Three men were sentenced after admitting they helped overseas IT workers, likely tied to North Korea, secure remote jobs with U.S. companies by using stolen or fake identities and by enabling remote access to employer machines.
Federal courts handed down prison time and forfeiture orders in a case that exposed a fraud network feeding remote IT labor into American workplaces. The defendants admitted they conspired to defraud U.S. employers by letting foreign technicians pose as U.S.-based applicants and by funneling pay into accounts linked to people in the United States. Prosecutors say the operation helped skilled overseas workers hide behind stolen or fabricated identities to gain employment and payment from U.S. companies.
U.S. District Court Judge J. Randal Hall imposed the sentences after guilty pleas. Alexander Paul Travis, 35, of Augusta, received 12 months behind bars, three years of supervised release, and an order to forfeit $193,265. Jason Salazar, 30, of Clovis, California, and Audricus Phagnasay, 25, of Fresno, California, were ordered to forfeit $409,876 and $681,926, respectively.
Each defendant pleaded guilty to a criminal Information charging them with one count of Wire Fraud Conspiracy, said Margaret E. “Meg” Heap, U.S. Attorney for the Southern District of Georgia. “These men practically gave the keys to the online kingdom to likely North Korean overseas technology workers seeking to raise illicit revenue for the North Korean government – all in return for what to them seemed like easy money,” said U.S. Attorney Heap. The statement underlines how the scheme blurred lines between petty fraud and national security risks.
Since 2003, United States and United Nations sanctions have cut off North Korea “from the U.S. marketplace and financial systems and restricted the ability of U.S. persons and companies from doing business” with North Korean institutions. In response, investigators say North Korean actors and associates have developed creative workarounds. One common tactic is to place skilled IT workers into remote roles worldwide using pseudonymous profiles and stolen identities, keeping the true workers hidden behind American fronts.
The defendants’ guilty pleas explain how overseas IT workers reached out to them and then used the defendants’ identities to create résumés and pass hiring checks. Those false profiles included fake employment history and other misrepresentations designed to satisfy vetting procedures. Prosecutors said the ruse even survived video interviews, drug screens, fingerprinting, and other standard onboarding steps meant to verify remote hires.
Once a U.S. company hired the fictitious candidate, it would often supply a company laptop tied to the listed U.S. address. In each instance described by prosecutors, the defendants accepted those devices and then installed software that allowed the remote, overseas IT worker to access and operate the machine as if they were sitting in the United States. That setup let the foreign worker perform job duties while payroll and legal responsibility appeared to rest with the U.S.-based person whose identity was used.
Among the financial details revealed in court filings, Travis—then an active-duty member of the U.S. Army stationed at Fort Gordon—received at least $51,397 for his participation in the scheme. Phagnasay and Salazar earned at least $3,450 and $4,500, respectively. Prosecutors reported the fraudulent scheme generated about $1.28 million in salary payments from victim U.S. companies, with the vast majority forwarded overseas to the IT workers.
“These defendants facilitated a scheme to deceive U.S. companies into hiring foreign remote IT workers,” said FBI Georgia Acting Special Agent in Charge Peter Ellis. The FBI’s statement emphasized coordination with partners to unmask similar operations and to assist companies victimized by this kind of identity-based fraud. Federal agents say these cases show how readily legitimate hiring systems can be abused when background checks and account controls are circumvented.
The FBI Augusta Resident Agency led the investigation, working with the National Security Division of the U.S. Department of Justice. Assistant U.S. Attorney L. Alexander Hamner for the Southern District of Georgia and Trial Attorney Jacques Singer-Emery of the NSD National Security Cyber Section prosecuted the cases in court. Authorities say these prosecutions are meant both to punish individual fraudsters and to deter schemes that can funnel money to sanctioned regimes and degrade U.S. cyber defenses.




