ST. LOUIS (AP) — Thousands of information technology workers contracting with U.S. companies have for years secretly sent millions of dollars of their wages to North Korea for use in its ballistic missile program, FBI and Department of Justice officials said.
The Justice Department said Wednesday that IT workers dispatched and contracted by North Korea to work remotely with companies in St. Louis and elsewhere in the U.S. have been using false identities to get the jobs. The money they earned was funneled to the North Korean weapons program, FBI leaders said at a news conference in St. Louis.
Court documents allege that North Korea’s government dispatched thousands of skilled IT workers to live primarily in China and Russia with the goal of deceiving businesses from the U.S. and elsewhere into hiring them as freelance remote employees. The workers used various techniques to make it look like they were working in the U.S., including paying Americans to use their home Wi-Fi connections, said Jay Greenberg, special agent in charge of the St. Louis FBI office.
Greenberg said any company that hired freelance IT workers “more than likely” hired someone participating in the scheme. An FBI spokeswoman said Thursday that the North Koreans contracted with companies across the U.S. and in some other countries.
“We can tell you that there are thousands of North Korea IT workers that are part of this,” spokeswoman Rebecca Wu said.
Federal authorities announced the seizure of $1.5 million and 17 domain names as part of the investigation, which is ongoing.
FBI officials said the scheme is so prevalent that companies must be extra vigilant in verifying whom they are hiring, including requiring interviewees to at least be seen via video.
“At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities,” Greenberg said in a news release.
The IT workers generated millions of dollars a year in their wages to benefit North Korea’s weapons programs. In some instances, the North Korean workers also infiltrated computer networks and stole information from the companies that hired them, the Justice Department said. They also maintained access for future hacking and extortion schemes, the agency said.
Officials didn’t name the companies that unknowingly hired North Korean workers, say when the practice began, or elaborate on how investigators became aware of it. But federal authorities have been aware of the scheme for some time.
In May 2022, the State Department, Department of the Treasury, and the FBI issued an advisory warning of attempts by North Koreans “to obtain employment while posing as non-North Korean nationals.” The advisory noted that in recent years, the regime of Kim Jong Un “has placed increased focus on education and training” in IT-related subjects.
John Hultquist, the head of threat intelligence at the cybersecurity firm Mandiant, said North Korea’s use of IT freelancers to help fund the weapons program has been in play for more than a decade, but the effort got a boost from the COVID-19 pandemic.
“I think the post-COVID world has created a lot more opportunity for them because freelancing and remote hiring are a far more natural part of the business than they were in the past,” Hultquist said.
North Korea also uses workers in other fields to funnel money back for the weapons program, Hultquist said, but higher pay for tech workers provides a more lucrative resource.
Tensions on the Korean Peninsula are high as North Korea has test-fired more than 100 missiles since the start of 2022 and the U.S. has expanded its military exercises with its Asian allies, in tit-for-tat responses.
The Justice Department in recent years has sought to expose and disrupt a broad variety of criminal schemes aimed at bolstering the North Korean regime, including its nuclear weapons program.
In 2016, for instance, four Chinese nationals and a trading company were charged in the U.S. with using front companies to evade sanctions targeting North Korea’s nuclear weapons and ballistics initiatives.
Two years ago, the Justice Department charged three North Korean computer programmers and members of the government’s military intelligence agency in a broad range of global hacks that officials say were carried out at the behest of the regime. Law enforcement officials said at the time that the prosecution highlighted the profit-driven motive behind North Korea’s criminal hacking, a contrast from other adversarial nations like Russia, China and Iran that are generally more interested in espionage, intellectual property theft or even disrupting democracy.
In September, North Korean leader Kim Jong Un called for an exponential increase in production of nuclear weapons and for his country to play a larger role in a coalition of nations confronting the United States in a “new Cold War,” state media said.
In February, United Nations experts said that North Korean hackers working for the government stole record-breaking virtual assets last year estimated to be worth between $630 million and more than $1 billion. The panel of experts said in a report that the hackers used increasingly sophisticated techniques to gain access to digital networks involved in cyberfinance, and to steal information that could be useful in North Korea’s nuclear and ballistic missile programs from governments, individuals and companies.
Eric Tucker in Washington, D.C, contributed to this report.
Cenodoxus on October 19th, 2023 at 22:38 UTC »
NK has very limited sources of hard currency, and unfortunately, when you need a lot of money in a hurry, most of the ways to get it aren't so nice. They've previously engaged in:
Counterfeiting: The U.S. Secret Service has chased NK's "supernotes" all over the world. NK also started counterfeiting euros at some point, but I'm not familiar with whatever efforts the EU has made to stop this. Drugs: Part of China's meth problem (at least in the northeastern provinces) is directly owed to NK. The Kim regime once had a fairly robust network of government-sponsored methamphetamine labs, but official support declined badly in periods of economic malaise, and a lot of the scientists struck out on their own. China became the most accessible and lucrative market, and gangs got into the distribution network. Chinese police weren't happy about this. I believe this unhappiness was communicated at much higher levels. Weapons sales: Though not, as most people fear, the really ugly stuff. NK is self-policing to a degree, because if they get caught selling something truly horrifying to an unhinged group or whatever, the major players in East Asia may finally decide that the regime is too dangerous to be left alone. Interestingly, defectors and people who have contacts within NK's factories say that NK is mostly offloading its older stuff now in favor of replenishing its own stocks with newer weapons. Rebel and terrorist groups are the traditional buyers, not nation-states, though Russia marks an unfortunate break with that trend. The single rail link between Russia and NK is probably one of the most heavily-watched border crossings on the planet right now. Phishing/ransomware: North Korea is behind a significant percentage of these attacks. What surprises me most about today's news isn't that they're training IT workers; it's that sending out a fleet of IT workers to take legitimate jobs and then send money home is almost wholesome by their standards. (And yeah, it looks like a lot of these workers stole information and compromised systems, but being surprised that NK did that is like being surprised that your elderly chihuahua pissed on the sofa. One wearily comes to expect it.)I'm not convinced that the dollars sent home to NK all went to the weapons programs. Most of NK's hard-currency schemes took a hit over the last two decades (the Secret Service tracked down the source of the presses NK was using, and the meth program became a serious point of friction between China and NK), and one woeful consistency about this regime is that it always pays itself first. Secondarily, it will bribe the political elite to maintain support and control. While Kim Jong-un has emphasized the country's nuclear program, it is definitely a tertiary priority. A lot of money has gone to it, though perhaps not so much as feared.
However, I can well believe that the ransomware attacks, remittances from IT workers, and -- now -- Russian arms deal has left NK enjoying deeper pockets than it normally possesses. That, too, may be behind NK's return to belligerence.
The Korean peninsula worries me a lot less than other regions of the world right now, but this is not a welcome development.
Viper_Red on October 19th, 2023 at 20:18 UTC »
Yeah North Korea’s been doing this for a while. They went over this in the excellent Lazarus Heist podcast. It’s one of the few sources of funds for North Korea
D-R-AZ on October 19th, 2023 at 18:37 UTC »
Lead Paragraphs:
ST. LOUIS (AP) — Thousands of information technology workers contracting with U.S. companies have for years secretly sent millions of dollars of their wages to North Korea for use in its ballistic missile program, FBI and Department of Justice officials said.
The Justice Department said Wednesday that IT workers dispatched and contracted by North Korea to work remotely with companies in St. Louis and elsewhere in the U.S. have been using false identities to get the jobs. The money they earned was funneled to the North Korean weapons program, FBI leaders said at a news conference in St. Louis.
Federal authorities announced the seizure of $1.5 million and 17 domain names as part of the investigation, which is ongoing.