Bobbie Johnson
Appearances
Today, Explained
My colleague, the scammer
They're sent overseas to live in a nondescript apartment, and it's pretty much a 24-7 existence. They work there, they eat there, they sleep there. They are only allowed to leave in groups to make sure that nobody runs away. And they get paid by the government, and sometimes pretty well. But the regime also makes it clear that
Today, Explained
My colleague, the scammer
your family back in South Korea is under extra surveillance to try and dissuade people from trying to escape. But these teams are typically relatively low level. North Korea does also run very high level hacking teams. And this kind of work is maybe a stepping stone towards that, but it's kind of where folks are paying their dues.
Today, Explained
My colleague, the scammer
Yes, so Kim Jong-un is a really interesting and strange leader. I mean, we all know kind of how he's behaved when he appears in public and the kind of things that North Korea has been doing with its weapons programme and threats against other countries.
Today, Explained
My colleague, the scammer
But unlike his father, who was very kind of anti-technology and pretty old school, Kim Jong-un was actually educated in Switzerland under a pseudonym. He was kind of sent to school there and he had access to Western culture and Western technology. And when he took over in the 2010s as supreme leader, he really switched things around.
Today, Explained
My colleague, the scammer
So North Korea went from a country that basically had like one pipeline to connect to the internet for years and years and years,
Today, Explained
My colleague, the scammer
to a country that saw that maybe its only options or some of its options involved getting really good at technology and so he has encouraged and put more money and effort into funding computer science programs and technology literacy in North Korean schools and that's bubbled up through various universities and colleges that
Today, Explained
My colleague, the scammer
sort of develop people's skills and teach them things you know they don't just teach them coding or how to use computers they teach them how to hack and how to cover their tracks and all of this stuff and so you get these young men particularly coming out of college in north korea who have been trained for the last few years to really be operatives you know to be pop make it possible for them to do this stuff
Today, Explained
My colleague, the scammer
and it's paying dividends for North Korea you know for such a small country and one that doesn't have like a big technology industry they are they punch way above their weight in terms of this stuff and so there's a lot of cryptocurrency theft going on earlier this year a couple of months ago a crypto exchange in Dubai got hacked and $1.5 billion got stolen, and that was by North Korean hackers.
Today, Explained
My colleague, the scammer
So these guys have realized that this is a very lucrative way with very low cost to them. Really, it's just a computer and some training to get out there and cause havoc and fund the country that has no other way of making money.
Today, Explained
My colleague, the scammer
you know, typically a team of pretenders might earn, you know, several million dollars a year through the different jobs that they're running. And I've seen lots of estimates wild all over the place, but the minimum is kind of around $3 million a year. Now this is like, that's a lot of money, but it's not, you know, that's not a huge amount, but yeah, obviously the way North Korea operates,
Today, Explained
My colleague, the scammer
They're taking nearly all of that as profit, right? And it's going straight back into military programs. It's going straight back into Kim Jong-un's slush fund. It's going back into the country. And there are many of these groups running different scams.
Today, Explained
My colleague, the scammer
Scale-wise, you know, there's been a lot of activity in the U.S., but folks I spoke to are saying that they're seeing a real expansion of activity in Europe, in Japan and elsewhere. So this has now become a very lucrative scheme across the board for the North Koreans.
Today, Explained
My colleague, the scammer
Yeah, this is really the tough thing in these cases because if you're smart enough to spot it before it happens to you, kind of no crime has been really enacted upon you or something that's not going to lead to a prosecution.
Today, Explained
My colleague, the scammer
And so one evening, I bumped into this young entrepreneur called Simon Weikmans at an event in San Francisco. And I shared with him what I'd heard about and asked if he'd heard about anything. And he said, well, you'll never guess what happened to me recently.
Today, Explained
My colleague, the scammer
But in any case, it's really hard to prosecute these cases because for the most part, the worst offenders are based in a country that the American courts can't extradite from. So we're not going to pull someone out of China or Russia. So that means the cases generally focus on the stolen identities and the accomplices.
Today, Explained
My colleague, the scammer
The real problem underneath all of this is that the political or economic solutions that you think would be possible just aren't really effective, right? You can't enact sanctions against North Korea for this because The sanctions already enacted against North Korea are so punitive.
Today, Explained
My colleague, the scammer
One of the reasons that these guys are doing this in the first place is because legal trade is basically zero because the country is being punished rightly for its rogue nuclear weapons program. So for now, from the industry and law enforcement folks I spoke to, your best remedy is to try and be aware of it and prevent it. happening to you. And that's tough.
Today, Explained
My colleague, the scammer
And it's a big leap to go from saying, you know, there's something fishy going on with this applicant to, I believe this applicant may be working for the North Korean government. That's like, that's a wild jump to make. But at least if you're looking for things, looking for those red flags, or kind of looking for that circumstantial evidence, then you can protect yourself from from being a victim.
Today, Explained
My colleague, the scammer
That I think is the most fascinating question in all of this. There are sort of two threads that I would pull here. One is that once they can get access, they're stepping stones, right? They're just trying to do a job and earn money. But what if somebody else can use the same techniques and be more aggressive in their attacks?
Today, Explained
My colleague, the scammer
If you get hired, let's say you get hired inside a government defense contractor, can you access intellectual property or state secrets or something like that? The espionage potential is high and the kind of aggressive attacks on people companies could get a lot worse. And then I think the second thread is just that it dramatically undermines trust in everything, right?
Today, Explained
My colleague, the scammer
It turned out that Simon runs a web security company, and he'd been interviewing people for a software engineering job, a remote software engineering job, so people not based near HQ. And In interviewing, he'd seen a bunch of deeply suspicious activity. You know, he was worried that people were trying to fraudulently get jobs or something.
Today, Explained
My colleague, the scammer
We already see deep fakes, we already see misinformation, we already see all kinds of ways of of making you not believe the things that you see. And if you can't even believe... Sorry, my computer screen just disappeared. I think it went on screensaver. I'm going to pick that one up again.
Today, Explained
My colleague, the scammer
Yeah, I do get paranoid about these things sometimes now. Yeah, I think there is this fundamental problem of eroding trust that you can't believe what your eyes are seeing. You know, we see deep fakes happening all the time, we see misinformation, we see all these systems working to kind of separate you from reality and try and get you to second guess everything that you see. And that's important.
Today, Explained
My colleague, the scammer
You know, you don't want to fall for tricks, but the more prevalent they become, the more difficult it is to know what's real and what's not. And so if you are stuck in a position where you can't be 100% sure that the person on your company team phone call or Zoom call who doesn't like to put their camera on and doesn't talk very often, but they do their job.
Today, Explained
My colleague, the scammer
If you start to believe that that person could be an operative of a foreign country, then you're getting really into some wild places in your thought process. And I think that undermining of reality is kind of the biggest existential problem here. And it's one, I don't know that there's a way to solve it, but we can all see how dangerous it can be to separate you from the truth.
Today, Explained
My colleague, the scammer
And it turned out to be far more complicated and weirder than we expected. So what Simon spotted in the first place was that the job was bombarded with candidates, right? So there were hundreds of applications, way more than was typical. Then he started getting on video interviews with people and strange things kept coming up.
Today, Explained
My colleague, the scammer
Lots of the applicants had resumes that didn't really match what he saw on screen. You know, maybe they had Anglo names, but were ethnically Asian. A lot of them said they were born and raised in America, in Tennessee or in Brooklyn, but they had really, really thick foreign accents.
Today, Explained
My colleague, the scammer
They all aced their coding tests in almost exactly the same ways, but when he was talking with them they often gave stilted answers and asked questions just about salary but nothing else. And there were other things too, so they all used similar default video background images.
Today, Explained
My colleague, the scammer
They had laggy internet connections and in the background he could hear noise, so it sounded like they were in a busy room, not a call, like a call centre maybe, not what you would normally do a job interview in. So these things, you know, individually, he didn't see any of these as a major red flag because you can imagine why somebody's name doesn't fit their face in your conception, right?
Today, Explained
My colleague, the scammer
Or why they have an accent or why they use a default background on their video call. But as he spotted candidate after candidate, following the same pattern, he started to get really suspicious of them. And then the clincher really was that he saw one of the candidates was wearing glasses and as the candidate was answering questions, Simon could see in the lenses of the glasses a reflection
Today, Explained
My colleague, the scammer
of an AI bot on the candidate's screen. So what he could see was that this was pumping out a script of some kind for the applicant to read in order to answer Simon's questions. And he could see this happening in real time. So at this point he figured his paranoia was well justified.
Today, Explained
My colleague, the scammer
What emerged as we got deeper and deeper in were not just that these were people who were trying to fraudulently get jobs or people who were maybe running several different jobs at the same time, which we've seen a lot since the pandemic. But in fact, we were able to connect them back and see that they were
Today, Explained
My colleague, the scammer
actually operatives who are working for the North Korean regime to try and get jobs and send money back to North Korea, which is, it turns out, this kind of pretty widespread scam that's being perpetrated against American companies particularly, but all around the world.
Today, Explained
My colleague, the scammer
No. So he'd realized that something strange was going on and hadn't hired anybody. But there are lots of companies around the country who have been hiring North Koreans unwittingly. And this is actually, it turns out, it's a pretty widespread operation and well known in the cybersecurity industry. and in parts of law enforcement.
Today, Explained
My colleague, the scammer
But it's really not something that's broken through into the public consciousness. Most people don't actually know about it. So when we started to put the pieces together and understand what was really going on, that's when the breadth and depth of this thing became apparent.
Today, Explained
My colleague, the scammer
The scam, it's kind of basic in some ways, but wild in others. First of all, on the simplest level, you have teams of North Korean agents who are recruited out of college and they get sent to work in other kind of friendly countries, typically China or Russia. They cross over the border and they go work in these teams. They steal people's identities and they use those identities to apply for jobs.
Today, Explained
My colleague, the scammer
So they steal American identities and use them to apply for jobs in the U.S., And they use all manner of AI enhancements to get the job. They use the AI coding tools to ace the test. They use the chatbots to script their answers so that they sound more competent. They use deepfake technologies to cheat ID verification and some of the tests that you have to go through in order to get a job.
Today, Explained
My colleague, the scammer
So if they're lucky enough to get through the interviews... The surprising thing, I think, is they actually generally do the job that they've been employed to do. This is usually building websites or apps for a company, completing different tasks, you know, IT related stuff. And often they share those tasks around their team. So there might be 10 or 15 people working in a team doing multiple jobs.
Today, Explained
My colleague, the scammer
We tried to keep it as sort of simple as possible. So I was just introduced as someone who was sitting on the call. We didn't want to alert them to obviously the fact that I was a journalist, because we didn't want to scare them away. We wanted to see what they had to say.
Today, Explained
My colleague, the scammer
And they basically are doing the minimum to stay employed. But because they share the tasks around the team, they're often very efficient and seem to be doing their job pretty well. So they stay under the radar. And all of this gives them time to earn cash that they then send back to North Korea.
Today, Explained
My colleague, the scammer
Now, software engineers can be pretty well compensated, so that can be a substantial amount of money, but they also use that access that they have as a developer to go and steal information, money, cryptocurrency, and even in some cases, plant malicious software on the victim's computer systems. In many cases, they don't get through to being hired. They're just trying, they're testing the system.
Today, Explained
My colleague, the scammer
But when they do get through, sometimes they only last a few days until they do something that clear that they're not who they say they are. But sometimes they stick around. I mean, I spoke to some victims who have unwittingly employed people and for up to a year, you know, they've been working in a company and getting away with it.
Today, Explained
My colleague, the scammer
But the real trick, I think, and the key weakness in this scam is that they need to use a middleman in the US. So, you know, the company will send forms to fill out. They'll send the computer for the developer to use. They need a place to send paychecks. All of these require somebody on the ground. And if you're in a North Korean team in China or Russia, you don't have that person.
Today, Explained
My colleague, the scammer
So they work with an accomplice who manages the physical stuff. So they're based in the US and they will install software that lets the North Koreans dial into their computer from overseas. and still look like they're in New Jersey or California or wherever they say they're based.
Today, Explained
My colleague, the scammer
So this means you have these middlemen who have houses full of laptops that all connect up to all the different jobs that they're working. And law enforcement calls that a laptop farm.
Today, Explained
My colleague, the scammer
And the accomplice gets up every morning, switches the computers on, makes sure they're all running properly, lets the North Koreans dial in to those computers from overseas, and then carry on the job and carry on the subterfuge. And in some cases, the facilitators who have been caught have been found with like 50 or 60 laptops running simultaneously in their house.
Today, Explained
My colleague, the scammer
And that's the place where law enforcement is actually able to catch these gangs, understand what's going on and try to stop it. So there's one case particularly that I dug into, which is of a middle man or middle woman in this case called Christina Chapman, who recently pled guilty to a range of different crimes related to this.
Today, Explained
My colleague, the scammer
She was based in Minnesota and Arizona. And over the space of a couple of years, she worked with a North Korean team and helped them target at least 300 different companies in the US, including some pretty substantial ones.
Today, Explained
My colleague, the scammer
My clients are going crazy, so I just... Some of them were mom-and-pop shops, but some were big corporations, yeah, and Chapman... ran this scam, she would help the teams do their IT work, she would host a laptop farm with maybe 60 computers at the same time, and she would help them dial into meetings or keep up to date with stuff.
Today, Explained
My colleague, the scammer
She would receive money that she would then pass along to a bank in China and take a cut along the way.
Today, Explained
My colleague, the scammer
What that meant was... She got drawn into this, as far as we can tell, by the fact that there was a promise of some money and it was an easy way to earn some cash. And when I spoke to security experts about this, they said it's really typical for somebody to get drawn in, you know, and that's why they choose folks who are able to stay under the radar, right?
Today, Explained
My colleague, the scammer
People who have no significant profile, people who can just look ordinary and behave in pretty ordinary ways. The woman who lives around the corner from you or the guy who lives in the apartment block or whatever, just ordinary folks who can help perpetrate this scam without raising too many suspicions.
Today, Explained
My colleague, the scammer
So typically these guys, and they really are guys, like you say, young, you know, pretty much straight out of college. They are recruited to work in these teams of 10 or 15 people. And they basically operate like a criminal gang in a sort of digital sweatshop. So they are typically sent overseas. I don't think they get many choices.