Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

North Koreans got jobs at Fortune 500 companies to fund the nuclear weapons program

AILSA CHANG, HOST:

In May, a 49-year-old woman from Arizona was indicted for helping North Korean citizens secure jobs at Fortune 500 companies, but it turns out she was just a small part of a much larger international scheme. NPR cybersecurity correspondent Jenna McLaughlin has this story.

JENNA MCLAUGHLIN, BYLINE: On a recent spring day in Washington, D.C., I took a trip to the State Department.

JUNG PAK: Hi. Nice to meet you.

MCLAUGHLIN: Jenna McLaughlin - nice to meet you.

I wanted to talk to Dr. Jung Pak, the deputy assistant secretary of East Asian and Pacific Affairs, to get to the bottom of a crazy story. The State Department first put out an advisory about IT workers from the Democratic People's Republic of Korea, or DPRK for short, infiltrating top U.S. companies back in 2022. Now they're offering up to $5 million for information on the sprawling operation. Dr. Pak is a former CIA analyst. She literally wrote the book on North Korean leader Kim Jong Un. And she had a lot to say about this trend.

PAK: Yes, we have seen the DPRK engage in cyber-related activities, and DPRK IT workers is something that we focus on. As we know, during the pandemic, everybody went to their digital platforms, everybody went online, and that was also an opportunity for the DPRK to also go online.

MCLAUGHLIN: As remote work grew, North Korea saw an opportunity.

PAK: They are generating revenue by getting jobs to develop websites. They're designing dating apps.

MCLAUGHLIN: Yes, dating apps. Let's back up a little bit there. For years, North Korea had been advancing its cyber skills, Dr. Pak explained. North Korean hackers breached Sony in 2014 and leaked movie stars' explosive private emails. They're also constantly stealing cryptocurrency to fund the regime while in the stranglehold of international sanctions. But this latest scheme is designed to get North Korean IT workers legitimate remote jobs that pay legitimate U.S. dollars. They've made a lot of money.

PAK: We think that these IT workers can generate at least $300 million per year.

MCLAUGHLIN: Pak and her colleagues across the U.S. government and law enforcement and intelligence say that money is going directly to North Korea's nuclear weapons program, one of the major reasons the hermit kingdom is so heavily sanctioned in the first place. Plus, these workers are based in places like Russia and China. Pak says dialogue with Russia is limited. And while the government engages with China on this issue, it's tough to push them into action.

PAK: Those conversations are challenging - Russia's brutal invasion of Ukraine, and we believe that Beijing could do more on this issue.

MCLAUGHLIN: In a country cut off from most of the rest of the world, the Kims have kept an iron grip on power for three generations. This whole IT worker operation is one illicit source of cash among many. To learn more about these IT workers and their role in North Korea's broader cyber operations, I called up Michael Barnhart. He's a North Korea cyber expert for Google's Mandiant.

MICHAEL BARNHART: This is the same group of individuals that back in the '90s were making fake viagra pills.

MCLAUGHLIN: They've moved up in the world since then. The U.S. government says there's thousands of these remote IT workers, but it's hard to guess the real number, says Barnhart. Picture this. Groups of 10 or more North Korean workers stuffed into tiny group houses. They're working extremely long hours, each applying for and doing multiple jobs at once. And they're sending practically all their money back to the regime, else their family be put in danger. But from the employer's side, they seem like qualified eager candidates. Here's Barnhart again, whose team at Mandiant works with a lot of the companies dealing with the impostor problem firsthand.

BARNHART: One of our partners that we work with, on one day last week, he received 16 different application for jobs at that location - one day.

MCLAUGHLIN: And they work with facilitators around the globe. For example, in the recent indictment, Christina Chapman was the American woman who signed on to be the face of a front company that, at first, she had no idea had any connection to North Korea. Barnhart says he's tracking more just like her as we speak.

BARNHART: It reads like a Grisham novel.

MCLAUGHLIN: Dr. Pak and others like Barnhart are working with U.S. companies to root out these workers. But even when they're caught, they can still cause problems alongside their partners in crime, elite North Korean hackers.

BARNHART: They will extort the information for intellectual property. Hey, you know, if you don't do this, we may sell off the source code here. We've heard in some situations where the company, after they've dealt with the IT worker, that the company was ransomed.

MCLAUGHLIN: It's going to take increased awareness to keep chipping away at this difficult problem. But in the meantime, Barnhart promises some more crazy stories.

BARNHART: I'm so happy that I got to talk to you today because there's things coming down the line that's really going to blow your mind.

MCLAUGHLIN: Who knows? Maybe John Grisham's next thriller will be set in Pyongyang.

Jenna McLaughlin, NPR News. Transcript provided by NPR, Copyright NPR.

NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Jenna McLaughlin is NPR's cybersecurity correspondent, focusing on the intersection of national security and technology.