KnowBe4, a prominent security training firm, recently hired a fraudulent IT worker as a software engineer for its artificial intelligence (AI) team. The company discovered the deception when the new employee began using his company-issued computer for malicious purposes.
Discovery of the fake hire
The incident came to light when KnowBe4’s malware detection software identified unusual activity on the new hire’s computer. CEO Stu Sjouwerman explained that the human resource team had conducted four video interviews with the candidate. The individual in the interviews matched the photo attached to the job application. The company had also performed background checks before confirming the hire.
Once the new employee received his Mac workstation, the system began loading malware immediately. Further investigation revealed that the worker had used a stolen US ID and an AI-modified stock photo to create a fake identity.
Unmasking the deception
The company initiated a probe after the malware detection software alerted their InfoSec Security Operations Center (SOC). When confronted by the security team, the fake employee claimed he was troubleshooting his router, causing speed issues. However, his responses quickly raised suspicion. When the company attempted to contact him again, there was no response.
KnowBe4’s investigation uncovered multiple steps the new hire had taken to alter session history files, execute unauthorized software, and upload harmful files to the company network. The company shared its findings with the FBI for further investigation. The internal evaluation confirmed that the activities were deliberate.
North Korean connection
According to a report by The Register, North Korea promotes its citizens as tech workers to earn money from foreign companies. Once employed, they target systems with malware. This tactic has been well-documented, and the activities at KnowBe4 fit this pattern. The company ensured that no illegal access was gained and no data was stolen.
CEO Sjouwerman advised other firms to use monitoring devices for remote access and to consider sophisticated VPN use and conflicting personal information as warning signs. He emphasized that the real scam involves these workers performing their duties, receiving substantial pay, and channeling a significant portion of their earnings to North Korea to support illicit programs.
KnowBe4’s experience highlights the importance of vigilance and robust security measures in hiring. The company acknowledged the need for continuous monitoring and advanced security protocols to prevent such incidents. Sjouwerman stressed the importance of learning from this experience to safeguard against future threats.
KnowBe4’s encounter with a fake North Korean AI tech professional underscores the ongoing challenges in cybersecurity. The company’s swift response and cooperation with federal authorities demonstrate a commitment to maintaining security and protecting sensitive information.