Amazon Catches North Korean IT Worker by Tracking Tiny 110ms Keystroke Delays
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A slight delay in keystrokes from a supposed U.S.-based IT worker alerted Amazon to a North Korean infiltrator accessing a corporate laptop.<\/p>\n
The commands should have zipped from the worker\u2019s machine to Amazon\u2019s Seattle headquarters in under 100 milliseconds. Instead, they trickled in after more than 110 milliseconds, a subtle clue screaming \u201chalf a world away,\u201d Amazon Chief Security Officer Stephen Schmidt revealed in an interview.<\/p>\n
This North Korean operative, hired through a contractor, exemplified the DPRK\u2019s brazen surge into remote IT jobs. Sanctioned by the U.S. and allies, Pyongyang uses these scams to funnel cash into weapons programs and evade isolation.<\/p>\n
DPRK workers infiltrate roles at small firms and tech giants alike, creating legal headaches and insider threats.<\/p>\n
Since April 2024, Amazon\u2019s team has thwarted over 1,800 such hiring attempts, Schmidt announced at a New York security event this week. Attempts spiked 27% quarter-over-quarter this year. \u201cAmazon didn\u2019t hire any North Koreans directly,\u201d Schmidt emphasized. But shipping a company laptop to a contractor proxy for DPRK operatives? That\u2019s a stark warning for all.<\/p>\n
Security monitoring flagged odd behavior on the systems admin\u2019s laptop, revealing a remote control traced to China.<\/p>\n
The machine lacked access to sensitive data, so investigators watched patiently. Cross-referencing the resume with the activity unveiled the scam. \u201cThis looks like somebody who had used the same playbook as other North Koreans,\u201d Schmidt recalled.<\/p>\n
The front of an Arizona woman earned a multi-year prison sentence in July for her part in a $1.7 million IT fraud ring aiding DPRK workers<\/a>, per the U.S. Justice Department.<\/p>\n North Korean fraudsters follow predictable scripts. They fabricate histories tied to obscure overseas consultancies tough to verify from afar, often listing the same feeder schools and firms. Red flags include mangled English idioms or article usage (\u201ca,\u201d \u201can,\u201d \u201cthe\u201d). \u201cIf we hadn\u2019t been looking for the DPRK workers, we would not have found them,\u201d Schmidt warned.<\/p>\n Amazon expelled the impersonator within days. Schmidt urged for more thorough vetting than just LinkedIn scans: comprehensive background checks, along with strong endpoint security that detects anomalies like keystroke latency, reports\u00a0Bloomberg<\/a>.<\/em><\/p>\n This bust echoes broader DPRK tactics. As detailed in Bloomberg\u2019s expos\u00e9 on \u201claptop farmers\u201d\u2014Americans unwittingly (or not) proxying gear to Pyongyang these schemes have infiltrated U.S. firms en masse. The Justice Department recently coordinated nationwide crackdowns.<\/p>\n For cybersecurity pros, the lesson cuts deep. Latency analysis, behavioral monitoring, and traffic forensics aren\u2019t just for threat hunters\u2014they\u2019re frontline defenses against nation-state grifters. In a remote-work era, every lag counts.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Amazon Catches North Korean IT Worker by Tracking Tiny 110ms Keystroke Delays<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n