Key Takeaways:
- A North Korean imposter was discovered working as a sysadmin at Amazon U.S. due to suspicious keystroke input lag.
- Amazon has foiled over 1,800 DPRK infiltration attempts since April 2024, with a 27% quarterly increase in attempts.
- The company’s proactive approach to security and use of good-quality software were key to detecting the imposter.
- The incident highlights the ongoing problem of North Koreans infiltrating U.S. corporations for profit, mischief, and espionage.
- The use of American idioms and English-language articles can be a giveaway when conversing with impostors.
Introduction to the Incident
A recent incident at Amazon U.S. has brought to light the ongoing problem of North Korean impostors infiltrating U.S. corporations. A sysadmin at the company was discovered to be a North Korean imposter, and the discovery was made due to suspicious keystroke input lag. Normally, a U.S.-based remote worker’s computer would send keystroke data within tens of milliseconds, but this individual’s keyboard lag was significantly higher, at over 110 milliseconds. This discrepancy raised suspicions among security specialists at Amazon, who launched an investigation into the matter.
Amazon’s Proactive Approach to Security
Amazon’s Chief Security Officer, Stephen Schmidt, has commended the company’s proactive approach to security, which has allowed it to detect and foil numerous infiltration attempts by North Korean impostors. Since April 2024, Amazon has detected and prevented over 1,800 such attempts, with a 27% quarterly increase in attempts. Schmidt emphasizes that the company’s success in detecting these impostors is due to its proactive approach, stating that "if we hadn’t been looking for the DPRK workers, we would not have found them." This approach includes the use of good-quality security software, which was instrumental in detecting the suspicious activity.
The Investigation and Detection
The investigation into the suspicious sysadmin began when the individual’s laptop, which was located in Arizona, was flagged for unusual behavior. Amazon security experts took a closer look at the laptop and determined that it was being remotely controlled, causing the extra keystroke input lag. Further investigation revealed that the laptop had been accessed by a North Korean imposter, and a woman who had facilitated the fraud on behalf of the imposter was sentenced to several years in prison earlier this year. The use of American idioms and English-language articles was also a giveaway when conversing with the imposter, highlighting the importance of language and cultural awareness in detecting such impostors.
The Broader Problem of Infiltration
The incident highlights the broader problem of North Koreans infiltrating U.S. corporations for profit, mischief, and espionage. The problem is likely more extensive than what has been detected, with the FBI recently seizing equipment in related cases. Other hostile nations, such as Iran, Russia, and China, are also likely to be involved in similar activities. The incident serves as a reminder of the importance of proactive security measures and the need for companies to be vigilant in detecting and preventing such infiltration attempts.
Conclusion and Recommendations
In conclusion, the incident at Amazon U.S. highlights the importance of proactive security measures in detecting and preventing infiltration attempts by North Korean impostors. The use of good-quality security software and language and cultural awareness are key to detecting such impostors. Companies must be vigilant and proactive in their approach to security, and the incident serves as a reminder of the ongoing problem of North Koreans infiltrating U.S. corporations. As the problem continues to evolve, it is essential for companies to stay ahead of the threat and to prioritize security and vigilance in their operations.