I spend my days inside fraud networks most Americans never see — dark web forums, encrypted channels and markets where stolen identities are bought and sold like commodities. I study them because you can’t defend what you don’t understand, and right now foreign states are weaponizing those same criminal markets against us. What I’m seeing should alarm every American who cares about national security and the integrity of our financial system.
Iran has quietly built a parallel financial network designed to work around sanctions and normal oversight. It uses front companies, nominee directors and bank accounts set up with stolen or fabricated identities so funds can slip through intermediaries that never see who is really behind the transactions. On June 6, 2025, the Office of Foreign Asset Control sanctioned over 40 individuals and entities linked to the three Zarringhalam brothers — Mansour, Nasser, and Fazlolah — for laundering billions through Iran’s shadow banking network.
That shadow banking relies on exchange houses and shell firms in places like the UAE and Hong Kong to move cash from oil and petrochemical sales and make payments in multiple currencies. The proceeds flow into accounts that ultimately benefit military-linked groups and help fund nuclear and missile programs as well as proxies across the region. This isn’t random criminality; it’s deliberate statecraft built to evade systems meant to stop it.
North Korea takes a hands-on approach by embedding fabricated identities into the U.S. payroll system. The regime has placed IT workers inside American companies using identities stitched from stolen data, purchased documents and sometimes fully synthetic profiles that will pass verification checks. Those workers earn real pay that feeds laundering pipelines, with transactions layered to look like ordinary retail banking until the origin is effectively invisible.
Russia plays the role of the supplier in this ecosystem, running infostealer malware that harvests Social Security numbers, birthdates and login credentials from millions of Americans. That raw identity material hits dark web markets where components are packaged and sold to anyone with cash or state backing. When those pieces are combined with forged documents and verification-bypassing tools, you get identities that can open accounts, register companies and move money across borders.
China has been playing the long game for years, and the 2015 breach of the Office of Personnel Management gave it a historic haul of personal data on 21.5 million people. That dataset didn’t vanish; it spread through underground markets, providing the building blocks for identities that can be verified and reused at scale. In plain terms, stolen U.S. records helped seed an identity economy that adversaries now exploit to hide state-directed finance inside civilian systems.
ALARMING RISE OF FAKE LEGAL REQUESTS: WHAT IT MEANS FOR YOUR PRIVACY shows one face of this broader problem, and MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT captures how the raw inputs for identity fraud keep multiplying. These are the same tools ordinary criminals use — document forgery services, AI-composited selfie tools, Telegram channels and dark web marketplaces — but the actors wielding them now have state resources, patience and strategic goals. That changes everything.
Our financial defenses were built to catch isolated criminals, not states that cultivate fake identities over years and then activate them when needed. Screening names against sanctions lists, flagging behavioral anomalies and checking documents all matter, but they’re insufficient when well-resourced adversaries layer stolen data and forged credentials into long-term cover. Most American institutions are not treating this as the national security threat it is, and that has to change if we want to close the door before the money reaches its deadly ends.
