US dismantles laptop farm used by undercover North Korean IT workers
bleepingcomputer.comAny thoughts on how to report requests to do things like this?
I've had several emails from strangers over the past month asking to use my identity (i.e. Upwork profile), setup a report laptop, and "collaborate".
Until now I've just ignore them or mark them spam.
> the North Korean IT workers who used Knoot's laptop farm generated revenue for North Korea's nuclear weapons program
Such an off-handed manner of presenting a really strong accusation! How did they do it exactly, directly, or just being citizens and paying taxes?
Because they're part of APT45 which has been documented doing this as part of the North Korean military for over a decade now [0][1][2]
You can also read the DoJ press release if you want [3], but you'll probably be blocked by their WAF as you're based in Russia
[0] - https://cloud.google.com/blog/topics/threat-intelligence/apt...
[1] - https://duo.com/decipher/north-korean-apt45-goes-for-the-mon...
[2] - https://malpedia.caad.fkie.fraunhofer.de/actor/apt45
[3] - https://www.justice.gov/usao-mdtn/pr/department-disrupts-nor...
Thanks for the info. My point was, presenting the context is the job of the reporter.
> You can also read the DoJ press release if you want
It doesn't mention APT45, fwiw.
> but you'll probably be blocked by their WAF as you're based in Russia
Your HN user locator is off. Even if it weren't, disclosing physical location of a person is bad manners, at the very least.
> you'll probably be blocked by their WAF as you're based in Russia
Where did that come from? Can you elaborate on this? I'm sensing "ha, you must be ruzzian to even ask that, and you obviously do that in bad faith".
Sorry if I'm off-base.
North Korea claims to be the worlds only tax free state. But you are right, in effect citizens do pay tax, its just called "socialist income accounting" instead.
It amazes me they didn't use some kind of KVM on these laptops instead of software, most company laptops have a ton of bossware on them monitoring applications and such
A KVM is more likely to trigger a SOC response than leveraging built-in RDP or using Zoom remote desktop.
Surely a tuned KVM could impersonate a standard input hardware vendor (eg Logitech)?
It would both be very difficult and anomalous enough to be caught by a company's SOC.
On the other hand, a long running Zoom session can remain undetected due to it's normality.
People emulate mice and keyboards from raspberry pis. I do not see why a KVM could not do the same. Or pretend it is a usbc docking station. Generic input devices do not have security keys.
FTA > This happened even though KnowBe4 conducted background checks, verified references, and conducted four video interviews before hiring an individual. However, the company later discovered that the person had used a stolen identity to bypass these checks and AI tools to create a fake profile picture and mimic the face during video conference calls.
Wow! It’s truly sad that qualified people are struggling to get through interviews and hoops to get hired, but North Korean hackers are landing jobs.
Related post from yesterday: We found North Korean engineers in our application pile [0]
Did these schmucks even understood what they were doing? Most likely they were recruited with "work from home" offer and thought they were doing legitimate jobs. They are victims themselves.
Which schmucks? The Americans that got arrested? Yes, they would've had to somehow funnel those earnings (minus a cut) to the North Koreans, so they were absolutely complicit.
If you're talking about the North Koreans doing this, I kind of don't blame any of the citizens, they're all victims of a brutal regime and are doing whatever to survive (literally). Yes there are truly bad actors too but it's hard to tell what's what. (Not excusing their behavior from OUR point of view)
North Koreans cannot access the global internet without the knowledge and permission of the regime in Pyongyang. And the OP says that "the North Korean IT workers who used Knoot's laptop farm generated revenue for North Korea's nuclear weapons program", which suggests that Pyongyang is taking most of their earnings.
So, whether or not they are victims themselves, they need to be stopped.
In north Korea? I mean yeah they are victims, but not because they thought they were getting legitimate US work from home jobs.
$250k/year for a job that they seemingly never needed to take a single meeting and can work remotely? Buried the lede here!
Im an EU citizen from a NATO country and would take that job for half the money and I also don't want to nuke you. The US jobs market is crazy.
There's a reason most companies are opening offices in Cluj, Bucharest, Praha, Lodz, Warsaw, Kyiv, Budapest, Tel Aviv, San Jose CR, Hyderabad, Bangalore, Delhi, etc now - a mix of government incentives requiring asses on seats as well as situations like above.
> The US jobs market is crazy
Depends on skillset as well. The biggest driver for jobs moving abroad is the fact that most CS programs no longer require low level or backend knowledge (distributed systems, OS internals, networking, database internals, C/C++) or teach it at a very high level.
Meanwhile, universities in CEE, Israel, India, etc still club CE and CS into a single degree (NAND to Tetris to React), making students much more well rounded for tech roles.
For example, my alma mater (Ivy League or Ivy Tier) stopped requiring the OS/Systems Programming class that made you diffuse the GDB bomb or truly understand how malloc works. Same thing at other peer universities except EECS@Cal, CS/ECE@UIUC, and CS/ECE@CMU.
I'm a citizen and resident of literally the closest US ally, speak the same American, have the same timezone, and I would take that job for half the money minus one dollar.
The article doesn't say it's one job and that they were employed for the whole period. Put enough people on an interviewing / meetings / minimum work rotation and I'm sure they could average 2-3 paid positions each.
Yeah. But it might even not be a real story. It could be a propaganda piece to heighten awareness about the intimidating military and technological capabilities of North Korea, lol. Perhaps some (US) government/military department wants a bigger budget next year, and this sort of story helps justify their case.
Yeah, how can I get one of these? And I'm a real person, in the US, who actually knows "computer stuff", not some North Korean shell.
If you're willing to completely fabricate a educational and work background to suit a specialized role, and the company gets lax on its background checking you can get away with it too.
If you're able to lie about pretty much everything and hire an SME to ace the interviewing process, then you too can commit identity fraud for employment.
errrr I'm not saying I want to fake it, I'm talking about actually qualifying for such a job (I've worked in this field for 20+ years, tons of experience), where does one find such a job that's paying such amounts for remote work and relatively few meetings?
(I have enough contracting work through my client network anyway, was just amusingly asking)
"Mom, I want the Dark Army from Mr. Robot."
"We have the Dark Army at home."
The Dark Army at home: