Identify fraud poses major security risks for businesses
The US government has reported that North Koreans are hiding their identities in order to get contract jobs in the global technology sector and subsequently warned that such workers pose major security risks to businesses.
The US Department of State, the US Department of the Treasury, and the Federal Bureau of Investigation issued the advisory for the international community, the private sector, and the public to warn of attempts by Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea) IT workers to obtain employment while posing as non-North Korean nationals. It’s said that there are reputational risks and the potential for legal consequences, including sanctions designation under US and United Nations authorities, for individuals and entities engaged in or supporting DPRK IT worker-related activity and processing related financial transactions, the advisory stated.
The Government stated: “The DPRK dispatches thousands of highly skilled IT workers around the world to generate revenue that contributes to its weapons of mass destruction and ballistic missile programs, in violation of US and UN sanctions. These IT workers take advantage of existing demands for specific IT skills, such as software and mobile application development, to obtain freelance employment contracts from clients around the world, including in North America, Europe, and East Asia.”
In many cases, DPRK IT workers represent themselves as US-based and/or non-North Korean teleworkers. The workers may further obfuscate their identities and/or location by sub-contracting work to non-North Koreans. Although DPRK IT workers normally engage in IT work distinct from malicious cyber activity, they have used the privileged access gained as contractors to enable the DPRK’s malicious cyber intrusions. Additionally, there are likely instances where workers are subjected to forced labor.”