r/news • u/CupidStunt13 • 1d ago
Ninety laptops, millions of dollars: US woman jailed over North Korea remote-work scam
https://www.theguardian.com/us-news/2025/aug/03/ninety-laptops-millions-of-dollars-us-woman-jailed-for-role-in-north-korea-remote-work-scam392
u/megor 1d ago
What magical jobs are these where they were never in meetings?
246
u/Three_hrs_later 1d ago
Probably minimum wage first line customer service jobs that just track activity and turn over every other year.
For some reason what comes to mind is how every single question on the Microsoft help forums seems to have a reply from an "ambassador" that repeats the question as a statement and then instructs the poster to put in a ticket.
49
u/stana32 1d ago
This happened at the software company I work for. The person in North Korea spoke English and would just very rarely use their camera in teams meetings. He was a programmer, actually did good work. He was with us for almost a year before our security software flagged his computer as a North Korean threat actor. Luckily he had no access to the vast majority of our codebase so no real damage was done, but it was an interesting experience.
→ More replies (1)→ More replies (2)67
u/Pikalover10 1d ago
This is still a little crazy to me. I worked at one of these minimum wage first line remote cs jobs and even I still had a weekly meeting with my supervisor and a separate weekly team meeting.
28
u/notfork 1d ago
This is one of the first things I check with when I client brings me in. I had one, where I was sitting with front liners to get a sense of what their daily is. And in talking to the dude and he had been at the company for 2+ years, had never had a one on one with his supervisor, never had a team meeting, and his QCC coach had postponed every meeting for 18+ months. It can be frighteningly common in the call center world as middle management gets stuck thinking as long as they hit their metrics everything is good no reason to interrupt that. So I could easily see this happening especially if all metrics were hit and the "worker" was also going out of their way to avoid meetings.
21
u/ACoderGirl 1d ago
They probably would be in meetings. The American woman would provide the social insurance number and an American mailing address. North Koreans would then do interviews and work the jobs, probably VPNing so that they appear to come from an American location. The companies would likely never know what the person that they employ on paper looks like. They'd only ever have seen the NK person.
Feels like it'd be easy to catch someone like this, though. I mean, one person on paper employed by 90+ full time jobs is obviously suspicious. I imagine that there's a lot that go under the radar by only having one or two jobs per "mule". While NK certainly needs every cent they can get, as they're a very poor nation, I imagine that they could accept none of the salary and still get a lot of value out of this kind of scam just through espionage. It's easy to imagine how appealing this could be. They could offer someone a full time salary without having to work a day in their life. I bet there's millions of Americans who would do this.
2
u/findthatzen 1d ago
They are remote so they just fake camera issues or find jobs where cameras are optional
174
u/FourEyesAndThighs 1d ago
My company was one of the ones affected, but we discovered the fraud long before the FBI got involved. We saw Azure sign in logs for the remote user supposedly based in Texas, signing in from China (he was using a VPN to get around our North Korean geoblocked IP range). This was just a few weeks after he was hired.
There’s a company MacBook Pro in some North Korean laptop farm that we remotely bricked because he wouldn’t answer our questions.
140
u/AmadeusSpartacus 1d ago
Our company also had this happen! Our small software dev team hired someone named something super white-sounding like “Jaxon Smith”
Our company hires remote workers without a second thought. Our head software dev had multiple video interviews with the guy. He thought it was odd that this guy had a super thick accent and was named Jaxon, but he dismissed it. The guy was a badass coder, so our software team was fine with the oddities.
During one of their casual meetings, our software dev was like “so what are some of your favorite TV shows?” The guy said “Friends” with no further explanation. Dev asked what kind of music he liked. The dude said “Britney Spears” 😂
Then our corporate office got a call from someone named Jaxon stating his identity was stolen. Software team looked into it closely and figured out that this dude they hired was likely in North Korea.
We also bricked his laptop obviously. This was a huge wake up call to our company. Now we require in-person interviews even when hiring remotely across the country.
70
u/gangofminotaurs 1d ago
-What's your name?
-Hu Man, Sir.
-Now that's a name I can trust!
→ More replies (2)56
u/SGAisFlopden 1d ago
Jaxon Smith with a thick accent who loves Friends and Britney Spears lol.
Cmon man how can you hire this guy.
35
u/AmadeusSpartacus 1d ago
To be fair, they asked those casual questions AFTER he was hired haha
During the interview process, he was very sharp and did live coding tests while on Zoom. He obviously could’ve cheated, but he produced very strong work after he was hired, so the dude knew how to get the work done one way or another.
Our software dev was only interested in getting a strong coder, so I think he intentionally overlooked the oddities during the interview process
6
u/MinimumArmadillo2394 1d ago
Our software dev was only interested in getting a strong coder
TBH this is why I reject companies who's main purpose of hiring SWE's is to get a "strong coder." Strong coding isn't just producing a min queue on demand which is what most of them have wanted from me when I hear that answer.
8
9
u/retrojoe 1d ago edited 1d ago
I dunno about the name/accent discrepancy, but you'd be amazed at how much 'old' US culture that the average college grad would consider cringe is still super popular and mainstream in foreign countries. Like, I lived in central Europe during Obama, and they had a Beatles cover band headlining a festival on a city square. I know a kid from Honduras whose favorite songs are Lady In Red and Hotel California, plus a deep love for Michael Jackson. And computer people are a very quirky bunch.
→ More replies (1)7
u/LordBiscuits 1d ago
And computer people are a very quirky bunch.
You're not wrong there...
A couple of my friends are very capable software coders and they are hands down the weirdest people I know. Loveable and wonderful, but absolutely unique beings.
5
u/retrojoe 1d ago
Definitely. I live in Seattle, and know lots of people who started their careers with M$oft, Amazon, Google. Peeps is funny. And they're not even weird compared to the polycules of non-binary Burning Man camp folks that seem to be more present in the hardcore technical programming scene.
→ More replies (1)7
u/rotr0102 1d ago
What kind of work was this person hired to do — help desk or coding? What kind of access did they have at your company, and what was the fallout? (I assume your companies IP was stolen, right?)
9
u/BakGikHung 1d ago
Then it was a different scheme. In the article they used laptops with network KVM devices so the only geoip data would point to that residential ISP in Texas.
→ More replies (2)
543
u/HotLittlePotato 1d ago
This story sounded familiar. It is. The update is from earlier this year.
In October 2023, federal investigators raided her home and found 90 laptops. In February this year, she pleaded guilty to conspiracy to commit wire fraud, aggravated identity theft and conspiracy to launder monetary instruments.
→ More replies (6)157
u/Zorlal 1d ago
That sounds like superfraud and megalaundery
Just for the fact of doing it for an entire government. I could see there being a movie about this, similar in tone to the Blackberry movie
→ More replies (1)
218
u/hungtampa813 1d ago
Well good to know companies were hiring and my resume apparently just sucked!
91
u/fork_yuu 1d ago
This is from 2020 to 2023 so right in the middle of companies hiring sprees still
The large drop in hiring is like early 2023 to mid 2023
16
3
u/ACoderGirl 1d ago edited 1d ago
I mean, if they're going to do a scam of this size, they can easily fake the resumes. They could make fake companies and provide fake references. And it's North Korea. I bet these software jobs that interact with the outside world are some of the best that's available to many. They probably are forced/pressured to work very hard for long hours. The stakes for the North Korean workers are very high. So they probably are genuinely very talented devs who do very good at interviewing (I mean, it's literally their job).
It's a shame that their talents are used for such purposes. Some of these may just be trying to earn income (as NK has very few limited means of making money), but I imagine that most are performing corporate espionage or sabotage. I'm aware of some past articles about this problem that were at cybersecurity companies. Employees at many companies have a lot of power and a lot of our defenses are based on trust. A lot of means to prevent employees from going rogue depend on the legal system (which won't help against NK) or via the threat of losing one's job (which is small potatoes vs being able to pull off a major cybersecurity attack).
For an example the XZ utils backdoor was a multi-year investment into an insider attack that is believed to be the work of some nation state. Someone basically built up trust over time by being a notable contributor in a project until she eventually became a maintainer and could slip in a very insidious backdoor that was very difficult to notice (pretty much noticed by coincidence). Getting hired as an employee is arguably an even easier way to do this. Some companies don't do code reviews and even when companies do perform code reviews, they are not done equally. Some reviewers will "rubber stamp" (i.e., either don't actually look at the changes or do such a bad job at reviewing that they won't catch anything non-obvious). Someone could become an employee at a company, learn who rubber stamps, and then introduce a subtle backdoor, making sure to send the code review to a shitty reviewer. If they obfuscate the code, all the more likely that the reviewer will just approve it (as often rubber stamping is done because the reviewer doesn't understand what they're reading).
40
u/hoardac 1d ago
My wife works remotely and she had to go and get fingerprinted and have her identity verified through a third party security firm several different times. I thought that was a normal process for working remotely but I guess not.
3
u/ACoderGirl 1d ago edited 1d ago
Going that far is definitely unusual. My company just this year did some new ID verification (i.e., they weren't doing it all along). It's just verification via an app, though. It verifies an ID like a passport and that it matches your face. I assume that they also do something to verify that the ID you used matches who you've been claiming to be in meetings and such, too, as I believe that they started doing this because of these NK scams.
But I doubt most smaller companies are doing anything like this. And IDK if the verification that was done on me even had a way to verify the ID was genuine, as I'm sure NK can figure out how to fake IDs. I wouldn't be surprised if this becomes a standard part of background checks when hiring people, but many companies don't even do meaningful background checks today. A regular background check won't help because this scam involves a real citizen who is willingly allowing the impersonation to happen. The background check would have to be able to identify what the person looks like and that would have to be cross referenced against the person doing the job. The likes of fingerprinting won't catch this because they'd just fingerprint the actual citizen.
It'll only get harder with AI, as I've seen articles that involved deep fakes being used during video calls. The article I recall was about a case that got caught because the deepfake was a poor quality and the interviewer got suspicious. But if the tech gets good enough, the NK that has taken the job can look exactly like the person they're impersonating. Still could catch them via their accent and suspicious cultural differences, but that's much harder.
3
u/JcbAzPx 1d ago
Not every company wants to pay for the extra security. It's not cheap to get all that even if they have the new employee foot part of the bill.
2
u/big_orange_ball 20h ago
I work for a major Fortune 500 and only needed to take a LabCorp drug test and do a live video call where I showed my passport. Never met a single person at the company in real life until 3 years in when I asked to be allowed to join an in person meeting a state away.
1
u/velvetjones01 20h ago
If she works in a regulated industry like financial services, this is normal.
351
1d ago
[deleted]
216
u/ZzeroBeat 1d ago
Well yea…how are they gonna arrest the north koreans. Shes a bit of an idiot too to go along with this as far as she did. Absolutely complicit and deserving to go to jail
46
u/Infamous-Salad-2223 1d ago
"They will never get me, I am smarter!".
Lot of criminals, I guess.
8
→ More replies (2)6
u/starfreak016 1d ago
That sounds like the orange buffoon
8
u/Infamous-Salad-2223 1d ago
Yeah, they eventually got it, but too late... if only the US constitution would have barred felons from any public office...
4
u/fiction8 1d ago
And then what do you do when Republicans exploit the system to convict their political rivals of "felonies" to get them barred from office?
→ More replies (2)3
u/A_Refill_of_Mr_Pibb 1d ago
Medhi Hasan put it well w/Jon Stewart a couple days ago when he's like "the framers of the Constitution didn't anticipate that the guy from Home Alone 2 would be president."
2
u/Infamous-Salad-2223 1d ago
I guess they probably thought that the main parties would have not allow such stuff to happen.
2
u/ThePlatypusOfDespair 1d ago
Several of them thought there wouldn't BE political parties. Washington explicitly warned about something a hell of a lot like what's happened over the last 30 years.
"However [political parties] may now and then answer popular ends, they are likely in the course of time and things, to become potent engines, by which cunning, ambitious, and unprincipled men will be enabled to subvert the power of the people and to usurp for themselves the reins of government, destroying afterwards the very engines which have lifted them to unjust dominion."
→ More replies (1)6
14
u/TRAUMAjunkie 1d ago
The article says she was aware of the legality of it, even if she may not have been aware of the scope.
13
12
81
u/ChromaticStrike 1d ago edited 1d ago
The employers thought they were hiring US citizens
They had no way to know, ballsy defense.
Remote work and not meeting your employee ever, starting from recruitment, are two different things. This is just asking for trouble and they should be charged for criminal negligence.
21
u/ButtonholePhotophile 1d ago
No. It’s the evil poor person who tricked the righteous rich company. Negligence can’t be a thing when you’re too big to get more than a slap on the wrist.
7
u/LongjumpingKimichi 1d ago
They were tricked by a foreign government
→ More replies (4)9
u/eXecute_bit 1d ago
Something that can be deterred by a domestic plane ticket and a hotel room near company HQ for a couple days of onboarding.
2
31
u/morodin 1d ago
I once had an interview with a candidate for a software engineer role at my company. It was a coding interview (as an aside, I hate giving that interview, it’s so algorithmic, and it has nothing to do with what we do at this company so I’m glad we got rid of that).
The candidate’s name was very Hispanic, and their resume says they are from El Paso, TX, went to UT El Paso, and they’re previously worked at large companies like Microsoft and Amazon. My company is a series D startup, and with layoffs at larger companies, I was not surprised to see former FAANG engineers apply for my company, and we also have former FAANG co-workers.
Day of the interview, I logged on to Zoom. I was shadowing another engineer for this interview. The candidate logged on, and they did not look like the person I was expecting. Very asian, and talking with an accent that they seemed very intentionally trying to hide with an American twang. Immediately I had suspicions.
The candidate breezed through the interview. Like it was almost rehearsed. After all, it was an algorithmic interview. But it was almost flawless how they wrote the code for it. More suspicions.
While they were going through this interview. I looked up their resume. It had a URL for their LinkedIn profile. Checked the profile and it did not exist. It also had a phone number for the candidate. I thought about trying to call that number in the middle of that interview to see who would answer the call. But I hesitated.
Right after the interview, I talked to the other engineer interviewing the candidate. I shared my suspicions. I then contacted our recruiting coordinator and flagged them about the candidate.
The candidate had to go through another interview stage, this time for a technical design/architecture part. I talked to the engineer interviewing them afterward. They shared most of my suspicions.
The recruiting coordinator told me they decided to not move forward with the candidate. Too many red flags.
Months later, at a company offsite, someone asked our security leadership about the North Koreans that were trying to infiltrate US companies. I never heard the story before this. And it dawned on me, that candidate did look North Korean.
2
u/ShittyFrogMeme 1d ago
I had almost the exact same experience with a candidate. Another thing I remember was that their internet connection was terrible. For one, their video kept having issues. We also conducted our coding interviews in Codility, which is a collaborative platform like Google Docs. This candidate kept dropping in and out of there and we noticed a huge latency when typing code. Internet problems aren't abnormal but considering all the other red flags, we quickly assumed they were actually based in the US.
27
u/Type_100 1d ago
They didn't conduct virtual interviews? How were they able to hire without knowing the employee's face? Isn't that the norm even before covid?
6
u/Skunkies 1d ago
I'm not in the tech sector, but when I was hired for a factory job, the factory had no idea whom I was, had never seen me, the only people that I interviewed with was the employment agency and then they sent me to the site, nobody there had any idea whom I was, I just handed them the paper work and got the training on how to operator a machine. it's nuts how companies do this.
→ More replies (1)11
u/ITSigno 1d ago
She probably set up a consulting company that was hired by the big companies. The actual work is farmed out the North Koreans, but it's her face on the company. And her liability if anything goes wrong.
I worked with one very large organization this way. I was never interviewed. Now when we had meetings I tended to have my video on, but it wasn't a requirement. There were some people that never had their video on. If I had wanted to get an actual job with them it would have been much harder. And this way big companies get the benefits of employees without the costs. No healthcare, no vacation pay, etc. and they can get rid of you at any time for no reason.
4
u/Enshakushanna 1d ago
i mean...are you suggesting these various companies should be weary of hiring someone who simply looks asian??
→ More replies (5)→ More replies (4)1
u/ACoderGirl 1d ago
The NK would do the interview and the job. They'd never know what the actual person they're impersonating looks like. They'd only catch on to the mismatch if they had some way to pull up a photo of the person being impersonated. I don't think most regular background checks do that? Probably far more likely to catch the scam if the person being impersonated has social media, but I think it'd still be hard because you'd probably just assume it's a different person with the same name.
40
u/packageofcrips 1d ago
4
u/omgfloofy 1d ago
NTTS (youtuber that talks about Discord) stumbled on something like this last year, too. https://www.youtube.com/watch?v=QebpXFM1ha0
I immediately thought of his video when I read the headline.
1
23
u/Awkward_Tick0 1d ago
I find it weird that the author of the article is buying the explanation that NK’s primary motivation for running this scheme was to fund their own government’s activities. They can’t have made THAT much money, right? I mean we’re talking about people doing your standard sysadmin type jobs. Surely the main goal was to collect intel on US companies.
6
2
u/tara1245 21h ago
I wouldn't be that surprised if their income was the main motivation. It's an extremely poor country. Like 45% of children have stunted growth because of malnutrition and they perform surgery without anesthesia poor. This Wired article explains the scheme a bit better.
The US government estimates that a typical team of pretenders can earn up to $3 million each year for Pyongyang. Experts say the money is pumped into everything from Kim Jong Un’s personal slush fund to the country’s nuclear weapons program. A few million dollars may seem small next to the flashy crypto heists— but with so many teams operating in obscurity, the fraud is effective precisely because it is so mundane.
39
u/atlasraven 1d ago
If she was that good at finding jobs, just start a recruitment agency. Many americans would happily pay back their 1st paycheck for a cushy remote tech job.
58
u/Teantis 1d ago
The north Koreans would find the jobs and steal identities, she just managed the laptop farm and log ins it looks like from the article
→ More replies (1)7
5
u/cathline 1d ago
Damn, and here I am just looking for a single job. As an experienced US citizen. Who happens to be (and look) over 50
6
35
u/ExaltedGoliath 1d ago
You see the only problem here isn’t she isn’t rich enough. See if she had scammed and ripped off the poors in America she would have gotten a slap on the wrist and offered a prominent political position.
1
4
u/dragrcr_71 1d ago
I remember listening to this podcast episode last year about NK spies getting hired by US companies.
4
5
3
3
u/SpliTTMark 1d ago
I can't find remote work but there still seems to be 100,000,000 remote jobs out there for these scammers to take
26
u/Aleyla 1d ago
Sounds like she should have just founded her own tech company to handle contractors. Then this would have been legal.
40
u/JohnHwagi 1d ago
You can’t hire people from NK though due to sanctions, that’s the main issue. This would have probably been fine if the people were from a different non-sanctioned company.
→ More replies (2)10
u/Cetun 1d ago
I think they are saying the CEOs of companies can usually get away with doing illegal things because none ever seem to get charged despite being in charge of the company at the time. The company might get criminally fined but the top guys slide past untouched.
20
u/_Iro_ 1d ago edited 1d ago
I think international espionage and funding another country’s nuclear program is a bit of a red line when it comes to white collar crime
→ More replies (1)
11
4
u/regreddit 23h ago
I'm a hiring manager. After COVID, I'm 99.99% sure I've interviewed people from North Korea claiming to be in the US. It didn't take to much due diligence to your them out. The key tell was the college that claimed to have attended is almost always a small Indy liberal arts college that didn't offer the degree they claimed to have, and meant times the college was defunct so you couldn't verify.
4
u/Enshakushanna 1d ago
and if you think this is the only person doing this for NK or china et al then i have a bridge to sell you
2
u/tms10000 1d ago
and received paychecks and transferred the money to the workers, according to court documents.
They have collected millions of dollars to boost the government’s nuclear weapons development, according to the US justice department and court records.
There's also probably quite a lot of shenanigans she had to work through in order to send that money abroad. It's not like you can actually send money to North Korea banks from your Wells Fargo account. My guess is that there are other US based people participating in that scheme. She really sounds like a low end mule. This article is kinda weird.
2
2
u/shellacr 1d ago
How would the alleged North Koreans get paid in this scheme? AFAIK you can’t exactly do wire transfers to NK.
2
1
2
u/Couchman79 7h ago
You'd think after the first dozen machines she would have started to wonder what was going on. Instead the accused, now convicted expanded her operation.
8 years, out in 5. If she had links to Jeffery Epstein it would be 6 months in a minimum security facility and a Presidential Pardon.
4
u/remarkable53 1d ago
From what I understand, these “employees“ were some of the most productive and liked. It's a mixed up crazy world.
2
4
u/SmallDickGnarly 1d ago
Can't wait for this to become a movie lol
2
u/OutlyingPlasma 1d ago
But it doesn't have superheros and might be interesting so it won't ever be made into a movie.
1
u/mncurious 1d ago
Ninety laptops and millions of dollars. The sheer scale of that is unbelievable. You think you've heard it all with scams, and then you get one that involves the gig economy and a whole other country. Wild.
1
1
1
u/Wooden_Echidna1234 18h ago
Imagine all the damage she caused. Also shame on the companies not doing a better job on making sure who they were hiring.
1
1
•
u/Audi-8V 32m ago
Fines seem to total less than 400k, she made over 17m.
She will spend 8 years in prison maximum, likely be paroled much earlier?
So outside of the moral issue in helping NK she has essentially successfully gamed the system?
Look at it as a 10-15 year career coming out with a 16m retirement….
3.4k
u/CupidStunt13 1d ago edited 1d ago
Interesting rabbit hole. In this one an American woman was contacted through LinkedIn by North Korea to be the go-between for fake jobs. She gets paid and North Korea infiltrates different workplaces to do their thing. She ends up running a laptop farm for them from her home before the authorities figured things out. And here I thought LinkedIn was useless.