North Korean Infiltrator Caught Working In Amazon IT Department Thanks To Lag (tomshardware.com)
- Reference: 0180418453
- News link: https://it.slashdot.org/story/25/12/18/2026202/north-korean-infiltrator-caught-working-in-amazon-it-department-thanks-to-lag
- Source link: https://www.tomshardware.com/tech-industry/cyber-security/north-korean-infiltrator-caught-working-in-amazon-it-department-thanks-to-lag-110ms-keystroke-input-raises-red-flags-over-true-location
> A North Korean imposter was uncovered, working as a sysadmin at Amazon U.S., [1]after their keystroke input lag raised suspicions with security specialists at the online retail giant. Normally, a U.S.-based remote worker's computer would send keystroke data within tens of milliseconds. This suspicious individual's keyboard lag was "more than 110 milliseconds," reports [2]Bloomberg . Amazon is commendably proactive in its pursuit of impostors, according to the source report.
>
> The news site talked with Amazon's Chief Security Officer, Stephen Schmidt, about this fascinating new case of North Koreans trying to infiltrate U.S. organizations to raise hard currency for the Democratic People's Republic of Korea (DPRK), and sometimes indulge in espionage and/or sabotage. Schmidt says that Amazon has foiled more than 1,800 DPRK infiltration attempts since April 2024. Moreover, the rate of attempts continues apace, with Amazon reckoning it is seeing a 27% QoQ uplift in North Koreans trying to get into the Amazon corporation. However, Amazon's success can be almost entirely credited to the fact that it is actively looking for DPRK impostors, warns its Chief Security Officer. "If we hadn't been looking for the DPRK workers," Schmidt said, "we would not have found them."
[1] https://www.tomshardware.com/tech-industry/cyber-security/north-korean-infiltrator-caught-working-in-amazon-it-department-thanks-to-lag-110ms-keystroke-input-raises-red-flags-over-true-location
[2] https://www.bloomberg.com/news/newsletters/2025-12-17/amazon-caught-north-korean-it-worker-by-tracing-keystroke-data
elite it or slave worker (Score:3)
any guesses if this infiltrator was hired because he was the best of the best or cause he was willing to work for peanuts?
Re:elite it or slave worker (Score:4, Insightful)
A little of both no doubt. He's probably skilled enough to do the job if he's a government agent for North Korea, which is almost certainly the case. Their economy is so bad that even working for entry-level wages below his capabilities is more valuable than anything he could do in his own country, but realistically the willingness to work for less just makes it easier to infiltrate the company if he's trying to do something to make possibly extort the company for millions.
Keep in mind that the average North Korean generates about $1,500 per year in economic activity adjusted for purchasing power. Even taking an absolutely insulting salary from Amazon would increase his earning potential more than 50x. Even if the government isn't directing him to engage in any kind of additional subterfuge, he's still making them a lot of money in a denomination that's accepted practically everywhere and can buy just about anything.
Re: (Score:1)
North Korea bad, but ..... that same fact holds true for outsourced workers in Mexico, Vietnam and The Philippines. Good for them and theirs and globalist companies. Bad for most American citizens. If a company lives in the protected American culture then they should by-law pay American wages. Ponzi ?? Hostage ?? Redistribution ??? WTF -- NO excuse for being a wage-slaving sociopath.
Re: (Score:2)
Only applicant that didn't have a problem with working the graveyard shift.
Re: (Score:2)
If being willing to work for peanuts is the main criteria, he is the best of the best.
Never wouldve found them otherwise (Score:2)
I suppose another interesting way tech workers could catch if their coworker is working for North Korea would be to do something crazy like talk to and get to know their coworkers as human beings. But that would never happen.
Re: (Score:3)
All he has to do is to adopt the BOFH attitude. Nobody would dare get on his bad side by asking inane questions.
Crazy (Score:3)
So this guy got hired entirely remotely? Like, I get working from home. But you're gonna hire a sysadmin you've never met? You can't afford a plane ticket for the final interview?
Re: (Score:2)
That would be my question. Who is fronting for this guy when he's required to go into the office?
Re: (Score:2)
Apparently, the answer is yes. For that matter, did they even do a video conference interview? I would think that the signal lag would have shown up there.
Re: (Score:3)
If he got hired during or around the COVID lockdowns it's not at all surprising. A lot of stuff moved to remote interviews and those are a lot easier to fake or to slip someone sketchy past any usual safeguards that might prevent something like this. All he needs is a stolen ID that will get passed a background check and he just needs to pass an interview. The NK government would ensure he's trained well enough to do that.
Re: (Score:2)
I think it's much more likely these companies know damn well they're hiring dodgy employees and they just don't care because they are cheap.
For decades companies have used plausible deniability to hire illegal workers it just makes the news because it's North Korea. Normally though we all just look the other way and pretend like nothing happened
Re: (Score:2)
If this guy's backed by the North Korean government, he likely could get a fake passport and tickets to fly to the US. They just need to provide solid "motivation" for him to return.
I want to know what sort of background check Amazon runs against foreign nationals. Are they doing anything to validate job history or education claims? All that information is verifiable for citizens. This guy's story tells me they're not doing much of anything to verify the resume of foreign workers. This tells me that for
Re: Crazy (Score:3)
You'll probably find someone was fronting for him. There's been numerous cases of laptop farms where the worker appears to be a US citizen when it's just the case they've rented out their IP/details for a kickback.
Re: (Score:2)
Don't worry. There are home-grown disgruntled employees that could cause a lot of damage on their way out. But really, I'm not too concerned about that. There are enough spies working at the cloud platforms that nobody can get any espionage done without showing their hand to a competing spy. The real problem is when they replace a load-bearing Perl script with "secure" and "high-performance" Rust code that nukes all data in one go.
Well (Score:2)
North Korea or Comcast...
lulzsec (Score:1)
Meaning, we are quite likely infiltrated seven ways til Sunday and just aren't recognizing it yet
duh! (Score:3)
""If we hadn't been looking for the DPRK workers," Schmidt said, "we would not have found them."" and he makes the big bucks!
Re: (Score:1)
While ignoring the fact that Amazon hired this person.
Re: (Score:2)
I hope this counts against Amazon's H1-B allotment.