I had similar experiences at my last employer when hiring last fall.
In both cases, the fraud was easily made plain when I asked details about their work history. In one case, they claimed to live in the same metro area I had previously lived for 18 years, but couldn’t answer any basic questions about the place. In another situation, they claimed a workplace that was in a community I was familiar with and that was far too small to have corporate headquarters of any type I wouldn’t be familiar with.
After 5-10 minutes of probing, both candidates bailed on the interview realizing they were wasting their time.
They also exhibited some of the other signs as described at the link - no employment profiles on LinkedIn or just a basic profile, names that didn’t match their ethnicity, etc.
I have no evidence or intuition to conclude they were North Korean, as employment fraud is certainly not limited to North Korea. I can’t imagine either of the candidates I spoke to surviving even casual scrutiny, so I highly doubt this kind of fraud results in much success.
The people I've known from China and Korea have a tendency to adopt traditional English names (Steve, Joe, Mike, etc) because their native names are hard to pronounce for English speakers.
Further, the 2nd generation Asian Americans I've met do often have traditional English names.
Certainly someone of obvious Asian descent and accent who introduces themselves as “Simon” is not a red flag. As you say, some people understandably prefer not to hear their real name mangled every day.
But someone of obvious Asian descent and accent who introduces themselves as “Simon Cartwright” and has vague tales of growing up in London… again, it’s possible, and we should treat each individual with respect and assumption of good intent, but that might make me dig a little deeper.
There is simply more noise than signal with this style of racial profiling and I implore you to do some soul-searching and reconsidering because you are probably harming people without even intending to with your current behavior.
> An employer may not base hiring decisions on stereotypes and assumptions about a person's race, color, religion, sex (including gender identity, sexual orientation, and pregnancy), national origin, age (40 or older), disability or genetic information.
Adoption makes it entirely possible for an Asian-presenting person to have a European first name _and_ surname and, frankly, is not something you should be asked about in an interview.
Of course, in theory, there's a possibility that someone named Simon Cartwright, with a North Korean accent, who has amnesia and can't remember a thing about the place they claim they grew up in, is actually not a spy. I personally don't think that's a situation where an employer is required to give the benefit of the doubt.
But it might be worth paying extra attention to any clues that they might not have lived in that place and have a falsified history.
As he said, "we should treat each individual with respect and assumption of good intent." But a decent proportion of people showing this particular characteristic will be engaging in employment fraud, and we shouldn't be blind to that signal.
It's not racial profiling to say that people usually have an accent similar to where they grew up. Or that they usually don't have the accent of somewhere thousands of miles from where they grew up.
You can make no such assumption I'm afraid. You might expect a native speaker to have perfect English, but you'd be wrong.
There are people with issues like dyslexia and people who don't fit the education system and perform poorly.
I've met non-native speakers who have far better spelling, grammar and an enlarged vocabulary than people who have lived in my English-speaking country for their whole lives.
What I'm still trying to figure out is how exactly the next step is supposed to work.
One of the first things we ask from both employees and freelancers is a copy of their passport/ID. Would they also have a fake ID with the name they give you (much easier to fake a PDF than a real passport) or just a story, passing you through a legit company? Or is it common to hire people without really knowing who they are?
My nephew’s last name is Brown but his mom is Vietnamese so he looks Vietnamese. Obviously a “mismatched” name isn’t red flag.
But someone named Sam Smith who supposedly grew up in an English speaking country, but barely speaks English is something that might trigger you to look further.
Yeah, it's hard to know exactly what they meant by that comment, but it seems pretty presumptuous to judge whether someone's name "matches" their ethnicity for so many reasons, not the least of which is that there really isn't any way you should know for certain someone's ethnicity when they're applying at all! Asking about it in an interview is certainly illegal, and even in countries that are mostly homogeneous, there are going to be at least _some_ immigrants (maybe not for North Korea, but the entire premise of the article is that the applicants aren't claiming to be from North Korea in the first place)
I’m mixed race in a visually non-obvious way. I was born and raised in the bay. What is the “correct” ethnicity that I should try to project with my name?
You have the name you have. You look the way you look. You speak the way you speak. But if you claim to have grown up in one country, or lived for X years with professional success in one city, yet can’t speak the language spoken there and can’t answer simple questions about what you did, where you lived etc? Surely you see why someone would be suspicious, especially as these circumstances add up?
I agree wholeheartedly that you can’t/shouldn’t be suspicious just because someone has an “English” name and looks East Asian, but that together with the other signs is just a bit much.
Knowing that the internet is as rife with abuse as sneakerspace, I cannot see how there could not be. If such an industry had spawned a decade earlier maybe The Algorithm would have less unchecked and would not have resulted in so much societal destruction this century.
The problems of spam and fraud exists regardless. We're not going back to better days where this only happened sometimes and a few tweaks to your config shut it down for good.
So maybe you could suggest a better answer instead of asking boring questions.
> Christina Marie CHAPMAN, a U.S. national, conspired with certain overseas IT workers to affect a scheme to defraud the United States and its agencies. Specifically, CHAPMAN: (i) assisted the overseas IT workers in validating stolen identity information of U.S. citizens so the overseas IT workers could pose as U.S. citizens; (ii) received and hosted laptops issued by U.S. companies to the overseas IT workers in her U.S. residences (a “laptop farm”), so that the companies believed the workers to be located in the United States.
I think if the US govt makes such cases public, puts a few news stories out in popular media, indicating the harsh sentences and such, it might make US citizens think twice about helping NK hackers set up their base here.
"Cinder is part of a growing list of US-based tech companies that encounter engineering applicants who are actually suspected North Korean nationals. "
Actually suspected? There's nothing in the article that shows they were from North Korea.
Yeah, and they claim that 80% of the applications they consider are now suspected North Koreans. Sounds like they’re putting all the applications that show go into the “barely even trying” pile into the “North Korean” pile instead.
I actually suspected my grand kid ate my icecream.
The icecream was in the fridge, grandkids use the fridge. The icecream was not in the fridge, grandkids take things out of the fridge. The icecream was likely eaten. Grandkids eat icecream. I actually suspect the grandkids ate the icecream. (Turns out grandma ate it with her friends on top of some apple pie.)
>> I added that this is a natural fit for us, because our co-founders came from the US intelligence community including the CIA. Upon hearing this, one suspected North Korean applicant immediately dropped from the Zoom call and never contacted us again.
A few years ago I was getting scammer calls at the same time every day. I started answering as "Fraud desk, Agent Scully". They would hang up instantly and the calls soon stopped altogether.
As a person with zero social media presence, I can't decide whether to be amused or horrified that it's always mentioned as a red flag by these 3 letter agency types. Add to that working remotely for more than 10 years and my love for working outdoors and from coffee shops which have some background noise level, and I'm feeling like a true North Korean according to this article.
When you’re getting your foot in the door, job applications are mostly a numbers game - especially with how many postings are completely bogus (job doesn’t exist, or is already going to an internal hire). MOST of the time I think the cover letter either gets a brief glance or doesn’t get read at all.
If you’ve got to churn out as many job applications as possible just to get an interview with a real company, you’ll go insane if you try to make them all thoughtful, beautiful, and crafted to the specific job posting. Worse: you’ll churn out fewer applications. The job application with a cover letter like weak tea is infinitely better than the job application that you never submit because you’re paralyzed by the need to write something perfect. I had a standard template that I modified slightly for each application, but I kept the time customizing it very low: swapping out a list of skills to highlight, etc.
That being said: after talking to my boss recently, apparently my cover letter helped when I was applying to this job (I’m enthusiastic about this area, so I put in some extra time and let my water nerd show). I think what I said is still probably valid for most junior developer positions, but your mileage may vary.
> MOST of the time I think the cover letter either gets a brief glance or doesn’t get read at all.
That might very well be the case for a big company that receives a ton of applications but the numbers game works both ways: as the person looking to hire somebody, I find it well worth the time to weed out people based on poor spelling, grammar, etc. It only takes a few seconds to spot the bad ones, and it ensures I don't have to waste my time with somebody who has poor communication skills to begin with.
A couple of maths professors I worked with had very poor spelling, grammar, etc. Good luck with your approach, if you are trying to hire a specialist in an area that is not middle management, HR or marketing. Let alone if you need people do something in the physical world such as building, cleaning or moving things.
For anyone subject to United States employment law: you can generally ask questions about where a person lives if they're carefully constricted to determining whether they can reasonable get to the worksite. Otherwise, questions like these risk being interpreted as a proxy for racial discrimination, in large part because they historically have been one of the primary proxies for overt racial discrimination.
I think the interviewers were asking about the metro stop where the candidate worked as a method to assess the veracity of the resume item. Same thing for the question about what division the candidate worked in at Uber.
Yes, and everybody who has been forced to settle out a discrimination case where the alleged facts included questions about the candidate's zip code had a reason other than "we don't want Black folks working here" answer, and if they were dumb enough to take that case all the way to court, they might even have prevailed with it, but in employment law it's the ride not the rap.
I'm assuming everybody who's been a witness (or god forbid a party) to a protected-class employment lawsuit had their eyebrows shoot up all the way off their head at the premise of this article, which is "rooting out secret North Koreans from an incoming flow of candidates, in part using forensic interview questions".
I'm not interested in the axiomatic derivation. Just search for "illegal interview questions" and things like "residency" or "where candidate lives". I'm confident there's a way to handle this, but just Leeroy Jenkins-ing it with "what's your nearest Metro stop" probably isn't it.
Wow! Not using social media and avoiding your photos from being publicly shared is what distinguishes a North Korean hacker?
I see how ex-CIA guys would expect to get a profile on everyone and know what color toothbrush they use.
I am lucky that I can refer to media publications citing my name in a professional context. But it's a creepy world where the employers' expectation is that all your personal information is public.
Remote work scammers play the numbers game. Fabricating (stealing) identities and applying to jobs is their full-time job.
When you apply for jobs nonstop and can multiply your efforts by applying under a multitude of different names and resumes, eventually you get bites. Push long enough and you might catch a desperate hiring manager who doesn't know how to interview people but is under pressure to fill headcount immediately to hit their KPIs or whatever.
They play it like a numbers game. They also get better by constantly A/B testing their process and practicing interviews over and over again.
A huge part of the arbitrage here is cost of living and cost of labor across national borders. They'd never make the same aboveboard doing employment assistance because their clients would all get locally competitive salaries, which are very low compared to getting hired under the pretense of being in the US.
My company had an issue like this recently, they just had a smart guy take the interview / handle the paperwork and then a completely different guy show up on their first day.
My company is pretty small, so we caught it within an hour of getting him onboarded. But I can see this being trickier in bigger companies, where the hiring process is more disconnected from the team they get assigned to.
Maybe obvious question. Were in-person or video interviews done? Seems so likely to get caught.
So fascinating as well having a person that was paid to do the interview. I guess there is a secret web site where people are waiting to do this as a service?
Video interviews were done, and everything seemed normal at the time. We finally got the impostor to turn his camera on, and I sent a screenshot to the hiring team to confirm.
It seems unlikely that someone living in the US would take the test for someone else, since the risk is just too high. I'm pretty sure this is just straight up fraud you can get in trouble for. My bet is that this was a scam setup outside of the country, and they used a stolen identity to get the paperwork cleared.
I overheard a case at a recent job where someone did a video interview with their camera off and were very very clever.
Then when they turned up to work, they had a different accent and no clue. They got caught out very quickly.
Yes. Not too long ago I saw so-so engineer get hired and his manager was desperate enough to overlook some troubling knowledge gaps and the guy's inability to actually do what he was told.
> A mismatch between the name displayed on the resume or networking site, and the candidate’s command of English (e.g. Chris Smith with a B.A. from a large US research university who can barely speak interview-level English is surprising).
> An employer may not base hiring decisions on stereotypes and assumptions about a person's race, color, religion, sex (including gender identity, sexual orientation, and pregnancy), national origin, age (40 or older), disability or genetic information.
IANAL, but racial discrimination based on a name is certainly illegal. However, rejecting a candidate who can't speak English well despite attending a university in the US isn't illegal.
If the based their decisions on the 2nd half of that, it could be fine.
If they expect someone named Chris Smith to have a better command of English than someone named Kim Ji-hoon, then arguably that might indeed be illegal discrimination.
I can confirm coming across the exact same kind of profile, but in Europe. Most we found on LinkedIn keyword searches, some applied directly. I've taken a couple of interviews to confirm and indeed it was a scam, they didn't know anything about the country, the companies, or the schools in their resume. Also they were all East Asian, with implausible names and origin stories.
Many times the signs are rather obvious, the keywords are right but everything about the profile is just off and doesn't stand to even a bit of scrutiny. I suspect it's done on purpose, just like Nigerian scams, to optimize for gullible or inattentive companies.
It's not much related BUT beware a thing: in FLOSS we are open, to anyone, so a CIA engineer and a NK ones could possibly work on the same codebase and that's PERFECTLY FINE. Because code must be reviewed, and recent XZ Utils lesson prove just that, not something else. If you try to create wall in FLOSS it will not end up well, the point IS being mixed using the same stack so anyone will anyway try to made good code for anyone else. Are exactly walls those who create threats.
Most of the indica of "North Korean workers" are also correlates of protected hiring characteristics ("names that didn’t match their ethnicity"). If the United States federal government has a reason to dislike your company, they will use your efforts to suggest illegal hiring discrimination, as they did when they attacked SpaceX for not recruiting "refugees" to work on export-controlled dual use rocket tech.
I always see these lists of "clear signals" they know exactly what is normal... and I often emit at least half of them, companies deserve all the deception they get
Are people really hiring engineers who “can barely speak English” and can’t answer basic questions about their history.
Communication skills are at least as importing as programming skills, and I’ve never worked at a place where someone like this would have passed an FTE interview.
I'm not sure why s/w eng9ineers in North Korea are such an issue.
Unless you're working on some national security s/w, or finding that backdoors are being installed in your source, why not let North Korean engineers work?
what prevents a middle man that can speak the language who gets hired and ships the work to NK or allows a NK agent to remotely work through computer?
also, it's not just the money going to NK, what about the IP being stolen?
Anyone else noticing the volume on North Korean reporting and headlines creeping up lately? I do not, in the current political climate, consider any of this a good sign.
> What tipped us off
> 5. Background noise during their interview that indicated other people speaking in an interview-like setting
The rest maybe false flags, but this really seals the deal. (or... maybe it's just a recent day in Starbucks. But I don't take the risk)
Also, how dare those people apply jobs for an US based cybersecurity firm? Don't they know what cybersecurity firms do? Go apply a Web3 companies, they also uses Vue/React all front-end kids stuff and some of them still got deep pockets.
It must be like a lottery for North Korean devs. Get a job somewhere, you earn dollars for the regime. Get a job with a US cybersecurity firm and pull off a Jia Tan? Now that would be worth a medal from Kim Jong Un himself.
Pulling off a Jia Tan Attack while being employed by US cybersecurity firm is probably a guaranteed way to get FBI involved, unlike the real Jia Tan Attack which did very little outside of shocking the community (at least known to the public).
Oddly enough this article doesn’t actually describe what they did with the information or applicants besides sharing - with how much emphasis they were placing on their _former CIA founders_ I figured they’d try and get some of them to defect.
Disappointing read.
I am going to throw some rocks at this, like an old, cantankerous man who is also yelling at you to get off his lawn.
Not because I somehow vehemently disagree, but because I think this just lazy writing, and confusing general trends with a boogie man, just because the boogie man follows the general trends.
BLUF: Yes, North Korean (and other nation state, organized crime group) spies apply to jobs to gain access. None of your indicators of value even cumulatively. Do better.
> No online presence outside of professional networking websites
I do not, and there is whole group of young people do not have an (reasonably traceable) online presence. I have better things to do in my off time than prattle about my bowel movement online for some validation of my existence.
> Completely fabricated job history including office locations that don’t actually exist.
I will give the author this. This is a red flag pointing to someone who is unethical, not that they are NorKs.
> Unable to find these applicants online outside of the standard ...
This is the same as the first one.
> Inability to answer basic questions about the cities in which they allegedly worked
Eh.. I do not remember what I ate for breakfast. That that make me a NorK? I used to commute in a big city for a year. No idea what stop I would have gotten off, or even what line it was that I used. Such things become almost autonomous and forgotten as extraneous information.
> Background noise during their interview that indicated other people speaking in an interview-like setting
Possibly. Or, they work in a coding shop that has the "genius" of open cubicles for some collaboration. This is a red flag pointing to someone who is unethical, not that they are NorKs.
> Highly scripted answers with explicit preference for remote work, and little ability to deviate from the script.
Oh? Are you saying that the interview questions are not scripted questions?
> A mismatch between the name displayed on the resume or networking site, and the candidate’s command of English (e.g. Chris Smith...
I think if the name is "mismatch" this might be a thread to pull. How is the jump to NorK here? Why not Iranian or Russian?
Additionally, have you worked in some STEM research lab lately? Recently I was talking to some and I could not understand a single sentence. Not one. I had to ask them to write it down and I used my bad hearing as an excuse. Some of the lab workers' names would pass for North American. This was in an English speaking country.
Those cover letters are exactly what the recruiting industry is asking the plebeians to generate.
> Taken together, to me these details suggested fake identities.
Indeed it would make me discount the individual to some extent. Jumping to North Korean spy is a wee bit of a leap, at least for me.
> “100% Remote job only without travel”
Or, in general majority of job seekers no longer want to come to the office.
When an employment fraud seen as SPY activity, and for anyone with whatever reason related to SPY things will finally and definitely be related to CHINA when there's noone involved has any relationship to CHINA.
It's not seen as a spy thing; it's seen as a growing trend of employment fraud from North Korean nationals who are located in China.
Of course, the fact that these people are being dumb enough to apply to a firm composed of former spies and that sells to the US intelligence community is what makes this particular case hilarious.
THe NK developer will think, wait, I'm making a fraction of what I'm actually earning, I will smuggle in a Starlink receiver and set up a bank account in China and work for myself. This is how Communist regimes end.
The one who did the interview and the ones who do the coding may not overlap, and as OP mentioned, they don't need to be particularly good. Even if they get fired after a few months, it's still a net win.
I can think of maybe 20 countries where people would do this before DPRK, not least China, but quite a few in Europe to, Poland, India. why DPRK? like the level of Pakistan CS grads is probably better than most US ivy league grads, cant imagine DPRK has much of a CS education system.
From my discussions with various LE agents and attending a few talks, NK will send them off to some of the best colleges in either India or China to learn programming, computer science, networking, hacking, and etc. to learn and get a good education. Then they either travel back to NK to become part of something like Lazarus Group (NK nation-state hacking group), or they get assigned to something like this employee scheme to obtain and send funds back to NK.
More like tens of thousands. The Lazarus Group alone is suspected to be comprised of ~3,500+ people.
If I had to guess, likely because the NK workers are highly motivated to succeed under threats of duress and threats involving their families/own life.
I dont think these employers are willingly hiring DPRK workers over other countries, likely more so that DPRK are more ruthless and aggressive with their application applying processes and have it dialed in pretty well using shared intel and techniques to improve their success rates. Afterall, it is a nation-state backed campaign so they have a lot of resources to put into it.
Usually someone allowed to defect has some value in terms of information they can provide. North Korea while a threat, isn’t exactly a near peer competitor. Especially in defense capabilities.
I don't really get why it's an "issue". I understand from the fist paragraph that USA government forbids you hiring North Koreans, for whatever reason, sure. But it's not like it's your job to investigate them, right? Anybody you are hiring could be a terrorist, drug dealer, ex-mercenary, whatever. If he has documents saying he is a citizen of USA and you are transferring money to an, uh, non-North Korean bank (how would you even do that?), you shouldn't care less if the documents are fake and if he sends money straight to al-qaeda.
What an unempathetic read
for "worker applies to remote job and going through the incredibly uncomfortable but no less than the necessary desperate steps to try and keep it." Sure you have to reject them due to sanctions but in their absence, would you still? I'm sure there are spies and clearly this company uncovered an operation, but it's hard to judge because I would try it if it meant I could make US money.
Because damn this article is being really overt with the racism which is pretty surprising since it's attached to a company blog. The implication that no one in the entire country of NK could be qualified for anything but the bare minimum for a junior is pretty insulting. I worked in a research lab with Chinese spies— really nice smart folks. I really can't imagine NK being so different as to not have any qualified people.
That's just reality in North Korea. It's not any of the ordinary citizens' faults, but they all essentially have to be assumed to be coerced puppets of the state if they're perpetrating such application fraud. (Though, really, a company shouldn't be accepting fraudulent applicants even if they aren't spies.)
I'm sure there are plenty of North Koreans who are qualified (whether they are or aren't working for state intelligence), just as plenty of people working for Chinese intelligence are smart and qualified and decent people, like you mention, but we don't live in an era of utopian world peace where such things can just be overlooked when giving people access to sensitive systems, and we may not even in ten thousand years from now. We shouldn't expect Chinese tech companies to accept applicants working for CIA or NSA, either.
All this is right and most people get it by the whole country-wide sanctions thing but god I wish we would treat the folks living there with a little more humanity. It's painting with a huge brush to associate a group of remote work scammers, which is what they found, with the whole country. We don't do this with Iran despite similar sanctions— people talk about how awful and regrettable it is to have to cut off so many regular folks just trying to live. It's clearly not even the whole communism/socialism thing because we don't do it with Cuba either. But when it comes to NK (and China) the crazy amount of propaganda has flipped a switch in people's brains that it's not a country of regular people with a shitty government but an impossibly powerful state who has a nuralink into every citizen and company.
In both cases, the fraud was easily made plain when I asked details about their work history. In one case, they claimed to live in the same metro area I had previously lived for 18 years, but couldn’t answer any basic questions about the place. In another situation, they claimed a workplace that was in a community I was familiar with and that was far too small to have corporate headquarters of any type I wouldn’t be familiar with.
After 5-10 minutes of probing, both candidates bailed on the interview realizing they were wasting their time.
They also exhibited some of the other signs as described at the link - no employment profiles on LinkedIn or just a basic profile, names that didn’t match their ethnicity, etc.
I have no evidence or intuition to conclude they were North Korean, as employment fraud is certainly not limited to North Korea. I can’t imagine either of the candidates I spoke to surviving even casual scrutiny, so I highly doubt this kind of fraud results in much success.