How Not To Hire A North Korean Spy

No photo availableCIO Africa authorByCarol Odero
5 min read
Now, CISOs and CIOs face new sanctions-busting North Korean software developers posing as potential hires.
Black female spy
Latasha Lynch as the first female 007, a legit spy.

Did you hear the one about the North Korean spy? He infiltrated a cybersecurity firm.

In what can only be described as a startling turn of events, KnowBe4, a leading cybersecurity awareness training company, unwittingly hired a North Korean spy. In an incident that sent shockwaves through the tech and business community, this fake hire highlighted the growing risks associated with remote hiring practices.

Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA, explained it thus, “Technology is making it easier for bad actors to infiltrate your organisation. They use sophisticated strategies helped by artificial intelligence (AI) to create fake, but believable identities which get them hired and then use proxies in the country to gain access to the company’s IT systems.”

The incident occurred in July 2024 when KnowBe4’s US branch hired who – or rather what appeared to be a qualified candidate for a remote position. It so happens that these North Korean IT workers use fake identities, often stolen from real US citizens, to apply for freelance contracts or remote positions. Despite rigorous background checks and video interviews, the fraudster somehow managed to infiltrate the company by leveraging a stolen US identity. The North Korean used a virtual private network (VPN), logging in at night from his physical location (possibly either China or North Korea), while convincingly portraying themselves as working from the US.

This is a growing nightmare for CISOs looking for new IT hires. The tech market struggles with talent shortages and is in the throes of cybersecurity skills gaps. Now, CISOs and CIOs face new sanctions-busting North Korean software developers posing as potential hires.

North Korea is famed for actively infiltrating Western companies using skilled IT workers who use fake identities to pose as remote workers with foreign companies where they apply for freelance contracts or remote jobs, typically but not exclusively in the US.

KnowBe4 uncovered the deception when their company-provided laptop immediately began downloading malware. Fortunately, they intercepted the attempted attack, preventing any data compromise. The incident, however, did rightly raise serious concerns about the vulnerabilities in remote hiring processes, even for companies specialising in cybersecurity.

All The Lessons Learned

Undoubtedly, the incident gave KnowBe4 a lot to think about, and a chance to discuss how they could enhance their hiring process. “For a cybersecurity company like us to get caught with egg on our face was a big wake-up call,” admits Collard. “We could have kept quiet, but instead we shared our story hoping other organisations could learn from it.” It inspired process changes set up to catch this kind of incident earlier. “For example, in the US, we will only ship new employee workstations to a nearby UPS shop and require a picture ID,” she says.

Because of sophisticated technology, it’s difficult for companies who are hiring to distinguish between who is real and who is fake. “Some methods fraudsters use include fake identities and relying on AI images to evade detection. Their motive is usually to gain access to sensitive company data, either for financial gain or to support the North Korean regime,” indicated Collard. Despite what they are up against, organisations can still outfox these fraudsters, provided the right HR measures are in place such as:

– Inconsistent CV details: Look for discrepancies in birth dates or unexplained gaps in employment history.
– Conducting reference checks: Go beyond email verifications; conduct phone calls to confirm references.
– Overqualification: Be wary of candidates who seem overqualified for the role, as this may be a tactic to avoid scrutiny.
– Camera avoidance: Candidates refusing to appear on camera during interviews should arouse suspicion.
– Digital footprint: Conduct thorough background checks, including social media analysis. A “digital ghost” with no online presence is a red flag.
– Multi-Factor Authentication (MFA): Implement MFA from day one, using hardware tokens sent to verified addresses.
– Secure devices: Provide pre-configured, secure devices to new hires, restricting access to sensitive information until trust is established. Also, scan your remote devices to make sure they have not been compromised.
– Limit access: New employees should only be able to access a minimal number of necessary apps to go through the new employee training, and their workstations should be locked down with no data residing on them, except for the company’s endpoint security and management tools.

The KnowBe4 incident serves as a stark reminder of the growing challenges in remote hiring and cybersecurity. As organisations continue to adapt to a global workforce, the need for robust security measures has never been more critical.

“Your HR and IT processes need to work in tandem and be watertight when recruiting,” pointed out Collard. “By adopting stringent security practices and remaining vigilant, companies can mitigate the risks associated with remote hiring and protect themselves from sophisticated scams.” This wake-up call underscores the importance of continuous improvement in security protocols, even for industry leaders. “As the digital landscape evolves, so too must our approach to safeguarding our organisations against increasingly cunning threats,” concluded Collard.

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co