The U.S. government and private sector are grappling with a thorny problem. North Korean IT workers and hackers are infiltrating Fortune 500 companies to fund the regime’s nuclear weapons program.
Zhang Aisha, host:
In May, a 49-year-old woman from Arizona was indicted for helping North Korean citizens get jobs at Fortune 500 companies, but it turned out she was just a small part of a larger international scheme. NPR cybersecurity reporter Jenna McLaughlin has this story.
JENNA MCLAUGrin, BYLINE: On a recent spring day in Washington, D.C., I visited the State Department.
Pu Zheng: Hi. Nice to meet you.
McLaughlin: Jenna McLaughlin – Nice to meet you.
I wanted to talk to Dr. Park Chung-jung, Deputy Assistant Secretary of State for East Asian and Pacific Affairs, to get to the bottom of a crazy story. As early as 2022, the U.S. State Department issued its first warning about IT employees from the Democratic People’s Republic of Korea (DPRK) infiltrating top U.S. companies. Message for action. Dr. Pak is a former CIA analyst. She did write a book about North Korean leader Kim Jong Un. She had a lot to say about the trend.
PAK: Yes, we see North Korea engaging in cyber-related activities, and North Korean IT workers are the focus of our attention. We know that during the epidemic, everyone is on digital platforms and online. This is also an opportunity for North Korea to go online.
McLaughlin: As remote work grows, North Korea sees an opportunity.
PAK: They generate income by getting jobs developing websites. They are designing dating apps.
McLaughlin: Yeah, dating apps. Let’s back up a little bit. Dr. Parker explained that North Korea has been improving its cyber skills over the years. In 2014, North Korean hackers breached Sony and leaked explosive private emails of movie stars. They also continue to steal cryptocurrencies to fund the regime while shackled by international sanctions. But this latest scheme aims to give North Korean IT workers legal remote jobs and pay them legal dollars. They make a lot of money.
PAK: We think these IT employees can generate at least $300 million a year in revenue.
MCLAUGrin: Parker and her colleagues in the U.S. government, law enforcement and intelligence communities say the money going directly to North Korea’s nuclear weapons program is one of the main reasons the hermit kingdom is subject to such harsh sanctions in the first place. In addition, these workers are located in places such as Russia and China. Parker said dialogue with Russia was limited. Although the government has engaged China on the issue, it has been difficult to push them to take action.
Parker: These are challenging conversations – Russia’s brutal invasion of Ukraine is an issue where we believe Beijing can do more.
McLaughlin: In a country cut off from much of the rest of the world, the Kim family’s iron grip on power has lasted for three generations. The entire operation of IT workers is one of many sources of illegal cash. To learn more about these IT workers and their role in North Korea’s broader cyber operations, I called Michael Barnhart. He is Google Mandiant’s North Korea Internet expert.
Michael Bahart: These are the same people who made fake Viagra pills in the ’90s.
McLaughlin: Since then, their status has risen. Barnhart said the U.S. government says it has thousands of remote IT workers, but it’s difficult to guess the true number. Picture this. Ten or more North Korean workers were crammed into cramped dormitories. They work extremely long hours and everyone applies for and works on multiple jobs at the same time. They remitted almost all their money back to the regime, otherwise their families would be in danger. But from an employer’s perspective, they appear to be qualified and eager candidates. Barnhart is at it again, and his team at Mandiant works with a number of companies that deal directly with the imposter problem.
BARNHART: One of our partners, one day last week, he had 16 different job applications at this location – this one day.
McLaughlin: They work with coordinators around the world. For example, in the recent indictment, Christina Chapman was an American woman who signed on to be the spokesperson for a front company that she was initially unaware of had any ties to North Korea. Barnhart said as we spoke, he was tracking down more people like her.
Bahart: It reads like a Grisham novel.
McLaughlin: Dr. Parker and Barnhart and others are working with American companies to root out these workers. But even if they are caught, they could still cause problems with their criminal partners, North Korea’s elite hackers.
Bhagat: They will extort intellectual property information. Hey, you know, if you don’t, we’ll probably sell the source code here. We’ve heard of cases where companies have been extorted after dealing with IT staff.
McLaughlin: We need to raise awareness and keep solving this problem. But in the meantime, Barnhart promises some crazier stories to come.
Bhagat: I’m excited to talk to you today because what’s going to happen is really going to surprise you.
McLaughlin: Who knows? Maybe John Grisham’s next thriller will be set in Pyongyang.
Jenna McLaughlin, NPR News.
Copyright © 2024 NPR. all rights reserved. Please visit our Terms of Use and Permissions page at www.npr.org for more information.
NPR transcripts are created by NPR contractors under emergency deadlines. This article may not be in final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR programs is the audio transcript.
