A North Korean imposter was uncovered, working as a sysadmin at Amazon U.S., after their keystroke input lag raised suspicions with security specialists at the online retail giant. Normally, a U.S.-based remote worker’s computer would send keystroke data within tens of milliseconds. This suspicious individual’s keyboard lag was “more than 110 milliseconds,” reports Bloomberg.
Amazon is commendably proactive in its pursuit of impostors, according to the source report. The news site talked with Amazon’s Chief Security Officer, Stephen Schmidt, about this fascinating new case of North Koreans trying to infiltrate U.S. organizations to raise hard currency for the Democratic People’s Republic of Korea (DPRK), and sometimes indulge in espionage and/or sabotage.
Sounds much better than “Amazon surveils keystrokes of its IT workers”!
How am I the first person to ask why they’re measuring the latency on everyone’s keystrokes?
Given they’ve had 1800 recent infiltration attempts, I understand their suspicion.
I’m never quite sure how to feel about this. On one hand, if the person just wants to make some money and they’re doing the job, why bother them. On the other hand though, I know that anybody who has consistent access to an internet connection in North Korea is almost certainly working for the benefit of the great leader and they aren’t actually seeing any money or benefit for themselves. I just hate that the citizens of North Korea have to suffer and be punished because of their asswipe of a leader.
I know that anybody who has consistent access to an internet connection in North Korea is almost certainly working for the benefit of the great leader and they aren’t actually seeing any money or benefit for themselves.
Eh, this doesn’t sound like the job you would give someone in a prison camp. You’re talking about people that you’re allowing to interact and work regularly with foreigners outside the country. That does not sound like the type of position you trust to a political prisoner. That sounds like a position you put someone of high trust. It’s probably a pretty cushy job as the standards of North Korea go. Sure beats scratching at dirt or working in some godawful arms factory. It’s probably the type of job you need some good family connections in the Party in order to get. Sure, the government takes all the direct monetary benefit of the work, but that is just kindof how Communist systems work. I imagine the people working those jobs have some of the highest standards of living available to people that aren’t senior party leadership.
deleted by creator
North Korea intentionally does this to get revenue for the state.
When you look at the ISS pics of NK during the night, you get a sense of how bad it is for most of the population.
Maybe they just really like the Dark Sky initiative.
It kind of amazes me they don’t have better infrastructure. It’s not like they’re shy about forced labor.
You can only do so much with forced labour. They aren’t doing their best, just “enough” to not get punished.
I’m sure plenty of them also use malicious compliance and sabotage stuff to get back at the top brass.
seeing the stars instead of light pollution doesn’t sound like a bad thing on its own
They’re also a security threat. Any opportunity to exfiltrate potentially profitable or leverageable data will be taken. I’d bet they’re used to sniff out vulnerabilities for ransomware attacks too. I definitley identify and agree with the healthy sympathy (I guess empathy if you’re in the states, our leader more than qualifies as an asswipe) for the citizens of North Korea
These people are definitely not there just to make some money. And whatever money they make will be used to prop up the genocidal regime.
I guess this is inevitable at huge companies. Nobody cares about the actual person you’re hiring, it’s just another position to fill. Of course there will be fakes of all kinds.
It’s not that, it’s that they are incredibly sophisticated in their techniques. I just had to sit through 90 minutes of training about how to spot fake applicants.
I don’t get why companies can’t solve this problem entirely by just flying out applicants for in-person interviews towards the end of the hiring process. Or hell, maybe only even ask the candidate to fly out for a visit after they’ve already accepted the job offer. Just one minimal and relatively cheap step to confirm the remote worker you’re hiring is who they claim to be. For the cost of a flight, a night or two in a hotel, and some meal vouchers, you can verify someone’s identity. Sure, maybe not for freelance work. But for any well paid technical field? This is a trivial expense.
I wonder how much it would cost to hire an actor for that. You know they would find ways around them.
So what did you learn?
Yeah capitalism says: but cheaper worker ok
This is not some kind of facewashing?
No
What is facewashing?
When you lick your paw and then you rub it on your face.
You should try it sometime.
Oh, I’ve seen our sysadmins do that …
It is about the only way we have enough time to wash ourselves.
deleted by creator
deleted by creator
Isn’t this an example of them taking it pretty seriously?
Right? I never heard of tracking employee’s keystroke latency before. Pretty genius.
How do they even?? They can’t know the difference in time between the humans key input and the computer’s receipt of it, since they can’t possibly know the exact millisecond the human input was made…?
The reported article really sounds like a misreading of a more technical document
If you’re on an ssh connection to a server, they can probably track the keystroke latency and average out over time. All network packets have timestamps, so you can know the latency of each one. If it’s consistently high, that’s unlikely to be a fluke or temporary network slowness.
Tcp/ip packets don’t have timestamps. They wouldn’t be reliable even if they did. And they certainly wouldn’t be “millisecond accurate”.
But apparently they remotely used a laptop located in the US, so from there it should’ve been fine, no? Unless it was simply used as a proxy.
Vdi tracks round trip latency but 100ms isn’t that far.
I bet they didn’t use keystroke latency but that’s what they said they used. They probably used drone reconnaissance.
Yeah 100ms is like coast-to-coast US
Light in fiberoptic travels at about 0.66c, or about 124,000 mi/sec. Data on copper actually has an advantage here, travelling at 0.99c, but it’s not sustainable for long distance.
100ms being 1/10th of a second would be 12,400 miles.
The earth is about 24,000 miles at the equator.
At most, 100ms one-diredtional would be literally halfway around the world.
Of course, I have 60ms packet latency to my office 45 miles away as the crow flies. So maybe packet latency isn’t the best way to tell.
Cool.
They had the drone follow the fibre cable all the way to NK
Average response from entering a line and starting the next. There’s a delay while the information is sent, and before they start typing the next line.
Hopefully someone can share the original paywalled Bloomberg article, maybe it goes into more detail
Reader mode worked for me: https://www.bloomberg.com/news/newsletters/2025-12-17/amazon-caught-north-korean-it-worker-by-tracing-keystroke-data
But if you need the archive link: https://archive.ph/p4AcP
It’s actually common for micromanaging to have software that tracks this. I believe Microsoft Teams has something similar managers can use to track “productivity”. Someone probably just compiled all of it and clicked sort, then saw some Asian name at the top and that’s what raised the red flag.
