Cybercrime,
Fraud Management & Cybercrime,
Governance & Risk Management
IT Worker Scheme, Laptop Farm Siphon Funds Back to North Korea
A U.S. federal judge has recently sentenced Alexander Paul Travis, a former Army soldier, to one year in prison for his involvement in a deceptive scheme that allowed North Korean IT workers to use his identity to siphon over $193,000 from American companies. The sentencing highlights a notable incident in a broader narrative of cybercrime and fraud management, revealing the intricate strategies employed by North Korea to circumvent international sanctions and make illicit gains.
Travis, who is now 35 years old, was stationed at Fort Gordon, Georgia, when he engaged with North Korean operatives. By permitting these individuals to use his personal information, he facilitated fraudulent employment, which enabled them to pose as legitimate workers in the U.S. This deception involved creating a “laptop farm” at his residence, which served as a base where unauthorized IT workers could remotely access company-provided laptops and thus appear to be operating from within the United States.
In a plea agreement filed in the U.S. District Court for the Southern District of Georgia, Travis admitted to his role in this fraudulent operation, which lasted approximately three years starting from September 2019. The former soldier allowed the unauthorized workers to pass through various employer vetting processes that included drug screening and fingerprint checks. Moreover, he opened financial accounts under his name to facilitate the receipt of the workers’ salaries. For his involvement, Travis received a total of $51,397 but has been ordered to forfeit the entire amount of $193,265 that was funneled to North Korea through these salaries.
Alongside Travis, two co-conspirators were also sentenced for their roles in facilitating this elaborate scam. They are Jason Salazar, 30, from Clovis, California, and Audricus Phagnasay, 25, from Fresno, California. Like Travis, both men pleaded guilty to wire fraud conspiracy. Salazar and Phagnasay earned significantly less than Travis—$3,450 and $4,500, respectively—while facilitating the transfer of an astonishing $1.28 million in salaries to North Korea. Each received three years of probation and must forfeit their respective shares of the fraudulently obtained funds, totaling $681,926 and $409,876.
Margaret Heap, the U.S. Attorney for the Southern District of Georgia, aptly described the gravity of the situation, stating that these individuals essentially provided unrestricted access to North Korean overseas technology workers, who were seeking to collect illicit funds to benefit the North Korean government, all in exchange for what they perceived as easy money.
The North Korean regime employs several tactics to secure hard currency in defiance of sanctions. Remote IT work is one instance of this, with estimates indicating that such workers generate between $250 million and $600 million annually for the government. Workers engaged in these activities are viewed as elite members of North Korean society and are vital to the regime’s overarching strategic goals, according to reports by Flare Research and IBM X-Force.
Recent findings suggest that the scam involved sophisticated mechanisms for operational efficiency, allowing workers to submit upwards of 300 bids for freelance tasks per day. However, the acceptance rate is notably low, as only about 10 bids are typically accepted. This disparity may stem from aggressive pricing strategies, where the illegal workers undercut market rates, yet face hurdles in securing consistent work.
Interestingly, not all individuals involved are directly linked to North Korea; in addition to cultivating domestic talent, North Korean authorities have been known to deploy recruiters to source potential candidates. Many of these recruits may lack full awareness that the jobs they are applying for will ultimately serve the interests of the North Korean government. Some prospective hires have reportedly expressed confusion regarding the expectation to adopt a more Americanized name, further indicating the deceptive nature of the recruitment process.
The revelations surrounding this case shed light on the multifaceted and insidious nature of cybercrime, particularly as it relates to North Korea’s efforts to financially empower itself through fraudulent means. Law enforcement agencies continue to unearth and combat such schemes, aiming to disrupt the illegal passage of funds that bolster authoritarian regimes.
With reporting by Information Security Media Group’s Greg Sirico in New Jersey.