Some citizens of North Korea sent about 88 million or 88 million dollars to the country through fraud in the last 6 years. They impersonate themselves as IT workers and take jobs in various companies in the United States and earn this money while sitting in North Korea. However, the United States Department of Justice (DOJ) has identified the principals involved in this fraud.
The scam involved North Korean technicians concealing their identities and locations to obtain remote jobs. They would then bring the ill-gotten gains to North Korea. They used data access privileges as operatives to steal confidential information such as proprietary source code from companies in the United States. Later, they extort money from employers by threatening to leak information.
Even information security companies have fallen prey to this scam. This type of fraud has become so common that the FBI has published guidelines for avoiding it.
The US government has identified two organizations as employers of these fake workers. At the same time the names of 14 persons who were involved in this fraud have also been revealed.
But these institutions are not North Korean. Yanbian Silverstar and Volasys Silverstar, two companies based in Russia and China, employed these workers.
The fraud netted $88 million over the past six years, the DOJ said. However, this does not include money demanded by threats.
In addition, the scam targeted 6 US companies and 2 non-profit organizations. The 130 employees involved in the fraud are known as 'IT warriors'. Their goal was to earn $10,000 per month. If they achieve this goal, they are given a bonus, reward or opportunity for promotion. But if the 130 workers had actually worked for 6 years, their average income would have been $93.6 million.
In addition, there was a multi-level management structure behind this plan. These fraudsters had some helpers. They bought fake workers' laptops and installed software that made it look like North Korean workers were not in their home country. In addition, they also created some fake websites to pose as IT staffing companies. These bogus companies included – Eden Programming Solutions, Purpelis Tech, Culture Box, Next Nets, Illusion Software, Baby Box Tech, Cubix Tech and Helix.
Google's information security division says the number of extortion threats against North Korean IT workers has increased in recent months.
In addition, the US State Department has announced a $5 million reward for information leading to the destruction of the financial structure of this fraud ring. FBI released photos of 14 accused. But they remain in North Korea and are unlikely to participate in the legal process in the United States.
Meanwhile, FBI Special Agent Ashley T. Johnson said, 'While we have identified the leadership of this group, this is only the beginning. The North Korean government is training thousands of IT personnel to carry out similar fraud against US companies every day.
References: The Register
