A secretive group of North Koreans have been securing IT jobs across the US and UK, using AI tools and local accomplices to obscure their true identities.
"Their goal? Cashing in on top tech salaries to funnel millions of dollars back to Pyongyang for its weapons programme," said Politico.
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
How do they get hired?
First, the North Korean nationals set up fake LinkedIn profiles, from which they can network with recruiters and apply for jobs using their false identities. Applicants "claim to be from countries including Italy, Japan, Malaysia, Singapore, Ukraine, the US and Vietnam", said Bloomberg.
Most are actually based in Russia and China, said the US Department of Justice. Their fake identities are carefully crafted, including "pseudonymous email, social media, payment platform and online job site accounts as well as false websites, proxy computers, and witting and unwitting third parties located in the United States and elsewhere".
Once hired, the North Korean workers are onboarded with their false credentials, sometimes including a US "front" address, where American accomplices can receive company laptops and keep them running.
What's the goal?
To earn money for the North Korean regime. IT worker teams "are set 'earnings quotas' by Kim Jong Un's regime", Michael Barnhart, from risk management firm DTEX, told Wired. The workers operate on behalf of several North Korean military and intelligence organisations, with the money they earn channelled back into them.
In one operation, shut down by US authorities in February, North Korean IT workers had infiltrated more than 300 US companies, and collectively earned more than $17 million (£12.7 million). They are often paid in cryptocurrency, or via digital payment platforms, with traditional bank payments laundered through third countries like China before making their way back to North Korea.
What's being done about it?
North Korea has historically targeted US-based tech companies, but in response to increasing awareness of the problem among American employers, they are now expanding their operations to European firms.
John Hultquist, chief analyst at Google's Threat Intelligence group, said UK companies should insist on video or face-to-face interviews to help expose potentially fraudulent applicants. The "scheme usually breaks down when the actor is asked to go on camera or come into the office for an interview", he told The Guardian. However, it is reportedly becoming increasingly common for applicants to use real-time AI deepfake technology to change their appearance on video interviews.
Given the difficulty of targeting suspects based in North Korea or allied countries like Russia and China, US law enforcement agencies are increasingly turning their attention to the accomplices who help pull off the scams. In January, the Department of Justice issued indictments for two North Korean nationals and arrested three "facilitators". Two are US citizens accused of running so-called "laptop farms", which receive and operate company devices on behalf of North Korean operatives, while a Mexican national is accused of allowing fraudulent workers to use his identity.
Bryan Vorndran, assistant director of the FBI's cyber division, said that the indictments "should highlight to all American companies the risk posed by the North Korean government".
-
August 30 editorial cartoonsCartoons Saturday’s political cartoons include Volodymyr Zelenskyy and Donald Trump's role reversal and King George III
-
5 bullseye cartoons about the reasons for mass shootingsCartoons Artists take on gun worship, a price paid, and more
-
Lisa Cook and Trump's battle for control the US FedTalking Point The president's attempts to fire one of the Federal Reserve's seven governor is represents 'a stunning escalation' of his attacks on the US central bank
-
China is silently expanding its influence in American citiesUnder the Radar New York City and San Francisco, among others, have reportedly been targeted
-
Kabul braces for a waterless futureTHE EXPLAINER A confluence of manmade and environmental factors makes the Afghan city the first modern capital to risk running out of groundwater
-
An ancient Israeli cave teaches new archaeological lessonsThe Explainer The cave is believed to be one of the world's oldest burial sites
-
How China uses 'dark fleets' to circumvent trade sanctionsThe Explainer The fleets are used to smuggle goods like oil and fish
-
The countries that have recognized Palestinian statehoodThe Explainer The United Kingdom has become the latest country to weigh in on the issue
-
Wonsan-Kalma: North Korea's new 'mammoth' beach resortUnder the Radar Pyongyang wants to boost tourism but there won't be many foreign visitors to Kim Jong Un's 'pet project'
-
How developed was Iran's nuclear program and what's left now?Today's Big Question Israel and the United States have said different things about Iran's capabilities
-
Superyachts are getting caught up in spy scandalsThe Explainer China and Russia have both been accused of spying maneuvers on the open sea
