simply seeking jobs; they are strategically placed to facilitate cryptocurrency theft and laundering operations.
Here’s a breakdown of the recent case:
One operative initially entered the US using a fraudulently obtained passport and the alias “Han Jang Ho.”
He later secured employment at a Serbian virtual currency firm, again using a false identity – “Peter Xiao” – facilitated by a pre-existing north Korean IT worker already embedded within the company. This individual is accused of stealing and laundering approximately $200,000 in cryptocurrency.
The Broader Context: Funding a Military Program
These aren’t isolated incidents. Western intelligence agencies consistently maintain that these elaborate schemes are a key component of North Korea’s strategy to fund its military programs.The schemes often leverage infrastructure within the United States and rely on tactics like ”laptop farms” – networks of computers used for illicit activities.
You might be wondering what a laptop farm is. Essentially, it’s a collection of computers used to carry out tasks like cryptocurrency mining or hacking, often remotely controlled and operated by North Korean operatives.
Fake Identities and Stolen Credentials
The recent case also involved two other individuals, “Joshua Charles Palmer” and “Chris Yu,” who allegedly participated in a raid on a New York-based company. Their methods highlight the lengths to which these operatives will go to maintain their cover.
“Palmer” presented a Michigan identity card that,while legitimately issued,contained a photograph that did not match his actual appearance. The state’s DMV confirmed the card’s serial number was linked to the fraudulent use.
“Yu” provided a fabricated Malaysian identity document, claiming a birthdate and location that where linked to other known North Korean IT workers.
The US Response and Rewards Program
The US government is taking these threats seriously. The Rewards for Justice program is currently offering a $5 million reward for information leading to the disruption of the financial mechanisms used by North Korean operatives. This demonstrates a commitment to dismantling these networks and preventing further illicit funding.What You Can Do to Protect Your Institution
If you’re involved in hiring IT professionals, it’s crucial to be vigilant. Consider these steps:
Thorough Background Checks: Go beyond standard checks and investigate potential red flags.
Verify Credentials: Independently verify all provided documentation, including identity cards and educational records.
behavioral Interviewing: Look for inconsistencies in responses or behaviors that might indicate deception.
* Stay informed: Keep abreast of the latest tactics used by North Korean IT workers.
These schemes are evolving, and staying informed is your best defense. By understanding the methods employed by these operatives, you can better protect your organization and contribute to the global effort to disrupt North Korea’s illicit financial activities.
