A North Korean imposter was uncovered, working as a sysadmin at Amazon U.S., after their keystroke input lag raised suspicions with security specialists at the online retail giant. Normally, a U.S.-based remote worker’s computer would send keystroke data within tens of milliseconds. This suspicious individual’s keyboard lag was “more than 110 milliseconds,” reports Bloomberg.
Amazon is commendably proactive in its pursuit of impostors, according to the source report. The news site talked with Amazon’s Chief Security Officer, Stephen Schmidt, about this fascinating new case of North Koreans trying to infiltrate U.S. organizations to raise hard currency for the Democratic People’s Republic of Korea (DPRK), and sometimes indulge in espionage and/or sabotage.
On one side I feel like “cool, they managed to find a spy on this sophisticated way”
On the other side I’m thinking what kind of intrusive keylogging malware did they install on all their employees laptops…
This article is just building justification for spying on your employees
I wonder how many they’ve missed over the years, this kind of thing has been occuring since at least 2012.
Reminded me of the ‘critical infrastructure company’ (I presume utility) software developer who handed all his credentials over to a worker in China, including mailing them his RSA keyfob, and wasn’t discovered for months until the company security team noticed VPN logins coming from China.
Apparently it’s become even easier for malicious remote workers to fake resumes and identities to gain jobs via AI, so I hope all major companies are monitoring their remote access very closely.
I don’t like Amazon but I will admit here I got to respect both the fact that they disclosed this instead of hid it and the fact that they are actively looking for this instead of burying their heads in the sand.
Oooor it’s corporate propagande about their totalitarian surveillance system.
North Korea got better ping than mine ahahaha…
Sounds much better than “Amazon surveils keystrokes of its IT workers”!
Well it isn’t paranoia if North Korean impostors really are working in your company.
Yeah, hate it all you want. But risk scales with the amount of employees you have. At the scale of Amazon you have to do literally everything to minimise risk.
This was also my takeaway. Sounds like a security nightmare if they are logging any data.
Normal ass websites will monitor user inputs to do things like profile users. I’m pretty sure those “click to show youre not a robot” captchas actually capture how your mouse moves to the box, for example. It’s not that crazy honestly.
How am I the first person to ask why they’re measuring the latency on everyone’s keystrokes?
Literally, catching North Koreans might have been the idea. It’s become a big issue.
Probably one of the less shocking things they track.
Given they’ve had 1800 recent infiltration attempts, I understand their suspicion.
the amazon workers DOESN’T deserve to get pushed around by jeff bezos - the best way to remedy this is by educating these workers on socialism and organizing, and give them the tools they need to collectivize the warehouse. seriously!
I’m never quite sure how to feel about this. On one hand, if the person just wants to make some money and they’re doing the job, why bother them. On the other hand though, I know that anybody who has consistent access to an internet connection in North Korea is almost certainly working for the benefit of the great leader and they aren’t actually seeing any money or benefit for themselves. I just hate that the citizens of North Korea have to suffer and be punished because of their asswipe of a leader.
I just hate that the citizens of North Korea have to suffer and be punished
Then you surely condemn the global sanctions on North Korean economy? Especially given the recent study showing how US+EU sanctions murder half a million people yearly since over 50 years ago.
When you look at the ISS pics of NK during the night, you get a sense of how bad it is for most of the population.
I like how they point out that tiny batch of lights near the coast are NK fishing boats while all the other massive clusters of lights on the ocean are South Korean, Chinese and Japanese fishing boats illegally using spotlights to attract fish.
Maybe they just really like the Dark Sky initiative.
An entire country of astronomy nerds sounds like a tourist destination to me!
Always curious to hear how NK has no electricity, but they manage to hack the systems of a trillion dollar conglomerate on the opposite side of the Pacific Ocean.
The contradictions abound.
Do you seriously not realize that the corrupt dictatorial government might have a bit more quality of life things and resources than the oppressed peasant class?
Wait, are we talking about Korea or Amazon?
I think maybe they’re just better about not pointing their lights upward at night
You believe that North Korea actually is electrified but they just avoid light pollution? They are among the least electrified countries in the world.
The ironic part is that they’re the only country of the world with a drawing of an hydroelectric plant on their emblem
It kind of amazes me they don’t have better infrastructure. It’s not like they’re shy about forced labor.
You can only do so much with forced labour. They aren’t doing their best, just “enough” to not get punished.
I’m sure plenty of them also use malicious compliance and sabotage stuff to get back at the top brass.
You can only do so much with forced labour.
There’s a certain irony in this statement, coming from folks who consume it regularly.
seeing the stars instead of light pollution doesn’t sound like a bad thing on its own
They’re also a security threat. Any opportunity to exfiltrate potentially profitable or leverageable data will be taken. I’d bet they’re used to sniff out vulnerabilities for ransomware attacks too. I definitley identify and agree with the healthy sympathy (I guess empathy if you’re in the states, our leader more than qualifies as an asswipe) for the citizens of North Korea
They’re also a security threat. Any opportunity to exfiltrate potentially profitable or leverageable data will be taken
But thats good, the USA is carrying out genocide in Palestine and is about to invade Venezuela. And Amazon is no saint either.
The US is enabling and providing political cover for the Palestinian genocide, Israel is carrying it out. I don’t think an invasion of Venezuela is imminent, just the same kind of underhanded manipulation and isolation that has been done to Cuba for the past half century. Agreed Amazon sucks.
None of that changes the fact that only thing that these North Korean tech workers do is help Kim fund his military projects and his Bourgeoisie lifestyle
The US is enabling and providing political cover for the Palestinian genocide
…and economic support, and military support defending their coastlines and boats, and military support defending them from Iran, and most of the weapons used on Palestinians are of US origin.
just the same kind of underhanded manipulation and isolation that has been done to Cuba for the past half century
Then you’ll be probably horrified to learn that US+EU economic sanction have murdered half a million people per year since 1971 per the latest academic health research estimates. This is more death than the deaths from war since 1971 on average.
that only thing that these
North KoreanAmerican tech workers do is helpKimBezos fund his military projects and his Bourgeoisie lifestyleI’m aware of all that about Gaza. No excuses from me, I find it horrifying and shameful. Same as far as sanctions go (I do agree with the Russia ones where it’s a tool to get an actual war to end, or sanctions against individuals in certain contexts). I agree with you on the last point too, it’s just that Jeff doesn’t style himself as a hero of the Proletariat. I dunno who’s responsible for more human suffering between the two, but the hypocrisy does piss me off. They can both get fucked as far as I’m concerned.
Good, at least we agree that sanctions against Cuba and Venezuela are horrifying and they murder hundreds of thousands.
My main problem with the big criticism against North Korea is how little we actually know of the country, the level of corruption, and the actual reasons why the people there have a low material standard of living.
North Korea is a reclusive and inwards country not because of a personal idea of the Kim family, but because of its recent history. In the 1950s, North Korea was bombed by the USA with an unimaginable amount of explosives, in one of the most violent and extensive bombing campaigns in human history, to the point that [85% of all buildings in the country were destroyed] (https://en.wikipedia.org/wiki/Bombing_of_North_Korea?wprov=sfla1), and hundreds of thousands if not millions died violent deaths (without counting starvation and disease from the destruction of all infrastructure). The country was quite literally bombed into the stone age.
After being utterly destroyed, when the Korean War froze, North Korea was subjected to an almost complete economic embargo by all nations except the eastern block, so it could rely only in the USSR for trade. As a country without much in the way of arable lands (mountainous and cold) or natural resources (its only reliable energy sources are coal and hydro), it was forced by external forces to adopt its current policy of Juche.
When in 1990 the USSR was dissolved, North Korea, much like Cuba, saw itself entirely isolated from the world, unable to trade with any partner due to the immense economic sanctions it was subjected to for the cardinal sin of being communist. This caused a massive rise in poverty in the country, problems with energy generation, food supplies…
Maybe if North Korea had been allowed to freely trade in the international market to exploit its advantages and cover its disadvantages, it would have thrived much more than it has, and it wouldn’t rely so much on state power to secure its own ideological thesis without external interference. Most of what we read about North Korea is false anyway, stuff like the “intergenerational gulags” is literally made up much like the Iraq WMDs.
My point is: the west is entirely responsible for the current state of North Korea, from the entire destruction of the country to its isolation in the international economic sphere. Criticizing from our high point of view the people that have been subjected to millions of deaths from our actions isn’t exactly the most honest thing to do, especially when it’s done using false stuff like the intergenerational prisons I mentioned. North Korea has a lot of problems, no doubt, but the way to solve these problems is to let them flourish and develop by themselves, not to further continue murdering millions of them through economic sanctions.
I know that anybody who has consistent access to an internet connection in North Korea is almost certainly working for the benefit of the great leader and they aren’t actually seeing any money or benefit for themselves.
Eh, this doesn’t sound like the job you would give someone in a prison camp. You’re talking about people that you’re allowing to interact and work regularly with foreigners outside the country. That does not sound like the type of position you trust to a political prisoner. That sounds like a position you put someone of high trust. It’s probably a pretty cushy job as the standards of North Korea go. Sure beats scratching at dirt or working in some godawful arms factory. It’s probably the type of job you need some good family connections in the Party in order to get. Sure, the government takes all the direct monetary benefit of the work, but that is just kindof how Communist systems work. I imagine the people working those jobs have some of the highest standards of living available to people that aren’t senior party leadership.
deleted by creator
North Korea intentionally does this to get revenue for the state.
These people are definitely not there just to make some money. And whatever money they make will be used to prop up the genocidal regime.
Are you talking about the USA Amazon workers propping up the USA genocidal regime, as seen in Palestine? Because, AFAIK, there’s no genocide going on as a consequence of North Korea. Care to elaborate?
I’d say locking up a substantial part of your population, including their families in murderous gulags amounts to genocide. Oh, and did anybody say Arduous March?
I’d say locking up a substantial part of your population
US has highest prison population in the world, 1 in 5 black men go through the prison system. Is that genocide?
including their families
This is fox news propaganda, similar level to “weapons of mass destruction in Iraq”
gulags
Gulags are just prisons. GULAG is the acronym of the penitentiary system of the USSR.
I guess this is inevitable at huge companies. Nobody cares about the actual person you’re hiring, it’s just another position to fill. Of course there will be fakes of all kinds.
It’s not that, it’s that they are incredibly sophisticated in their techniques. I just had to sit through 90 minutes of training about how to spot fake applicants.
I don’t get why companies can’t solve this problem entirely by just flying out applicants for in-person interviews towards the end of the hiring process. Or hell, maybe only even ask the candidate to fly out for a visit after they’ve already accepted the job offer. Just one minimal and relatively cheap step to confirm the remote worker you’re hiring is who they claim to be. For the cost of a flight, a night or two in a hotel, and some meal vouchers, you can verify someone’s identity. Sure, maybe not for freelance work. But for any well paid technical field? This is a trivial expense.
I feel this can be bypassed the same way remote interviews have been passed, you have a talented dude A actually trained to pass whatever verification is needed, and whenever there’s privacy, it switches to dude B, while dude A moves to another recruitment process. I think I have heard about this kind of dude A offering his services online for anyone ready to pay.
Anyone else has never seen the face of one of their full remote colleague? I have one in my team, he does a good job though, however many they may be behind him.It not practical at a remote first company to fly people out to where we happen to have offices when they could be working from anywhere.
It’s cheap-ish for a flight, but at scale, the starts to become an expensive hiring pipeline.
I wonder how much it would cost to hire an actor for that. You know they would find ways around them.
So what did you learn?
It’s more a list of warnings signs.
- blurred/virtual background (we make them turn it off during interviewing)
- refusal to do gestures or follow specific instructions (wave your hand in front of your face)
- not familiar with local knowledge like weather
- appearing to read from the screen or phone
There’s more than that, but those are the highlights.
Yeah capitalism says: but cheaper worker ok
weasel language. the “infiltrators” are literally working a job for them.
Correct. The hostile actor gained employment with their victim, a common method of infiltration. You should look up the definition of infiltration.
working a job is not infiltration.
It kinda is, its practically a requirement for a lot of corporate espionage and a lot of spies have entire lives alongside their spy duties. Also fun joke I’ve heard about Vladivostok during the Cold war, “There were surprisingly only a handful of people in that city, American spies, Soviet counter intelligence, smugglers, cargo movers, and baristas who ignored the whole mess” heard that from an ex-CIA guy who was doing a talk at a spy exhibit back when I was a kid.
so? does working a job == espionage because it’s north korea? i don’t think they have ever gone at war or any kind of open conflict with western countries at all recently excluding the thing with south korea and the us not liking their existence…?
why are their workers totally all spies as opposed to say, chinese ones, which might even have a stronger interest in keeping an eye on the west? and they don’t seem to have much issue with them.
as i said to me, it sounds like weasel language to smear this specific country for trying to get around the sanctions imposed on them.
The Norks have quite literally done data breaches and major hacks via this exact method in the past. They basically have nothing to lose on the international level so they do this and then trade it to countries like China or Russia for whatever it is they want. If they didn’t have a documented history of doing shit like that nobody would assume espionage.
If they didn’t have a known tendency towards weird espionage shit going back to the 50 and 60s nobody would care, but they do have a known tendency towards doing weird espionage shit.
It can be if that’s the purpose. But considering it’s NK it is almost certainly a government attempt to infiltrate.
But considering youre from .ml I doubt you’ll ever acknowledge lol
By itself no, but employment absolutely is compatible with infiltration. In fact, it doesn’t even have to be a foreign-state actor, or even a witting party (e.g. clicking on stuff in spam mail). See: insider threat, and data exfiltration.
Yeah, and its curious to see you getting downvotes for the intra-departmental outsourcing that’s been rampant through the tech sector for a while now.
What we’ve got isn’t some nefarious plot by the Chinese-Adjacent to invade our precious trillion dollar tech industry. Its the deliberate consequence of sanctioning a country to the hilt to devalue local labor, then exploiting the sanctioned locals to extract labor at below market rate.
This is not some kind of facewashing?
No
What is facewashing?
When you lick your paw and then you rub it on your face.
You should try it sometime.
Oh, I’ve seen our sysadmins do that …
It is about the only way we have enough time to wash ourselves.
deleted by creator
deleted by creator
Isn’t this an example of them taking it pretty seriously?
Right? I never heard of tracking employee’s keystroke latency before. Pretty genius.
How do they even?? They can’t know the difference in time between the humans key input and the computer’s receipt of it, since they can’t possibly know the exact millisecond the human input was made…?
The reported article really sounds like a misreading of a more technical document
If you’re on an ssh connection to a server, they can probably track the keystroke latency and average out over time. All network packets have timestamps, so you can know the latency of each one. If it’s consistently high, that’s unlikely to be a fluke or temporary network slowness.
But apparently they remotely used a laptop located in the US, so from there it should’ve been fine, no? Unless it was simply used as a proxy.
Tcp/ip packets don’t have timestamps. They wouldn’t be reliable even if they did. And they certainly wouldn’t be “millisecond accurate”.
Vdi tracks round trip latency but 100ms isn’t that far.
I bet they didn’t use keystroke latency but that’s what they said they used. They probably used drone reconnaissance.
Yeah 100ms is like coast-to-coast US
Light in fiberoptic travels at about 0.66c, or about 124,000 mi/sec. Data on copper actually has an advantage here, travelling at 0.99c, but it’s not sustainable for long distance.
100ms being 1/10th of a second would be 12,400 miles.
The earth is about 24,000 miles at the equator.
At most, 100ms one-diredtional would be literally halfway around the world.
Of course, I have 60ms packet latency to my office 45 miles away as the crow flies. So maybe packet latency isn’t the best way to tell.
Cool.
They had the drone follow the fibre cable all the way to NK
Average response from entering a line and starting the next. There’s a delay while the information is sent, and before they start typing the next line.
Hopefully someone can share the original paywalled Bloomberg article, maybe it goes into more detail
Reader mode worked for me: https://www.bloomberg.com/news/newsletters/2025-12-17/amazon-caught-north-korean-it-worker-by-tracing-keystroke-data
But if you need the archive link: https://archive.ph/p4AcP
It’s actually common for micromanaging to have software that tracks this. I believe Microsoft Teams has something similar managers can use to track “productivity”. Someone probably just compiled all of it and clicked sort, then saw some Asian name at the top and that’s what raised the red flag.
