Another Multinational DPRK IT Worker Scam Is Busted by DoJ

An IT worker scam has resulted in the indictment of two Americans, two North Koreans, and a Mexican man. Pak Jin-Song, Jin Sung-Il, and other North Korean conspirators obtained IT positions with at least 64 different U.S. companies, according to the Department of Justice (DoJ). With the assistance of laptop farms run by US citizens Emanuel Ashtor and Erick Ntekereze Prince, they were able to manage it under false identities made possible by Pedro Ernesto Alonso De Los Reyes, a Mexican national residing in Sweden.

The scam ran from April 2018 to August of last year. The DoJ pointed out that just 10 of the 64 impacted companies' earnings gave the scammers $866,255, giving an idea of how profitable it was. 

Deconstruction of a North Korean Cybercrime

As a workaround for the trade and economic restrictions that the United States put on the Democratic People's Republic of Korea (DPRK), the proven scam of the IT worker emerged. North Koreans who work for sanctioned DPRK government agencies, adopt false identities, and relocate to countries like China and Russia seek remote positions in the lucrative software sector in the United States. They do their work well enough, yet they go back to their shriveled government with their earnings. And unavoidably, some of that money goes toward financing its infamous missile and nuclear development projects.

Finding a well-paying tech job, however, is not an easy or quick task. North Korea enlists Americans and other foreigners to help with these frauds, either through deception or commerce to aid in their plan's execution. The assistance in this instance came from a few key players.

The eager job searchers often used Alonso's identity as a loan, presenting it as their own during the interview and application processes. Other times, North Koreans took government identification credentials belonging to actual US individuals and put their headshots on them. They asked the Internet for assistance with forgeries in other instances.

Company laptops were provided to Ashtor or Prince after the North Korean workers secured occasionally six-figure jobs. The Americans eventually operated full-fledged laptop farms out of their North Carolina houses. North Koreans in China were able to work from laptops on the US East Coast by secretly downloading and putting remote access software on these business-owned computers. They also utilized their own registered companies to bill employers, hiding the true destination of the salaries. After that, money would be laundered via bank accounts in China.

In the Netherlands, Alonso was arrested, while Ashtor and Prince were detained in North Carolina. Conspiracy to destroy a protected computer, conspiracy to commit mail and wire fraud, conspiracy to transfer fraudulent identification documents, and conspiracy to commit money laundering are the current charges against all five men. Conspiracy to violate the International Emergency Economic Powers Act is a supplementary offense for the two North Koreans who were named. Those found guilty might face up to 20 years in jail.

Are Cybercrimes Affected by Recent Arrests?

To stop the laptop farms that are essential to supporting North Korean IT worker frauds, the DoJ started the DPRK RevGen: Domestic Enabler Initiative in March of last year. Four significant arrests and seizures have been made by authorities in the interim.

"They've been warned about this for two years, and we're finally just now starting to see the United States government starting to form a defensive policy, [with] routine arrests and sanctions," says Roger Grimes, a data-driven defense evangelist at KnowBe4, a company that last year unintentionally appointed a North Korean employee.

Grimes has yet to see a discernible decrease in these scams since the start of the DoJ program. Indeed, since its initial, well-publicized incident, he says, KnowBe4 has been inundated with applications from phony IT professionals. However, any Americans who join Kim may think that the job isn't always as profitable as it appears, aside from the risk of jail.

"A lot of them have been cheated," mentions Grimes. He asserts that although there have been many different examples, "Many [Americans] have been promised a lot more, and either only got paid partially, or some of them didn't get paid at all." They were so truly defrauded.