The U.S. Department of Justice announced Thursday (December 12) that a federal court in St. Louis, Missouri, indicted 14 citizens of the Democratic People’s Republic of Korea on Wednesday, charging them with a long-term conspiracy to violate U.S. sanctions and engage in wire fraud, money laundering and identity theft. The individuals worked for Yanbian Silversta and Volasys Silverstar, both companies in the People’s Republic of China and Russia, respectively, which are controlled by North Korea and have been previously sanctioned by the United States.
The Justice Department specifically pointed out that the 14 North Koreans conspired to use false, stolen and borrowed identities of Americans and others to conceal their North Korean identities and foreign locations and work as remote information technology (IT) workers for U.S. companies and nonprofit organizations.
The Justice Department said that these defendants – some of whom were ordered by their supervisors to earn at least $10,000 per month – generated at least $88 million during the conspiracy, which lasted about six years. In many cases, the defendants also stole sensitive company information such as proprietary source code and then blackmailed their employers with the threat of leaking the information to supplement their salary income. They used the financial systems of the United States and China to transfer the proceeds of their activities to accounts in China, which ultimately benefited the North Korean government.
The indictment said the 14 people worked for the two sanctioned companies in positions ranging from senior leaders to IT workers. The two organizations employed at least 130 North Korean IT workers, who were referred to internally as “IT warriors.” The indictment alleges that Yanbian Silver Star and Volaxis Silver Star regularly held “socialist competitions” for their employees, in which IT workers competed to generate revenue for North Korea, with bonuses and other rewards for the best performance. As part of the criminal conspiracy, North Korean IT workers received work and earned wages from many U.S.-based companies and nonprofits. In some cases, U.S. employers unknowingly employed North Korean IT workers for years and paid hundreds of thousands of dollars in salaries.
The Justice Department said the defendants used a variety of techniques to conceal their North Korean identities from employers, including stealing the identities of U.S. and others, or paying U.S. personnel to attend job interviews, working remotely under false identities, and registering fake domain names and designing fake websites to make recruiters think they were experienced, qualified and had credible work experience. The defendants also attempted to pay U.S. personnel to receive laptops from their employers, set them up at their addresses, and load them with software that allowed North Korean IT workers to log in from overseas while pretending to be them working remotely in the United States.
In some cases, the defendants used their access to proprietary company information to blackmail U.S. employers to increase their income, the Justice Department said. Sometimes, if they didn’t get the money, they would post company information online. The Justice Department cited an example of a company that lost hundreds of thousands of dollars when proprietary information was posted online by a defendant because it refused the ransom demand.
All 14 co-conspirators were charged with conspiracy to violate the International Emergency Economic Powers Act, conspiracy to commit wire fraud, conspiracy to commit money laundering, and conspiracy to commit identity theft. Eight co-conspirators were charged with aggravated identity theft. If convicted, each defendant faces a maximum statutory penalty of 27 years in prison.
The Justice Department’s statement mentioned that the indictment only makes allegations, and all defendants are presumed innocent until convicted beyond a reasonable doubt by the court.
