Source: https://www.justice.gov/opa/pr/justice-department-disrupts-north-korean-remote-it-worker-fraud-schemes-through-charges-and
A Nashville resident was charged on August 8 for allegedly facilitating revenue generation for North Korea’s (DPRK) illegal weapons program, including weapons of mass destruction. The indictment, announced by the U.S. Attorney’s Office for the Middle District of Tennessee, accuses the individual of operating a “laptop farm” from their home, where they hosted computers that gave the appearance of remote work being conducted in the U.S.
Court documents reveal that the accused was involved in a scheme to secure remote jobs with American and British firms for North Korean IT workers posing as U.S. citizens. They are accused of using stolen identities to create false employment profiles, managing company laptops at their home, and installing unauthorized software to facilitate this deception. The individual also allegedly laundered payments for this remote work, with funds directed to accounts linked to North Korean and Chinese entities.
U.S. Attorney Henry C. Leventis of the Middle District of Tennessee stated, “North Korea has deployed numerous skilled IT workers worldwide to deceive businesses and bypass international sanctions to fund its perilous weapons program. This indictment highlights our office’s ongoing commitment to safeguarding national security by addressing complex schemes that have funneled substantial sums of money to foreign operatives.”
This indictment follows a similar case from May, where two individuals faced charges for allegedly aiding North Korean IT workers in securing remote jobs with over 300 U.S. companies using fake identities.
Assistant Attorney General Matthew G. Olsen of the National Security Division noted, “This indictment serves as a serious warning to U.S. businesses employing remote IT workers about the increasing threat from North Korea and the necessity of rigorous hiring procedures.”
Documents indicate that the accused managed the “laptop farm” from July 2022 to August 2023. During this period, laptops sent to the addresses under the alias “Andrew M.” were tampered with. The accused allegedly accessed these laptops without authorization, installed remote desktop software, and damaged the companies’ networks. This software allowed North Korean IT workers to operate from China while appearing to work from the Nashville residences. The individual reportedly received a monthly fee from a foreign facilitator named Yang Di. A search of the laptop farm was conducted in early August 2023.
The North Korean IT workers connected to this operation reportedly earned over $250,000 each during the scheme’s duration.
The accused faces multiple charges, including conspiracy to damage protected computers, money laundering, wire fraud, intentional computer damage, aggravated identity theft, and conspiracy to illegally employ aliens. If convicted, they could face up to 20 years in prison, with a mandatory minimum sentence of two years for the aggravated identity theft charge.
In response to this case, the FBI issued updated guidelines in May regarding the North Korean IT worker threat, outlining indicators consistent with such fraud schemes and the operation of U.S.-based laptop farms.
An indictment is a formal accusation, and all defendants are presumed innocent until proven guilty in a court of law.