Transcript of Coming soon - An “inside-out” look at North Korea’s covert IT workforce

A new breed of worker is quietly clocking in across the United States. On paper, they're the dream hire: skilled, low maintenance, always remote, and often affordable.

They were some of their best workers. It's like the perfect candidate. And we have to tell them, yeah, I know they are. They wrote it that way. It's all fake.

They're taking jobs at Fortune 500s in entertainment, ag, tech. We've even found them inside US government agencies, defense contractors. One even popped up at a nuclear utility. But strange things are happening.

The person not wanting to be on camera.

That person doesn't quite look right. There's a pause after each question. They're using some sort of chatbot to answer questions. Employers are waking up to a deeply unsettling realization. Their employee is not who they claim to be.

And they were actually good engineers. You really were hiring an engineer, and you thought you were hiring them for one thing, and you just happened to be hiring them to do something else on the side, like steal your stuff. We decided at the end of that interview, we all got together and said, "I think one of the North Koreans has interviewed for a job with us." Do you think there are big security risks with AI? So, uh—

We like our enemies simple, a hermit kingdom with questionable haircuts. But caricature has a cost. Never underestimate North Korea. Once they've decided to do something, they will figure out a way to do it. And the adversary we joke about, it's not actually the one we're up against.

Inside government, we started looking at the North Korean cyber program as the Imagineers of cyber.

We've underestimated them at every turn.

And so for years, we war-gamed in this space. What will it look like if a rogue nuclear-armed nation decides to attack the United States through cyber means? We all got it wrong, right? And no one anticipated that the first time that that would happen would be over a movie about pot-smoking journalists with Seth Rogen in it. The FBI announced today that, and we can confirm, that North Korea engaged in in this attack.

Sony was about revenge. What followed was about revenue.

It was like in a movie where you have a bank vault heist, except for there's no masks, there's no hacking into the camera, there's no getaway cars. There's just guys at keyboards, you know? And it's just amazing for a nation state to do this. We had never, up until this moment, seen a nation state steal cold hard cash from another country. Here we had a nation-state attacking the country of Bangladesh and just stealing their money. We personally kept about 15 to 25%, depending on how much we earned. We can steal money now at the speed of the internet. These are the largest bank robberies in human history. A bank robbery of $1 million in cash is still headline news. Crypto robbery of $1 million worth of some token that you've never heard of That's a Tuesday. The biggest pressure was meeting the required payment quota to superiors. If you failed to meet quotas, even sleep and rest could be restricted.

What's the current ballpark figure for how much the DPRK has stolen in cryptocurrency?

Kind of our conservative lower-bound estimate is around $5 billion, and upper-bound is around $6 billion, maybe even more than that.

These are cyber operators like none we've ever seen. With goals more suited to the Corleones than a nation-state.

So just think of them as a very rich family that is half mafia don, half Joseph Stalin. And that's their goal: survival and money. You've seen North Korea in some ways become the world's largest bank robber. This is a criminal cyber startup, and these guys are crushing it.

And now—

I remember telling people, IT workers in a room, and nobody knew what the heck I was talking about. When I talk about it now, everybody's already had an experience with it. They are going to turn that insider access into an insider threat position. So an employee can become a foothold to follow on operations. These IT workers are absolutely everywhere. Really what we have now is a worldwide chess game, and they've put all their pieces in place. Now, if push comes to shove, you have thousands and thousands of organizations at your disposal that you can start blowing up from the inside.

But to pull this off at scale requires pawns. And that, that may be their most clever move of all: convincing Americans, witting or not, to help them set the board.

Hello!