Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
The plot has thickened on this week’s episode of, Is your remote IT worker secretly trying to defraud you?
Last week, a federal court in St. Louis, Missouri, indicted 14 North Korean nationals who it claims were part of a six-year fake IT worker scheme that generated at least $88 million in illicit revenue.
Operation F.A.K.E. According to the indictment, the scam is estimated to have taken place between April 2017 and March 2023. During this period, the named defendants were said to have sought out remote IT work with the assistance of stolen, borrowed, and purchased identities. To better deceive the businesses they applied to, the group allegedly embellished their résumés with roles at fake US-based companies, which had sham websites that were purchased and designed by the schemers to accompany them.
When successfully securing interviews, the defendants on some occasions sought the help of US-based workers to aid their ruse by making them sit in their place for the scheduled meeting and guiding them through the process. The indictment further claims that the group also tapped Americans to receive work laptops from the US businesses they were employed by to create the “false appearance” that they were working in the country. Once employed, the accused group extorted payments from some of their employers by threatening to expose sensitive information.
The conspirators in the case are said to be associated with two North Korean-controlled companies: China-based Yanbian Silverstar and Russia-based Volasys Silverstar. The two companies, which employed at least 130 North Korean IT workers, were said to engage in internal competitions to help generate money through foreign IT work, where prizes were awarded to top performers in the scheme.
Fake IT. Deputy Attorney General Lisa Monaco in a statement said that the indictment should serve as a “warning” to companies worldwide of the ongoing fake North Korean IT worker hustle, which has been detected by cybersecurity firms as early as 2022.
In the past few years, the scam has continued to collect victims and evolve in complexity. Earlier this year, security platform KnowBe4 said that it had accidentally fallen victim to hiring a fake North Korean IT worker for its internal AI team. Identity assurance company HYPR later on this year said it too had encountered a fake IT worker, though it noted that its imposter worker was a European software engineer.
Ashley T. Johnson, special agent in charge of the FBI’s St. Louis field office, said in a statement that the latest indictment is just the “tip of the iceberg” for the scheme and advised businesses to be wary when hiring remote IT staffers.
“Protect your business by thoroughly vetting fully remote IT workers,” Johnson said. “One of the ways to help minimize your risk is to insist current and future IT workers appear on camera as often as possible if they are fully remote.”