Papers sent to prosecutors over illegal money transfers to North Korean IT developer

Yomiuri Shimbun file photo
The headquarters of the Kanagawa prefectural police

YOKOHAMA — The Kanagawa prefectural police sent papers to prosecutors Wednesday on a Japan-based South Korean man and woman with Korean heritage for allegedly transferring money to a China-based North Korean software developer illegally.

The North Korean man, believed to be in his 40s and based in Liaoning Province in China, was contracted to develop smartphone apps for Japanese firms under the name of the South Korean, a 57-year-old taxi driver living in Yokohama who is an acquaintance of the developer.

The payments for the work were transferred to the man in China via the accounts of the South Korean and the woman, a 75-year-old Tokyo resident who is related to the North Korean, the police said.

North Korea has sent information technology engineers overseas to earn foreign currency, according to the U.S. government, among others. The police believe this case is an example of such an operation, and that some of the payments to the developer may have been sent to North Korea.

The Kanagawa prefectural police filed charges against the South Korean man for allegedly violating the Banking Law, and the woman for allegedly aiding the violation. They have admitted the allegations, claiming the money was transferred at the request of the developer.

Using the name of the South Korean, the North Korean man registered with a Japanese recruiting agency that connects freelance IT engineers and clients. He was subsequently contracted by a Japanese company to develop a smartphone app, and completed the requested work.

Payments for the work, totaling about ¥1.92 million, were transferred into the South Korean man’s account from June 14 to 18 in 2019, according to the police.

The taxi driver is suspected of taking 10% of the payments as commission and transferring the rest to the Tokyo woman’s account. The woman allegedly sent a debit card linked to her account to the North Korean in China, and he is suspected of using the card to withdraw the money in yuan, the police said.

The developer has worked on seven projects since 2019, and is suspected of receiving about ¥4 million in payments from multiple companies via the South Korean man in 2019 from February to June.

The case is focused on the money transferred in June that year, for which the statute of limitations has not expired.

Work undertaken by the North Korean included modifying a disaster mitigation app for a local government, updating a map app, and maintaining a major online shopping site’s support system for sellers, according to investigative sources.

“Not only does this [scheme] fund North Korea and serve as a loophole for economic sanctions, but it could also allow Pyongyang to extract information on Japanese users,” an investigative source said.

According to an advisory document released by the U.S. government on Monday, North Korean IT engineers “have used the privileged access gained as contractors to enable [North Korea’s] malicious cyber intrusions.”

Pyongyang is said to have repeatedly conducted cyber-attacks on virtual currency exchanges. It is likely that IT contractors used the access they had been granted as a foundation for such attacks.

The advisory also noted that North Korea’s leader Kim Jong Un “recognizes the importance of IT workers as a significant source of foreign currency and revenue” and that there are thousands of such workers in and outside North Korea. Such workers reportedly use fake identification to pose as South Korean, Chinese or Japanese citizens when signing freelance contracts with companies, as was the case in the investigation being conducted by the Kanagawa prefectural police.

A 2017 U.N. Security Council resolution required all member states to repatriate North Korean nationals who were earning income in their jurisdictions by December 2019, as part of sanctions against Pyongyang’s nuclear weapon and missile programs.

However, many North Korean IT engineers are still believed to be operating around the world, mainly in China and Russia.

Washington believes that most of these workers have connections with North Korea’s military or organizations involved in research and development for its nuclear weapon and missile programs.

People who support such workers or conduct financial transactions with them face the risk of financial sanctions, according to the advisory.

“It’s important for companies and municipalities to confirm the identification of their contractors when hiring freelancers,” an investigative source said.