Threat Management, Governance, Risk and Compliance

North Koreans pose as citizens from other countries for IT jobs at US companies

A national flag flies in North Korea’s propaganda village of Gijungdong on Dec. 26, 2018, in Kaesong, North Korea. (Photo by Korea Pool/Getty Images)

The FBI, Department of Justice and Department of State issued a joint alert warning that North Koreans may be posing as citizens of other countries for remote IT work.

The warning is three-fold: North Korean workers are a reputational problem, a violation of sanctions and potentially open the door for malicious activity — though the workers themselves are not running those operations.

"Although [Democratic People's Republic of Korea] IT workers normally engage in IT work distinct from malicious cyber activity, they have used the privileged access gained as contractors to enable the DPRK’s malicious cyber intrusions," the agencies wrote in their alert.

The alert notes that North Korea sometimes covers its tracks by subcontracting IT work to non-North Koreans who are none the wiser.

North Korea has regularly used cybercrime as a mechanism to supplement a Kim regime beleaguered with sanctions in the past. But the same emphasis on math, science and technical education that produced hackers has also produced a workforce of ready IT employees.

Payments made to those "thousands" of employees for hire, however, may be used to fund the North Korean weapons of mass destruction program, according to the alert.

In 2019, Tyson Meadors, the director for cybersecurity policy for the United States National Security Council, speculated that a North Korea willing to assimilate with the global community could become a dominant player in cybersecurity industry.

"If we brought North Korea into the rest of the economy of the world … they could be a relatively complementary partner in the global economy," he said.

With the global demand for IT employees, Monday's alert claimed North Korean individuals were making as much as $300,000 a year and teams up to $3 million.

North Koreans were clocked taking a range of jobs requiring a range of technical complexity — everything from developing online gambling and dating applications to biometrics and cryptocurrency — in addition to providing general IT support.

Workers regularly forged documents and used VPNs to hide their identities.

The alert offered several red flags to look out for in hiring remote IT workers, including signs of fraudulent reviews on freelance sites, excessive bidding on projects with a low acceptance rate, continuous logins for more than a day at a time, frequent bank transfers (especially to Chinese banks), requests for payment in cryptocurrency and reliance on templates for communications and work product.

There is one bright side to being solicited by North Korea, however. Anyone with information regarding North Korean cyber activities is eligible for rewards up to $5 million through a Department of State tip program.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.