How not to hire a North Korean plant posing as a techie
theregister.comHere is my opinion as someone who worked with alongside North Koreans (textile factory) and visited NK. I am from East Europe and have 10 years in IT.
- NK secret service (or whatever you call it) is more sophisticated than this. They will act as proper company from Turkey, India, China or even EU countries...
- if you actually manage to get some North Korean who escaped to West, they are 10x more dedicated than anyone else. China, or South Korea (usual target countries) do not offer many opportunities, they need money for relatives.
- NK secret services do not attack west infrastructure, or steal info from small fish. They are too small to do that! Most money is from drugs and guns.
- if you hire US only, you eliminate 99.99% of issues. US borders are not ideal, but they do repeal unwanted Asians.
Edit: * stitching, working with cloth, it was textile factory in East Europe
Out of curiosity, how would a North Korean who escaped to the West even get money to relatives still there?
This is how it works: https://blogs.worldbank.org/peoplemove/is-it-possible-to-sen...
NK I knew had regular flights into EU, but that was 10 years ago.
Today there is most likely trade with China (I am not familiar with that). I would go through Russia, there is direct border and regular trade. NK building companies operate in captured parts of Ukraine for example.
Or just use bitcoin. NKs do have access to internet, it is good store of value (better than diamonds) and highly liquid asset!
>NK building companies operate in captured parts of Ukraine for example
Can you provide a source for this? Google results provide only articles that suggest the claim, no real confirmations.
[2022-08-09]: Head of so-called Donetsk People's Republic (and former Ponzi scheme CEO) Denis Pushilin declared on live tv (Соловьёв Live) that he expects the arrival of the first brigades of North Korean workers soon. He also said that DPR and North Korea have talks about collaboration when it comes to building [1].
It is probably the most direct admission you can get right now. Why? Because there are UN Security Council sanctions against North Korea prohibiting the procurement of services from North Korean companies, including building services. Also, just a week ago, Russian denied violating the sanctions related to North Korea, stating something along the lines of "Russia being a responsible member of international society" [2].
As far as I know from my personal experience, when Russia makes claims denying involvement in something, it is usually involved in that thing.
There are also statements about North Korean workers being sent to Ukraine on South Korean website about North Korea [3]. Just "we have information about that", but it looks plausible and completes the picture.
[1] https://tass.ru/mezhdunarodnaya-panorama/15427835
[2] https://ria.ru/20231015/kndr-1902858034.html
[3] https://www.dailynk.com/english/north-korea-orders-trading-c...
Maybe some network in CN, HK, Macau or even TW!
Vietnam is a major location.
You'll find a number of NK operated companies and restaurants in Saigon and Hanoi to help bring in foreign currency.
Also, Vietnam has one of the largest Korean diasporas outside of Korea, as South Korean companies moved all their operations in China to Vietnam in 2013-17 after the THAAD fiasco.
Just about every single product and conglomerate in Vietnam is Korean (specifically Lotte Holdings). Walk down the street and you'd find 3 Lotte Marts. Then go grab lunch at the Lotteria next door. Then call a Grab and ride in a Hyundai back to your apartment in D2 built by Lotte while the driver is playing KPop produced by Lotte Cultureworks, and then watch some KDramas or Vietnamese shows at home produced by Lotte Cultureworks and maybe chill out while drinking some Chum-Churum Soju. Then, next morning, drink some Chillsung Cider to fight the hangover and go to your company, who will end up exporting products back to Korea via Lotte Global Logistics with financing from Lotte Capital. When you end up getting vacation, you'll end up flying to Seoul and maybe take your family to Lotte Hotel World.
This is a guide for online platforms, such as upwork
>Evading in-person meetings or requests for drug tests.
I am surprised about the request for drug tests. Is this common in the US?
Except for high-security jobs, which are never possible remotely anyway, I have never heard of a client or employer asking for a drug test. If I got a request for a drug test, I would quit immediately. Even if I am sure it is negative, my private life is my business. Any attempt to control my private life I see as a personal attack.
In the US it’s fairly common policy to have when the employee could present a liability issue, such as driving a company provided vehicle, or operating heavy/dangerous equipment. Drug tests are a “cover our ass” measure and also make getting rid of “that fucking guy” easier.
In practice it varies heavily on how it’s implemented, generally a company isn’t really keen to spend the money and time on that shit until after they’ve been burned by incidents.
- Could be once on hiring, then only if you really fuck up. This is what my company does.
- Could be “random” testing that just so happens to “randomly” catch the obvious fuckwit who walked in after driving to work while probably blitzed and now wants to hop in a sprayer.
- Could be genuinely random testing.
I work in Agriculture, and my company provides me a work pickup truck (funny enough, my ATV in the back is my actual “work” vehicle if you consider time spent driving) along with fuel, which I can make reasonable personal use of. The tradeoff is they demand the ability to get notified of tickets/points added on my license, and if I start repeatedly getting speeding tickets and ignore the “hey, stop that shit” talk they give me, they’ll ultimately rescind the free vehicle they’ve provided me. Getting a DUI would very likely result in immediate termination. Which I consider fair enough
If I worked a desk job and don’t have a situation where altered states of mind would present a massive danger to myself, others, and company equipment, then yeah drug tests can fuck right off.
>also make getting rid of “that fucking guy” easier.
Very much so. An ex-coworker worked for a cardboard factory, attempted to unionize the workforce by providing lunches to workers during talk shops. He was taking liquid cannabis, had a doctors permission, script to get his medical card, only dosed enough for his aliment, and HR was aware.
Management had him take a urine analysis, supposedly workforce wide, of course failed due to the cannabis use, fired him the same day.
Never missed a day he scheduled, good guy.
Working for the city we do routine tests, especially CDL drivers, but from what I understand, they don't look for positive tests for cannabis, so I'm unsure if we're seeing a shift due to the legalization across nearly half the US, or they're specifically looking for opioids.
Just figured I'd share a perspective.
Not a lawyer, but seems like a slam dunk medical discrimination case.
First source I could fine, but I’m sure you can find more:
https://www.rkpt.com/business-and-corporate-law/employment-a...
That's a good source, however the issue that I see is that they already knew about it and kept him on.
You can't say it's okay to use marajuna and then later say, I had no idea he would test positive for marajuna. They should have reasonably known that he would test positive for marajuna.
Maybe it's not a medical discrimination case, but it's definately a case.
It's a National Labor Relations Act case. Employees have the right to talk about unionization with their coworkers.
The employer constructed the other evidence as an excuse (which is what basically any employer knowledgable of the law does), but the previous approval would undermine the validity of that evidence.
My first “real” job demanded a background check where they could “interview my neighbors to get a sense of my character” and other egregious things. I tried many times to get in touch with the background check provider’s (backcheck in Canada) privacy team, never ever got to a human or anyone to return my voicemails.
The employer was completely incredulous I would refuse to submit to the background check and thought I had stuff to hide. I was laid off in short order. I do t regret anything, this was invasive and unnecessary. I’ve never had to do a background check again beyond providing an extract of my police file that says I have no convictions.
What kind of job was this for? because interviewing neighbours is something that sounds like part of a top secret clearance not a private company background check
They probably don’t do it but it was in the paperwork I had to sign to authorize the background check and it felt way too intrusive for just a regular job, which is why I always refused to sign it.
> Except for high-security jobs, which are never possible remotely anyway, I have never heard of a client or employer asking for a drug test.
Some companies have contracts with the Federal Government and even if you won't be working on those projects or won't have to get the security clearance, there are certain clauses in the contracts which requires the company to not have employees drink at work, to drug test employees and other stuff like that.
I once was asked to do a drug test as the offer was contingent on the drug test to clear because of this kind of contract. I rejected the offer from other reasons, but the recruiter told me we can schedule the drug test weeks in advance, to make sure 'everything is out of your system, just in case'. It was a urine test, and I got the feeling that the company was trying to make sure the test was going to clear regardless of my lifestyle outside of work, no questions asked.
Also, the recruiter told me it was a one-time thing for me and other 'general purpose' employees, but persons directly involved in the whole security clearance government stuff were subject to random testing.
I heard a (likely apocryphal) story that selling govcloud service would require drug testing for employees that had any access at all to those systems. The story goes that the engineering leader laughed their sales counterpart making the proposal out of the room because they expected to lose approximately a third of their employee base to such nonsense. This was before marijuana legalization became so widespread, I assume some kind of reality has taken hold now such that the requirements are achievable by a tech population that, anecdotally, smokes a lot of weed off hours.
weed is still illegal under federal law, so its a no-no if you're doing federal work. state-level is a different story.
in most cases no one cares if you did it last year, but you gotta be clean while on the gub'mnt / contractor payroll.
unofficially after the drug test i don't think anyone asks too many questions. just make sure you don't have to lie on the background check cuz I've seen people upgrade from a Secret to higher, and the higher clearance investigations went deeper and found stuff. RIP job in that case.
but seriously tho, knew a dude who did GIS work for the DIA and he was ripping a bong the second he got home. he eventually got really into the cult-y motivational speaker world, not sure where he is now, but was making fat stacks while blazing for a while
When I started each of my last 2 jobs, I had to take a drug test. They are both US Fortune 500 companies. They are just normal computer operations type jobs.
The previous company won their case in Colorado Supreme Court to fire someone using medical marijuana even while off-duty.[0]
Additionally, even though we passed a law (constitutional amendment) allowing recreational use in Colorado, employers are still allowed to test and fire you for it.
[0] https://ogletree.com/insights-resources/blog-posts/colorado-...
Intel had me do a drug test just for an internship that I was almost going to take in 1996 or 97. I'm not sure if they still do that, I haven't had a drug test since getting my Chinese work visa (which required a drug and Aids test).
I was a contractor for Motorola and had to take a drug test, I have never consumed so much water in my life.
AIDS (HIV?) test? Were they going to discriminate against people with HIV? I don't get it. What about other STDs?
Disease control is one of the primary tasks of customs and immigrations agencies around the world. This authority was exercised quite prominently in 2020. But it is also exercised pretty mundanely on daily basis in regards to the transport of agriculture that carries diseases of agricultural concern... much to the frustration of travelers with foreign snacks.
From the US Government USCIS Form I-693 Instructions:
The civil surgeon is required to perform specific tests for tuberculosis, syphilis, and gonorrhea. The medical examination also requires the civil surgeon to evaluate for other sexually transmitted diseases and Hansen’s disease (leprosy).
Furthermore it suggests that physical and mental disorders may be grounds for disqualification. Finally, drug addiction and substance abuse generally must be disclosed.
https://www.uscis.gov/sites/default/files/document/forms/i-6...
Many countries do this for immigration. In New Zealand they say your test result doesn't affect your application. Whether that's true I don't know.
you want to know of any potential carriers and be able to trace potential vectors. plus if you offer socialized medicine you want to know that in order to adjust things like supplies of drugs and coverage for foreign travelers.
Canadian immigration wanted my full medical history for Permanent Resident status, and there was a medical check, blood work, and a chest xray for TB. I was in the US military with injuries from that, and they asked for all of the paperwork.
No drug tests at Intel for SWE blue badges circa 2015-2017.
Intel used to come up regularly in discussions as requiring drug tests of all engineer new hires - and people either not bothering to apply based on that or trying to never show up for the test. Good to hear hints that this changed.
fwiw: That was in Oregon where pot was legal. I wouldn't be surprised if it's somewhat more strict in say, Arizona. Also, I knew that fab folks, both blue and green badge (people wearing bunny suits) were drug tested.
Weird. I was not asked for any drug test for my Chinese work visa (only the Aids one).
High security jobs. Jobs in finance. Anything involving driving or operating machinery. Maybe customer-facing jobs. Basically anywhere where, if you're stoned, you could cause damage to the company.
> Basically anywhere where, if you're stoned, you could cause damage to the company.
Does the C-suite also get regular, supervised piss-in-a-cup tests, or do they actually not have as much impact on the success of the firm as they claim to?
Depending on the legal environment, maybe. But it's not as if c-suite positions have zero job screening. They have a different screening process which includes other things that lower level positions don't have to do.
I've seen even at home background check and interview. To answer, who really is this person and how does he live?
And do they get paid off for drinking at work? Masters of having it both ways
No, but they only do performance-enhancing coke, so no worries there.
Companies have weird requests sometimes. A good decade ago or more, I was asked to sign a disclosure that I was not a member of a certain faith (that has/had anti-tech sentiment at the time). That would definitely not happen these days.
> I was asked to sign a disclosure that I was not a member of a certain faith (that has/had anti-tech sentiment at the time)
Ye that sounds both illegal and pointless.
I'm super curious, what was this faith? the only ones I can think of are the Amish and Mennonites, but neither of those are going to take tech jobs in the first place.
My company drug tests everyone they hire, regardless of the position. They say it's for a discount on employment insurance, but I have not verified that. They only test once, on the start date. They'll only ever test again if you fuck up on the job and hurt someone, or yourself.
> I am surprised about the request for drug tests. Is this common in the US?
For software jobs? No, they aren't very common. But they are not unheard of.
As part of the vetting procedure, my government job (not dealing with highly classified material) asked my former employers if they knew any of my sexual fetishes.
Unless your former employer was Cloudflare or Mindgeek, I'm not sure how would they know lol
People often talk. Jim used to date Jenny in Accounting, and he said she's really, like REALLY, into S/M, etc.
Plus you'd be surprised (or maybe not) as to the number of DNS queries we get from employee workstations that are to questionable websites. I couldn't tell you all of my coworkers that are gay, but I can tell you a few that are hitting gay porn websites from their work laptop.
I interviewed for a random postdoc in the USA and then they offered and they asked for drug test and I told them no I have body autonomy and you don't get to decide what I do with my body when I'm not at work. And from the mysterious aether a directive came suddenly that it wasn't required only recommended that I take a drug test.
Seems like drug tests are just a strange tool of humiliation
Yes. Lots of jobs require drug tests. Used to be more common.
Many jobs give you lots of warning. So it isn’t so much “are you doing drugs” as “can you stop doing drugs.”
The only time I was drug testing was when I was hired to work at a gas transmission pipeline company and I felt that was a totally reasonable request.
I had to do a drug test prior to my start date for an F500 some years ago, but never again afterwards.
>I would quit immediately
Not everyone has that privilege.
> Threats to release proprietary source codes if additional payments are not made;
This is "a sign"? In what company is that not grounds for immediate revocation of all access, termination?
It is both.
To me it was weird in a list of things "to look out for". When somebody makes those threats, the jig is up. But of course, retrospectively, it may help to classify. So yea, I get now why it's on the list.
Original source: https://www.ic3.gov/Media/Y2023/PSA231018
> logging in from multiple IP addresses,
[x] Phone, laptop.
> working odd hours,
[x] Delayed sleep phase insomnia.
> Repeated requests for prepayment followed by “anger or aggression when the request is denied”;
[x] Previously ripped off by shitty employers.
> Evading in-person meetings or requests for drug tests;
[x] Social anxiety, medical cannabis user who is aware that even though legal (in AU) it is stigmatised.
> Having multiple online profiles for the same identity with different pictures, or online profiles with no picture.
[x] Average privacy enthusiast.
I await further instructions from Glorious Leader.
This is why human judgement is significantly more nuanced than a pile of if statements.
the if statements just generate a flag.
if you're flagged, then here is your plane ticket, come to HQ and let's prove your a real human. showing up, looking more or less like your ID and zoom call, and being able to speak generally about what you're working on is enough.
like even if the job is 100% remote, fly em to the office at least once or twice.
My point is that the source press release was never a piece of software. It was always guidelines for humans to interpret.
I'm amazed that the "alt-detection" problem from multiplayer games has become a business problem. I guess the US gov has been doing this for decades for security clearances, is there a commercial equivalent that works internationally?
And there's still the "man-in-the-middle" problem.
The U.S. Office of Personnel Management data breach in 2015 exposed the personnel files of anyone who had applied for a job with the U.S. federal government. It was blamed on China, and it may have been, but that isn't to say they didn't sell or trade the data to N.K. That data would be extremely useful in building fake profiles that pass inspection, as bundled with LinkedIn data it would show what profile ingredients get people hired.
> Evading in-person meetings or requests for drug tests
Why would they evade drug tests and meeting in person? Do the "techies" claim they are not Korean at all? Surely, a North Korean would pass as a South Korean to (at least) any non-Korean colleague?
Because they're slaves kept in dorms in various South East Asian countries that can't leave, their handler wouldn't allow to go to an in person meeting or take a drug test. They're also usually lying about the city and country they're working from.
Ah that makes sense, didn't realize that they aren't free to move.
Ok... but if the job is remote anyway, why can't they work from North Korea itself and use VPN (as another commenter mentioned) to simulate being in another country? Or would that run into bandwidth/"Great Firewall"/other problems?
They can, I think that's the point of the "avoiding in-person meetings" warning.
Say you have an office in South Korea. A South Korean developer starts working for you as a remote employee, and their IP looks like it's connecting from South Korea. You say "cool, awesome, but you need to come to our office in Seoul once every two months for our regular all-hands meeting," and they keep skipping out on it, claiming family emergencies or whatever. That's the warning.
That was my understanding.
Source?
Here's a fantastic NYT article on NK defection that includes some details of the conditions https://www.nytimes.com/2023/07/09/world/asia/north-korea-ch...
This article mentions NK workers posing as Americans by paying for VPNs into people's home wifi https://abcnews.go.com/US/wireStory/fbi-thousands-remote-wor...
In today’s game of “North Korean or Bay Area?”:
- North Korean: Uh-oh. I can’t physically do either of those.
- Bay Area: I’m not taking bus-to-BART-to-bus from Berkeley to the city for some meeting that could’ve been a Zoom. Drug test? Is there a minimum level I need to pass? Not doing it.
If someone is asking for my piss, it better be in a sexual context.
Drug tests are dehumanizing af. What I do outside my work hours is my own private time.
unless you want to work for the gov.
This. If there is a government contract involved, even if you are not working directly on it, you will have to pee in a cup.
But getting around that is stupid easy and simple, it is laughable.
> This. If there is a government contract involved, even if you are not working directly on it, you will have to pee in a cup.
This is not correct. When I held a clearance (which I don't anymore and won't again) the Department of Defense never made me take a drug test. I did, however, work for a publicly-traded government contractor that made me take one both times that they hired me as a matter of course. I worked for three other such defense contractors that were happy to have me without such a test.
I thought it was just a mild inconvenience until I developed a sinus infection and started taking pseudoephedrine and diphenhydramine two days before I was scheduled to take the test. Because these OTC drugs can cause false positives for methamphetamine and marijuana respectively (depending upon whether the test is reagent-based or GCMS) I had to quit taking them and suffer through two days of an upper respiratory infection to pass the test and placate some HR drone in Alabama.
I'm sure that there's a policy or exemption process for this situation but the same company also almost pushed my start date because their background verification service couldn't verify my past employment _at the same company_, i.e. their onboarding team was grossly incompetent. I decided not to chance it as I didn't want to go weeks without a paycheck while they sorted out a false positive. Needless to say I don't waste my time dealing with this class of employers any longer.
Not that this helps you now, but I believe if the reagent test fails, they immediately GCMS the sample to both determine the quantitative amount of substance in question, as well as rule out false positives, so you probably would have been fine (for the diphenhydramine at least).
The drugs you took outside your work hours don't know they have to exit your bloodstream the hour you start working. Perhaps not all occupations need such tests, but at least people driving vehicles and operating heavy equipment should be made sure to have their system clear while at work.
The tests usually don't have granularity to know if you're intoxicated during work hours precisely. Most test for metabolites that either aren't intoxicating or intoxicating in far higher levels than detection cutoff.
Pure speculation, but there is a large North Korean methamphetamine trade. Allegedly, per escapees, many North Koreans use meth for purposes of work enhancing stimulants and hunger suppression.
Perhaps these slaves are being doped up to focus on the work?
> large North Korean methamphetamine trade
It's common all among the working class in Asia and the Asian Diaspora (Bayswater Basic if you've ever been to London). It's dirt cheap and keeps you awake while. doing any monotonous or manual labor.
In this specific case, a drug test for a remote job requires ID verification. It's a simple redundancy to verify that the person you hired is that same person.
Even if they aren't on drugs, they can't physically show up to the test, because they are lying about their location, and they're trapped in a different country.
Yeah, plenty of people will adopt the persona of someone else just to get hired.
If you're a white person on a freelancer website, you may get approached by someone who wants to buy your account.
Is this really a thing? Who would willingly burn their reputation and risk federal charges for sanctions violations over measly account sellout.
How do you do a drug test on a remote worker?
And why? If they can’t do the job you fire them.
Government contractors. It’s a legal requirement. They schedule you at a local-to-you testing center. They’re everywhere, because truck drivers and some other jobs are legally required to test.
It’s very dumb. Scheduled-in-advance piss tests aren’t great for catching much other than weed. Most other things aren’t detected in urine after 2-3 days. Weed metabolites, which is what they test for, stick around for potentially weeks. The whole exercise will be practically pointless if weed ever gets removed from the set of things they’re testing for.
[edit] what I’d love to see replace this junk is some kind of probably-computerized attention and reaction test, for jobs where it actually matters. Which is only a subset of the ones that currently test, but, when it comes to truck drivers and heavy machinery operators and such, I don’t care if they like to do drugs off hours, but I do care if some straight-edge driver is too tired to drive, and that’d catch those cases, too. Maybe open to cheating, but piss tests are routinely cheated anyway.
> Government contractors. It’s a legal requirement.
Probably things have changed, but back in the mid 90s we had our first government contract, and one thing was that we were required to have a "drug testing policy".
A couple of team suggestions were "you bring 'em we'll test 'em" and "employees have access to private ceramic urine collection devices. After collection, other employees do not have access to the results of processing".
In the end we sent in "Our policy is not to test for drugs" and we got our contract.
(I agree with you that what matters is actual functional risk, not paranoia)
But hordes of people still fail them for non-weed. I think if you can go the 3 days needed to be clean then it's not really an issue. People with real opiate, benzo or stimulant addictions can't typically go 3 days without using. And there's build up so you can have extended duration of being positive.
Drug tests are almost always outsourced, and there are facilities around the world that do this.
Why? Depending on the work, it might be a legal requirement. But for the purposes of these guidelines, it doesn't matter. The point is, if they are evading in-person tasks, it could be because they're misrepresenting their location.
A lot of the advice seems to boil down to "don't hire remote freelancers."
The NK workers tend to be locked up in dorms in different countries. They can't go to drug tests because their handlers won't let them. Likewise, they're not actually in the country they say they are in.
Additionally, drug testing locations examine government IDs all the time, so the NK workers are not likely to actually have one that matches the name they are working under. Otherwise, people who use illegal drugs could hire "clean" family or friends to give the hair/urine/blood required for the tests.
People who have escaped from Scientology report being treated similarly - guarded at all times when they leave their compounds, ID documents seized.
I don't know where you're seeing that, what advice here would make it hard or impossible to hire real remote freelancers other than maybe the in person meetings?
No RDP, no VPNs, verified working locations.
Typically freelancers work from wherever they want, on any random starbucks wifi.
Regarding RDP, the issue might be the same as no SSH into machines where you can break out of. Best practice for devs is to work locally and submit PRs? For non tech workers, I don't see the need to RDP anywhere since applications today are mostly cloud based, and others are license based, you'd need a license for the employee to use, say, autodesk tools, so they can install locally. No RDP is good advice either way.
For VPNs, I think they mean non company provided VPNs. So if they're needed, the company should provide them. I can se a scenario where your ISP throttling your traffic or you want to secure traffic and your employer has no VPN. Idk how I'd solve this one.
Verified working locations: I work usually from home or my office, but when I travel, it's usually not a secret where I am, I don't actively try to hide it, it's visible during zoom calls, etc. It's about the level of trust you build with your employer. I have stopped by HQ once or twice while on vacation but that is not required. Overall don't have shady patterns?
But...I am certain companies are not reasonable and some will conflate RDP with any remote thing. Others have no idea how to setup vpn infra, and others simply can't fathom that a remote employee can/should travel while working. So they will have policies that will make remote workers ineligible for hiring.
I believe most work from home. Certainly there are many “work from a cafe” or “work as a footloose traveler” people, but I think they are a small minority in practice.
RDP should be architected around, VPNs are fine just not _commercial VPNs_, and verified working locations here isn't about making sure you're always working from 123 Foobar street but about making sure you're in the country you say you are.
Wouldn’t throwing tantrums and threatening to violate NDAs over petty cash just undermine their entire spying operation?
It sounds to me like the US released a report about NK espionage operations, and then people "thought" (as the article phrases it) that NK operatives were everywhere, and now we have this article that just seems to tie the most obnoxious freelancer behavior to NK espionage, without any actual evidence.
We're just repeating an old page from an old playbook.
> Back in 1937 Comrade Stalin pointed out that as long as the Soviet Union existed amid capitalist encirclement we would have wreckers, spies, saboteurs and murderers sent to our home front by foreign states. [1]
Just change the names and the years and the professions around, and we'll be good to go. The actual existence, non-existence, or prevalence of spies, saboteurs and wreckers is second fiddle to the perception thereof. :)
[1] https://soviethistory.msu.edu/1947-2/xenophobia/xenophobia-t...
I find the best part about reading McCarthyism history is that THERE ARE communist traitors in USA, sometimes in very high places https://en.m.wikipedia.org/wiki/Harry_Dexter_White#Venona_pr... . I guess if your spy network is sophisticated enough to make your enemy have to blunder either for false negative (your spy doesn't get caught) or false positive (your enemy self sabotage, killing their own kins), you win.
Yeah, this reads like blatant xenophobia.
This reads like blatant fear mongering
> infiltrate organizations they work for to steal secrets
Do you worry about this as a random company? You are gonna steal source code for 4 out of 12 micro services required to run some random online shopping website, or a video game? what is North Korean gov. Going to do with it?
And if you give random people access to customer data, then it’s already being sold on the dark web.
> suspicious behavior such as working odd hours and inconsistencies in name spellings
every autistic or dyslexic or socially disfynctional techy is a spy now?
Fyi we don't live in a utopian all for one and one for all world, as unfortunate as that is.
Q: What will they do with it?
A: Insert code for backdoors, then leverage those backdoors to hack defense systems and systems that can track where defense personnel and equipment are. Traffic cameras and delivery services come to mind.
The Danish government might want to read this, preferably before having any more North Koreans working on ships for the navy.
Nah that was a different grift. One where a contractor hires a NK subcontractor that employs slave labor.
> Repeated requests for prepayment; anger or aggression when the request is denied.
Why would they ask for prepayment?
Because the longer they're working at a company the higher chance of being found out and terminated, the higher the chance of their accounts being frozen, and the lower the chance they actually are able to get money to their handlers.
"Don't let the hoodie fool you, that's Pinus densiflora."
are black hoodies juche?
Wish someone would honeypot them all then reverse infect their computers.
I've always assumed that we (the west) do.
Stuxnet, e.g.?