Do you know everyone you work with personally? Are you certain who you share a work group chat with or who you meet with from time to time? It’s impossible to know everyone, making it easier for bad actors to go unnoticed.
Matthew Isaac Knoot, a 38-year-old man from Tennessee, allegedly helped North Korea fund its weapons of mass destruction program.
He managed to trick American and British companies into hiring IT workers from North Korea by using stolen identities to make it look like those firms were hiring US citizens.
As a result, US tech, media, and finance companies suffered thousands of dollars in damages, and hundreds of thousands of dollars were funneled to North Korea. Moreover, the fake persona created by Knoot was hired too many times, and he was able to build a laptop farm at his home in Tennessee using employers’ computers and even installing unauthorized applications.
This story is just a drop in the ocean, as there’s been an uptick in cases involving bad actors getting corporate IT jobs.
This trend isn’t new or unusual. Countries like North Korea have been dispatching thousands of IT workers overseas for years in an attempt to avoid sanctions and get funds for their weapons of mass destruction program.
But why is no one doing anything about the problem if it's so common?
Well, it’s a bit more complicated than that, as Peter Avery, cybersecurity expert and vice president of security and compliance at Visual Edge IT, explained in an interview with Cybernews.
How hackers get IT jobs
It’s pretty simple to deceive corporations with a good resume and a proper address. Particularly in the past, big corporations outsourced a lot of their workers.
“Around 10 or 15 years ago, there was a big push, especially in programming, to source offshore talent as this came at a huge discount. So, it became commonplace, particularly in app development, firmware, testing, and even support, to have teams that were made up of offshore talent.”
Avery took me through the process of how hackers are likely to get hired. According to him, startup companies in development would use common recruiting websites, “almost like a speed dating or Tinder for jobs.”
There, they would get a hoard of great resumes that “looked absolutely amazing.” From there, they’d do an on-screen interview with the candidate, one which I assume didn’t show their face.
“They would go through everything, it would be perfect, they would hire the candidate, they'd send them a laptop, they'd send them everything they needed, have a VPN back into their main organization, all those things. Then they noticed that suddenly this person never appeared on camera. Then they noticed that the skill sets this person was supposed to have weren't really there,” Avery said.
Hackers will also go through a proxy server that may make it seem like they’re working from the Netherlands or South America when they’re coming from North Korea, Russia, or maybe China.
Avery said that this is more common than we think, but we don’t hear about it because a company that has been burned won’t admit that they’ve potentially leaked confidential information.
And it’s not only hackers – companies face many challenges when it comes to insider threats. The silent coworker at a desk near yours could have been chasing the position specifically to steal secrets from the company. Different analyses also show that mistreated employees are likely to inflict some damage on the company.
Which industries get hit the hardest?
It seems that a couple of major companies, namely Apple and Microsoft, have had their designs and intellectual property stolen by infiltrators hired to spy on the competition.
For example, the BBC reported that a former Apple engineer was charged with stealing Apple’s autonomous driving technology before fleeing to China.
This is just one example of bad actors infiltrating a company to steal trade secrets. But what makes these companies so attractive to bad actors?
It appears that they have a lot of intellectual property and are creating novel solutions that the competition wants to emulate, as Avery said:
“Intellectual property is huge, as we’ve found out with Apple and Microsoft and tons of other companies that are developing unique solutions in both the hardware and software space.”
These companies are finding their intellectual property, designs, and plans strewn across the dark web as they’ve actually been exploited by bad actors from within who have taken their designs and started manufacturing them, Avery explained.
But what’s perhaps scarier is that hackers are targeting critical infrastructure like hospitals and clinics.
“Critical infrastructure is a big target. That’s why there are a lot of federal agencies coming down with mandates on how they’re supposed to protect this infrastructure…so there’s things like having 100% US-based employees no overseas talent at all.”
While we were having this conversation, one question kept popping into my head. “Why?” Why would someone consider participating in such an elaborate ruse?
Why do it?
“Well, money,” Avery laughed. “That’s where it starts, the money.”
Power also plays a role in the reason why people get into this type of complicated situation. “But there’s a third aspect thrown in, and that’s disruption, which drives money and power,” Avery explained.
And why is this happening more now than ever before?
Because it’s just that easy to do, Avery even agreed that this form of data harvesting is much easier than traditional methods like ransomware, which would see a bad actor attempting to infect a target with ransomware and then barter with them for payment.
This is far more discreet, and as Avery said, “The doors are open for you. You walk in, the tables are set, and the meals been made. All you have to do is take it.”
The cases of the North Korean laptop farm and insider ransom plot that we looked at earlier aren’t isolated incidents. They’re part of a growing trend that’s seemingly been going on for decades.
But what are people doing to solve the problem? Well, there are specific vetting procedures in places nowadays, and there is a bigger push to hire more home-grown talent. However, it's apparent that more needs to be done to tackle it.
Maybe it’s worth getting to know your colleagues a little better after all.
Your email address will not be published. Required fields are markedmarked