On Thursday, August 8, 2024, the United States Department of Justice (“DOJ”) announced that it had charged a Nashville man for his alleged role in assisting the Democratic People’s Republic of Korea (“DPRK” or “North Korea”) with a scheme designed to funnel money from legitimate U.S. based businesses through fraudulently hired remote IT workers. The DOJ warned that, through the use of stolen identities and remote desktop software, North Korean IT workers located throughout China and Russia have continued to circumvent international sanctions and obtain high-paying remote IT jobs for the purpose of raising revenue for the North Korean weapons of mass destruction (“WMD”) program. This most recent case is an example of the global fraud scheme that has raised hundreds of millions of dollars in revenue each year to support the DPRK’s WMD development efforts.
The United States Attorney’s Office for the Middle District of Tennessee charged the Nashville man with one count of conspiracy to cause damage to protected computers, one count of conspiracy to commit money laundering, one count of conspiracy to commit wire fraud, one count of intentional damage to a protected computer, one count of aggravated identity theft, and one count of conspiracy to cause unlawful employment of aliens. If convicted, the Nashville man faces up to 20 years in prison, with a mandatory minimum of two years in prison and potentially over $1 million of restitution payments.
The indictment, which was unsealed on August 8, 2024, alleges that the Nashville man assisted in a scheme to obtain remote IT work for North Korean nationals by using the stolen identity of a U.S. citizen. The indictment further alleged that he ran a “laptop farm” in which he, after gaining employment through the fraudulent alias, would obtain laptops from victim companies, install remote desktop software on those laptops, and then transfer access to North Korean operatives. The indictment alleges that some of these IT workers were paid over $250,000 per year. U.S. Attorney Henry C. Leventis for the Middle District of Tennessee stated “[t]oday’s indictment, charging the defendant with facilitating a complex, multi-year scheme that funneled hundreds of thousands of dollars to foreign actors, is the most recent example of our office’s commitment to protecting the United States’ national security interests.”
This most recent indictment follows on the heels of the DOJ’s actions from October of 2023 and May of 2024, in which the DOJ seized malicious website domains, seized illicit revenue, and arrested several other facilitators involved in the broader IT worker scheme. In May of 2024, the FBI published an updated Internet Crime Complaint Center (“IC3”) advisory which suggests steps to protect businesses from falling victim to the DPRK’s IT worker schemes and provides methods for reporting suspected IT worker fraud.
