A US security company narrowly avoids major damage because a North Korean hacker in its ranks becomes impatient.
Which company is it? The US IT security company KnowBe4, which has around 1,000 employees, went public with a report on its blog. A North Korean cybercriminal got a job as a software engineer through a routine application process. However, everything happened online because the position was advertised as a home office job.
There are over 400 USB sticks sticking out of walls in Germany – What is the “Dead Drops” project?
More videos
Autoplay
Caught because of impatience?
How could he deceive the company? The North Korean stole the identity of an American and edited an application photo using AI. This allowed him to pass all checks on his supposed career without being exposed.
Is the North Korean government also involved? The company KnowBe4 suspects that the skilled North Korean IT employee had help from a state-supported criminal infrastructure.
Was the cybercriminal able to cause damage or steal data? KnowBe4 assures that the person had no access to any data or critical systems. The company laptop sent to him never actually arrived. The company explains its actions as follows:
The way it works is that the fake employee asks to have their laptop workstation shipped to an address that is essentially an IT mule laptop farm. They then log in via VPN from their actual location (North Korea or China) and work the night shift, making it look like they are working in the US during the day.
What did the alleged employee try? Once he gained access, he attempted to execute malicious code and launch unauthorized programs, but failed. When his behavior was discovered, the company attempted to contact him.
In writing, he claimed to be following instructions from his router to get a speed problem under control. He immediately refused a requested phone call and subsequently all attempts to contact him were unsuccessful.
Why was he not successful? The explanation probably lies in his impatience. His onboarding process, i.e. his introduction to all of the company’s processes and systems that were relevant to him, was far from complete. At that time, he only had access to simple programs such as email and communication tools such as Slack and Zoom.
Furthermore, the security software reacted quickly, blocking all access and tracing the activities back to him. You can read all about this in the company’s FAQ.
What happens next? The case has been referred to the FBI, who are currently investigating. KnowBe4 also has some tips for anyone who uses similar hiring practices to help them follow suit and adapt their hiring and pre-hire processes.
If you are interested, you can find the complete English-language list in the company’s blog linked above.
You can read about a completely different kind of fraud, but in Turkey it is punished with unexpectedly draconian penalties, in another article. What a candidate for a university career can expect during a
state examination will probably stay with him for the rest of his life: Because his attempt to cheat with a camera, cell phone and AI failed, but the police are certainly impressed.