21 comments

[ 2.9 ms ] story [ 49.0 ms ] thread
paywall, but when I remember hearing about this I couldn't believe she wasn't being charged with treason.

She's literally helping North Korea's government siphon money from American companies.

I cannot believe North Korean hackers are having better luck finding a job these days than I am.
Only 8 1/2 years? I guess this is what you'd call "light treason".
When you hire a 10x developer who is literally 10x developers :-D
Sounds pretty excessive. Not familiar with the whole story, but given how painful is to clear an interview process let alone receive an offer makes me think people at some of these companies had to be involved in the scam.
Serious question, if she had been a front for Americans or say German nationals - what would be the charges and sentencing?
Why is N. Korea in this respect treated as a boogeyman? Chinese literally do this all the time everywhere, and they’re a far greater threat given their government is malicious AND competent. But NK seems to be the punching bag even though they’re not that big of a deal.
(comment deleted)
It's not that easy fronting a job. I can't imagine one person going through all the interviews and juggle all the communication. Might as well just start your own agency with contractors from India or Philippines.
I think it is a critical omission by this article of this woman's former homelessness. Not that we need to re-litigate that homelessness as a national security issue (though some more urgency may be nice), but this woman is not some unsympathetic traitor, most of what she was doing was over her head. If you watch a few of her tiktok videos, she doesn't seem to clued into what's happening and happy to be normal. It's a shame that it came to this, but I imagine this has happened in other cases that didn't involve state-actors.

https://www.wsj.com/podcasts/the-journal/the-everyday-americ...

No doubt the NK comrades will take care of her and put extra cash in the prison commissary for chips and pretzels.

I wonder if she fully knew how much trouble she could get in and just thought she wouldn't get caught. Or, it was more of a "I am just helping out these nice fellers get jobs. No big deal, I am not bothering anyone" case.

Thats why you have to look after your own people. If you weaken them and make them vulnerable to bad actors this sort of thing will happen. A good argument for a form of socialism no?
From an infosec perspective here part of the problem is the many employers' corporation policy on work from home laptops. These laptops were either rigged with one of two things:

A) remote desktop software such as anydesk

Or

B) a kvm over IP device providing a virtual video, keyboard and mouse session to a remote user over html5/tls1.3

If it's option (b), unless this laptop farm operator had in their possession some special DPRK provided unit that identifies its USB manufacturer ID and device ID as something innocuous, this is a problem.

People are not using sufficiently tight endpoint security policies and logging to identify USB devices that identify themselves as kvm over IP bridges. Or just permit listing a certain set of allowed external USB keyboards and mice (company provided).

You can bypass (b) pretty easily with a raspberry pi pico identifying as keyboard and mouse.

Change device id to the whitelisted ones.

Then use a hdmi to usb video capture and grab frames from that on the same pico.

That's something very easy to do.

quick cost is 14E, a pico (7E) plus usb to uvc (~7E)

Its probably B.

And it doesn't have to be some special fancy device. Lots of open source KVM platforms out there let you choose whatever device ID appears for your keyboard and mouse. Here's how to make your PiKVM show up as whatever monitor, keyboard, mouse, cdrom, flash drive, whatever you want.

https://docs.pikvm.org/id/

Unless you're not allowing anyone to use any kind of external monitor and you're not letting anyone use pretty generic and common external keyboard and mice your endpoint software is going to be pretty useless. Even if you give them a mouse and keyboard, all they have to do is tell the remote attackers "its a Logitech MK200 keyboard and mouse" and they can make the PiKVM look like a MK200 keyboard and mouse. Same if you try to limit it to only some specific monitor. EDID data can be easily faked, there's no cryptographic validation of USB device IDs or monitor EDID data at all.

Itt: people hoping shed go to jail..Here's a very small problem-- without intent most perpetrators get off Scott free. She 100% didn't have an intent so she'll be free as she deserves to be.
Communist dictatorships are the true victims here. I take it you'll take over for your comrade that was arrested by the American pigs?
The amount of remote work scamming going on right now of all types is a real problem. Everyone I know at remote companies has some story about suspicious applicants with fake resumes or even stories about interviewing one person and then someone else showing up on the first video call after they’re hired. That’s not even getting into all of the hires who get 3 remote jobs and then are only available 1/3 of the time, or the remote workers who get a new job and then “quiet quit” and wait for the company to fire them. They realize they can collect an easy 3-6 months of extra paychecks while the company puts them through the PIP process instead of realizing the person isn’t even trying to work there any more.