[the_af]

Why would this work? Spies are trained to behave like the host country would expect, why wouldn't hackers?

If hackers have access to the outside world (something they would need to be effective), they'd know the world thinks Kim is fat.

"He's very fat, haha!", end of story.

Edit: wait, or better yet: "how on earth would I know, and why are you asking this in a job interview? Is this because I'm Korean? I'd like to file a complaint with HR, what was your name again?"

[danielvf]

These aren't spies first. They are often children of well to do, high loyalty group North Koreans. It's just a privileged job.

The skill and IQ level varies widely, from super smart to super unskilled. And these roughly get sorted out into different groups with different MO's. North Koreans aren't some uniformly skilled group. You could be targeted by a team of world class bytecode exploit geniuses who rehearses every move, or by the equivalent of Milton from Office Space.

Dissing Kim is something that is not currently widely permitted in NK. Just isn't worth personally.

Not saying no one from NK never will, but so far almost everyone will immediately stop the conversation at this point. There are plenty of crypto people who have monthly or weekly encounters with NK job applicants.

[the_af]

I find this answer highly implausible, not the least because maintaining cover doesn't count as dissing ("I infiltrated the org by telling them the lies they wanted to hear" is hacking 101). Also, North Koreans aren't dumb.

I find some people's attitude to NK hackers slightly schizophrenic: either they are a credible threat or they are amateurs. Which one is it?

> Dissing Kim is something that is not currently widely permitted in NK

This wouldn't be "widely", this would be a specific interaction with a hostile foreigner for the purpose of infiltrating them. It's not the same as being allowed to say this to fellow North Koreans.

> Not saying no one from NK never will, but so far almost everyone will immediately stop the conversation at this point.

Legitimate candidates would at this point too, so as a tactic this is useless.

[sorcerer-mar]

> I find some people's attitude to NK hackers slightly schizophrenic: either they are a credible threat or they are amateurs. Which one is it?

I have no clue whether the proposed approach works, but there's a pretty coherent model that explains how it could, no schizophrenia needed: They are competent people in a cult.

Being unable/unwilling to diss Dear Leader even when it's advantageous to do so is very typical cult stuff. In fact, it's sort of why cults are dangerous. They compel people to do maladaptive things in service of the "ideals" of the group/leader.

This applies both to the spy directly (perhaps they would personally be unwilling to say such a thing), but also to their entire chain of command. Cults by their nature are not good at passing nuanced instruction like "you can say bad things about Dear Leader under these circumstances." Just because you're willing to diss KJU to get in the door doesn't mean you know your entire chain of superiors are cool with it.

[the_af]

So you're saying NK agents are completely different to, say, Soviet era agents, who could and would say anything as long as it furthered their mission?

Ok, fair enough. In common perception of NK, they do seem bizarre, not like the Soviets during the Cold War.

I think it's unwise to dismiss them as lunatics incapable of deceit. If I were a NK agent, I'd work towards this notion, "NK are incapable of lying if it would diss their leader, that's how we get them!". In fact, I would spread this notion in Reddit, like the OP mentioned.

By the way, this still leaves the easy way out of "why are you asking about Kim Jong Un in a job interview, is it because I'm Korean? I'd like to speak to your HR department please".

[jowea]

I'm just guessing but comparing the NK hacker to a late Cold War era Soviet professional spy is the wrong comparison. Maybe the closer comparison is asking a Soviet party member belonging to the professional middle class with a bit of spy training during the Great Purges to talk negatively about Stalin out of the blue.

[sorcerer-mar]

Yeah I never got the impression that Soviets were as successfully isolated from the world as North Koreans are. But I’m not an expert on the matter!

I mean, I totally agree that this should not be relayed as a working method to identify spies haha. Just that it’s not beyond believability it’d work in some circumstances.

[danielvf]

I am saying they are both a credible threat and many are amateurs. Those are not mutually exclusive.

You are talking about North Korea attackers from a theoretical point of view. For many people dealing with them is just a normal part of work. It's not an unknown that needs to be worked out logically from an armchair.

I'm saying this as someone who personally chatted with a North Korea persona that later tried to drop exploits on people, and the persona belonged to hacking group with at least one 50 million dollar heist. I've also seen the screenshots on many chats with North Koreans.

[the_af]

I don't consider screenshots evidence of anything, so I'll completely disregard that bit.

I'm curious about your personal experience though. Did you try this tactic, and did it work? And how sure are you these weren't random hackers or trolls, but actual NK agents?

> many are amateurs

So basically this would only get rid of the amateurs, low hanging fruit that would have been caught soon enough anyway, and do a "natural selection" of only the non-stupid NK hackers to infiltrate your org?

[danielvf]

> And how sure are you these weren't random hackers or trolls, but actual NK agents?

"Agents" is way too big of a word. Just cogs in a corporate theft machine.

There's a lot of reasons I'm sure, but the biggest is because before a hack they asked for help doing something simple with a crypto address that was later used to test run the 50 million dollar theft that was North Korea. And also trying to drop North Korean linked malware is another data point.

This also hits my point about both dangerous and amateurs. They pulled off pretty sophisticated heist but, had to ask for help, asked for help using a crypto address tied to the theft, and blew the cover on an identity they had been building up for a year.

Here's a twitter thread I put together of both my conversation and others with this particular account:

https://x.com/danielvf/status/1905642180749775189

[the_af]

Thanks for the reply, I'll take a look!

Do you think asking them to say something offensive about Kim Jong Un would have outed them?

[smallnix]

Not sure some rank and file 50ct army "hacker" wants to take the risk to insult their god-dictator.

[the_af]

If he's acting under NK command, this wouldn't be insulting, it's just doing a hacker's work.

Besides, you cannot have it both ways: either North Korean hackers are a "50ct army" or they are a credible threat. Most seem to be arguing they are a credible threat.

Also, he can always take the second option: "why are you asking about this in a job interview?", something many legitimate Korean candidates could ask.

[smallnix]

> If he's acting under NK command, this wouldn't be insulting, it's just doing a hacker's work.

I understand where you are coming from, I wanted to express my idea that their person cult shaped culture might be so alien to us, that what seems obvious to us, might be a non-option to them. At least at the level where I imagine such operators.

> you cannot have it both ways: either North Korean hackers are a "50ct army" or they are a credible threat

I assume the people performing the en-masse long term infiltration are not the same with technical skills who the execute technical attacks.