Your tech guy may be in Pyongyang, U.S. warns firms
In an advisory issued by the State Department, Treasury Department and the FBI, the U.S. government said the use of freelance IT staff by the North was a way for it to bypass U.S. and United Nations sanctions and earn foreign exchange for its nuclear weapons and ballistic missile programs.
“There are thousands of DPRK IT workers both dispatched overseas and located within the DPRK, generating revenue that is remitted back to the North Korean government,” the advisory stated, referring to the North by the acronym for its official name, Democratic People’s Republic of Korea.
“These IT workers take advantage of existing demands for specific IT skills, such as software and mobile application development, to obtain freelance employment contracts from clients around the world, including in North America, Europe, and East Asia,” the advisory said.
The advisory added that such workers pretended to be from South Korea, Japan, or other Asian countries.
North Korean workers often “represent themselves as U.S.-based and/or non-North Korean teleworkers,” according to the advisory.
It also warned companies and potential IT employers about suspicious signs from such freelancers, including a refusal to participate in video calls and requests to receive payments in virtual currency.
While North Korea has been known to outsource its workers to other countries to earn money for the regime, they used to work jobs involving hard labor in China and Russia, such as logging, with smaller numbers working in construction projects in Africa and Southeast Asia.
Most of the money they earn is confiscated by the North Korean government, the U.S. said.
Companies who hired and paid such workers would be exposing themselves to legal consequences for sanction violations, the U.S. warned.
The advisory said North Korean IT workers “normally engage in IT work distinct from malicious cyber activity” but that they may use the access they have gained as contractors to enable the North's malicious cyber intrusions.
It said hiring North Korean IT workers may carry “reputational risks,” as well as the “potential for legal consequences.”
“Additionally, there are likely instances where workers are subjected to forced labor,” it added.
BY MICHAEL LEE [firstname.lastname@example.org]