A North Korean imposter was uncovered, working as a sysadmin at Amazon U.S., after their keystroke input lag raised suspicions with security specialists at the online retail giant. Normally, a U.S.-based remote worker’s computer would send keystroke data within tens of milliseconds. This suspicious individual’s keyboard lag was “more than 110 milliseconds,” reports Bloomberg.
Amazon is commendably proactive in its pursuit of impostors, according to the source report. The news site talked with Amazon’s Chief Security Officer, Stephen Schmidt, about this fascinating new case of North Koreans trying to infiltrate U.S. organizations to raise hard currency for the Democratic People’s Republic of Korea (DPRK), and sometimes indulge in espionage and/or sabotage.
Sounds much better than “Amazon surveils keystrokes of its IT workers”!
This was also my takeaway. Sounds like a security nightmare if they are logging any data.
If you use a company-provided computer for work, then it’s safe to assume they’re already doing that.
The problem is that you don’t want to record important information like passwords so if they did log them, it’s another possible vector of loss. I e if someone got into that copy of the data
That’s a valid point.
Well it isn’t paranoia if North Korean impostors really are working in your company.
Yeah, hate it all you want. But risk scales with the amount of employees you have. At the scale of Amazon you have to do literally everything to minimise risk.
How am I the first person to ask why they’re measuring the latency on everyone’s keystrokes?
Literally, catching North Koreans might have been the idea. It’s become a big issue.
Probably one of the less shocking things they track.
On one side I feel like “cool, they managed to find a spy on this sophisticated way”
On the other side I’m thinking what kind of intrusive keylogging malware did they install on all their employees laptops…
This article is just building justification for spying on your employees
I mean, if it’s a company-owned laptop, they can do whatever the fuck they want with it. I bring a personal laptop to work for browsing and YouTube and whatnot, attached to a VPN.
I wonder how many they’ve missed over the years, this kind of thing has been occuring since at least 2012.
Reminded me of the ‘critical infrastructure company’ (I presume utility) software developer who handed all his credentials over to a worker in China, including mailing them his RSA keyfob, and wasn’t discovered for months until the company security team noticed VPN logins coming from China.
Apparently it’s become even easier for malicious remote workers to fake resumes and identities to gain jobs via AI, so I hope all major companies are monitoring their remote access very closely.
deleted by creator
deleted by creator
Correct. The hostile actor gained employment with their victim, a common method of infiltration. You should look up the definition of infiltration.
deleted by creator
It kinda is, its practically a requirement for a lot of corporate espionage and a lot of spies have entire lives alongside their spy duties. Also fun joke I’ve heard about Vladivostok during the Cold war, “There were surprisingly only a handful of people in that city, American spies, Soviet counter intelligence, smugglers, cargo movers, and baristas who ignored the whole mess” heard that from an ex-CIA guy who was doing a talk at a spy exhibit back when I was a kid.
deleted by creator
The Norks have quite literally done data breaches and major hacks via this exact method in the past. They basically have nothing to lose on the international level so they do this and then trade it to countries like China or Russia for whatever it is they want. If they didn’t have a documented history of doing shit like that nobody would assume espionage.
If they didn’t have a known tendency towards weird espionage shit going back to the 50 and 60s nobody would care, but they do have a known tendency towards doing weird espionage shit.
deleted by creator
By itself no, but employment absolutely is compatible with infiltration. In fact, it doesn’t even have to be a foreign-state actor, or even a witting party (e.g. clicking on stuff in spam mail). See: insider threat, and data exfiltration.
Yeah, and its curious to see you getting downvotes for the intra-departmental outsourcing that’s been rampant through the tech sector for a while now.
What we’ve got isn’t some nefarious plot by the Chinese-Adjacent to invade our precious trillion dollar tech industry. Its the deliberate consequence of sanctioning a country to the hilt to devalue local labor, then exploiting the sanctioned locals to extract labor at below market rate.
This is not some kind of facewashing?
No
deleted by creator
Isn’t this an example of them taking it pretty seriously?
