Two Americans, two North Koreans, and a Mexican man have been indicted for their roles in an IT worker scam.
According to the Department of Justice (DoJ), Pak Jin-Song, Jin Sung-Il, and other North Korean co-conspirators secured IT jobs with at least 64 different American companies. They managed it using fake identities facilitated by Pedro Ernesto Alonso De Los Reyes, a Mexican citizen living in Sweden, and carried out their jobs with the help of laptop farms maintained by US citizens Emanuel Ashtor and Erick Ntekereze Prince.
The ruse lasted from April 2018 to last August. For a sense of how lucrative it was, the DoJ noted that earnings from just 10 of the 64 affected companies yielded the scammers $866,255.
Breakdown of a North Korean IT Scam
The IT worker scam, now tried and true, developed as a workaround for trade and economic sanctions imposed by the US on the Democratic People’s Republic of Korea (DPRK). North Koreans under the employ of sanctioned DPRK government ministries, under assumed identities and relocated in places like China and Russia, apply for remote jobs in America’s lucrative tech industry. They perform their jobs adequately enough, but funnel their earnings back to their shriveled government. And some portion of that money, inevitably, ends up funding its notorious nuclear and missile development programs.
But getting a high-paying tech job is no simple, overnight process. To facilitate these scams, by trick or by trade, North Korea recruits Americans and other foreign nationals to help them implement the plan. In this case, the help came from a few central individuals.
In some cases, Alonso lent the hungry job seekers his identity, which they presented as their own in job applications and interview processes. In other cases, the North Koreans stole real US citizens’ government identification documents, then superimposed their own headshots on them. In other cases, they solicited help with forgeries from the Web.
After securing sometimes six-figure gigs, the North Korean workers would have company laptops delivered to Ashtor or Prince. By a certain point, the Americans were running full-on laptop farms from their homes in North Carolina. To enable North Koreans in China to work from laptops on the US East Coast, they covertly downloaded and installed remote access software onto these corporate devices. And to conceal where the salaries were actually going, they used their own registered companies to invoice employers. Payments would then be laundered through Chinese bank accounts.
Ashtor and Prince were arrested in North Carolina, and Alonso in the Netherlands. All five men are now charged with conspiracy to cause damage to a protected computer, conspiracy to commit wire fraud and mail fraud, conspiracy to commit money laundering, and conspiracy to transfer false identification documents. The two named North Koreans have earned a bonus charge of conspiracy to violate the International Emergency Economic Powers Act. Convictions could entail prison sentences of up to 20 years.
Are Recent Arrests Having an Impact on Cybercrime?
Last March, the DoJ launched its DPRK RevGen: Domestic Enabler Initiative, focused on shutting down the laptop farms crucial to facilitating North Korean IT worker scams. In the time since, authorities have made notable arrests and seizures on four separate occasions.
“They’ve been warned about this for two years, and we’re finally just now starting to see the United States government starting to form a defensive policy, [with] routine arrests and sanctions,” says Roger Grimes, data-driven defense evangelist at KnowBe4, a company that accidentally hired a North Korean employee last year.
Grimes hasn’t yet observed any noticeable decline in these scams since the DoJ initiative began. In fact, he reports, KnowBe4 has received applications from fake IT workers even since its first, widely publicized incident. Any Americans joined up with Kim might consider, though, that besides the threat of arrest, the gig isn’t always as lucrative as it seems.
“A lot of them have been cheated,” Grimes notes. While cases have varied widely, he claims, “Many [Americans have been] promised a lot more, and either only got paid partially, or some of them didn’t get paid at all. So they were really cheated.”
