A 0.11-Second Data Transmission Delay Was the First Clue
Overseas IT Employment Is a Major Source of Foreign Currency for North Korea
Amazon discovered that a North Korean worker, who had disguised themselves as an employee of a partner company, accessed its system by detecting a brief moment of "keyboard data input transmission time of 0.11 seconds."
According to Bloomberg News on December 20 (local time), Amazon recently uncovered that an employee of a partner company was, in fact, a North Korean worker who had been hired under a false identity through a proxy.
Amazon became suspicious when it noticed that the time it took for the employee's keyboard input data to reach its headquarters in Seattle, Washington, was as long as 110 milliseconds. Although this is only 0.11 seconds, Stephen Schmidt, Amazon's Chief Security Officer (CSO), explained that if someone is working within the United States, the delay should only be a few tens of milliseconds.
This subtle data delay indicated that the employee was not in the United States but on the other side of the world. Upon launching an internal investigation, Amazon found that the device used to access the system was being remotely controlled. Tracking the location revealed that the origin was China.
The North Korean worker who attempted to infiltrate Amazon's system was blocked within a few days without gaining access to any critical information.
North Korea has been using overseas employment of information technology (IT) workers as a major source of foreign currency. These workers are known to operate by remotely controlling computers located in the United States after being hired under false identities.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
