Today, Explained - My colleague, the scammer
Episode Date: May 19, 2025North Korea has been sending young, tech-savvy operatives to pose as ordinary American job seekers. Tech reporter Bobbie Johnson investigates the scam. This episode was produced by Gabrielle Berbey, ...edited by Amina Al-Sadi, fact-checked by Laura Bullard, engineered by Patrick Boyd, and hosted by Noel King. Further reading: North Korea stole your job by Bobbie Johnson. Listen to Today, Explained ad-free by becoming a Vox Member: vox.com/members. Transcript at vox.com/today-explained-podcast. Photo of North Korean Supreme Leader Kim Jong Un by Contributor/Getty Images. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
One of the big challenges of hiring remote workers is you don't really know who you're
hiring.
Recently, the FBI warned that many companies really don't know who they're hiring.
Big American companies like Google and Sentinel One have been tricked by compelling resumes
and LinkedIn profiles into hiring North Koreans.
Now to the story of spies in the break room. US, the UK and South Korea
have jointly accused North Korea of using a cyber espionage group to steal
sensitive and classified data. Ahead on Today Explained we talked to a reporter
about what it's like to sit in on a job interview with a North Korean operative.
We tried to keep it as simple as possible.
So I was just introduced as someone
who was sitting on the call.
We didn't want to alert them to, obviously,
the fact that I was a journalist,
because we didn't want to scare them away.
We wanted to see what they had to say.
When I found out my friend got a great deal
on a designer dress from Winners, I started wondering, is every fabulous item I see from Winners, like that woman over there with the
Italian leather handbag, is that from Winners?
Ooh, or that beautiful silk skirt.
Did she pay full price?
Or those suede sneakers?
Or that luggage?
Or that trench?
Those jeans?
That jacket?
Those heels?
Is anyone paying full price for anything?
Stop wondering.
Start winning.
Winners find fabulous for less.
What's up, y'all? It's Kenny Beach,
and we are currently watching the best playoff basketball
since I can't even remember when.
This is what we've been waiting for all season long.
And on my show, Small Ball,
I'll be breaking down the series matchups,
major performances, in-game coaching decisions, and game strategy,
and so much more for the most exciting time
of the NBA calendar.
New episodes through the playoffs available on YouTube
and wherever you get your podcasts.
Subscribe to Small Ball with Kenny Beecham
so you don't miss a thing.
It's Today Explained.
I'm Noelle King.
The life of a freelance investigative reporter
is not an easy one.
A lot of time is spent figuring out what story is going to justify your time and talents.
Such was the problem for reporter Bobby Johnson, who's based in the Bay Area.
Late last year, Bobby had been hearing about people using AI to run scams,
and he decided to see if there was anything there.
And so one evening, I bumped into this young entrepreneur called Simon Weichman's at an
event in San Francisco and I shared with him what I'd heard about and asked if he'd heard
about anything and he said, well, you'll never guess what happened to me recently.
It turned out that Simon runs a web security company and he'd been interviewing people for
a software engineering job, a remote software engineering job, so people not based near HQ.
And in interviewing, he'd seen a bunch of deeply suspicious activity.
He was worried that people were trying to fraudulently get jobs or something, and it
turned out to be far more complicated and weirder than we expected.
So what Simon spotted in the first place was that the job was bombarded with candidates,
right? So there were hundreds of applications, way more than was typical. Then he started
getting on video interviews with people and strange things kept coming up. Lots of the
applicants had resumes that didn't really match what he saw on screen. Maybe they had Anglo names but were ethnically Asian.
A lot of them said they were born and raised in America, in Tennessee or in Brooklyn, but
they had really, really thick foreign accents. They all aced their coding tests in almost
exactly the same ways, but when he was talking with them, they often gave stilted answers
and asked questions just about salary, but nothing else.
And there were other things too.
So they all used similar default video background images.
They had laggy internet connections
and in the background he could hear noise.
So it sounded like they were in a busy room,
not a call, like a call center,
maybe not what you would normally do a job interviewing.
So these things, you know, individually, he didn't see any of these as a major red flag,
because you can imagine why somebody's name doesn't fit their face in your conception,
right? Or why they have an accent or why they use a default background on their video call.
But as he spotted candidate after candidate, following the same pattern. He started to get really suspicious
of them. And then the clincher really was that he saw one of the candidates was wearing
glasses and as the candidate was answering questions, Simon could see in the lenses of
the glasses a reflection of an AI bot on the candidate's screen. So what he could see
was that this was pumping out a script of some kind
for the applicant to read in order to answer Simon's questions and he could see this happening in real
time. So at this point he figured, you know, his paranoia was well justified. What emerged as we
got deeper and deeper in were not just that these were people who were, you know, trying to fraudulently
get jobs or people who were maybe running several different jobs at the same time, which we've seen a lot since
the pandemic. But in fact, we were able to connect them back and see that they were actually
operatives who are working for the North Korean regime to try and get jobs and send money back to
North Korea, which is, it turns out, this kind of pretty widespread scam that's been perpetrated against American companies particularly, but all
around the world. So by the time you met Simon at that event, he had clearly
copped on that something was up here. Had Simon actually hired anyone in North
Korea? No, so he'd realized that something strange was going on and hadn't hired anybody.
But there are lots of companies around the country who have been hiring North Koreans
unwittingly.
And this is actually, it turns out, it's a pretty widespread operation and well known
in the cybersecurity industry and in parts of law enforcement.
But it's really not something that's broken through into the public consciousness. Most people don't actually know about it.
So when we started to put the pieces together and understand what was really going on, that's
when the breadth and depth of this thing became apparent.
How does this work? And to what degree is this going on?
The scam is kind of basic in some ways, but wild in others.
First of all, on the simplest level,
you have teams of North Korean agents
who are recruited out of college
and they get sent to work in other kind of friendly countries,
typically China or Russia.
They cross over the border and they go work in these teams.
They steal people's identities and they use those identities to apply for jobs. So they
steal American identities and use them to apply for jobs in the US. And they use all manner of
AI enhancements to get the job, you know, like they use the AI coding tools to ace the test, they use the chat box to script their answers
so that they sound more competent.
They use deep fake technologies to cheat ID verification
and some of the tests that you have to go through
in order to get a job.
So if they're lucky enough to get through the interviews,
the surprising thing I think is they actually generally
do the job that they've been employed to do. This is
usually building websites or apps for a company, completing different tasks, you know, IT related
stuff, and often they share those tasks around their team. So there might be 10 or 15 people
working in a team doing multiple jobs and they basically are doing the minimum to stay employed.
But because they share the tasks around the team,
they're often very efficient and seem to be doing their job pretty well, so they stay under the radar.
And all of this gives them time to earn cash that they then send back to North Korea. Now,
software engineers can be pretty well compensated, so that can be a substantial amount of money,
but they also use that access that they have as a developer to go and steal information,
money,
cryptocurrency, and even in some cases plant malicious software on the victims computer systems. In many cases
they don't get through to being hired, you know, they're just trying, they're testing the system,
but when they do get through sometimes they only last a few days until they do something that's clear that they're not who they say they are.
But sometimes they stick around. I mean, I spoke to some victims who have unwittingly employed people for up to a year.
You know, they've been working in a company and getting away with it.
But the real trick, I think, and the key weakness in this scam is that they need to use a middleman
in the US.
So, you know, the company will send forms to fill out, they'll send the computer for
the developer to use, they'll, they need a place to send paychecks, you know, all of
these require somebody on the ground.
And if you're in a North Korean team in China or Russia, you don't have that person.
So they work with an accomplice who manages the physical stuff.
So they're based in the US and they will install software that lets the North Koreans
dial into their computer from overseas and still look like they're in New Jersey or
California or wherever they say they're based.
So this means you have these middlemen who have houses full of laptops
that all connect up to all the different jobs
that they're working.
And law enforcement calls that a laptop farm.
And the accomplice gets up every morning,
switches the computers on,
makes sure they're all running properly,
lets the North Koreans dial in
to those computers from overseas,
and then carry on the job and carry on the subterfuge.
And in some cases, the facilitators who have been caught,
they've been found with like 50 or 60 laptops
running simultaneously in their house.
And that's the place where law enforcement
is actually able to catch these gangs,
understand what's going on and try to stop it.
So there's one case particularly that I dug into which is of a middleman or middlewoman
in this case called Christina Chapman who recently pled guilty to a range of different
crimes related to this.
Hey, lovelies.
It's me.
So today I am not being too experimental.
I found something called Avocado Fries which are...
She was based in Minnesota and Arizona and over the space of a couple of years she worked
with a North Korean team and helped them target at least 300 different companies in the US
including some pretty substantial ones.
Howdy people.
So today I think is day seven
and I did not make my own breakfast this morning.
My clients are going crazy so I just-
Some of them were mom and pop shops,
but some were big corporations.
And Chapman ran this scam.
She would help the teams do their IT work.
She would host a laptop farm with maybe 60 computers at the same time.
And she would help them dial into meetings or keep up to date with stuff.
She would receive money that she would then pass along to a bank in China and take a cut
along the way.
New at 10, an Arizona woman has been indicted
in a series of complex identity theft cases
that have been generating money
for the North Korean government.
Christina Chapman was working out of her house
in Litchfield Park.
Someone approached her on LinkedIn,
asking her to be the US face of their company.
What that meant was-
She got drawn into this as far as we can tell
by the fact that there was a promise of some money and it was an easy way to earn some cash and
what when I spoke to security experts about this they said it's really typical for somebody to get
drawn in you know and that's why they choose folks who are able to stay under the radar right
people who have no significant profile, people who can just look ordinary
and behave in pretty ordinary ways.
The woman who lives around the corner from you,
or the guy who lives in the apartment block or whatever,
just ordinary folks who can help perpetrate this scam
without raising too many suspicions.
Bobby Johnson, he's a freelance investigative reporter. He ended up writing this story for WIRED.
Coming up, Bobby goes to the flip side.
Who are the North Koreans? Support for today's show comes from Delete Me.
More than likely, there is a lot of your personal information online.
Some of you may have even willingly posted it, but having your name, address, phone number,
and family member's names hanging out on the internet can have actual consequences in the real world and makes you vulnerable, says DeleteMe.
According to DeleteMe, you can protect your personal privacy or the privacy of your business
from doxing attacks before sensitive information can be exploited. Our very own Claire White has
tried DeleteMe. Here's what she has to say.
You can take control of your data and keep your private life private by signing up for
Delete Me now at a special discount for our listeners.
You can get 20% off your Delete Me plan when you go to joindeleteeme.com slash today.
Use promo code today at the checkout.
The way to get 20% off is to go to joindeleteeme.com slash today and enter code today at checkout.
That's joindeleteeme.com slash today, code today. Support for today's show comes from mint mobile mint mobile doesn't make crisp mint iced tea
despite what the writers of this ad think you might be thinking no they sell low price
phone plans cool with mint mobile all those low price plans come with high speed data
and unlimited talk
and text delivered on the country's biggest 5G network.
You can use your own phone with any Mint Mobile plan and bring your phone number along with
all your existing contacts.
You can get three months of premium wireless service from Mint Mobile for $15 a month.
This year you can skip breaking a sweat and breaking the bank.
You can get your summer savings and shop premium wireless plans at MintMobile.com slash explained.
That's MintMobile.com slash explained.
An upfront payment of $45 for a three-month, five-gigabyte plan is required, equivalent to $15 a month.
New customer offer for first three months only. Then full price plan options are available.
Taxes and fees are extra, guys. See MintMobile for details.
taxes and fees or extra guys. See Mint Mobile for details.
From early morning workouts that need a boost
to late night drives that need vibes,
a good playlist can help you make the most
out of your everyday.
And when it comes to everyday spending,
you can count on the PC Insider's World Elite Mastercard
to help you earn the most PC optimum points
everywhere you shop.
But the best playlists, you never miss a good song. With this card, you never miss out on getting
the most points on everyday purchases. The PC Insider's world elite mastercard, the card for
living unlimited. Conditions apply to all benefits. Visit pcfinancial.ca for details.
This is Today Explained.
We're back with Bobby Johnson, who wrote about North Korean operatives getting hired by American
companies for Wired.
The companies don't like to talk about what is happening.
Neither does North Korea.
So Bobby relied on defectors who understand how the scam works from North Korea's end.
So typically these guys, and they really are guys like you say young, you know, pretty
much straight out of college.
They are recruited to work in these teams of 10 or 15 people and they basically operate
like a criminal gang in a sort of digital sweatshop.
So they are typically sent overseas.
I don't think they get many choices, you know, they're sent overseas to live in a nondescript apartment
and it's pretty much a 24-7 existence.
They work there, they eat there, they sleep there.
They are only allowed to leave in small groups
to make sure that nobody runs away.
And they get paid by the government and sometimes pretty well.
But the regime also makes it clear that, you know that your family back in South Korea is under extra surveillance to try and dissuade
people from trying to escape.
But these teams are typically relatively low level.
North Korea does also run very high level hacking teams And this kind of work is maybe a stepping stone towards that, but it's kind of where
folks are paying their dues.
Kim Jong-un is a very strange guy.
He has interesting priorities.
And this now, based on everything you've told us, really does appear to be one of them.
How has he made this kind of cyber training a priority in North Korea?
What could you find out about that?
Yeah, so Kim Jong-un is a really interesting and strange leader. I mean, we all know kind of how
he's behaved when he appears in public and the kind of things that North Korea has been doing
with its weapons program and threats against other countries. North Korea's leader Kim Jong-un has
ordered his country's military to be ready to use
nuclear weapons at any time.
North Korea threatening to test two more weapons of mass destruction after a beaming Kim Jong-un
watched the latest missile launch.
But unlike his father, who was very kind of anti-technology and school. Kim Jong Un was actually educated in Switzerland under a
pseudonym. He was kind of sent to school there and he had access
to Western culture and Western technology. And when he took
over in the 2010s, as supreme leader, he really switched things
around. So North Korea went from a country that that basically
had like one pipeline to
connect to the internet for years and years and years to a country that saw that maybe its only
options or some of its options involved getting really good at technology. And so he has encouraged
and put more money and effort into funding computer science programs and technology
literacy in North Korean schools. And that's bubbled up through various universities and
colleges that sort of develop people's skills and teach them things. You know, they don't
just teach them coding or how to use computers, they teach them how to hack and how to cover
their tracks and all of this
stuff. And so you get these young men, particularly coming out of college in North Korea, who have been
trained for the last few years to really be operatives, you know, to be make it possible for
them to do this stuff. And it's paying dividends for North Korea, you know, for such a small country
and one that doesn't have a big technology industry,
they punch way above their weight in terms of this stuff. And so there's a lot of cryptocurrency
theft going on. Earlier this year, a couple of months ago, a crypto exchange in Dubai got hacked
and $1.5 billion got stolen, and that was by North Korean hackers. So these guys have realized that
this is a very lucrative way with very low cost to them. Really it's just a computer and some
training to get out there and cause havoc and fund the country that has no other way of making money.
Do we know how much money this is making?
of making money. Do we know how much money this is making?
You know, typically a team of pretenders might earn several million dollars a year through
the different jobs that they're running.
And I've seen lots of estimates wild all over the place, but the minimum is kind of around
three million dollars a year.
This is like, that's a lot of money, but it's not, you know, it's not a huge amount, but
yeah, obviously the way North Korea operates, they're taking nearly all of that as profit, right? And
it's going straight back into military programs, it's going straight back into Kim Jong-un's slush fund,
you know, it's going back into the country and they're running, you know, there are many of these groups running different scams. And scale-wise, you know, there's been a lot of activity in the US,
but folks I spoke to are saying that they're seeing a real expansion of activity in Europe,
in Japan and elsewhere. So this has now become a very lucrative scheme across the board for
the North Koreans. I'm trying to put myself in the shoes of the American who ends up talking to one of these people in North Korea and figures it out and is like,
Uh-oh, this person is definitely not in Knoxville. And I wonder what you do about it.
Like, you can't call the police and say somebody fraudulently applied for a job at my company. But also, this isn't
right. It doesn't seem legal. What can law enforcement and what does law enforcement
actually do here?
Yeah, this is really the tough thing in these cases. Because if you're smart enough to
spot it before it happens to you, kind of no crime has been really enacted upon you or something that's, you know, not going to lead to a prosecution. But in any case, it's really hard to prosecute these cases, because for the most part, the worst offenders are based in a country that the American courts can't extradite from. So, you know, we're not going to pull someone out of China or Russia. So that means the cases generally focus on the stolen
identities and the accomplices. The real problem underneath all of this is that the political or
economic solutions that you think would be possible just aren't really effective, right? You can't
enact sanctions against North Korea for this because the sanctions already enacted against
North Korea are so punitive, right? One of the reasons that these guys are doing this in the first
place is because legal trade is basically zero because the country is
being punished rightly for its rogue nuclear weapons program. So for now
from the industry and law enforcement folks I spoke to, your best remedy is to
try and be aware of it and prevent it happening to you. And that's tough. And it's a big leap to go
from saying, you know, there's something fishy going on with
this applicant to, I believe this applicant may be working
for the North Korean government. That's like, that's a wild jump
to make. But at least if you're looking for things, looking for
those red flags, or kind of looking for that
circumstantial evidence, then you can protect yourself from being a victim.
There is something about all of this, Bobby, that is just not particularly clever. It's working,
but you don't have to have a beautiful mind to think up a scam like this one. I wonder though, as you were reporting out this story,
where your mind went when you thought about
what are the perils in the future that we're facing?
What doors are opened by this little scam
that five years from now or 10 years from now
might be even harder to combat?
That I think is the most fascinating question in all of this.
There are two threads that I would pull here.
One is that once they can get access, they're stepping stones, right?
They're just trying to do a job and earn money, but what if somebody else can use the same
techniques and be more aggressive in their attacks? You know, if you get hired, let's say you get hired inside a government defense contractor,
you know, can you access intellectual property or state secrets or something like that?
The espionage potential is high and the kind of aggressive attacks on companies could get a lot worse. And then I think, you know, the second thread
is just that it dramatically undermines trust in everything, right? You know, we already
see deep fakes, we already see misinformation, we already see all kinds of ways of making
you not believe the things that you see. And if you can't even believe,
sorry, my computer screen just disappeared.
I think it went on the screensaver.
I'm gonna pick that one up again.
This is North Korea, okay.
Yeah, I do get paranoid about these things sometimes now.
Yeah, I think there is this fundamental problem of eroding trust that you can't believe what
your eyes are seeing.
You know, we see deep fakes happening all the time.
We see misinformation.
We see all these systems working to kind of separate you from reality and try and get
you to second guess everything that you see.
And that's important.
You know, you don't want to fall for tricks but the more prevalent
they become the more difficult it is to know what's real and what's not and so if you are
you are stuck in a position where you can't be 100% sure that you know the person on your
company team phone call or zoom call who doesn't like to put their camera on and doesn't talk
very often but they do the job you know if you start to believe that that person could
be an operative of a foreign country then you know you're getting really into some wild
places in your thought process and I think that undermining of reality is kind of the biggest existential problem
here. And it's one, I don't know that there's a way to solve it, but we can all see that
how dangerous it can be to separate you from the truth.
Bobby Johnson, investigative reporter. Gabrielle Burbae produced today's show. Amina El-Sadi I'm Noelle King. It's Today Explained. you