The Justice Department has unsealed charges, seizures, and other court-authorized actions aimed at disrupting the illicit revenue generation efforts of the Democratic People’s Republic of Korea (DPRK or North Korea). The charges include prosecutions of an Arizona woman, a Ukrainian man, and three unidentified foreign nationals who allegedly participated in schemes to place overseas information technology (IT) workers—posing as U.S. citizens and residents—in remote positions at U.S. companies.
According to court documents, DPRK has dispatched thousands of skilled IT workers worldwide who used stolen or borrowed U.S. persons’ identities to pose as domestic workers, infiltrate domestic companies’ networks, and raise revenue for North Korea. The schemes involved defrauding over 300 U.S. companies using U.S. payment platforms and online job site accounts, proxy computers located in the United States, and witting and unwitting U.S. persons and entities.
Two criminal prosecutions were brought by the U.S. Attorney’s Office for the District of Columbia in partnership with the Computer Crime and Intellectual Property Section of the Justice Department’s Criminal Division. As part of these prosecutions, two defendants have been arrested, related seizures have been executed in Washington D.C., among other jurisdictions.
Principal Deputy Assistant Attorney General Nicole M. Argentieri stated that these crimes benefited the North Korean government by providing it with a revenue stream and sometimes proprietary information stolen by co-conspirators.
Ukrainian national Oleksandr Didenko was charged with creating fake accounts at U.S. IT job search platforms and with U.S.-based money service transmitters as part of a separate years-long scheme.
In addition to this, the FBI executed search warrants for US-based "laptop farms," residences hosting multiple laptops for overseas IT workers who remotely accessed those laptops through various software applications.
Concurrent with these announcements, the U.S. Department of State announced a reward of up to $5 million for information related to co-conspirators of the accused U.S. citizen Christina Marie Chapman.
Chapman and her co-conspirators allegedly compromised more than 60 identities of U.S. persons, impacted over 300 U.S. companies, and resulted in at least $6.8 million of revenue being generated for the overseas IT workers.
The FBI Phoenix Field Office and IRS-CI Phoenix Field Office are investigating this case, with assistance from the FBI Chicago Field Office.
According to a criminal complaint, Didenko allegedly engaged in a multi-year scheme to create accounts at U.S.-based freelance IT job search platforms and with U.S. money service transmitters in the names of false identities, including identities of U.S. persons, and sold these accounts to overseas IT workers.
The FBI New York Field Office is investigating this case. The FBI Norfolk and San Diego Field Offices and the Jefferson City, Tennessee, Resident Agency provided assistance in executing search warrants.