WSJ Reports on North Korean IT Workers' Disguised Employment
Exploiting Remote Work Loopholes to Secure Jobs at US Companies
"Up to Thousands"... Facilitators Assisting Recruitment Also Caught
An employee who was hired on the condition of remote work at a U.S. information technology (IT) company was revealed to be a North Korean IT worker disguised as an American using generative artificial intelligence (AI) technology.
On the 5th (local time), The Wall Street Journal (WSJ) reported, "In July, the cybersecurity company KnowBe4 hired a skilled applicant named 'Kyle' while recruiting remote workers."
At the time, KnowBe4 was recommended Kyle through a hiring-related site. Kyle was able to freely use the programming languages KnowBe4 wanted, and during an online interview conducted via Zoom, he showed enthusiasm and honesty. He claimed to reside in Washington State and requested the company to send a laptop to his home. Stu Sjouwerman, CEO of KnowBe4, said, "Kyle spoke frankly about his strengths and weaknesses, things he still needed to learn, and his desired career path," adding, "He seemed like a pro who had probably done a hundred job interviews."
However, on his first day of work, Kyle attempted to plant malware on the company server but was caught by internal security alerts. The company identified Kyle as a fake job seeker who had stolen someone else's identity and reported the matter to the Federal Bureau of Investigation (FBI). It was revealed that his actual nationality was North Korean, and the social media photos were fake, created by generative AI. Regarding this situation, WSJ expressed concern that "the actual number of North Korean IT workers hired could potentially reach thousands."
U.S. authorities and cybersecurity companies told WSJ that since the COVID-19 pandemic, the increase in remote work and the advancement of generative AI have led hundreds of North Korean workers to steal foreign identity information and infiltrate lower-level IT positions intensively. In particular, North Korean IT workers attempting disguised employment like Kyle have reportedly surged in the past two years.
Another IT startup, Cinder, also utilizes remote work and reportedly received dozens of fraudulent job applications since early last year. Declan Cummings, Chief of Engineering at Cinder, said, "In some job sites, about 80% of applicants were suspected to be North Korean agents," adding, "When the applicant's face in the interview does not resemble the profile photo on social media, disguised employment is suspected." He also added, "One applicant cut off contact after hearing during the interview that the company's co-founders were former CIA agents."
Disguised employees are mainly understood to receive help from accomplices residing in the U.S. Earlier, the U.S. Department of Justice announced last month that it arrested Matthew Isaac Knut, who lives in Tennessee, on charges of assisting North Korean IT workers in disguising themselves as Americans. He is suspected of maintaining a 'laptop farm' at his home that allowed these North Korean workers to access the U.S. internet, making it appear as if they were logging in from the U.S. rather than their actual residence in China. These workers were employed remotely by U.S. media, technology, and financial companies, causing these companies to suffer losses amounting to hundreds of thousands of dollars, according to investigations.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
