North Korean operatives reveal the internal mechanisms of IT fraud

North Korea’s IT Worker Scheme It has become one of the most urgent cybersecurity issues of the Global Fortune 500 company. In recent years, hundreds of businesses have unconsciously hired thousands of North Korean IT workers, providing access to personal information and intellectual property, and opening the way for the US dollar to fund the nuclear ambitions of DPRK authoritarian ruler Kim Jong Eun. US authorities have made public the issue with a joint warning from FBI and Ministry of JusticeAlongside the top cyber experts of choice Please say it About the threat.

said Theodore S. Herzberg, US lawyer for the Northern District of Georgia. luck The office has announced the charges Four IT workers in North Korea This week as part of an organized promotional campaign to encourage business and technology leaders to better understand the threats they face.

“It’s not uncommon for business owners to meet potential partners and employees online,” Hertzberg said in a statement. “But it would be wise for businesses working in this field to hire Americans and, hopefully, directly, to thoroughly consider all potential employees and partners.”

Within IT worker operations

Kim was one of thousands of trained software developers deployed outside of DPRK using stolen identity. Workers’ delegations are forced to send a large portion of their income to the government. Estimateddoes not include billions of people stolen by code robbers.

Kim said luck His minimum revenue target was $5,000 a month until the Covid-19 pandemic led to a boom in the remote IT sector. His target amount doubled when the remote work offering exploded. Money was usually converted to US dollars at local work sites overseas and delivered directly to representatives at North Korea’s headquarters or overseas headquarters.

“My main job was to acquire foreign currency through IT services,” Kim said, according to an email translation of his interview response. “However, during the Covid-19 pandemic, I have often received additional instructions to strengthen the administration’s propaganda online.”

Kim’s interview was promoted People to make Korean reintegration successful (PSCORE), provided translation and access. Pscore was founded in 2006 by North Korean exile Kim Young-Il, and the group has since worked with thousands of other DPRK citizens who fled. PSCORE holds consultation status for the United Nations Economic and Social Council. United Nations Conference and research.

Kim lives in Korea under a different name to avoid putting friends and family members at risk who could be targeted by the DPRK government in retaliation for his actions and interviews with the US media. That cold calculus lined up most North Korean IT workers, PSCORE Executive Director Badanham said. luck.

According to Nam, the scope and control of the administration is far beyond individual IT and other workers stationed abroad.

“Not only their close relatives, but even distant relatives could be punished if their relatives fled from North Korea,” Nam said. “They are sending messages to all the people of North Korea: “If there is a defect from North Korea or if the motherland is betrayed, they will be punished.”

Those who remain behind are often under constant and serious surveillance, Nam explained. DPRK government workers may be tracking families of exiles, as well as the entire neighborhood. The outcome of exile can be devastating.

“In some cases, they send their entire family to a political prison camp and they can’t get out of that camp for the rest of their lives,” he said.

Despite the risks, Kim chose to break the silence by answering questions from some news outlets.

Deception Tactics

Kim’s way of disguising his true identity was elaborate and involved the use of popular technical networking and work websites.

“We used a platform like Facebook. LinkedInfreelancer.com, and upwork.com will pause as clients and post a list of projects. Kim said.

Kim uses the identities of those who have interacted with him on those platforms, whether European or American, to hide herself using the identities of those who sent him a bid. Therefore, he said he used his actual, verified identity to hide himself. Kim has also posted on other platforms freelance.com, guru.comand Toptal, he said.

In his work, Kim received and executed development orders from several American companies. His main areas of work focus on e-commerce shopping sites and sometimes mobile app development. In Europe, he worked on developing healthcare apps. Kim refused to quit the name of a particular company as he said certain sharing could lead to inferences about his personal information.

meanwhile Americans In the US He was indicted To intentionally participate in North Korea’s IT worker scheme borrow their identity Or hosting Laptop Farm In their home, Kim’s experience I was involved I was unconscious in the scheme. He opposed the question calling the Americans involved in the scheme “accomplices.”

“It would be more appropriate to say that they were simply clients who ordered work,” he said. “They never thought we were coming from North Korea.”

He described the conditions he worked as “relatively decent.” The workspace and bedroom were “spacious enough” and the food conditions were “good.” However, if IT workers were not providing financial goals, the job could also be brutal.

“We had to work at least 10 hours a day. If we were unable to meet the assigned goals, we were forced to work more than 18 hours a day,” he said.

He refused to be asked to share information with engaged DPRK workers Crypto Heists He then claims that he “has not been in contact with any individuals involved in those activities.”

He said direct contact with Kim’s family is not possible. During calls between his overseas team and North Korean headquarters, IT workers will occasionally be easily updated on family issues, but as a rule, sharing personal family issues was prohibited.

“We could get information if it felt really serious and necessary,” he said. “On the other hand, if something important happens overseas, such as an accident or a serious illness, information could be passed on to families through the North Korean headquarters.”

Life after the scheme

Kim’s deficiency decision comes at a massive personal cost, along with the harsh reality that even his family and distant relatives could be at risk for him. Nam said fear (coupled with extreme personal risks) would create a psychological trap that prevents most DPRK citizens from even thinking about running away. If a family member tries to contact an asylum, it could become another tool for DPRK control.

“The administration is pushing families to contact Korean exiles and asking for small favors,” Nam said. “If an asylum responds, sending information can slowly turn into situations that are being used as unwilling sources of information.”

Nam said some exiles contacted their families and were subsequently recaptured.

For now, Kim remains in Korea in the face of an uncertain future. He’s skilled at it, so he plans to continue working on the field, but the psychological scars remain.

“As for how I feel, it’s a mixture of joy at gaining freedom and the sadness of losing my family,” Kim said. “From my perspective, it feels like I’ve lost more than I’ve got.”

He estimates that thousands of IT workers are run like him.

If requested, Meta The spokesman declined to comment. LinkedIn Instructions luck for that update About fighting fake accounts. Upwork Director luck for that approach To the threat of national support. freelance.com. , freelancer.com, guru.com, and Toptal did not respond immediately to requests for comment.