U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  1. Home
  2. Irmpo

Was this page helpful?

Insider Risks in the News

U.S. Companies Tricked by North Korean IT Workers: DOJ Unveils Complex Fraud Network

As if taken from a Hollywood script, the DOJ shared publicly how an Arizona woman and three unidentified foreign nationals placed overseas information technology workers, posing as U.S. citizens and residents in remote positions within U.S. companies. In a nutshell, the quartet put together a scheme where they hoodwinked over 300 companies into hiring North Korean (DPRK) IT workers  who used stolen or borrowed U.S. person identities in order to raise hard currency revenue for the DPRK.  The scheme ran from at least October 2020 through October 2023.

Separately, yet remarkably similar, the DOJ also shared data concerning the arrest of Ukrainian national, Oleksandr Didenko who ran a years-long scheme creating fake identities on U.S. IT search platforms with U.S. based money service transmitters. Didenko, then sold these accounts to foreign nationals outside the United States who used these identities to apply for jobs. Some of those identities, Didenko advises, were used by the DPRK.

LAPTOP FARMING FOR NORTH KOREA

The U.S. citizen, Christina Marie Chapman, identified in the unsealed indictment was arrested on May 15 in Litchfield Park, AZ.  Ukrainian citizen Didenko was arrested on May 7 in Poland and the United States is seeking his extradition.  There is a $5 million reward for information leading to the arrest of Chapman’s three co-conspirators.

According to the DOJ, “The overseas IT workers gained employment at U.S. companies, including at a top-five major television network, a Silicon Valley technology company, an aerospace manufacturer, an American car manufacturer, a luxury retail store, and a U.S.-hallmark media and entertainment company, all of which were Fortune 500 companies.”

It is important to note, that the DOJ was cognizant that some of these companies could have been targeted specifically by the DPRK with their statement, “Some of these companies were purposely targeted by a group of DPRK IT workers, who maintained postings for companies at which they wanted to insert IT workers.”

Furthermore, Chapman’s stable of IT workers attempted to garner employment to two U.S. government agencies on multiple occasions (unsuccessfully).

Chapman ran a “laptop farm” hosting a multitude of IT workers “company issued” computers inside her home. These computers provided the U.S. presence for the “employees” and would then interconnect the overseas IT workers into her home and then via their company issued device into their employer’s network. Chapman used her residence to receive checks, correspondence, etc, and charged a monthly fee to the workers for the service. As noted, over 300 companies were impacted and over 60 U.S. identities of U.S. persons were stolen or borrowed. The scheme generated over $6.8 million in revenue for the overseas workers laundered through Chapman’s laptop farm.

SOUTH KOREA DETAILS THE SCHEME

It should be noted that on December 8, 2022, the Republic of Korea (South Korea) Foreign Ministry issued a warning that this scheme was being used by North Korea to increase hard currency revenue for the DPRK. The warning was explicit, “DPRK IT workers are located all around the world, obfuscating their nationality and identities. They earn hundreds of millions of dollars a year by engaging in a wide range of IT development work, including freelance work platforms (websites/applications) and cryptocurrency development, after obtaining freelance employment contracts from companies around the world.”

South Korea outlined the modus operandi of the DPRK dispatch of “highly skilled IT workers all over the world, including Asia and Africa. IT workers located overseas from groups and live together and they earn foreign currency by obtaining IT development work via online freelance work platforms.”

The warning continues, “They present themselves as non-North Korean nationals and work as freelance IT workers, obtaining employment contracts from companies located in developed countries in North America, Europe and East Asia.”

The indicators, provided to assist employers to identify the DPRK IT workers working under false identities, according to the Ministry are:

  • Multiple logins into one account from various IP addresses in a relatively short period of time;
  • Developers are logged into their accounts continuously for a whole day;
  • Developers log into multiple accounts on the same platform from one IP address;
  • Developer accounts whose cumulative working hours exceed several thousand hours;
  • Developer accounts receiving high ratings, especially when client companies which engaged in ratings have a payment account identical to that of the account owner;
  • New developer accounts using same or similar documents with those submitted by existing accounts.

DIDENKO’S IDENTITY ROULETTE

The affidavit supporting the complaint alleges Didenko managed approximately 871 “proxy” identities on three U.S. IT hiring platforms. To accomplish this he used three U.S.-based laptop farms, hosting 79 computers. Didenko offered a slightly different service than Chapman, with the same end goal, placing workers inside U.S. companies. The DOJ described Didenko’s efforts as “Didenko ran a website, upworksell.com, which advertised creating, buying, and renting accounts at U.S. websites using false identities, and also advertised “Credit Card Rental” in the European Union and the United States and SIM card rental for cellular phones. ”  The DOJ also notes the interaction between Didenko’s and Chapman’s clientele, when a laptop from Didenko’s laptop farm was requested to be sent to Chapman’s laptop farm.

SEEDING INTO U.S. COMPANIES

“Today’s announcement of charges and law enforcement action show our broad approach to attacking funding sources for North Korea across the United States,” said U.S. Attorney Matthew M. Graves for the District of Columbia. “We will continue to vigorously pursue cases against individuals, in the United States and abroad, that use U.S. financial systems to raise revenue for North Korea.”

The U.S. Attorney’s office understands the financial fraud taking place which provides an avenue to prosecution. There is more than just financial fraud at play, this jaded-eye observers. If egg on the face of 300-plus companies whose hiring and onboarding pipeline have been hoodwinked isn’t sufficient incentive for all human resource departments to review their “verification processes”. The understanding that the DPRK used this mechanism to seed individuals in targeted companies for purposes beyond the financial aspect. They were after infrastructure knowledge, intellectual property, and more.

https://news.clearancejobs.com/2024/05/17/doj-reveals-u-s-companies-unwittingly-hired-north-korean-it-workers/

____________________________________________________________________

US Air Force employee charged with disclosing classified information on dating website

A civilian U.S. Air Force employee has been charged with disclosing classified defense information to a woman he met on a foreign online dating platform, the Justice Department said on Monday.

David Franklin Slater, 63, was taken into custody in Nebraska on Friday on a three-count federal indictment. He was expected to make an initial court appearance on Tuesday.

The indictment accuses Slater of giving classified material by email and online messages about the Russia-Ukraine war to someone claiming to be a woman living in Ukraine.

https://www.reuters.com/world/us/us-air-force-employee-charged-with-dis…

 

Contractors Failed Background Checks, Maintained Access to Sensitive Agency Systems

IRS watchdog: Contractors who failed background checks, maintained access to sensitive agency systems. A new IRS inspector general report says the agency continued to give 19 contractors access to sensitive systems despite failing background reports as recently as last July.

https://apnews.com/article/irs-tax-payer-whistleblower-trump-returns-f68706043c2f4ba7304fcc4b28a00a07?utm_source=Email&utm_medium=share

IRS watchdog: Contractors who failed background checks maintained access to sensitive agency systems

A new IRS inspector general report says the agency continued to give 19 contractors access to sensitive systems despite failing background reports as recently as last July.

 

Two U.S. Navy Sailors Charged with Providing Sensitive Information to China

Two U.S. Navy sailors were charged Thursday with providing sensitive military information to China — including details on wartime exercises, naval operations and critical technical material.  The two sailors, both based in California, were charged with similar moves to provide sensitive intelligence to the Chinese. But they were separate cases, and it wasn’t clear if the two were courted or paid by the same Chinese intelligence officer as part of a larger scheme. Federal officials at a news conference in San Diego declined to specify whether there is any tie between the cases.

https://apnews.com/article/espionage-us-navy-arrests-national-security-…

 

Former Analyst with the FBI Sentenced for Illegally Retaining Documents

A former analyst with the Kansas City Division of the FBI was sentenced in federal court today for illegally retaining documents related to the national defense at her residence.

Kendra Kingsbury, 50, of Garden City, Kansas, was sentenced by U.S. District Judge Stephen R. Bough to 46 months in federal prison followed by three years of supervised release. Kingsbury pleaded guilty on Oct. 13, 2022, to two counts of unlawfully retaining documents related to the national defense.

According to court documents, Kingsbury was an intelligence analyst for the FBI for more than 12 years, from 2004 to Dec. 15, 2017. Kingsbury was assigned to a sequence of different FBI squads, each of which had a particular focus, such as illegal drug trafficking, violent crime, violent gangs and counterintelligence. Kingsbury held a TOP SECRET/SCI security clearance and had access to national defense and classified information. Training presentations and materials specifically warned Kingsbury that she was prohibited from retaining classified information at her personal residence. Such information could only be stored in an approved facility and container.

Kingsbury admitted that, over the course of her FBI employment, she repeatedly removed from the FBI and retained in her personal residence (at that time in North Kansas City, Missouri) an abundance of sensitive government materials, including classified documents related to the national defense.

https://www.justice.gov/opa/pr/former-fbi-analyst-sentenced-retaining-c…

DOE Official Pleads Guilty for Accepting Bribes 

In Federal court in Central Islip, Jami Anthony, the former Small Business Program Liaison and Procurement Officer for a Department of Energy Laboratory based in Virginia, pleaded guilty to a criminal information charging her with receiving bribes as a federal official in connection with a scheme to pay her more than $18,000 in exchange for more than $900,000 in DOE contracts. 

https://www.justice.gov/usao-edny/pr/former-department-energy-employee-…