A couple months ago when I was between tech jobs I got an email from someone who found me on a job board. They were up front with a proposition: I help them land a lucrative, fully remote American...
A couple months ago when I was between tech jobs I got an email from someone who found me on a job board. They were up front with a proposition: I help them land a lucrative, fully remote American tech job (as me), show up for virtual scrum meetings, and set up a tunnel on the company laptop so they can impersonate my location; they do all the actual coding and we split the paycheck 75/25.
No way would I ever even respond to an email like that but it got me wondering if this is actually how some of these North Korean ops begin. The email claimed to be from an individual in Malaysia just trying to make a better life for himself, but who really knows. Could just as likely be a front for a sweatshop in Pyongyang for all I know. It’s serious fraud either way. But assuming I’m not the only software engineer receiving solicitations like this, how many of the rest of them see dollar signs and say yes?
100% - That's how it starts. Last month there was an arrest of some guy in Tennessee that didn't turn them down:...
100% - That's how it starts. Last month there was an arrest of some guy in Tennessee that didn't turn them down:
According to court documents, Knoot participated in a scheme to obtain remote employment with American and British companies for foreign information technology (IT) workers, who were actually North Korean actors. Knoot allegedly assisted them in using a stolen identity to pose as a U.S. citizen; hosted company laptops at his residences; downloaded and installed software without authorization on such laptops to facilitate access and perpetuate the deception; and conspired to launder payments for the remote IT work, including to accounts tied to North Korean and Chinese actors.
I was thinking about that guy. You never know of course, but him being an ordinary American man makes me think it did start out fairly tame. The problem is that the North Korean government cares...
I was thinking about that guy. You never know of course, but him being an ordinary American man makes me think it did start out fairly tame. The problem is that the North Korean government cares 0% for your well-being. They probably started demanding more from him over time, with no real way to back out. Probably threatened him not to at some point.
Tennessee is a fairly low cost of living area, especially in the more rural areas. I could easily see someone living there taking the 25% on a 6-figure job because doing so would allow them so much flexibility.
I'd call it petty fraud if anything. If the work is being performed adequately, at most it's unauthorized subcontracting. Your basically just providing 'overcoming systemic bias' as service.
It’s serious fraud either way.
I'd call it petty fraud if anything. If the work is being performed adequately, at most it's unauthorized subcontracting.
Your basically just providing 'overcoming systemic bias' as service.
I get where you’re coming from but if you’re giving an unknown foreign third party access to a company’s internal systems, that’s a major security risk. And if that third party is in DPRK or some...
I get where you’re coming from but if you’re giving an unknown foreign third party access to a company’s internal systems, that’s a major security risk. And if that third party is in DPRK or some other hostile nation, it’s a violation of sanctions as well.
That’s the worst-case scenario, and it’s 100% plausible (and has happened to others, as discussed elsewhere in this thread). I can’t say for certain if that’s who sent the email I received. Even...
That’s the worst-case scenario, and it’s 100% plausible (and has happened to others, as discussed elsewhere in this thread). I can’t say for certain if that’s who sent the email I received. Even if it was just some guy in Malaysia trying to make a better life for his family, I don’t want to be liable for whatever he does wrong, be it bad code or a botched deployment or who knows what else.
Too many unknowns. Too much risk. Even in the best case, complicity with such a scheme would put me a position with a million ways into a jail cell. The money is tempting, but no way.
A couple months ago when I was between tech jobs I got an email from someone who found me on a job board. They were up front with a proposition: I help them land a lucrative, fully remote American tech job (as me), show up for virtual scrum meetings, and set up a tunnel on the company laptop so they can impersonate my location; they do all the actual coding and we split the paycheck 75/25.
No way would I ever even respond to an email like that but it got me wondering if this is actually how some of these North Korean ops begin. The email claimed to be from an individual in Malaysia just trying to make a better life for himself, but who really knows. Could just as likely be a front for a sweatshop in Pyongyang for all I know. It’s serious fraud either way. But assuming I’m not the only software engineer receiving solicitations like this, how many of the rest of them see dollar signs and say yes?
100% - That's how it starts. Last month there was an arrest of some guy in Tennessee that didn't turn them down:
https://www.justice.gov/opa/pr/justice-department-disrupts-north-korean-remote-it-worker-fraud-schemes-through-charges-and
I was thinking about that guy. You never know of course, but him being an ordinary American man makes me think it did start out fairly tame. The problem is that the North Korean government cares 0% for your well-being. They probably started demanding more from him over time, with no real way to back out. Probably threatened him not to at some point.
Tennessee is a fairly low cost of living area, especially in the more rural areas. I could easily see someone living there taking the 25% on a 6-figure job because doing so would allow them so much flexibility.
I'd call it petty fraud if anything. If the work is being performed adequately, at most it's unauthorized subcontracting.
Your basically just providing 'overcoming systemic bias' as service.
I get where you’re coming from but if you’re giving an unknown foreign third party access to a company’s internal systems, that’s a major security risk. And if that third party is in DPRK or some other hostile nation, it’s a violation of sanctions as well.
More to the point, they literally are the DPRK. These are threat actors who will absolutely compromise their employers’ systems.
That’s the worst-case scenario, and it’s 100% plausible (and has happened to others, as discussed elsewhere in this thread). I can’t say for certain if that’s who sent the email I received. Even if it was just some guy in Malaysia trying to make a better life for his family, I don’t want to be liable for whatever he does wrong, be it bad code or a botched deployment or who knows what else.
Too many unknowns. Too much risk. Even in the best case, complicity with such a scheme would put me a position with a million ways into a jail cell. The money is tempting, but no way.