They cite LinkedIn profiles with 25 connections as easy tell tale signs. Well, I've got news for you: hacked LinkedIn profiles. Happened to a colleague of mine. Profile with more than a thousand genuine, reputable connections got hacked. Picture and name got changed to something East Asian sounding/looking. CV got changed to US defense contracting. Luckily this tripped some automatic account lockdown otherwise it might have well gone undiscovered for a while. Few people will remember every single LinkedIn connection, there's no notification of name change in messages etc. Quite likely this profile was sold to North Korean fake IT workers.
Also, many people like me don't even have LinkedIn profiles. The "pick up your work computer in person" idea sounds like a much more reliable method to me.
Yeah, pick up your computer in person will not work if you live 2d travel away. If my remote job told me to pick up the computer in person after 8h of interviews and tests I'd be seriously pissed off. If they advertised it in the beginning I'd not have applied.
In my country (Poland) courier companies offer this service of "id checking and contract signing". You can have a courier deliver a contract, check the recipient's photo ID and confirm their identity, have the person sign the contract, return it and the courier takes it back.
If there is no such service available there is only one way to prevent this from happening, proper screening of candidates. In my 20+ years of working for Fortune 500 companies in positions not far from the top only 1 - a Japanese one actually screened my educational background and called my references and past employers to verify.
If employees worry they will loose some really good candidates that have no documentable background ask them to do some other security check. Do a video call from the main street of their home town. Or some other thing randomly selected from a set of 5. If the role is really important hire someone to visit the remote worker in their home and deliver that laptop in person. But don't expect them to travel to pick it up.
I'm guessing many people working in security don't have LinkedIn profiles. It's not like you want to advertise a stint in Fort Meade, and then a list of people someone might contact to get access to you, or pull some social engineering. Or advertise your TS/SCI in your profile.
There's more and more places where the less visible presence online you have, the more you're a good fit for the position.
Surely North Korea could arrange people to do this, too. They already have people on the ground in the US e.g. to open bank accounts, and they only need this for candidates that actually get the job, not every interview.
You might say the people who interviewed the candidate should be there when he picks up his laptop. But this is already an extremely remote-friendly company, the interviewers might never be in the office. He's going to pick it up from the IT department in the basement and at best they will take a photograph of his face.
Jeff Geerling recently discussed being contacted by the FBI to learn more about minature KVMs, one of the devices North Korean fake IT workers use to appear to be coming from other countries https://www.youtube.com/watch?v=Lc2hB2AwHso
In this case, the KVMs are plugged into multiple laptops being run in people's basement/spare bedroom, it seems. Someone will earn a set amount per laptop per month, to accept a company-supplied laptop (from a us company) then plug in one of these little KVMs to give a remote worker access without as much ease in detection.
So the main difference over more typical remote desktop methods is that it pretends to be a physical display and keyboard to fool the PC it's remoting into in if it's overly locked down?
Feels like there's otherwise a hundred different ways to already do remote control without any extra hardware.
So I must be really dumb here but what exactly does the kvm do? It's just stated that it has an Ethernet port and an HDMI and therefore can remote control a computer? And he said the North Koreans are putting them on people's computers as if North Koreans breaking into people's apartments is a common occurrence we've all experienced? And why did the FBI contact him about this?
There's obviously some context I'm missing here, I always thought kvm was the Linux kennel virtualization system...
In this context the abbreviation stands for “keyboard, video, and mouse”. These are hardware devices you physically connect to a computer and then you can remotely see the computer’s screen and input keyboard and mouse inputs to it via the network.
> It's just stated that it has an Ethernet port and an HDMI and therefore can remote control a computer?
Yes. That is the purpose of a KVM device.
> he said the North Koreans are putting them on people's computers
What is described here is a scam perpetrated by North Korean state to gain funds despite economic sanctions trying to prevent it from doing so.
The scheme involves someone pretending to be a legitimate remote worker working from a legitimate location, but in reality they are performing the work from North Korea. The person working the remote IT job in North Korea gets a pitance, while the state pockets the larger part of the money paid to them.
As part of the scheme the remote worker gets a laptop from their western employer. Corporate IT installs all kind of security measures on the laptop, but also grants it means to access internal resources. The scammer can’t ship the laptop to North Korea and use it directly because if that gets detected they will be found out and fired. They also can’t install software based remote access tools because corporate IT might detect those too. So they use a KVM to remotely use the laptop from North Korea and stay on the job as long as they can.
> as if North Koreans breaking into people's apartments is a common occurrence
The scheme does not involve North Koreans breaking into apartments.
> And why did the FBI contact him about this?
Who knows. Jeff seems to have described how to use a particular cheap KVM in the past. Likely this KVM device is used by the scammers. Maybe he has connections to the KVMs manufacturer? Maybe the FBI thought he does?
> I always thought kvm was the Linux kennel virtualization system...
It sounds like the North Koreans pay 1 person in the US to have a ton of laptops with KVMs attached to them, and those laptops are remotely used by North Koreans.
Not to be confused with Kernel-based virtual machine (also called KVM):
I imagine they mean a remote KVM. So you remote into a PC sitting in a basement in someones house in the US. You then make all your outgoing internet from thta setup and your IP address would look legit.
But if you had a farm of them and one guy maintaining them, rather than sticking it in your parents basement with nobody to maintain it, that might be something different.
Something is amiss here...Developers make hundreds of applications to even get a reply much less an interview...While apparently, barely English literate North Korean IT workers are getting all the jobs :-) Time to praise the Supreme Leader on LinkedIn ?
Scammers are good at the scam. They are good at telling the right lies, they often work in teams (lead finders, closers, and everything in between), use automation where appropriate, etc.
A single dev might have trouble cracking the lead finding code, the resume code, the interview code, etc while and avoiding telling any lies that will get then fired 3 weeks into the job. But a team who all treat the application process as a full time job? It's a lot easier.
Also when a dev gets good at finding a job, they stop looking. Scammers get good at it and then keep getting better.
Maybe these North Korean scammers could make good money by selling their job application tips and tricks to actual talented out of work engineers. They seem to not be struggling to get these jobs, unlike actual developers who are struggling.
I have gotten multiple emails from wonky email addresses offering to have me interview for jobs and they will take care of the work if I get hired. fake names tons of money for me. I just have to nail the interview.
My resume is shiny enough and I've gotton hired enough times im a good candidate for this kind of scam.
This feels like a very ham fisted approach for them though. 99% of engineers are going to ignore or not take seriously these kinds of out of the blue offers.
These people aren’t constrained by the bounds of reality. They’re applying with claims of having attended Harvard and then worked at Meta and now they’re applying to your company.
> As US-based companies become more aware of the fake IT worker problem, the job seekers are increasingly targeting European employers, too.
All the US companies I've worked for made sure I was legit before I could log into anything, so I assume background checks to be ubiquitous there, save for the cheapest companies. European employers on the other hand...
The thing I don't like is that US companies take it too far, to the point they're violating my privacy and making me uncomfortable.
Why do you need to do a hard credit check before you give me an offer? Why do you need to know exactly how much I owe on my credit cards, car, house, how much I'm paying per month, and how much I've made at every job for the past 7 years?
That feels... excessive. And weird. And kind of unfair. Now you know my paycheck, and the paycheck before that, and how desperate I am. Well, there goes negotiations.
It feels like you're going through some kind of security clearance.
To be honest, getting insight and access to a major company's networks and maybe customer data is perhaps the same kind of risk to the company as it is for the government to give someone access to (top) secret files. It might not be so much a negotiating tactic as awareness that more sophisticated spies and criminals than the ones in the OP article are targeting your company.
> That feels... excessive. And weird. And kind of unfair. Now you know my paycheck, and the paycheck before that, and how desperate I am. Well, there goes negotiations.
- don't or rarely offer remote jobs, so they often don't have this problem.
- even if they do some video or phone interview for pre-screening, they nearly always expect the prospective employee to come to a live interview if they are not weeded out by this pre-screening. It is thus expected that you at least live in a country from where you can easily travel to the place where the employer is located.
- often expect their employees to be able to speak the national language, or at least learn it fast. This also makes times hard for North Korean fake IT workers.
I live in Finland, and while it is not universal it is extremely common for IT-companies to have a working-language of English.
The country is small and hires both immigrants, and people who specifically relocate to start working at the English-only companies, as well as local candidates.
Learning Finnish will obviously make your life easier, in many many ways, but companies themselves do not seem to expect or require it.
I’ve never had this experience. Never once was I flew in for an interview and, in two of the previous companies I’ve worked for, I did not speak the language.
I’ve seen reports from people who were contacted by companies asking to use their identity for jobs. The deal was that the company used their likeness and identity to secure the job, but they would do all of the work and split the paycheck with them.
There are a million reasons why this is a bad idea, but I’m sure they don’t have trouble finding people excited to collect free paychecks.
Great interview, good questions, really solid candidate.
His first day on the job, his English went to shit.
Then he refused to pick up the phone or call me back. Lame excuses about how it’s loud there, then he lost his voice, then scheduled a call with the real “Jeff” the American who couldn’t answer anything about what we had discussed an hour earlier.
Reported to Upwork but I sort of doubt they did much about it.
I also got contacted via LinkedIn by a “normal” profile of a Dutch guy with normal connections, that was even connected to people I know, offering me the same. I politely suggested it’s not a great idea and declined
The background checks don't always work because they typically use stolen identities or use the identities of Americans that they've paid. They basically have to in order to pass I-9 verification.
There are also different levels of background checks. For instance, previous employment verification can be time consuming so some companies skip it. Checking references aren't useful because they can be faked (you have to run background checks with employment verification on the references to make sure they are who they say they are).
Where I am in Europe you couldn't even get a (legal!) job in a bar without showing proper ID, and having your identification (id card number) checked and be present in the contract.
The fact that "fake people" can be employed for high level IT companies in the US is just unfathomable to me.
That’s only one of the scams. You pass background checks if you’re new to the US. It’s a fairly common grift to place contract programmers at big companies with fake degrees and experience, who then send the work back to Asia to be done overnight. It’s easier now with ChatGPT - you can send photos of screens and instantly extract the text.
You also have people who outsource themselves. That’s one of the ways that the people who work multiple jobs pull it off.
I’d be shocked if that was still true after the first time someone tried it. If you’re running an undercover operation, you’re going to give your agents backing to say whatever they need to say to maintain their cover.
If someone asked me to criticize KJU, that would be the end of the conversation. I criticize people on my own or not at all. I suppose I would become a false positive.
Even with the context of knowing the fake worker problem?
If so, I suppose that’s another good reason to ask the question. It filters out both North Korean fakes and people who are going to be doctrinaire about small things.
You'll likely have to be careful with profiling here. You'll probably need to have documentation/proof that you ask this question to all candidates regardless of race or immigration status. And yes, that means you'll need to ask it to people that clearly aren't North Korean (though that maybe be a good thing in general as I'm sure the next step for the NK regime would be to pay people who are not Asian or who have American accents to do interviews if the practice became widespread)
Maybe more likely that they just assume they are caught, or assume the likelihood of getting caught is higher when there is overt screening for North Koreans.
Similar to why email scammers don’t need good grammar, filtering out difficult cases quickly and move on to easier ones.
I don't really understand the logistics of this to be honest. From the article it doesn't sound like these people have false IDs, they just make fake LinkedIn profiles?
In a lot of countries certainly here in Germany your employer has to pay social security contributions and needs your insurance, healthcare information etc. In addition if you're a foreigner you need to know their legal status to see if they can even work. Like what do these scammed companies do, just wire money to some guy they interviewed on social media and ship company property to random addresses? Is that even legal in most places?
They presumably wire the money to a person operating in the US who sends a portion of that money to the NK employee. The US person is then the one in the company payroll files. At least that's my understanding.
We should definitely go after those folks, but it's not pleasant, as many of them may be having their own issues that add to the problem.
One of the big problems with the US, is that we worship money like a god. People will do almost anything, and compromise all their personal values, for money. We have entire industries that sell narratives, rationalizing these compromises.
This is exacerbated by the current employment problems. They keep talking about how unemployment is down, but I think we all know folks that are un (or under-) employed, and the difficulties they are having, finding work.
Someone in that state, is fertile ground for money- and job-laundering bad actors. It sucks to punish them, but that is what we need to do, to discourage the practice.
My understanding is for a US employee, the employer is supposed to confirm eligibility to work in the first 3 days of employment. Some form of government id plus a social security card or a passport or something like that. IRS form I-9
Otoh, if these positions are independent contractors, form I-9 isn't required. Just a tax id for reporting purposes.
I would imagine whoever is hosting the laptops may be authorized to work in the US and could also be convinced to provide identity documentation. I think there's a lot of borrowing of documentation by immigrants/migrants who are not authorized to work in the US; so there's probably a marketplace somewhere too.
In three decades, I’ve had some call me to check a reference only twice for private sector jobs. The federal government actually does this as part of background checks so it works but you need to want to badly enough to pay real money.
The other problem is liability: companies often tell their employees not to give references for fear of being sued if the employee doesn’t work out, and most companies don’t expect useful information from them unless someone left in a way which has a public record like a court case. The federal checks don’t have that problem because not answering honestly is a crime. You’d need some kind of shield for honest statements for the private sector to really get accurate assessments, and that’s tricky to do in a way which allows the most useful opinions.
I would really like to see one of these deepfake videos that managed to trick any competent interviewer into thinking it was real. I couldn't find anything like that on Youtube. Even in highly controlled environments the deepfake videos can be immediately recognized.
I keep hearing about this and honestly I don’t get it how does this continue to happen?
Here I am, a real human, decent person and a nice guy lol
yet I can’t find a good job.
What are these companies doing, how is this possible?
They aren’t telling the truth when they apply. They’ll use stolen identities, fabricated backgrounds, fake reference checks, hacked LinkedIn profiles.
They are professionals at lying and interviewing. When it’s your job to get jobs and you’re doing it with organized support, you will find something.
They also don’t really care if the job is good or bad. They’re just farming any and all jobs they can get and hanging on to them until they’re pushed out. At many companies, that can take years.
The Norks basically just steal a very qualified persons identity and info and then use that info to apply for jobs. So on paper, the job applicant looks pretty good but its just all larping from the threat actors. For being such a hermit kingdom, they are very good at infiltrating large companies and stealing cryptocurrencies.
Readit News
In my country (Poland) courier companies offer this service of "id checking and contract signing". You can have a courier deliver a contract, check the recipient's photo ID and confirm their identity, have the person sign the contract, return it and the courier takes it back.
If there is no such service available there is only one way to prevent this from happening, proper screening of candidates. In my 20+ years of working for Fortune 500 companies in positions not far from the top only 1 - a Japanese one actually screened my educational background and called my references and past employers to verify.
If employees worry they will loose some really good candidates that have no documentable background ask them to do some other security check. Do a video call from the main street of their home town. Or some other thing randomly selected from a set of 5. If the role is really important hire someone to visit the remote worker in their home and deliver that laptop in person. But don't expect them to travel to pick it up.
There's more and more places where the less visible presence online you have, the more you're a good fit for the position.
You might say the people who interviewed the candidate should be there when he picks up his laptop. But this is already an extremely remote-friendly company, the interviewers might never be in the office. He's going to pick it up from the IT department in the basement and at best they will take a photograph of his face.
Dead Comment
https://www.wsj.com/business/north-korea-remote-jobs-e4daa72...
Feels like there's otherwise a hundred different ways to already do remote control without any extra hardware.
Curious what typical rates would be.
There's obviously some context I'm missing here, I always thought kvm was the Linux kennel virtualization system...
In this context the abbreviation stands for “keyboard, video, and mouse”. These are hardware devices you physically connect to a computer and then you can remotely see the computer’s screen and input keyboard and mouse inputs to it via the network.
> It's just stated that it has an Ethernet port and an HDMI and therefore can remote control a computer?
Yes. That is the purpose of a KVM device.
> he said the North Koreans are putting them on people's computers
What is described here is a scam perpetrated by North Korean state to gain funds despite economic sanctions trying to prevent it from doing so.
The scheme involves someone pretending to be a legitimate remote worker working from a legitimate location, but in reality they are performing the work from North Korea. The person working the remote IT job in North Korea gets a pitance, while the state pockets the larger part of the money paid to them.
As part of the scheme the remote worker gets a laptop from their western employer. Corporate IT installs all kind of security measures on the laptop, but also grants it means to access internal resources. The scammer can’t ship the laptop to North Korea and use it directly because if that gets detected they will be found out and fired. They also can’t install software based remote access tools because corporate IT might detect those too. So they use a KVM to remotely use the laptop from North Korea and stay on the job as long as they can.
> as if North Koreans breaking into people's apartments is a common occurrence
The scheme does not involve North Koreans breaking into apartments.
> And why did the FBI contact him about this?
Who knows. Jeff seems to have described how to use a particular cheap KVM in the past. Likely this KVM device is used by the scammers. Maybe he has connections to the KVMs manufacturer? Maybe the FBI thought he does?
> I always thought kvm was the Linux kennel virtualization system...
Same abreviation, but different thing.
https://en.wikipedia.org/wiki/KVM_switch#KVM_over_IP_(IPKVM)
It sounds like the North Koreans pay 1 person in the US to have a ton of laptops with KVMs attached to them, and those laptops are remotely used by North Koreans.
Not to be confused with Kernel-based virtual machine (also called KVM):
https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine
It seems they don’t break into someone’s apartment but instead pay someone to stick a kvm connected laptop somewhere in the apartment.
When i looked at https://www.reddit.com/r/digitalnomad/ a few years ago it didn't seem like any solution really worked reliably.
But if you had a farm of them and one guy maintaining them, rather than sticking it in your parents basement with nobody to maintain it, that might be something different.
Scammers are good at the scam. They are good at telling the right lies, they often work in teams (lead finders, closers, and everything in between), use automation where appropriate, etc.
A single dev might have trouble cracking the lead finding code, the resume code, the interview code, etc while and avoiding telling any lies that will get then fired 3 weeks into the job. But a team who all treat the application process as a full time job? It's a lot easier.
Also when a dev gets good at finding a job, they stop looking. Scammers get good at it and then keep getting better.
My resume is shiny enough and I've gotton hired enough times im a good candidate for this kind of scam.
This feels like a very ham fisted approach for them though. 99% of engineers are going to ignore or not take seriously these kinds of out of the blue offers.
Their resume goes in front of yours in line.
Dead Comment
All the US companies I've worked for made sure I was legit before I could log into anything, so I assume background checks to be ubiquitous there, save for the cheapest companies. European employers on the other hand...
Why do you need to do a hard credit check before you give me an offer? Why do you need to know exactly how much I owe on my credit cards, car, house, how much I'm paying per month, and how much I've made at every job for the past 7 years?
That feels... excessive. And weird. And kind of unfair. Now you know my paycheck, and the paycheck before that, and how desperate I am. Well, there goes negotiations.
To be honest, getting insight and access to a major company's networks and maybe customer data is perhaps the same kind of risk to the company as it is for the government to give someone access to (top) secret files. It might not be so much a negotiating tactic as awareness that more sophisticated spies and criminals than the ones in the OP article are targeting your company.
I think that's partly the point.
Many European employers
- don't or rarely offer remote jobs, so they often don't have this problem.
- even if they do some video or phone interview for pre-screening, they nearly always expect the prospective employee to come to a live interview if they are not weeded out by this pre-screening. It is thus expected that you at least live in a country from where you can easily travel to the place where the employer is located.
- often expect their employees to be able to speak the national language, or at least learn it fast. This also makes times hard for North Korean fake IT workers.
The country is small and hires both immigrants, and people who specifically relocate to start working at the English-only companies, as well as local candidates.
Learning Finnish will obviously make your life easier, in many many ways, but companies themselves do not seem to expect or require it.
There are a million reasons why this is a bad idea, but I’m sure they don’t have trouble finding people excited to collect free paychecks.
Great interview, good questions, really solid candidate.
His first day on the job, his English went to shit.
Then he refused to pick up the phone or call me back. Lame excuses about how it’s loud there, then he lost his voice, then scheduled a call with the real “Jeff” the American who couldn’t answer anything about what we had discussed an hour earlier.
Reported to Upwork but I sort of doubt they did much about it.
There are also different levels of background checks. For instance, previous employment verification can be time consuming so some companies skip it. Checking references aren't useful because they can be faked (you have to run background checks with employment verification on the references to make sure they are who they say they are).
The fact that "fake people" can be employed for high level IT companies in the US is just unfathomable to me.
You also have people who outsource themselves. That’s one of the ways that the people who work multiple jobs pull it off.
that's not a scam - that's the new work smarter, not harder method of earning money.
If so, I suppose that’s another good reason to ask the question. It filters out both North Korean fakes and people who are going to be doctrinaire about small things.
Similar to why email scammers don’t need good grammar, filtering out difficult cases quickly and move on to easier ones.
Deleted Comment
In a lot of countries certainly here in Germany your employer has to pay social security contributions and needs your insurance, healthcare information etc. In addition if you're a foreigner you need to know their legal status to see if they can even work. Like what do these scammed companies do, just wire money to some guy they interviewed on social media and ship company property to random addresses? Is that even legal in most places?
One of the big problems with the US, is that we worship money like a god. People will do almost anything, and compromise all their personal values, for money. We have entire industries that sell narratives, rationalizing these compromises.
This is exacerbated by the current employment problems. They keep talking about how unemployment is down, but I think we all know folks that are un (or under-) employed, and the difficulties they are having, finding work.
Someone in that state, is fertile ground for money- and job-laundering bad actors. It sucks to punish them, but that is what we need to do, to discourage the practice.
Otoh, if these positions are independent contractors, form I-9 isn't required. Just a tax id for reporting purposes.
I would imagine whoever is hosting the laptops may be authorized to work in the US and could also be convinced to provide identity documentation. I think there's a lot of borrowing of documentation by immigrants/migrants who are not authorized to work in the US; so there's probably a marketplace somewhere too.
The other problem is liability: companies often tell their employees not to give references for fear of being sued if the employee doesn’t work out, and most companies don’t expect useful information from them unless someone left in a way which has a public record like a court case. The federal checks don’t have that problem because not answering honestly is a crime. You’d need some kind of shield for honest statements for the private sector to really get accurate assessments, and that’s tricky to do in a way which allows the most useful opinions.
https://www.linkedin.com/feed/update/urn:li:activity:7292604...
They are professionals at lying and interviewing. When it’s your job to get jobs and you’re doing it with organized support, you will find something.
They also don’t really care if the job is good or bad. They’re just farming any and all jobs they can get and hanging on to them until they’re pushed out. At many companies, that can take years.