> Nowadays, Leggio told Fortune he won’t even set up an interview with a candidate who seems promising on paper unless they agree to one final step.
“Say something negative about Kim Jong Un,” Leggio tells potential job candidates, referring to the third-generation authoritarian Supreme Leader of North Korea, officially the Democratic People’s Republic of Korea (DPRK). Through research, Leggio learned insulting the DPRK’s Supreme Leader is forbidden, and North Korean citizens could face serious punishment for showing anything less than reverence.
“The first time I ever did it, the person started freaking out and cursing,” said Leggio.
The job seeker subsequently blocked Leggio across all social media platforms. Now Leggio makes the same request before every single interview. Other startups and founders he knows are asking the same thing of job seekers, he said.
That's because you are assuming the DPRK's culture is like western culture. It isn't. They have secret police everywhere and if you say anything that isn't positive about the state, you will get disappeared and your whole family probably will too. This is understood at a very young age. They would need have to have a group of people isolated from this practice since birth for a couple of generations before they can pass this test.
I wonder if "double talk" work here. After all this is similar to "what is your weakness" interview question, but the subject is Kim jong un instead of you
> “The first time I ever did it, the person started freaking out and cursing,” said Leggio.
That one weird trick to get the North Korean NPC to malfunction!
But I’m sure that the NPCs who honestly believed that the North Koreans honestly believed that they found a unicorn will think this is both hilarious and completely true.
I love it. That’s genius. Though I wonder if they’d be a special exception: You can talk bad about Kim if American Evil Capitalists force you as long as you get in and bring in the dough.
I am afraid they are a lot more cynical than we give them credit, though.
I wonder how effective the propaganda apparatus in inside North Korea really. And also… I wonder if there’s a bit of a gap of stuff that is, like, not something that a westerner would be aware of.
Like if the person says “the carrot harvest was terrible last year and the uniforms are very itchy, it’s like he’s correctly but annoyingly prioritizing other things” they might be a spy.
I mean that is a silly example but you get the idea hopefully.
Russia/Ukraine has similar gotcha screening question: "Crimea belongs to ... whom?"
pro-Russians will try to weasel and twist themselves into pretzel justifying Crimea annexation. Pro-Ukraine will have the opposite answer.
similar thing in USA: try to force any US public figure to condemn genocide in Gaza or apartheid in Palestine... and you will be deported, canceled, and debunked on the spot.
or try to ask any US public figure to condemn any of the US wars, or the way US public was led into supporting them and do the math on who picked up the tab of the war...
You’re comparing politicans to regular people. Politicans have a vested interest in saying very specific things (in public) in order to maintain their myriad of alliances. Regular people that you accost in the street can say whatever they like, lie if it is convenient, if it furthers their own goals. Yes, Eastern Europeans have the ability to lie and aren’t bots programmed by Zelensky/Putin.[1]
[1] Not that they will necessarily believe or be on the same page as what the government says but we can stop here.
My company accidently employed on for about 3 days until we realized what was happening and cut them loose.
I recognize this was likely sourced from a PR agency working for a security product meant for global employee verification but I can attest they are addressing a real problem.
How is your recruiting process going to improve to catch that in the future? Seems like a pretty big screwup, hopefully he wasn't given any sort of admin access.
If you think the issue of devs using fake identities is a problem limited to the Fortune 500: I talked with a 6-person startup who very nearly hired a person who could have been from anywhere else than they claimed, including North Korea. All they know is the candidate used an AI filter to make them look like a Polish person [1] - and this startup recorded when they caught this faker.
This is a full-remote startup and they have now added a mandatory in-person interview to their recruitment loop.
Amusingly, in their case, using local job boards did not help: they got candidates pretending to from Poland or Serbia, yet not speaking the language.
A little sad to see how each episode like this casts more doubt and uncertainty into full-remote interviewing.
So whenever I have gotten a job in tech, I've had to complete a background check if I get the job offer. How exactly are these fake profiles passing basic background checks?
They would have to be impersonating real people if pretending to be Americans. Unless these companies aren't doing the most basic background checks beyond just looking at resumes and LinkedIn profiles. Pretty weird and seems not too difficult to prevent...
The article gets into this where real Americans do job interviews and if they get a job they can keep 30% of the salary and have to pass off the remaining 70%:
> In the IT worker scheme, once someone involved gets an interview, North Koreans use remote-desktop tools to help coach people through the Q&A with a recruiter.
> Aidan Raney, founder of Farnsworth Intelligence, posed as an American willing to help North Koreans to investigate the issue for a client who almost hired a fake engineer. During the course of two video calls with three or four people who all said their names were “Ben,” Raney learned the details. “The Bens” would handle all the upfront work for him—creating a fake LinkedIn profile to verify his new identity for U.S. recruiters, formulating a bio, and sending it out to dozens of job postings with a new Gmail address they set up.
> The Bens even modified Raney’s headshot to a black-and-white photo so it wouldn’t resemble his usual picture, Raney told Fortune. If Raney got a job, he would show up for meetings, like a morning stand-up or scrum, and go about his day while a North Korean engineer handled the workload. Raney would be allowed to keep 30% of the salary but had to transfer 70% to the Bens using crypto, Paypal, or Payoneer.
> “What they were trying to do was use my identity to bypass background checks, and so they wanted this fake persona they created to be extremely close to the real-life version,” said Raney.
> The Bens got Raney an interview, and while it was ongoing, they used a remote-desktop application to set up a notepad on Raney’s screen so they could write out responses to the questions from the interviewer, Raney explained. And it worked: Raney got a verbal offer for a job with a private government contractor that paid $80,000 a year.
> He then had to immediately turn around and tell the company he couldn’t accept the offer and apologize for claiming their time.
If you’re a state actor it probably wouldn’t be too hard to create US citizen IDs anyone could fall into.
Hack a hospital to give a birth certificate for a new born baby (easily within NK’s reach), and then mail the documents for a SS card. In eighteen years have an agent take the GED and SAT, and score well enough to get into state school. Then graduate and apply to the list of target companies you want to infiltrate.
You’d have to go pretty deep into someone’s identity to unearth this sort of approach. Probably not enough for a military clearance, but enough for anything not directly defense related.
You can probably buy 90% of the data you need from a broker. Also Equifax leaked all of our personal data too. This is the consequence of all the data leaks and legal harvesting.
Imagine that your reputation didn't matter, getting sued was out of the question, and there was no criminal liability: your job, backed by the government, is to be employed by as many tech firms for as long as you can, you'd probably work pretty hard on coming up with a reasonable but very good resume and work hard on how to interview well. Now, you're a professional interviewer and might conduct 10x-100x more interviews than your average dev, and have a network of people helping you optimize your cheating.
Given that background, I personally find it unsurprising that they're having success and AI tools are just making it that much easier
Absolutely damning of the tech industry’s interviewing and recruiting process if companies can’t distinguish between a “professional interviewer” (regardless of their nationality) and an actually talented candidate who does one interview a year or so.
This mentions the Fortune 500, and some of the financial companies I'm familiar with treat IT like janitors and have no qualms getting the lowest crap devs whom they can boss around. They don't want good devs and someone part of a team.
Whoooeeee, I bet those companys heaved a sigh of relief to find out that they were hacked by North Korea, and not investigative jounrnalists or some uppity regulators, yup, just Emperor Kim takin his cut, and you know you can trust him to keep his mouth shut about anything he knows.
Readit News
This doesn't pass the smell test.
https://libertyinnorthkorea.org/learn-nk-challenges
https://www.pbs.org/independentlens/blog/what-happens-to-you...
That one weird trick to get the North Korean NPC to malfunction!
But I’m sure that the NPCs who honestly believed that the North Koreans honestly believed that they found a unicorn will think this is both hilarious and completely true.
I am afraid they are a lot more cynical than we give them credit, though.
Like if the person says “the carrot harvest was terrible last year and the uniforms are very itchy, it’s like he’s correctly but annoyingly prioritizing other things” they might be a spy.
I mean that is a silly example but you get the idea hopefully.
pro-Russians will try to weasel and twist themselves into pretzel justifying Crimea annexation. Pro-Ukraine will have the opposite answer.
similar thing in USA: try to force any US public figure to condemn genocide in Gaza or apartheid in Palestine... and you will be deported, canceled, and debunked on the spot.
or try to ask any US public figure to condemn any of the US wars, or the way US public was led into supporting them and do the math on who picked up the tab of the war...
[1] Not that they will necessarily believe or be on the same page as what the government says but we can stop here.
I recognize this was likely sourced from a PR agency working for a security product meant for global employee verification but I can attest they are addressing a real problem.
We're a startup so I don't think the end goal was to scam us per se but more to get money or more likely build credibility.
This is a full-remote startup and they have now added a mandatory in-person interview to their recruitment loop.
Amusingly, in their case, using local job boards did not help: they got candidates pretending to from Poland or Serbia, yet not speaking the language.
A little sad to see how each episode like this casts more doubt and uncertainty into full-remote interviewing.
[1] https://news.ycombinator.com/item?id=43340994
Deleted Comment
They would have to be impersonating real people if pretending to be Americans. Unless these companies aren't doing the most basic background checks beyond just looking at resumes and LinkedIn profiles. Pretty weird and seems not too difficult to prevent...
> In the IT worker scheme, once someone involved gets an interview, North Koreans use remote-desktop tools to help coach people through the Q&A with a recruiter.
> Aidan Raney, founder of Farnsworth Intelligence, posed as an American willing to help North Koreans to investigate the issue for a client who almost hired a fake engineer. During the course of two video calls with three or four people who all said their names were “Ben,” Raney learned the details. “The Bens” would handle all the upfront work for him—creating a fake LinkedIn profile to verify his new identity for U.S. recruiters, formulating a bio, and sending it out to dozens of job postings with a new Gmail address they set up.
> The Bens even modified Raney’s headshot to a black-and-white photo so it wouldn’t resemble his usual picture, Raney told Fortune. If Raney got a job, he would show up for meetings, like a morning stand-up or scrum, and go about his day while a North Korean engineer handled the workload. Raney would be allowed to keep 30% of the salary but had to transfer 70% to the Bens using crypto, Paypal, or Payoneer.
> “What they were trying to do was use my identity to bypass background checks, and so they wanted this fake persona they created to be extremely close to the real-life version,” said Raney.
> The Bens got Raney an interview, and while it was ongoing, they used a remote-desktop application to set up a notepad on Raney’s screen so they could write out responses to the questions from the interviewer, Raney explained. And it worked: Raney got a verbal offer for a job with a private government contractor that paid $80,000 a year.
> He then had to immediately turn around and tell the company he couldn’t accept the offer and apologize for claiming their time.
The moral issue aside, anyone who accepts less than 200% is a sucker. Otherwise it’s better to just get a real job.
Hack a hospital to give a birth certificate for a new born baby (easily within NK’s reach), and then mail the documents for a SS card. In eighteen years have an agent take the GED and SAT, and score well enough to get into state school. Then graduate and apply to the list of target companies you want to infiltrate.
You’d have to go pretty deep into someone’s identity to unearth this sort of approach. Probably not enough for a military clearance, but enough for anything not directly defense related.
https://news.ycombinator.com/item?id=43612448
How do you choose between a well qualified legitimate candidate and a extremely well qualified 'appears to be' legitimate candidate?
These people are presumably not advertising themselves to be from Pyongyang.
Given that background, I personally find it unsurprising that they're having success and AI tools are just making it that much easier
Legitimate? Seems unlikely, given the state of affairs in North Korea
Deleted Comment
Yes. https://www.yahoo.com/news/hermit-kingdom-north-korea-became...