The FBI's St. Louis office announced Wednesday that it seized 17 website domains and $1.5 million in funding that North Korea has used to evade sanctions and produce ballistic missiles and weapons of mass destruction.
The agency said at a press conference Wednesday that North Korea used IT workers by hiding their identities and having U.S. companies unknowingly hire them. Workers stole those companies’ intellectual property, data and money to use toward weapons in North Korea.
St. Louis Special Agent in Charge Jay Greenberg said there have been victims in St. Louis, but officials declined to provide more details. According to the FBI, companies in St. Louis unwittingly contributed hundreds of thousands of dollars to North Korea’s nuclear weapons program.
Greenberg said once foreign IT workers have access to domains, an “insider threat” is posed.
“If it seems too good to be true that you’re being paid by someone you don’t know for access to use your technology, then it probably is,” Greenberg said.
FBI leaders said schemers use facilitators — most of whom are located in China and some in North Korea — who either unwittingly or wittingly facilitate who they allow on their internet databases.
Schemers also impersonate people by using their addresses and other identifiable information. Red flags in hiring can include a person being unwilling to appear on camera for video interviews or video meetings and undue concern about meeting in person or completing a drug test, the FBI reports.
FBI leaders encouraged companies to be careful about whom they hire and allow to access their IT systems.
Scott Baucum is a vice president for Bayer, which was not a victim of the scam. But he said the FBI warnings did help identify potential problems and report them.
“I would recommend that any company that's out there receiving these [warnings] read these timely, take them seriously and then follow through in your own organization in your own specific ways,” Baucum said.
How can companies protect themselves?
The FBI suggests employers:
• Request documentation of background checks or conduct their own background checks for IT workers.
• Do not accept background check documentation provided by untrusted or unknown authorities.
• Verify that the check and routing number match an actual bank and do not belong to a money service business.
• Request voided checks or certified documentation from their financial institution.
• Prevent remote desktop protocol from being used on all company devices and don’t allow use of remote desktop apps for work.