For years, the North Korean government has found a burgeoning source of sanctions-evading revenue by tasking its citizens with secretly applying for remote tech jobs in the West. “It's huge,” says Michael Barnhart, an investigator focused on North Korean hacking and espionage at DTEX, a security firm focused on insider threats. To create the cover identities for the North Korean workers, prosecutors say the two Wangs accessed the personal details of more than 700 Americans in searches of private records. But DTEX's Barnhart says North Korean impersonation operations typically obtain Americans' identifying documents from dark web cybercriminal forums or data leak sites. In fact, he says the 80-plus stolen identities cited by the DOJ represent a tiny sample of thousands of US IDs he's seen pulled in some cases from North Korean hacking operations' infrastructure.