Source: securityboulevard.com – Author: Richi Jennings
Pictured: Several successful American IT professionals.
The U.S. Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans. They’re funneling their pay into Pyongyang’s nuclear weapons program and likely leaving behind remote-access Trojans.
Two have been arrested so far, with more suspects sought. In today’s SB Blogwatch, 우리는 면접 기술을 연마합니다.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Attach the Attachment.
WTH? DPRK IT WFH
What’s the craic? The Journal’s Mariah Timms and Dustin Volz report: American IT Scammer Helped North Korea Fund Nuclear Weapons Program
“Stolen or borrowed identities”
International experts have long said that North Korea has been developing a digital bank-robbing army to evade harsh sanctions. … More recently, it has found success earning money by snagging IT jobs [obtaining] access to computer networks that could be leveraged to further Pyongyang’s lucrative cybercrime operations. … Two people—an Arizona woman and a Ukrainian man—have been arrested [on] charges including conspiracy to commit wire fraud and identity theft, money laundering and the unlawful employment of aliens.
…
The Justice Department alleged … more than 300 U.S. companies unknowingly hired foreign nationals with ties to North Korea for remote IT work. … The ring sheds light on what U.S. officials have framed as a shadow workforce of thousands of North Korean IT workers in low-level positions. … Investigators continue to search for at least four other foreign co-conspirators. … Since at least 2018, the defendants and others helped foreigners obtain freelance IT work at U.S. companies with stolen or borrowed identities, … prosecutors allege.
Who are these two alleged perps? Tom Barclay names the arrested pair: Investigation in laptop farm scheme
“More than 90 computers”
A man from Kyiv, Ukraine, identified as Oleksandr Didenko, worked with … co-conspirators to try and infiltrate U.S. companies and websites. Didenko reportedly worked with people in the U.S. to set up “laptop farm” systems that overseas IT workers could log into, … posing as remote U.S. workers under stolen identities.
…
Feds said they also raided the home of an Arizona woman, Christina Chapman, … for similar crimes. She has been formally charged with operating a large laptop farm in her home. The FBI said they found more than 90 computers in her home that were running remote connections for non-U.S. workers.
…
Didenko was arrested in Poland and faces up to 67 years in prison. Chapman could face up to 97 years.
Which companies fell for the scam? For The Record, it’s Jonathan Greig: US offers $5 million for info
“Raided four U.S. residences”
The U.S. is offering a reward of up to $5 million for information on a network of people charged with scamming companies. … The North Koreans were able to gain employment at several Fortune 500 companies, including a … “major television network, a Silicon Valley technology company, an aerospace and defense company, an American car manufacturer, a luxury retail store, and a U.S.-hallmark media and entertainment company.”
…
Chapman enabled the workers to connect remotely to the U.S. companies’ IT networks … and “helped launder the proceeds from the scheme.” … The DOJ said it also raided four U.S. residences controlled by Didenko where he ran laptop farms.
What’s the solution? anonzzzies suggestifies thuswise:
We need better international KYC methods that provide privacy protection to the extent needed. … We have NFC passports … and for instance the iPhone can scan them. … This is a problem on sites like Upwork [and] I hear a growing amount of companies falling for it.
Whose fault is it? JPMeyer points the finger:
The backstory here is the incredibly strong, blind desire of major US employers to spend as little as possible on IT work and the lack of care for the consequences. I … was shocked at how little sr. management cared that carefully crafted IT solutions for document-intensive functions started to fall apart when they fired all of the people who knew how to keep them running.
…
I can believe that lots of big companies would hire and pay lots of North Korean IT workers and not really care, as long as there was plausible deniability for the forged paperwork. The persons who are the subject of this story deserve the prosecutions coming their way, but I hope that DOJ takes a good, hard look at the compliance practices of the employers, too.
Talk about “dual use technology.” iAmWaySmarterThanYou is way smarter than you:
I wonder if this was just a pure cash scheme or they also used their access to spy and implant malware. Eventually the spying would be caught so they’d have to weigh the benefit of cash vs. intelligence work.
Naturally, all these workers “worked from home.” Which causes bediger4000 to wonder:
How long until this is used as an excuse for strict RTO policies? … It’s clear at this point that most managers and execs above line managers are fulfilled by the sight of workers scurrying—logic, economics and humanity be damned.
How did this even work? AusPeter gets serious for a moment:
But seriously, how do you manage to get remote work jobs at major corporations without actually speaking to anyone? And get away with it to the point that you are not fired?
Meanwhile, Chapman’s alleged crimes give kid_wonder an idea:
Sounds like a great recruiter, is she taking on new clients? I’m tired of all these dopey interviews and array sorting questions — sounds like she found a way to get around them.
And Finally:
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image source: Micha Brändli (via Unsplash; leveled and cropped)
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2024/05/dprk-remote-it-jobs-richixbw/
Category & Tags: Analytics & Intelligence,API Security,AppSec,Careers,Cyberlaw,Cybersecurity,Data Privacy,Data Security,Deep Fake and Other Social Engineering Tactics,DevOps,DevSecOps,Editorial Calendar,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Insider Threats,IOT,IoT & ICS Security,Malware,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Regulatory Compliance,Securing Open Source,Security Awareness,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Security Operations,Social – Facebook,Social – X,Social Engineering,Software Supply Chain Security,Spotlight,Threat Intelligence,Zero-Trust,DPRK,Korea,Korean military,Korean ransomware,North Korea,North Korean Hacking,North Korean Threat Actors,northkorea,Noth Korea,SB Blogwatch – Analytics & Intelligence,API Security,AppSec,Careers,Cyberlaw,Cybersecurity,Data Privacy,Data Security,Deep Fake and Other Social Engineering Tactics,DevOps,DevSecOps,Editorial Calendar,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Insider Threats,IOT,IoT & ICS Security,Malware,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Regulatory Compliance,Securing Open Source,Security Awareness,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Security Operations,Social – Facebook,Social – X,Social Engineering,Software Supply Chain Security,Spotlight,Threat Intelligence,Zero-Trust,DPRK,Korea,Korean military,Korean ransomware,North Korea,North Korean Hacking,North Korean Threat Actors,northkorea,Noth Korea,SB Blogwatch
Views: 0
