Your New Hire May Be a North Korean Spy

The Journal.

The Wall Street Journal

Daily News, Business News, News

4.2 • 5.3K Ratings

🗓️ 10 September 2024

⏱️ 20 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

North Korean cybercriminals have developed a new way to access networks in corporate America: getting IT jobs. According to U.S. officials, hundreds of U.S. companies have unknowingly hired North Korean operatives in information-technology roles. Dustin Volz explores how these spies get hired, and one CEO describes how his company fell for the scheme. Further Listening: - How North Korea’s Hacker Army Stole $3 Billion in Crypto - North Korea’s Propaganda Mastermind - The Cyberattack That’s Roiling Healthcare Further Reading: - North Korean Spies Are Infiltrating U.S. Companies Through IT Jobs - Kim Jong Un Wants to Block All North Koreans From Escaping. It Isn’t Working. - A North Korean Diplomat Managed a Rare Defection: A Flight Out of Cuba Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	Earlier this year, Stu Showerman's company needed to hire a new IT guy.
0:11.3	We were hiring a fairly specific
0:16.0	hard to find
0:18.0	software engineer who had background in AI.
0:22.0	We have a number of AI initiatives and so we needed a software
0:27.9	engineer to support all those initiatives. The job was posted on online job forums and pretty soon resumes started to
0:36.4	flow in from all over the country and one candidate stood out.
0:42.4	He said his name was Kyle.
0:44.5	Mr Kyle, quote unquote, air quotes, had experience with exactly everything that we needed.
0:51.5	It was a very good interview. He was very open. He
0:57.6	talked about his strengths and weaknesses, indicated where he felt he needed additional training and you know indicated a
1:08.0	career path and so was the perfect interviewee, which made us, you know, move to the next step.
1:17.0	After conducting background checks, Stu's company decided to hire Kyle as a remote employee. They sent him a work laptop
1:24.8	to an address in Washington State and started the onboarding process. But almost
1:29.6	immediately, it became clear that Kyle was not who he said he was.
1:36.0	At that point in time our team started seeing very concerning
1:42.0	traffic on that laptop.
1:44.1	What kind of concerning traffic?
1:46.2	Well, Kyle immediately started downloading malware.
1:50.6	We immediately saw that a whole bunch of things were happening that should not be.
1:56.0	We tried to get in touch with him and asked if he needed any help.
2:01.0	I think this was through Slack and I said yes I am trying to debug my router and I'm following instructions from a list and this is where it became very very iffy very fast.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from The Wall Street Journal, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of The Wall Street Journal and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.