US Seizes 17 Website Domains Used by North Korean Tech Workers

Facts

  • The US Dept. of Justice (DOJ) this week revealed it had confiscated 17 websites posing as legitimate US-based tech firms. The domains allegedly enabled North Korean IT workers to work remotely for US companies, defraud US companies, bypass sanctions, and garner money used to fund North Korean weapons programs.1
  • According to a written statement made by the department's National Security Division on Wednesday, Assistant Attorney General Matthew Olsen said: 'The seizures announced today protect U.S. companies from being infiltrated with North Korean computer code and help ensure that American businesses are not used to finance that regime's weapons program.'2
  • North Korean agents allegedly work as remote Information Technology contractors in China and Russia, more commonly than in the US, sending millions of dollars each year to finance weapons programs at home. This bust saw the FBI seize at least $1.1M from online accounts kept by North Korean operatives posing as Americans.3
  • The DoJ also revealed that the North Korean employees occasionally got into computer networks to steal information from the companies they worked for and often maintained access for potential future hacking or extortion attempts.4
  • In May, the US and South Korea announced new sanctions related to North Korean tech workers, while the DOJ has urged employers to exercise caution when hiring freelance workers.5

Sources: 1Reuters, 2UPI, 3The Daily Beast, 4ABC News and 5GMA News Online.

Narratives

  • Narrative A, as provided by The Register. Thousands of North Korean techies have devised schemes to infiltrate foreign companies, including some in the US. China and Russia are also prone to hiring these agents, meaning that this problem transcends geography and geopolitics. There are steps US companies can take to avoid hiring North Korean plants, and they almost certainly will become more aware of this problem and address it. This relatively low-level operation can be solved rather easily by US companies.
  • Narrative B, as provided by PC Mag. American companies have been getting duped by savvy North Korean tech workers, allowing North Korean nationals to funnel money back to their home country. US-based companies either ignored warnings to remain diligent, or they simply didn't care enough to protect against foreign plants within their ranks. Either way, North Korea seems to be ahead of US internet security norms and processes. US companies also need to bear the brunt of better vetting and security protocols.