FBI and IRS Seize Funds Linked to Scheme Involving North Korean IT Workers
In a significant crackdown on cybercrime, federal authorities have seized funds related to a scheme that used stolen identities of US citizens to procure employment for foreign nationals with ties to North Korea at hundreds of US companies.
The Scheme: A Network of Stolen Identities
The scheme was orchestrated by Chapman, who is charged with:
- Conspiracy to defraud the United States
- Conspiracy to commit wire fraud
- Other offenses
If convicted, Chapman faces up to 97.5 years in prison, including a mandatory minimum of two years for aggravated identity theft.
How the Scheme Worked
According to officials, Chapman created fake identities using stolen US citizen information and sold them to overseas IT workers from North Korea. The scheme was uncovered by:
- FBI Phoenix Field Office
- IRS-CI Phoenix Field Office
- Assistance from FBI Chicago Field Office
The investigation found that Chapman managed a network of “proxy” identities, which were used to create accounts at US-based freelance job search platforms and money service transmitters. He also operated laptop farms in the United States, hosting up to 79 computers and sending or receiving over $920,000 in payments since July 2018.
Additional Charges
In addition to Chapman’s charges, the FBI has also charged multiple John Does with:
- Conspiracy to commit money laundering related to the scheme
The Growing Threat of North Korean Cybercrime
This case highlights the growing threat of North Korean cybercrime and the need for international cooperation to combat these threats. The FBI, along with the Departments of State and Treasury, issued an advisory in May 2022 warning about the North Korea IT worker threat, and updated guidance was issued in October 2023 by the US and South Korea.
Indictment and Criminal Complaint
The indictment and criminal complaint are merely allegations, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in court.