Fraud - North Korea's Fake IT Worker Scheme Exposed
Basically, North Korea tricks companies into hiring fake IT workers to steal money and information.
North Korea's fake IT worker scheme has been uncovered, revealing a network that generates $500 million annually. Companies in various sectors are at risk. Learn how to identify and protect against these infiltrators.
What Happened
Researchers from IBM X-Force and Flare Research have unveiled a complex scheme involving 100,000 fake IT workers from North Korea. These individuals are infiltrating companies worldwide, generating an astonishing $500 million annually for the regime. The report titled "Inside the North Korean infiltrator threat" details how these operations are structured, revealing a sophisticated network of recruiters, facilitators, and collaborators.
The operation has been under the radar for years, but experts are just beginning to grasp its scale. Many of these workers earn upwards of $300,000 a year, working remotely for unsuspecting companies across 40 countries. The report highlights how these fake IT workers apply for jobs, often under the guise of legitimate companies like C Digital LLC, which are mere fronts for the North Korean regime.
Who's Being Targeted
The scheme primarily targets companies in sectors such as healthcare, finance, and artificial intelligence. By posing as qualified IT professionals, these workers gain access to sensitive systems and data. The report indicates that the fake workers often operate under false identities, sometimes using counterfeit accounts or identities of real individuals who may not even be aware of their involvement.
Recruiters play a crucial role in this operation, screening candidates and guiding them through the application process. They often mislead applicants about the nature of the company, claiming it's a stealth startup with no public presence. This deception is a significant part of the strategy, allowing North Korean workers to infiltrate organizations without raising suspicion.
Signs of Infection
Identifying these infiltrators can be challenging. The report outlines several warning signs that employers should watch for during the hiring process. These include:
- Fake backgrounds during video interviews
- Use of AI face changers or voice changers
- Discrepancies in resumes versus interview responses, especially concerning language skills and locations
One unique method to identify a potential North Korean worker is to ask a seemingly innocuous question about Kim Jong Un. If the candidate abruptly ends the call, it may indicate their true identity.
How to Protect Yourself
To safeguard against this threat, companies must implement robust hiring practices. Here are some recommended actions:
- Verify identities thoroughly before hiring, especially for remote positions.
- Use technology to detect suspicious online behavior.
- Train hiring managers to recognize the signs of potential fraud.
Additionally, organizations should consider using tools like OConnect or IP Messenger, which are associated with these fake workers. By staying vigilant and informed, businesses can protect themselves from falling victim to this sophisticated North Korean scheme.
The Register Security