Ukrainian national gets 5-year sentence for involvement in North Korea IT worker scheme

A 29-year-old Ukrainian man was sentenced to five years in prison for his years-long role in a scheme that helped North Koreans get illegally hired in IT roles at 40 U.S. companies. 

Oleksandr Didenko pleaded guilty on November 10 in the District of Columbia to wire fraud and aggravated identity theft charges after prosecutors accused him of being a key cog in the IT worker scheme. 

North Korea’s government has brought in hundreds of millions of dollars by infiltrating American tech companies in high-paying roles with workers posing as U.S. citizens. U.S. authorities have spent years uncovering parts of the scheme and prosecuting those involved. 

Didenko ran a website called "Upworksell.com” that helped North Korean workers buy stolen identities or rent ones for sale. He also paid people in the U.S. to receive and host computers that were used to make it look like the North Koreans were working from homes in Virginia, Arizona, Tennessee and California.

In addition to the prison sentence issued on Thursday, Didenko agreed to forfeit $1.4 million in earnings from the scheme. The Justice Department seized the Upworksell.com domain in 2024 and Didenko was arrested in Poland and extradited to the U.S. later that year. 

The Justice Department said the North Korean IT worker scheme “would be much more difficult to execute without individuals like [Didenko], who essentially operated a business designed to facilitate virtually all aspects of the fraudulent scheme.”

“From posting the resumes of overseas IT workers on freelance job websites to procuring stolen identities and creating money service transmitter accounts to allow the fraudulent IT workers to receive wages and make payments, the Defendant participated in virtually every aspect of this scheme,” prosecutors said. 

“The Defendant’s location overseas makes his conduct even more dangerous, as it makes the detection of the fraud and enforcement of U.S. laws to protect the public and national security much more difficult.”

Didenko paid people in the U.S. a monthly fee of $100 for each laptop they agreed to host. Seventeen laptops were seized by law enforcement in raids of three different residences in May 2024. 

Court documents said Didenko had access to the identities of at least 871 Americans. The IT workers were paid hundreds of thousands of dollars and filed taxes under the names of the people whose identities had been stolen. 

At least 18 people had their identities stolen and 13 of them had false tax liabilities created due to Didenko’s actions. 

Prosecutors said the victims have been impacted significantly and are in ongoing discussions with the IRS about how to resolve the issues. At least one victim is mentally and physically disabled and said the theft of her identity affected her social security and food stamp benefits.

They are also now flagged in the federal government’s employment eligibility database, forcing them to jump through extra hoops when applying for jobs. 

Companies that hired the North Koreans had to conduct costly internal security reviews and several never got company laptops back. Smaller companies said they had to spend thousands hiring new people and would never get back the money spent onboarding and training the North Korean IT workers who were hired. 

A recent United Nations report found that an estimated 4,000 North Koreans are employed in IT roles at companies in the U.S. and Europe, generating up to $600 million annually for the Pyongyang regime.

Roman Rozhavsky, assistant director of the FBI’s Counterintelligence and Espionage Division, said Didenko’s actions “inflicted systemic and deliberate financial harm on U.S. companies and American citizens to benefit not only himself, but a hostile nation state.” 

Through “Upworksell.com,” people could also buy or rent people’s identities and pose as them on freelance work platforms. 

“In order to perpetuate this fraud, [Didenko] facilitated the creation of fake documentation, to include fake passports, as well as hiring individuals to pose as the IT worker to their employer, all so that the IT worker’s employer was unaware that they are being defrauded,” prosecutors said. 

Didenko was charged alongside ​​U.S. national Christina Chapman, who was given an eight-and-a-half-year sentence for running a laptop farm in Arizona that facilitated the North Korean scheme. 

“This massive operation not only created an unauthorized backdoor into our country’s job market, but helped fund the regime of an adversary,” said James Barnacle, assistant director in charge of the FBI’s New York Field Office. 

‘I thought it was impossible’

Prosecutors said Didenko’s involvement in the scheme dates all the way back to 2018 and that he had clues that many of his clients were North Koreans based on the bank accounts where he was transferring funds. He sent 175 payments to accounts based in Dandong, China, a city on the border with North Korea.

Prosecutors accessed a Skype chat with one customer where he directly asked if the programmers are in China or North Korea. 

“Last [sic] year I received information that some of my clients are from North Korea, I was very surprised, I thought it was impossible,” he told the customer. 

In a letter to the court, Didenko expressed remorse for his actions but claimed he did not know he was assisting North Korea until 2024. 

“It was not until South Korean intelligence agents revealed who my so-called ‘clients’ really were that I realized how profoundly my life had been altered,” he said in the handwritten note.

“The emotions within me were indescribable when, from a Polish prison, I read reports of North Korean soldiers aiding the Russian Federation in assaults on Ukrainian military positions. I broke down in tears, over and over again. The shame was unbearable. I carry the burden of being a traitor — an indelible mark upon my conscience.”