I’ve come across two of these in the last few years of running interviews.
All you have to do is ask about where they live and what they like about it. One, when asked about living in a dead-flat suburb of Houston, said he liked the mountains.
According to the article (and therefore Amazon, so take it with a grain of salt), they’ve “foiled more than 1,800 DPRK infiltration attempts since April 2024.”
Company laptops are company property, and employees are warned prominently about the privacy implications of this. Endpoint security is the most critical protection against insider threats, which are the highest leverage attack vectors. One bad actor inside your infrastructure can do untold damage to company finances, reputation, trade secrets, etc. Add to this the sensitive data Amazon processes on behalf of clients, and protecting against these threats becomes necessary for survival.
Also, this detection method doesn’t require full key logging. It just requires measuring the latency between some sample of keystrokes and receiving them on the server. It could be implemented in JavaScript on the login page. In fact it’s actually a clever technique that could be used for VPN detection by normal websites… in the case of Amazon it’s probably more complicated since the “client” may be behind a KVM/VNC server, but the same concept works.
The Arizona woman the article refers to was sentenced to 102 months in prison for her role in this scheme: https://www.justice.gov/opa/pr/arizona-woman-sentenced-17m-i...
Pretty fascinating stuff.
I’ve come across two of these in the last few years of running interviews.
All you have to do is ask about where they live and what they like about it. One, when asked about living in a dead-flat suburb of Houston, said he liked the mountains.
Mind boggling. But well done Amazon.
So if I'm reading this right, all the NK perpetrators have to do "next time", is to have a local remote-desktop as a proxy?
When you work for Amazon, your computer is monitored to the point they check your keyboard typing speed. Dystopian doesn't even begin to describe it.
According to the article (and therefore Amazon, so take it with a grain of salt), they’ve “foiled more than 1,800 DPRK infiltration attempts since April 2024.”
Company laptops are company property, and employees are warned prominently about the privacy implications of this. Endpoint security is the most critical protection against insider threats, which are the highest leverage attack vectors. One bad actor inside your infrastructure can do untold damage to company finances, reputation, trade secrets, etc. Add to this the sensitive data Amazon processes on behalf of clients, and protecting against these threats becomes necessary for survival.
Also, this detection method doesn’t require full key logging. It just requires measuring the latency between some sample of keystrokes and receiving them on the server. It could be implemented in JavaScript on the login page. In fact it’s actually a clever technique that could be used for VPN detection by normal websites… in the case of Amazon it’s probably more complicated since the “client” may be behind a KVM/VNC server, but the same concept works.
A employee of an Amazon contractor...
Article is clear as mud, and its sourcing Bloomberg, on who has sketchy reputation on this type of stories.
I'm not sure how keypress delay is measured but the rest sounds entirely consistent with the documented MO of North Korean hackers.