Friday, May 17, 2024

Justice Dept makes arrests in North Korean identity theft scheme involving thousands of IT workers

ERIC TUCKER
Thu, May 16, 2024 




 The Justice Department has announced three arrests in a complex stolen identity scheme that officials say generates enormous proceeds for the North Korean government, including for its weapons program. 


WASHINGTON (AP) — The Justice Department on Thursday announced the arrest of three people in a complex stolen identity scheme that officials say generates enormous proceeds for the North Korean government, including for its weapons program.

The scheme involves thousands of North Korean information technology workers who prosecutors say are dispatched by the government to live abroad and who rely on the stolen identities of Americas to obtain remote employment at U.S.-based Fortune 500 companies, jobs that give them access to sensitive corporate data and lucrative paychecks.

Officials say the fraud is a way for heavily sanctioned North Korea, which is cut off from the U.S. financial system, to take advantage of a high-tech labor shortage in the U.S. and the proliferation of remote telework.

“More and more often, compliance programs at American companies and organizations are on the front lines of protecting our national security,” Marshall Miller, the Justice Department's principal associate deputy attorney general, said in an interview. "Corporate compliance and national security are now intertwined like never before.”

The Justice Department says the conspiracy has affected more than 300 companies — including a high-end retail chain and “premier Silicon Valley technology company” — and generated more than $6.8 million in revenue for the workers, who are based outside of the U.S., including in China and Russia.

The three people arrested include an Arizona woman, Cristina Marie Chapman, who prosecutors say facilitated the scheme by helping the workers obtain and validate stolen identities, receiving laptops from U.S. companies who thought they were sending the devices to legitimate employees and helping the workers connect remotely to the company.

The other two defendants include a Ukrainian man, Oleksandr Didenko, who prosecutors say created fake accounts at job search platforms and was arrested in Poland last week, and a Vietnamese national, Minh Phuong Vong, who was arrested Thursday in Maryland on charges of fraudulently obtaining a job at a U.S. company that was actually performed by remote workers who posed as him and were based overseas.

It was not immediately clear if any of the three had lawyers.

Separately, the State Department said it was offering a reward for information about certain North Korean IT workers.

The FBI, which conducted the investigations, issued a public service announcement that warned companies about the scheme, encouraging them to implement identity verification standards through the hiring process and to educate human resources staff and hiring managers about the threat.

A massive remote-work scam fooled 300 US companies into hiring North Koreans, prosecutors say

Joshua Zitser
Fri, May 17, 2024 




An Arizona woman is accused of aiding North Koreans in securing US remote-work jobs.


They gained employment at Fortune 500 companies, including a TV network and a Silicon Valley firm.


Prosecutors say the scheme involved 300+ companies and led to $7 million being sent to North Korea.


An Arizona woman has been accused of aiding North Koreans in securing remote-work jobs in the US and funneling their wages back to North Korea, which is subject to US sanctions, according to federal prosecutors.

The US Attorney's Office for the District of Columbia announced in a press release on Thursday that Christina Marie Chapman, 49, was arrested on Wednesday and charged with nine counts, including conspiracy to defraud the US.

According to prosecutors, the scheme began sometime in 2020 and used the stolen identities of about 60 US citizens.

They said it impacted more than 300 companies and generated more than $6.8 million in revenue, which was sent back to North Korea.

In the charging document, prosecutors allege that Chapman facilitated overseas IT workers posing as Americans using the stolen or borrowed identities of US citizens.

Chapman was first approached in March 2020 by an unknown individual asking her if she wanted to be the "US face" of their company, according to a recently unsealed indictment against Chapman and three North Korean citizens.

According to prosecutors, the scheme saw overseas workers apply for remote jobs at well-known US companies, including Fortune 500 companies.

These included a major television network, a leading Silicon Valley tech company, an aerospace manufacturer, and an American carmaker, the indictment said.

According to the indictment, the workers used IP addresses to make it appear that they were operating from Chapman's house and within the US.

Prosecutors said that Chapman received and forged payroll checks and that the wages of the foreign workers were paid into her bank account.

They added that much of the income, though to be at least $6.8 million, was falsely reported to the IRS and Social Security Administration under the names of US citizens whose identities were stolen or borrowed.

In exchange, prosecutors said in the indictment that Chapman charged the workers monthly fees for her services.

An attorney for Chapman was not listed in court documents.

In a separate criminal complaint, unsealed on Thursday, a Ukrainian man, Oleksandr Didenko, was also accused of operating "laptop farms."

In the press release, Nicole M. Argentieri, head of the Justice Department's Criminal Division, said that these charges should serve as a "wake-up call" for American companies employing remote IT workers.

In 2016, the US passed the North Korea Sanctions and Policy Enhancement Act, which aimed to improve the enforcement of sanctions against North Korea.

It cut North Korea from the US financial system, which led to various schemes to try to circumvent it.

The assistant director of the FBI's Counterintelligence Division, Kevin Vorndran, said in the press release that although the allegations may seem like "typical white-collar" crime, they represent a broader trend.

He described it as a "new high-tech campaign to evade US sanctions, victimize US businesses, and steal US identities."

3 North Koreans infiltrated US companies in 'staggering' alleged telework fraud: DOJ

ALEXANDER MALLIN
Thu, May 16, 2024

The Justice Department on Thursday unsealed an indictment charging three North Korean workers and a United States citizen with allegedly engaging in "staggering fraud" through a complex scheme where they secured illicit work with a number of U.S. companies and government agencies.

The indictment against the North Korean IT workers -- using the aliases Jiho Han, Chunji Jin and Haoran Xu -- alleges the group used fraudulent identities belonging to 60 real Americans to secure telework positions between October 2020 and 2023 that ultimately generated nearly $7 million in profits for the Democratic People's Republic of Korea.

Prosecutors further allege the group was assisted by U.S. national Christina Chapman in their efforts to obtain remote work positions, who they accuse of stationing laptops belonging to U.S. companies at various residences that the North Koreans were then able to access. She also allegedly received paychecks for the group and forged signatures of the intended beneficiaries in order to transfer the funds into her bank, later transferring the funds to the North Koreans while charging them monthly fees for her services, the indictment alleges.

"The conspiracy perpetrated a staggering fraud on a multitude of industries, at the expense of generally unknowing U.S. companies and persons," the indictment read. "It impacted more than 300 U.S. companies, compromised the identities of U.S. persons, caused false information to be conveyed to DHS [Department Of Homeland Security] on more than 100 occasions, created false tax liabilities for more than 35 U.S. persons, and resulted in at least $6.8 million of revenue for the overseas IT workers."

Included among the companies allegedly defrauded in the scheme are a "top-5 national television network and media company, a premier Silicon Valley technology company, an aerospace and defense manufacturer, an iconic American car manufacturer, a high-end retail chain, and one of the most recognizable media and entertainment companies in the world, all of which were Fortune 500 companies," according to the indictment.

The workers also allegedly attempted to gain employment and access to information at two unnamed U.S. government agencies on three different occasions, according to the indictment, though those attempts were identified and thwarted.

The three North Koreans are still at large, according to the DOJ. Chapman was arrested Wednesday in Arizona, according to a release from the Justice Department. She did not immediately have an attorney listed for her.

The State Department announced in a statement Thursday it is offering a reward of up to $5 million for information on the IT workers and the full-scale disruption of their scheme.

3 North Koreans, 1 American accused by DOJ of ‘staggering fraud’ involving Fortune 500 companies

Nick Robertson
Thu, May 16, 2024 

A trio of North Koreans and an American are accused of a “staggering” fraud scheme in a Justice Department indictment unsealed Thursday that accused them of operating a complex operation securing work with multiple major American corporations and government agencies.

The North Korean tech workers, known under the aliases Jiho Han, Chunji Jin and Haoran Xu, are accused of using the stolen identities of 60 Americans to get remote work jobs across the country, with the hope of funneling cash and information back to North Korea.

Taking advantage of remote work, the North Koreans would juggle multiple jobs at a time, with the employers believing their new hire was an American. The work, between October 2020 and last year, garnered about $7 million for the North Korean government.

“The conspiracy perpetrated a staggering fraud on a multitude of industries, at the expense of generally unknowing U.S. companies and persons,” the indictment read. “It impacted more than 300 U.S. companies, compromised the identities of U.S. persons, caused false information to be conveyed to DHS [Department of Homeland Security] on more than 100 occasions, created false tax liabilities for more than 35 U.S. persons, and resulted in at least $6.8 million of revenue for the overseas IT workers.”

The group was allegedly aided by American citizen Christina Chapman, who the Justice Department said worked as an intermediary between the workers and the companies and forged checks to transfer their salaries to North Korea.

The companies that fell victim to the scheme were not specifically named, but included a “top five” television network, a Silicon Valley tech firm, an aerospace manufacturer, an “iconic” American car company, a high-end retail chain and “one of the most recognizable media and entertainment companies in the world, all of which were Fortune 500 companies,” according to the indictment.

The three North Koreans also attempted to use the stolen identities to work for and access information at two unnamed federal agencies, though those attempts were unsuccessful, the indictment said.

The State Department announced a $5 million bounty on Thursday for information leading to the arrest of the North Koreans. Chapman was arrested Wednesday in Arizona.

Chapman was charged with nine felonies, including conspiracy to defraud the U.S.


Arizona woman indicted for role in alleged North Korea scheme: DOJ

Kenneth Wong
Thu, May 16, 2024 

(U.S. Air Force photo by Airman 1st Class Gustavo Castillo/Released)

PHOENIX - Officials with the U.S. Justice Department say they are prosecuting five people, including a woman from Arizona, for their alleged role in a North Korean scheme "to place overseas information technology (IT) workers—posing as U.S. citizens and residents—in remote positions at U.S. companies."

"As alleged in the court documents, DPRK has dispatched thousands of skilled IT workers around the world, who used stolen or borrowed U.S. persons’ identities to pose as domestic workers, infiltrate domestic companies’ networks, and raise revenue for North Korea," a statement released on May 16 reads. DPRK stands for North Korea's official name: Democratic People's Republic of Korea.
Watch FOX 10 Phoenix Live

The Arizonan who is being prosecuted has been identified as 49-year-old Christina Marie Chapman of Litchfield Park. She was arrested on Wednesday. Four other people were also indicted, including 27-year-old Oleksandr Didenko of Kyiv, Ukraine, and three John Does who were identified by their aliases: Jiho Han, Haoran Xu, and Chunji Jin. The three were named as Chapman's co-conspirators.

"Chapman and her co-conspirators’ scheme defrauded U.S. companies across myriad industries, including multiple well-known Fortune 500 companies, U.S. banks, and other financial service providers. The identities of more than 60 U.S. persons were compromised and used by IT workers related to Chapman’s cell," the statement reads. "Chapman also allegedly conspired with the John Doe defendants to commit money laundering by conducting financial transactions under aliases to receive money generated by the scheme and transfer those funds outside of the United States, in an attempt to hide that these were proceeds of the IT workers’ fraud."

Chapman, authorities say, is accused of committing multiple offenses, including various fraud and identity theft-related offenses. If convicted, she faces up to 97.5 years in prison.

No comments:

Post a Comment