Amazon has reported blocking more than 1,800 job applications from individuals suspected of being North Korean agents. This information was disclosed by Amazon's chief security officer, Stephen Schmidt, in a LinkedIn post.
Schmidt stated that North Korean operatives are attempting to secure remote IT positions using stolen or fabricated identities. The primary objective is to earn wages that are subsequently funneled to fund North Korea's weapons programs. This trend is believed to be widespread across the technology industry, particularly within the United States.
Application Trends and Detection Methods
Amazon observed a nearly one-third increase in job applications from suspected North Korean individuals over the past year. The operatives frequently collaborate with individuals managing "laptop farms," which involve computers located in the US but operated remotely from outside the country.
To identify these fraudulent applications, Amazon employs a combination of artificial intelligence tools and manual verification by its staff. Schmidt noted that the tactics utilized by these fraudsters have become more advanced.
Sophisticated Fraud Techniques
Fraudulent actors are reportedly hijacking dormant LinkedIn accounts by using leaked credentials to achieve verification. They often target profiles of genuine software engineers to enhance their credibility. Schmidt urged companies to report suspicious job applications to relevant authorities.
He also provided indicators for employers to identify potentially fraudulent North Korean job applications, such as incorrectly formatted phone numbers and discrepancies in education histories.
US Government Investigations and Enforcement
In June, the US government announced the discovery of 29 "laptop farms" operating unlawfully across the country, managed by North Korean IT workers. The Department of Justice (DOJ) indicated that these operations utilized stolen or forged American identities to assist North Korean nationals in obtaining employment within US companies.
The DOJ has also indicted US brokers involved in securing positions for these North Korean operatives. In July, an individual from Arizona was sentenced to over eight years in prison for operating a laptop farm. This operation facilitated remote jobs for North Korean IT workers at more than 300 US companies, generating over $17 million in illicit proceeds for the operator and for Pyongyang.