Thousands of North Koreans stole Americans’ identities and took remote-work tech jobs at Fortune 500 companies

Thousands of North Koreans stole Americans’ identities and took remote-work tech jobs at Fortune 500 companies.

The Justice Department announced the arrests of three individuals on Thursday in connection with a sophisticated stolen identity scheme that officials say generates significant proceeds for the North Korean government, including its weapons program.

The scheme involves thousands of North Korean information technology workers who are sent abroad by the government. These workers use the stolen identities of Americans to secure remote employment with U.S.-based Fortune 500 companies, gaining access to sensitive corporate data and lucrative paychecks.

Heavily sanctioned North Korea, cut off from the U.S. financial system, exploits a “toxic brew” of factors including a high-tech labor shortage in the U.S. and the rise of remote telework, said Marshall Miller, the Justice Department’s principal associate deputy attorney general, in an interview.

The Justice Department states that these cases are part of a broader strategy to not only prosecute individuals enabling the fraud but also to build partnerships with other countries and warn private-sector companies about the need to be vigilant in their hiring practices. FBI and Justice Department officials initiated this effort in March and last year announced the seizure of website domains used by North Korean IT workers.

“More and more often, compliance programs at American companies and organizations are on the front lines of protecting our national security,” Miller said. “Corporate compliance and national security are now intertwined like never before.”

The Justice Department indicates that the conspiracy has affected more than 300 companies — including a high-end retail chain and a “premier Silicon Valley technology company” — and generated over $6.8 million in revenue for the workers based outside the U.S., including in China and Russia.

The three people arrested include an Arizona woman, Christina Marie Chapman, who prosecutors say facilitated the scheme by helping the workers obtain and validate stolen identities, receiving laptops from U.S. companies under the false impression they were sending them to legitimate employees, and helping the workers connect remotely to the companies.

According to the indictment, Chapman operated more than one “laptop farm” where U.S. companies sent computers and paychecks to IT workers they believed were in the U.S. At these laptop farms, she allegedly connected overseas IT workers who logged into company networks remotely, making it appear as though the logins were coming from the United States. She also allegedly received paychecks for the overseas IT workers at her home, forged beneficiaries’ signatures for transfers abroad, and enriched herself by charging monthly fees.

The other two defendants are a Ukrainian man, Oleksandr Didenko, who created fake accounts on job search platforms and was arrested in Poland last week, and a Vietnamese national, Minh Phuong Vong, who was arrested Thursday in Maryland on charges of fraudulently obtaining a job at a U.S. company that was actually performed by remote workers posing as him and based overseas.

It was not immediately clear if any of the three had legal representation.

Separately, the State Department announced a reward for information about certain North Korean IT workers assisted by Chapman. The FBI, which conducted the investigations, issued a public service announcement warning companies about the scheme, encouraging them to implement identity verification standards during the hiring process and to educate human resources staff and hiring managers about the threat.