FBI Wanted List: Fraudulent Remote IT Workers from DPRK
41 points
10 hours ago
| 5 comments
| fbi.gov
| HN
LordGrey
8 hours ago
[-]
Just a couple of days ago, I received an email from our HR department requesting information about a recent hire. Basically, they asked if I or anyone on my team had physically met that person. My company still embraces remote work, and everyone on my team is remote. As luck would have it, the person in question lives near another team member and they had met up for a company function (once).

I assume that the request was related to something like this: Preventing fraudulent remote workers.

reply
hallole
9 hours ago
[-]
Remote jobs? In tech? In this job market? Credit where credit is due...

And, maybe I'm reading too far into it, but this line:

>With these roles, these individuals allegedly abused their access at the companies to steal virtual currency.

makes it sound like they were stealing Robux or something. Could money be laundered through re-selling video game currencies?

reply
kotaKat
8 hours ago
[-]
Sounds like a couple of crypto exchanges didn’t KYC their employees as hard as they do their customers and let them be too close to the casino vaults, as it were…
reply
davidbhead
6 hours ago
[-]
The sophistication of these guys is high. They're hiring US citizens to interview for them and then if they get hired, their work quality is high so they fly under the radar for awhile.
reply
jmkni
4 hours ago
[-]
I wonder how complicit the companies are? They know "Jeff" is a fraud, but his code is great? ¯\_(ツ)_/¯
reply
davidbhead
2 hours ago
[-]
I've thought about the same thing. My company specializes in blocking candidate fraud and we have yet to see anyone who's sentiment isn't "get these people out of here".

Employing a North Korean can create sanctions and criminal risk, so it's not worth it.

From what I've heard from people who have accidentally hired them though, many are great engineers.

reply
phendrenad2
8 hours ago
[-]
Am I reading this right? They're in the U.S. somewhere? How did they get into the country? Do we still think low border security is a good idea?
reply
foxyv
6 hours ago
[-]
Essentially, they steal US social security numbers or ITINs from leaked identities to apply for jobs in the US as US citizens. They then make money for prohibited countries like North Korea while pretending to be that citizen. The mony is exfiltrated through cryptocurrency or money mules. In the meantime they install malware and steal anything that isn't nailed down. Passwords, keys, proprietary documents, cryptocurrency, etc...

Edit: They also recruit US Citizens through "Work from home" schemes to help them engage in the fraud.

reply
platevoltage
5 hours ago
[-]
The majority of people in the country without documented status entered legally.
reply
Kolonie
5 hours ago
[-]
Seems like you didn't read it right.. The trouble with border security is that it is a very expensive way to get a misplaced sense of security.
reply
alephnerd
7 hours ago
[-]
> They're in the U.S. somewhere

Nope. UAE or Laos:

"The men speak English and Korean and have ties to the United Arab Emirates and Laos"

reply
derelicta
8 hours ago
[-]
Honestly, impressive feat on their end.
reply