WASHINGTON — The Justice Department announced Thursday multiple arrests in a series of complex stolen identity theft cases that officials say are part of a wide-ranging scheme that generates enormous proceeds for the North Korean government, including for its weapons program.
The conspiracy involves thousands of North Korean information technology workers who prosecutors say are dispatched by the government to live abroad and who rely on the stolen identities of Americas to obtain remote employment at U.S.-based Fortune 500 companies, jobs that give them access to sensitive corporate data and lucrative paychecks. The companies did not realize the workers were overseas.
The fraud scheme is a way for heavily sanctioned North Korea, which is cut off from the U.S. financial system, to take advantage of a “toxic brew” of converging factors, including a high-tech labor shortage in the U.S. and the proliferation of remote telework, Marshall Miller, the Justice Department's principal associate deputy attorney general, said in an interview.
The Justice Department says the cases are part of a broader strategy to not only prosecute individuals who enable the fraud but also to build partnerships with other countries and to warn private-sector companies of the need to be vigilant — and not duped — about the actual identities of the people they're hiring.
FBI and Justice Department officials launched an initiative in March centered on the fraud scheme and last year announced the seizure of more than a dozen website domains used by North Korean IT workers.
“More and more often, compliance programs at American companies and organizations are on the front lines of protecting our national security,” Miller said. "Corporate compliance and national security are now intertwined like never before.”
The Justice Department said in court documents in one case that more than 300 companies — including a high-end retail chain and a “premier Silicon Valley technology company” — have been affected and that more than $6.8 million in revenue has been generated for the workers, who are based outside of the U.S., including in China and Russia.
Those arrested include an Arizona woman, Christina Marie Chapman, who prosecutors say facilitated the scheme by helping the workers obtain and validate stolen identities, receiving and hosting laptops from U.S. companies who thought they were sending the devices to legitimate employees and helping the workers connect remotely to companies.
According to the indictment, Chapman ran more than one “laptop farm” where U.S. companies sent computers and paychecks to IT workers they did not realize were overseas.
At Chapman’s laptop farms, she allegedly connected overseas IT workers who logged in remotely to company networks so it appeared the logins were coming from the United States. She also is alleged to have received paychecks for the overseas IT workers at her home, forging the beneficiaries’ signatures for transfer abroad and enriching herself by charging monthly fees.
Other defendants include a Ukrainian man, Oleksandr Didenko, who prosecutors say created fake accounts at job search platforms that he then sold to overseas workers who went on to apply for jobs at U.S. companies. He was was arrested in Poland last week, and the Justice Department said it had seized his company's online domain.
A Vietnamese national, Minh Phuong Vong, was arrested in Maryland on charges of fraudulently obtaining a job at a U.S. company that was actually performed by remote workers who posed as him and were based overseas.
It was not immediately clear if any of the three had lawyers.
Separately, the State Department said it was offering a reward for information about certain North Korean IT workers who officials say were assisted by Chapman.
And the FBI, which conducted the investigations, issued a public service announcement that warned companies about the scheme, encouraging them to implement identity verification standards through the hiring process and to educate human resources staff and hiring managers about the threat.