How A Simple Question Tripped Up a North Korean Spy Interviewing for an IT Job (yahoo.com) 25
Long-time Slashdot reader smooth wombat writes: Over the past year there have been stories about North Korean spies unknowingly or knowingly being hired to work in western companies. During an interview by Kraken, a crypto exchange, the interviewers became suspicious about the candidate. Instead of cutting off the interview, Kraken decided to continue the candidate through the hiring process to gain more information. One simple question confirmed the user wasn't who they said they were and even worse, was a North Korean spy.
Would-be IT worker "Steven Smith" already had an email address on a "do-not-hire" list from law enforcement agencies, according to CBS News. And an article in Fortune magazine says Kraken asked him to speak to a recruiter and take a technical-pretest, and "I don't think he actually answered any questions that we asked him," according to its chief security officer Nick Percoco — even though the application was claiming 11 years of experience as a software engineer at U.S.-based companies: The interview was scheduled for Halloween, a classic American holiday—especially for college students in New York—that Smith seemed to know nothing about. "Watch out tonight because some people might be ringing your doorbell, kids with chain saws," Percoco said, referring to the tradition of trick or treating. "What do you do when those people show up?"
Smith shrugged and shook his head. "Nothing special," he said.
Smith was also unable to answer simple questions about Houston, the town he had supposedly been living in for two years. Despite having listed "food" as an interest on his résumé, Smith was unable to come up with a straight answer when asked about his favorite restaurant in the Houston area. He looked around for a few seconds before mumbling, "Nothing special here...."
The United Nations estimates that North Korea has generated between $250 million to $600 million per year by tricking overseas firms to hire its spies. A network of North Koreans, known as Famous Chollima, was behind 304 individual incidents last year, cybersecurity company CrowdStrike reported, predicting that the campaigns will continue to grow in 2025.
During a report CBS News actually aired footage of the job interview with the "suspected member of Kim Jong Un's cyberarmy." "Some people might call it trolling as well," one company official told the news outlet. "We call it security research." (And they raise the disturbing possibility that another IT company might very well have hired "Steven Smith"...)
CBS also spoke to CrowdStrike co-founder Dmitri Alperovitch, who says the problem increased with remote work, as is now fueling a state-run weapons program. "It's a huge problem because these people are not just North Koreans — they're North Koreans working for their munitions industry department, they're working for the Korean People's Army." (He says later the results of their work are "going directly" to North Korea's nuclear and ballistic missile programs.)
And when CBS notes that the FBI issued a wanted poster of alleged North Korean agents and arrested Americans hosting laptop farms in Arizona and Tennesse ("computer hubs inside the U.S. that conceal the cybercriminals real identities"), Alperovitch says "They cannot do this fraud without support here in America from witting or unwitting actors. So they have hired probably hundreds of people..." CBS adds that FBI officials say "the IT worker scene is expanding worldwide."
Would-be IT worker "Steven Smith" already had an email address on a "do-not-hire" list from law enforcement agencies, according to CBS News. And an article in Fortune magazine says Kraken asked him to speak to a recruiter and take a technical-pretest, and "I don't think he actually answered any questions that we asked him," according to its chief security officer Nick Percoco — even though the application was claiming 11 years of experience as a software engineer at U.S.-based companies: The interview was scheduled for Halloween, a classic American holiday—especially for college students in New York—that Smith seemed to know nothing about. "Watch out tonight because some people might be ringing your doorbell, kids with chain saws," Percoco said, referring to the tradition of trick or treating. "What do you do when those people show up?"
Smith shrugged and shook his head. "Nothing special," he said.
Smith was also unable to answer simple questions about Houston, the town he had supposedly been living in for two years. Despite having listed "food" as an interest on his résumé, Smith was unable to come up with a straight answer when asked about his favorite restaurant in the Houston area. He looked around for a few seconds before mumbling, "Nothing special here...."
The United Nations estimates that North Korea has generated between $250 million to $600 million per year by tricking overseas firms to hire its spies. A network of North Koreans, known as Famous Chollima, was behind 304 individual incidents last year, cybersecurity company CrowdStrike reported, predicting that the campaigns will continue to grow in 2025.
During a report CBS News actually aired footage of the job interview with the "suspected member of Kim Jong Un's cyberarmy." "Some people might call it trolling as well," one company official told the news outlet. "We call it security research." (And they raise the disturbing possibility that another IT company might very well have hired "Steven Smith"...)
CBS also spoke to CrowdStrike co-founder Dmitri Alperovitch, who says the problem increased with remote work, as is now fueling a state-run weapons program. "It's a huge problem because these people are not just North Koreans — they're North Koreans working for their munitions industry department, they're working for the Korean People's Army." (He says later the results of their work are "going directly" to North Korea's nuclear and ballistic missile programs.)
And when CBS notes that the FBI issued a wanted poster of alleged North Korean agents and arrested Americans hosting laptop farms in Arizona and Tennesse ("computer hubs inside the U.S. that conceal the cybercriminals real identities"), Alperovitch says "They cannot do this fraud without support here in America from witting or unwitting actors. So they have hired probably hundreds of people..." CBS adds that FBI officials say "the IT worker scene is expanding worldwide."
Buddy of mine just had his work (Score:5, Informative)
The point is companies can easily find out absolutely everything about you. That same buddy once got a bit of junk mail from one of the Indian h1-bs that used to live in their apartment before them and they were asked if they had a relationship. To this day neither me or my buddy know how the hell the company in question found out about a random piece of mail from the prior occupant of their apartment. Although fun fact the company you work for can find out what mail you're getting.
What I'm saying is if you're a company and you're hiring somebody from North Korea you know damn well what you're doing and you're doing it on purpose because they are *cheap*.
Of course when you get caught you're going to play the victim because what you've done is extraordinarily illegal.
When it comes to money and saving on hiring Americans there is no deaphs to which a business will not stoop. The only reason they're not currently harvesting your organs is we aren't far enough along for them to do that. Give it another presidential election or two and we'll have those mobile organ harvesting vehicles just like China
Re: (Score:2)
Re: (Score:3)
Do background checks on everyone. It was stealth layoffs. It was easy enough to find people who would have a DUI or smoked a little weed or something and use that as an excuse to fire somebody with cause.
So, finding someone lied on an application or during an interview is an "excuse"? We're not talking about exaggerations like "yes, I've used python" when your experience can be measured in hours not months. We're talking about "have you ever been arrested"?
Re: (Score:2)
I used to see you guys yelling TDS at me ...
Thank you, that helps interpret your writings. :-)
People work for companies for years now because there's so few jobs. So somebody gets hired and they get a DUI have to the fact and the company uses that to fire them.
Such a firing would be illegal in many states, well, assuming driving was not part of the job. Again, I asked, "did the person lie about an arrest"? Not simply did they have a DUI.
And weed has less impact than alcohol and you know that.
I'm in favor of legalization. However, that does not excuse "lied about an arrest". Personally, a person who admits to an arrest over a personal amount of pot would not face any difficulty with me. I'd probably confess to being luckier than they were. To reuse the Nixon/Watergate e
Holy crap (Score:2)
And nothing is illegal if you don't have the money to fight it in court. Even then virtually every state will have you go before a tribunal rather than a court and yeah that might not be legal but it's going to cost even more money to fight it.
You know all this you're just making excuse
Re: Buddy of mine just had his work (Score:2)
That same buddy once got a bit of junk mail from one of the Indian h1-bs that used to live in their apartment before them and they were asked if they had a relationship. To this day neither me or my buddy know how the hell the company in question found out about a random piece of mail from the prior occupant of their apartment.
It's _far_ more likely two different names popped up when they queried something like LexisNexis for your bud's address. They aggregate publicly available information, and it's just real easy to do... is this a real address and who lives there. Banks use those checks, lots of business do.
vs having a PI go through their trash for an extended period, that's very unlikely if they weren't being sued.
Houston? I hardly knew-on! (Score:1)
To be fair, you could have asked me about my favorite restaurant in Boston for the past twenty years and you'd have had no idea what I was talking about because it's always been a series of no-name Mom-and-Pop neighborhood pizza shops out in the burbs.
And Halloween wasn't really a thing until I had kids of my own.
Perhaps there was another tell here they aren't putting above the fold.
Ironically enough (Score:1)
His ignorance of Halloween has pretty much become fact in a lot of places. The last couple of years, we haven't seen a single kid trick-or-treating in our neighborhood. It seems like the ritual of going door-to-door requesting candy has been replaced with Halloween parties, something called "trunk-or-treat", and I suppose some parents just buying their kids a big ol' bag of Reese's and just telling 'em it's not safe to go out because Fox News claimed they'll be poisoned or groomed.
Re: (Score:1)
just telling 'em it's not safe to go out because Fox News claimed they'll be poisoned or groomed.
I know you're kidding, but you'd be shocked at the number of orange rubes that believe fox news's word as the gospel.
RFK jr. is a self-admitted heroin addict, “I was a heroin addict for 14 years. I’ve been 42 years in recovery,” said Kennedy. It's perfectly ok with them as he is white and a trump-lover.
I'm fairly confident RFK jr. could rob them at gunpoint, for heroin money, and it'd be all right with them.
Re: (Score:2)
Yeah, despite crime rates far below what they were when the parents were kids they've all been terrified by major news organizations into thinking kids playing outside is a terrible idea.
In other news, youth obesity rates continue to climb!
Re: (Score:2)
Better question (Score:5, Interesting)
How fat is Kim Jong Un? [theregister.com]
Re: (Score:3)
I once had an Indian scam call, and asked the caller how the weather was in India. He replied that he was "... in New York sir." So I told him I was from New York too and then asked what time it was in New York (I live the same time zone). There was a pause of silence lasting about 5 seconds before he hung up.
I assume he was frantically trying to search for the correct time in New York before giving up.
Re: (Score:3)
And you guys still try and convince us crypto isn't just a money laundering cult.
Its also a high risk high reward "greater fool" based investment vehicle.
Just ask, "How fat is Kim Jon Un"? (Score:2)
Apparently an interviewer got suspicious and asked. The guy on the other line immediately hung up, not wanting to answer that question on-the-record.
So the real problem... (Score:2)
... is the hiring of people with fucking pathetic skills. Now the question is did this spy try to emulate a clueless uneducated US citizen with an inflated ego and a padded CV, or was he really incompetent. Because the second does not sound like professional spycraft to me at all, but the first one would just be an attempt to fit in.
Incidentally, I do not think anybody noticed anything except his email being on that list....
For me, the news in this story is (Score:3)
... that law enforcement maintains a "Do Not Hire" list