As reported by Fortune on May 16th, the Justice Department announced the arrests of three individuals involved in a sophisticated stolen identity scheme that allegedly generates substantial proceeds for the North Korean government, including funding for its weapons program.
According to officials, the intricate scheme entails the deployment of thousands of North Korean information technology workers by the government to live overseas. These workers allegedly rely on stolen American identities to secure remote employment at U.S.-based Fortune 500 companies, granting them access to sensitive corporate data and substantial pay.
Marshall Miller, the Justice Department’s principal associate deputy attorney general, described the fraud as a means for heavily sanctioned North Korea to exploit various factors, such as the high-tech labor shortage in the U.S. and the increasing prevalence of remote telework.
The Justice Department emphasized that these cases are part of a broader strategy to prosecute individuals involved in the fraud, as well as to establish partnerships with other countries and caution private-sector companies about the importance of vigilance in their hiring processes. Last year, FBI and Justice Department officials seized website domains used by North Korean IT workers as part of an initiative launched in March.
The Justice Department revealed that the conspiracy has impacted over 300 companies, yielding more than $6.8 million in revenue for the overseas workers based in countries like China and Russia. Among the three individuals arrested, Christina Marie Chapman from Arizona was allegedly involved in facilitating the scheme by aiding the workers in obtaining and validating stolen identities, receiving laptops from U.S. companies under the guise of legitimate employees, and assisting the workers in remotely connecting to the companies.
The indictment alleges that Chapman operated multiple "laptop farms," to which U.S. companies unwittingly sent computers and paychecks for overseas IT workers. She reportedly connected these workers to company networks, making it appear as if the logins were originating from the United States. Additionally, Chapman is accused of receiving paychecks for the overseas workers at her residence, forging the beneficiaries’ signatures for transfer abroad, and profiting by charging monthly fees.
The other two defendants include Oleksandr Didenko, a Ukrainian man who allegedly created fake accounts on job search platforms and was arrested in Poland, and Minh Phuong Vong, a Vietnamese national who was apprehended in Maryland on charges of fraudulently obtaining a job at a U.S. company that was actually performed by remote workers posing as him and located overseas.
The State Department announced a reward for information about specific North Korean IT workers allegedly assisted by Chapman. Additionally, the FBI issued a public service announcement cautioning companies about the scheme and encouraging them to implement identity verification standards in their hiring processes, as well as to educate human resources staff and hiring managers about the threat.