Ep. 209: Unmasking the North Korean IT Scam

“What the Hack?” is DeleteMe’s true cybercrime podcast hosted by Beau Friedlander

[00:00:00] Beau Friedlander: You just called IT support, but what if that helpful voice on the other end of the line was working from a high-rise on the outskirts of Pyongyang?

[00:00:10] Amanda Gerut: They were in the dark. The Americans had no idea that they were from North Korea.

[00:00:13] Beau Friedlander: And this operation, driven by an almost unthinkable amount of state coercion, operates the same way as an organized crime syndicate.

[00:00:21] Amanda Gerut: When you have 3,500 people doing the scheme, they are involved in everything.

[00:00:28] Beau Friedlander: That comes courtesy of something called a laptop farm. Lots of them, operating right here in the United States.

[00:00:36] Amanda Gerut: This is the mafia. This is the weaponization of remote work.

[00:00:40] Beau Friedlander: I’m Beau Friedlander and this is What the Hack, the podcast that asks a simple question: In a world where our data is everywhere, how do you stay safe?

---

Introduction to a Global Scheme

[00:01:05] Beau Friedlander: Amanda Gerut is the West Coast editor for Fortune Magazine. She just published a jaw-dropping piece about North Korean operative revealed the inner workings of the IT scam infiltrating the Fortune 500. I read this thing and it blew my mind. Amanda, before we get in, thank you for joining us.

[00:01:24] Amanda Gerut: Thank you for having me. I’m so excited to be here.

[00:01:26] Beau Friedlander: Now, where are you right now?

[00:01:28] Amanda Gerut: So, I’m in Sherman Oaks at my house, where I live with my husband and two kids and three cats.

[00:01:34] Beau Friedlander: Three cats.

[00:01:35] Amanda Gerut: Three cats. Three cats. We started with one rescue and then no cat can enter this house without leaving, so now we have three and now we’re done fostering. Forever.

[00:01:45] Beau Friedlander: Well, the cat redistribution system is pretty epic. I have two. Tom is a 20-million pound cat found on Bedford avenue and Brooklyn, and Preston was from the kill shelter in Brooklyn, so I’m with you there.

[00:01:59] Amanda Gerut: Yeah, I have Luna, who is a princess who was on the street, but now she eats caviar and sashimi from Sugarfish off chopsticks from my husband. And then we have Lilah who’s my son’s, who sleeps with him and will only be with him, and then Libby, who we think is part bobcat, feral, with my other son. So that’s how we roll. Yeah. It’s a cat house.

[00:02:21] Beau Friedlander: I love it. And the bobcat sounds like a lot of fun. Maybe not, but maybe. All right. So what’s your beat at Fortune?

[00:02:34] Amanda Gerut: My beat at Fortune is anything and everything. So West Coast basically means when New York signs off, I’m a one-lady band. It’s just me. I’m covering the news, I’m basically handling what needs to be handled, editing, reporting—whatever it is that needs to be done, I’m doing it.

[00:02:53] Beau Friedlander: Okay. Well, the West coast is closer to North Korea where this story happened than New York, so I guess there’s some logic there.

[00:03:06] Amanda Gerut: The North Korean IT worker story is my favorite story that I’ve written in 20 years, for sure. It is mind-blowing. I first discovered this story from late night, being solo after New York had signed off, reading an indictment of a woman named Christina Chapman, who’s going to be sentenced in a couple of days. She lives outside Phoenix, just a suburb. She was running a laptop farm.

And so a laptop farm is basically something where you are willing to accept laptops that are being used by the North Korean IT workers who have stolen or rented U.S. identities, and they’re using her address. So if you get a job at X, Y, Z company, they’re shipping you a laptop to do this remote IT work. You know, like the bowels of the IT job. She’s accepting the laptop on your behalf, she’s uploading software so that you can log in remotely from Cambodia or Laos or Russia or China or wherever you are, and then she’s communicating with the North Korean IT workers.

[00:04:10] Beau Friedlander: Okay, wait. Okay. So companies thought they were hiring American remote workers. Now, as usual, they shipped out work laptops, but those Americans were actually North Korean operatives. Christina Chapman was one of many, we don’t know how many, which is scary, who accepted a number of these laptops, set them up with remote access tools, which made it possible for North Korean IT workers to work a remote job in the United States. Tell me more about Chapman.

[00:04:41] Amanda Gerut: Sure. So, she had dozens of laptops at her house outside Phoenix. She’s collecting a fee per laptop every month, and she’s also taking their salaries and then remitting that U.S. currency to the North Korean IT workers who then, they take the money and it’s either laundered onsite or it’s laundered elsewhere, and then it goes back to North Korea.

[00:05:05] Beau Friedlander: Did you just stumble on this story? Or have you been working on it?

[00:05:09] Amanda Gerut: I have been on this for a while. It’s been kind of building and building. The FBI has had most wanted lists up of all of these North Korean IT workers for a long time.

[00:05:22] Beau Friedlander: How long are we talking about?

[00:05:24] Amanda Gerut: We’re talking about, I think, two years, but the indictments became more well-known when they started indicting the American accomplices last year. So this was the Christina Chapman indictment, you know? Woman in her 40s outside Phoenix somehow got involved in this scheme, and it blew my mind. I was like, the scheme is what? The scheme is, she’s living her life just having laptops at her house and collecting a vig on each laptop.

[00:06:00] Beau Friedlander: Being about this woman, she’s indicted and she has something that’s mind-blowing. She’s making, now, a vig if you don’t know what a vig is, it’s sort of a mafia term. It means you get, it’s the vigorish. You get a little bit of money. It was like a loan shark would get the vig. She’s getting a vig on what exactly, Amanda?

[00:06:18] Amanda Gerut: She’s getting a vig per laptop, so she’s getting a fee per laptop, and then because she’s also handling their salary, right? So she’s opening bank accounts where they are getting paid by American Fortune 500 companies and she is getting their salary and then making sure that they are getting their money, the guys who are doing the actual work.

[00:06:47] Beau Friedlander: All right, so what is this job called where you have computers in your house and you get a vig for having them there? What is this job? What is this?

[00:06:56] Amanda Gerut: You are a laptop farmer. If this is your job, you are a laptop farmer.

[00:07:00] Beau Friedlander: Oh my gosh. And what is a laptop farm exactly?

[00:07:02] Amanda Gerut: A laptop farm is a very under-the-radar house where you are just having laptops plugged in all the time, running all the time, because we’re dealing with different time zones. And you’re installing software. They have software that they like. They have different types of software that they like, some that they don’t like, so you have software in your house. You’re uploading software so that they can log in remotely. They do legitimate work, they’re doing legitimate work dialing in remotely through these laptops. This is the weaponization of remote work by the Democratic People’s Republic of Korea.

[00:07:46] Beau Friedlander: This is the weaponization of remote work by North Korea. To me that’s…so this woman has a laptop farm and she’s making money off of it, and she’s also making payments. It seems to me like I want to start one of these things. Maybe you and I can do it together. We can pool our money and buy some laptops.

---

Funding a Nuclear Program

[00:08:02] Beau Friedlander: How is it that anyone in the United States can be sending U.S. currency to North Korea and not get flagged?

[00:08:13] Amanda Gerut: That’s a great question, because North Korea has been under sanction, heavy financial sanction for a very long time. The way the scheme has been described to me and the way it’s been laid out in the indictments is that the American accomplices are sending currency through the use of a payment app, and there are a couple of choice apps. The North Korean IT worker who defected after being involved in a scheme has told me that some of the apps they have used have been Payoneer, PayPal, and then they also are heavily involved in crypto.

[00:08:56] Beau Friedlander: Yeah, and that was one of the things I got from the later indictments. In Hertzberg’s indictment, he said that there was a lot of money being moved around by smart contract. And as far as I understand smart contracts are crypto-related, and they were sending at the time of their thefts this group had sent almost a million dollars. $900,000, but what’s a hundred thousand dollars between people funding…and we haven’t even gotten to that yet. Funding North Korea’s nuclear program. Am I right about that?

[00:09:28] Amanda Gerut: Yeah, it’s the nuclear program. Kim Jong-un has been open about how he feels like the future of the Democratic People’s Republic of Korea is going to be through nuclear weapons development, ballistic missiles. And they are able to do a lot of this on the cheap is what I have understood. There are a lot of ex-military guys out there who are DPRK IT worker hunters. They track these guys all over and expose them because they’re not stealing money, they’re not stealing crypto because they wanna get Lamborghinis and Birkin bags. They are developing nuclear weapons.

[00:10:04] Beau Friedlander: For North Korea. That is…

[00:10:05] Amanda Gerut: For North Korea, yeah.

[00:10:07] Beau Friedlander: So, it sounds like a pretty ornate scam that’s going on, and it is, and it is for a reason: because the payoff is huge.

[00:10:16] Amanda Gerut: This is a sophisticated scheme. The scale of it, according to the UN, is that this scheme reliably generates up to $600 million a year through the legitimate IT work done by thousands of trained technologists who, it’s actually really tragic. They’re plucked from a young age when they show aptitude in math or STEM, and then they go to these elite boys’ schools, they become friends. They’re all boys. They go to boys schools, get trained in tech, and then they’re deployed in these four- or five-man delegations to sites all over the world. And then they’re almost in competition with each other. They have to meet these quotas. The quotas were doubled during COVID from $5,000 a month to $10,000 a month. And so they have to make all this money every single month, or they face punishment, or their families face punishment. It’s actually really sad, and the other thing itself that’s important to remember here is that the way this was explained to me by a guy named Michael Barnhart, who is at DTechs, and he’s been sort of the face of explaining this to the government, to media, to everybody is that they are very involved in doing things that are so far below giving a dam about that you don’t really realize it. But when you have 3500 people doing this scheme, they are involved in everything. I mean, one tech founder told me that he does not interview people for jobs until they agree to say something negative about Kim Jong Un, because 90-95% of the resumes that he gets from job applicants are North Korean IT workers.

---

Inside the Operation

[00:12:18] Beau Friedlander: I have so many questions and so little time. The article mentioned, you know, training these developers to work outside of the DPRK, and it sounds to me like there’s an army of them. And it sounds to me like there are almost like sleeper cells outside of the country doing this work. Okay, you say yes, and it sounds to me like they’re basically being human-trafficked with hostages on the other end. Their family. Is this all right?

[00:12:45] Amanda Gerut: That’s precisely, that’s exactly what’s happening.

[00:12:48] Beau Friedlander: It’s a psychotic scheme, which I guess…

[00:12:52] Amanda Gerut: If the shoe fits. Yeah.

[00:12:55] Beau Friedlander: You managed to actually speak to somebody who was in this world, working as an IT person involved in raising money for North Korea’s nuclear program. I can’t believe I just said that sentence. Who was it? Who did you speak to?

[00:13:11] Amanda Gerut: I worked with an NGO that’s based in Seoul, South Korea that has worked with thousands of North Korean defectors. These are people who are fleeing North Korea. And through this group, I was able to do an email interview with a former North Korean IT worker who goes by the alias Kim G Min. We had to keep a lot of details non-public because his family is still in North Korea. They are in serious danger because he has now defected and because he was part of this scheme and speaking to Western media. They are in grave danger.

[00:13:50] Beau Friedlander: So you spoke to this man who is now in South Korea. He’s a defector, and you just painted a pretty bleak picture, which is that his family is still in North Korea. So they are in danger, and this has to be very carefully orchestrated. Is that where you started to get some of this reporting?

[00:14:06] Amanda Gerut: Speaking with Kim G Min actually confirmed for me a lot of what I had already heard from a lot of the sources that I had spoken with and interviewed beforehand. So, the thing that was interesting talking with Kim G Min was his revelation that he never worked with American accomplices. They were in the dark. He said the Americans had no idea that they were from North Korea.

[00:14:32] Beau Friedlander: These were including the laptop farm people?

[00:14:34] Amanda Gerut: That wasn’t part of his scheme. His scheme involved going on freelance work platforms and basically pretending to be somebody doing a development project, a software development project, taking the bidder’s identities, and then pretending to be them. So he would get legitimate bids, take their identities, take control of their accounts—remember, he’s a trained hacker—and then he would use their identities to get actual jobs.

[00:15:31] Beau Friedlander: Okay, so a side note. An RFP is a request for proposal. So this guy was asking people to make bids on jobs basically and when they did that he stole their identities. Pretty clever. So he would use the public-facing information of these people he was interfacing with, create a dossier, and then he committed criminal identity theft.

[00:15:42] Amanda Gerut: Criminal identity theft. That was the way he engaged in the scheme. I mean, I think that these guys have a lot of freedom. Some of them are working with the laptop farms. Some of them are just getting Americans who are willing to give them their identities and then they create fake LinkedIn profiles for them. There was one nail salon employee who was indicted before this most recent indictment who had met somebody on a video game and he just gave him his identity, and he was holding 13 jobs being done by these guys in China.

[00:16:14] Beau Friedlander: So inside this world, there’s a universe of different protocols and ways of working, but they’re all funneling money back to North Korea for the nuclear program.

[00:16:23] Amanda Gerut: As long as you make your money, you’re good. If you’re not making money, that’s when your work hours double. You go from working 10 hours a day to 18 hours a day. That’s when things get really bad.

[00:16:36] Beau Friedlander: You’re describing something that is familiar to anyone who has watched crime-genre movies in the United States, or television. I mean, you’re describing a mafia-like operation where as long as you hand in that envelope and it’s not light you are in good stead with the boss. In this case, the boss is a dictator.

[00:16:57] Amanda Gerut: This is the mafia. This has been described to me as the mafia. There’s a capo, like Christopher Moltisanti in The Sopranos, and then there’s the team.

[00:17:09] Beau Friedlander: Okay, now, in addition to laptop farms and folks doing criminal identity theft in the commission of getting jobs to exfiltrate money or just make money as an IT person and send it home, you have people in the United States and elsewhere renting out their identities. Now, do you have any idea how much they get for that?

[00:17:34] Amanda Gerut: Are we doing it all wrong? I know. I mean, what I have seen in the indictments is that what they are promised at the beginning of the scheme is typically not what they end up with at the end. But they do-

[00:17:48] Beau Friedlander: Who’s the “they” here in that sentence?

[00:17:52] Amanda Gerut: This would be the American accomplices, the laptop farmers.

[00:17:54] Beau Friedlander: Now, do you have any idea what these renters or laptop farmers are being promised?

[00:18:00] Amanda Gerut: They are typically promised 10 to 20% of the salary that the IT worker is pulling down, which might be as much as $300,000. So they’re getting 10 to 20% of that, and then they’re also getting a monthly fee per laptop.

[00:18:18] Beau Friedlander: Now, how much money are they really getting at the end of the day?

[00:18:21] Amanda Gerut: They’re not getting as much as they think they’re getting, and that is part of the scheme as well is you get your hook, you get somebody hooked because the promise of this money in this economy, and then you know once they’re involved in the scheme, it’s not like you can go to the Better Business Bureau and be like, “My North Korean IT workers that I’m working with are not paying me fairly.” So once they’re involved, it’s hard to get out.

[00:18:47] Beau Friedlander: So these are victims of a scam. A very big scam.

[00:18:51] Amanda Gerut: Well, some of them are victims. Some of them are not really aware of what they’re doing or what it’s for, but some of them are aware of what’s going on.

[00:18:59] Beau Friedlander: But they’re not aware they’re funding a nuclear program, but they are aware of the fact that they’re doing something illegal. No?

[00:19:04] Amanda Gerut: I don’t think that they’re aware that they’re funding a nuclear program.

[00:19:08] Beau Friedlander: And Mr. Kim pushed back when you were trying to get him to say that the Americans were accomplices, and I thought that was really interesting. So if they’re not accomplices, it does mean that in one way or another they’re victims, or even if they’re…I don’t even know how you would say that. A crime without…it’s not a victimless crime. It’s a crime without an ouch.

[00:19:31] Amanda Gerut: Some of them were unwitting. So that was what he was involved in. He was involved with these unwitting accomplices, because he was stealing their identities, but if you’re a laptop farmer, I would find it difficult to believe that you weren’t aware that this was totally illegal.

[00:19:48] Beau Friedlander: Now, do you have any idea if these people are being approached the way that we’re all approached all the time? Something is available online, public-facing, and you get a phone call, you get an email, you get a text saying “you can make $600 a day. Ask me how.” I mean, is that how these scams start?

[00:20:08] Amanda Gerut: That is basically how a lot of it works. It’s on video games, on Discord, on Telegram. This scheme has infiltrated so many facets of American life. They infiltrated an American election campaign website. I mean, it’s all over the place.

[00:20:22] Beau Friedlander: Can you tell me a bit about the election campaign site?

[00:20:27] Amanda Gerut: A candidate in Oregon posted a job for her campaign website on UPwork, got a developer, verified developer, who at the very end of the project – it was a really small project. Low-budget. Very end of the project subcontracted to someone who he thought was just a developer like him, but was a North Korean IT worker. And then when you think about what Kim G Min has said, which is that they were directed to intensify regime propaganda, when you think about an American election campaign website being infiltrated and then propaganda being part of this mission in addition to revenue generation, it becomes very scary and the problem becomes much more urgent, much more immediate.

[00:21:17] Beau Friedlander: Now, these, let’s just call them cyber-soldiers. They’re not only doing these kinds of scams, these IT-related things to fund the nuclear program. It sounds to me like it is a vast army of cyber warriors that are everywhere doing all kinds of things.

[00:21:37] Amanda Gerut: So, Kim G Min denied ever sharing information with some of the more malicious DPRK North Korean scammers who have been involved in these billion-dollar with a B bitcoin heists, or crypto heists, I should say. He denied being involved or sharing information with them. I have understood from sources that that is not true of all of the North Korean IT workers who are focused on just generating revenue, that they are sharing information with some of these more malicious actors who then use that information to help them come up with these very sophisticated schemes where they heist crypto.

[00:22:18] Beau Friedlander: All right, so I’m wondering, besides the indictments we’ve already talked about, what is law enforcement in the United States doing to stem the flow of money out of the country through these IT workers?

[00:22:28] Amanda Gerut: Law enforcement has been very focused on this. There was a huge joint task force with the FBI, DOJ, secret service, because the tentacles are so all over. It’s like a big old wheel with spokes. There’s the revenue gen, they’re in the American companies, they’re on the freelance work platforms, they’re on LinkedIn. So a lot of these freelance platforms just boot them all the time. Microsoft announced last month that three thousand accounts that were created by North Korean IT workers using Hotmail and Outlook, they booted they booted them from the platform. So there are these indictments, but then there are also announcements all the time of sanctions or you know, do not work with this bank in Cambodia because they’re laundering money for the IT worker scheme.

---

How to Protect Your Company

[00:23:21] Beau Friedlander: Okay, so it’s been known for a bit. So how is it these IT workers been able to pull this off without detection for so long?

[00:23:28] Amanda Gerut: They’re very smart and very wily. I mean, they’re just, they’re nimble. Like, that one guy who just is doing IT work stealing your identity because you bid on a project, he’s doing that every day. They’re working ten hours a day basically just doing that, and then 3000 people doing it, they are making $600 million a year doing work.

[00:23:56] Beau Friedlander: Okay, I feel like I have to say the ridiculous sentence again, which is that you have IT workers from North Korea working legitimate jobs to make money for the North Korean nuclear program. It’s just weird. How can a company protect themselves from this? I mean, what are you supposed to do?

[00:24:18] Amanda Gerut: The low-tech solution is “say something negative about Kim Jong-un,” because if you’re a North Korean IT worker in the scheme, you are surveilled all the time. And it would be unheard of to say something insulting about Kim Jong-un. So they will never do it. Before we go any further, “Say something negative about Kim Jong-un.” That’s the low-tech solution. The high-tech solution is identity verification, and that’s an exploding area right now is identity verification because of this issue. So, “Show me a selfie with your ID and move it,” and then doing that periodically, because companies have already hired people who are North Korean IT workers who are some of their best employees. So you need to sort of find out if the call is inside the house. So it’s identity verification and then continuous identity verification, but then you have to balance that with, you don’t want somebody having so much friction in just applying for a job. Right? Like if somebody was like, “Apply for this job and show me your driver’s license,” there’s also the reverse scam that happens where somebody is like, “Oh, I’m going to hire you for this job. Give me your driver’s license and your bank account details,” and then you find out you were scammed.

[00:25:42] Beau Friedlander: And that’s what the guy you were talking to did. He would steal their identity and then he would have the ID to go and do the job. Is that right that no one will trash-talk Kim Jong Un, and if that’s the case, shouldn’t Kim Jong Un rethink that? Because it seems like it would be a really easy fix to be just like, yeah, in the job interview you can say that.

[00:26:05] Amanda Gerut: I know. Well, if you think about it, I mean, I don’t know about the Ps and Qs of being an authoritarian ruler, but I think you have to sort of maintain your authoritarian-ness, and that involves not letting anyone say anything bad about you.

[00:26:21] Beau Friedlander: Now, listen. And I do think that you’re right, because if we go back to the mafia, Tony Soprano would not let any of his capos call him a fat guy. I don’t think it would pass muster. In fact, I think people got shot in that show for doing that. You know, so I think you’re right. Amanda, you work for Fortune Magazine. There are a lot of people listening to this program who work in IT, work in cybersecurity, work in data management, who are freaking out right now. What’s your best advice?

[00:27:02] Amanda Gerut: I mean, my best advice is just pay attention. Pay more attention if people are always camera-off, or it looks dark outside when it’s supposed to be light. If they say they’re located in Alberta and then you look it up on Google and it’s in the middle of a pond, you know, it’s the three facts together should cause you to say, “Let’s do a meeting with the cameras on,” and then ask some questions. Because there’s a lot of material and evidence out there about how the scheme works, and you’ll see somebody saying, “I’m Anthony from Staten Island, and now I’m based in Brooklyn,” and then you’ll ask them, “What’s your favorite pizza?” and they will have no idea, right? So it’s just what does that mean? It doesn’t really add up, and why isn’t your camera on, and why is it dark if you’re in Brooklyn? And those are real things that some of the DPRK hunters have shown on X formerly Twitter of the evidence of some of the guys that are out there who were doing this IT scam.

[00:28:06] Beau Friedlander: So how do we get the word out about this?

[00:28:10] Amanda Gerut: I think some of the recent indictments are to make the public aware of this scam, to keep it sort of fresh in people’s minds so that they know that this is out there. There was a big recent joint enforcement action that generated a lot of media headlines, and law enforcement said, “We’re doing this and the FBI is creating a new wanted list because we want people to understand that this is very real and still happening.”

[00:28:41] Beau Friedlander: I mean, that’s great that the FBI is trying to get the word out. It’s great that the Secret Service is working on this, which they are. I assume the CIA is also working on this. Here’s the problem: all of the people in question are working in countries where Interpol doesn’t have great reach, and so there’s no way to arrest anybody. There’s no way to stop this. Okay. I sound panicked. Talk to me.

[00:29:06] Amanda Gerut: I mean, Kim G Min, the defector, said people are in North Korea, Russia, and China. You know, that’s tough.

[00:29:15] Beau Friedlander: What about Upwork and LinkedIn and Facebook? Meta is phenomenal at removing any problems that could possibly harm people as long as it doesn’t interfere with their business model. Anyway, what about the platforms where these folks are promoting themselves and getting work? Can they do anything to vet these requests? Obviously they’re using VPNs so it doesn’t say where they are, but what can be done?

[00:29:50] Amanda Gerut: The platforms are all over this. Upwork is all over this. They are booting personas, because it’s one person with 10 different personas, so they are booting personas all the time. It’s tough to get them to tell me actual numbers, but LinkedIn is always booting fake accounts. They are all on top of it. They declined to comment when I asked about law enforcement, but law enforcement is out there talking about this, the FBI is all over this. Like I told you, the American election campaign website, the contractor who subcontracted, he gets booted. Right now, the scam itself has evolved because people are talking about North Korean IT workers. So these guys still are under this brutal regime, and they have to make money, so they’ve evolved. So what they’re doing right now is pretending to be licensed architects, licensed HVAC workers, and they are going online and stealing municipalities’ planning zone commission seals of approval, and they’re selling plans. I was told by one of my DPRK sources that a restaurant in Chino bought these remodel plans and remodeled their outdoor patio. So I have not been able to figure out which restaurant it is, but that’s the next part of the scheme is posing as these licensed HVAC guys, doing work on your house. So you have to just be extremely careful all the time that everyone that you’re working with is legit.

[00:31:47] Beau Friedlander: Now, this could extend to brick-and-mortar businesses as well then. If we’re going there, why not everywhere? It seems to me like you’re describing a nation-state that doesn’t have a great GDP on its own and therefor its main export is cybercrime.

[00:32:07] Amanda Gerut: Precisely. I don’t know what the question is, but yeah, it definitely extends to brick-and-mortar. If it’s possible to scam it, it’s being scammed. North Korea’s main export right now is cybercrime. They have weaponized remote work and they are using it to fund Kim Jong-un’s nuclear ambitions.

[00:32:31] Beau Friedlander: Well, not to put too fine a point on it. That’s terrifying.

[00:32:37] Amanda Gerut: I mean, yeah. Nigeria has the romance scams, North Korea has the IT work scam.

[00:32:48] Beau Friedlander: I only discovered the Georgia indictment after I read your article. And I only discovered it because it was linked in your article about this problem. So from where I’m sitting, public awareness has not caught up to the scale of this threat. Do you think that we are up to speed, or are we really just in the thick of it now?

[00:33:11] Amanda Gerut: I mean, I think that public awareness is catching on, and I think that the conversation about AI deepfakes will definitely advance the ball in terms of identity verification because people are freaked out about deepfakes and having people using your…or Marco Rubio’s face and Marco Rubio’s voice, and this North Korean IT worker scam, AI has catapulted it to a new level. North Korea actually announced plans to further develop their AI capability recently which was publicized by DTechs, so I think that really sort of helps awareness about the North Korean IT worker scam, and I think that the biggest companies, the Fortune 500 companies are very aware of this and cybersecurity experts and teams are really great about sharing information with each other on this issue. So they’ve shared the VPNs that are being used, so they’re having to use a new VPN, so it’s just like if there’s a lot of information, I think there’s a lot of talk about identity verification. And I mean, in my mind I think that the freelance platforms are doing their job. I think that companies are doing their jobs. I think that the Big AI, they should be aware of who is using their tools. I think that that to me, and it’s not like I haven’t reached out and asked, how do you verify who’s using your tools? I think that that’s the piece that’s really missing.

[00:34:45] Beau Friedlander: Any final words of advice to enterprise folks who want to not be a part of the North Korean nuclear program?

[00:34:52] Amanda Gerut: I think just be on your toes. Be aware. Cameras on. Sometimes people have a bad day, you know, whatever, but sometimes they need to turn our camera on and you need to be able to tell if it’s day time or night time. And ask. If somebody says that they’re from Canada, ask when’s Canada Day. That’s something that someone from Canada should know.

[00:35:14] Beau Friedlander: Absolutely, and I am that guy on Slack who has the video on in huddle. I think that that’s…it’s camera on anyway. We want to see your smiling face, and if you’re working, where’s the I in thou? Come on, you know? We need you there. We need you. So Amanda Gerut, can’t wait to read your next big story. Until then, thanks for being on What the Hack.

---

Tinfoil Swan: Staying Safe as a Freelancer

[00:35:45] Beau Friedlander: And now it’s time for the Tinfoil Swan, your paranoid takeaway to keep you safe on and offline. Obviously this week we’re gonna talk about being a freelancer, because this is terrifying, and how you can stay safe and not have your identity used for a crime, also known as criminal identity theft. First, vet your clients thoroughly. Legitimate clients on any platform you happen to use, they’re going to have a solid profile, reviews, and some sort of history. You’re going to want to watch out for inconsistencies, you certainly want to be careful about brand new accounts that don’t have any activity, and another red flag might be that they try to pull you into Telegram or WhatsApp. So just use the very best version of common sense that you have available to you and then add some paranoia. Second, Google yourself. It might sound odd, but knowing your own digital footprint helps you see when knew information is out there, one, and two, what a potential scammer might find. Finally, requests for proposal are easy to knock out, right? But be careful, because you might be going fast and you might not be looking, and this is not a move-fast-and-break-things kind of situation. You want to go slow and be careful. Always go slow. It’s your best friend when it comes to not being scammed. Pause. Think, “Is this for real?” Is this what I think it is? And repeat. Use the platform’s security features. Upwork, Fiverr, and sites like that, they have reporting mechanisms. If you spot a suspicious job or a potential client, report them. If you’re just not sure, report them, and you may find that they can give you information. They can say, “Yep,” they can flag it as a scam. The bottom line is you need to be extremely careful out there, because there are people stealing identities to use them in aid of other kinds of crime or online shenanigans that you want nothing to do with. The world of online freelancing is great. It offers great opportunities, but you need to stay vigilant and ask critical questions. Always prioritize your digital safety over a potential job. And that’s our Tinfoil Swan. See you next week. What the Hack is brought to you by DeleteMe. DeleteMe makes it quick, easy, and safe to remove your personal data online and was recently named the number one pick by New York Times Wirecutter for personal information removal. You can learn more if you go to joindeleteme.com/wth. Stay safe out there.

Learn More:

• Learn whether the business you’re dealing with is a scam
• Learn how to keep your information safe so you can be a tougher target for scammers
• Read up on how the North Korean IT Worker scam functions.