Beware of Imposters

Beware of Imposters

December 13, 2023

Supply chain security is a top priority, always at the front of our operational mindset to maintain industry excellence. We strive to support and enable our suppliers because your company’s security is our security. The purpose of this article is to raise awareness of a security issue that can impact all of us but is more likely to impact companies that outsource labor to freelance contractors.

Remote job opportunities and subcontracting labor can create unique security vulnerabilities for companies, particularly related to employee background investigations and verification. In many cases, companies have agreements in place that define items including but not limited to, contractor screening processes that define basic qualifications like citizenship, eligibility to work, background checks, criminal records, drug screening and requirements for on-site versus remote work. However, these requirements and the process to verify them may vary and gaps in the process or the method in which the checks are done can be exploited.

In one reported incident a supplier’s candidate was interviewed for a remote position, hired, and on their first day of work they accidentally turned on their computer camera. The hiring manager saw the person and believed the person was not the candidate they interviewed. The risk of this occurring has increased due to an increase in remote job opportunities. For remote jobs, a candidate may never meet their manager or team members in person, or even see them on camera.

This vulnerability represents a significant risk if successfully exploited by foreign adversaries. Even if the activity is not a foreign adversary and is instead fraudulent activity, it can still negatively impact industry. The attached government advisory below highlights how North Korean actors have performed similar activities.

What is the U.S. Government Saying?
In July 2023, the Health Sector Cybersecurity Coordination Center (HC3) published an Analyst Note about security professionals and institution leaders increasingly facing fraud from misrepresentation of identity.

In May 2022, the U.S. Department of State, Department of Treasury and the Federal Bureau of Investigation issued an advisory to warn of attempts by the Deocratic People's Republic of Korea (i.e. North Korea) to dispatch highly skilled Information Technology (IT) workers who attempt to obtain employment while posing as non-North Korean nationals for the purpose of generating revenue that contributes to North Korea’s weapons of mass destruction and ballistic missile programs in violation of U.S. and UN sanctions.  

These North Korean IT workers have also used privileged access gained as contractors to enable malicious cyber intrusions. Some have provided logistical support to their malicious cyber actors, although they are unlikely to be involved in malicious cyber activities themselves. These workers may share access to virtual infrastructure, facilitate sales of data stolen by their cyber actors or assist with money-laundering and virtual currency transfers.

Recent Open-Source Information

  1. Risk of inadvertently hiring IT workers from North Korea. (Source)
  2. Individual who was hired was not the person who showed up to work. (Source)
  3. Misrepresentation during the hiring process. (Source)
  4. The Federal Trade Commission reported an increase in financial scams, consumer fraud reports and identity theft reports (Source 1, Source 2)

Additionally, there may be instances where workers are subjected to forced labor.

What Protection Measures Can be Implemented?
Companies that directly hire employees and have robust and effective verification and background investigation procedures throughout the hiring process may be less likely to be impacted.

  1. Contractor screening process: Create or review your company’s interview, verification and background policies and procedures to ensure they are well-defined, minimize or eliminate the vulnerabilities described and are followed. In addition, ensure similar requirements are required of subcontractors.
  2. Awareness Training: Train your Human Resources teams and hiring managers to be aware of these risks and how to contact security if they have concerns. This may be included in a standard security training curriculum for all employees.
  3. Routine Audits: Develop regular audits to verify the effectiveness of employee awareness and new-hire screening processes.
  4. Identity Management: Implement the remote identity management practices defined in the aforementioned HC3 Analyst Note.
  5. Information Sharing: Maintain awareness of supply chain security trends by participating in industry and government liaison programs and contact your prime contractor if you have any concerns with which you may need assistance.