Financial Crime World

SEOUL TIMES

Korea Takes Measures to Prevent Inadvertent Hiring of North Korean IT Workers

Warning Issued by US and ROK Governments

The United States and the Republic of Korea (ROK) are taking a closer look at digital payment systems in an effort to prevent the inadvertent hiring of Democratic People’s Republic of Korea (DPRK) information technology (IT) workers.

Instances Reported

Several instances have been reported of DPRK IT workers being hired for freelance work without proper background checks or due diligence measures in place. This has led to significant risks, including:

  • Theft of intellectual property: DPRK IT workers may steal sensitive information and data from companies.
  • Data breaches: They may also compromise company systems and lead to data breaches.
  • Reputational harm: The hiring of DPRK IT workers can damage a company’s reputation and lead to legal consequences.
  • Legal consequences: Under U.S., ROK, and United Nations (UN) authorities, companies may face penalties for hiring DPRK IT workers.

Red Flag Indicators

Experts have identified several red flag indicators that may indicate a potential DPRK IT worker. These include:

Unwillingness or Inability to Appear on Camera

  • Video interviews: DPRK IT workers may be unwilling or unable to appear on camera during video interviews.
  • Inconsistencies: They may exhibit inconsistencies when they do appear on camera, such as time, location, or appearance.

Indications of Cheating

  • Coding tests: DPRK IT workers may cheat on coding tests or when answering employment questionnaires and interview questions.
  • Social media profiles: Their social media and other online profiles may not match their provided resume.

Suspicious Home Address

  • Freight forwarding address: The home address they provide for provision of laptops or other company materials may be a freight forwarding address.

Due Diligence Measures

To prevent the hiring of DPRK IT workers, experts recommend several due diligence measures. These include:

Thorough Background Checks

  • Conduct background checks: Conduct thorough background checks on potential employees.
  • Verify bank information: Verify check numbers and routing numbers match an actual bank.

Record Keeping

  • Keep records: Keep records of all interactions with potential employees.
  • Prevent remote desktop protocol: Prevent remote desktop protocol from being used on company devices.
  • Lock down administrative permissions: Lock down all administrative permissions and install insider threat monitoring software.

Reporting Suspicious Activity

The FBI urges victims of DPRK IT workers or those who suspect they may have been victimized to report the suspicious activity to the Internet Crime Complaint Center (IC3) at ic3.gov. The ROK government requests that suspicious activity be reported to the National Intelligence Service and the National Police Agency.

Conclusion

This is not a drill. The risks associated with hiring DPRK IT workers are real, and it’s essential for companies and individuals to take necessary precautions to prevent these risks. By being aware of the red flag indicators and taking due diligence measures, we can protect ourselves and our businesses from potential harm.