Thousands of Remote IT Workers Sent Wages To North Korea To Help Fund Weapons Program, Says FBI (apnews.com) 44
echo123 shares a report from the Associated Press: Thousands of information technology workers contracting with U.S. companies have for years secretly sent millions of dollars of their wages to North Korea for use in its ballistic missile program, FBI and Department of Justice officials said. The Justice Department said Wednesday that IT workers dispatched and contracted by North Korea to work remotely with companies in St. Louis and elsewhere in the U.S. have been using false identities to get the jobs. The money they earned was funneled to the North Korean weapons program, FBI leaders said at a news conference in St. Louis.
Court documents allege that North Korea's government dispatched thousands of skilled IT workers to live primarily in China and Russia with the goal of deceiving businesses from the U.S. and elsewhere into hiring them as freelance remote employees. The workers used various techniques to make it look like they were working in the U.S., including paying Americans to use their home Wi-Fi connections, said Jay Greenberg, special agent in charge of the St. Louis FBI office. Greenberg said any company that hired freelance IT workers "more than likely" hired someone participating in the scheme. An FBI spokeswoman said Thursday that the North Koreans contracted with companies across the U.S. and in some other countries. "We can tell you that there are thousands of North Korea IT workers that are part of this," spokeswoman Rebecca Wu said. Federal authorities announced the seizure of $1.5 million and 17 domain names as part of the investigation, which is ongoing. FBI officials said the scheme is so prevalent that companies must be extra vigilant in verifying whom they are hiring, including requiring interviewees to at least be seen via video.
The IT workers generated millions of dollars a year in their wages to benefit North Korea's weapons programs. In some instances, the North Korean workers also infiltrated computer networks and stole information from the companies that hired them, the Justice Department said. They also maintained access for future hacking and extortion schemes, the agency said. Officials didn't name the companies that unknowingly hired North Korean workers, say when the practice began, or elaborate on how investigators became aware of it. But federal authorities have been aware of the scheme for some time.
Court documents allege that North Korea's government dispatched thousands of skilled IT workers to live primarily in China and Russia with the goal of deceiving businesses from the U.S. and elsewhere into hiring them as freelance remote employees. The workers used various techniques to make it look like they were working in the U.S., including paying Americans to use their home Wi-Fi connections, said Jay Greenberg, special agent in charge of the St. Louis FBI office. Greenberg said any company that hired freelance IT workers "more than likely" hired someone participating in the scheme. An FBI spokeswoman said Thursday that the North Koreans contracted with companies across the U.S. and in some other countries. "We can tell you that there are thousands of North Korea IT workers that are part of this," spokeswoman Rebecca Wu said. Federal authorities announced the seizure of $1.5 million and 17 domain names as part of the investigation, which is ongoing. FBI officials said the scheme is so prevalent that companies must be extra vigilant in verifying whom they are hiring, including requiring interviewees to at least be seen via video.
The IT workers generated millions of dollars a year in their wages to benefit North Korea's weapons programs. In some instances, the North Korean workers also infiltrated computer networks and stole information from the companies that hired them, the Justice Department said. They also maintained access for future hacking and extortion schemes, the agency said. Officials didn't name the companies that unknowingly hired North Korean workers, say when the practice began, or elaborate on how investigators became aware of it. But federal authorities have been aware of the scheme for some time.
Oh! That explains everything (Score:4, Insightful)
This is why we can't have nice things. Remote work is bad! See?!?
Now, BACK TO THE OFFICE! Schnell! Schnell!!
Re: (Score:2)
North Korean workers send abroad to China and Russia then working remotely for US companies.
I'm sure Saint Louis is lovely but why can't it attract local talent to work in its offices?
Re: (Score:3)
Saint Louis is a shit hole.
TFA doesn't make sense anyway... (Score:2)
From TFA:
including paying Americans to use their home Wi-Fi connections, said Jay Greenberg
The dude obviously hasn't got a clue. So the workers in China and Russia pay Americans to access their WI-FI networks from China and Russia? LOL!
Re:Oh! That explains everything (Score:5, Informative)
This has nothing to do with remote work and everything to do with lazy ass companies that don't properly vet the contractors working for them. This happens in every industry but is particularly egregious in defense contacting. Have you ever interviewed for a contracted IT role in the defense space? I have and it was one of the worst job interviews in my life. They simply wanted a warm body. All that mattered was I possessed the required certification for their DoD client and could pass an SF-86. Zero questions about my actual experience. Zero chance for me to ask questions, all attempts shot down with, "We'll cover that after you onboard, when can you start?"
I've seen casting couch interviews in pornos where the actress is treated with more respect than I received in this job interview. A normal job interview is a back and forth, even the bad ones, not here, I was a piece of meat for these folks. At the end, when I told them to remove me from consideration, they were shocked , shocked I tell you, that anyone would pass on a great hourly rate. Then they yelled at me for wasting their time, lol.
It gets worse. I worked for an MSP that had a defense contractor as a client. The client had extremely strict regulatory requirements, one of them being, we could not allow our non-US citizen lawful resident employees to touch any of their stuff. Those US citizens who did work on the account had to go through a DoD background check. Not SF-86 but deep enough that a colleague with a non-violent youthful offender record (shoplifting) was disqualified from working on their account.
Okay, that makes sense I suppose, they did work with sensitive stuff, better safe than sorry....
Except, the security side of their operation was handled by a different firm, an MSSP, and that firm was literally just two US Citizens who outsourced all actual work to India. That's how they evaded the requirement. With subcontractors paid a pittance wage, so double whammy, no loyalty to the US and easily bribed. They had the same level of administrative access we did, meaning, the entire kingdom. This is, apparently, completely legal, and we used to joke that we should just hire some off-shore guys to do our work on the account, since the client was a massive money losing time suck that nobody enjoyed working with.
The worst part, from my perspective, the contractors were completely clueless. I once got a "data ex-filtration" ticket that I traced back to someone streaming a baseball game on his computer. The idiots conflated downstream with upstream traffic and never stopped to ask themselves how someone would use MLB's CDN (which their canned software did identify as the endpoint of the connection) for a data ex-fil. In another ex-fil ticket, they treated an incrementing bandwidth counter as a delta, so, 2k bytes, 4k, 6k, 8k, and so forth, basically 2k every minute. They SUMed that together and came up with 20k, rather than 8k. This is how 30MB of actual traffic -- mostly TCP/ACKs to Microsoft Teams -- over the course of an eight hour business day became many GB of data ex-fil worry. Drop everything and respond to this ticket RIGHT THE FUCK NOW! BAD GUYS ARE DOWNLOADING ALL OUR SECRETS AS WE SPEAK!!!!
I spent many hours tediously documenting how utterly incompetent this "security" team was. We presented it all to the client, expecting them to fire the MSSP. Nope. They kept them around, in part because they were cheap, and also because the number of firms willing to work in this space is very small. All the defense contractor cared about was checking the box on their assessment for "MSSP". That's all that mattered, answering "Yes" to the assessment questions, the quality of work wasn't even a consideration, just passing the assessment so they could keep that sweet Federal money rolling in.
Re: (Score:3)
So you’re telling me these companies pay you good money to half ass a job? Sounds good to me!
Re: (Score:2)
This has nothing to do with remote work and everything to do with lazy ass companies that don't properly vet the contractors working for them.
But then people would complain about the massive invasion of privacy that is encountered during the simple act of finding a job.
There has to be some in-between point where both sides can meet on the question of vetting workers.
Re: (Score:2)
I read that differently. It basically says we have to outlaw offshoring because it's way easier to do something like that from countries with lax immigration laws where it's heaps easier for NKor to plant their people.
Get those jobs back from India! Now!
How about hiring local workers? (Score:2)
Time to make companies liable for supporting terrorist states even if they were only negligent about it. That'll teach them to stop taking shortcuts.
Re: (Score:2)
I guess you missed the part about the workers made it look like they were in the U.S.
Re: (Score:2)
The fault is on them.
Re: (Score:2)
Not a single company anywhere wants to pay more than is required to get who they need. Nothing wrong with that either.
Re: (Score:2)
Not a single company anywhere wants to pay more than is required to get who they need. Nothing wrong with that either.
Haven't seen how much companies will pay, or how many perks they'll give, for CEOs and other C suits because that's the only way to get the talent they need, have you?
Re: (Score:2)
If they didn't want to pay, they wouldn't.
Re:How about hiring local workers? (Score:4, Insightful)
If you take the risk, you should bear the brunt of the consequences.
Re: (Score:2)
Disagree here, I worked at Amazon for nine years. They recognize that skill and experience is valuable, and retention of skilled and experienced employees is highest when they pay higher and treat people better. The average Amazon blue badge makes over $102,000/year with a shitload of benefits, mostly reasonable management, and we got to work on interesting cutting-edge projects that are changing the world. Sure, they expect a ton of work out of you and expect you do it right almost every time, but I rea
Re: (Score:2)
I guess you missed the part about the workers made it look like they were in the U.S.
Perhaps you actually meant: appearing to be remote workers that were located somewhere within the US ?
Re: (Score:2)
I can only see that in the US, we at least noticed it.
You think that doesn't happen with outsourced work in India? It does. The difference is the scale, and the fact that we don't even find out about it because India sure as all hell won't give a fuck and doesn't want to endanger its IT "industry".
Fringe benefits (Score:2)
Were the workers allowed to buy anything to eat with their wages?
What a perverse way of existing (Score:5, Interesting)
In a really weird, cynical way, I guess I’m ok with this. The cream of the NK crop works for us for pennies. Our intelligence agencies know about it, so the info they get is gonna be controlled and probably filled with misinformation planted by the NSA. And, come on, let’s be totally honest - NK’s missile program isn’t any sort of real threat. Whichever beach-ball-shaped JongUn happens to be in power is irrelevant. He knows that the second they launch a nuke, 3 US nukes will fly in the other direction, and the elite NK families will be vaporized. No more palaces. No more french congnac and cuban cigars. No more sleeping with the latest girl-band members. No more secretly sending their kids to the best European and American schools.
NK exists because China wants a no-mans-land between itself and a democratic South Korea. If it ever ceases to function as such, China will roll in and install someone more pliable. JongUn knows who he REALLY answers to. He will sit tightly on those nukes like a a hen on a bunch of eggs.
Re: (Score:2)
NK’s missile program isn’t any sort of real threat
Not to discount your very valid point about US retaliation but I very much doubt you'd say "no real threat" if you lived in Japan or South Korea. The nukes are the least of their worries, NK doesn't have enough of them to destroy either country, and they have yet to prove they can mate an actual warhead to an actual missile. What they do have, in large numbers, are chemical weapons. If you rain those down on a city like Tokyo or Seoul the casualty rate would handily exceed any nuclear strike NK is capabl
Re: (Score:2)
Re: (Score:2)
We could destroy them a lot faster with nukes. That would normally be unconscionable, but given that they’re military targets, largely isolated from civilian populations, and ready to murder large numbers of civilians, you could make the case that such a strike would be lawful (meets military necessity, proportionaity, and distinction).
Not sure it'd come to that, US and SK have very good counterbattery radars, those camouflaged installations are located after the first shot and prioritized for destr
Re: (Score:1)
Love when right wing trolls forget about the word United in United States of America. You know, one nation, unfer God, indivisible and all that jazz.
Fun fact bro, lots of your own tribe out here too. Eastern OR/WA are pretty damned Red, ditto Central CA, and if NK nuked Wyoming I’d wholeheartedly support massive retaliation. We’re all Americans, ya dig?
Re: (Score:2)
Indivisible? The right wing has been working hard the past years to divide the country, why do you think they'd give a shit about it now?
Re: (Score:2)
Our intelligence agencies know about it, so the info they get is gonna be controlled and probably filled with misinformation planted by the NSA.
You're giving the agencies a lot of credit there. I'm much more skeptic about them.
Re: (Score:1)
North Korea exists, because Russia invaded Korea from the north, and the US invaded Korea from the south.
Instead of agreeing, the liberated Korea from Japan, the agreed on: it is part of "greater Japan" and hence needs to be occupied.
Just like east Germany fell to the Russians, and the rest to the other 3 allied forces.
Bottom line: the sour state the current world is in, is all Americas fault.
And the kind of fucked up situation in China is the fault of the invading countries. European ... American, does not
Re: What a perverse way of existing (Score:2)
Re: (Score:3)
Once a year? Ok. But you bring the snacks.
Is there liability for the sellers of WiFi? (Score:2)
What were the terms of this "sharing" of WiFi? Probably violated the TOS of the internet provider.
Did they have reason to know this was being done for a fraudulent purpose?
Re: (Score:2)
If you knowingly sold your Wi-Fi to a hostile foreign state's intelligence service you have bigger problems to worry about than Comcast's TOS. Comcast doesn't have Federal Pound Me In The Ass Prison. Uncle Sam does.
If you didn't know who it was, you're probably clear on the legal front, but I don't imagine the process of interacting with the FBI while that determination was made would be enjoyable for you. You might have a squeaky clean flag saluting bald eagle worshipping "America, Fuck Yeah!" life, do
Companies in St. Louis (Score:2)
Oh please tell me that one of them was BDS [wikipedia.org].
Darknet diaries discussed this is better detail (Score:2)
Darknet Diaries had a great expose of the scam [darknetdiaries.com], which is very relevant for the slashdot community:
It is really desirable is to impersonate someone with a rich Github, (and LinkedIn) history, because that stuff, (historical GIT commits), can't be faked and is what employers look for. One only need to masquerade as the real developer once, to get one remote job while the real developer never has to know.
Darknet diaries doesn't say anything about who these people are, but TFA has now quoted the FBI stating Nor
So, similar to paying taxes to fund the MIC? (Score:2)
Or is there an option to have ones taxes diverted from that that I'm unaware of?
Can we at least get the warheads we send overseas to be painted with smiley faces, and/or the logos of our choosing?
Re: (Score:3)
I’m all for nascar rules being applied to politicians. They are required to wear clothes with the logos of their political donors. Logo sizes being proportional to the dollar amount.
Re: (Score:2)
It's also a pretty honest grift, in the sense that they were actually performing the work for the paycheck they received. (As compared to, say, North Korea just printing fake $USD, which they do). Of course it's also an IT security nightmare for their e
Re: (Score:2)
No, the correct question is "What does a million USD buy in NK?" One million USD is 900 Billion North Korean Won.
Spending that money both internally and externally will affect its buying power but it goes a lot farther that $1M does in the USA.
dollars to donuts (Score:2)
Dollars to donuts that the North Koreans produced a better work product than those that were deliberately outsourced to places like India.
Not Passing the Sniff Test (Score:1)