Noel King (5:17)

So by the time you met Simon at that event, he had clearly copped on that something was up here. Had Simon actually hired anyone in North Korea?

Bobby Johnson (5:26)

No. So he'd. He'd realized that something strange was going on and hadn't hired anybody. But there are lots of companies around the country who have been hiring North Koreans unwittingly. And this is actually, it turns out there, it's a pretty widespread operation and well known in the cybersecurity industry and in parts of law enforcement. But it's really not something that's broken through into the public consciousness. Most people don't actually know about it. So when we started to put the pieces together and understand what was really going on, that's when the breadth and depth of this, of this thing became apparent.

Noel King (6:05)

How does this work and to what degree is this going on, the scam?

Bobby Johnson (6:11)

It's kind of basic in some ways, but wild in others. First of all, on the simplest level, you have teams of North Korean agents who are recruited out of college, and they get sent to work in other kind of friendly countries, typically China or Russia. They cross over the border and they go work in these teams. They steal people's identities, and they use those identities to apply for jobs. So they steal American identities and use them to apply for jobs in the US and they use all manner of AI enhancements to get the job. You know, like they. They use the AI coding tools to ace the test. They use the chatbots to script their answers so that they sound more competent. They use deepfake technologies to cheat ID verification, and some of the tests that you have to go through in order to get a job. So if they're lucky enough to get through the interviews, the surprising thing I think is they actually generally do the job that they've been employed to do. This is usually building websites or apps for a company, completing different tasks, you know, it related stuff. And often they share those tasks around their team. So there might be 10 or 15 people working in a team doing multiple jobs, and they basically are doing the minimum to stay employed. But because they share the tasks around the team, they're often very efficient and seem to be doing their job pretty well. So they stay under the radar. And all of this gives them time to earn cash that they then send back to North Korea. Now, software engineers, you know, can be pretty well compensated, so that's be a substantial amount of money, but they also use that access that they have as a developer to go and steal information, money, cryptocurrency, and even in some cases, plant malicious software on the victim's computer systems. In many cases, they don't get through to being hired. You know, they're just trying. They're testing the system. But when they do get through, sometimes they only last a few days until they do something that clear that they're. They're not who they say they are. But sometimes they stick around. I mean, I spoke to some victims who have unwittingly employed people, and for up to a year, you know, they've been working in a company and getting away with it. But the real trick, I think, and the key weakness in this scam, is that they need to use a middleman in the U.S. so, you know, the company will send forms to fill out. They'll send the computer for the developer to use. They'll. They need a place to send paychecks. You know, all of these require somebody on the ground. And if you're in a North Korean team in China or Russia, you don't have that person. So they work with an accomplice who manages the physical stuff. So they're based in the US and they will install software that lets the North Koreans dial into their computer from overseas and still look like they're in New Jersey or California or wherever they say they're based. So this means you have these middlemen who have houses full of laptops that all connect up to all the different jobs that they're working. And it's, you know, law enforcement calls that a laptop farm. And the accomplice gets up every morning, switches the computers on, make sure they're all running properly, lets the North Koreans dial in to those computers from overseas, and then carry on the job and carry on the subterfuge. And in some cases, the facilitators who have been caught have been found with, like, 50 or 60 laptops running simultaneously in their house. And that's the place where law enforcement is actually able to catch these gangs, understand what's going on, and try to stop it. So there's one case particularly that I dug into, which is of a middleman or middle woman in this case called Christina Chapman, who recently pled guilty to a range of different crimes related to this.

Gabrielle Burbay (10:03)

Hey, lovelies, it's me. So today I am not being too experimental. I found something called avocado fries, which.

Bobby Johnson (10:14)

She was based in Minnesota and Arizona, and over the space of a couple of years, she worked with a North Korean team and helped them target at least 300 different companies in the US including some pretty substantial ones.

Gabrielle Burbay (10:31)

Howdy people. So today, I think, is day seven. And I did not make my own breakfast this morning. My clients are going crazy. So I just.

Bobby Johnson (10:42)

Some of them were mom and pop shops, but some were big corporations, you know, And Chapman ran this scam. She would help the teams do their IT work. She would host a laptop farm with maybe 60 computers at the same time, and she would help them dial into meetings or keep up to date with stuff. She would receive money that she would then pass along to a bank in China and take a cut along the way.

Noel King (11:11)

New at 10. An Arizona woman has been indicted in a series of complex identity theft cases that have been generating money for the North Korean government.

Bobby Johnson (11:20)

Christina Chapman was working out of her house in Litchfield Park. Someone approached her on LinkedIn, asking her to be the US face of their company. What that meant was she got drawn into this, as far as we can tell, by the fact that there was a promise of some money and it was an easy way to earn some cash. And when I spoke to security experts about this, they said it's really typical for somebody to get drawn in, you know, and that's why they choose folks who are able to stay under the radar, right? People who have no significant profile. People who can just look ordinary and behave in pretty ordinary ways. The woman who lives around the corner from you or the. The guy who's, you know, lives in the apartment block or whatever. Just ordinary folks who can help perpetrate this scam without raising too many suspicions.

Noel King (12:14)

Bobby Johnson. He's a freelance investigative reporter. He ended up writing this story for Wired. Coming up, Bobby goes to the flip side. Who are the North Koreans?

Bobby Johnson (12:31)

Foreign.

Noel King (12:38)

Deleteme. More than likely, there is a lot of your personal information online. Some of you may have even willingly posted it. But having your name, address, phone number, and family members names hanging out on the Internet can have actual consequences in the real world and makes you vulnerable. Says Delete Me. According to Delete Me, you can protect your personal privacy or the privacy of your business from doxing attacks before sensitive information can be exploited. Our very own Claire White has tried Delete Me. Here's what she has to say.

Claire White (13:07)

Since I joined Deleteme, I've really noticed a drastic drop off in the amount of spam calls, spam texts, spam emails. Especially since joining Delete Me, that has been much less of a problem for me. I don't find my phone ringing with a random number at all hours of the day. Y' all, I think this thing works.

Noel King (13:28)

You can take control of your data and Keep your private life private by signing up for Delete Me now at a special discount for our listeners. You can get 20 off your Delete Me plan when you go to JoinDeleteMe.com today. Use promo code today at the checkout. The way to get 20% off is to go to JoinDeleteMe.com today and enter code today at checkout. That's JoinDeleteMe.com today code today. Support for today's show comes from Mint Mobile. Mint Mobile doesn't make crisp mint iced tea, despite what the writers of this ad thinks. Think you might be thinking no. They sell low priced phone plans. Cool. With Mint Mobile, all those low priced plans come with high speed data and unlimited talk and text delivered on the country's biggest 5G network. You can use your own phone with any Mint Mobile plan and bring your phone number along with all your existing contacts. You can get three months of premium wireless service from Mint Mobile for $15 a month. This year you can skip breaking a sweat and breaking the bank. You can get your summer savings and shop early. Premium wireless plans@mintmobile.com explained. That's mintmobile.com explained. An upfront payment of $45 for a 3 month 5 gigabyte plan is required, equivalent to $15 a month new customer offer for first 3 months only. Then full price plan options are available. Taxes and fees are extra. Guys see Mint Mobile for details.

Gabrielle Burbay (14:54)

How much money does it actually cost to do a home renovation? This week on Net Worth and Chill, I'm joined by bachelorette Cont turned home renovation expert Tyler Cameron. From having just $200 in his bank account to getting a TV show on Amazon prime, this episode is packed with practical advice. Whether you're a homeowner or just hoping to be one someday.

Bobby Johnson (15:13)

Two Two ways to take this first one is you're going to renovate your home. Why are you doing it? Are you doing it to make money? If so, then I'd focus on your kitchen. I'd focus on your bathrooms.

Gabrielle Burbay (15:23)

Plus get the inside scoop on which projects are worth diying and which are better left to the pros. Listen wherever you get your podcasts or watch on YouTube.com your rich BFF.

Bobby Johnson (15:40)

This is today Explained.

Noel King (15:42)

We're back with Bobby Johnson, who wrote about North Korean operatives getting hired by American companies for Wired. The companies don't like to talk about what is happening. Neither does North Korea. So Bobby relied on defectors who understand how the scam works from North Korea's end.

Bobby Johnson (15:58)

So typically these guys, and they really are guys like you say young, you know, pretty much straight out of college. They are recruited to work in these teams of 10 or 15 people, and they basically operate like a criminal gang in a sort of digital sweatshop. So they are typically sent overseas. I don't think they get many choices. You know, they're sent overseas to live in a nondescript apartment, and it's pretty much a 24, 7 existence. They work there, they eat there, they sleep there. They are only allowed to leave in small, in groups to make sure that nobody runs away. And they get paid by the government and sometimes pretty well. But the regime also makes it clear that, you know, your family back in South Korea is under extra surveillance to try and dissuade people from trying to escape. But these, these teams are typically relatively low level. North Korea does also run sort of very high level hacking teams. And this kind of work is maybe a stepping stone towards that, but it's kind of where folks are paying their dues.

Noel King (17:07)

Kim Jong Un is a very strange guy. He has interesting priorities, and this now, based on everything you've told us, really does appear to be one of them. How has he made this kind of cyber training a priority in North Korea? What could you find out about that?

Bobby Johnson (17:22)

Yeah, so Kim Jong Un is a really interesting and strange leader. I mean, we all know kind of how he's behaved when he appears in public and the kind of things that North Korea has been doing with its weapons program and threats against other countries. North Korea's leader, Kim Jong Un, has ordered his country's military to be ready to use nuclear weapons at any time. North Korea threatening to test still more weapons of mass destruction after a beaming Kim Jong Un watch the latest missile launch. But unlike his father, who was very kind of anti technology and pretty old school, Kim Jong Un was actually educated in Switzerland under a pseudonym. He was kind of sent to school there, and he had access to Western culture and Western technology. And when he took over in the 2010s as supreme leader, he really switched things around. So North Korea went from a country that basically had like one pipeline to connect to the Internet for years and years and years to a country that saw that maybe its only options or some of its options involved getting really good at technology. And so he has encouraged and put more money and effort into funding computer science programs and technology literacy in North Korean schools. And that's bubbled up through various universities and colleges that sort of develop people's skills and teach them things, you know, they don't just teach them coding or how to use computers. They teach them how to hack and how to cover their tracks and all of this stuff. And so you get these young men, particularly coming out of college in North Korea, who have been trained for the last few years to really be operatives, you know, to be, make it possible for them to do this stuff. And it's paying dividends for North Korea. You know, for such a small country and one that doesn't have, like a big technology industry, they are, they punch way above their weight in terms of this stuff. And so there's a lot of cryptocurrency theft going on. Earlier this year, a couple of months ago, a crypto exchange in Dubai got hacked and $1.5 billion got stolen. And that was by North Korean hackers. So these, these guys have, have realized that this is a very lucrative way with very low cost to them. You know, really, it's just, you know, a computer and some training to get out there and cause havoc and fund the country that has no other way of making money.

Noel King (19:58)

Do we know how much money this is making?

Bobby Johnson (20:01)

You know, typically a team of pretenders might earn, you know, several million dollars a year through the different jobs that they're running. And I've seen lots of estimates wild all over the place, but the minimum is kind of around $3 million a year. Now, this is like, that's a lot of money, but it's not, you know, that's not a huge amount. But yeah, obviously the way North Korea operates, they're taking nearly all of that as profit. Right. And, and it's going straight back into military programs, it's going straight back into Kim Jong Un's slush fund. You know, that's going back into the country. And they're running. You know, there are many of these groups running different scams. And scale wise, you know, there's been a lot of activity in the U.S. but folks I spoke to are saying that they're seeing a real expansion of activity in Europe, in Japan and elsewhere. So this has now become a very lucrative scheme across the board for the North Koreans.

Noel King (21:00)

I'm trying to put myself in the shoes of the American who ends up talking to one of these people in North Korea and figures it out is like, oh, this person is definitely not in Knoxville. And I wonder what you do about it. You can't call the police and say, somebody fraudulently applied for a job at my company. But also, this isn't right. It doesn't seem legal. What can law enforcement. And what does law enforcement actually do here?

Bobby Johnson (21:30)

Yeah, this is really the. The tough thing in these cases because if you're. If you're smart enough to spot it before it happens to you, you know, kind of no crime has been really enacted upon you or something that's, you know, not gonna lead to a prosecution. But in any case, it's really hard to prosecute these cases because for the most part, the worst offenders are based in a country that the American courts can't extradite from. So, you know, we're not going to pull someone out of China or Russia. So that means the cases generally focus on the stolen identities and the accomplices. The real problem underneath all of this is that the political or economic solutions that you think would be possible just aren't really effective. Right. You can't enact sanctions against North Korea for this because the sanctions already enacted against North Korea are so punitive. Right. One of the reasons that these guys are doing this in the first place is because legal trade is basically zero, because the country is being punished, rightly, for its rogue nuclear weapons program. So for now, from the industry and law enforcement folks I spoke to, your best remedy is to try and be aware of it and prevent it happening to you. And that's tough. And it's a big leap to go from saying there's something fishy going on with this applicant to, I believe this applicant may be working for the North Korean government. That's like. That's a wild jump to make. But at least if you're looking for things, looking for those red flags or kind of looking for that circumstantial evidence, then you can protect yourself from being a victim.

Noel King (23:06)

There is something about all of this, Bobby, that is just not particularly clever. It's working, but you don't have to have a beautiful mind to think up a scam like this one. I wonder, though, as you were reporting out this story, where your mind went when you thought about what are the perils in the future that we're facing? What doors are opened by this little scam that five years from now or 10 years from now might be even harder to combat?

Bobby Johnson (23:40)

That, I think, is the most fascinating question in all of this. There are sort of two threads that I would pull here. One is that once they can get access, they're stepping stones, right? You know, they're just trying to do a job and earn money, but what if somebody else can use the same techniques and be more aggressive in their attacks? You know, if. If you get hired, let's say you get hired inside a government defense contractor you know, can you access intellectual property or state secrets or something like that? The espionage potential is high, and the kind of aggressive attacks on companies could, could get a lot worse. And then I think, you know, the second thread is just that it dramatically undermines trust in everything. Right. You know, we've, we already see deep fakes, we already see misinformation. We already see all kinds of ways of, of making you not believe the things that you see. And if you, if you can't even believe. Sorry, my computer screen just disappeared. I think it went on screensaver. I'm going to pick that one up.

Noel King (24:48)

North Korea. Okay.

Bobby Johnson (24:52)

Yeah, that's. I do get paranoid about these things sometimes now. Yeah, I think this, there is this fundamental problem of eroding trust that you can't believe what your eyes are seeing. You know, we see deep fakes happening all the time. We see misinformation. We see all these systems working to kind of separate you from reality and try and get you to second guess everything that you see. And that's important. You know, you don't want to fall for tricks, but the more prevalent they become, the more difficult it is to know what's real and what's not. And so if you are, you are stuck in a position where you can't be 100% sure that you know, the person on your company team phone call or zoom call, who doesn't like to put their camera on and doesn't talk very often, but they do the job. You know, if you start to believe that that person could be an operative of a foreign country, then, you know, you're getting really into some wild places in your thought process. And I think that undermining of reality is kind of the biggest existential problem here. And it's one. I don't know that there's a way to solve it. But we can all see how dangerous it can be to separate you from the truth.

Noel King (26:18)

Bobby Johnson, investigative reporter. Gabrielle Burbay produced today's show. Amina Elsadi edited. Patrick Boyd is our engineer, and Laura Bullard checks the facts. I'm Noel King. It's Today explained.

Bobby Johnson (26:31)

Sam.