JEFFERSON CITY, Tenn. — At least one person from East Tennessee is believed to have been involved in a covert scheme to allow IT workers outside the country to infiltrate U.S. companies by setting up laptop farms, which reportedly benefitted North Korea's nuclear weapons program in some cases, according to an unsealed federal investigation.
According to the U.S. Attorney's Office in Washington, at least five people are charged -- including a woman from Arizona, a Ukrainian man, and three unnamed people from outside the country. Another unnamed person from Jefferson City is believed to be involved but was not named or said to be facing charges in the unsealed documents.
“Today’s announcement of charges and law enforcement actions show our broad approach to attacking funding sources for North Korea across the United States,” said U.S. Attorney Matthew M. Graves. “We will continue to vigorously pursue cases against individuals, in the United States and abroad, who use U.S. financial systems to raise revenue for North Korea and its illicit nuclear weapons program.”
The scheme spanned across the globe, involving other locations in the U.S., North Korea and other countries. According to the search warrant issued by the U.S. District Court in East Tennessee, FBI agents searched a home in Jefferson City on King Street as well as a room in Burnett Hall on Carson-Newman University's campus between May 8 and May 10.
According to the warrant, a man from Kyiv, Ukraine, identified as Oleksandr Didenko, worked with the unnamed person and at least three other co-conspirators to try and infiltrate U.S. companies and websites. Didenko reportedly worked with people in the U.S. to set up "laptop farm" systems that overseas IT workers could log into remotely to covertly work gig jobs while posing as remote U.S. workers under stolen identities.
The warrant said Didenko worked with multiple "providers" and "customers," with the "customers" being programmers and IT workers from outside the U.S. who wanted to work remotely for U.S. companies.
The indictment said some of the customers were from North Korea and had direct ties to the North Korean government. The FBI said the North Korean workers were part of a department involved in "key aspects of North Korea's missile program, including overseeing the development of North Korea's ballistic missiles, weapons production, and research and development programs."
Feds said Didenko ran the scheme for years from Ukraine through a website called "UpWorkSell." The website advertised that it would give remote IT workers the ability to buy and rent accounts using stolen identities. That way, they could work in the U.S. or Europe with stolen passports and bank accounts attached to them.
"The complaint alleges that Didenko offered a full array of services to allow an individual to pose under a false identity and market themselves for remote IT work, and that he knew that some of his customers were North Korean," the U.S. Attorney's Office said.
Feds said Didenko had help from at least four U.S. residences running laptop farms located in East Tennessee, San Diego, and Virginia Beach. The FBI raided the four locations between May 8 and May 10.
According to the East Tennessee search warrant, FBI agents checked extensive records Didenko kept and discovered he arranged company laptops and other items to be sent to a Jefferson City home and CNU dorm.
A representative for one of the companies that was infiltrated confirmed they had hired a person to work remotely they believed to be someone in U.S. and arranged for a company laptop to be sent to their home. When they asked for the person to pick up the laptop, the person claimed they could not leave their home because they were taking care of their sick mother in Jefferson City.
"Didenko facilitated the operation of at least three U.S.-based 'laptop farms,' hosting approximately 79 computers. Didenko sent or received $920,000 in U.S.D. payments since July 2018," the U.S. Attorney's Office said.
Feds said they also raided the home of an Arizona woman, Christina Chapman, in October 2023 for similar crimes. She has been formally charged with operating a large laptop farm in her home.
The FBI said they found more than 90 computers in her home that were running remote connections for non-U.S. workers. Agents said they were able to connect three unnamed John Does outside the U.S. to the scheme, and they eventually arrested her on May 15 in Litchfield Park.
Didenko was arrested in Poland and faces up to 67 years in prison. Chapman could face up to 97 years. The John Does in the case could face a maximum of 20 years in prison.