Your name is worth more than you think. Not to you, necessarily. But to a stranger sitting in Pyongyang, your name, your Social Security number, and your work history are worth a steady paycheck, a remote developer job, and a small contribution to a nuclear weapons program. Sleep well.
A Ukrainian man named Oleksandr Didenko just received five years in federal prison for running a website that sold stolen American identities to overseas workers — many of them North Korean — who used those identities to get hired at U.S. companies. Real jobs. Real salaries. Real access to corporate systems. All under names belonging to real Americans who had absolutely no idea any of it was happening.
The FTC receives well over 1 million identity theft reports each year, roughly one every 30 seconds.
Didenko’s site, called Upworksell, functioned like a marketplace. Need a convincing American identity to land a software engineering role? Browse the catalog. Over 870 stolen identities moved through that platform before the FBI shut it down in 2024. The North Koreans who bought or rented these identities then logged in remotely, did the work, collected the money, and sent the earnings back to a government that the entire world has financially isolated for very good reason.
The logistics were admirable, in a deeply unsettling way. Because the workers needed to appear physically present in the United States, Didenko paid ordinary Americans to host laptops in their homes across the country — from California to Tennessee to Virginia. Rooms filled with open laptops, each one a portal for a foreign worker pretending to be your neighbor. These are called laptop farms, a name that sounds like bad agricultural policy but describes something far more sinister and considerably more widespread.
This story stretches well beyond one man and one website. This was no isolated incident, but a single node in a vast and ongoing operation that’s a triple threat to corporate and government security teams. First, these workers violate American sanctions just by being employed. Second, while inside a company’s systems, they steal sensitive data. Third, they later use that stolen data to extort the very companies that unknowingly hired them. You get exploited three times, and you only find out after the fact, if you find out at all.
RELATED: Spam texts are surging. Here’s how to stop them on your phone.
Photo by Matt Cardy/Getty Images
Identity theft in America is not new. It is, in fact, frighteningly common. The Federal Trade Commission receives well over 1 million identity theft reports each year. That is roughly one report every 30 seconds, around the clock, every day of the year. The true number is almost certainly higher, because most victims never report it at all. More than one in five Americans have experienced identity theft at some point in their lives, and in 2025 alone, losses tied to identity fraud topped $12 billion. A significant chunk of that traced back to stolen Social Security numbers — the same numbers sitting in Didenko’s catalog, waiting for a buyer. Most victims spend months trying to unpick the damage done — disputing fraudulent accounts, correcting credit reports, convincing institutions that they are, in fact, themselves. It is exhausting and humiliating and entirely avoidable, except that it isn’t, because the information was taken without any action on their part.
What the North Korean scheme adds to this picture is scale, sophistication, and a foreign government pulling the strings. These aren’t opportunistic criminals skimming card numbers at a gas station. This is a workforce, clocking in, clocking out, and committing federal crimes on behalf of a sovereign nation. Last year, CrowdStrike, one of the world’s leading cybersecurity firms, reported a significant increase in North Korean infiltration of Western companies, particularly in technical and software roles. The regime has also been known to impersonate recruiters and investors to trick people into handing over computer access. The con adapts constantly.
What stays constant is the raw material. Your identity. Your name. Your history. Your professional credibility, built over years, gone in an afternoon. North Korea is not alone. Russia and China have been playing the same game — longer, in some cases, and with considerable expertise.
The uncomfortable truth is that the systems built to verify who people are — employment checks, identity verification platforms, hiring pipelines — were designed for a different threat. They are nowhere near equipped for this one. Companies hire remote developers every day without meeting them in person, without ever confirming that the face on a video call matches the name on the resume. That gap is glaring, well documented, and largely unaddressed. For operations like Didenko’s, it’s also the entire business model.
Didenko will serve his five years. But this is whack-a-mole on steroids. Somewhere, another version of this operation is already running. New identities, new platforms, new rooms full of humming laptops and methodical keystrokes. Your name is out there. Quite possibly already for sale. Someone, somewhere, is deciding whether it’s worth buying.
Tech, Crime