My colleague, the scammer

Noel King

One of the big challenges of hiring remote workers is you don't really know who you're hiring. Recently, the FBI warned that many companies really don't know who they're hiring. Big American companies like Google and SentinelOne have been tricked by compelling resumes and LinkedIn profiles into hiring North Koreans. Now to the story of spies in the break room.

Bobby Johnson

The U.S. the U.K. and South Korea have jointly accused North Korea of using a cyber espionage group to steal sensitive and classified data to advance.

Noel King

Ahead on TODAY Explained. We talked to a reporter about what it's like to sit in on a job interview with a North Korean operative.

Bobby Johnson

We tried to keep it as sort of simple as possible. So I was just introduced as someone who was sitting on the call. We didn't want to alert them to obviously the, you know, the fact that I was a journalist because we didn't want to scare them away. We wanted to see what they had to say. With HubSpot's suite of AI powered tools.

Noel King

You can get more done way faster.

Bobby Johnson

Speed up your lead generation and create attention grabbing, lead driving, quota crushing campaigns in an instant. Get started today@HubSpot.com AI running a business.

Claire White

Comes with a lot of what ifs, but luckily there's a simple answer to them. Shopify. It's the commerce platform behind millions of businesses including Thrive Cosmetics and Momofuku. And it'll help you with everything you need. From website design and marketing to boosting sales and expanding operations. Shopify can get the job done and make your dream a reality. Turn those what ifs into Sign up for your $1 per month trial@shopify.com specialoffer.

Noel King

It'S today explained. I'm Noel King. The life of a freelance investigative reporter is not an easy one. A lot of time is spent figuring out what story is going to justify your time and talents. Such was the problem for reporter Bobby Johnson, who's based in the B Bay Area. Late last year Bobby had been hearing about people using AI to run scams and he decided to see if there was anything there.

Bobby Johnson

And so one evening I, I bumped into this young entrepreneur called Simon Wickmans at an event in San Francisco and I shared with him what I'd heard about and asked if he'd heard about anything. And he said, well, you'll never guess what happened to me recently. It turned out that Simon runs a web security company and he'd been interviewing people for a software engineering job, a remote software engineering job, so people not based near hq. And in interviewing he'd seen a Bunch of deeply suspicious activity. You know, he was worried that people were trying to fraudulently get jobs or something. And it turned out to be far more complicated and weirder than we expected. So what Simon spotted in the first place was that the job was bombarded with candidates, right? So the. There were hundreds of applications, way more than was typical. Then he started getting on video interviews with people, and strange things kept coming up. Lots of the applicants had resumes that didn't really match what he saw on screen. You know, maybe they had Anglo names, but were ethnically Asian. A lot of them said they were born and raised in America, in Tennessee or in Brooklyn, but they had really, really thick foreign accents. They all aced their coding test in almost exactly the same ways. But when he was talking with them, they often gave stilted answers and asked questions. Just about salary, but nothing else. And there were other things, too. So they all used similar default video background images. They had laggy Internet connections, and in the background, he could hear noise, so it sounded like they were in a busy room, not a call, like a call center, maybe, not what you would normally do a job interviewing. So these things, you know, individually, he didn't see any of these as a major red flag, because you can imagine why somebody's name doesn't fit their face in your conception, right? Or why they have an accent or why they use a default background on their video call. But as he spotted candidate after candidate following the same pattern, he started to get really suspicious of them. And. And then the clincher really was that he saw one of the candidates was wearing glasses. And as the candidate was answering questions, Simon could see in the lenses of the glasses a reflection of an AI bot on the candidate's screen. So what he could see was that this was pumping out a script of some kind for the applicant to read in order to answer Simon's questions. And he could see this happening in real time. So at this point, he figured, you know, his paranoia was well justified. What emerged as we got deeper and deeper in were not just that these were people who were, you know, trying to fraudulently get jobs, or people who were maybe running several different jobs at the same time, which we've seen a lot since the pandemic. But in fact, we were able to connect them back and see that they were actually operatives who are working for the North Korean regime to try and get jobs and send money back to North Korea, which is, it turns out, this kind of pretty widespread scam that's being perpetrated against American companies particularly. But all around the world.

Noel King

So by the time you met Simon at that event, he had clearly copped on that something was up here. Had Simon actually hired anyone in North Korea?

Bobby Johnson

No. So he'd. He'd realized that something strange was going on and hadn't hired anybody. But there are lots of companies around the country who have been hiring North Koreans unwittingly. And this is actually, it turns out there, it's a pretty widespread operation and well known in the cybersecurity industry and in parts of law enforcement. But it's really not something that's broken through into the public consciousness. Most people don't actually know about it. So when we started to put the pieces together and understand what was really going on, that's when the breadth and depth of this, of this thing became apparent.

Noel King

How does this work and to what degree is this going on, the scam?

Bobby Johnson

It's kind of basic in some ways, but wild in others. First of all, on the simplest level, you have teams of North Korean agents who are recruited out of college, and they get sent to work in other kind of friendly countries, typically China or Russia. They cross over the border and they go work in these teams. They steal people's identities, and they use those identities to apply for jobs. So they steal American identities and use them to apply for jobs in the US and they use all manner of AI enhancements to get the job. You know, like they. They use the AI coding tools to ace the test. They use the chatbots to script their answers so that they sound more competent. They use deepfake technologies to cheat ID verification, and some of the tests that you have to go through in order to get a job. So if they're lucky enough to get through the interviews, the surprising thing I think is they actually generally do the job that they've been employed to do. This is usually building websites or apps for a company, completing different tasks, you know, it related stuff. And often they share those tasks around their team. So there might be 10 or 15 people working in a team doing multiple jobs, and they basically are doing the minimum to stay employed. But because they share the tasks around the team, they're often very efficient and seem to be doing their job pretty well. So they stay under the radar. And all of this gives them time to earn cash that they then send back to North Korea. Now, software engineers, you know, can be pretty well compensated, so that's be a substantial amount of money, but they also use that access that they have as a developer to go and steal information, money, cryptocurrency, and even in some cases, plant malicious software on the victim's computer systems. In many cases, they don't get through to being hired. You know, they're just trying. They're testing the system. But when they do get through, sometimes they only last a few days until they do something that clear that they're. They're not who they say they are. But sometimes they stick around. I mean, I spoke to some victims who have unwittingly employed people, and for up to a year, you know, they've been working in a company and getting away with it. But the real trick, I think, and the key weakness in this scam, is that they need to use a middleman in the U.S. so, you know, the company will send forms to fill out. They'll send the computer for the developer to use. They'll. They need a place to send paychecks. You know, all of these require somebody on the ground. And if you're in a North Korean team in China or Russia, you don't have that person. So they work with an accomplice who manages the physical stuff. So they're based in the US and they will install software that lets the North Koreans dial into their computer from overseas and still look like they're in New Jersey or California or wherever they say they're based. So this means you have these middlemen who have houses full of laptops that all connect up to all the different jobs that they're working. And it's, you know, law enforcement calls that a laptop farm. And the accomplice gets up every morning, switches the computers on, make sure they're all running properly, lets the North Koreans dial in to those computers from overseas, and then carry on the job and carry on the subterfuge. And in some cases, the facilitators who have been caught have been found with, like, 50 or 60 laptops running simultaneously in their house. And that's the place where law enforcement is actually able to catch these gangs, understand what's going on, and try to stop it. So there's one case particularly that I dug into, which is of a middleman or middle woman in this case called Christina Chapman, who recently pled guilty to a range of different crimes related to this.

Gabrielle Burbay

Hey, lovelies, it's me. So today I am not being too experimental. I found something called avocado fries, which.

Bobby Johnson

She was based in Minnesota and Arizona, and over the space of a couple of years, she worked with a North Korean team and helped them target at least 300 different companies in the US including some pretty substantial ones.

Gabrielle Burbay

Howdy people. So today, I think, is day seven. And I did not make my own breakfast this morning. My clients are going crazy. So I just.

Bobby Johnson

Some of them were mom and pop shops, but some were big corporations, you know, And Chapman ran this scam. She would help the teams do their IT work. She would host a laptop farm with maybe 60 computers at the same time, and she would help them dial into meetings or keep up to date with stuff. She would receive money that she would then pass along to a bank in China and take a cut along the way.

Noel King

New at 10. An Arizona woman has been indicted in a series of complex identity theft cases that have been generating money for the North Korean government.

Bobby Johnson

Christina Chapman was working out of her house in Litchfield Park. Someone approached her on LinkedIn, asking her to be the US face of their company. What that meant was she got drawn into this, as far as we can tell, by the fact that there was a promise of some money and it was an easy way to earn some cash. And when I spoke to security experts about this, they said it's really typical for somebody to get drawn in, you know, and that's why they choose folks who are able to stay under the radar, right? People who have no significant profile. People who can just look ordinary and behave in pretty ordinary ways. The woman who lives around the corner from you or the. The guy who's, you know, lives in the apartment block or whatever. Just ordinary folks who can help perpetrate this scam without raising too many suspicions.

Noel King

Bobby Johnson. He's a freelance investigative reporter. He ended up writing this story for Wired. Coming up, Bobby goes to the flip side. Who are the North Koreans?

Bobby Johnson

Foreign.

Noel King

Deleteme. More than likely, there is a lot of your personal information online. Some of you may have even willingly posted it. But having your name, address, phone number, and family members names hanging out on the Internet can have actual consequences in the real world and makes you vulnerable. Says Delete Me. According to Delete Me, you can protect your personal privacy or the privacy of your business from doxing attacks before sensitive information can be exploited. Our very own Claire White has tried Delete Me. Here's what she has to say.

Claire White

Since I joined Deleteme, I've really noticed a drastic drop off in the amount of spam calls, spam texts, spam emails. Especially since joining Delete Me, that has been much less of a problem for me. I don't find my phone ringing with a random number at all hours of the day. Y' all, I think this thing works.

Noel King

You can take control of your data and Keep your private life private by signing up for Delete Me now at a special discount for our listeners. You can get 20 off your Delete Me plan when you go to JoinDeleteMe.com today. Use promo code today at the checkout. The way to get 20% off is to go to JoinDeleteMe.com today and enter code today at checkout. That's JoinDeleteMe.com today code today. Support for today's show comes from Mint Mobile. Mint Mobile doesn't make crisp mint iced tea, despite what the writers of this ad thinks. Think you might be thinking no. They sell low priced phone plans. Cool. With Mint Mobile, all those low priced plans come with high speed data and unlimited talk and text delivered on the country's biggest 5G network. You can use your own phone with any Mint Mobile plan and bring your phone number along with all your existing contacts. You can get three months of premium wireless service from Mint Mobile for $15 a month. This year you can skip breaking a sweat and breaking the bank. You can get your summer savings and shop early. Premium wireless plans@mintmobile.com explained. That's mintmobile.com explained. An upfront payment of $45 for a 3 month 5 gigabyte plan is required, equivalent to $15 a month new customer offer for first 3 months only. Then full price plan options are available. Taxes and fees are extra. Guys see Mint Mobile for details.

Gabrielle Burbay

How much money does it actually cost to do a home renovation? This week on Net Worth and Chill, I'm joined by bachelorette Cont turned home renovation expert Tyler Cameron. From having just $200 in his bank account to getting a TV show on Amazon prime, this episode is packed with practical advice. Whether you're a homeowner or just hoping to be one someday.

Bobby Johnson

Two Two ways to take this first one is you're going to renovate your home. Why are you doing it? Are you doing it to make money? If so, then I'd focus on your kitchen. I'd focus on your bathrooms.

Gabrielle Burbay

Plus get the inside scoop on which projects are worth diying and which are better left to the pros. Listen wherever you get your podcasts or watch on YouTube.com your rich BFF.

Bobby Johnson

This is today Explained.

Noel King

We're back with Bobby Johnson, who wrote about North Korean operatives getting hired by American companies for Wired. The companies don't like to talk about what is happening. Neither does North Korea. So Bobby relied on defectors who understand how the scam works from North Korea's end.

Bobby Johnson

So typically these guys, and they really are guys like you say young, you know, pretty much straight out of college. They are recruited to work in these teams of 10 or 15 people, and they basically operate like a criminal gang in a sort of digital sweatshop. So they are typically sent overseas. I don't think they get many choices. You know, they're sent overseas to live in a nondescript apartment, and it's pretty much a 24, 7 existence. They work there, they eat there, they sleep there. They are only allowed to leave in small, in groups to make sure that nobody runs away. And they get paid by the government and sometimes pretty well. But the regime also makes it clear that, you know, your family back in South Korea is under extra surveillance to try and dissuade people from trying to escape. But these, these teams are typically relatively low level. North Korea does also run sort of very high level hacking teams. And this kind of work is maybe a stepping stone towards that, but it's kind of where folks are paying their dues.

Noel King

Kim Jong Un is a very strange guy. He has interesting priorities, and this now, based on everything you've told us, really does appear to be one of them. How has he made this kind of cyber training a priority in North Korea? What could you find out about that?

Bobby Johnson

Yeah, so Kim Jong Un is a really interesting and strange leader. I mean, we all know kind of how he's behaved when he appears in public and the kind of things that North Korea has been doing with its weapons program and threats against other countries. North Korea's leader, Kim Jong Un, has ordered his country's military to be ready to use nuclear weapons at any time. North Korea threatening to test still more weapons of mass destruction after a beaming Kim Jong Un watch the latest missile launch. But unlike his father, who was very kind of anti technology and pretty old school, Kim Jong Un was actually educated in Switzerland under a pseudonym. He was kind of sent to school there, and he had access to Western culture and Western technology. And when he took over in the 2010s as supreme leader, he really switched things around. So North Korea went from a country that basically had like one pipeline to connect to the Internet for years and years and years to a country that saw that maybe its only options or some of its options involved getting really good at technology. And so he has encouraged and put more money and effort into funding computer science programs and technology literacy in North Korean schools. And that's bubbled up through various universities and colleges that sort of develop people's skills and teach them things, you know, they don't just teach them coding or how to use computers. They teach them how to hack and how to cover their tracks and all of this stuff. And so you get these young men, particularly coming out of college in North Korea, who have been trained for the last few years to really be operatives, you know, to be, make it possible for them to do this stuff. And it's paying dividends for North Korea. You know, for such a small country and one that doesn't have, like a big technology industry, they are, they punch way above their weight in terms of this stuff. And so there's a lot of cryptocurrency theft going on. Earlier this year, a couple of months ago, a crypto exchange in Dubai got hacked and $1.5 billion got stolen. And that was by North Korean hackers. So these, these guys have, have realized that this is a very lucrative way with very low cost to them. You know, really, it's just, you know, a computer and some training to get out there and cause havoc and fund the country that has no other way of making money.

Noel King

Do we know how much money this is making?

Bobby Johnson

You know, typically a team of pretenders might earn, you know, several million dollars a year through the different jobs that they're running. And I've seen lots of estimates wild all over the place, but the minimum is kind of around $3 million a year. Now, this is like, that's a lot of money, but it's not, you know, that's not a huge amount. But yeah, obviously the way North Korea operates, they're taking nearly all of that as profit. Right. And, and it's going straight back into military programs, it's going straight back into Kim Jong Un's slush fund. You know, that's going back into the country. And they're running. You know, there are many of these groups running different scams. And scale wise, you know, there's been a lot of activity in the U.S. but folks I spoke to are saying that they're seeing a real expansion of activity in Europe, in Japan and elsewhere. So this has now become a very lucrative scheme across the board for the North Koreans.

Noel King

I'm trying to put myself in the shoes of the American who ends up talking to one of these people in North Korea and figures it out is like, oh, this person is definitely not in Knoxville. And I wonder what you do about it. You can't call the police and say, somebody fraudulently applied for a job at my company. But also, this isn't right. It doesn't seem legal. What can law enforcement. And what does law enforcement actually do here?

Bobby Johnson

Yeah, this is really the. The tough thing in these cases because if you're. If you're smart enough to spot it before it happens to you, you know, kind of no crime has been really enacted upon you or something that's, you know, not gonna lead to a prosecution. But in any case, it's really hard to prosecute these cases because for the most part, the worst offenders are based in a country that the American courts can't extradite from. So, you know, we're not going to pull someone out of China or Russia. So that means the cases generally focus on the stolen identities and the accomplices. The real problem underneath all of this is that the political or economic solutions that you think would be possible just aren't really effective. Right. You can't enact sanctions against North Korea for this because the sanctions already enacted against North Korea are so punitive. Right. One of the reasons that these guys are doing this in the first place is because legal trade is basically zero, because the country is being punished, rightly, for its rogue nuclear weapons program. So for now, from the industry and law enforcement folks I spoke to, your best remedy is to try and be aware of it and prevent it happening to you. And that's tough. And it's a big leap to go from saying there's something fishy going on with this applicant to, I believe this applicant may be working for the North Korean government. That's like. That's a wild jump to make. But at least if you're looking for things, looking for those red flags or kind of looking for that circumstantial evidence, then you can protect yourself from being a victim.

Noel King

There is something about all of this, Bobby, that is just not particularly clever. It's working, but you don't have to have a beautiful mind to think up a scam like this one. I wonder, though, as you were reporting out this story, where your mind went when you thought about what are the perils in the future that we're facing? What doors are opened by this little scam that five years from now or 10 years from now might be even harder to combat?

Bobby Johnson

That, I think, is the most fascinating question in all of this. There are sort of two threads that I would pull here. One is that once they can get access, they're stepping stones, right? You know, they're just trying to do a job and earn money, but what if somebody else can use the same techniques and be more aggressive in their attacks? You know, if. If you get hired, let's say you get hired inside a government defense contractor you know, can you access intellectual property or state secrets or something like that? The espionage potential is high, and the kind of aggressive attacks on companies could, could get a lot worse. And then I think, you know, the second thread is just that it dramatically undermines trust in everything. Right. You know, we've, we already see deep fakes, we already see misinformation. We already see all kinds of ways of, of making you not believe the things that you see. And if you, if you can't even believe. Sorry, my computer screen just disappeared. I think it went on screensaver. I'm going to pick that one up.

Noel King

North Korea. Okay.

Bobby Johnson

Yeah, that's. I do get paranoid about these things sometimes now. Yeah, I think this, there is this fundamental problem of eroding trust that you can't believe what your eyes are seeing. You know, we see deep fakes happening all the time. We see misinformation. We see all these systems working to kind of separate you from reality and try and get you to second guess everything that you see. And that's important. You know, you don't want to fall for tricks, but the more prevalent they become, the more difficult it is to know what's real and what's not. And so if you are, you are stuck in a position where you can't be 100% sure that you know, the person on your company team phone call or zoom call, who doesn't like to put their camera on and doesn't talk very often, but they do the job. You know, if you start to believe that that person could be an operative of a foreign country, then, you know, you're getting really into some wild places in your thought process. And I think that undermining of reality is kind of the biggest existential problem here. And it's one. I don't know that there's a way to solve it. But we can all see how dangerous it can be to separate you from the truth.

Noel King

Bobby Johnson, investigative reporter. Gabrielle Burbay produced today's show. Amina Elsadi edited. Patrick Boyd is our engineer, and Laura Bullard checks the facts. I'm Noel King. It's Today explained.

Bobby Johnson

Sam.