Search for:
Sanctions

The US Government Publishes Advisory on North Korean IT Workers

By and 3 Mins Read

On May 16, 2022, the US Departments of State and Treasury and the Federal Bureau of Investigation (“FBI”) issued a joint advisory alert to the public about attempts by the Democratic People’s Republic of Korea (“DPRK” a.k.a. North Korea) and DPRK information technology (“IT”) workers posing as non-DPRK nationals to obtain employment outside of North Korea.  The Advisory provides guidance to help prevent inadvertent recruitment, hiring, and facilitation of North Korean IT workers, as the hiring or support of DPRK IT workers may create business risks that range from theft of data, intellectual property, and funds, to sanctions-related risks under both US and United Nations (“UN”) authorities.

The advisory guide provides information on how DPRK IT workers operate and notes red flag indicators and due diligence measures to help companies avoid hiring DPRK IT workers and to help platforms identify DPRK IT workers abusing their services. Below we summarize key read flag indicators and risk mitigation recommendations highlighted in the Advisory fact sheet.

Red Flag Indicators of Potential DPRK IT Worker Activity Include:

  • Logins from multiple IP addresses (often from different countries) into one account within a short period of time;
  • Frequent transfers of money through payment platforms, often to People’s Republic of China (PRC) based bank accounts or requests for payments in cryptocurrency;
  • Inconsistency in information such as in name spelling, nationality, alleged work location, contact information, educational history, work history, and other details on freelance platforms, social media profiles, payment platforms, and external portfolio websites; and
  • An inability to conduct business during regular business hours and an inability to reach the worker in a timely manner, particularly through instant communication methods.

Due Diligence Measures the Private Sector Can Take to Prevent the Inadvertent Hiring of DPRK IT Workers:

  • Verify documents submitted to you as part of job applications directly with the listed company or educational institution in order to check for a different use of contact information from what was provided on submitted documentation;
  • Carefully scrutinize identity verification documents for forgery;
  • Conduct a video interview to verify a potential worker’s identity;
  • Conduct a pre-employment background check and or biometric (fingerprint) log to verify identity and claimed location;
  • Avoid payments in cryptocurrency and require banking information verification that corresponds to identifying documents;
  • Check the name spelling, nationality, claimed location, contact information, educational history, work history, and other details are consistent across the developer’s freelance platform profiles, social media, platform payment accounts, and assessed location of hours of work; and
  • Be suspicious if a developer is unable to receive items at the address on their identifying documents.

The authors acknowledge the assistance of Vanessa Keverenge in the preparation of this blog post.

Categories:
Author

Kerry Contini is a partner in the Firm's International Trade practice and Global Sanctions Investigations group, specializing in sanctions and export controls. She helps multinational companies navigate these ever-changing rules and guides them through investigations when compliance issues occur. Kerry provides strategic advice on related geopolitical risks, human rights, and supply chain issues.
Kerry has been ranked by Chambers Global and Chambers USA, with clients highlighting that "her advice and solutions are business-focused" and that she is "very practical and easy to work with." Legal 500 reported a client as stating that "Kerry is thoughtful, practical, efficient, and has really invested in getting to know our business and our team."
Kerry has been quoted by the Wall Street Journal, Global Investigations Review, Bloomberg Law, the National Law Journal and Asian Legal Business. She is an editor of the Firm's Global Supply Chain Compliance Blog and is a regular contributor to the Firm's Global Sanctions & Export Controls Blog.
Kerry is passionate about inclusion and diversity and is involved in the BakerWomen DC and regional leadership. She has maintained an active pro bono practice throughout her career at Baker McKenzie, primarily focusing on public international law, animal advocacy and election protection.
Kerry has been with Baker McKenzie since she was a summer associate in 2005. She started as an associate in 2006.

Author

Lise Test is an of counsel in the Firm’s International Trade Group in Washington, DC and practices in the area of international trade regulation and compliance — with emphasis on US export control laws (Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR)), trade sanctions, and anti-boycott laws. Ms. Test advises clients on issues relating to product classifications, licensing, regulatory interpretations, risk assessments, enforcement actions, internal investigations and compliance audits, as well as the design, implementation, and administration of compliance programs. Ms. Test works regularly with companies across a wide range of industries, including the pharmaceutical/medical device, telecommunications, manufacturing, and technology sectors. She joined the Firm as a summer associate in 2007 and became a full-time associate in 2008. Prior to joining Baker McKenzie, Ms. Test served as a lawyer at the Danish Ministry of Defence.

Related Posts