The FBI has taken down 17 websites that North Korea had set up to impersonate reputable tech companies with headquarters in the United States. At least $1.1 million which the North Korean spooks had in their accounts, was seized.

According to the Daily Beast the North Korean spooks obfuscated their true identities to get remote IT jobs in the United States and generated millions of dollars for Pyongyang.

One shadowy crew of gig workers operated out of a 24-floor hotel in Yanji, China, and funnelled cash through a North Korean front company in Vladivostok, Russia, and a series of bank accounts in China, Nigeria, Ukraine, Pakistan and India.

Individual workers were assigned to a group leader, and those leaders reported to a delegation leader, the affidavit goes on. They used non-Korean names to carry out the ruse. They ultimately claimed to have built websites for a New York City neurobiologist, a San Francisco venture capitalist, and a software developer in New Hampshire.

According to court documents, the FBI first became aware of one of the front companies, Eden Programming Solutions, in Oct. 2020. The company’s sleekly-designed website advertised services, including website and app development, making North Korean government agents appear as legitimate American remote workers for hire.

Eden, which listed a business address in Walnut Creek, California, had an account on one freelancing website which showed they had earned $422,000 since Oct. 2017, the FBI found.

“Our qualified team of interface designers and software developers is always ready to create something unique to you,” the company told potential clients, according to an archived version of Eden’s website.

On its site, Eden claimed to be an award-winning company with 21 employees who had developed 25 apps. Black-and-white portraits showed eight of the company’s “main developers.” In reality, these people did not exist, according to the FBI.

The North Korean IT workers recruited targets on Fiverr, asking them to rent out their Upwork accounts for a fee. According to the FBI, the North Koreans’ payment would then be routed into a PayPal or Payoneer account usurped using the same method.

The operation generated at least $1.5 million, FBI Special Agent in Charge Jay Greenberg told The Daily Beast. Greenberg, who oversees the St. Louis Field Office and supervised this investigation, said the bureau is “very confident saying that at a bare minimum, there are thousands and thousands of these North Korean IT workers who are part of the global job market.”

Another trick was to use a US person’s Upwork account and computers, offering to pay $100 per month per laptop. Whenever “Nohara” got paid for a freelance job, Individual 1 would get 15 per cent as a fee.

One person had four laptops in their home in the United States, which the North Korean agents used through remote access software, the FBI says.

Details of the scam were revealed when the feds got a backdoor installed into one of these computers and started to see money being shifted around and linking to accounts agents would soon ID as the North Korean team leader, according to the affidavit.

The North Korean IT workers brought in and laundered at least $1.1 million for their dear leader before the FBI seized their accounts.