TZUTC: -0500   
   MSGID: 1102.consprcy@1:2320/105 2c7cb0e3   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Asking remote job candidates this shocking question could save your company   
   big bucks, security expert says   
      
   Date:   
   Sun, 04 May 2025 03:03:00 +0000   
      
   Description:   
   Asking remote job candidates this one shocking question could save your   
   company from being infiltrated by North Korean spies.   
      
   FULL STORY   
   ======================================================================   
    - North Korean agents use AI to apply for remote tech jobs   
    - Simple questions about Kim Jong Un instantly derail their job interviews   
    - Laptop farms and deepfakes help agents bypass remote hiring defenses   
      
   At the recent RSA Conference in San Francisco, security experts raised the   
   alarm over a growing and increasingly sophisticated campaign by North Korean   
   operatives to infiltrate global companies through remote job applications .    
      
   Speaking at a panel, Adam Meyers, senior vice president of CrowdStrike's   
   counter adversary division, said thousands of North Korean workers have   
   managed to secure roles in Fortune 500 companies.    
      
   According to Meyers, these infiltrators use tools like generative AI to   
   produce polished LinkedIn profiles and job applications, as during technical   
   interviews, multiple collaborators work behind the scenes to complete coding   
   challenges while a single individual handles video calls, sometimes   
   unconvincingly.   
      
   An unexpected question    
      
   "One of the things that we've noted is that you'll have a person in Poland   
   applying with a very complicated name," Meyers explained. "And then when you   
   get them on Zoom calls it's a military age male Asian who can't pronounce    
   it."    
      
   Meyers shared his favorite method of exposing such candidates: asking an   
   off-script question. "How fat is Kim Jong Un? They terminate the call   
   instantly, because it's not worth it to say something negative about that,"    
   he said.    
      
   Once inside a company, the infiltrators often excel, thanks to team-based   
   efforts behind a single identity.    
      
   FBI Special Agent Elizabeth Pelker said this success can make employers   
   hesitant to remove suspected agents. "I think more often than not, I get the   
   comment of 'Oh, but Johnny is our best performer. Do we actually need to fire   
   him?'"    
      
   The goals of these North Korean infiltrators are twofold: collecting wages    
   and gradually exfiltrating intellectual property, often in small amounts to   
   avoid detection.    
      
   Pelker recommended conducting coding interviews within the corporate   
   environment to observe behavioral red flags. If detected and dismissed, these   
   workers may still hold credentials or leave behind dormant malware for later   
   extortion attempts.    
      
   The operation has evolved further. Meyers described how laptop farms in the   
   U.S. allow remote workers to spoof local IPs. In one case, the FBI busted a   
   farm in Nashville. Meanwhile, false identity schemes have emerged in Ukraine,   
   with citizens unknowingly supporting North Korean efforts.    
      
   Pelker warned that deepfake technology is also being used to fool hiring   
   teams. Education and vigilance, she said, remain the best defense. As one   
   panelist put it, organizations should be wary of hiring fully remote workers   
   and consider personal meetings whenever possible.    
      
   Via The Register   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/asking-remote-job-candidates-this-shock   
   ing-question-could-save-your-company-big-bucks-security-expert-says   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426