[forinti]

But are they any good? I suppose they must be, as they seem to retain their jobs, but how do they rank overall?

Also, I tend to think that maintaining these interactions going might be a way to let more information into Naughty Korea and might actually have a positive influence in the long run.

[kibwen]

The risk is not the quality of the work that the person might do. The risk is that you now have a state-controlled North Korean asset operating inside your security perimeter.

[mhurron]

A lot of these are not there to breach your data, they're there to make money and fund the DRPK.

That's why there's no one industry or types of businesses being targeted, it's anywhere they can get hired. If your a high profile target, that's a bonus not the original goal.

[kibwen]

NK is a client state of Russia and China. Their handlers are all too happy to pay for sneaking loyal dogs inside the henhouse.

[sugarpimpdorsey]

It's 2025, it's all about zero-trust now. Can't be inside the security perimeter when there is no security perimeter.

Hiring mischievous North Koreans is fully in line with your CIO's new priorities, which she heard about at a conference once.

[kibwen]

The reason that North Korea targets IT roles in particular is precisely because they're the weak link in zero-trust implementations. Someone, somewhere, has the unfettered rights to access the production database, and they're in the IT department.

[mgiampapa]

If not production, they can usually read all the backups, DR systems, logging telemetry, legal discovery systems etc...

[freedomben]

Zero trust doesn't do anything for you when you give the person a legitimate account with access, which presumably you must do for employees else they can't typically do any work

[throwaway290]

I interviewed one guy who probably was one of them and he was not a genius enough that I could ignore the aura of confusion and sus. I didn't think it was NK until way later but now it makes sense

Probably got lucky otherwise I would have no work myself because I think the client isn't that rich, they would go out of business from ransomware attack

[freedomben]

I'm pretty sure I interviewed one of these guys too. He was impressive, until you got far enough off script and started finding red flags. I realized at one point too that he was reading a lot of prepared statements (and doing so with skills a politician would envy)

[charlieyu1]

If you’re picked from the top of a country with 26 mil population you are probably good

[vinceguidry]

They're very good. They get training directly from the regime.