North Korean IT Workers Use Fake Names And Fake Scripts To Find Jobs In Western Technology Companies

North Korean IT workers are reportedly using sophisticated deception tactics (Photo: Doc. Pexels)

Jakarta - North Korean IT workers are reportedly using sophisticated deception tactics, such as fake names, fake LinkedIn profiles, fake work documents, and fake interview scripts, to get jobs at Western Technology companies.

This effort was carried out with the intention of producing Hard Currency to support the Pyongyang nuclear missile program, which is thought to have been accelerated in the last four years. Workers use an interview script that includes suggestions on how to explain "good corporate culture" without risk of punishment in North Korea. These scripts, a total of 30 pages, were found by cyber security researchers at Palo Alto Networks.

These documents contain dozens of fake resumes, online profiles, interview records, and fake identities used by North Korean workers to apply for jobs in software development. Reuters found more evidence in leaking Darkweb data, which showed the tools and techniques used by North Korean workers to convince companies in various countries, including Chile, New Zealand, United States, Uzbekistan, and United Arab Emirates.

The US, South Korean and UN governments stated that North Korea had sent thousands of IT workers abroad, which could produce foreign currencies to support regimes that lacked funds. A UN mission requested for comments does not give answers.

According to the experience of a former North Korean IT worker who recently defected, long-distance IT workers can produce more than ten times the conventional workers, and their teams can produce more than 3 million US dollars (Rp45 billion) per year. This worker tries to work anonymously, often uses fake email accounts and social media to hide their identities.

Palo Alto Networks found these documents when examining the campaign conducted by North Korean hackers targeting software developers. One of the hackers left these documents open on the server, indicating the link between North Korean hackers and their long-distance IT workers.

Some interview scripts contain reasons to need to work remotely, such as family health problems or other emergency situations. In some cases, IT workers who have been employed will make fake profiles again to get a second job.

In October, the Department of Justice and the FBI confiscated 17 domains of websites allegedly used by North Korean IT workers to deceive businesses and secure 1.5 million US dollars. North Korean IT workers who work in US companies are reported to hide themselves behind anonymous accounts and produce millions of dollars every year on behalf of the North Korean entity which is subject to sanctions through this scheme.

Some of the leaked documents show the experience of IT workers in Cryptocurrency companies, which were also previously the target of North Korea's hackers.

Although there is a risk for the North Korean government with the exposure of this special right of workers in the reality of the world, this scheme remains a vital lifeline to get foreign currencies for regimes that lack cash. A North Korean IT worker who recently defected said that these workers were estimated to consist of around 3,000 people abroad and 1,000 others were based on North Korea.