Investigation revealed remote IT worker used stolen identity to get hired and had undisclosed ties to North Korea

Securities, data, cyber

CRA’s Forensic Services experts were engaged to investigate a remote IT employee, whose real identity became a matter of significant concern.

We conducted a combination of public records research, a review of our client’s hiring records and processes, remote collection and digital forensics analysis of the target’s computer, and document metadata analysis.

We concluded that the employee had used a stolen identity to get hired and was operating as an agent of North Korea, as part of a sophisticated scheme to evade US and UN sanctions, while further supporting its illicit weapons program.

Our work helped the company mitigate its exposure by using a risk-based approach to successfully separate from the bogus employee and engage with the FBI.

To better mitigate the risks revealed during our investigation, the company also retained us to:

  • conduct enhanced due diligence on similarly situated other employees/contractors
  • perform a code review to assess the risk that the remote IT employee had injected latent ransomware
  • devise enhanced monitoring capabilities re: key employees/contractors
  • recommend ways to reduce the risk of inappropriate exfiltration of confidential information
  • advise on methods to prevent remote access tools from being launched in ways that would circumvent standard controls such as a requirement for administrative privileges

Collectively, these actions helped the company harden its environment and prepare to more effectively respond to future insider threat and cyber incident response situations.

The engagement was co-led by Kristofer Swanson, Vice President and Forensic Services Practice Leader, with invaluable support from Patricia Peláez, Principal, Pete Stavroplos, Kaya Overholtzer, Naciye Celebi, Zach Tingle, Ashley Adams, and Jessica Harvey.

Kristofer Swanson and Patricia Peláez are both licensed private investigators, holding Permanent Employee Registration Cards issued by the Illinois Department of Financial and Professional Regulation, as required to furnish certain investigative services.

CRA’s Forensic Services Practice assists in the prevention, detection, and correction of a broad range of risks and potential misconduct, reaffirming companies’ commitment to integrity and exemplary corporate governance. Recent assignments at other clients have included investigating and assessing allegations of financial statement irregularities, fraud, FCPA non-compliance, #MeToo issues, theft of trade secrets, ineffectiveness of SOX controls, and cybercrime. In addition, we advise companies on enhancing the effectiveness of their internal controls and transforming their compliance programs.

Meet our team