Man on computer in dark room
Cotton Bro Studio/Pexels

Most of us struggle to manage one job and a Netflix queue. Minh Phuong Ngoc Vong juggled thirteen. By day, the 40-year-old Maryland man blended into suburban Bowie life.

Minh Phuong, a 40-year-old from Bowie, Maryland, could face decades behind bars after he allegedly teamed up with individuals in China to land remote IT jobs with at least 13 different US-based companies between 2021 and 2024.

Prosecutors say Vong's digital sleight-of-hand wasn't just about padding his bank account.

'It's the work-from-home dream taken to criminal extremes,' said one former FBI cybersecurity analyst I spoke with yesterday. 'Thirteen paychecks landing in your account while someone else does the actual work? Pure fantasy for most people—and pure nightmare for national security.'

Thirteen Jobs, One Big Lie

These jobs earned him over £727,000 in wages for software development work that officials claim was really done by agents they suspect are North Korean, operating from a location in Shenyang, China, as stated by the Department of Justice (DOJ).

According to authorities, the developers based in China utilised these company IT roles—some of which included providing software services to US government bodies such as the Federal Aviation Administration—to gain entry into highly secure government networks, which they accessed from abroad.

How A US Worker Enabled North Korean Agents

The DOJ states that the Maryland man's plan is part of a widespread scam where skilled North Korean citizens collaborate with American helpers to secure remote IT jobs using different identities.

They then perform the work from places like Russia or China and illegally send their earnings to Kim Jong Un, the leader of the Democratic People's Republic of Korea (DPRK). Dozens of people have been charged in this conspiracy, including Americans who have admitted to running computer farms.

Computer farms allude to setups where they keep many company-provided laptops at their residences for payment, making it seem like the work is happening within the US.

The UN has estimated that this scheme annually generates between £187.05 million and £448.93 million ($250 million and $600 million), money which is believed to fund North Korea's prohibited nuclear weapons program.

The Remote Work Scheme Unravelled

In Vong's case, the Justice Department alleges he collaborated with developers in China, one of whom went by the name' William James.' Court documents reveal that authorities suspect James and other unidentified individuals involved in the scheme are originally from North Korea.

Vong reportedly told an FBI agent that 'William' contacted him through a mobile phone video game app and informed Vong he could 'legally' earn money by obtaining developer jobs. Vong subsequently provided William with his computer login details.

The DOJ and court documents indicate that Vong supposedly allowed James and the other unnamed individuals involved to create a fake resume for him. This resume falsely claimed he held a degree from the University of Hawaii, 16 years of experience as a software developer and a secret-level security clearance.

The Justice Department stated that Vong, employed at a nail and spa salon, possessed neither a degree nor any background in development.

A Web Of Deceit

At one of the thirteen positions, an individual identifying himself as Vong supposedly participated in an online interview with a senior software developer. This developer recommended him for the job and even took a screenshot of him during their meeting.

The Virginia-based company's CEO subsequently hired him after a successful final interview. During this interview, Vong allegedly presented his Maryland driver's license and US passport to verify his identity, and the company took a second screenshot of Vong holding up these documents.

According to court records, authorities suspect these screenshots depict two distinct individuals: one they believe is a North Korean IT worker impersonating Vong, and the other is the actual Vong from Maryland holding his identification documents.

Accessing Sensitive Systems

Court records indicate that the company assigned Vong to work on a Federal Aviation Administration (FAA) contract. This project involved an application that monitors aviation assets while they are in flight within the US Government agencies like the Department of Defence, Department of Homeland Security, and Secret Service, which utilise this software.

According to the court records, the Virginia company sent Vong a MacBook Pro laptop, allowing him administrative privileges to install software. Moreover, the FAA gave Vong a Personal Identity Verification card, granting him access to government facilities and systems.

Vong allegedly installed remote access software on the company laptop, enabling James and his team to operate it from China. The Justice Department reported that the Virginia company paid Vong over £20916 ($28,000) between March and July 2023, even though James and other unidentified individuals performed the work.

Double Life Exposed

During this period, Vong participated in Zoom work meetings and discussed his task list with his team at daily check-ins. Vong acknowledged that the Virginia job was just one of thirteen companies that employed him between 2021 and 2024.

Several companies, including the FAA, also performed contract work for the US government. The Virginia company terminated Vong's employment after submitting his details to the Defence Counterintelligence and Security Agency for a secret clearance and discovering that he might be holding another job.

Following his termination, the CEO showed Vong's picture to the senior developer who had originally recommended him. The developer informed the CEO that the person in the photo, identified as 'Vong,' was not the same 'Vong' he had first interviewed and taken a screenshot of. Furthermore, it wasn't the individual who attended the daily online meetings and did the work.

Remote Job Empire Crumbles

Vong confessed to his role in the wire fraud conspiracy and now faces a potential 20-year prison sentence. Michael 'Barni' Barnhart, Principal Insider Risk Investigator at Dtex Systems, shared with Fortune that the ongoing work of US law enforcement to uncover and disrupt the North Korean IT worker schemes and the people who help them is a step in the right direction.

'These indictments are another critical step in thwarting adversarial operations,' said Barnhart in the statement, according to Fortune. He also mentioned that his team has directly witnessed IT workers attempting to secure other highly sensitive roles, including positions requiring clearance within the US government and with third-party contractors for federal agencies.

Moreover, in a report released this month, Google's Threat Analysis Group disclosed that this scheme is growing. They found that one North Korean worker managed at least a dozen online identities across Europe and the US late last year and was seeking additional employment in European defence and with government contractors. The latest report also indicated that other investigations uncovered fabricated IT worker profiles applying for jobs in Germany and Portugal.

'Even if these actors are primarily financially motivated, the risk they pose to critical infrastructure is enormous,' John Hultquist, chief analyst at Google's Threat Intelligence Group, told Fortune.

'This scheme has become so widespread that targeting of these organisations is almost inevitable. Given their connection to the intelligence services, that kind of access could be a nightmare.' The FBI's office in Baltimore is currently looking into this case.

Writer's pick
US China