May 17, 2024
Two people were arrested on criminal charges in two connected schemes for allegedly enabling North Korean IT workers to obtain remote positions at more than 300 US firms using false identities, the US Department of Justice announced May 16.
“Using the stolen identities of US citizens is a crime by itself, but when you use those identities to procure employment for foreign nationals with ties to North Korea at hundreds of US companies, you have compromised the national security of an entire nation,” Chief Guy Ficco of IRS-Criminal Investigation, said in a press release.
In one case, Christina Marie Chapman, 49, of Litchfield Park, Arizona, has been indicted.
Chapman ran a “laptop farm,” hosting computers inside her home which workers could use to appear they were working in the US, according to the department.
Three other foreign nationals were also named by the department and a reward of $5 million has been offered for information about them. They used the aliases Jiho Han, Chunji Jin and Haoran Xu. Their manager is known as Zhonghua.
Chapman and her co-conspirators allegedly compromised the identities of more than 60 US people, impacting more than 300 US companies. They also enabled false information to be conveyed to DHS on more than 100 occasions, created false tax liabilities for more than 35 US people. At least $6.8 million went to the overseas IT workers. The Justice Department seized funds related to the scheme from Chapman as well as wages and monies accrued.
Chapman, who does not have an attorney named in court documents, is charged with:
- Conspiracy to defraud the United States
- Conspiracy to commit wire fraud
- Conspiracy to commit bank fraud
- Aggravated identity theft
- Conspiracy to commit identity fraud
- Conspiracy to launder monetary instruments
- Operating as an unlicensed money transmitting business
- Unlawful employment of aliens
If convicted, Chapman faces a maximum penalty of 97.5 years in prison.
The John Doe coconspirators are charged with conspiracy to commit money laundering.
Job search platforms
In the second case, the Justice Department unsealed a criminal complaint against Oleksandr Didenko, 27, of Kyiv, Ukraine. The department alleged that Didenko, in a multi-year scheme, created accounts at freelance IT job search platforms using false identities and identities of US people. He then sold these accounts to overseas IT workers. Didenko’s website, upworksell.com, advertised creating, buying and renting accounts at US websites using false identities.
Didenko, who did not have an attorney named in court documents, managed as many as 871 proxy identities.” Didenko also facilitated the operation of at least three US-based laptop farms, at one point hosting approximately 79 computers. Didenko also acknowledged in messages that he believed he was assisting North Korean IT workers, according the the Justice Department release.
Polish authorities have arrested Didenko.
If convicted, he faces a maximum penalty of 67½ years in prison.
The cases are connected, according to the department. One of Didenko’s overseas IT worker customers also requested that a laptop be sent from one of Didenko’s US laptop farms to Chapman’s laptop farm.
“On the surface, today’s allegations of wire fraud, identity theft and money laundering may read like a typical white collar or economic crime scheme,” Assistant Director Kevin Vorndran of the FBI’s Counterintelligence Division, said in a press release. “But what these allegations truly represent is a new high-tech campaign to evade US sanctions, victimize US businesses, and steal US identities.”