FBI Investigates North Korean Scheme Involving Remote IT Workers in the U.S.

FBI Investigation into Remote IT Workers

The FBI Miami Field Office is currently investigating a network of remote freelance IT workers allegedly violating U.S. sanctions. This investigation has revealed a fraudulent scheme involving North Korean nationals who have been posing as remote workers to generate revenue for their government.

These are some of the fake identifications prosecutors say two North Koreans used to get remote IT jobs from U.S. companies. (DOJ Indictment)

Details of the Scheme

According to Bryan Vorndran, the assistant director of the FBI’s cyber division, North Korean agents are fraudulently claiming to be located in the U.S. to earn money which is funneled into funding weapons programs, as noted by Devin DeBacker from the Justice Department’s national security division.

Federal prosecutors have recently unsealed a 27-page indictment accusing five individuals of participating in this scheme:

• Two from North Korea: Jin Sung-Il and Pak Jin-Song
• One from Mexico: Pedro Ernesto Alonso De Los Reyes
• Two from the U.S.: Erick Ntekereze and Emanuel Ashtor

At least 64 U.S. companies, including a cruise line and staffing agencies, have fallen victim to this operation. The North Korean defendants allegedly used fake identifications and laundered their earnings through a Chinese bank account.

Operation of the Laptop Farm

The U.S. defendants, Ntekereze and Ashtor, reportedly received laptops from U.S. companies and installed remote access software. The FBI has raided Ashtor's home in North Carolina, where he is accused of running a “laptop farm”.

Alonso, the Mexican defendant, is believed to have allowed the North Koreans to use his identity. He was arrested in the Netherlands.

Charges Filed

The defendants are facing serious charges, including:

• Conspiracy to cause damage to a protected computer
• Wire fraud and mail fraud
• Money laundering
• Transfer of false identification documents

Additionally, the two North Koreans in China face charges related to violating the International Emergency Economic Powers Act.

The U.S. Treasury had previously warned about this fraudulent scheme, highlighting its connections to forced labor and human trafficking. To report any tips about similar schemes, individuals can visit the FBI's tip page.