Jin Soo says he used hundreds of fake IDs over the years to apply for remote IT jobs with Western companies. This was part of a large-scale, covert operation aimed at generating financial resources for the North Korean government.
In a rare interview with the BBC, he revealed that by holding multiple jobs in the U.S. and Europe simultaneously, he earned at least $5,000 a month—though some of his colleagues reportedly made significantly more.
Jin Soo, whose name has been changed to protect his identity, was one of thousands allegedly sent to countries like China, Russia, or parts of Africa to participate in secret operations orchestrated by the North Korean state.
North Korean IT workers are heavily monitored, and only a few have ever spoken to the media. But Jin Soo provided the BBC with detailed information that sheds new light on the daily life of those involved in this elaborate fraud, and how their operations are carried out. His firsthand account aligns closely with many United Nations estimates and cybersecurity reports.
Jin Soo said:
“We know it feels like they’re stealing from us, but we accepted it as our fate. Despite everything, our lives were still better than when we were in North Korea.”
According to a UN Security Council report published in March 2024, North Korea’s covert IT operatives generate between $250 million and $600 million annually for the regime. Cybersecurity officials warn that this scheme surged during the COVID-19 pandemic and the global rise of remote work, and it has continued to grow ever since.
While many of these workers simply aim to earn a fixed salary to send back to North Korea, there have also been incidents of data theft and ransomware attacks against their employers.
Last year, a U.S. court prosecuted 14 North Korean nationals for using fake identities and extorting American companies, amassing around $88 million over a six-year period.
About a month ago, four more North Koreans were charged with using false identities to gain remote employment at a U.S.-based cryptocurrency firm.
The Hiring Process
Before fleeing, Jin Soo worked for several years in China as an IT worker under the North Korean government. He explained that he and his colleagues usually operated in 10-person teams.
While internet access is severely restricted in North Korea, these IT operatives abroad have greater freedom to work online. They must conceal their nationality—not only to command higher wages by posing as Westerners, but also to evade widespread international sanctions tied to North Korea’s nuclear and ballistic missile programs.
This scheme is separate from North Korean hacking units that also bring in revenue. Earlier this year, the Lazarus Group—believed to be state-linked, though never officially confirmed—was accused of stealing $1.5 billion from the crypto exchange Bybit.
Jin Soo said most of his time was spent acquiring fake identities to apply for jobs. At first, he posed as Chinese and contacted people in countries like Hungary or Turkey, offering a cut of his earnings in exchange for access to their identity documents.
“If you put an Asian face on a profile, you’ll never get hired.”
With these borrowed profiles, he would then approach new targets in Western Europe to gather more identity details and apply for jobs in the U.S. and EU. He said he was often successful in targeting British citizens.
“With a bit of small talk, many Brits would hand over their ID details pretty easily.”
Fluent English speakers among the operatives typically handled job application stages. On freelance platforms, video interviews are rarely required, and daily interactions take place on services like Slack—making impersonation easier.
Jin Soo said he focused mainly on the U.S. job market: “American companies pay more.”
He added that so many North Korean operatives are active now that some companies unknowingly hire multiple of them at once. “It happens a lot.”
The IT workers receive their income through intermediaries in Western countries and China. Just last week, an American woman was sentenced to over eight years in prison for helping North Korean IT operatives find jobs and transfer money.
While the BBC couldn’t independently verify Jin Soo’s account, it did obtain corroborating testimony from another defector through the organization PSCORE (People for Successful Corean Reunification), which advocates for human rights in North Korea.
The BBC also spoke to another defector, Hyun-Seung Lee, who encountered North Korean IT operatives during business trips as a representative of the regime in China. He confirmed their experiences were similar.
A Growing Problem
The BBC interviewed several cybersecurity and software development hiring managers who reported encountering dozens of suspicious applicants likely tied to North Korea.
Rob Henley, co-founder of U.S.-based security firm Ally Security, said that while hiring for remote roles, he probably interviewed around 30 suspected North Korean IT operatives.
“At first it felt like a game—trying to figure out who was real and who was fake. But it quickly became disturbing.”
He eventually adopted a new method: asking applicants to prove during video calls that it was daytime where they were.
“We only hired inside the U.S., so it had to be daytime. But I never saw daylight.”
In March 2025, Dawid Muchadło, co-founder of Vidoc Security Lab in Poland, shared a video of a remote interview where the applicant appeared to be using AI software to disguise his face. After consulting experts, he suspected the individual was a North Korean operative.
A Rare Escape
For decades, North Korea has sent laborers abroad to earn foreign currency. It’s estimated that as many as 100,000 work overseas—mostly in China and Russia—in factories and restaurants.
After years in China, Jin Soo said the sense of being “imprisoned” under harsh conditions became unbearable.
“We weren’t allowed to go outside and had to stay indoors all the time. No exercise, no hobbies.”
He explained that IT workers abroad have greater access to Western media:
“That’s when you see the real world. Being outside the country makes you realize something is seriously wrong inside North Korea.”
Still, Jin Soo said few IT workers consider escaping.
“They take their paycheck and go back home. Very few think about running away.”
Though they only keep a small portion of their earnings, that money is worth a lot back in North Korea. Escaping is risky—most are caught due to tight surveillance in China. Even successful escapees may never see their families again, and their relatives could face punishment.
After fleeing, Jin Soo continued working in IT. He said the skills he developed while working for the regime helped him adjust to his new life.
Though he now earns less without juggling multiple fake identities, he keeps more of his income and ultimately comes out ahead.
“I used to make money illegally, but now I work hard and earn what I deserve.”
