Sounds pretty excessive. Not familiar with the whole story, but given how painful is to clear an interview process let alone receive an offer makes me think people at some of these companies had to be involved in the scam.
Why is N. Korea in this respect treated as a boogeyman? Chinese literally do this all the time everywhere, and they’re a far greater threat given their government is malicious AND competent. But NK seems to be the punching bag even though they’re not that big of a deal.
It's not that easy fronting a job. I can't imagine one person going through all the interviews and juggle all the communication. Might as well just start your own agency with contractors from India or Philippines.
I think it is a critical omission by this article of this woman's former homelessness. Not that we need to re-litigate that homelessness as a national security issue (though some more urgency may be nice), but this woman is not some unsympathetic traitor, most of what she was doing was over her head. If you watch a few of her tiktok videos, she doesn't seem to clued into what's happening and happy to be normal. It's a shame that it came to this, but I imagine this has happened in other cases that didn't involve state-actors.
No doubt the NK comrades will take care of her and put extra cash in the prison commissary for chips and pretzels.
I wonder if she fully knew how much trouble she could get in and just thought she wouldn't get caught. Or, it was more of a "I am just helping out these nice fellers get jobs. No big deal, I am not bothering anyone" case.
Thats why you have to look after your own people. If you weaken them and make them vulnerable to bad actors this sort of thing will happen. A good argument for a form of socialism no?
From an infosec perspective here part of the problem is the many employers' corporation policy on work from home laptops. These laptops were either rigged with one of two things:
A) remote desktop software such as anydesk
Or
B) a kvm over IP device providing a virtual video, keyboard and mouse session to a remote user over html5/tls1.3
If it's option (b), unless this laptop farm operator had in their possession some special DPRK provided unit that identifies its USB manufacturer ID and device ID as something innocuous, this is a problem.
People are not using sufficiently tight endpoint security policies and logging to identify USB devices that identify themselves as kvm over IP bridges. Or just permit listing a certain set of allowed external USB keyboards and mice (company provided).
And it doesn't have to be some special fancy device. Lots of open source KVM platforms out there let you choose whatever device ID appears for your keyboard and mouse. Here's how to make your PiKVM show up as whatever monitor, keyboard, mouse, cdrom, flash drive, whatever you want.
Unless you're not allowing anyone to use any kind of external monitor and you're not letting anyone use pretty generic and common external keyboard and mice your endpoint software is going to be pretty useless. Even if you give them a mouse and keyboard, all they have to do is tell the remote attackers "its a Logitech MK200 keyboard and mouse" and they can make the PiKVM look like a MK200 keyboard and mouse. Same if you try to limit it to only some specific monitor. EDID data can be easily faked, there's no cryptographic validation of USB device IDs or monitor EDID data at all.
Itt: people hoping shed go to jail..Here's a very small problem-- without intent most perpetrators get off Scott free. She 100% didn't have an intent so she'll be free as she deserves to be.
The amount of remote work scamming going on right now of all types is a real problem. Everyone I know at remote companies has some story about suspicious applicants with fake resumes or even stories about interviewing one person and then someone else showing up on the first video call after they’re hired. That’s not even getting into all of the hires who get 3 remote jobs and then are only available 1/3 of the time, or the remote workers who get a new job and then “quiet quit” and wait for the company to fire them. They realize they can collect an easy 3-6 months of extra paychecks while the company puts them through the PIP process instead of realizing the person isn’t even trying to work there any more.
21 comments
[ 2.9 ms ] story [ 49.0 ms ] threadShe's literally helping North Korea's government siphon money from American companies.
https://www.wsj.com/podcasts/the-journal/the-everyday-americ...
I wonder if she fully knew how much trouble she could get in and just thought she wouldn't get caught. Or, it was more of a "I am just helping out these nice fellers get jobs. No big deal, I am not bothering anyone" case.
예 I mean yes.
A) remote desktop software such as anydesk
Or
B) a kvm over IP device providing a virtual video, keyboard and mouse session to a remote user over html5/tls1.3
If it's option (b), unless this laptop farm operator had in their possession some special DPRK provided unit that identifies its USB manufacturer ID and device ID as something innocuous, this is a problem.
People are not using sufficiently tight endpoint security policies and logging to identify USB devices that identify themselves as kvm over IP bridges. Or just permit listing a certain set of allowed external USB keyboards and mice (company provided).
Change device id to the whitelisted ones.
Then use a hdmi to usb video capture and grab frames from that on the same pico.
That's something very easy to do.
quick cost is 14E, a pico (7E) plus usb to uvc (~7E)
And it doesn't have to be some special fancy device. Lots of open source KVM platforms out there let you choose whatever device ID appears for your keyboard and mouse. Here's how to make your PiKVM show up as whatever monitor, keyboard, mouse, cdrom, flash drive, whatever you want.
https://docs.pikvm.org/id/
Unless you're not allowing anyone to use any kind of external monitor and you're not letting anyone use pretty generic and common external keyboard and mice your endpoint software is going to be pretty useless. Even if you give them a mouse and keyboard, all they have to do is tell the remote attackers "its a Logitech MK200 keyboard and mouse" and they can make the PiKVM look like a MK200 keyboard and mouse. Same if you try to limit it to only some specific monitor. EDID data can be easily faked, there's no cryptographic validation of USB device IDs or monitor EDID data at all.