Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
IT

How Not To Hire a North Korean IT Spy (csoonline.com) 17

CSO Online reports that North Korea "is actively infiltrating Western companies using skilled IT workers who use fake identities to pose as remote workers with foreign companies, typically but not exclusively in the U.S."

Slashdot reader snydeq shares their report, which urges information security officers "to carry out tighter vetting of new hires to ward off potential 'moles' — who are increasingly finding their way onto company payrolls and into their IT systems." The schemes are part of illicit revenue generation efforts by the North Korean regime, which faces financial sanctions over its nuclear weapons program, as well as a component of the country's cyberespionage activities.

The U.S. Treasury department first warned about the tactic in 2022. Thosands of highly skilled IT workers are taking advantage of the demand for software developers to obtain freelance contracts from clients around the world, including in North America, Europe, and East Asia. "Although DPRK [North Korean] IT workers normally engage in IT work distinct from malicious cyber activity, they have used the privileged access gained as contractors to enable the DPRK's malicious cyber intrusions," the Treasury department warned... North Korean IT workers present themselves as South Korean, Chinese, Japanese, or Eastern European, and as U.S.-based teleworkers. In some cases, DPRK IT workers further obfuscate their identities by creating arrangements with third-party subcontractors.

Christina Chapman, a resident of Arizona, faces fraud charges over an elaborate scheme that allegedly allowed North Korean IT workers to pose as U.S. citizens and residents using stolen identities to obtain jobs at more than 300 U.S. companies. U.S. payment platforms and online job site accounts were abused to secure jobs at more than 300 companies, including a major TV network, a car manufacturer, a Silicon Valley technology firm, and an aerospace company... According to a U.S. Department of Justice indictment, unsealed in May 2024, Chapman ran a "laptop farm," hosting the overseas IT workers' computers inside her home so it appeared that the computers were located in the U.S. The 49-year-old received and forged payroll checks, and she laundered direct debit payments for salaries through bank accounts under her control. Many of the overseas workers in her cell were from North Korea, according to prosecutors. An estimated $6.8 million were paid for the work, much of which was falsely reported to tax authorities under the name of 60 real U.S. citizens whose identities were either stolen or borrowed...

Ukrainian national Oleksandr Didenko, 27, of Kyiv, was separately charged over a years-long scheme to create fake accounts at U.S. IT job search platforms and with U.S.-based money service transmitters. "Didenko sold the accounts to overseas IT workers, some of whom he believed were North Korean, and the overseas IT workers used the false identities to apply for jobs with unsuspecting companies," according to the U.S. Department of Justice. Didenko, who was arrested in Poland in May, faces U.S. extradition proceedings...

How this type of malfeasance plays out from the perspective of a targeted firm was revealed by security awareness vendor KnowBe4's candid admission in July that it unknowingly hired a North Korean IT spy... A growing and substantial body of evidence suggests KnowBe4 is but one of many organizations targeted by illicit North Korean IT workers. Last November security vendor Palo Alto reported that North Korean threat actors are actively seeking employment with organizations based in the U.S. and other parts of the world...

Mandiant, the Google-owned threat intel firm, reported last year that "thousands of highly skilled IT workers from North Korea" are hunting work. More recently, CrowdStrike reported that a North Korean group it dubbed "Famous Chollima" infiltrated more than 100 companies with imposter IT pros.

The article notes the infiltrators use chatbots to tailor the perfect resume "and further leverage AI-created deepfakes to pose as real people." And the article includes this quote from a former intelligence analyst for the U.S. Air Force turned cybersecurity strategist at Sysdig. "In some cases, they may try to get jobs at tech companies in order to steal their intellectual property before using it to create their own knock-off technologies."

The article closes with its suggested "countermeasures," including live video-chats with prospective remote-work applicants — and confirming an applicant's home address.
This discussion has been archived. No new comments can be posted.

How Not To Hire a North Korean IT Spy

Comments Filter:
  • Interview them. If you can't be bothered to see what the person looks like or how they speak or hold themselves during an interview, why should I bother using your agency? Yes, yes. I know there's the one story [slashdot.org] about a North Korean using AI to mask themselves, but if you're paying attention that can easily be discovered.

    The article closes with its suggested "countermeasures," including live video-chats with prospective remote-work applicants — and confirming an applicant's home address.

    Oh wow. I mus

    • by gweihir ( 88907 )

      Corporate management is all about cheap and half-assing it these days, at least in the US. The price to pay for this is huge and can and sometimes will include the end of your enterprise and significant damage to society. It is time to stop this. And by "stop" I mean personal liability for the fuckups, including the CEOs, that make this happen.

  • like clownstrike and gain the ability to screw up millions of machines all around the world. If my name was Kim Jong Un that is what I would instruct my overseas minions to do. Although if I were an overseas minion would I want to do something that would have to leave a nice, comfortable Western life and flee back to North Korea ?

    • by gweihir ( 88907 )

      Indeed. Also a nice preparation to aid in any wars you are planning. Like, say, invading Taiwan? Clownstroke did apparently have zero protections in place against something like this.

  • It is insane to hire people for sensitive positions that have never physically presented themselves to another human being.

    One easy way to involve a human in the loop is to require a person receiving an offer for a sensitive position to go to a local branch of a bank that the company banks with and obtain a notarized Affidavit of Identity which typically requires two forms of identification. Then HR can read the notary's name off of the signed and sealed document and verify that notary works for the ba
    • That doesn't really solve the problem. It just creates more middlemen presenting fake IDs to notaries in order to "get the job" that someone else winds up doing. In this case, they were already paying salaries to fake people with real US bank accounts -which someone had to set up on their behalf. The real (foreign) workers were remote controlling real laptops in the US which were themselves remotely logged in to company servers to perform real work.

      • Nothing solves the problem entirely, so you build up layers of Swiss cheese. Employers requiring a person to present themselves at a bank of their choosing presents a risk to a person working with forged documents. This perception of risk might make them decide not to proceed, but probably not if they are working for a nation state. Still the same person can't go back to the same bank a week later with different IDs. These companies aren't doing enough, this is just one thing that they can do move the b
  • outsourcing and subcontracting allows them to pass the issue down the chain.

    And how much checking is some staffing firm doing when they just take an cut to do payroll and provide poor health plans

  • I've hired all my North Korean IT spies like this and never had any problems. Obviously this is just covered advertizing/FUD by the imperialist competition.

The "cutting edge" is getting rather dull. -- Andy Purshottam

Working...