North Korea: Operatives exploited Facebook, LinkedIn, other social media sites to get money and dodge sanctions

“Hiding behind fake profiles, a group linked to Pyongyang solicited technology work to send hard currency back home.”

An investigation by reporters at the Wall Street Journal uncovered North Korean online military operatives who used fake personas on Facebook, LinkedIn, and other social sites to generate income and evade U.S. sanctions.

Cloaking their identities, the North Koreans have been able to advertise jobs and find clients on job-search exchanges such as Upwork and Freelancer.com . They have developed software using the Microsoft-owned site Github, communicated over the Slack messaging service and asked for payments via Paypal . They have burnished their fake credentials with profiles on LinkedIn and touted fake operations with Facebook pages.

The reporters were looking into a North Korean business based in China that has been building mobile games, apps, bots and other products for clients in the U.S. and elsewhere.

The customers interviewed said they had no idea they were dealing with North Koreans.

The WSJ's investigation found that North Korean operatives exploited some of the same security weaknesses and cultural vulnerabilities that Russia successfully weaponized during the run-up to the 2016 U.S. Presidential elections.

And they'll do it again.

Excerpt from the WSJ report by Wenxin Fan, Tom Wright, and Alastair Gale:

“It never crossed my mind” that North Koreans operated an IT business online, said Donald Ward, an Australian entrepreneur, when shown that a programmer he hired to redesign a website, who he thought was Japanese, was actually part of a North Korean crew operating in northeastern China, near the city of Shenyang.

The Journal discovered the Shenyang business after reviewing computers and other devices belonging to a North Korean operative arrested in Malaysia for suspected involvement in last year’s murder of North Korean leader Kim Jong Un’s half-brother. A car that ferried the alleged killers away from the Kuala Lumpur airport was registered to the North Korean operative, according to Malaysian investigators. The operative, who denied wrongdoing, was deported.

The operative’s electronic devices showed he had communicated with the Shenyang group about money-making ventures for North Korea, using vocabulary found only in the north’s dialect of the Korean language.

For North Korea, finding new business ventures has been crucial since the United Nations last year tightened sanctions and banned the country’s coal exports in a bid to curb Pyongyang’s nuclear-weapons and missile programs. The U.S. Treasury Department warned in July that North Koreans working abroad were selling IT services and hiding behind front companies and the anonymity provided by freelancing websites. The report offered few specifics. The Treasury on Thursday sanctioned two Russian and Chinese technology firms as revenue-generating fronts for North Korea.

Read the whole story.