When a spy takes over IT at your company

John is my “IT Genius.” I trust John, and that’s how it should be when you hire someone who works in IT. They have access to everything. 

It’s also the reason North Korean IT workers are infiltrating American companies. Read on to learn how this works. If you know someone who hires IT folks, be sure to share this important information with them by tapping the social media and email icons at the end.

What you see may not be what you get

The U.S. Treasury Department and the FBI have a warning for anyone hiring for IT positions. Dozens of Fortune 100 companies have unknowingly brought on North Korean IT workers pretending to be Americans.

Backed by the North Korean government, they apply for jobs using stolen identities, leaving a trail of seemingly legitimate info that passes through HR without a hitch. Their applications may even include AI-enhanced photos.

Once they’re hired, usually working remotely, they hide their actual locations by using VPNs or falsified IP addresses to make it appear they’re based in the U.S. In many cases, their earnings go right back home to fund North Korea’s weapons programs.

‘The Supreme Leader is my real boss’

In May, federal prosecutors charged an Arizona woman who helped North Korean operatives impersonate U.S. citizens. All told, the scheme led to inside IT jobs at more than 300 American companies, including many in the aerospace and tech industries.

If you think your company’s HR team is too sharp to be deceived by a fake applicant, think again. This summer, a big security software company, KnowBe4, was duped into hiring a North Korean tech worker. Their HR department believed they’d onboarded a qualified U.S. IT specialist.

Nope — it was someone using the stolen identity of a U.S. citizen. The man passed multiple rounds of video interviews, and standard background checks verified his (stolen) identity as legitimate.

The company only realized something was up when the guy installed malware on a company-issued Mac. It was likely an info stealer, a program designed to extract data stored on web browsers or gather information left on the device.

Do your homework

Continue reading

Don’t Google these words: A couple searched for “pressure cooker” and “backpacks” on the husband’s work laptop. (I know, right?) Of course, this search got flagged by his IT department … because they’re both homemade bomb ingredients. Just a reminder: Your IT department knows everything you do on a company-issued device.