Special Features

Cybersecurity Month

‘How not to hire a North Korean plant posing as a techie’ guide updated by US and South Korean authorities

Advise turning off and never using remote desktop protocol, prohibiting private VPNs, not trusting recruiters’ due diligence


US and South Korean authorities have updated their guidance on how to avoid hiring North Korean agents seeking work as freelance IT practitioners.

Thousands of North Korean techies are thought to prowl the world’s freelance platforms seeking work outside the Republic. Kim Jong Un’s regime uses the workers to earn hard currency, and infiltrate organizations they work for to steal secrets and plant malware. The FBI has previously warned employers to watch for suspicious behavior such as logging in from multiple IP addresses, working odd hours, and inconsistencies in name spellings across different online platforms.

The updated advice adds other indicators that freelancer you are thinking about hiring could be a North Korean plant, including:

The updated guidance suggests requiring recruitment companies to document their background checking processes, to be sure that they can screen out North Korean stooges. Conducting your own due diligence on workers suggested by recruiters is also recommended.

Another piece of advice recommends you should “Keep records, including recordings of video interviews, of all interactions with potential employees.” North Korean freelancers, per previous advice, will be shy of video interviews.

The agencies also recommend technological measures including:

Plenty of that is solid advice for any IT shop under any circumstances.

The advice was published a day after the US Justice department announced the seizure of 17 website domains used by North Korean information technology workers in a scheme to defraud US and foreign businesses, evade sanctions, and fund the development of the North’s weapons program.

US authorities have previously seized $1.5 million of revenue generated by those sites.

North Korea has “flooded the global marketplace with ill-intentioned information technology workers,” said Special Agent in Charge Jay Greenberg of the FBI St. Louis Division.

“This scheme is so prevalent that companies must be vigilant to verify whom they're hiring. At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities. Without due diligence, companies risk losing money or being compromised by insider threats they unknowingly invited inside their systems.”

Check Chinese professors, too

The updated advice was issued the day after the nations of the Five Eyes alliance – Australia, Canada, New Zealand, the UK and the USA – warned at a summit that China’s industrial espionage efforts have again increased.

As part of the Five Eyes announcement, Mike Burgess, director-general of security at the Australian Security Intelligence Organisation, revealed that the agency recently detected and disrupted a Chinese operation involving a visiting professor who came to work at an unnamed Australian research institution but was first recruited by Chinese intelligence.

“The spymasters gave him money and a shopping list of intelligence requirements and sent him to Australia,” Burgess revealed.

“The academic set his Australian students research assignments that specifically covered many of the intelligence requirements," he recounted.

“ASIO intervened and removed the professor from the country before any harm could be done,” Burgess said, adding “This sort of thing happens every day in Australia, just as it happens in all our countries.” ®

Send us news
51 Comments

NTT boss takes early retirement to atone for data leak

No mere mea culpa would suffice after 9.2 million records leaked over a decade, warnings were ignored, and lies were told

Electronic Arts frags hundreds of workers 'to grow fandom'

Dating app Bumble also finds breaking up is easy to do for a third of its crew

Australian supercomputer 'Taingiwilta' comes online this year with [REDACTED] inside

Exec in charge laments that in defence HPC down under, you can pay a veteran expert a mere web dev's salary

North Korea running malware-laden gambling websites as-a-service

$5k a month for the site. $3k for tech support. Infection with malware and funding a despot? Priceless

A visa to fill Australia's empty tech jobs is getting more expensive, but maybe better value

Application process gets a massive overhaul

US Air Force's new cyber, IT skill recruitment plan: Bring back warrant officer ranks

Officer pay, limited command duties and writing 'code for your country'

Samsung heir Lee Jae-yong acquitted of stock manipulation charges

What a surprise, said no one

Think tank warns North Korea uses AI for battle planning, maybe using cloudy resources

Calls for clouds, and scientists, to take care they're not aiding Pyongyang

Seoul restores smartphone subsidies because premium handsets are apparently essential

Buyers in Samsung's home will be offered cheaper Galaxies

Cloudflare defends firing of staffer for reasons HR could not explain

It's certainly not a layoff, net-taming biz insists

Kia crashes CES with modular electric vehicle concept

It's about time someone figured out how to make swappable bits for EV skateboards

'Only 700 new IT jobs' were created in US last year

Pandemic overhiring + AI-generated cuts at the entry level = A bad year to be a techie, says Janco