140 comments

[ 5.2 ms ] story [ 239 ms ] thread
I had similar experiences at my last employer when hiring last fall.

In both cases, the fraud was easily made plain when I asked details about their work history. In one case, they claimed to live in the same metro area I had previously lived for 18 years, but couldn’t answer any basic questions about the place. In another situation, they claimed a workplace that was in a community I was familiar with and that was far too small to have corporate headquarters of any type I wouldn’t be familiar with.

After 5-10 minutes of probing, both candidates bailed on the interview realizing they were wasting their time.

They also exhibited some of the other signs as described at the link - no employment profiles on LinkedIn or just a basic profile, names that didn’t match their ethnicity, etc.

I have no evidence or intuition to conclude they were North Korean, as employment fraud is certainly not limited to North Korea. I can’t imagine either of the candidates I spoke to surviving even casual scrutiny, so I highly doubt this kind of fraud results in much success.

> names that didn’t match their ethnicity

The people I've known from China and Korea have a tendency to adopt traditional English names (Steve, Joe, Mike, etc) because their native names are hard to pronounce for English speakers.

Further, the 2nd generation Asian Americans I've met do often have traditional English names.

Certainly someone of obvious Asian descent and accent who introduces themselves as “Simon” is not a red flag. As you say, some people understandably prefer not to hear their real name mangled every day.

But someone of obvious Asian descent and accent who introduces themselves as “Simon Cartwright” and has vague tales of growing up in London… again, it’s possible, and we should treat each individual with respect and assumption of good intent, but that might make me dig a little deeper.

Adoption makes it entirely possible for an Asian-presenting person to have a European first name _and_ surname and, frankly, is not something you should be asked about in an interview.
Don't ask about it in the interview.

But it might be worth paying extra attention to any clues that they might not have lived in that place and have a falsified history.

As he said, "we should treat each individual with respect and assumption of good intent." But a decent proportion of people showing this particular characteristic will be engaging in employment fraud, and we shouldn't be blind to that signal.

You'd expect an adoptee to have perfect English
You can make no such assumption I'm afraid. You might expect a native speaker to have perfect English, but you'd be wrong.

There are people with issues like dyslexia and people who don't fit the education system and perform poorly.

I've met non-native speakers who have far better spelling, grammar and an enlarged vocabulary than people who have lived in my English-speaking country for their whole lives.

It's very rare for kids adopted from Asia to Europe to have an Asian accent.
I know more than one, and I don’t even live in Europe. Please avoid racial profiling, it’s a fool’s errand.
It's not racial profiling to say that people usually have an accent similar to where they grew up. Or that they usually don't have the accent of somewhere thousands of miles from where they grew up.
Agreed. It’s racial profiling to assume where someone was raised based on their name.
Of course, in theory, there's a possibility that someone named Simon Cartwright, with a North Korean accent, who has amnesia and can't remember a thing about the place they claim they grew up in, is actually not a spy. I personally don't think that's a situation where an employer is required to give the benefit of the doubt.
How many employers can reliably distinguish a North Korean accent from a South Korean one?
Quite a few South Korean descent owned and operated companies are in America. I assume that they would have a decent detection rate.
There is simply more noise than signal with this style of racial profiling and I implore you to do some soul-searching and reconsidering because you are probably harming people without even intending to with your current behavior.
It's really not that complicated...
Can you expand on what you mean? What’s not that complicated?
Life is essentially always that complicated. I have never really had a case where something was less complicated than I thought
IANAL, but I think it's flat-out illegal in the US, not just harmful. (And if it's not illegal, it should be.)

From https://www.eeoc.gov/prohibited-employment-policiespractices:

> An employer may not base hiring decisions on stereotypes and assumptions about a person's race, color, religion, sex (including gender identity, sexual orientation, and pregnancy), national origin, age (40 or older), disability or genetic information.

The person you are responding to led with red flags about locations in their stories.

You are the only person trying to turn this into a racial issue.

Name alone is not a red flag, almost every Asian maintains an English name.
Every Chinese, dunno about other countries.
We're talking about English/European _last_ names though. Definitely possible in today's international world, but much less common.
Yeah, it's hard to know exactly what they meant by that comment, but it seems pretty presumptuous to judge whether someone's name "matches" their ethnicity for so many reasons, not the least of which is that there really isn't any way you should know for certain someone's ethnicity when they're applying at all! Asking about it in an interview is certainly illegal, and even in countries that are mostly homogeneous, there are going to be at least _some_ immigrants (maybe not for North Korea, but the entire premise of the article is that the applicants aren't claiming to be from North Korea in the first place)
What I'm still trying to figure out is how exactly the next step is supposed to work.

One of the first things we ask from both employees and freelancers is a copy of their passport/ID. Would they also have a fake ID with the name they give you (much easier to fake a PDF than a real passport) or just a story, passing you through a legit company? Or is it common to hire people without really knowing who they are?

My nephew’s last name is Brown but his mom is Vietnamese so he looks Vietnamese. Obviously a “mismatched” name isn’t red flag.

But someone named Sam Smith who supposedly grew up in an English speaking country, but barely speaks English is something that might trigger you to look further.

I’m mixed race in a visually non-obvious way. I was born and raised in the bay. What is the “correct” ethnicity that I should try to project with my name?
You have the name you have. You look the way you look. You speak the way you speak. But if you claim to have grown up in one country, or lived for X years with professional success in one city, yet can’t speak the language spoken there and can’t answer simple questions about what you did, where you lived etc? Surely you see why someone would be suspicious, especially as these circumstances add up?

I agree wholeheartedly that you can’t/shouldn’t be suspicious just because someone has an “English” name and looks East Asian, but that together with the other signs is just a bit much.

I wouldn't mind hiring a NKean for my company. Just get them to defect to the US first! Lol
Usually someone allowed to defect has some value in terms of information they can provide. North Korea while a threat, isn’t exactly a near peer competitor. Especially in defense capabilities.
Damn. I dunno, I was just trying to be nice. :(
(comment deleted)
THe NK developer will think, wait, I'm making a fraction of what I'm actually earning, I will smuggle in a Starlink receiver and set up a bank account in China and work for myself. This is how Communist regimes end.
Then his family in NK will be executed or sent to prison
The one who did the interview and the ones who do the coding may not overlap, and as OP mentioned, they don't need to be particularly good. Even if they get fired after a few months, it's still a net win.
From the article:

> They are often required to leave family members behind as collateral to prevent them from defecting while outside their home country.

This is peak tech bro delusion. Well done

In all seriousness though. Defectors from North Korea have been killed longer than you or I have been alive

I can think of maybe 20 countries where people would do this before DPRK, not least China, but quite a few in Europe to, Poland, India. why DPRK? like the level of Pakistan CS grads is probably better than most US ivy league grads, cant imagine DPRK has much of a CS education system.
(comment deleted)
From my discussions with various LE agents and attending a few talks, NK will send them off to some of the best colleges in either India or China to learn programming, computer science, networking, hacking, and etc. to learn and get a good education. Then they either travel back to NK to become part of something like Lazarus Group (NK nation-state hacking group), or they get assigned to something like this employee scheme to obtain and send funds back to NK.
I'm sure they have a few thousand such candidates out and about.

But surely insignificant to the hundreds of millions in China, India, Indonesia etc.

Why DPRK when the alternatives are so much more numerous?

The entire population of DPRK is only 26mil, the entire country is half the size of the city Jakarta.

Most Americans probably outright lie on their CV, that tells you nothing.

More like tens of thousands. The Lazarus Group alone is suspected to be comprised of ~3,500+ people.

If I had to guess, likely because the NK workers are highly motivated to succeed under threats of duress and threats involving their families/own life.

I dont think these employers are willingly hiring DPRK workers over other countries, likely more so that DPRK are more ruthless and aggressive with their application applying processes and have it dialed in pretty well using shared intel and techniques to improve their success rates. Afterall, it is a nation-state backed campaign so they have a lot of resources to put into it.

again, e.g. China is far more equiped and active in this practice

https://m.youtube.com/shorts/A8L4QjIHL4k

using 100s of millions of people out of their several Billion population.

How to differentiate between them and the few thousand DPRK emigrants do the same?

Are they any good at their jobs?

The article makes it sound like these guys are none too bright and not especially well trained. Are companies just that desperate?

Most companies aren't good at tech hiring, and even worse at evaluating engineer output
My company had an issue like this recently, they just had a smart guy take the interview / handle the paperwork and then a completely different guy show up on their first day.

My company is pretty small, so we caught it within an hour of getting him onboarded. But I can see this being trickier in bigger companies, where the hiring process is more disconnected from the team they get assigned to.

Maybe obvious question. Were in-person or video interviews done? Seems so likely to get caught.

So fascinating as well having a person that was paid to do the interview. I guess there is a secret web site where people are waiting to do this as a service?

I overheard a case at a recent job where someone did a video interview with their camera off and were very very clever. Then when they turned up to work, they had a different accent and no clue. They got caught out very quickly.
Video interviews were done, and everything seemed normal at the time. We finally got the impostor to turn his camera on, and I sent a screenshot to the hiring team to confirm.

It seems unlikely that someone living in the US would take the test for someone else, since the risk is just too high. I'm pretty sure this is just straight up fraud you can get in trouble for. My bet is that this was a scam setup outside of the country, and they used a stolen identity to get the paperwork cleared.

Remote work scammers play the numbers game. Fabricating (stealing) identities and applying to jobs is their full-time job.

When you apply for jobs nonstop and can multiply your efforts by applying under a multitude of different names and resumes, eventually you get bites. Push long enough and you might catch a desperate hiring manager who doesn't know how to interview people but is under pressure to fill headcount immediately to hit their KPIs or whatever.

They play it like a numbers game. They also get better by constantly A/B testing their process and practicing interviews over and over again.

A very large investment in time which you think would pay back better as an employment assistance company above board.
A huge part of the arbitrage here is cost of living and cost of labor across national borders. They'd never make the same aboveboard doing employment assistance because their clients would all get locally competitive salaries, which are very low compared to getting hired under the pretense of being in the US.
I guess if they put "cheap competent DPRK programmers available for hire" they wouldn't get enough takers.
> Are companies just that desperate?

Yes. Not too long ago I saw so-so engineer get hired and his manager was desperate enough to overlook some troubling knowledge gaps and the guy's inability to actually do what he was told.

First, I highly doubt this story, because it’s just too perfect of a fodder for your puff piece marketing blog post.

Second, you did not find any confirmed North Koreans at all! Come on, now. How trustworthy are you with such a clickbait title?

Looks like they love to brag about their two founders who are ex-CIA. And by the way, they come from the intelligence community
What an unempathetic read for "worker applies to remote job and going through the incredibly uncomfortable but no less than the necessary desperate steps to try and keep it." Sure you have to reject them due to sanctions but in their absence, would you still? I'm sure there are spies and clearly this company uncovered an operation, but it's hard to judge because I would try it if it meant I could make US money.

Because damn this article is being really overt with the racism which is pretty surprising since it's attached to a company blog. The implication that no one in the entire country of NK could be qualified for anything but the bare minimum for a junior is pretty insulting. I worked in a research lab with Chinese spies— really nice smart folks. I really can't imagine NK being so different as to not have any qualified people.

That's just reality in North Korea. It's not any of the ordinary citizens' faults, but they all essentially have to be assumed to be coerced puppets of the state if they're perpetrating such application fraud. (Though, really, a company shouldn't be accepting fraudulent applicants even if they aren't spies.)

I'm sure there are plenty of North Koreans who are qualified (whether they are or aren't working for state intelligence), just as plenty of people working for Chinese intelligence are smart and qualified and decent people, like you mention, but we don't live in an era of utopian world peace where such things can just be overlooked when giving people access to sensitive systems, and we may not even in ten thousand years from now. We shouldn't expect Chinese tech companies to accept applicants working for CIA or NSA, either.

All this is right and most people get it by the whole country-wide sanctions thing but god I wish we would treat the folks living there with a little more humanity. It's painting with a huge brush to associate a group of remote work scammers, which is what they found, with the whole country. We don't do this with Iran despite similar sanctions— people talk about how awful and regrettable it is to have to cut off so many regular folks just trying to live. It's clearly not even the whole communism/socialism thing because we don't do it with Cuba either. But when it comes to NK (and China) the crazy amount of propaganda has flipped a switch in people's brains that it's not a country of regular people with a shitty government but an impossibly powerful state who has a nuralink into every citizen and company.
(from the indictment link)

> Christina Marie CHAPMAN, a U.S. national, conspired with certain overseas IT workers to affect a scheme to defraud the United States and its agencies. Specifically, CHAPMAN: (i) assisted the overseas IT workers in validating stolen identity information of U.S. citizens so the overseas IT workers could pose as U.S. citizens; (ii) received and hosted laptops issued by U.S. companies to the overseas IT workers in her U.S. residences (a “laptop farm”), so that the companies believed the workers to be located in the United States.

I think if the US govt makes such cases public, puts a few news stories out in popular media, indicating the harsh sentences and such, it might make US citizens think twice about helping NK hackers set up their base here.

>> I added that this is a natural fit for us, because our co-founders came from the US intelligence community including the CIA. Upon hearing this, one suspected North Korean applicant immediately dropped from the Zoom call and never contacted us again.

A few years ago I was getting scammer calls at the same time every day. I started answering as "Fraud desk, Agent Scully". They would hang up instantly and the calls soon stopped altogether.

    > What tipped us off
    > 5. Background noise during their interview that indicated other people speaking in an interview-like setting
The rest maybe false flags, but this really seals the deal. (or... maybe it's just a recent day in Starbucks. But I don't take the risk)

Also, how dare those people apply jobs for an US based cybersecurity firm? Don't they know what cybersecurity firms do? Go apply a Web3 companies, they also uses Vue/React all front-end kids stuff and some of them still got deep pockets.

It must be like a lottery for North Korean devs. Get a job somewhere, you earn dollars for the regime. Get a job with a US cybersecurity firm and pull off a Jia Tan? Now that would be worth a medal from Kim Jong Un himself.
Pulling off a Jia Tan Attack while being employed by US cybersecurity firm is probably a guaranteed way to get FBI involved, unlike the real Jia Tan Attack which did very little outside of shocking the community (at least known to the public).
(comment deleted)
> We also noticed vague cover letter language:

Sadly, the examples in the article are as good as, or better, than letters I've received from US-based devs.

We received a cover letter recently that had something like "[insert company name here]" left in it.
i see that kind of thing in job ads all the time too.
Incompetence, using ChatGPT to write cover letters, or both?

My money's on "both".

When you’re getting your foot in the door, job applications are mostly a numbers game - especially with how many postings are completely bogus (job doesn’t exist, or is already going to an internal hire). MOST of the time I think the cover letter either gets a brief glance or doesn’t get read at all.

If you’ve got to churn out as many job applications as possible just to get an interview with a real company, you’ll go insane if you try to make them all thoughtful, beautiful, and crafted to the specific job posting. Worse: you’ll churn out fewer applications. The job application with a cover letter like weak tea is infinitely better than the job application that you never submit because you’re paralyzed by the need to write something perfect. I had a standard template that I modified slightly for each application, but I kept the time customizing it very low: swapping out a list of skills to highlight, etc.

That being said: after talking to my boss recently, apparently my cover letter helped when I was applying to this job (I’m enthusiastic about this area, so I put in some extra time and let my water nerd show). I think what I said is still probably valid for most junior developer positions, but your mileage may vary.

> MOST of the time I think the cover letter either gets a brief glance or doesn’t get read at all.

That might very well be the case for a big company that receives a ton of applications but the numbers game works both ways: as the person looking to hire somebody, I find it well worth the time to weed out people based on poor spelling, grammar, etc. It only takes a few seconds to spot the bad ones, and it ensures I don't have to waste my time with somebody who has poor communication skills to begin with.

A couple of maths professors I worked with had very poor spelling, grammar, etc. Good luck with your approach, if you are trying to hire a specialist in an area that is not middle management, HR or marketing. Let alone if you need people do something in the physical world such as building, cleaning or moving things.
I'm just surprised to learn someone is actually reading cover letters in this industry.
When an employment fraud seen as SPY activity, and for anyone with whatever reason related to SPY things will finally and definitely be related to CHINA when there's noone involved has any relationship to CHINA.

As a Chinese, OMFG & ROFL.

It's not seen as a spy thing; it's seen as a growing trend of employment fraud from North Korean nationals who are located in China.

Of course, the fact that these people are being dumb enough to apply to a firm composed of former spies and that sells to the US intelligence community is what makes this particular case hilarious.

Most of the indica of "North Korean workers" are also correlates of protected hiring characteristics ("names that didn’t match their ethnicity"). If the United States federal government has a reason to dislike your company, they will use your efforts to suggest illegal hiring discrimination, as they did when they attacked SpaceX for not recruiting "refugees" to work on export-controlled dual use rocket tech.
> No online presence

I wonder how they would screen for new graduates, which might not have much professional work history?

so they would have info about their school - professors, classes, clubs
I always see these lists of "clear signals" they know exactly what is normal... and I often emit at least half of them, companies deserve all the deception they get
The CIA is responsible for scores of human rights atrocities and far-right coups.
(comment deleted)
North Korean engineers aren't nearly as scary as a "Trust and Safety" company founded by ex-CIA operatives.
Or that there's a Trust and Safety industry even exists.
Knowing that the internet is as rife with abuse as sneakerspace, I cannot see how there could not be. If such an industry had spawned a decade earlier maybe The Algorithm would have less unchecked and would not have resulted in so much societal destruction this century.
Are you advocating for techno-authoritarianism?
The problems of spam and fraud exists regardless. We're not going back to better days where this only happened sometimes and a few tweaks to your config shut it down for good.

So maybe you could suggest a better answer instead of asking boring questions.

They make it sound like it’s a lucky coincidence that “these guys just so happened to apply to a company run by ex-CIA North Korea experts!”

I’d guess that there’s a chance that they specifically targeted this company

> I’d guess that there’s a chance that they specifically targeted this company

There's even a chance this never actually happened as presented.

We don’t have any evidence except bogus applicants- this is just speculation at best. Sad it hit front of HN though.
“We” (the readers of HN) don’t have any evidence per se, just a blog post. But I also don’t see why anyone would make up this particular story.
I also don't see why anybody would boast being a "Trust and Safety" company founded by ex-CIA, but here we are. Who knows these guys.
what prevents a middle man that can speak the language who gets hired and ships the work to NK or allows a NK agent to remotely work through computer? also, it's not just the money going to NK, what about the IP being stolen?
Nothing at all, that's why you can absolutely believe someone somewhere is already doing this.
"Cinder is part of a growing list of US-based tech companies that encounter engineering applicants who are actually suspected North Korean nationals. "

Actually suspected? There's nothing in the article that shows they were from North Korea.

Yeah, and they claim that 80% of the applications they consider are now suspected North Koreans. Sounds like they’re putting all the applications that show go into the “barely even trying” pile into the “North Korean” pile instead.
You missed the key word....

> Actually suspected

I actually suspected my grand kid ate my icecream. The icecream was in the fridge, grandkids use the fridge. The icecream was not in the fridge, grandkids take things out of the fridge. The icecream was likely eaten. Grandkids eat icecream. I actually suspect the grandkids ate the icecream. (Turns out grandma ate it with her friends on top of some apple pie.)

Your grandma is into cannibalism? How big was this apple pie? Something about this story doesn't add up.
Yes, she murdered a bunch of apples, her friends, and she ate them, with my icecream.

(English is weird language. :D )

To continue with a deliberate misunderstanding of slang:

> Turns out grandma ate it with her friends on top of some apple pie.

"That's now how I expected to see grandma go, but hopefully she was doing what she loved."

(comment deleted)
I am going to throw some rocks at this, like an old, cantankerous man who is also yelling at you to get off his lawn.

Not because I somehow vehemently disagree, but because I think this just lazy writing, and confusing general trends with a boogie man, just because the boogie man follows the general trends.

BLUF: Yes, North Korean (and other nation state, organized crime group) spies apply to jobs to gain access. None of your indicators of value even cumulatively. Do better.

> No online presence outside of professional networking websites

I do not, and there is whole group of young people do not have an (reasonably traceable) online presence. I have better things to do in my off time than prattle about my bowel movement online for some validation of my existence.

> Completely fabricated job history including office locations that don’t actually exist.

I will give the author this. This is a red flag pointing to someone who is unethical, not that they are NorKs.

> Unable to find these applicants online outside of the standard ...

This is the same as the first one.

> Inability to answer basic questions about the cities in which they allegedly worked

Eh.. I do not remember what I ate for breakfast. That that make me a NorK? I used to commute in a big city for a year. No idea what stop I would have gotten off, or even what line it was that I used. Such things become almost autonomous and forgotten as extraneous information.

> Background noise during their interview that indicated other people speaking in an interview-like setting

Possibly. Or, they work in a coding shop that has the "genius" of open cubicles for some collaboration. This is a red flag pointing to someone who is unethical, not that they are NorKs.

> Highly scripted answers with explicit preference for remote work, and little ability to deviate from the script.

Oh? Are you saying that the interview questions are not scripted questions?

> A mismatch between the name displayed on the resume or networking site, and the candidate’s command of English (e.g. Chris Smith...

I think if the name is "mismatch" this might be a thread to pull. How is the jump to NorK here? Why not Iranian or Russian?

Additionally, have you worked in some STEM research lab lately? Recently I was talking to some and I could not understand a single sentence. Not one. I had to ask them to write it down and I used my bad hearing as an excuse. Some of the lab workers' names would pass for North American. This was in an English speaking country.

Those cover letters are exactly what the recruiting industry is asking the plebeians to generate.

> Taken together, to me these details suggested fake identities.

Indeed it would make me discount the individual to some extent. Jumping to North Korean spy is a wee bit of a leap, at least for me.

> “100% Remote job only without travel”

Or, in general majority of job seekers no longer want to come to the office.

https://www.engage2excel.com/resource/1-2024-job-seeker-surv... (68% would leave job if forced to come in)

https://www.roberthalf.com/us/en/insights/research/remote-wo...

> I started informing candidates...

Why was the travel requirement not included in the initial job postings?

Anyone else noticing the volume on North Korean reporting and headlines creeping up lately? I do not, in the current political climate, consider any of this a good sign.
Yup. It’s first Iran, then North Korea. The consent-manufacturing apparatus is working as intended.
(comment deleted)