from MicroWave@lemmy.world to world@lemmy.world on 18 Dec 21:45
https://lemmy.world/post/40396100
A North Korean imposter was uncovered, working as a sysadmin at Amazon U.S., after their keystroke input lag raised suspicions with security specialists at the online retail giant. Normally, a U.S.-based remote worker’s computer would send keystroke data within tens of milliseconds. This suspicious individual’s keyboard lag was “more than 110 milliseconds,” reports Bloomberg.
Amazon is commendably proactive in its pursuit of impostors, according to the source report. The news site talked with Amazon’s Chief Security Officer, Stephen Schmidt, about this fascinating new case of North Koreans trying to infiltrate U.S. organizations to raise hard currency for the Democratic People’s Republic of Korea (DPRK), and sometimes indulge in espionage and/or sabotage.
#world
threaded - newest
Isn’t this an example of them taking it pretty seriously?
Right? I never heard of tracking employee’s keystroke latency before. Pretty genius.
How do they even?? They can’t know the difference in time between the humans key input and the computer’s receipt of it, since they can’t possibly know the exact millisecond the human input was made…?
The reported article really sounds like a misreading of a more technical document
Hopefully someone can share the original paywalled Bloomberg article, maybe it goes into more detail
Reader mode worked for me: bloomberg.com/…/amazon-caught-north-korean-it-wor…
But if you need the archive link: archive.ph/p4AcP
If you’re on an ssh connection to a server, they can probably track the keystroke latency and average out over time. All network packets have timestamps, so you can know the latency of each one. If it’s consistently high, that’s unlikely to be a fluke or temporary network slowness.
But apparently they remotely used a laptop located in the US, so from there it should’ve been fine, no? Unless it was simply used as a proxy.
Tcp/ip packets don’t have timestamps. They wouldn’t be reliable even if they did. And they certainly wouldn’t be “millisecond accurate”.
Average response from entering a line and starting the next. There’s a delay while the information is sent, and before they start typing the next line.
Vdi tracks round trip latency but 100ms isn’t that far.
I bet they didn’t use keystroke latency but that’s what they said they used. They probably used drone reconnaissance.
They had the drone follow the fibre cable all the way to NK
Yeah 100ms is like coast-to-coast US
Light in fiberoptic travels at about 0.66c, or about 124,000 mi/sec. Data on copper actually has an advantage here, travelling at 0.99c, but it’s not sustainable for long distance.
100ms being 1/10th of a second would be 12,400 miles.
The earth is about 24,000 miles at the equator.
At most, 100ms one-diredtional would be literally halfway around the world.
Of course, I have 60ms packet latency to my office 45 miles away as the crow flies. So maybe packet latency isn’t the best way to tell.
Cool.
It’s actually common for micromanaging to have software that tracks this. I believe Microsoft Teams has something similar managers can use to track “productivity”. Someone probably just compiled all of it and clicked sort, then saw some Asian name at the top and that’s what raised the red flag.
I’m never quite sure how to feel about this. On one hand, if the person just wants to make some money and they’re doing the job, why bother them. On the other hand though, I know that anybody who has consistent access to an internet connection in North Korea is almost certainly working for the benefit of the great leader and they aren’t actually seeing any money or benefit for themselves. I just hate that the citizens of North Korea have to suffer and be punished because of their asswipe of a leader.
When you look at the ISS pics of NK during the night, you get a sense of how bad it is for most of the population.
<img alt="NK at night from ISS" src="https://sh.itjust.works/pictrs/image/ce05c09c-6dc0-4e5d-be1f-b578bebaefac.jpeg">
www.38north.org/…/a-fresh-look-at-north-korea-at-…
Maybe they just really like the Dark Sky initiative.
An entire country of astronomy nerds sounds like a tourist destination to me!
Always curious to hear how NK has no electricity, but they manage to hack the systems of a trillion dollar conglomerate on the opposite side of the Pacific Ocean.
The contradictions abound.
Do you seriously not realize that the corrupt dictatorial government might have a bit more quality of life things and resources than the oppressed peasant class?
I think maybe they’re just better about not pointing their lights upward at night
You believe that North Korea actually is electrified but they just avoid light pollution? They are among the least electrified countries in the world.
The ironic part is that they’re the only country of the world with a drawing of an hydroelectric plant on their emblem
Wait, are we talking about Korea or Amazon?
I like how they point out that tiny batch of lights near the coast are NK fishing boats while all the other massive clusters of lights on the ocean are South Korean, Chinese and Japanese fishing boats illegally using spotlights to attract fish.
It kind of amazes me they don’t have better infrastructure. It’s not like they’re shy about forced labor.
You can only do so much with forced labour. They aren’t doing their best, just “enough” to not get punished.
I’m sure plenty of them also use malicious compliance and sabotage stuff to get back at the top brass.
There’s a certain irony in this statement, coming from folks who consume it regularly.
seeing the stars instead of light pollution doesn’t sound like a bad thing on its own
They’re also a security threat. Any opportunity to exfiltrate potentially profitable or leverageable data will be taken. I’d bet they’re used to sniff out vulnerabilities for ransomware attacks too. I definitley identify and agree with the healthy sympathy (I guess empathy if you’re in the states, our leader more than qualifies as an asswipe) for the citizens of North Korea
But thats good, the USA is carrying out genocide in Palestine and is about to invade Venezuela. And Amazon is no saint either.
The US is enabling and providing political cover for the Palestinian genocide, Israel is carrying it out. I don’t think an invasion of Venezuela is imminent, just the same kind of underhanded manipulation and isolation that has been done to Cuba for the past half century. Agreed Amazon sucks.
None of that changes the fact that only thing that these North Korean tech workers do is help Kim fund his military projects and his Bourgeoisie lifestyle
…and economic support, and military support defending their coastlines and boats, and military support defending them from Iran, and most of the weapons used on Palestinians are of US origin.
Then you’ll be probably horrified to learn that US+EU economic sanction have murdered half a million people per year since 1971 per the latest academic health research estimates. This is more death than the deaths from war since 1971 on average.
I’m aware of all that about Gaza. No excuses from me, I find it horrifying and shameful. Same as far as sanctions go (I do agree with the Russia ones where it’s a tool to get an actual war to end, or sanctions against individuals in certain contexts). I agree with you on the last point too, it’s just that Jeff doesn’t style himself as a hero of the Proletariat. I dunno who’s responsible for more human suffering between the two, but the hypocrisy does piss me off. They can both get fucked as far as I’m concerned.
Good, at least we agree that sanctions against Cuba and Venezuela are horrifying and they murder hundreds of thousands.
My main problem with the big criticism against North Korea is how little we actually know of the country, the level of corruption, and the actual reasons why the people there have a low material standard of living.
North Korea is a reclusive and inwards country not because of a personal idea of the Kim family, but because of its recent history. In the 1950s, North Korea was bombed by the USA with an unimaginable amount of explosives, in one of the most violent and extensive bombing campaigns in human history, to the point that [85% of all buildings in the country were destroyed] (en.wikipedia.org/wiki/Bombing_of_North_Korea?wpro…), and hundreds of thousands if not millions died violent deaths (without counting starvation and disease from the destruction of all infrastructure). The country was quite literally bombed into the stone age.
After being utterly destroyed, when the Korean War froze, North Korea was subjected to an almost complete economic embargo by all nations except the eastern block, so it could rely only in the USSR for trade. As a country without much in the way of arable lands (mountainous and cold) or natural resources (its only reliable energy sources are coal and hydro), it was forced by external forces to adopt its current policy of Juche.
When in 1990 the USSR was dissolved, North Korea, much like Cuba, saw itself entirely isolated from the world, unable to trade with any partner due to the immense economic sanctions it was subjected to for the cardinal sin of being communist. This caused a massive rise in poverty in the country, problems with energy generation, food supplies…
Maybe if North Korea had been allowed to freely trade in the international market to exploit its advantages and cover its disadvantages, it would have thrived much more than it has, and it wouldn’t rely so much on state power to secure its own ideological thesis without external interference. Most of what we read about North Korea is false anyway, stuff like the “intergenerational gulags” is literally made up much like the Iraq WMDs.
My point is: the west is entirely responsible for the current state of North Korea, from the entire destruction of the country to its isolation in the international economic sphere. Criticizing from our high point of view the people that have been subjected to millions of deaths from our actions isn’t exactly the most honest thing to do, especially when it’s done using false stuff like the intergenerational prisons I mentioned. North Korea has a lot of problems, no doubt, but the way to solve these problems is to let them flourish and develop by themselves, not to further continue murdering millions of them through economic sanctions.
These people are definitely not there just to make some money. And whatever money they make will be used to prop up the genocidal regime.
Are you talking about the USA Amazon workers propping up the USA genocidal regime, as seen in Palestine? Because, AFAIK, there’s no genocide going on as a consequence of North Korea. Care to elaborate?
I’d say locking up a substantial part of your population, including their families in murderous gulags amounts to genocide. Oh, and did anybody say Arduous March?
US has highest prison population in the world, 1 in 5 black men go through the prison system. Is that genocide?
This is fox news propaganda, similar level to “weapons of mass destruction in Iraq”
Gulags are just prisons. GULAG is the acronym of the penitentiary system of the USSR.
North Korea intentionally does this to get revenue for the state.
Eh, this doesn’t sound like the job you would give someone in a prison camp. You’re talking about people that you’re allowing to interact and work regularly with foreigners outside the country. That does not sound like the type of position you trust to a political prisoner. That sounds like a position you put someone of high trust. It’s probably a pretty cushy job as the standards of North Korea go. Sure beats scratching at dirt or working in some godawful arms factory. It’s probably the type of job you need some good family connections in the Party in order to get. Sure, the government takes all the direct monetary benefit of the work, but that is just kindof how Communist systems work. I imagine the people working those jobs have some of the highest standards of living available to people that aren’t senior party leadership.
Then you surely condemn the global sanctions on North Korean economy? Especially given the recent study showing how US+EU sanctions murder half a million people yearly since over 50 years ago.
North Korea is the result of a genocide carried out by Japan during WW2 and the subsequent genocidal bombing campaign of the US during the Korean war. It was then shut off from the rest of the world as a punishment for successfully resisting US and pro Japanese occupation. What type of leadership and society do we expect to grow out of that? Like, honestly, what type of freedom can be given to people when a country is being cut off from the rest of the world by a large military superpower like the US?
I think people have learned a lot in recent years by looking at Gaza and the conditions the US and Israel have placed on the Palestinians there. I think people understand that Hamas and it’s leadership are the inevitable result of that type of occupation. I hope people can learn from that and realize that there is not something inferior with a place like North Korea. It’s structures of isolation and state control are the inevitable result of the history and current material conditions it faces.
There is a reason that support for Palestine liberation is nearly 100% among the non western world. Because they all see themselves in the Palestinians.
Do I like the leadership of North Korea? No. Do I like the leadership of Hamas? No. But I understand that they won’t change until the threat and oppression of outside powers is stopped.
The west fucks with so many countries and then uses the current instability that the west caused as a reason for why they need to fuck with them more. Venezuela being the latest iteration.
Are you the North Korean Amazon employee? Anyway, North Korea is a CCP vassal state, you invaded South Korea and isolated yourselves.
Given that you seem to know a lot about Korean history. Do you think the Jeju Massacre was justified?
Like, we learn about the Boston Massacre and cheer on American revolutionaries. But for some reason a militant response to an oppressive state filled with Japanese loyalist is considered bad when Koreans do it.
South Korea’s history is largely that of state oppression and a fascist dictatorship. What in your opinion was the reason the North attacked the South? Do you think events unfolded before that? Or did the North just attack because they wanted to prevent kpop?
Full support from China to return the entire Korean peninsula under their control as a vassal state.
This is not some kind of facewashing?
No
What is facewashing?
When you lick your paw and then you rub it on your face.
You should try it sometime.
Oh, I’ve seen our sysadmins do that …
It is about the only way we have enough time to wash ourselves.
I guess this is inevitable at huge companies. Nobody cares about the actual person you’re hiring, it’s just another position to fill. Of course there will be fakes of all kinds.
It’s not that, it’s that they are incredibly sophisticated in their techniques. I just had to sit through 90 minutes of training about how to spot fake applicants.
I don’t get why companies can’t solve this problem entirely by just flying out applicants for in-person interviews towards the end of the hiring process. Or hell, maybe only even ask the candidate to fly out for a visit after they’ve already accepted the job offer. Just one minimal and relatively cheap step to confirm the remote worker you’re hiring is who they claim to be. For the cost of a flight, a night or two in a hotel, and some meal vouchers, you can verify someone’s identity. Sure, maybe not for freelance work. But for any well paid technical field? This is a trivial expense.
I wonder how much it would cost to hire an actor for that. You know they would find ways around them.
I feel this can be bypassed the same way remote interviews have been passed, you have a talented dude A actually trained to pass whatever verification is needed, and whenever there’s privacy, it switches to dude B, while dude A moves to another recruitment process. I think I have heard about this kind of dude A offering his services online for anyone ready to pay.
Anyone else has never seen the face of one of their full remote colleague? I have one in my team, he does a good job though, however many they may be behind him.
It not practical at a remote first company to fly people out to where we happen to have offices when they could be working from anywhere.
It’s cheap-ish for a flight, but at scale, the starts to become an expensive hiring pipeline.
So what did you learn?
Yeah capitalism says: but cheaper worker ok
It’s more a list of warnings signs.
There’s more than that, but those are the highlights.
How am I the first person to ask why they’re measuring the latency on everyone’s keystrokes?
Given they’ve had 1800 recent infiltration attempts, I understand their suspicion.
<img alt="" src="https://lemmy.ml/pictrs/image/7f2b9529-8451-47d2-9250-79fa9b5b5b0b.png">
the amazon workers DOESN’T deserve to get pushed around by jeff bezos - the best way to remedy this is by educating these workers on socialism and organizing, and give them the tools they need to collectivize the warehouse. seriously!
Literally, catching North Koreans might have been the idea. It’s become a big issue.
Probably one of the less shocking things they track.
Sounds much better than “Amazon surveils keystrokes of its IT workers”!
This was also my takeaway. Sounds like a security nightmare if they are logging any data.
Normal ass websites will monitor user inputs to do things like profile users. I’m pretty sure those “click to show youre not a robot” captchas actually capture how your mouse moves to the box, for example. It’s not that crazy honestly.
If you use a company-provided computer for work, then it’s safe to assume they’re already doing that.
The problem is that you don’t want to record important information like passwords so if they did log them, it’s another possible vector of loss. I e if someone got into that copy of the data
That’s a valid point.
Well it isn’t paranoia if North Korean impostors really are working in your company.
Yeah, hate it all you want. But risk scales with the amount of employees you have. At the scale of Amazon you have to do literally everything to minimise risk.
North Korea got better ping than mine ahahaha…
Looking at my 300ms ping with 1500ms jitter…
(Yes, I counted the zeros)
weasel language. the “infiltrators” are literally working a job for them.
Correct. The hostile actor gained employment with their victim, a common method of infiltration. You should look up the definition of infiltration.
working a job is not infiltration.
It kinda is, its practically a requirement for a lot of corporate espionage and a lot of spies have entire lives alongside their spy duties. Also fun joke I’ve heard about Vladivostok during the Cold war, “There were surprisingly only a handful of people in that city, American spies, Soviet counter intelligence, smugglers, cargo movers, and baristas who ignored the whole mess” heard that from an ex-CIA guy who was doing a talk at a spy exhibit back when I was a kid.
so? does working a job == espionage because it’s north korea? i don’t think they have ever gone at war or any kind of open conflict with western countries at all recently excluding the thing with south korea and the us not liking their existence…?
why are their workers totally all spies as opposed to say, chinese ones, which might even have a stronger interest in keeping an eye on the west? you don’t seem to have much issue with them.
as i said to me, it sounds like weasel language to smear this specific country for trying to get around the sanctions imposed on them.
The Norks have quite literally done data breaches and major hacks via this exact method in the past. They basically have nothing to lose on the international level so they do this and then trade it to countries like China or Russia for whatever it is they want. If they didn’t have a documented history of doing shit like that nobody would assume espionage.
If they didn’t have a known tendency towards weird espionage shit going back to the 50 and 60s nobody would care, but they do have a known tendency towards doing weird espionage shit.
and the chinese has been stealing back tech from you for decades this exact way, but you don’t mind them working for you.
maybe if they weren’t santioned from hell and back.
It can be if that’s the purpose. But considering it’s NK it is almost certainly a government attempt to infiltrate.
But considering youre from .ml I doubt you’ll ever acknowledge lol
By itself no, but employment absolutely is compatible with infiltration. In fact, it doesn’t even have to be a foreign-state actor, or even a witting party (e.g. clicking on stuff in spam mail). See: insider threat, and data exfiltration.
Yeah, and its curious to see you getting downvotes for the intra-departmental outsourcing that’s been rampant through the tech sector for a while now.
What we’ve got isn’t some nefarious plot by the Chinese-Adjacent to invade our precious trillion dollar tech industry. Its the deliberate consequence of sanctioning a country to the hilt to devalue local labor, then exploiting the sanctioned locals to extract labor at below market rate.
I don’t like Amazon but I will admit here I got to respect both the fact that they disclosed this instead of hid it and the fact that they are actively looking for this instead of burying their heads in the sand.
Oooor it’s corporate propagande about their totalitarian surveillance system.
¿Por que no los dos?
I wonder how many they’ve missed over the years, this kind of thing has been occuring since at least 2012.
Reminded me of the ‘critical infrastructure company’ (I presume utility) software developer who handed all his credentials over to a worker in China, including mailing them his RSA keyfob, and wasn’t discovered for months until the company security team noticed VPN logins coming from China.
arstechnica.com/…/worlds-most-industrious-lazy-ma…
Apparently it’s become even easier for malicious remote workers to fake resumes and identities to gain jobs via AI, so I hope all major companies are monitoring their remote access very closely.
au.pcmag.com/…/security-firm-discovers-remote-wor…
On one side I feel like “cool, they managed to find a spy on this sophisticated way”
On the other side I’m thinking what kind of intrusive keylogging malware did they install on all their employees laptops…
This article is just building justification for spying on your employees
Way too fucking much.
I mean, if it’s a company-owned laptop, they can do whatever the fuck they want with it. I bring a personal laptop to work for browsing and YouTube and whatnot, attached to a VPN.