THE OBSERVATION BOOTH
OP / ED & PHOTOS COURTESY ANDREA DIALECT
I was quite impressed when I crossed paths with today’s page jacker at a local chess meet. This one is doing Mocha proud, and he also happens to be an old classmate of my granny’s son. Not only was he an excellent teacher to a somewhat challenging student, but I had the opportunity and pleasure of gleaning quite a bit more gems beyond making moves and learning to cope with the redundancy of hearing “checkmate!”
PAGE JACKIN
By Raiden Pipkins | LinkedIn Profile
North Korean Spies Stealing America’s Tech Jobs
Yes, you heard me right! North Korean spies were recently busted in three separate elaborate schemes to exploit America’s precious $1.9 trillion tech industry. Earlier this year, a woman in Arizona was charged by the FBI for helping North Koreans get jobs in over 300 different technology companies using a combination of identity theft and resume coaching (what the heck??).
The world’s largest security awareness company, “KnowBe4,” was tricked into hiring a North Korean spy, who then proceeded to hack them, stealing trade secrets and highly sensitive customer information. In Nashville, Tennessee, the FBI shut down a similar remote work plot to funnel more cash into Supreme Leader Kim Jong Un’s pockets.
A little over a month ago, KnowBe4 found that they had hired a North Korean spy despite having run background checks and conducting four interview calls. Ironically, KnowBe4 brands itself as “the world’s largest security-awareness training and simulated phishing platform.” Yet, the spy managed to exploit their hiring process.
According to HoxHunt, 57% of organizations experience daily or weekly phishing attempts, while IBM found that phishing was the most common initial attack vector, accounting for 41% of incidents. By 2031, eSentire estimates that ransomware could cost its victims around $265 billion annually, up from $42 billion in 2024.
A Costly Mistake
The first sign of trouble was when KnowBe4 issued the spy a laptop, which was quickly flagged by security software after downloading info-stealer malware. Info-stealer malware is used to copy and steal data, sending it back to the attacker. Upon being questioned about the flagged malware, the spy severed all communication with KnowBe4.
Further investigation revealed that the profile image provided by the spy was an edited stock photo, and the credentials used were stolen from a real person. This was a form of social engineering, a common method of cyberattacks. According to Verizon, email was used to deliver 94% of malware in 2021.
Despite awareness of corporate espionage tactics from countries like North Korea, KnowBe4 still fell victim to their tricks. This raises concerns about the vulnerability of smaller companies lower on the cybersecurity food chain. Are they also easy targets for state-sponsored hackers?
More North Korean Schemes
Shockingly, this wasn’t the first North Korean plot to infiltrate corporate America this year. In May, a woman in Arizona was charged by the FBI for helping North Koreans get jobs at 300 IT companies. According to Dan Goodin, this $6.8 million conspiracy involved a “laptop farm,” resume coaching, and identity theft.
The woman allegedly received company-issued laptops, connected them to VPNs, and allowed North Koreans to remotely control the laptops from abroad. VPNs mask the user’s ID and location, making it appear as if they are working from within the US. A similar scheme was uncovered in Nashville, Tennessee.
Why Does This Matter?
Why is North Koreans working for American companies such a huge issue? Identity theft is a felony and a significant problem in the US. In 2021, the FBI determined that 23.9 million people were victims of identity theft. North Korea is known for stealing corporate secrets and intellectual property, and much of the money they gain is believed to fund their nuclear weapons program.
DID YOU KNOW…
(The image of the gentleman’s headshot)
Both images look lifeless and a bit off, also professional headshots are typically done with a black background. Here there appears to be windows behind the person people in both photos Another thing to note is the size of the neck doesn’t seem to be altered, the man on the left appears to be at least 20-40 pounds heavier than on the right and about 1 inch taller, therefor the neck should be thinner and a little shorter
Word of Advice
As a Certified Professional, here’s my advice:
- Require candidates to turn on their cameras for brief moments during interviews.
- Use or develop software to detect fake profile photos.
- Train employers to identify fake headshot photos, which may look like stock images or AI-generated pictures.
Remember, not even the best in cyber are invincible. Cyberattacks are an arms race between attackers and companies. Complacency leads to failure.
If you enjoyed this article, check out my blog to see the original news story and other similar posts for FREE: Raiden Pipkins Cyber Blog.
DO YOU KNOW ANY OF OUR COMMUNITY ACCESS CONTRIBUTORS?
- If SO LET THEM KNOW THAT THEY’VE MADE THE CUT AND THEY ARE THE TALK OF LOCAL TALK THIS WEEK!
- PASS IT ON!
- LIKE, COMMENT, SHARE!
