Jin-su says over the years he used hundreds of fake IDs to apply for remote IT work with Western companies. It was part of a vast undercover scheme to raise funds for North Korea.
Juggling multiple jobs across the US and Europe would make him at least $5,000 (£3,750) a month, he told the BBC in a rare interview. Some colleagues, he said, would earn much more.
Before he defected, Jin-su – whose name has been changed to protect his identity – was one of thousands believed to have been sent abroad to China and Russia, or countries in Africa and elsewhere, to take part in the shadowy operation run by secretive North Korea.
North Korean IT workers are closely monitored and few have spoken to the media, but Jin-su has provided extensive testimony to the BBC, giving a revealing insight into what daily life is like for those working the scam, and how they operate. His first-hand account confirms much of what has been estimated in UN and cyber security reports.
He said 85% of what he earned was sent back to fund the regime. Cash-strapped North Korea has been under international sanctions for years.
“We know it’s like robbery, but we just accept it as our fate,” Jin-su said, “it’s still much better than when we were in North Korea.”
Secret IT workers generate $250m-$600m annually for North Korea, according to a UN Security Council report published in March 2024. The scheme boomed in the pandemic, when remote working became commonplace, and has been on the rise ever since, authorities and cyber defenders warn.
Most workers are after a steady paycheck to send back to the regime, but in some cases, they have stolen data or hacked their employers and demanded ransom.
Last year, a US court indicted 14 North Koreans who allegedly earned $88m by working in disguise and extorting US firms over a six-year period.
Four more North Koreans who allegedly used fraudulent identities to secure remote IT work for a cryptocurrency firm in the US were indicted last month.