Amazon has stopped more than 1,800 suspected North Korean operatives from joining the company since April 2024, according to the tech giant’s chief security officer, Stephen Schmidt.
A Growing Threat on the Hiring Front
In a LinkedIn post on Friday, Schmidt explained that the primary goal of these applicants is “to get hired, get paid, and funnel wages back to fund the regime’s weapons programs.” He added that candidates use fake or stolen identities to pursue remote IT jobs in the U.S. and worldwide.
Numbers That Show an Escalating Trend
Schmidt noted that Amazon’s AI-powered application screening system, combined with manual verification by staff, has identified a 27% increase in DPRK-affiliated applications quarter over quarter this year. The company has blocked more than 1,800 suspected DPRK operatives from joining since April 2024.
The Laptop Farm Connection
The fraud is often carried out through so-called “laptop farms”-computers physically based in the U.S. but operated remotely from abroad. In June, the Department of Justice uncovered 29 illegal laptop farms across the U.S. that were being used by North Korean IT workers. Those cases involved U.S.-based individuals who created fraudulent companies and “hosted laptop farms,” giving North Korean agents remote access into U.S. victim company-provided laptop computers, the DOJ said in a news release.
Assistant Attorney General John A. Eisenberg of the Department’s National Security Division was quoted in the release as saying, “These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs.”
Consequences for Those Involved
A woman from Arizona was sentenced to more than eight years in prison the following month for running a laptop farm that helped North Korean IT workers secure remote jobs at over 300 U.S. companies. The scheme generated more than $17 million in illicit revenue for her and Pyongyang, the DOJ said in a statement at the time.
Other Tactics and Red Flags
Schmidt warned that fraudulent workers employ a variety of strategies, many of which operate at scale across the industry. Identity theft, elaborate LinkedIn impersonation, and hijacking of active professionals’ profiles are among the tactics used. He added, “We’ve also identified networks where people hand over access to their accounts in exchange for payment.”
He cautioned employers to look for common signs of fraud, including incorrectly formatted phone numbers and inconsistent education histories. “Small details give them away,” he said.
International Cooperation
In August, the U.S., Japan, and South Korea held a joint forum in Tokyo to improve collaboration against the growing threat of North Korean operatives posing as IT workers. In a joint statement, the three countries said that “hiring, supporting, or outsourcing work to North Korean IT workers increasingly poses serious risks, ranging from theft of intellectual property, data, and funds to reputational harm and legal consequences.”
A New Partnership
In a separate development, Amazon and Grubhub announced a partnership that allows Amazon Prime members to enjoy a free, one-year trial of Grubhub+.
Key Takeaways
- Amazon’s AI screening and manual checks have blocked over 1,800 suspected North Korean job applicants since April 2024.
- A 27% quarterly rise in DPRK-affiliated applications highlights a growing threat.
- DOJ investigations revealed 29 illegal laptop farms used by North Korean IT workers, with one Arizona woman sentenced and $17 million illicit revenue generated.
Amazon’s experience with large-scale cyber threats gives it unique visibility into how these operations evolve, the company said, underscoring its responsibility to share what it’s learning with the broader hiring community.
