The age-old problem of insider threats was revealed Wednesday when the United States seized 17 website domains allegedly used by North Korean information technology workers as part of a scheme to defraud American and foreign companies and ultimately , to finance the Democratic People’s Republic of Korea (DPRK) government arms programs.
This week’s seizures follow those previously sealed October 2022 and January 2023 The court authorized the seizure of approximately $1.5 million in revenue that the same group of IT employees had collected from unwitting victims through their scheme.
As alleged in court documents US Department of Justice, the DPRK sent thousands of qualified IT workers to live abroad, mainly in China and Russia, in an attempt to deceive the United States and other companies around the world into hiring them as freelance IT workers, in order to generate revenue for its weapons of mass destruction (WMD) programs. . Court documents allege that through this scheme, which involves the use of pseudonymous emails, social media, payment platforms and online job board accounts, as well as fake websites and proxy computers located In the United States and elsewhere, computer fraudsters have generated millions. dollars per year for agencies linked to the DPRK.
According to the Justice Department, some DPRK computer scientists designed the 17 website domains seized by the United States this week to appear as domains of legitimate U.S.-based IT services companies, helping IT workers to hide their real identity and location when applying online to do remote work for the United States and other companies around the world.
In fact, the Justice Department said that this specific group of North Koreans, who work for Yanbian Silverstar Network Technology Co. Ltd., based in the People’s Republic of China, and for Volasys Silver Star, based in Russia, had already summer sanctioned in 2018 by the Treasury Department. These IT workers allegedly diverted income from their fraudulent IT work to North Korea using online payment services and Chinese bank accounts.
“The Democratic People’s Republic of Korea has flooded the global marketplace with rogue computer workers to indirectly finance its ballistic missile program,” said Special Agent in Charge Jay Greenberg of the FBI’s St. Louis Division. “Seizing these fraudulent domains helps protect businesses from unknowingly hiring these bad actors and potentially harming their business.”
Greenberg said the system is so widespread that companies must be vigilant in vetting who they hire. At a minimum, Greenberg said the FBI recommends that employers take additional proactive steps with remote IT workers to make it more difficult for bad actors to hide their identities.
“Without due diligence, businesses risk losing money or being compromised by insider threats that they have unknowingly invited inside their systems,” Greenberg said.
Weakest Security Links: People
The United States still takes a very individualistic approach to securing nation-state secrets, explained Brad Hong, head of customer success at Horizon3.ai. Hong said that when protecting critical national infrastructure, “calls to action” are often made to businesses and citizens, instead of a uniform nation-on-nation stance.
“Just like a company’s security program, the weakest links in the U.S. government remain human actors,” Hong said. “In this specific project, North Korea employed an extremely clever strategy, at the crossroads of espionage and fraud. By using unwitting proxies, individuals are paid for the use of their Wi-Fi connections. At the ground level, what better deal for an American than to have their Wi-Fi subsidized? »
Although cyber threats are constantly evolving, the human element remains a constant, added Jadee Hanson, CIO and CISO at Code42, and an industry expert on insider threats. Hanson said insider risk has become one of the biggest security challenges posed by this unpredictable element, a threat that can jeopardize any organization.
“Even if these risks may not initially appear to be a top priority, they can gradually proliferate, leading to downstream consequences,” Hanson said. “While insider risk is not new, it has become more prevalent in recent years with the establishment of a distributed and remote workforce, increased use of collaboration tools, and high-touch digital behaviors. risk. In today’s geopolitical climate, security teams must be aware that newer, more sophisticated attacks are increasingly coming from within their organizations, creating a growing need to increase visibility into security hiring practices. employees, data movements and remote work visibility to protect organizations from data. loss.”