94
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 19 Dec 2025
94 points (100.0% liked)
technology
24136 readers
309 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 5 years ago
MODERATORS
Um not really? They claim that they detected it because of the high ping, that's a network infra and speed of light limitation. All a proxy would have done was make the ping worse.
They tracked down the corporate issued laptop to Arizona where it was allegedly being remotely controlled. From there the article doesn't say how they identified it as North Korean, maybe it was coming from a North Korean IP or maybe it wasn't but they already have a group setup to find North Korean remote workers so that's what they decided it was.
Whoever it was, was already busted when it was tracked to Arizona so again a proxy wouldn't have avoided detection
They can't know what the ping between Korea and the US proxy is if all they see is the US proxy. What they get is just the data from that server to Amazon.
Had they been using a proxy instead of remotely controlling the laptop directly, only the proxy would have been found. Amazon would have hit an investigative wall without a police warrant to demand that information from the server owners (which could be set up independently too), they would not have this for a private investigation.
Thinking about it more this story smells. They're clearly not being truthful about some part. If it was a remote controlled laptop from Arizona the time between a keystroke on the laptop and Amazon receiving it should be normal.
If the remote controlled laptop part is true that would be because Amazon only allows company issued devices to access the VPN (and then access internal resources) which lines up with my experience. To get around that and not have to use the corp laptop they would have to crack whatever secure endpoint attestation Amazon is using to connect to the VPN. Then they'd have to reverse engineer and spoof all the spyware (that's doing shit like apparently precisely tracking every keystroke). Because without the spyware checking in reporting normal they'd probably detect it even faster. After that's done you're right they'd obviously want to use a proxy but again that doesn't seem at all why they were caught and getting to the point of being able to just directly connect to Amazon's VPN through a proxy would be a heavy lift requiring a very sophisticated attacker.
The corporate laptop is probably very locked down and I bet Amazon actually caught this from the remote control software being detected by some local security scanner that wasn't properly circumvented.
I suspect what they did here was recover the laptop and capture the collaborator while managing to ensure that the remote worker who was logging into that laptop was unaware of its capture.
Then at that point they could then measure the ping between the laptop and the DPRK worker in order to find the location of the person logging into it.
There's still information missing about how they would have caught the collaborator though.