North Korean Defector Reveals Secret IT Scheme Funding Regime

A North Korean defector, using the pseudonym Jin-su, has exposed a clandestine operation where thousands of North Korean IT workers are sent abroad to earn money for the regime, in a rare interview with the BBC. Operating under fake identities, these workers secure remote IT jobs with Western companies, funnelling up to 85% of their earnings—estimated at $250m to $600m annually—back to the cash-strapped North Korean government, according to a March 2024 UN Security Council report.

Jin-su, who defected after years in China, described using hundreds of fraudulent IDs to secure jobs paying at least $5,000 (£3,750) a month. Some colleagues earned significantly more. The scheme, which surged during the pandemic due to the rise of remote work, involves workers posing as Westerners to bypass sanctions imposed over North Korea’s nuclear and missile programmes. Jin-su explained that he often targeted UK citizens’ identities, noting they were “easily” obtained through negotiation, as an “Asian face” would hinder job prospects.

Operating in teams, typically of 10, in countries like China and Russia, these workers are closely monitored and live under restrictive conditions. Jin-su described a life of confinement, with limited freedom to go outside or exercise. Despite access to Western media abroad, which revealed the “real world” and North Korea’s distortions, he said few workers consider defection due to the risks, including severe punishment for families left behind. The scheme extends beyond earning salaries. US authorities have indicted North Koreans for stealing data and extorting firms, with 14 allegedly earning $88m over six years by targeting US companies. Last month, four others were charged for using fake identities to infiltrate a US cryptocurrency firm. A US woman was recently sentenced to over eight years for aiding such workers in securing jobs and transferring funds. Cybersecurity experts and hiring managers report growing challenges in identifying these workers. Rob Henley of Ally Security in the US said he interviewed up to 30 suspected North Korean candidates, resorting to video call checks for daylight to verify locations. Dawid Moczadło of Poland’s Vidoc Security Lab flagged a candidate using AI to disguise their face, a tactic experts link to North Korean operatives. Jin-su’s testimony, corroborated by another defector and supported by PSCORE, a North Korean human rights group, aligns with UN and cybersecurity findings. The North Korean embassy in London did not respond to the allegations. Now free, Jin-su continues working in IT, earning less but keeping more of his income. “I had got used to making money by doing illegal things,” he said. “But now I work hard and earn the money I deserve.” His account sheds light on a sophisticated operation that exploits global remote work trends, raising concerns about the integrity of hiring processes and the funding of North Korea’s regime.