North Korean IT workers game U.S. companies' hiring practices by Sam Sabin author of Axios Codebook 
Wednesday, May 22, 2024, 01:29 PM
North Korean IT workers are posing as Americans to score coveted remote jobs and use the salaries to pay for their country's missile program.

Why it matters: Remote hiring practices have made it dangerously easy for North Korean IT workers to dupe hiring managers who historically had relied on in-person interviews to detect imposters.

These issues could be exacerbated as AI technologies get better at creating more realistic deepfake video and audio.

Driving the news: Federal prosecutors charged an Arizona woman and four other people last week with facilitating an elaborate North Korea-linked scheme to help their IT workers pose as U.S. citizens and secure remote tech jobs.

Workers landed jobs at more than 300 U.S. companies — including an aerospace manufacturer, U.S. automaker, a Silicon Valley tech company and other Fortune 500 companies — as part of this specific scam.
North Koreans used the identities of more than 60 U.S. people in their job applications and relied on VPNs to disguise their computers' actual location. The workers are linked to the regime's Munitions Industry Department, which oversees its ballistic missiles and weapons production programs, according to the State Department.
In total, this specific scheme generated at least $6.8 million in revenue.

What they're saying: "The scary part is that this is just sort of the tip of the iceberg," Greg Lesnewich, senior threat researcher at Proofpoint, told Axios.

"This is probably happening around the world and at a greater scale than we might be prepared to deal with."

Threat level: The U.S. government has been warning American companies about North Korean IT workers trying to get hired in remote jobs for at least two years.

The idea is simple: U.S. and other Western companies offer higher salaries and posing as Americans can allow North Koreans to bypass U.S. and U.N. sanctions that otherwise keep them from being hired.
Specifically, North Korean workers have been looking for freelance employment contracts in North America, Europe and East Asia, the U.S. warned at the time.
Complicating matters, many of these North Korean IT workers have also been expats that are based in China and Russia.

Between the lines: It's easier to bypass traditional identity verification tactics when interviewing for a job through video and phone calls, Lesnewich noted.

It can be tough for companies to determine when an employee's online activity is considered malicious, especially if they're a freelancer who is only with the company for short periods of time.

Zoom in: Generative AI tools have also made it easier for North Korean IT hires to craft believable resumes, Dmitri Alperovitch, co-founder and chairman of Silverado Policy Accelerator, said during a panel at the accelerator's summit earlier this month.

In one recent case, a worker had created a resume that claimed they had worked at Amazon and Meta and they aced the interview process and technical test, Alperovitch said.
The only red flag was the person would take about 30 seconds to answer a question — which in a virtual world could just mean there was a lag on the call.

What we're watching: North Korea's cyber operations have always been trendsetters — and this latest scam would inspire other groups to follow suit, Alperovitch warned.

"North Korea is a pioneer in the U.S. right now for collecting a paycheck," he said. "It's a matter of time before ransomware crews, other nation-states pick this up."



Note: If this article has helped, please feel free to share. If you'd like to participate and post an article, please send your submissions to info@certificationpoint.org


—————————————---
MARKETING & PROMOTION
—————————————---

Check Out Our Video!
A Smarter Way To Collaborate: https://m.youtube.com/watch?v=hyRxJvIXNR0

Register @ CertificationPoint!
—————————————
https://www.certificationpoint.org/member/index.php?command=signup_page

Find Out More About Student Freelance Work EXperience Builders
——————————————————————————--------
http://www.certificationpoint.org/student freelance.php

Take An Exam Today @ CertificationPoint
——————————--------------------------
http://certificationpoint.net/register.php

APPRENTICESHIPS @ CERTIFICATIONPOINT
——————————-----------------------------------
http://www.certificationpoint.org/Apprenticeship.php

INVESTING IN CERTIFICATIONPOINT
——————————-----------------------
http://www.certificationpoint.org/invest.php

SOCIAL MEDIA
———————
Find us on Twitter: https://twitter.com/@certpointorg
Find us on Facebook: https://www.facebook.com/CertificationPoint
Find us on Instagram: https://www.instagram.com/certificationpoint/
Find us on Tumblr: https://www.tumblr.com/blog/certificationpoint
Find us on LinkedIn: https://www.linkedin.com/in/certification-point-65a1642b
Find us on Pinterest: https://www.pinterest.com/certoken/

Additional Options For SHARING CertificationPoint
——————————————————-------------
https://www.scribd.com/document/696921433/CertificationPoint-Manifesto
https://www.scribd.com/document/696921430/CertificationPoint-Student-Poster
https://www.scribd.com/document/696921429/CertificationPoint-Student-Flyer
https://www.scribd.com/document/696921428/CertificationPoint-Inc-Course-Catalog-2024
https://www.scribd.com/document/696921427/CertificationPoint-Magazine

Comments

Add Comment
Fill out the form below to add your own comments.









Insert Special:
:o) :0l







Moderation is turned on for this blog. Your comment will require the administrators approval before it will be visible.