US Government Takes Down Major North Korean 'Remote IT Workers' Operation

An anonymous reader quotes a report from TechCrunch: The U.S. Department of Justice announced on Monday that it had taken several enforcement actions against North Korea's money-making operations, which rely on undercover remote IT workers inside American tech companies to raise funds for the regime's nuclear weapons program, as well as to steal data and cryptocurrency. As part of the DOJ's multi-state effort, the government announced the arrest and indictment of U.S. national Zhenxing "Danny" Wang, who allegedly ran a years-long fraud scheme from New Jersey to sneak remote North Korean IT workers inside U.S. tech companies. According to the indictment, the scheme generated more than $5 million in revenue for the North Korean regime. [...]

From 2021 until 2024, the co-conspirators allegedly impersonated more than 80 U.S. individuals to get remote jobs at more than 100 American companies, causing $3 million in damages due to legal fees, data breach remediation efforts, and more. The group is said to have run laptop farms inside the United States, which the North Korean IT workers could essentially use as proxies to hide their provenance, according to the DOJ. At times, they used hardware devices known as keyboard-video-mouse (KVM) switches, which allow one person to control multiple computers from a single keyboard and mouse. The group allegedly also ran shell companies inside the U.S. to make it seem like the North Korean IT workers were affiliated with legitimate local companies, and to receive money that would then be transferred abroad, the DOJ said.

The fraudulent scheme allegedly also involved the North Korean workers stealing sensitive data, such as source code, from the companies they were working for, such as from an unnamed California-based defense contractor "that develops artificial intelligence-powered equipment and technologies."

Here's a question

[CEC-P]

Why the fuck do we allow them to have an internet connection? Cut the fiber connections a couple meters outside their borders. Is it really China providing them all the inter-connectivity? I bet someone could pressure them to cut them off, seeing as how China relies on the rest of the world for their economy as well.

Re: Here's a question

[garompeta]

You are missing the main fact: North Korea doesn't have internet already. It is self-imposed. It is not just "censored" internet like in China. It is no internet connectivity at all. Only their privileged citizens have access to a nationwide intranet, with curated national sites that looks like it is from the 90s or if you want to watch a soprano singing the national anthem, that type of stuff. But no internet at all.

Re:

[sentiblue]

Who's "we"? You mean USA? What makes you think any country has the right to "allow" any other country to have internet?

Re:

[rocket rancher]

Who's "we"? You mean USA? What makes you think any country has the right to "allow" any other country to have internet?

C’mon. You’re not that naive. The internet isn’t some neutral, open commons—it’s contested terrain. Just because it’s made of fiber and protocol stacks instead of dirt and concrete doesn’t mean it’s exempt from geopolitical reality. If war is politics by other means, cyberspace is now one of those means.

Every nation reserves the right to deny adversaries access to strategic resources—and in a digital war, that includes bandwidth and routing. If the U.S.

Re:

[drinkypoo]

Why the fuck do we allow them to have an internet connection?

Who's "we", the USA? Or do you imagine that all nations which aren't China are on the same page when it comes to... anything?

Re: Here's a question

[garompeta]

What an ignorant comment. I hope you are a clueless teenager without any knowledge about history and the state of affairs about North Korea, because if you are an adult it is serious... It means you must be American lol Well, joking aside, let me tell you: North Korea doesn't have internet, period. NOBODY in the hermit state (why do you think it is called "hermit"?) can access the internet, with the exception of *very few* ultra elites (and even them don't have freedom to browse anything they like, their proxies block almost everything.) So what you propose, cutting all access to internet to the whole country, it is something they have been already doing it for themselves to avoid any kind of western influence to NK citizens. Their main worry are that their citizens would learn that other countries actually have a better standard of living that NK or get their heads contaminated with dangerous ideas such as "freedoms" or "democracies", which could sparkle discontent and ultimately a revolution. BTW these cyberwarfare operations are not done from North Korea, but from China. Not with an network connection to China, but geographically from China. The best CS graduates from the university are shipped to a specific hotel in China which functions as the base of training and operations for the North Korea intelligence unit, training NK graduates to become hackers with the assistance of seasoned Chinese hackers. That specific hotel is the base of operations for all the hacking, ransomware, cryptocurrency heists, and these IT workers fraud, etc... These "remote IT jobs" aren't from individuals in North Korea trying to get a freelance job, these are all intelligence officers trying to have a two pronged objective: siphon out money and gather information of targets as an insider. So what's gonna be your next genius idea? Cutting the internet to China? Haha

Posting anonymously for obvious reasons

[Anonymous Coward]

Korea, because if you are an adult it is serious... It means you must be American lol Well, joking aside, let me tell you: North Korea doesn't have internet, period. NOBODY in the hermit state (why do you think it is called "hermit"?) can access the internet, with the exception of *very few* ultra elites

Internet and cell phones aren't ultra ultra ultra elite like you say. I'd say more run of the mill elites. I knew a guy who had a cell phone that he used in north korea with some regularity. It is very filtered and monitored and if you fuck around you might find security snatching your phone and smashing it in front of you within an hour of sending an offensive joke.

Fun story. Guy drove in with a trunk full of burgers for his friends. He was stopped and security ate most of his burgers, which they did

Re:

[sabbede]

We can't prevent it. They're next to China and Russia, either of whom would happily allow cables over the border just to annoy the West.

Re:

[rocket rancher]

We can't prevent it. They're next to China and Russia, either of whom would happily allow cables over the border just to annoy the West.

Not quite. A border and a cable don’t buy you the internet. The global net runs on routing trust — and trust can be revoked. If Tier 1 providers drop your routes, or upstreams filter your announcements, you're not “online.” You’re isolated. Yes, Russia or China could route North Korean traffic through their own autonomous systems and make it look like it's coming from within their borders. This is functionally how a lot of North Korean cyber ops already work — they laun

Re:

[rickb928]

Air gapping North Korea is an absolute data security solution. Unless you permit travel from North Korea, and that breaks the gap - people will transport the threats. Or these travelling agents recruit others to work on their behalf. Or an ally grants them clandestine access.

Aw, crap, there is no prevention. So we treat their threat like we would the cDc... annoying little snots they were. You have to lock your windows , bar the doors, and electrify the fences. And after all that, muzzle flash. And some wil

Re:

[Anonymous Coward]

I was more amused by the "generated more than $5 million in revenue" mic drop.

I guess it's a lot for them, but running a national operation for years and getting together $5M in pocket change makes the big boy countries all Laughs In Corporatocracy.

oh noes

[jjaa]

Unspecifed AI defense contractor didn't see that coming

Security clearance?

[fluffernutter]

It seems that requiring security clearances to do those jobs would be a more efficient way to solve that problem.

Not just ND jobs

[abulafia]

I work for a large financial firm. I'm sure we have some government contracts somewhere in the company, we're huge. But we're definitely not national defense, the large majority of our businesses are consumer-facing.

And we interviewed one of these.

A few little things made us think the application was weird. Then during the interview, they claimed to be from a smallish place in New Jersey. One of our people grew up close to there and asked some questions about local things. They had no idea and covered po

Re: Not just ND jobs

[fluffernutter]

What does that have to do with security clearance? Can you not apply for it through the US government? Here in Canada we fill out a form and get fingerprinted and a couple weeks later it's done. Almost every healthcare or insurance account requires it.

Re:

[abulafia]

... I guess in the age of LLMs the horse has to be fed water from a bottle.

The point is that SF86s only apply to a subset of the jobs these folks are applying for.

Therefor demanding clearances does not solve the problem unless you demand clearances for jobs that have absolutely nothing to do with natsec.

Which will never happen, because (a) it would be a ridiculously stupid waste of time, money and effort to screen people for risks that have nothing to do with the job to be done, (b) and even if folks

Re: Not just ND jobs

[fluffernutter]

Ok well good luck knowing who is working for you without screening anyone. Just saying it works elsewhere in the world that's all.

Re:

[abulafia]

What countries require clearances for jobs that have nothing to do with the government?

Re:

[fluffernutter]

Any company can request federal clearance for employees here. They pay a fee and the employees get screened and cleared.

Re:

[abulafia]

Of course that's not an answer. Keep bullshitting.

How does this even work?

[sentiblue]

In order to work, a verified identity has to be confirmed. Even if it's a remote job, the candidate has to either be notarized or show their ID in person. How did these companies employ ghosts and not even know? What's more? How did work get done after they got hired? How did they attend onboarding orientation, get training, onboarded, credentials?

Re:

[iAmWaySmarterThanYou]

Verified ID? You think the I9 system actually does anything? You know there are SSNs in the IRS system being used by multiple people and no one does anything about it? You think a nation-state, even a horrible little dump like NK can't get something notarized? And who checks if the notary stamp is valid, anyway? The world is not this smoothly oiled machine where everything happens as required and specified. The real world is sloppy dirty and every corner possible is cut at every opportunity.

As far as

Re:

[rickb928]

Mod up. The I-9 process is flawed. When the SSA finally obtains sufficient IT resources to do cursory grooming of the member database we can expect them to figure out where the abuses are, and at least dela with the obvious and copious. But our government seems to be incapable of managing its IT resources to even a marginally successful level, unless it's for the acquisition of revenue. And that's the lesson. They will damn sure make sure they get paid. Reducing fraud? Only for headlines. Even just hamperin

Re:How does this even work?

[FictionPimp]

I've been working remote for well over a decade. I've had jobs where there wasn't even a physical office. We just did a zoom and showed them our identification. Onboarding, orientation, training, etc. That is all done remote.

Even when I worked for a large cloud provider I was onboarded remotely. The time I worked for one of the big 3 insurance companies I had to drive to an office to present ID, but then everything thing else was remote. In my current role at a very large private equity firm I was onboarded completely remotely and they didnt' even meet me in person until about 6 months in when I attented a corporate event.

It's very possible today to get a job and never meet a single co-worker in person. My sister works in a CS role for a company based 3 or 4 states away and has never been to that office or met a single person in real life. In fact this year she even turned down the team building event to Vegas so it will be another year without seeing a living human in person.

Re:

[drinkypoo]

"From 2021 until 2024, the co-conspirators allegedly impersonated more than 80 U.S. individuals"

It's called identity theft. Are you new?

I've had my identity stolen, the problem is that courts don't punish corruption. In fact, they enable it.

Someone bought a car using my identity. Their proof of identity was my social written on a check cashing card. They had my same name, all three names. But the DOB didn't match so the person who sold them the car was in on the scam. Then a court (in Nevada City, CA) award

Re:

[dgatwood]

That's where you get a libel judgement in the court where you live against both the company that got the first judgment and the credit agency that approved it. Clearly, someone who does not even know your correct birthdate is not you, and any credit agency involved clearly must have conspired in that fraud, so the preponderance of evidence is clearly in your favor. Thus, absent something you're not telling us, such as video footage of you providing a false birthdate, it should be trivial for you to get a

Re: How does this even work?

[drinkypoo]

I don't have the time to go to another county far away from me for that, nor the lawyer money. Welcome to America.

Re:

[dgatwood]

In general, the court you file in can be either the court where one of the two parties is or the court where the event occurred. As the weaker party and the plaintiff, it would take serious legal finagling for the choice of venue to not be yours. So you could file in your own local court.

Re:

[dgatwood]

Also, a lot of lawyers will work on contingency.

Re:

[Zontar_Thing_From_Ve]

Many companies really only care about how much a worker costs. EVERYTHING else, and I really mane EVERYTHING, is unimportant other than making sure that the person seems to be legally allowed to work in the USA or for a US company. My best friend works for a privately held IT company that only does business in one specific US industry. They have no desire to do business in other countries or other industries. He told me that his company stopped hiring people in India because they were "too expensive

Re:

[Compaq Disk Rereader]

Because they hire other companies to do this shit. They all talk up their services but in reality, they do the minimum required to fulfill their contract.

Because ICE doesn't go after employers

[rsilvergun]

It goes after individuals. The cops aren't there to protect you they are there to protect capital and business. They're there to make sure the economy moves smoothly for the people at the top.

Companies just want cheap labor and they could care less how they get it. So companies are happy to hire North Koreans and then act like they are victims when they get caught.

We could of course easily fix this by forcing verification but fat chance in hell that's going to happen.

In the meantime the supreme C

subcontractors? the workers are rostered as 1099er

[Joe_Dragon]

subcontractors? the workers are rostered as 1099er.
and some outsourcing firm is just takeing it's cut while doing the minimum level of checks.

Whose resumes did they use?

[sabbede]

I'm sure I'm not the only one curious to know if their resume was hijacked by one of these jerks to get a remote job. Is there a way we can find out? Does the DoJ notify people?

Re:

[PPH]

Does the DoJ notify people?

Notify who? The people whose resumes have been borrowed? What are they going to do?

Notify the prospective employers? Maybe. But FBIs counterintelligence unit doesn't typically operate to build court cases. Most of the evidence they accumulate is inadmissible due to the methods of collection. They are more interested in watching foreign ops.

This is nothing

[megamind]

I've personally interviewed on behalf of chinese nationals to get them hired at american companies. A new "get offers instantly" kind of interviewing scheme. Maybe the government should do something useful for once like banning applicant tracking systems from being used by HR to automatically reject people.

Ask about locales

[bill_mcgonigle]

"Oh, you're in Dallas, what part? That's very interesting. I'll be there next month - what's a good restaurant there that you like? I always like to ask locals where to eat when I'm visiting get the real scoop."

The North Koreans get tripped up and stammer something irrelevant. Buh-bye, stop wasting our time.

The Feds took down one instance of the racket. It's like busting Epstein and Diddy but not the other twelve.

Re:

[Tony Isaac]

You'd better be prepared to follow through, they just might call your bluff!

Re:

[EvilSS]

Can't wait for them to start using services like Cluely [youtu.be] that can just feed them answers in real time during the interview.

Require Notarized Documents

[laughingskeptic]

At very little inconvenience to anyone, hiring companies could require documents of remote workers to come to them via a Notary Public. At least then you know a human presented documents to another human. The states do not publish the public keys of their Notaries, so you have to look at the cert and then lookup the person in the given state's website to verify that the Notary is real. But this seems like a small effort to mitigate a big problem.

Re:

[EvilSS]

"So Mr. American in addition to hosting these laptops, we are also going to need you to become a Notary. " In most states it's stupid easy to become a notary public and takes maybe a month or two.

Re:

[laughingskeptic]

Part of that "stupid easy" process is sitting through lame required training videos that tells the notary how many years in jail they face for performing fraudulent actions as a notary. This raises the moron level North Korea has to recruit -- The dumber their collaborators, the more likely they are to get caught. In addition, it becomes easier to forensically investigate the fraudulent notary, after all they registered themselves with the state and had a stamp mailed to an address. Just because the notar