Fractions of a second betray North Koreans
The keystrokes of an external employee were suspiciously delayed. Amazon.com identified him as North Korean.
North Korea's flag
(Image: Jiri Flogel/Shutterstock.com)
IT professionals from North Korea are infiltrating Western companies under false identities. By working remotely, they generate revenue for the North Korean government, and occasionally collect regime-relevant data. Amazon.com has uncovered one such mole. The giveaway was keystrokes that were a fraction of a second slower.
The data giant had outsourced the administrator job to a staffing agency. This agency believed it had hired someone in Arizona, and Amazon sent them a laptop. Security software installed on it raised an alarm: the latency of keystrokes transmitted to Amazon's servers was not in the range of a few dozen milliseconds, but 110 milliseconds.
This is what Amazon's Chief Security Officer Stephen Schmidt told the news service Bloomberg. The longer delay suggests that the user is not sitting in Arizona, as claimed, but far away. Amazon monitored the suspect's work for a few days, obtained their job application, and finally fired them.
The Arizona address turned out to be the household of a woman who had set up the laptop and connected it to the North Korean mole's server. She also received and forwarded the salary payments. This was not an isolated case: in a US criminal proceeding, she was sentenced to eight and a half years in prison in July for infiltrating North Korean IT professionals into more than 300 US companies.
Increasing number of North Korean applications
"If we hadn't been looking for North Korean workers, we wouldn't have found him," says Schmidt. The perpetrator did not have access to relevant data. His application repeated patterns already observed in other North Korean IT moles. They have difficulty with certain idioms and articles in the English language. They also often list the same foreign educational institutions and former employers, which is not easy for US companies to verify.
Videos by heise
Amazon states that it has already received a four-digit number of applications that it could classify as North Korean fraud attempts. This year, the number has increased sharply. Amazon has not yet discovered any secret North Koreans among its directly employed workforce. In November, five further supporters of North Korea pleaded guilty in the US.
(ds)
