Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams

For years, the North Korean authorities has recovered a burgeoning root of sanctions-evading gross by tasking its citizens pinch secretly applying for distant tech jobs successful nan West. A recently revealed takedown cognition by American rule enforcement makes clear conscionable really overmuch of nan infrastructure utilized to propulsion disconnected those schemes has been based successful nan United States—and conscionable really galore Americans' identities were stolen by nan North Korean impersonators to transportation them out.

On Monday, nan Department of Justice announced a sweeping cognition to ace down connected US-based elements of nan North Korean distant IT workers scheme, including indictments against 2 Americans who nan authorities says were progressive successful nan operations—one of whom nan FBI has arrested. Authorities besides searched 29 “laptop farms” crossed 16 states allegedly utilized to person and big nan PCs nan North Korean workers remotely access, and seized astir 200 of those computers arsenic good arsenic 21 web domains and 29 financial accounts that had received nan gross nan cognition generated. The DOJ’s announcement and indictments besides uncover really nan North Koreans didn’t simply create clone IDs to insinuate themselves into Western tech firms, according to authorities, but allegedly stole nan identities of “more than 80 US persons” to impersonate them successful jobs astatine much than a 100 US companies and chimney money to nan Kim regime.

“It's huge,” says Michael Barnhart, an interrogator focused connected North Korean hacking and espionage astatine DTEX, a information patient focused connected insider threats. “Whenever you person a laptop workplace for illustration this, that's nan soft underbelly of these operations. Shutting them down crossed truthful galore states, that's massive.”

In total, nan DOJ says it's identified six Americans it believes were progressive successful a strategy to alteration nan North Korean tech worker impersonators, though only 2 person been named and criminally charged—Kejia Wang and Zhenxing Wang, some based successful New Jersey—and only Zhenxing Wang has been arrested. Prosecutors impeach nan 2 men of helping to bargain nan identities of scores of Americans for nan North Koreans to assume, receiving laptops sent to them by their employers, mounting up distant entree for North Koreans to power those machines from crossed nan world—often enabling that distant entree utilizing a hardware instrumentality called a “keyboard-video-mouse switch” aliases KVM—and creating ammunition companies and slope accounts that allowed nan North Korean authorities to person nan salaries they allegedly earned. The DOJ says nan 2 American men besides worked pinch six named Chinese coconspirators, according to nan charging documents, arsenic good arsenic 2 Taiwanese nationals.

To create nan screen identities for nan North Korean workers, prosecutors opportunity nan 2 Wangs accessed nan individual specifications of much than 700 Americans successful searches of backstage records. But for nan individuals nan North Koreans impersonated, they allegedly went acold further, utilizing scans of nan personality theft victims' drivers' licenses and Social Security cards to alteration nan North Koreans to use for jobs nether their names, according to nan DOJ.

It's not clear from nan charging documents conscionable really those individual documents were allegedly obtained. But DTEX's Barnhart says North Korean impersonation operations typically get Americans' identifying documents from acheronian web cybercriminal forums aliases information leak sites. In fact, he says nan 80-plus stolen identities cited by nan DOJ correspond a mini sample of thousands of US IDs he's seen pulled successful immoderate cases from North Korean hacking operations' infrastructure.