Amazon has uncovered a North Korean imposter posing as a U.S.-based systems administrator.
The discovery was made not through traditional background checks but by analyzing the subtle timing of the worker’s typing.
According to a report from Bloomberg, Amazon security specialists flagged the employee due to suspicious “keystroke input lag.”
For a genuine remote worker in the U.S., data from typing usually reaches the company’s network within tens of milliseconds.
However, this particular individual’s connection showed a delay of more than 110 milliseconds.
This discrepancy triggered a deeper investigation. Amazon’s security team determined that the “U.S. remote worker’s” laptop was actually being controlled remotely from another location.
The computer itself was physically located in Arizona to appear legitimate, but the person operating it was halfway across the world.
How the Scam Works
According to Tomshardware, Amazon Chief Security Officer Stephen Schmidt revealed that this is far from an isolated incident.
Since April 2024, the tech giant has thwarted over 1,800 infiltration attempts by North Korean IT workers.
The frequency of these attacks is accelerating, with Amazon recording a 27% quarter-over-quarter increase in attempts to breach its corporate ranks.
“If we hadn’t been looking for the DPRK workers, we would not have found them,” Schmidt stated, emphasizing that proactive hunting is essential to catching these impostors.
These schemes often involve “laptop farms” hosted within the United States.
In this specific case, a woman in Arizona was found to be facilitating the fraud by hosting the hardware that allowed North Korean actors to route their traffic through a U.S. IP address. She was sentenced to prison earlier this year.
The goal of these infiltrations is typically twofold: to generate revenue for the North Korean regime (DPRK) and to potentially conduct espionage or sabotage.
While advanced telemetry, such as keystroke tracking, was key to this catch, Schmidt noted other “low-tech” red flags that companies should monitor.
These include the clumsy use of American idioms or incorrect usage of English articles during conversation.
As this case demonstrates, however, robust security software and active monitoring remain the most effective defense against state-sponsored corporate infiltration.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.