North Korean infiltrator caught working in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location

Submitted ⁨⁨2⁩ ⁨months⁩ ago⁩ by ⁨sqgl@sh.itjust.works⁩ to ⁨technology@lemmy.world⁩

https://www.tomshardware.com/tech-industry/cyber-security/north-korean-infiltrator-caught-working-in-amazon-it-department-thanks-to-lag-110ms-keystroke-input-raises-red-flags-over-true-location

archive.is/sfYWG

source

Comments

Sort:hotnew top

SomeRandomNoob@discuss.tchncs.de ⁨2⁩ ⁨months⁩ ago
To me that means Amazon can and will monitor every keystroke of every employee.

source
- Templar238@lemmy.zip ⁨2⁩ ⁨months⁩ ago
  Worked at Google and can confirm if you typed your password into a non org website you were flagged and asked to reset your PW. The problem is some of the training websites Google used and were Google branded were apparently non org websites. But it shows they are looking for “certain key strokes”
  
  source
  - fonix232@fedia.io ⁨2⁩ ⁨months⁩ ago
    My employer does the same over a proxy. Luckily it can't breach HTTPS, but it was annoying to set all my APs and router and switches and other network nodes to HTTPS just because the damn thing would block the site the moment I sent my password in cleartext to a local device...
    
    source
    -> View More Comments
- Leather@lemmy.world ⁨2⁩ ⁨months⁩ ago
  This is the real story.
  
  source
- Bahnd@lemmy.world ⁨2⁩ ⁨months⁩ ago
  Yep, thats corporate monitoring software for you. Everyones got it, if you dont see it, assume its there. If the PC is not yours and or built with your own hands, assume its bugged or key logged. This goes for school PCs as well for the youngins, this is not to make people paranoid, just manage expectations on privacy. If you didnt make it, assume its recorded.
  
  source
- Quexotic@infosec.pub ⁨2⁩ ⁨months⁩ ago
  I mean, more like does and has been, but I guess that’s just semantics. Evil gon be evil.
  
  source
- sqgl@sh.itjust.works ⁨2⁩ ⁨months⁩ ago
  It wasn’t the lag from the employee’s computer to Amazon which was being monitored.
  
  It was the lag from the hacker to the employee. Amazon could not have monitored the hacker’s computer.
  
  source
- yggstyle@lemmy.world ⁨2⁩ ⁨months⁩ ago
  Sorta like north korea then. Understandable why they got the job… Must have felt like home.
  
  source
sqgl@sh.itjust.works ⁨2⁩ ⁨months⁩ ago
How did Amazon know the lag?

source
- credo@lemmy.world ⁨2⁩ ⁨months⁩ ago
  Probably a remote kvm system with QOS monitoring. Many secure systems won’t let you connect directly to sensitive resources from your personal workstation.
  
  source
  - sqgl@sh.itjust.works ⁨2⁩ ⁨months⁩ ago
    So they cannot simply use a generic remote desktop? The infiltrator has to use some Amazon remote desktop software?
    
    source
    -> View More Comments
- ShellMonkey@piefed.socdojo.com ⁨2⁩ ⁨months⁩ ago
  This is a company that's been reported to use the dwell time of you mouse over a product as a potential indicator of interest. Something like a Citrix remote desktop is extremely chatty trying to keep the origin and server in sync with every move of a mouse or keystroke. If the ACKs from the origin confirming the receipt of screen change data took an abnormally long time it could show in system performance metrics pretty easily.
  
  source
  - MonkderVierte@lemmy.zip ⁨2⁩ ⁨months⁩ ago
    
    to use the dwell time of you mouse over a product as a potential indicator of interest
    
    That’s common internet marketing practice and the main reason to use an adblocker.
    
    But didn’t they start to eye-track their drivers? Stuff like that.
    
    source
vk6flab@lemmy.radio ⁨2⁩ ⁨months⁩ ago
And now you know why you should encrypt your data on any cloud provider.

source
- Saapas@piefed.zip ⁨2⁩ ⁨months⁩ ago
  To save it from North Koreans?
  
  source
  - vk6flab@lemmy.radio ⁨2⁩ ⁨months⁩ ago
    … and anyone else who should not have access to your data.
    
    source
    -> View More Comments
plz1@lemmy.world ⁨2⁩ ⁨months⁩ ago
I’m kind of surprised the latency was that low. Unless the NK “employee” was spoofing being in SK or something.

source
- W3dd1e@lemmy.zip ⁨2⁩ ⁨months⁩ ago
  The article says he was remotely controlling a company laptop located in Arizona. A woman located in AZ was facilitating the NK workers, but she was recently charged with the fraud.
  
  source
- dan@upvote.au ⁨2⁩ ⁨months⁩ ago
  Hong Kong to Los Angeles is around 70ms latency (140ms round trip) so I’m not too surprised.
  
  source
- goatinspace@feddit.org ⁨2⁩ ⁨months⁩ ago
  How was he hired 🤯 ? It’s a skill
  
  source
  - atrielienz@lemmy.world ⁨2⁩ ⁨months⁩ ago
    There was a scam going where they would offer for someone to apply for a role and use that good candidates clean information to get it v they would do the work and split the pay with the person who’s info they used.
    
    In exchange that person would get “job experience”, the perks of WFH, and the ability to hold down more than one of these figurehead jobs simultaneously.
    
    source
    -> View More Comments
  - RedGreenBlue@lemmy.zip ⁨2⁩ ⁨months⁩ ago
    Probably worked for next to no pay.
    
    source
MonkderVierte@lemmy.zip ⁨2⁩ ⁨months⁩ ago
[deleted]
source
- GaMEChld@lemmy.world ⁨2⁩ ⁨months⁩ ago
  I have no idea what that means.
  
  source
muusemuuse@sh.itjust.works ⁨2⁩ ⁨months⁩ ago
Let’s see if Amazon gets trump to yell at Un.

source