The Justice Department on Thursday announced the arrests of three people in a complex stolen identity scheme that officials say generates enormous proceeds for the North Korean government, including for its weapons program.
The scheme involves thousands of North Korean information technology workers who prosecutors say are dispatched by the government to live abroad and who rely on the stolen identities of Americans to obtain remote employment at U.S.-based Fortune 500 companies, jobs that give them access to sensitive corporate data and lucrative paychecks.
The fraud is a way for heavily sanctioned North Korea, which is cut off from the U.S. financial system, to take advantage of a “toxic brew” of converging factors, including high-tech labor shortage in the U.S. and the proliferation of remote telework, Marshall Miller, the Justice Department’s principal associate deputy attorney general, said in an interview.
The Justice Department says the cases are part of a broader strategy to not only prosecute individuals who enable the fraud but also to build partnerships with other countries and to warn private-sector companies of the need to be vigilant about the people they’re hiring. FBI and Justice Department officials launched an initiative in March and last year announced the seizure of website domains used by North Korean IT workers.
“More and more often, compliance programs at American companies and organizations are on the front lines of protecting our national security,” “Corporate compliance and national security are now intertwined like never before.”
The Justice Department says the conspiracy has affected more than 300 companies — including a high-end retail chain and “premier Silicon Valley technology company” — and generated more than $6.8 million in revenue for the workers, who are based outside of the U.S., including in China and Russia.
The three people arrested include an Arizona woman, Christina Marie Chapman, who prosecutors say facilitated the scheme by helping the workers obtain and validate stolen identities, receiving laptops from U.S. companies who thought they were sending the devices to legitimate employees and helping the workers connect remotely to the company.
According to the indictment, Chapman ran more than one “laptop farm” where U.S. companies sent computers and paychecks to IT workers they did not realize were overseas.
At Chapman’s laptop farms, she allegedly connected overseas IT workers who logged in remotely to company networks so it appeared the logins were coming from the United States. She also is alleged to have received paychecks for the overseas IT workers at her home, forging the beneficiaries’ signatures for transfer abroad and enriching herself by charging monthly fees.
The other two defendants include a Ukrainian man, Oleksandr Didenko, who prosecutors say created fake accounts at job search platforms and was arrested in Poland last week, and a Vietnamese national, Minh Phuong Vong, who was arrested Thursday in Maryland on charges of fraudulently obtaining a job at a U.S. company that was actually performed by remote workers who posed as him and were based overseas.
It was not immediately clear if any of the three had lawyers.
Separately, the State Department said it was offering a reward for information about certain North Korean IT workers who officials say were assisted by Chapman.
And the FBI, which conducted the investigations, issued a public service announcement that warned companies about the scheme, encouraging them to implement identity verification standards through the hiring process and to educate human resources staff and hiring managers about the threat.
