Amazon has blocked over 1,800 job applications from suspected operatives of North Korea, according to the company’s chief security officer, Stephen Schmidt. This action arises amid heightened concerns regarding cyber scams linked to the North Korean regime, officially known as the Democratic People’s Republic of Korea (DPRK). Schmidt detailed these efforts in a LinkedIn post on August 30, 2024, explaining that the primary aim of these operatives is to gain employment, receive salaries, and divert funds back to support the regime’s weapons programs.
Schmidt noted that many of these applicants resort to using fake or stolen identities in their pursuit of remote IT jobs not only in the U.S. but globally. The company’s enhanced screening measures, which include an AI-powered application system along with manual checks, have revealed a 27% increase in applications affiliated with DPRK from the previous quarter.
Uncovering Laptop Farms and Fraudulent Operations
One of the tactics employed by these operatives involves the use of “laptop farms.” These setups, while physically located within the U.S., are managed remotely from North Korea, allowing agents to obscure their true locations. In June, the Department of Justice (DOJ) disclosed the discovery of 29 illegal laptop farms across the country, which were instrumental in providing North Korean IT workers access to U.S. companies’ resources.
Assistant Attorney General John A. Eisenberg emphasized the implications of such schemes, stating, “These operations target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs.” Following this, in July, a woman from Arizona received a sentence of over eight years in prison for facilitating a laptop farm that enabled North Korean IT workers to secure remote positions with more than 300 U.S. companies. The scheme reportedly generated over $17 million in illicit revenue for both her and the North Korean regime.
Schmidt elaborated on other fraudulent strategies that are likely proliferating throughout the industry. Notably, identity theft tactics have evolved, with some individuals impersonating legitimate software engineers and hijacking active LinkedIn profiles of professionals. “We’ve identified networks where people hand over access to their accounts in exchange for payment,” Schmidt stated. He urged employers to remain vigilant for common indicators of fraud, such as improperly formatted phone numbers and inconsistent educational histories.
International Collaboration Against North Korean Threats
In response to the increasing threat posed by North Korean operatives, the U.S., Japan, and South Korea convened a joint forum in Tokyo in August 2024. The three nations issued a joint statement addressing the serious risks associated with hiring, supporting, or outsourcing work to North Korean IT workers, which can lead to theft of intellectual property, data, and funds, as well as significant reputational and legal repercussions.
As one of the world’s largest employers, Amazon recognizes its unique position in combating large-scale cyber threats. Schmidt asserted that the company’s extensive experience provides valuable insights into the evolution of these fraudulent operations, underscoring their responsibility to share findings to help safeguard against such infiltrations.
