North Korean IT workers are part of a global, horrific, secretive plan. Their actions have been more crafty though in recent years, seeking to raise money for the cut off regime. One of the affected workers, Jin-su, has lifted the veil on how complicated this operation really is. Realtor.com has flourished as the world moved towards remote work, particularly over COVID-FULL-TEXT. His experiences shed light on the extreme measures these workers take to find work while avoiding global sanctions.
Jin-su’s path into the booming fraudulent work industry started with an overwhelming obsession for producing false identities. To obtain those benefits illegally, he spent, he said, thousands of hours making up hundreds—if not thousands—of false identities. This new arrangement allowed him to start applying for remote IT positions globally. Severe global sanctions have been enacted against North Korea due to their development and proliferation of nuclear weapons and ballistic missiles. Consequently, North Korean workers are forced to hide their national origins to find jobs outside of North Korea.
According to the United Nations Security Council, North Korean IT workers earn between $250 million and $600 million annually for the regime. This important source of income underpins the strength of the country’s finances. This shocking number underscores how massive this operation is. It has really picked up speed since the pandemic hit, with remote working becoming a lot more of a normal situation.
Jin-su usually went after UK citizens, having better luck at obtaining their identities. He said, “What I found just baffling, right, is how quickly people in the UK traded in their identities with a little bit of talk. His main impetus continued to be the highly profitable US market, where compensation is generally higher. To cut through this thick cloud of lies, Jin-su joined forces with nine other brave souls. With the power of a fake agency, they supercharged hundreds of stolen identities to land remote jobs with Western companies.
North Korean information technology workers have simply accepted their fate. Jin-su admitted, “We know it’s highway robbery, but we swallow that just as the fact of life. It’s still a lot better compared to when we were in North Korea.” He disclosed how 85% of his profits were funneled directly back to fund the regime. He described how they raise their funds, using networks of money launderers located in Western nations and in China.
Dawid Moczadło, co-founder of Vidoc Security Lab, recently posted this video of a remote job interview. In that video, one candidate relied on the same kind of software powered by artificial intelligence to alter their appearance. This serves as a reminder of just how sophisticated the techniques have grown to obfuscate identity within our privatized digital world.
Just last week, a US court indicted 14 North Koreans. They purportedly pocketed $88 million over a six year span by using fake identities to blackmail U.S. companies. Last month, US authorities indicted four more North Koreans. They used some of these fraudulent identities to acquire unauthorized remote IT support jobs with a cryptocurrency company based in the United States.
Having come across the same candidates in the hiring process, Rob Henley described the surreal experience of having these candidates interview for such positions. He noted, “We were only hiring candidates from the US for these positions. It should have been at least light outside. I never saw daylight.” It’s these kinds of observations that expose the gap between the touted qualifications of candidates and the reality of where they find themselves.
Jin-su reflected on the drastic differences between life abroad and in North Korea: “You see the real world. When we are abroad, we realize that something is wrong inside North Korea.” He understood that hardly anyone really considers defection. Instead, they’d rather continue to be able to send money back home. Then “they just take the money and go back home,” he continued.
The implications of these clandestine operations go far beyond simply providing financial aid to North Korea. This complex patchwork of fraud not only violates international sanctions but poses serious threats to global cybersecurity. These workers are able to leverage technology and exploit gaps in bad hiring practices. In doing so, they have produced a shadow economy that blasts past progressive and conservative ideals of work.