For years, the The Federal Bureau of Investigation has been unraveling what it claims is a scam perpetrated by North Korean agents, who used fake companies employing real IT workers to funnel money back to the regime’s military.
A U.S. company played a key role in creating shell companies used as part of the scheme, a WIRED review of public records shows. Elected officials are now contemplating addressing loopholes in the business registration law that the plan exposed.
In May, Wyoming Secretary of State Chuck Gray revoked the business licenses of three companies linked to the North Korean scam: Culture Box LLC, Next Nets LLC and Blackish Tech LLC. Gray said his office made the decision after receiving information from the FBI and conducting an investigation.
“Kim Jong Un’s communist, authoritarian regime has no place in Wyoming,” Gray said in a May news release.
The companies posed as legitimate operations where companies could hire outsourced workers to perform IT solutions, with fake websites showing smiling photos of apparent employees. All of the companies had one thing in common: Their incorporation documents were filed by a company called Registered Agents Inc., which says its world headquarters is in Sheridan, Wyoming.
Registered Agents, which provides incorporation services in every U.S. state, takes the practice of corporate privacy to the extreme and regularly uses fake personas to file incorporation documents with state agencies, a WIRED investigation previously found.
Culture Box LLC, one of the companies Gray and the FBI linked to North Korea, listed “Riley Park” as the name of a registered agent employee in documents filed with the Wyoming secretary of state. Park, according to several former employees of Registered Agents, is a false persona that the company routinely used to file incorporation documents.
In a statement provided to WIRED, the registered agents wrote: “The Wyoming Secretary of State dissolved the entities and we began the 30-day process to resign as their agent in mid-May. Our and Wyoming’s processes for identifying bad actors work. “It strikes the best balance between individual privacy and business transparency backed by a complete ecosystem that cares about supporting entrepreneurs while rooting out the small percentage of fraudsters.” The FBI office in St. Louis, which led the investigation, did not respond to a request for comment.
The North Korean operation it worked like this: Agents of the regime created fake companies posing as legitimate companies offering independent IT services. Workers hired by North Koreans, or by North Koreans themselves, would then perform legitimate contractor work, often using assumed identities.
In some cases, Americans would install low-cost laptops with remote access software, allowing North Korean workers to do freelance IT work while appearing to use American IP addresses. The FBI referred to these Americans as “virtual assistants.”
Payments for the IT work were eventually funneled back to North Korea, where, according to the Justice Department. it states, was aimed at the country’s Ministry of Defense and other agencies involved in work on weapons of mass destruction. The plan was so broad that any company that hired freelance IT workers would “more than likely” hire someone involved in the operation. according FBI agent Jay Greenberg.