94
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 19 Dec 2025
94 points (100.0% liked)
technology
24136 readers
319 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 5 years ago
MODERATORS
Thinking about it more this story smells. They're clearly not being truthful about some part. If it was a remote controlled laptop from Arizona the time between a keystroke on the laptop and Amazon receiving it should be normal.
If the remote controlled laptop part is true that would be because Amazon only allows company issued devices to access the VPN (and then access internal resources) which lines up with my experience. To get around that and not have to use the corp laptop they would have to crack whatever secure endpoint attestation Amazon is using to connect to the VPN. Then they'd have to reverse engineer and spoof all the spyware (that's doing shit like apparently precisely tracking every keystroke). Because without the spyware checking in reporting normal they'd probably detect it even faster. After that's done you're right they'd obviously want to use a proxy but again that doesn't seem at all why they were caught and getting to the point of being able to just directly connect to Amazon's VPN through a proxy would be a heavy lift requiring a very sophisticated attacker.
The corporate laptop is probably very locked down and I bet Amazon actually caught this from the remote control software being detected by some local security scanner that wasn't properly circumvented.
I suspect what they did here was recover the laptop and capture the collaborator while managing to ensure that the remote worker who was logging into that laptop was unaware of its capture.
Then at that point they could then measure the ping between the laptop and the DPRK worker in order to find the location of the person logging into it.
There's still information missing about how they would have caught the collaborator though.