Cybercrime , Cyberwar / Attacks on nation states , Fraud management and cybercrime
Program results in companies unknowingly funding sanctioned weapons programs
Prajeet Nair (raprajeetparle) •
May 18, 2022
North Korean IT workers have tried to secure public and private sector jobs in the United States to fund their home country’s weapons of mass destruction and ballistic missile programs, according to advice from US federal agencies.
See also: Live Webinar | Remote Employees and the Big Resignation: How Do You Handle Insider Threats?
“There are reputational risks and potential legal consequences, including designation of sanctions by U.S. and UN authorities, for individuals and entities engaged in or supporting [Democratic People’s Republic of Korea] Activity related to computer workers and the processing of associated financial transactions,” the US Department of State, US Department of the Treasury and the FBI said in a notice.
The notice states that North Korean IT professionals are taking advantage of the existing demand for specific IT skills, particularly in software and mobile application development, and are trying to secure freelance work contracts from clients around the world, especially in North America, Europe and East Asia.
While the US government’s warning may seem unlikely at first glance, it combines a mix of cyber skills and old-fashioned craftsmanship with a motive that makes sense for the DPRK, says Sam Curry, visiting scholar at the National Security Institute and former RSA executive. .
“Normally, we think cybercrime is for profit and nation states use it for political or geopolitical gain. North Korea uses cybercrime for geopolitical gain, but given the prevalence of economic sanctions, the main motivation is economic,” he told Information Security Media. Group.
“North Korea needs cash and in this world, cryptocurrencies are the lifeblood of their financially starved regime. spies infiltrating businesses and organizations – This is a reminder to security guards, human resources departments, hiring managers and executives to do background checks well,” Curry says.
Hide their identity
In some cases, according to the notice, IT workers have posed as US-based or non-North Korean telecommuters, and they may still obscure their identity and location by outsourcing work to non-North Koreans. Koreans.
The notice states that a DPRK IT worker can claim to be a third-country national who needs US or Western ID documents and freelance platform accounts to earn more money.
“Hiding their real locations allows IT professionals in the DPRK to violate the terms of service of online platforms and services they use for their business. As part of their business, IT professionals in the DPRK may also use unique and dedicated devices for each of their accounts, especially for banking services, to evade detection through fraud prevention, sanctions compliance and anti-money laundering measures,” says the notice.
Furthermore, while the DPRK’s IT workers “normally engage in IT work separate from malicious cyber activities, they used the privileged access obtained as contractors to enable the DPRK’s malicious cyber intrusions”, according to the report. ‘notice.
It doesn’t specify any particular incidents to back up this statement, but it does offer details on how IT workers in the DPRK operate and provide red flags for companies hiring freelance developers.
“DPRK IT workers engage other non-North Korean freelancers on platforms to offer collaboration on development projects. A DPRK IT worker takes advantage of these business connections to gain access to new contracts and virtual currency accounts used to perform computing work in the United States or European virtual infrastructure, bypassing security measures intended to prevent fraudulent use,” the notice reads.
In addition, the advisory states that these IT professionals routinely use counterfeit, altered, or falsified documents, including forged identification documents and signatures. DPRK IT people usually procure fake documents such as driver’s licenses, social security cards, passports, national ID cards, resident alien cards, high school and college diplomas, work visas and credit card, bank and utility statements.
Meaningful support for ADM programs
The notice says that these computer scientists provide a vital revenue stream that helps fund the DPRK regime’s key economic and security priorities, such as its weapons development program.
“DPRK leader Kim Jong Un recognizes the importance of IT workers as an important source of foreign exchange and revenue, and supports their operations. the North Korean government,” the notice reads.
He says most of these IT professionals are located in the People’s Republic of China and Russia, with smaller numbers in Africa and Southeast Asia, and they rely on overseas contacts to get freelance jobs for themselves and to interact more directly with customers.
In addition, the notice states that a large majority of DPRK IT workers are subordinate to and work for entities directly involved in the DPRK’s UN-banned WMD and ballistic missile programs, as well than in its areas of development and trade in advanced conventional arms.
“As a result, the revenue generated by these DPRK computer scientists is used by the DPRK to develop its WMD and ballistics programs, in violation of US and UN sanctions. Many of these entities have been designated to sanctions by the UN and the United States,” the council said.
A DPRK overseas IT worker earns 10 times more than a conventional North Korean worker working in a factory or on a construction project overseas, the report said.
DPRK IT professionals can individually earn more than $300,000 a year in some cases, according to the notice, and IT teams can sometimes collectively earn more than $3 million a year. A significant percentage of their gross income supports the priorities of the DPRK regime, including its WMD program, the notice said.
It says that DPRK IT companies and their employees normally engage in a wide range of IT development work of varying complexity and difficulty, such as mobile and web applications, building exchange of virtual currencies and digital coins, general computer support, graphic animation, online game programs, mobile games, dating applications, applications related to artificial intelligence, development of hardware and firmware, programming of virtual and augmented reality, facial and biometric recognition software and database development and management.
Zero Trust can help
To ensure companies aren’t unknowingly funding the DPRK mission, Curry recommends checking references and vetting resume applications. “These may be ignored or poorly executed in many organizations, but bases can catch spies. At the very least, it will force the DPRK to spend more money on the program and affect its bottom line,” he says. .
Adopting a Zero Trust security approach can help ensure that no implicit trust is placed in any entity within an IT environment.
“This is one more reason why every organization should follow Zero Trust security and follow the principle of least privilege – to ensure that each user only has access to systems they trust and that identity is checked on every access,” says Teresa Rothaar. , security and compliance analyst at cybersecurity firm Keeper Security. “It may sound like common sense, but as an example, companies still provide each user with VPN credentials that give them access to all systems on the network, including visibility into servers, desktops, printers, routers, traffic and file shares.”
In addition to zero trust, privileged access management solutions that enable logging of every action and ensure auditability of every system’s security are essential, she adds.