“`html
Jin-su recounts using hundreds of fabricated identities over the years to secure remote IT positions with Western companies, a component of an extensive clandestine operation designed to generate revenue for North Korea.
In a rare interview with the BBC, he stated that managing multiple roles across the US and Europe allowed him to earn at least $5,000 (£3,750) monthly, with some colleagues earning significantly more.
Before his defection, Jin-su—a pseudonym used to protect his identity—was reportedly among thousands dispatched abroad to countries including China, Russia, and various African nations to participate in the covert operations orchestrated by North Korea.
North Korean IT workers are subject to strict surveillance, and few have engaged with the media. However, Jin-su’s detailed testimony to the BBC provides a revealing look into the daily lives of those involved in the scheme and their operational methods. His firsthand account corroborates many details previously estimated in UN and cybersecurity reports.
He reported that 85% of his earnings were remitted to support the regime. North Korea, facing persistent financial difficulties, has been subject to international sanctions for several years.
“We recognize it as a form of exploitation, yet we accept it as inevitable,” Jin-su explained. “It is still significantly better than living in North Korea.”
A UN Security Council report from March 2024 estimates that clandestine IT workers generate between $250 million and $600 million annually for North Korea. Authorities and cybersecurity experts caution that the scheme expanded during the pandemic as remote work became more prevalent and has continued to grow since.
While most workers aim to provide a consistent income for the regime, some instances have involved data theft or hacking of employers, followed by ransom demands.
Last year, a US court indicted 14 North Koreans for allegedly earning $88 million through deceptive practices and extorting US firms over a six-year period.
Additionally, four more North Koreans were indicted last month for allegedly using fraudulent identities to secure remote IT work for a cryptocurrency firm in the US.
Jin-su worked as an IT professional for the regime in China for several years prior to his defection. He told the BBC that he and his colleagues typically operated in teams of 10.
While internet access is limited in North Korea, these IT workers can operate more freely abroad. They must conceal their nationality not only to command higher salaries by posing as Westerners but also due to the extensive international sanctions against North Korea, largely in response to its nuclear weapons and ballistic missile programs.
This operation is distinct from North Korea’s hacking endeavors, which also generate revenue for the regime. Earlier this year, the Lazarus Group—a notorious hacking group believed to be associated with North Korea, though never officially confirmed—reportedly stole $1.5 billion (£1.1 billion) from cryptocurrency firm Bybit.
Jin-su spent much of his time procuring fraudulent identities to use for job applications. He initially posed as Chinese, contacting individuals in countries like Hungary and Turkey to request the use of their identities in exchange for a share of his earnings, he told the BBC.
“If you attach an ‘Asian face’ to that profile, you’ll never get hired.”
He then used these borrowed identities to solicit identities from individuals in Western Europe, which he used to apply for jobs in the US and Europe. Jin-su often found success targeting UK citizens.
“With minimal effort, people in the UK readily shared their identities,” he said.
IT workers with stronger English skills sometimes manage the application process. However, jobs on freelance platforms do not always require in-person interviews, and daily interactions often occur on platforms like Slack, making it easier to impersonate someone else.
Jin-su told the BBC that he primarily targeted the US market “because American companies offer higher salaries.” He claimed that so many IT workers were securing jobs that companies often unknowingly hired multiple North Koreans. “It happens frequently,” he stated.
It is understood that IT workers receive their earnings through facilitator networks based in the West and China. Last week, a US woman was sentenced to more than eight years in prison for crimes related to assisting North Korean IT workers in finding employment and sending them money.
While the BBC cannot independently verify the specifics of Jin-su’s testimony, we have reviewed testimony from another defected IT worker through PSCORE, an organization advocating for North Korean human rights, which supports Jin-su’s assertions.
The BBC also spoke to a separate defector, Hyun-Seung Lee, who encountered North Koreans working in IT while traveling as a businessman for the regime in China, confirming that they had similar experiences.
The BBC consulted with several hiring managers in the cybersecurity and software development sectors who reported identifying numerous candidates during their hiring processes whom they suspected were North Korean IT workers.
Rob Henley, co-founder of Ally Security in the US, who was recently hiring for several remote positions at his firm, believes he interviewed up to 30 North Korean IT workers. “Initially, it was somewhat of a game, trying to distinguish between genuine and fake candidates, but it quickly became frustrating,” he said.
Eventually, he resorted to asking candidates on video calls to prove it was daytime in their location.
“We were exclusively hiring candidates from the US for these positions. It should have at least been light outside. But I never saw daylight.”
In March, Dawid Moczadło, co-founder of Vidoc Security Lab in Poland, shared a video of a remote job interview where the candidate appeared to use artificial intelligence software to mask their face. After consulting with experts, he concluded that the candidate was likely a North Korean IT worker.
We contacted the North Korean embassy in London for comment on the allegations in this story, but they did not respond.
North Korea has been dispatching its workers abroad for decades to generate foreign currency for the state, with up to 100,000 employed as factory or restaurant workers, primarily in China and Russia.
After several years in China, Jin-su described the “sense of confinement” due to his oppressive working conditions.
“We were prohibited from going out and confined indoors at all times,” he said. “We couldn’t exercise or engage in any activities we wanted.”
However, North Korean IT workers have greater access to Western media while abroad, Jin-su noted. “You see the real world. While overseas, we realize that something is amiss inside North Korea.”
Despite this, Jin-su claimed that few North Korean IT workers considered escaping as he did.
“They simply take the money and return home. Very few consider defecting.”
Although they retain only a small portion of their earnings, it holds significant value in North Korea. Defection is also exceedingly risky and challenging. Surveillance in China leads to the capture of most attempting to escape. Those who succeed may never see their families again, and their relatives could face punishment for their departure.
Jin-su continues to work in IT following his defection. He credits the skills he developed while working for the regime with helping him adjust to his new life.
Although he earns less than he did when working for the North Korean regime due to not working multiple jobs with fake IDs, he retains a larger share of his income, resulting in more personal wealth.
“I had become accustomed to earning money through illicit means. But now, I work diligently and earn the money I deserve.”
Jaded by online dating fatigue, reporter Alex Taylor hopes to meet the future love of his life.
The company’s self-driving technology failed to prevent a 2019 crash which killed a 22-year-old woman and severely injured her boyfriend in Florida.
Trump’s tariffs in his first term took aim at China – but this time they are going beyond.
The four-person crew, who launched a day late due to weather, will relieve members of the previous SpaceX mission onboard the station.
Astrophysicists said that the unusual lights spotted over Brisbane were tied to a satellite launch from China.
“`