US soldier sentenced for helping North Korean IT workers

A District Court judge sentenced three men for their involvement in a scheme that allowed several North Korean IT workers to use their identities and gain employment at U.S. companies. 

One of the men, 35-year-old Alexander Paul Travis, was an active duty member of the U.S. Army and was stationed at Fort Gordon in Georgia while participating in the scheme from September 2019, until November 2022. 

Travis pleaded guilty to accusations that he allowed North Korean IT workers to use his identity on resumes and during employer vetting processes that involved interviews, drug tests and fingerprints. The North Korean IT workers also opened bank accounts in his name to receive payment from employers. 

Travis received a laptop from eight companies that thought they were hiring him and installed software that allowed North Korean workers to access the devices remotely.

For his role in the scheme, he received $51,397. Travis was sentenced to one year in prison and three years of supervised release. He was also ordered to forfeit $193,265 — the amount earned by North Koreans in his name.

Travis was sentenced alongside two other men — Jason Salazar, 30, of Clovis, California and Audricus Phagnasay, 25, of Fresno, California. All three men pleaded guilty to one count of wire fraud conspiracy. 

Salazar and Phagnasay similarly allowed North Koreans to use their identities and received company laptops. Prosecutors said Phagnasay was paid at least $3,450 and North Korean IT workers used his name to get hired at 10 U.S. companies from 2019 to 2021. The workers earned a collective $680,000. Salazar earned $4,500 and his name was used to earn more than $400,000 from September 2020 to October 2022. 

Salazar and Phagnasay were given three years of probation and were ordered to forfeit the amount of money earned in their names. 

Prosecutors said the scheme earned North Koreans a total of about $1.3 million in salary payments.

Margaret Heap, U.S. Attorney for the Southern District of Georgia, said the North Korean IT worker scheme presents a “significant challenge to our national security.”

“These men practically gave the keys to the online kingdom to likely North Korean overseas technology workers seeking to raise illicit revenue for the North Korean government – all in return for what to them seemed like easy money,” Heap said. 

U.S. law enforcement has slowly unraveled North Korea’s IT worker scheme over the past five years, disrupting laptop farms and arresting Americans that assisted in the campaign. North Korea’s government has earned hundreds of millions of dollars by illegally getting citizens hired at U.S. and European companies.

Researchers at Flare and IBM obtained a trove of internal messages and documents from North Korean IT workers revealing the internal structure of the IT worker scheme and the hierarchies within it.

IT workers attend prestigious universities in North Korea and go through a rigorous interview process themselves before joining the operation. Participants “are considered elite members of North Korean society and have become an indispensable part of the overall North Korean government’s strategic objectives.”

The report notes that many collaborators in the U.S. and Europe are recruited through LinkedIn and GitHub. Many either “willingly or unwillingly, provide their identities for use in the IT worker fraud scheme.”