North Korea using freelance techies to fund missiles and nukes
You won't see 'Agent of vile murderous autocracy' on their CVs. Or their faces on vid chats
North Korean IT pros are using freelancing platforms to earn money that the nation's authoritarian government uses to fund the development of missiles and nuclear weapons, according to South Korea's government. Seoul therefore wants gig platforms to impose stricter checks to restrict its enemy's activities.
South Korea's intelligence services, national police, and five ministries yesterday published a warning about the North's (DPRK) tactics that opens as follows:
"DPRK IT workers are located all around the world, obfuscating their nationality and identities. They earn hundreds of millions of dollars a year by engaging in a wide range of IT development work, including freelance work platforms (websites/applications) and cryptocurrency development."
Those workers' real job, the warning asserts, is "earning foreign currency and financing nuclear and missile programs for the regime."
To hide their origins and purpose, North Korean IT workers forge fake identities.
"They illicitly collect foreigners' driver's licenses and identification cards and replace the photos on identification documents with their own using Photoshop," the advisory states.
They also use the services of third parties, who create and maintain accounts on freelance work platforms. DPRK agents put those identities to work as proxies to hide their true identities.
Telltale signs you might be dealing with a North Korean freelancer start in job interviews. Such bogus candidates often prefer to meet prospective employers in chat sessions rather than video meetings. If you insist on video, they may claim technical issues make that impossible, but voice-only conversation remains an option.
Employers that insist on video interviews may see the proxy who created the account on the freelance platform, not the candidate.
"Sometimes, even when companies are conducting a real video interview, DPRK IT workers will remotely access the computer of proxy account's owner and demonstrate programming themselves," the warning explains.
South Korea is not happy with freelance platforms: the document published yesterday calls on them to "take tightened measures to verify identity of programmers, such as adding one more authentication step using video call for newly created accounts and requiring client companies to conduct a video interview before signing contracts with freelance programmers."
The South has spotted other characteristic behaviors of North Korean freelancers, among them multiple logins into one account from various IP addresses in a relatively short period of time, and new developer accounts on freelance platforms using the same or similar documents employed by existing accounts.
Seoul wants the freelance platforms to watch out for that sort of thing, and act to prevent abuse.
But this is not just the platforms' problem: South Korea's warning points out that "a significant percentage of DPRK IT workers" are employed by entities sanctioned by the United Nations.
"Therefore, the act of offering employment to DPRK IT workers and paying for their work accompanies reputational risks and potential legal consequences [and] the possibility of violating relevant UN Security Council resolutions."
- Here today, gone to Maui: That's your data captured by North Korean ransomware
- North Korea hits new low by using Seoul Halloween tragedy to exploit Internet Explorer zero-day
- US puts $10 million bounty on North Korean cyber-crews
- Pakistan considers ten-year tax holiday for freelance techies
South Korea warns that Northern techies offer their services for "the development of decentralized applications, smart contracts and digital tokens, as well as mobile and web-based applications that span a range of fields and sectors, including business, health and fitness, social networking, sports, entertainment, and lifestyle."
If you're using freelancers for any of the above, beware! North Korea's government is a murderous authoritarian regime that abuses human rights horribly and regularly conducts cyber ops to further its aims – even exploiting tragedy to spread malware.
South Korea's warning concludes by expressing hope the document "will prove to be helpful in establishing a more secure and reliable online freelance work system and also contribute towards cutting off DPRK's illicit foreign currency revenues which are used for its nuclear and missile development." ®