back to article Security biz KnowBe4 hired fake North Korean techie, who got straight to work ... on evil

Cybersecurity awareness and training provider KnowBe4 hired a North Korean fake IT worker for a software engineering role on its AI team, and only realized its mistake once the guy started using his company-provided computer for evil. KnowBe4 'fessed up to the hire in a Tuesday disclosure from CEO Stu Sjouwerman. He explained …

  1. Anonymous Coward
    Anonymous Coward

    Is not even theReg safe from the pronoun police :o

    > Stu Sjouwerman. He explained that his HR team conducted four video interviews with the candidate, confirmed their appearance matched a photo ..

    1. Anonymous Coward
      Anonymous Coward

      Apparently, yes.

      I hate to disappoint you, but the use of "their" is perfectly normal English in that sentence, and has been for decades. Use of "their" in that position is fine even if the gender has already been identified - you don't have to bash the specific pronoun in everywhere.

    2. phuzz Silver badge
      Headmaster

      Re: Is not even theReg safe from the pronoun police :o

      "They" is perfectly appropriate, because the company don't know if the candidate was male, female, or even if they exist.

      But maybe elReg needs to start putting content warnings on articles that contain any pronouns, just to avoid scaring readers like OP?

    3. MOH

      Re: Is not even theReg safe from the pronoun police :o

      Do pronouns work differently in North Korea?

  2. BartyFartsLast Silver badge

    hmm

    If they are suggesting the use of VoIP numbers is a red flag or that an established telephone number is somehow a marker of authenticity we are in for some interesting times as we transition from POTS to fully VoIP networks

    1. Anonymous Coward
      Anonymous Coward

      Re: hmm

      Contrast cell/mobile vs VoIP. If the number is linked to a carrier in the country, it's likely that the phone is normally in the country. (International roaming can get expensive.) But VoIP could be anywhere on the planet.

      If you're referring to VoIP phones replacing POTS, I haven't seen much of that; most folks simply drop the landline entirely and use cells/mobiles instead.

      1. BartyFartsLast Silver badge

        Re: hmm

        Had my landline migrated to VoIP only three or so weeks ago, pretty much all the neighbours have too, my partner had hers done a few months ago and several friends last year.

        It's pretty common.

        It's also pretty easy to fake mobile numbers and most of the spam,scam "tech support" calls that come through on a 07xxx numbers are not located in the UK

        1. Anonymous Coward
          Anonymous Coward

          Re: hmm

          My small town US phone provider went to all fiber optic a few years back. If there is a power outage a battery downstairs keeps the phone connection going for awhile.

          So not sure if it's real VoIP or some special protocol over the fiber optic.

          That reminds me. I need to make a note to myself to check the battery when I get home. It's a gel cell and one has died already. Might be time to replace the second one.

          1. RAMChYLD

            Re: hmm

            Mine went VOIP over aa decade ago, the GPON terminal converts fiber to analog RJ-11. Afaik the terminal itself has some software that links up to a network on VLAN 400.

            Technically, we were moved to VOIP. However the number is still Malaysian style including having the same area code.

            1. The Oncoming Scorn Silver badge
              Trollface

              Re: hmm

              Had a VOIP number in UK & took it with me to Canada.

              One mid morning sales call asking if I wanted a contract cellphone & plan in the UK, despite me saying repeatedly my current PAYG Canadian number was costing me $50 a month.

              Penny only dropped when their system couldn't recognise the postcode (Similar format to UK) & I went through the address line by line until I got to the province & country.

              "I don't understand....this is a UK number!"

              It's a VOIP line, a virtual number

              "I don't understand..."

              You're trying to sell me a digital service, & can't grasp that calls can be made to virtual phone numbers over the internet!

              "You've wasted my time! "

              You rang me, this number is only known to family & the companies in the UK that need it (I'm not sure if it was on the TPS exclusion list), have a great day!

            2. Anonymous Coward
              Anonymous Coward

              Re: hmm

              Same here, for Germany

  3. sitta_europea Silver badge

    "...If it can happen to a security awareness company, it can happen to anyone."

    I take issue with that.

    I would never hire anybody I hadn't met in person.

    For a security company to do it is just plain crazy.

    Don't tell me you can't get the staff when what you mean is you don't want to pay them the going rate.

  4. IanRS

    Real location

    KnowBe4 reckons the laptop was sent to an "IT mule laptop farm" – facilities in North Korea or China where fake workers ply their trade, using VPNs to hide their location.

    You cannot hide a physical delivery address behind a VPN. Perhaps the North Korea as the final line of the address should have raised concerns?

    1. FrogsAndChips Silver badge

      Re: Real location

      I presume it was sent to a 'safe' location by the company, then forwarded to North Korea by the fake worker.

      1. The Oncoming Scorn Silver badge
        Pirate

        Re: Real location

        Arrived at address sometime in the week or Friday for a Monday start date & someone took a flight home, presumably with other laptops, hand waved through Customs on arrival in North Korea.

    2. doublelayer Silver badge

      Re: Real location

      There are two really easy ways to get around that.

      1. The laptop was delivered to an address in the US. The person at that address has been told to get the package and send it to Hong Kong. The person in Hong Kong has been told to send it to Shenyang. Someone in Shenyang gets it and brings it to wherever they want it.

      2. The laptop was sent to an address in the US. There, it was set up with a local internet connection and the IP sent to China or North Korea, where someone set up a remote connection to it.

  5. that one in the corner Silver badge

    Where can I get more of that scam?

    > The scam is that they are actually doing the work, getting paid well

    If the "scammer" is actually doing the work, can we get some more of, please?

    Maybe in one or two companies whose QA tes we have recently suspected are understaffed (and/or the staff are underperforming).

    Ok, not this particular guy, with his penchant for malware.

    Just a strange use of the word "scam". Fraudulent ID, yes.[1]

    [1] Which raises another question: if they were going to have a video call, why use (pseudo)AI to modify a stock photo? Couldn't find a camera and a blank wall to stand against? Or some people have just fallen for the "AI" hype, even in. N. Korea.

    1. doublelayer Silver badge

      Re: Where can I get more of that scam?

      Maybe the identity they used didn't look much like them, but they didn't have an unlimited supply of fake identities that all look like Koreans of the right age (I think this is mostly young males as North Korea hasn't prioritized computer skills until the last fifteen years and at least one of the technology-focused schools is male only). If they're using stolen US identity documents, they may have to take steps to appear to be the person pictured in them.

      1. that one in the corner Silver badge

        Re: Where can I get more of that scam?

        > If they're using stolen US identity documents, they may have to take steps to appear to be the person pictured in them.

        Well, yes, like

        >> a camera and a blank wall to stand against

        Plus a copy of MS Paint - as capable as using an "AI" to modify the picture of the stolen credentials. More, as Paint doesn't have a habit of adding or removing fingers.

        1. doublelayer Silver badge

          Re: Where can I get more of that scam?

          They could modify the picture on the identification documents instead, but if they did that, the picture would no longer match any other pictures of the victim that might be found online. I wouldn't search out pictures of people to check them against the documents, but if someone did, that might make it difficult to get away with an ID that's just had someone else's picture swapped in. Meanwhile, if they have good enough software that they can appear in a video as the person whose real face is on the ID, then that might be less likely to be caught by the employer before someone is hired. This is especially true for differences in age, because if I change out the picture on an identification document for someone aged 23 and they claim to have ten years professional experience and a birth date in line with that, it might be more obvious that they're not who they say they are.

  6. The Man Who Fell To Earth Silver badge
    FAIL

    Not much of a security company

    The cost of flying someone out to interview is trivial compared to what you will be paying them over the course of the first year. To not eventually interview in person before making a candidate an offer is not just cheap, it's downright stupid. Especially for a "Security Company". I'd never hire these clowns or knowingly use their products.

  7. Anonymous Coward
    Anonymous Coward

    On the plus side..

    .. at least they're using Macs. No Crowdstrike problems :)

  8. glennsills@gmail.com

    So, KnowB4 only knew afterwards... Interesting.

    1. Anonymous Coward
      Anonymous Coward

      "20:29 Hindsight - our Guarantee of Quality* For You"

      * Quality may up or down. You house may be at risk if you buy our product.

  9. Marty McFly Silver badge
    Pint

    Free Kevin!

    He is either rolling in his grave, or laughing his ass off. Oh the irony of this company getting social engineered!

    I met him once. I was tasked as his valet to cart around his computer equipment at a conference. He never let the stuff out of his sight. Interesting individual to say the least.

    Cheers to the old-school social engineering that he pioneered. Many careers can be attributed to the industry he created through his early life antics.

  10. Stevie

    Bah!

    Just an observation on the comments here and elsewhere (especially Twixxer):

    Why is it that posts with missing words are becoming more prevalent on SocMed?

    Is it an edit fumble or is it foreign AIs with poor grasp of grammar making the posts?

    1. Anonymous Coward
      Anonymous Coward

      Re: Bah!

      Its simply poor grammar caused by a simple lack of ability to compose complete sentences, either for typing or speaking.

  11. BasicReality

    A place I worked used this company, always hated their crap. Maybe this will help get them shut down.

  12. ecofeco Silver badge

    Good. Screw 'em

    I have yet work to any job in IT were the scrutiny is nothing short of state secret level of verification, even as a lowly Teir 1 and 2 support tech.

    To see a blunder on this scale and scope is pure schadenfreude.

  13. Anonymous Coward
    Anonymous Coward

    Got to work in just 25 minutes

    Now there’s ya problem!

    A real employee wouldn’t be so quick.

  14. pro-logic

    The Inside Man

    https://insideman.knowbe4.com/

    It's almost like someone watched their training videos / TV series about a company hiring a plant IT guy who's out to cause havoc and just went "I bet they'll fall for that!"

    1. Nifty

      Re: The Inside Man

      A perfect 'life imitates art' event. It's up there with the time that Amazon remotely pulled everyone's copy of 1984 and Animal Farm off their Kindles and sent them down the 'memory hole'.

      https://www.nytimes.com/2009/07/18/technology/companies/18amazon.html

  15. Erik Beall

    Inside man series

    They have a video series "inside man" that is surprisingly good at increasing security awareness. A company I'm contacting for now forced us all to watch it and I wish I could get my spouse and kids watch it too. Entertaining to me but not quite enough for them.

    1. James R Grinter

      Re: Inside man series

      Which is why I was waiting for a sales pitch at the end of the first coverage of this story that I read.

      It just seemed a bit too convenient.

  16. Anonymous Coward
    Anonymous Coward

    Scammers everywhere

    > The scam is that they are actually doing the work, getting paid well

    Did a colleague of theirs get a job at Crowdstrike recently?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like