The Federal Bureau of Investigation (FBI), the US Department of State, and the US Department of the Treasury have issued an advisory warning organisations against unknowingly hiring North Korean IT workers.
North Korean nationals have been known to apply for several freelance and remote working tech positions in US-based companies, with the roles often requiring expertise in app development, graphic animation, artificial intelligence (AI), AR/VR, biometrics, cryptocurrency, and general IT support.
When hired, the remuneration paid to the IT workers, who in some cases earn even $300,000 (£240,687) per year, is one of the main sources of revenue for the Democratic People's Republic of Korea’s (DPRK) nuclear weapons and ballistic missiles programme.
Assistance in funding DPRK’s military operations is against US federal law, the FBI warned on Monday, with those helping the country evade sanctions – even unknowingly – likely to face up to five years in prison as well as a fine of up to $250,000 (£200,810).
Save time, money and protect your mid-market business with strategic workforce solutions
Effectively handle your technology needs with superior capabilities to secure, manage, and support business PCs
To avoid potentially hiring North Korean nationals for tech roles, organisations have been urged to look out for inconsistencies in name spelling and personal information such as contact information or work location, as well as education history or biography. North Korean IT workers can be based in China, Russia, Southeast Asia, or even Africa to avoid suspicion, and often pose as nationals of other Asian countries. They are also likely to request payment in virtual currency in an attempt to avoid being identified by formal financial systems or use a freelance work platform as an intermediary.
To ensure that programmers and developers hired through freelance work platforms are who they claim to be, employers should verify candidates’ identities over a video call, as well as conduct thorough background checks. As documents including driver’s licences and university diplomas can be easily forged, organisations have been urged to directly contact the candidate’s educational institution or former employer, and avoid using reference contact information provided by the candidate.
The advisory comes weeks after programmer and blockchain expert Virgil Griffith, a US citizen based in Singapore, was sentenced to 63 months in prison and fined $100,000 (£77,000) for helping North Korea launder money and evade sanctions. Having illegally travelled to Pyongyang in April 2019, Griffith provided instructions on how North Korea could use blockchain technology such as smart contracts to negotiate nuclear weapons with the US.
