In an era where remote work is the norm, it can be hard to know for sure who is on the other side of a computer screen. This fear was proven by the retail giant Amazon, which recently discovered that one of its “American” tech workers was actually a North Korean impostor. Surprisingly, the person wasn’t caught through a standard background check, but because their keyboard was just a tiny bit too slow.
The Mystery of the Lagging Keyboard
It all started when security specialists at Amazon noticed something odd about a new system administrator’s computer activity. In the tech world, when you press a key on a laptop, that signal travels to the company’s network almost instantly. For a genuine worker based in the United States, this usually takes only a few milliseconds, which are just tiny fractions of a second.
However, Amazon’s Chief Security Officer, Stephen Schmidt, found that the company’s monitoring tools flagged a delay of more than 110 milliseconds. While that is a blink of an eye to us, it was a major red flag for their security software.
According to Bloomberg’s report, further investigation revealed that the laptop was physically sitting in an Arizona home to look legitimate, but it was being controlled remotely from halfway across the world. As we know it, this extra distance is what caused the “lag” that gave the game away.
A Growing Problem for Big Tech
This is not just a one-off event. Schmidt shared that since April 2024, Amazon has stopped more than 1,800 similar hiring attempts, and that these attempts are increasing rapidly, with a 27% jump in just the last few months.
Further probing by the US Department of Justice revealed that these workers often use laptop farms to hide their location. In this specific case, an Arizona woman named Christina Marie Chapman was found to be hosting the hardware.
Hackread.com earlier reported that Chapman managed over 90 laptops in her home to help North Korean agents appear as if they were working from the US. She was sentenced to eight and a half years in prison this past July for her role in the $17 million fraud scheme.
Spotting the Signs
Schmidt noted that catching these impostors requires looking for very specific clues. Besides technical lag, there are “low-tech” signs to watch for. For example, the intruders often fumble when using American idioms or struggle with the correct use of English articles like “a” and “the” during conversations.
The goal of these intrusions is usually to earn money for the North Korean government’s weapons programs. Schmidt warned that if the company hadn’t been actively hunting for these fake employees, they never would have found them. Nevertheless, hiring teams should review employee onboarding processes, especially for remote hires, and educate staff about these types of social engineering attacks.