Fake LinkedIn, Webex, and Fiverr: Inside the North Korea IT scheme wanders in Fortune 500

• The main component of the northern Koreans planning scheme In obtaining a distance technology jobs with Americans in the main mainland soil to work as a facilitator or an agent-in exchanging huge fees. Cyber ​​security expert has been a US formation ready to keep pace with the IT factor conspiracy to learn the privacy and generalities of the American plans estimated by hundreds of millions of North Korea, and an impact on hundreds of Fortune 500 companies.

Aidan Raney sent to the Fiverr profile that you have learned to be run over 24/7 by North Korea Engineers Looking for American recruitment partners It was simple and direct.

“How can I participate?” Rani asked.

Rani said, a few days later, the text of Farnsworth Intelligence was working on a series of new calls after days North Korea processors. Rani spoke to three or four different people, all of whom claimed the name “Ben”, and it seems that they did not realize that Rani knows that he is dealing with many individuals and not just one person.

During the second invitation, Rani asked quick questions from the shooting to learn the exact points of the service as an agent for North Korean program developers Good As Americans to get Technology jobs from work dimension.

How can North Korean engineers deal with the burden of his work for him? Rani told luck. From there, Rani learned that he would be asked to send 70 % of any salary he got in a possible job to Bens using Crypto, PayPal or Payoneer, while they will deal with a doctorate creation LinkedIn A profile as well as work requests.

The Bens Raney team told that they would do most of the foundations, but they needed it to appear in video meetings, morning stands, and screaming. They even took his head and turned him into a black and white image, so it seems different from any of his pictures floating online. The character they used to use Raney was a good person in developing the geographical information system, and wrote on his fake autobiography that he had successfully developed the ambulance program to track the website of the emergency vehicles.

“They are mainly dealing with all the work,” Rani told luck. “What they were trying to do is to use my real identity to bypass the back checks and such things and they wanted to be very close to my realistic identity.”

The IT fraud in North Korea has been valid since almost 2018 and was born Hundreds of millions of revenues annually For the Democratic People’s Republic of Korea (DPRK). In response to severe economic sanctions, Korea Democratic leaders developed the crime rings organizing intelligence information for use in Encryption And the operations of harmful programs in addition to publishing thousands of program developers trained in China and Russia to obtain Sharia jobs In hundreds of Fortune 500 companies, according to the Ministry of Justice.

IT workers are required to transfer the largest part of their salaries to North Korea. the Inform the United Nations Low -wage workers involved in the scheme are allowed to keep 10 % of their salaries, while employees with a higher wage maintain a 30 %. The United Nations estimated that workers are born about $ 250 million to $ 600 million of their salaries per year. Money is used to finance weapons of mass destruction in North Korea and ballistic missile programs, according to Ministry of Justiceand Federal Bureau of InvestigationAnd Ministry of Foreign Affairs.

In the past two years, at the Ministry of Justice accusation Dozens of people participating in the scheme, but cyber security experts say the accusation regulations have not deterred the profitable information technology fraud. In fact, the plan grew More sophisticated Over time, the North Koreans continued to send many requests to open job jobs using artificial intelligence to master American agents and trainers through interview questions.

Bojan Simic, the founder of the identity company, HYPR, said that the aspect of social engineering has evolved, and North Korea engineers-other crime rings that simulate the fraud-general information in addition to Amnesty International to increase the previous tactics that worked with them. For example, IT workers will look at the company’s employees’ profiles on LinkedIn to learn their start dates, then contact the AI ​​service office to hide their voice to reset their password. Once they reach the following safety question, they will stop and call once the following question is known – such as the last four numbers of the social security number.

“This was two and a half years ago, this was a very manual process for a person to do,” Sikik said. “Now, it’s a fully automatic process and the person will look like someone who speaks like you.”

And not only the American North Korean dialects. A security officer at a Japanese bank told SIMIC that he barely worried that infiltrators who call the offices of information technology and deception of employees in providing information because most of the infiltrators do not speak Japanese – they speak Russian or Chinese, and remember SIMIC.

“Now, suddenly, infiltrators can speak fluently Japanese and can use artificial intelligence to do this,” he said. Seikk said that the risk level was completely lifted on how companies responded to these threats.

However, there are ways to enhance employment practices to clarify job seekers using false identities.

“Add a little friction to the process of verifying the identities of” people who apply for jobs often pushing North Korean engineers to chase the easiest goals. He said that the IP website matchs with the phone site and requires the operation of the cameras with enough lighting, it can come a long way.

In the case of Rani, Pence got a job interview and used a distance access to open the notebook application on his screen so that they could write responses to the recruiter’s questions during the discussion. He said that the plan succeeded: A private American government contractor made an oral offer for a full -time job job that paid $ 80,000 a year.

Rani was immediately forced to circumvent and tell the company that he could not accept the offer and that he participated in the response to the incidents investigation For the customer.

In the end, he left things dying with the North Korean Pence, but before he did so, he spent some time trying to make them open. He asked about their families, or the weather. Send a text message to Bens and asked if they are spending time with their relatives during the holidays. They answered, saying that there was nothing better than spending time with their loved ones, adding expressive icons Wink, which struck Rani as different from the way they usually responded. Depending on the messages, seeing people hovering on their shoulders behind them during video calls, Rani concluded that their conversations were largely monitored and North North engineers were constantly wiped.

It was a Rani account I mentioned for the first time On Humint, an alternative covering the intelligence community. Before Sasha Enbiper, the National Security Correspondent, published her story, Rani Pence North Korea sent a note saying: “I am sorry. Please escape if I can.”

The message has never opened.

Responding to the comment request, directive LinkedIn luck for him to update To fight fake accounts.

A Fiverer spokesman said that the company’s confidence and safety team is watching sellers to ensure compliance and constantly updating its policies to reflect the advanced political and social landscapes.

In a statement, tell Payoneer luck The company uses strong compliance and monitoring programs to combat the DPRK customer challenge who are formed as information technology consultants.

This story was originally shown on Fortune.com