Arizona woman, 3 North Koreans charged in 'staggering' fraud scheme that raised nearly $7M-InfoExpress
An Arizona woman and three shadowy North Korean information technology workers are accused of securing illicit work with hundreds of U.S. companies as part of an alleged "staggering fraud" scheme to earn revenue for North Korea's weapons programs, federal prosecutors announced Thursday.
The three North Korean workers were remotely working overseas and federal prosecutors say their exact locations are unknown. Similar schemes in the past have seen North Korean workers attempt to gain remote employment through American companies as a way to evade U.S. sanctions imposed on North Korea; the point of the scheme is for the rogue nation's agents to get lucrative U.S. employment and send the money they earn to Pyongyang.
The latest scheme involved using identities of 60 Americans and impacted more than 300 U.S. companies, including numerous well-known Fortune 500 companies, banks and other financial service providers, according to an indictment unsealed by the Department of Justice. The companies are not named.
The indictment alleges that the three workers — using aliases Jiho Han, Chunji Jin, and Haoran Xu — used the false identities to get hired for remote work, which generated at least $6.8 million for North Korea. The three workers are each charged with money laundering and U.S. authorities are trying to find them.
The group was also allegedly assisted by Christina Chapman, 49, of Litchfield Park, Arizona, who prosecutors accused of running a "laptop farm" from her home, where she hosted multiple computers for overseas IT workers so it appeared that the computers were located in the United States.
Chapman was arrested Wednesday and was charged with nine counts, including conspiracy to defraud the United States, prosecutors said. She faces a maximum penalty of over 97 years in prison.
The State Department said in a statement Thursday that it is offering a reward of up to $5 million for information about the three North Korean IT workers that leads to the disruption of the scheme. The workers were under the direction of a manager, identified only in court papers as "Zhonghua."
Thursday's announcement comes almost a year after the Department of the Treasury sanctioned four entities involved in illicit cyber and IT worker operations that helped fund North Korea's "unlawful weapons of mass destruction and ballistic missile programs."
At the time, the department said North Korea employed thousands of "highly skilled" IT workers around the world and in some cases, earned more than $300,000 per year to "deliberately obfuscate their identities, locations, and nationalities" by using proxy accounts, stolen identities, and falsified or forged documentation to apply for jobs.
Several federal agencies issued an advisory in 2022, warning that North Korean IT workers will generally obtain employment while posing as other nationalities and can work in a wide range of IT development work, including gaming, IT support and application programs.
'Staring down little tyrants':Kristi Noem's book includes false anecdote about Kim Jong Un
IT workers employed at major U.S. companies
According to the indictment, IT workers who were associated with Chapman posed as U.S. citizens by using stolen, false, or borrowed identities of other Americans and applied for remote jobs. Many of the workers were also linked to North Korea.
"The overseas IT workers gained employment at U.S. companies, including at a top-five major television network, a Silicon Valley technology company, an aerospace manufacturer, an American car manufacturer, a luxury retail store, and a U.S.-hallmark media and entertainment company, all of which were Fortune 500 companies," prosecutors said.
The workers attempted to gain employment at two different government agencies but were "generally unsuccessful," according to prosecutors.
In addition to running a laptop farm, prosecutors accused Chapman of receiving and forging payroll checks. She also received direct deposits of the workers’ wages from U.S. companies.
Ukrainian accused of operating 'laptop farms'
In a separate criminal complaint unsealed Thursday, federal prosecutors charged a Ukrainian man identified as 27-year-old Oleksandr Didenko. Prosecutors accused Didenko of operating at least three U.S.-based laptop farms that at one point hosted about 79 computers in California, Tennessee and Virginia.
Didenko engaged in a "years-long scheme" creating fake accounts at IT job search platforms and money service transmitters in the United States, according to the complaint. Prosecutors alleged that Didenko sold those accounts to overseas IT workers, some of whom he believed were North Korean.
The workers would then use the false identities to apply for remote jobs, the complaint added. Further evidence revealed that workers linked with Didenko were also working with Chapman.
"One of Didenko’s overseas IT worker customers also requested that a laptop be sent from one of Didenko’s U.S. laptop farms to Chapman’s laptop farm, showing the interconnectivity of these cells within the (North Korean) overseas IT worker network," prosecutors said.
Didenko was arrested on May 7 in Poland and the U.S. officials are seeking his extradition, according to prosecutors.