A Maryland resident was sentenced to 15 months in prison, along with three years of supervised release, after he pleaded guilty to aiding North Korean nationals in an IT worker scheme. According to a statement from the United States Department of Justice (DoJ), Minh Phuong Ngoc Vong, 40, of Bowie, MD, conspired with others, including a foreign national living in Shenyang, China, to defraud U.S. companies, where the other individuals used his identity to obtain remote IT positions at more than a dozen American companies.
“After securing these jobs through materially false statements about his education, training, and experience, Vong allowed [John Doe, aka William James] and others to use his computer access credentials to perform the remote software development work and receive payment for that work,” the DoJ explained.
Quite a Lot of IT Work!
The scheme operated for several years, and between 2021 and 2024, Vong was reportedly paid more than $970,000 in salary by 13 U.S. companies, several of which contracted his services to U.S. government agencies, The Record reported.
In all cases, the software development work for which Vong was hired was actually performed by North Koreans operating overseas. Although this should be considered a significant security concern, according to the DoJ and other reports, the scheme was carried out to generate revenue for the North Korean government.
U.S. officials believe the work was primarily carried out in Shenyang, about 100 miles from the North Korean border. As The Report also explained, it is one of the key cities in China where North Korea regularly conducts IT worker schemes. The U.S. Treasury Department sanctioned two companies – Korea Mangyongdae Computer Technology Company (KMCTC) and Shenyang Geumpungri – that allegedly employed North Korean workers, who allegedly earned money by working IT jobs in the U.S. and other countries. Shenyang Geumpungri is believed to be affiliated with the Korean Sinjin Trading Corporation, which is further linked to North Korea’s Ministry of the People’s Armed Forces General Political Bureau.
More Than a Padded Resume
It is also unclear how much computer programming Vong knew, if any. Vong secured his jobs through “materially false statements,” the DoJ explained, including those about his education, training, and experience.
“According to the plea agreement, on Jan. 30, 2023, Doe submitted a fraudulent resume in Vong’s name to a Virginia-based technology company for a web application developer position that required U.S. citizenship as a condition of employment,” the DoJ noted.
Vong’s resume stated that he holds a Bachelor of Science degree and 16 years of experience as a software developer. However, Vong had no experience in software development and didn’t even have a college degree. Two months later, the Maryland resident participated in an online job interview with the CEO of an undisclosed Virginia-based company. He verified his identity and citizenship with a Maryland driver’s license and a U.S. passport. Still, Vong may have been coached or may not have been asked any details about his software knowledge.
He was hired and then assigned to a contract with the Federal Aviation Administration (FAA), which included work on a software application used by various U.S. government agencies to manage sensitive information related to national defense.
The DoJ stated that the company provided Vong with a laptop to use in connection with his employment and that the “FAA authorized Vong to receive a Personal Identity Verification card to access government facilities and systems.”
Vong then installed remote access software on the laptop. It facilitated Doe’s access to the device and concealed his location in China.
Doe performed the software work between March 2023 and July 2023, and Vong was paid more than $28,000. Portions of the funds were sent to Doe and the other conspirators, who were operating from China.
“As part of his guilty plea, Vong admitted that the VA-based company was not the only company he and his co-conspirators defrauded. Between 2021 and 2024, Vong used fraudulent misrepresentations to obtain employment with at least 13 different U.S. companies,” the DoJ added. “As a result of Vong’s fraudulent misrepresentations, these government agencies unknowingly granted Vong’s co-conspirators access to sensitive U.S. government systems, which they accessed from China.”
North Korean Remote Worker Schemes
Pyongyang is believed to have been operating the IT worker schemes since at least 2014, with approximately 8,400 operatives involved in the cybercrime program. It gained significant traction during the COVID-19 pandemic, as remote work opportunities expanded.
The workers create fake profiles, including credentials from real Americans, and then apply for fully remote IT roles, focusing on software engineering, web design, and full-stack development. Operatives employ artificial intelligence tools, including deepfake technology, to pass video interviews, but also use individuals like Vong.
The U.S. government has estimated that teams of North Korean IT workers can earn up to $3 million annually, which is then used to fund North Korean government and weapons programs.
Vong is just one of several individuals working for Pyongyang.
Earlier this year, Christina Chapman of Arizona pleaded guilty to charges that she operated a laptop farm that facilitated North Korean operations for more than three years. During that time, the teams worked for more than 300 American companies, generating more than $17 million for the North Korean government.
Don’t Believe the CV
Credential fabrication is unfortunately common in the IT world. Still, surprisingly, it doesn’t draw more attention, Dr. Jim Purtilo, associate professor of computer science at the University of Maryland, told ClearanceJobs.
“This generally reflects the marketplace’s low expectations for software quality. What pays is first to market, not best to market. A saying is ‘good, fast, cheap – pick two.’ And a big chunk of commerce is based on getting it fast,” explained Purtilo.
Too many firms are failing to check credentials, meaning that an applicant is free to manufacture whatever creative fiction gets a foot in the door.
“The rest of our industry casts a blind eye since nobody wants to rock the boat,” warned Purtilo.
“My department is the largest manufacturer of CS bachelor’s degrees in the country, and each year my capstone software engineering program offers a top experience for a hundred seniors headed to industry,” Purtilo continued. “These students enjoy spectacular demand. Yet I receive only two or three credential checks per semester. The reality is that applicants in the marketplace are free to claim the value of my program without paying the sweat. Until consumers demand more of software, companies making it won’t demand more of applicants who want to program it.”
