A North Korean imposter was uncovered, working as a sysadmin at Amazon U.S., after their keystroke input lag raised suspicions with security specialists at the online retail giant. Normally, a U.S.-based remote worker’s computer would send keystroke data within tens of milliseconds. This suspicious individual’s keyboard lag was “more than 110 milliseconds,” reports Bloomberg.
Amazon is commendably proactive in its pursuit of impostors, according to the source report. The news site talked with Amazon’s Chief Security Officer, Stephen Schmidt, about this fascinating new case of North Koreans trying to infiltrate U.S. organizations to raise hard currency for the Democratic People’s Republic of Korea (DPRK), and sometimes indulge in espionage and/or sabotage.
weasel language. the “infiltrators” are literally working a job for them.
Sounds much better than “Amazon surveils keystrokes of its IT workers”!
This was also my takeaway. Sounds like a security nightmare if they are logging any data.
How am I the first person to ask why they’re measuring the latency on everyone’s keystrokes?
Literally, catching North Koreans might have been the idea. It’s become a big issue.
Probably one of the less shocking things they track.
I’m never quite sure how to feel about this. On one hand, if the person just wants to make some money and they’re doing the job, why bother them. On the other hand though, I know that anybody who has consistent access to an internet connection in North Korea is almost certainly working for the benefit of the great leader and they aren’t actually seeing any money or benefit for themselves. I just hate that the citizens of North Korea have to suffer and be punished because of their asswipe of a leader.
I just hate that the citizens of North Korea have to suffer and be punished
Then you surely condemn the global sanctions on North Korean economy? Especially given the recent study showing how US+EU sanctions murder half a million people yearly since over 50 years ago.
When you look at the ISS pics of NK during the night, you get a sense of how bad it is for most of the population.
Maybe they just really like the Dark Sky initiative.
An entire country of astronomy nerds sounds like a tourist destination to me!
It kind of amazes me they don’t have better infrastructure. It’s not like they’re shy about forced labor.
You can only do so much with forced labour. They aren’t doing their best, just “enough” to not get punished.
I’m sure plenty of them also use malicious compliance and sabotage stuff to get back at the top brass.
seeing the stars instead of light pollution doesn’t sound like a bad thing on its own
I know that anybody who has consistent access to an internet connection in North Korea is almost certainly working for the benefit of the great leader and they aren’t actually seeing any money or benefit for themselves.
Eh, this doesn’t sound like the job you would give someone in a prison camp. You’re talking about people that you’re allowing to interact and work regularly with foreigners outside the country. That does not sound like the type of position you trust to a political prisoner. That sounds like a position you put someone of high trust. It’s probably a pretty cushy job as the standards of North Korea go. Sure beats scratching at dirt or working in some godawful arms factory. It’s probably the type of job you need some good family connections in the Party in order to get. Sure, the government takes all the direct monetary benefit of the work, but that is just kindof how Communist systems work. I imagine the people working those jobs have some of the highest standards of living available to people that aren’t senior party leadership.
deleted by creator
North Korea intentionally does this to get revenue for the state.
They’re also a security threat. Any opportunity to exfiltrate potentially profitable or leverageable data will be taken. I’d bet they’re used to sniff out vulnerabilities for ransomware attacks too. I definitley identify and agree with the healthy sympathy (I guess empathy if you’re in the states, our leader more than qualifies as an asswipe) for the citizens of North Korea
They’re also a security threat. Any opportunity to exfiltrate potentially profitable or leverageable data will be taken
But thats good, the USA is carrying out genocide in Palestine and is about to invade Venezuela. And Amazon is no saint either.
The US is enabling and providing political cover for the Palestinian genocide, Israel is carrying it out. I don’t think an invasion of Venezuela is imminent, just the same kind of underhanded manipulation and isolation that has been done to Cuba for the past half century. Agreed Amazon sucks.
None of that changes the fact that only thing that these North Korean tech workers do is help Kim fund his military projects and his Bourgeoisie lifestyle
These people are definitely not there just to make some money. And whatever money they make will be used to prop up the genocidal regime.
Are you talking about the USA Amazon workers propping up the USA genocidal regime, as seen in Palestine? Because, AFAIK, there’s no genocide going on as a consequence of North Korea. Care to elaborate?
I’d say locking up a substantial part of your population, including their families in murderous gulags amounts to genocide. Oh, and did anybody say Arduous March?
I’d say locking up a substantial part of your population
US has highest prison population in the world, 1 in 5 black men go through the prison system. Is that genocide?
including their families
This is fox news propaganda, similar level to “weapons of mass destruction in Iraq”
gulags
Gulags are just prisons. GULAG is the acronym of the penitentiary system of the USSR.
I guess this is inevitable at huge companies. Nobody cares about the actual person you’re hiring, it’s just another position to fill. Of course there will be fakes of all kinds.
It’s not that, it’s that they are incredibly sophisticated in their techniques. I just had to sit through 90 minutes of training about how to spot fake applicants.
I don’t get why companies can’t solve this problem entirely by just flying out applicants for in-person interviews towards the end of the hiring process. Or hell, maybe only even ask the candidate to fly out for a visit after they’ve already accepted the job offer. Just one minimal and relatively cheap step to confirm the remote worker you’re hiring is who they claim to be. For the cost of a flight, a night or two in a hotel, and some meal vouchers, you can verify someone’s identity. Sure, maybe not for freelance work. But for any well paid technical field? This is a trivial expense.
It not practical at a remote first company to fly people out to where we happen to have offices when they could be working from anywhere.
It’s cheap-ish for a flight, but at scale, the starts to become an expensive hiring pipeline.
I wonder how much it would cost to hire an actor for that. You know they would find ways around them.
So what did you learn?
It’s more a list of warnings signs.
- blurred/virtual background (we make them turn it off during interviewing)
- refusal to do gestures or follow specific instructions (wave your hand in front of your face)
- not familiar with local knowledge like weather
- appearing to read from the screen or phone
There’s more than that, but those are the highlights.
Yeah capitalism says: but cheaper worker ok
This is not some kind of facewashing?
No
What is facewashing?
When you lick your paw and then you rub it on your face.
You should try it sometime.
Oh, I’ve seen our sysadmins do that …
It is about the only way we have enough time to wash ourselves.
deleted by creator
deleted by creator
Isn’t this an example of them taking it pretty seriously?
Right? I never heard of tracking employee’s keystroke latency before. Pretty genius.
How do they even?? They can’t know the difference in time between the humans key input and the computer’s receipt of it, since they can’t possibly know the exact millisecond the human input was made…?
The reported article really sounds like a misreading of a more technical document
If you’re on an ssh connection to a server, they can probably track the keystroke latency and average out over time. All network packets have timestamps, so you can know the latency of each one. If it’s consistently high, that’s unlikely to be a fluke or temporary network slowness.
Tcp/ip packets don’t have timestamps. They wouldn’t be reliable even if they did. And they certainly wouldn’t be “millisecond accurate”.
But apparently they remotely used a laptop located in the US, so from there it should’ve been fine, no? Unless it was simply used as a proxy.
Vdi tracks round trip latency but 100ms isn’t that far.
I bet they didn’t use keystroke latency but that’s what they said they used. They probably used drone reconnaissance.
Yeah 100ms is like coast-to-coast US
Light in fiberoptic travels at about 0.66c, or about 124,000 mi/sec. Data on copper actually has an advantage here, travelling at 0.99c, but it’s not sustainable for long distance.
100ms being 1/10th of a second would be 12,400 miles.
The earth is about 24,000 miles at the equator.
At most, 100ms one-diredtional would be literally halfway around the world.
Of course, I have 60ms packet latency to my office 45 miles away as the crow flies. So maybe packet latency isn’t the best way to tell.
Cool.
They had the drone follow the fibre cable all the way to NK
Average response from entering a line and starting the next. There’s a delay while the information is sent, and before they start typing the next line.
Hopefully someone can share the original paywalled Bloomberg article, maybe it goes into more detail
Reader mode worked for me: https://www.bloomberg.com/news/newsletters/2025-12-17/amazon-caught-north-korean-it-worker-by-tracing-keystroke-data
But if you need the archive link: https://archive.ph/p4AcP
It’s actually common for micromanaging to have software that tracks this. I believe Microsoft Teams has something similar managers can use to track “productivity”. Someone probably just compiled all of it and clicked sort, then saw some Asian name at the top and that’s what raised the red flag.
