Fake LinkedIn Profiles, WebEx, and Fiverr: Inside the North Korean IT Worker Scheme

Key elements of the scheme developed by North Korea When acquiring remote work, high-tech jobs work with Americans in mainland soils as facilitators or proxy exchanges for large fees. Cybersecurity experts have created hundreds of millions of millions for North Korea, as Americans spoofed as Americans who were going along with the IT workers’ plot to learn about the inside and outside of the blueprints estimated by US authorities, creating hundreds of millions of Fortune 500 companies.

A message Aidan Lanny sent to his Fiverr profile, which he learned, was made man 24/7 by North Korea. engineer I’m looking to recruit Americans Accomplice It was simple and easy.

“How can I join?” asked Lanny.

The five-word text worked, Raney said, and a few days later, the founder of Farnsworth Intelligence had received a series of calls with his new one. North Korean Handler. Raney has spoken to three or four different people, and it appears that they all claim to be named “Ben” and that Raney knew he was dealing with multiple individuals rather than one.

On the second call, Raney asked Rapidfire questions to learn more great points to serve as a proxy for North Korean software developers. Pose To get as an American Remote Working Technology Job.

How will North Korean engineers handle his workload for him? The plan was to avoid detection using remote access tools in WebEx, Raney said luck. From there, Lanny learns that 70% of the salary earned in a potential job using Crypto, Paypal, or Payoneer must be sent to Benz to Benz, but they handle the creation of the Doctor LinkedIn His profile, as well as job search.

Ben’s told Runny he would do most of the foundations, but they told him he needed to show up at the video conference, the morning rise and scrum. He said they took his headshot and turned it into a black and white photo, which looks different from one of his photos floating online. The persona they cultivated using Raney’s identity is enough for geographical information systems development, and wrote that he successfully developed ambulance software to track emergency vehicle locations in his fake bio.

“They essentially handle all the work,” Lanny said. luck. “What they were trying to do was to use my true identity to bypass background checks and stuff like that.

The vast North Korean IT Worker Scam has been in effect and has been generated since around 2018. Hundreds of millions of revenue per year For the Democratic Republic of Korea (DPRK). In response to serious economic sanctions, DPRK leaders have developed an organized crime ring to collect intelligence to use in Crypto Heists In addition to deploying thousands of trained software developers to China and Russia, you can also get malware operation A legitimate job In hundreds of Fortune 500 companies, according to the Department of Justice.

IT workers are ordered to return most of their salaries to North Korea. The United Nations has been reported Low-wage workers involved in the scheme are permitted to maintain 10% of their pay, while high-paying employees maintain 30%. The United Nations estimated that workers would generate approximately $250 million to $600 million from their annual salary. This money will be used to fund North Korea’s weapons of mass destruction and ballistic missile programs. Ministry of Justice, FBIand State Department.

Over the past two years, I have a DOJ He was indicted Dozens of people involved in the scheme, but cybersecurity experts say prosecutions don’t stop IT fraud in favor of them. In fact, the scheme has grown It’s more refined Over time, North Koreans continue to send numerous applications to open jobs using AI, completing their BIOS and American proxies through interview questions.

Bojan Simic, founder of verification identity company Hypr, said that the social engineering aspects have evolved and that North Korean engineers and other crime rings who mimic fraud are using public information and AI to increase past tactics that have worked for them. For example, IT workers can review employee profiles for a LinkedIn company to learn the start date, then use AI to call the service desk to mask the voice and reset the password. Once you reach the next security question, you can hang up and call back when you know the answer to the next question, such as the last four digits of your Social Security number.

“Two and a half years ago, this was a very manual process for humans to do,” Simic says. “Now, it’s a completely automated process and the person sounds like someone who speaks like you.”

And it’s not just an American accent, but North Koreans are deep. Security guards at Japanese banks told Simic that since most hackers can speak Russian or Chinese, they rarely worried about hackers calling service desks and providing information to employees.

“Now, all of a sudden, hackers can speak fluent Japanese people and use AI to do that,” he said. Simic said it completely covers the risky situation as to how businesses respond to these threats.

Still, there are ways to strengthen employment practices to eradicate job seekers using false identities.

People who apply for work “add a little bit of friction in the process of verifying their identity” often encourage them to pursue easier targets, Simic explained. He said the IP location must be matched to the location of the phone and the camera must be turned on with proper lighting.

In Raney’s case, Bens conducted job interviews with him and used remote access to open a Notepad application on his screen so that he could write answers to recruiter questions during the discussion. This scheme worked. A private US government contractor has verbally offered Lanny for a full-time remote work job that paid $80,000 a year, he said.

Lanny quickly turned around and had to tell the company that he was unable to accept the offer and that he was involved in the incident reaction. investigation For clients.

He eventually lets things die with the North Korean Benz, but before he could, he spent some time trying to get them to open. He asked about their family, or the weather. He texted Benz and asked if he had spent time with his relatives on his vacation. They responded that there was nothing better than spending time with their loved ones, and added a wink emoji. Based on the message, seeing people walking around behind floating above their shoulders during video calls, Raney concluded that the conversation was frequently monitored and North Korean engineers were constantly being monitored.

Lanny’s account was later Publication On the International Spy Museum podcast. Before the episode airs, he should send a note to the North Korean Benz saying, “I’m sorry. Please run away if possible.”

The message was not opened.

LinkedIn instructions on request for comment luck for that update About fighting fake accounts.

A Fiverr spokesperson said the company’s trust and safety team will continue to update its policies to monitor sellers, ensure compliance and reflect the evolving political and social landscape.

In a statement, Payoneer said luck The company addresses the challenges of DPRK operatives posing as IT consultants using robust compliance and monitoring programs.

This story was originally introduced Fortune.com

Flash News

Two men killed at Florida State University were identified as beloved father and foodservice employee.

Today’s NYT Connection Tips, April 19 Answer #678

“Quality” stocks are not visible in this market. That’s what it means for investors.

Haney’s rematch vision: Will you ignore Ramirez’s threat to chasing Garcia’s pedal-stained victory?

Author JK Rowling gives victory lap following the British women’s ruling

Venezuelan immigrants ask the Supreme Court to stop us from “immediate” deportation