North Koreans Posing as U.S. I.T. Job Applicants
In the past, bad actors stole personally identifiable information (PII) for a few specific uses. Credit fraud was the principal culprit, as with only a full name, home address, and social security number, bad actors stole identities and victims were ill-equipped to effectively response. Today, and perhaps attributable to the flooded market of PII, free credit freezes, and affordable identity monitoring services, bad actors found new ways to exploit PII.
Recently, a scarier, stranger use for stolen PII reared its head in the post-Covid world, originating in North Korea. North Korean IT specialists are taking advantage of a perfect storm of technology improvements, a plethora of stolen PII, and job market to seek tech-focused jobs with American companies while posing as American citizens using stolen PII. The North Korean imposters then funnel the money earned at these jobs back to the North Korean government to assuage against current economic sanctions. And, if the American employer hosts trade secrets accessible by employment credentials and access rights, the North Korean imposters then steal trade secrets (such as confidential technology and information) on behalf of the North Korean government.
The “how” in response to this emerging threat comes from rapid surge of remote working environments following Covid. And while all industries are experiencing labor shortages, the demand for information technology experts catapulted with the expansion of remote work, increased reliance on cyber capabilities, complexity of commercial technology products. Thus, employers are forced to hire remote workers, even if less than enthusiastic about the idea.
This unique new remote job market means that, hypothetically, any United States citizen could work their remote job from anywhere in the world, and anyone posing as a U.S. citizen could work a job from anywhere in the world. This is where the North Korean citizens, and other foreign adversaries, take advantage of the modern labor market. They can apply for positions from anywhere in the world by posing as American Citizens (using stolen PII), changing their I.P. address using a free VPN, using a stolen image from social media, and deep fake technology to match assumed identity’s PII.
Deep fake technology made its way into the public consciousness in 2017 and, recognizing the potential utility, legitimate businesses, entrepreneurs, and cyber criminals rapidly sought to improve upon the initial idea. In 2019, a Japanese company developed deep fake to create a full body from scratch. Thus, remote interviewers are often unaware of their retention of North Korean citizens.
Fortunately, there are instances in which the applicant’s biology became undeniable. In 2022, a North Korean imposter applying for an U.S.-based technology position attempted to mask his face while sneezing. The deep fake technology was unable reproduce the abnormal facial expression, causing the audio and video to desynchronize badly and reveal that deep fake technology was used. On June 28, 2022, the FBI warned that foreign actors are also using voice spoofing technology that sounds natural enough to be convincing. In the event that foreign accents are unconcealable, these voiceovers, combined with deep fake technology further hide evidence of the applicant’s true identity.
If unconcerned or feeling sympathetic for North Korean citizens battling poverty and an oppressive dictatorship, the FBI warns that the funds received from these American positions are applied towards the North Korean government’s nuclear program. And, when each year comes to end and the U.S. Department of Treasury reviews the W-2s and W-4s received from employers, an unsuspecting American citizen will receive a tax bill for wages received by the North Korean imposter. Therefore, unless American companies start conducting in-person interviews again in the post-Covid world, there is a distinct possibility of funding North Korea’s nuclear weapons program, creating additional income tax obligations, and losing proprietary technology and information to a known foreign adversary.