Canadian authorities have issued a warning about the dangers of hiring remote IT professionals who could be North Korean state-affiliated workers, posing as freelancers with a strong technical skill set and hiding their identity.
A joint advisory was issued by the RCMP, Public Safety Canada, Global Affairs Canada, the Financial Transactions and Reports Analysis Centre of Canada, and the Canadian Centre for Cyber Security on July 16 warning Canadians and Canadian corporations to be aware of the risk.
It says that hiring such remote workers could have “legal consequences” and could also lead to “data theft and corporate espionage.”
In addition to putting Canadian companies’ data at risk, the earnings paid to the workers are used to fund the North Korean regime’s activities, including weapon development, the advisory said.
The Canadian government has imposed sanctions on North Korea in order to pressure the country to stop it from developing weapons of mass destruction and missile programs.
Hiring an IT professional from North Korea would violate the sanctions, officials said, and could lead to jail or fines of up to $100,000.
They warn that North Korean nationals pose online as freelancers and use technology to hide their identity, including by using VPNs, encrypted messaging apps, and deepfake technologies to fool Canadian companies.
Some may even pay others from different countries, called proxies, to use their personal details or accounts on employment platforms for the scheme.
The undercover North Korean workers have valuable IT skills, according to the advisory. These include mobile/web app development, graphic animation, database and online platform development, and hardware or firmware development.
The workers are seeking to “gradually access and establish” networks in key sectors for “malicious cyber activities,” the agencies said.
Authorities say that these individuals place spyware on company or corporation servers, which can collect information, monitor traffic, or be used to gain access to the system in the future. These put companies at risk of espionage and data theft.
Small business and startups are at highest risk, according to the advisory. These organizations are in need of highly skilled talent, and have minimal capability to vet candidates.
The advisory recommends companies watch for signs that could indicate the candidate is from North Korea, including an unwillingness to participate in video interviews or calls, asking to be paid in cryptocurrency, inconsistencies in personal information, and being willing to start work without a contract.
US Lays Charges
The U.S. Justice Department recently announced criminal charges in connection to a scheme by North Korea to pay for its weapons programs with the earnings of remote IT workers who were hired by U.S. companies.Many of the North Korea workers used stolen or fake identification of U.S. citizens, and worked as remote IT employees, including at Fortune 500 companies, U.S. officials said.
Wages of these individuals are transferred into accounts affiliated with North Korea, prosecutors said.
One of the cases saw a U.S. national arrested and more than six other foreign nationals charged for their role in the fraud scheme. Prosecutors say that case impacted more than 100 companies and raised about $5 million in revenue.
In another case, four North Korean nationals were using fake identification to access an Atlanta-based blockchain research company. They were able to steal hundreds of thousands of dollars in virtual currency.
The Justice Department did not identify the companies that were affected, but did note some information related to sensitive military technology was stolen.
