94
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 19 Dec 2025
94 points (100.0% liked)
technology
24136 readers
555 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 5 years ago
MODERATORS
That's easily circumvented by routing the traffic through a proxy in the region. Sloppy. Should've had a server they routed it through inside the US.
I'm no expert but I've worked with people who've accessed our corporate VPN while abroad in another global north country and that raised alarm bells. Surely Amazon is at least as careful as my rinkydink org, and would've blocked a request from DPRK, no?
Just speculating since the article's light on details but I'll bet they had to VPN to get on Amazon's net in the first place, and that's where the latency was introduced. Not sure how you'd work backwards to DPRK from there but again I'm not an expert.
The article could be light on details cause it’s entirely made up.
North Korean “infiltrators” are getting hired at amazon as remote workers to raise money for the DPRK because if their poor and starving state could just get a little money into their evil anti-money communist society then they could build anti-freedom missiles and finally invade the free world.
The DPRK is partnered with China and Russia and they’ve had decades to rebuild after the holocaust. They have more security now than they ever have. Money isn’t the whole point and only way to do shit in the DPRK. Their issues come from a capitalist monarchy belt with a massively widespread reign of influence. Whoever’s idea it was that they need to apply for jobs at Amazon like common USian peasants probably got hired after the cuts to our propaganda department.
I read it more as a data exfiltration thing vs fundraising, but that's also compatible with your point, I think, and taking the article at face value is for sure unwise. Thanks.
Yeah if any of it happened at all I find it way more probable that it was some sophisticated labor arbitrage where remote workers apply to "US based" jobs for the US wage scale. Why else would Amazon be spending money to prevent those " 1,800 DPRK infiltration attempts"
Um not really? They claim that they detected it because of the high ping, that's a network infra and speed of light limitation. All a proxy would have done was make the ping worse.
They tracked down the corporate issued laptop to Arizona where it was allegedly being remotely controlled. From there the article doesn't say how they identified it as North Korean, maybe it was coming from a North Korean IP or maybe it wasn't but they already have a group setup to find North Korean remote workers so that's what they decided it was.
Whoever it was, was already busted when it was tracked to Arizona so again a proxy wouldn't have avoided detection
They can't know what the ping between Korea and the US proxy is if all they see is the US proxy. What they get is just the data from that server to Amazon.
Had they been using a proxy instead of remotely controlling the laptop directly, only the proxy would have been found. Amazon would have hit an investigative wall without a police warrant to demand that information from the server owners (which could be set up independently too), they would not have this for a private investigation.
Thinking about it more this story smells. They're clearly not being truthful about some part. If it was a remote controlled laptop from Arizona the time between a keystroke on the laptop and Amazon receiving it should be normal.
If the remote controlled laptop part is true that would be because Amazon only allows company issued devices to access the VPN (and then access internal resources) which lines up with my experience. To get around that and not have to use the corp laptop they would have to crack whatever secure endpoint attestation Amazon is using to connect to the VPN. Then they'd have to reverse engineer and spoof all the spyware (that's doing shit like apparently precisely tracking every keystroke). Because without the spyware checking in reporting normal they'd probably detect it even faster. After that's done you're right they'd obviously want to use a proxy but again that doesn't seem at all why they were caught and getting to the point of being able to just directly connect to Amazon's VPN through a proxy would be a heavy lift requiring a very sophisticated attacker.
The corporate laptop is probably very locked down and I bet Amazon actually caught this from the remote control software being detected by some local security scanner that wasn't properly circumvented.
I suspect what they did here was recover the laptop and capture the collaborator while managing to ensure that the remote worker who was logging into that laptop was unaware of its capture.
Then at that point they could then measure the ping between the laptop and the DPRK worker in order to find the location of the person logging into it.
There's still information missing about how they would have caught the collaborator though.