North Korean IT workers infiltrated Fortune 500 companies using stolen American identities. A wake-up call for companies worldwide.
In a surprising revelation, the U.S. Justice Department recently announced a series of arrests related to a complex identity theft scheme involving North Korean IT workers. Thousands of these workers, dispatched by their government, have infiltrated Fortune 500 companies by using stolen American identities. This elaborate fraud has far-reaching implications for national security and corporate compliance.
The fraud scheme is a way for heavily sanctioned North Korea, which is cut off from the U.S. financial system, to take advantage of a “toxic brew” of converging factors, including a high-tech labor shortage in the U.S. and the proliferation of remote telework, Marshall Miller, the Justice Department's principal associate deputy attorney general, said in an interview.
Over 300 companies, including a prominent Silicon Valley technology company and a high-end retail chain, have been victims of this scheme. The workers in countries like China and Russia have generated more than $6.8 million in revenue through this fraudulent activity.
According to the Justice Department, these cases are part of a broader strategy to prosecute the perpetrators of the fraud, build partnerships with other countries, and warn private-sector companies about the real identities of the people they hire. Among those arrested was an Arizona woman, Christina Marie Chapman, who, according to prosecutors, facilitated the scheme by helping workers obtain and validate stolen identities, receive and host laptops from U.S. companies that thought they were sending the devices to legitimate workers, and help them connect remotely to companies.
The other defendants include a Ukrainian man named Oleksandr Didenko, who prosecutors say set up fraudulent accounts on job search sites and sold them to overseas workers who subsequently applied for employment at US companies. Last week, he was arrested in Poland, and the Justice Department said it seized his company's Web site.
A Vietnamese national, Minh Phuong Vong, was arrested in Maryland on charges of fraudulently obtaining a job at a U.S. company that was performed by remote workers who posed as him and were based overseas.
The Federal Bureau of Investigation, which carried out the investigation, issued a public service announcement warning companies about the scheme, encouraging them to adopt identity verification standards through the hiring process, and informing human resources staff and hiring managers about the threat. Private-sector companies and employers must enhance their identity verification processes. They should verify the actual identities of their remote workers to prevent unintentionally hiring foreign agents.