Amazon's security chief has issued a stark warning about a significant and growing threat: North Korean nationals are attempting to infiltrate the company's workforce to steal wages and fund the regime's military ambitions.
The Scale of the Infiltration Attempt
Stephen Schmidt, Amazon's Chief Security Officer, revealed this week that since April 2023, the tech giant has identified and blocked 1,800 suspected operatives from the Democratic People's Republic of Korea (DPRK) from joining its ranks. The problem is accelerating, with a 27% increase in DPRK-affiliated job applications detected quarter-over-quarter this year.
In a post on LinkedIn, Schmidt explained the objective is straightforward. "Over the past few years, North Korean (DPRK) nationals have been attempting to secure remote IT jobs with companies worldwide, particularly in the U.S.," he wrote. "Their objective is typically straightforward: get hired, get paid, and funnel wages back to fund the regime's weapons programs."
He was keen to stress this is not an issue unique to Amazon, stating it is "likely happening at scale across the industry." The operatives are increasingly focusing on high-demand roles in artificial intelligence (AI) and machine learning.
Sophisticated Tactics and 'Laptop Farms'
To bypass security, these individuals are employing increasingly advanced methods. These include hijacking the LinkedIn profiles of legitimate software engineers to lend credibility to their fake personas. In some cases, they pay people to surrender control of their real accounts.
A more complex scheme involves so-called "laptop farms." Here, an accomplice in a country like the United States agrees to host multiple computers, which are then controlled remotely by the North Korean workers. This makes it appear as though internet traffic is originating locally, masking its true overseas source.
The consequences for facilitating such schemes are severe. This summer, 50-year-old Christina Chapman was sentenced to eight years in prison for running laptop farms in Arizona and Minnesota. Her operation helped foreign workers pose as Americans to secure jobs at more than 300 companies. She logged into the computers to enable remote access and even helped process the fraudulent salaries.
A Direct Threat to Corporate and National Security
US authorities have framed this not as a distant geopolitical issue, but as an immediate domestic threat. Following Chapman's sentencing, US Attorney Jeanine Ferris Pirro stated, "North Korea is not just a threat to the homeland from afar. It is an enemy within... The call is coming from inside the house."
She issued a direct warning to businesses: "If this happened to these big banks, to these Fortune 500, brand name, quintessential American companies, it can or is happening at your company. Corporations failing to verify virtual employees pose a security risk for all."
The FBI warned that such schemes have already earned Pyongyang "millions of dollars for its nuclear weapons program by victimizing American citizens, businesses, and financial institutions."
How Companies Can Spot the Fakes
Stephen Schmidt advises vigilance and attention to detail. Red flags include applicants claiming degrees from universities that do not offer their stated major, or dates on CVs that don't align with standard academic schedules.
"Small details give them away," Schmidt noted. "For example, these applicants often format U.S. phone numbers with '+1' rather than '1.' Alone, this means nothing. Combined with other indicators, it paints a picture."
He urges all companies to scrutinise application patterns, conduct regular identity verification, and monitor for unusual remote access or unauthorised hardware. In an era of remote work, robust digital vetting processes are now a critical first line of defence against state-sponsored financial fraud.
