North Korea stole your work

Even security experts can be fooled. In July 2024, Knowbe4, a Florida-based company providing security training, discovered that the new employer known as “Kyle” was in fact a foreign agent. “He’s done a great interview,” says Brian Jack, Chief Information Security Officer at Knowbe4. “He was on camera, his resume was correct, his background checks were cleared, his ID cleared the verification. There was no reason to suspect this was not a valid candidate.” However, when his facilitator (a US-based individual who gives him cover) tried to install malware on Kyle’s company computer, the security team caught him and locked him out.

Back to London, Simon Wijkumans couldn’t let go of the idea that someone had tried to trick him. He had just read about cases he knew, and that deepened his doubts. He conducted a background check and found that some of his candidates were undoubtedly using stolen identities. And he discovered that some of them were related to known North Korean operations. So Wijckmans decided to do his own little counter exercise and he invited me to observe.

I dialed in to Google at 3am Pacific time and was tired and silly. We chose this offensively early, intentionally, because it’s 6am in Miami, where the candidate claims “Harry” is.

Harry joins the phone and appears to have a rather fresh face. He is probably in his late 20s and has short, straight black hair. Everything about him seems intentionally nonspecific. He speaks to an off-brand headset wearing a plain black crew neck sweater. “I just woke up early today for this interview. It’s fine,” he says. “I know that dealing with business hours in the UK is a kind of requirement, so I can lead my working hours to my job, so it’s fine.”

So far, everything is consistent with the characteristics of fake workers. Harry’s virtual background is one of the default options offered by Google Meet, and his connections are slow to touch. Even though he says he was born in New York and grew up in Brooklyn, his English is good, but he is very accented. Wijckmans starts with some typical interview questions, and Harry continues to show his gaze to his right as he answers. He talks about various coding languages and drops the names of frameworks he knows well. Wijckmans begins to ask deeper technical questions. Harry pauses. He looks confused. “Can I rejoin the meeting?” he asks. “There’s a problem with the microphone.” Wijckman nods, and Harry disappears.

A few minutes pass and I begin to worry about scaring him, but he returns to the meeting. His connections aren’t that good, but his answer is clearer. Maybe he resumed the chatbot or had his colleagues guide him. The call runs for a few more minutes and says goodbye.

Our next applicant calls himself “Nick.” On his resume, he has a link to a personal website, but this guy doesn’t look like a profile picture on the site. This is his second interview with Wijckmans and it’s certainly he’s fake it. He is one of the applicants who failed a background check after the first call, but he does not know that.

Nick’s English is worse than Harry’s. When asked what time he is, he corrects himself and says he’s “6 years old and past” before saying “7 from the quarter.” Where does he live? “I’m in Ohio for now,” he glows like a kid who’s got something from a pop quiz.

Flash News

“This needs to be a little more clear.”

Not every degree is worthless. These universities are most likely to make you hundreds of millions of dollars

“Suspicious” business owned by critics of the vocal mayor of Illinois, destroyed in a fire

The trademark conflict between Robo-Dog ‘Champak’ Sparks Bcci and Delhi Press

Can’t wait to see 10 new movies this May on Netflix

National Security Advisor and Deputy leaving the White House