FBI claims North Korea has orchestrated for years an information technology (IT) scheme that has deceived multiple companies by employing remote IT workers in US-based companies. Wages from the IT workers are then sent to North Korea for its ballistic missile program. 

Associated Press reports that information technology workers were able to deceive U.S. companies through various means. The North Korean-deployed IT workers are sent to continents like China and Russia, wherein they contract with U.S. companies to work remotely. 

According to Jay Greenberg, special agent in charge of the FBI's St. Louis office, the workers employed numerous ways to seem to be working in the United States, including paying Americans to use their home Wi-Fi connections.

North Korea's IT scheme generated millions of dollars per year on behalf of designated entities, such as the North Korean Ministry of Defense and others, by using pseudonymous email, social media, payment platform, and online job site accounts, as well as false websites, proxy computers located in the United States and elsewhere.

Other than generating millions of dollars for North Korea's weapons program, the scheme has also infiltrated unknowing employers' computer networks to steal information and keep access for future hacking and extortion activities.  

North Korean IT Workers' Possible Indicators

The Justice Department released a comprehensive list of additional red flag indicators to help protect U.S. technology companies from employing the said workers.

The list indicates that worker with inability or unwillingness to appear on camera, conduct video interviews, or hold video meetings. Unwarranted concern or failing to do drug tests or in-person meetings.

North Korean-deployed IT workers may also show cheating signs on coding exams or while filling out employment questionnaires and interview questions. Their social media and other online accounts do not match the employed individual's submitted résumé, several online profiles with various images for the same person, or online profiles with no picture.

Inconsistent home addresses, repeated prepayment requests, education is listed on China, Japan, and Singapore Universities, and other factors are also mentioned as possible indicators of the individual being a north korean-deployed IT worker. 

FBI authorities maintained that the prevalence of the IT scheme is so common that businesses must be extra cautious when recruiting. Associated Press reports that other U.S. companies may have also worked with North Koreans and other countries.

Read Also: North Korean Hackers Behind JumpCloud Breach, Says Security Experts 

U.S. and FBI's Actions Against the Scheme

The court-authorized action released on Wednesday states that a seizure is in order by the Justice Department. Stating that an ongoing investigation will be seizing $1.5 million and 17 domain names.

Assistant Attorney General Matthew G. Olsen of the Justice Department's National Security Division states as a way to ensure U.S. companies are protected "from being infiltrated with North Korean computer code and help ensure that American businesses are not used to finance that regime's weapons program."

The United States has also collaborated with the South Korea to share threat information concerning North Korea's IT scheme as well as addressing initiatives to strengthen public-private partnerships.

The National Security Cyber Section of the National Security Division of the U.S. The Eastern District of Missouri Attorney's Office is looking into this situation. The investigation was led by the FBI's St. Louis Field Office, with help from the FBI's Cyber Division. 

Related Article: FBI Warning: North Korean Hackers Ready to Cash Out Millions of Dollars in Crypto