The FBI, Justice Department and State Department have issued a joint alert warning that North Koreans may pose as citizens of other countries for remote computer work.
The warning is three-fold: North Korean workers are a reputational issue, a sanctions violation, and potentially open the door to malicious activity – although the workers themselves are not directing these operations.
“Although [Democratic People’s Republic of Korea] IT workers normally perform IT work separate from malicious cyber activities, they used the privileged access obtained as contractors to enable the DPRK’s malicious cyber intrusions,” the agencies wrote in their alert.
The alert notes that North Korea sometimes confuses the issue by subcontracting computer work to non-North Koreans who are not wiser.
North Korea has regularly used cybercrime as a mechanism to supplement a sanctions-beleaguered Kim regime in the past. But the same emphasis on math, science, and technical education that produced hackers has also produced a workforce of ready IT employees.
Payments made to these “thousands” of employees to be hired, however, could be used to fund North Korea’s weapons of mass destruction program, according to the alert.
In 2019, Tyson Meadors, director of cybersecurity policy for the United States National Security Council, speculated that a North Korea eager to assimilate into the global community could become a dominant player in the cybersecurity industry.
“If we introduced North Korea into the rest of the global economy…they could be a relatively complementary partner in the global economy,” he said.
With global demand for IT employees, Monday’s alert claimed North Korean individuals earn up to $300,000 a year and teams up to $3 million.
North Koreans have been timed to take on a range of jobs requiring a range of technical complexity – from developing games and online dating apps to biometrics and cryptocurrency – in addition to providing support general computing.
Workers routinely forged documents and used VPNs to hide their identities.
The alert offered several red flags to watch for when hiring remote IT workers, including signs of fraudulent reviews on freelance sites, excessive bidding on projects with a low acceptance rate, continuous logins for more than a day at a time, frequent bank transfers (especially to Chinese banks), cryptocurrency payment requests, and reliance on communication and work product templates.
There is, however, a good side to being solicited by North Korea. Anyone with information about North Korean cyber activities is eligible for rewards of up to $5 million under a State Department tipping program.