FBI Wanted List: Fraudulent Remote IT Workers from DPRK

https://www.fbi.gov/wanted/cyber/fraudulent-remote-it-workers-from-dprk

45•smurda•1mo ago

Comments

hallole•1mo ago

Remote jobs? In tech? In this job market? Credit where credit is due...

And, maybe I'm reading too far into it, but this line:

>With these roles, these individuals allegedly abused their access at the companies to steal virtual currency.

makes it sound like they were stealing Robux or something. Could money be laundered through re-selling video game currencies?

kotaKat•1mo ago

Sounds like a couple of crypto exchanges didn’t KYC their employees as hard as they do their customers and let them be too close to the casino vaults, as it were…

LordGrey•1mo ago

Just a couple of days ago, I received an email from our HR department requesting information about a recent hire. Basically, they asked if I or anyone on my team had physically met that person. My company still embraces remote work, and everyone on my team is remote. As luck would have it, the person in question lives near another team member and they had met up for a company function (once).

I assume that the request was related to something like this: Preventing fraudulent remote workers.

derelicta•1mo ago

Honestly, impressive feat on their end.

phendrenad2•1mo ago

Am I reading this right? They're in the U.S. somewhere? How did they get into the country? Do we still think low border security is a good idea?

alephnerd•1mo ago

> They're in the U.S. somewhere

Nope. UAE or Laos:

"The men speak English and Korean and have ties to the United Arab Emirates and Laos"

foxyv•1mo ago

Essentially, they steal US social security numbers or ITINs from leaked identities to apply for jobs in the US as US citizens. They then make money for prohibited countries like North Korea while pretending to be that citizen. The mony is exfiltrated through cryptocurrency or money mules. In the meantime they install malware and steal anything that isn't nailed down. Passwords, keys, proprietary documents, cryptocurrency, etc...

Edit: They also recruit US Citizens through "Work from home" schemes to help them engage in the fraud.

suburban_strike•1mo ago

Can confirm, we're dealing with one right now.

They coast for a while on passable work but it isn't sustained through multiple warnings. The day after we hit him with a PIP he performed a mass exfiltration.

Two weeks after we let him go, systems he had previously had access to were compromised from outside.

With remote workers, if they start underperforming, start revoking whatever access you can at the first warning. Most of the events were set in motion once he saw the writing on the wall. This one was a textbook case with such predictable timing it's absurd that he got as far as he did.

He also raised every red flag in the book during the hiring process (interviewers noted suspicions of AI use) and presented as too good to be true with perfect skills alignment and low salary requirements. At every point in the process we knew better.

Kolonie•1mo ago

Seems like you didn't read it right.. The trouble with border security is that it is a very expensive way to get a misplaced sense of security.

platevoltage•1mo ago

The majority of people in the country without documented status entered legally.

davidbhead•1mo ago

The sophistication of these guys is high. They're hiring US citizens to interview for them and then if they get hired, their work quality is high so they fly under the radar for awhile.

jmkni•1mo ago

I wonder how complicit the companies are? They know "Jeff" is a fraud, but his code is great? ¯\_(ツ)_/¯

davidbhead•1mo ago

I've thought about the same thing. My company specializes in blocking candidate fraud and we have yet to see anyone who's sentiment isn't "get these people out of here".

Employing a North Korean can create sanctions and criminal risk, so it's not worth it.

From what I've heard from people who have accidentally hired them though, many are great engineers.

floatin•1mo ago

I do IT support for onboarding remote hires for a call center we catch about 1-2 hires a day who are fraudulent. Most we catch by comparing the photos on their DL to the person who shows up on webcam for training. It’s unclear the motivation for the fraud. I don’t think they really have dug into that yet.

Start all of your commands with a comma

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

The Waymo World Model

How we made geo joins 400× faster with H3 indexes

Unseen Footage of Atari Battlezone Arcade Cabinet Production

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

Jeffrey Snover: "Welcome to the Room"

Monty: A minimal, secure Python interpreter written in Rust for use by AI

Vocal Guide – belt sing without killing yourself

Show HN: I spent 4 years building a UI design tool with only the features I use

Hackers (1995) Animated Experience

Sheldon Brown's Bicycle Technical Info

Microsoft open-sources LiteBox, a security-focused library OS

Show HN: If you lose your memory, how to regain access to your computer?

An Update on Heroku

Was Benoit Mandelbrot a hedgehog or a fox?

PC Floppy Copy Protection: Vault Prolok

Dark Alley Mathematics

How to effectively write quality code with AI

Delimited Continuations vs. Lwt for Threads

What Is Ruliology?

Where did all the starships go?

Introducing the Developer Knowledge API and MCP Server

Female Asian Elephant Calf Born at the Smithsonian National Zoo

I now assume that all ads on Apple news are scams

I spent 5 years in DevOps – Solutions engineering gave me what I was missing

Why I Joined OpenAI

Understanding Neural Network, Visually

Learning from context is harder than we thought

Show HN: R3forth, a ColorForth-inspired language with a tiny VM