Getty ImagesJin-su says over the years he used hundreds of fake IDs to apply for remote IT work with Western companies. It was part of a vast undercover scheme to raise funds for North Korea.
Juggling multiple jobs across the US and Europe would make him at least $5,000 (£3,750) a month, he told the BBC in a rare interview. Some colleagues, he said, would earn much more.
Before he defected, Jin-su - whose name has been changed to protect his identity - was one of thousands believed to have been sent abroad to China and Russia, or countries in Africa and elsewhere, to take part in the shadowy operation run by secretive North Korea.
North Korean IT workers are closely monitored and few have spoken to the media, but Jin-su has provided extensive testimony to the BBC, giving a revealing insight into what daily life is like for those working the scam, and how they operate. His first-hand account confirms much of what has been estimated in UN and cyber security reports.
He said 85% of what he earned was sent back to fund the regime. Cash-strapped North Korea has been under international sanctions for years.
"We know it's like robbery, but we just accept it as our fate," Jin-su said, "it's still much better than when we were in North Korea."
Secret IT workers generate $250m-$600m annually for North Korea, according to a UN Security Council report published in March 2024. The scheme boomed in the pandemic, when remote working became commonplace, and has been on the rise ever since, authorities and cyber defenders warn.
Most workers are after a steady paycheck to send back to the regime, but in some cases, they have stolen data or hacked their employers and demanded ransom.
Last year, a US court indicted 14 North Koreans who allegedly earned $88m by working in disguise and extorting US firms over a six-year period.
Four more North Koreans who allegedly used fraudulent identities to secure remote IT work for a cryptocurrency firm in the US were indicted last month.
Getting the jobs
Jin-su was an IT worker for the regime in China for several years before defecting. He and his colleagues would mostly work in teams of 10, he told the BBC.
Access to the internet is limited in North Korea, but abroad, these IT workers can operate more easily. They need to disguise their nationality not just because they can get paid more by impersonating Westerners, but due to the extensive international sanctions North Korea is under, primarily in response to its nuclear weapons and ballistic missile programmes.
This scheme is separate from North Korea's hacking operations which also raise money for the regime. Earlier this year the Lazarus Group - an infamous hacking group understood to be working for North Korea, though they've never admitted to it - is thought to have stolen $1.5bn (£1.1bn) from cryptocurrency firm Bybit.
