Amazon Caught North Korean IT Worker By Tracing Keystroke Data
Contents
An infinitesimal delay in the typed commands of a new IT worker provided an early clue that an imposter had gotten access to an Amazon.com Inc. corporate computer.
Keystroke data from the laptop of a worker who was supposed to be in US should have taken tens of milliseconds to reach Amazon’s Seattle headquarters. Instead, the flow from this machine was more than 110 milliseconds, Amazon’s Chief Security Officer Stephen Schmidt told me.
The barely perceptible lag suggested the worker was half a world away.
The person, who Schmidt said was hired by an Amazon contractor, was part of the surge in recent years of North Koreans skirting strict sanctions by the US and other countries to con their way into remote jobs, often in IT. The purpose is to raise money for the Democratic People’s Republic of Korea, or DPRK, including for its weapons programs. The pattern of imposters has raised legal …
Keystroke data from the laptop of a worker who was supposed to be in US should have taken tens of milliseconds to reach Amazon’s Seattle headquarters. Instead, the flow from this machine was more than 110 milliseconds, Amazon’s Chief Security Officer Stephen Schmidt told me.
The barely perceptible lag suggested the worker was half a world away.
The person, who Schmidt said was hired by an Amazon contractor, was part of the surge in recent years of North Koreans skirting strict sanctions by the US and other countries to con their way into remote jobs, often in IT. The purpose is to raise money for the Democratic People’s Republic of Korea, or DPRK, including for its weapons programs. The pattern of imposters has raised legal …