The Remote Worker Who Turned Out to be North Korean: Lessons from DOJ Case 25-CR-20021

Not subtle at all. Not even trying. Seoul, South Korea, 22 August 2023. Source: Chung Sung-Jun / Getty

A fascinating case landed on my desk this week – a DOJ indictment that reads like a “what not to do” guide in operational security. North Korean IT workers, supposedly masters of hacking (thanks Russia), managed to steal nearly a million dollars through remote work fraud while breaking almost every rule of covert operations.

DPRK IT workers were aided in this fraud by both U.S. and foreign facilitators… These U.S.-based enablers provided a U.S. address for victim companies to send laptop computers and other devices…

“A U.S. address” it says. Let’s talk about hubris.

The operators ran multiple corporate infiltration schemes through a residential address in New York. Imagine running a nation-state operation and deciding to create one giant flashing neon sign above your physical single point of failure. This isn’t just bad tradecraft – it’s the kind of mistake that makes you question everything you think you know about DPRK tunneling maps.

The money flows were equally amateur hour stuff. They channeled $677,440 through a single Chinese bank account. One account. For perspective, even standard money laundering operations typically split flows across dozens of accounts. This wasn’t sophistication – this was counting on no one paying attention.

And here’s where it gets more fascinating: lazy remote work patterns. Anyone who’s managed remote teams knows the chaos of real remote work. People log in from coffee shops, airports, their kid’s soccer practice (hello Wiz staff, I see you on those Virginia country club tennis courts). There’s a natural entropy to human movement. These North Korean elite IT operatives? Static locations. Rigid patterns. It’s like they were trying to create the most obvious automated behavior signature possible.

The tooling choices then read like a “most obvious remote access tools” list – Anydesk and TeamViewer installed immediately after device receipt like a “yoo hoo over here” move. No attempt to mimic natural software deployment patterns or vary toolkits for obscuring plausible indicators of compromise. They might as well have named their front companies “This is Definitely Not North Korea LLC” – though Taggcar Inc. and Vali Tech Inc. weren’t much better. Taggcar? Was that someone trying to transliterate 탁차 (takcha)?

What keeps me up at night isn’t the sophistication, given it wasn’t sophisticated, it’s how long it ran despite being about as subtle as a disco ball at a funeral. The operators moved $866,255 through this scheme not because they were hot shots, but because IT isn’t regulated enough with basic quality controls, meaning Americans are often allowed to have gaping holes in obvious places.

Think about it: simple shipping address correlation would have caught this. Simple location variance monitoring would have spotted the automated patterns. Simple contractor vetting would have raised red flags. We’re not talking about advanced AI-powered detection systems – we’re talking about the security equivalent of people doing the job of paying attention, seeing if someone’s wearing a name tag that says “HELLO I AM [PRAWO JAZDY].”

If you don’t know the Prawo Jazdy story, well have I got 2009 fraud news for you!

The real lesson here isn’t about super scary hacker North Korean tradecraft. It’s about our willful blind spots in the age of lowered integrity. We pour money into flashy systems that sell us on detection of sophisticated zero-day exploits but somehow miss dozens of corporate devices being shipped into the same residential address. We’re looking for a microsecond of advanced persistent threats while missing persistent amateur hour.

Here’s the final rub: the operation was vulnerable to a single knock-knock joke. One physical location. It’s the police, that’s who. All their operational security reduced to hoping no one would notice steady streams of corporate laptops arriving at a New York address. This is the hubris that happens when basic controls are so lacking that sophistication becomes unnecessary.

In the end, this case serves as a reminder that sometimes the biggest threats aren’t the most interesting ones. Sometimes they’re just the ones willing to walk through the front door we left wide open, a single guy awkwardly carrying dozens of laptops with TeamViewer already in an install queue.

And if you think these North Koreans are being Captain Obvious about being a threat to America, don’t get me started on the South Africans painting giant swastikas on everything.

The next time someone tells you about spooky scary politically-motivated threats from wealthy elites, remember this case. Sometimes the call is coming from inside the house – specifically, from a house in New York with a suspiciously large collection of corporate laptops. This type of fraud is easily preventable with basic controls:

  • Track shipping addresses for corporate devices and do a little satellite checking
  • Monitor for natural location variance in remote work patterns (e.g. encourage rather than restrict workers moving around their neighborhood and with family routines)
  • Implement basic contractor vetting beyond paper verification
  • Watch for systematic rather than human-pattern remote access (e.g. late night IP packets used to be an anomaly that set off alerts, now it might be a reassurance to reset a clock)
  • Cross-reference contractor details across business units

The DOJ says at least 64 American organizations were caught up in the North Korean infiltration including a financial institution and Bay Area tech firms, from April 2018 [pre-COVID!] through August 2024. In the end, this case demonstrates a need for some basic due diligence in our lives.

Reference: United States v. Jin Sung-Il et al.

$100K Scam Angers Tesla Owners: Yet Another Cybertruck Totaled in Minor Crash

The poor, poor souls who fall victim to the advance fee fraud (AFF) known as Tesla regularly show up in social media very angry they didn’t realize the scam sooner.

Advance fee fraud is when [Elon Musk] targets victims to make advance or upfront payments for goods, services and/or financial gains that do not materialize

As an expert in decoding “African” email scams, often known as 419 email, I can say that Tesla ranks as the worst of them all by racking up unprecedented economic damage. Insurance companies signal this truth by immediately valuing a Tesla at less than half its asking price – totaling vehicles at the mere sight of a scratch.

One brave soul recently shared their complete fraud victim story, detailing how they fell into the trap of artificial demand buzz generated by Musk’s marketing machine. They paid $50,000 over asking price after years of waiting, only to receive a vehicle that fails to achieve even baseline capabilities – the definition of advance fee fraud.

Side-swiped by a scooter? Look at that damage.

Not only did Musk defraud buyers on basic vehicle capabilities, he clearly overstated everything like a typical advance fee scam. A tiny little scooter bumps into a new Tesla and the whole thing is “totaled”! $100K gets evaporated in an instant by anyone believing they paid Elon Musk a premium for something he personally engineered to handle their basic road conditions, let alone the apocalypse.

The Cybertruck exemplifies the fraud perfectly – for years the Tesla CEO generated buzz using the end-times fear tactics rooted in his family’s white nationalist empire of apartheid South Africa.

“[Elon’s mother and family] came to South Africa from Canada because they sympathised with the Afrikaner government. They used to support Hitler and all that sort of stuff.”

Like his ideological predecessors, racist “support Hitler” teachings from his grandfather and mother, Musk’s unfounded beliefs and empty promises can be expected to collapse when confronted with simple reality.

It is impossible to avoid seeing how this heavily promoted ‘go anywhere tackle anything’ campaign invoking his white supremacist visions of domination produced instead an overpriced dumpster that instantly succumbs to scooters and rain drops. In this we see history repeating itself. From Hitler’s swastikas to Musk’s swasticars, the cascading failures of Nazi fraud remain unchanged.

75 percent of the German Army relied on horses for transport. Horses played a role in every German campaign, from the blitzkrieg in Poland in 1939 and the invasion of Russia to France in 1944. …the notion of the mechanized might of the German Wehrmacht was largely a glamorized myth born in the fertile brains of newspapermen.

No wonder Musk bought a social media platform to spread glamorized myths of deep swastika thought, as depicted in 2023 by the famous artist Ai Wei Wei.

This artist’s rendering of the X brand was deleted from the platform by the self-promoting “free speech extremist” Elon Musk. Source: Ai Wei Wei

And just like Hitler refused to admit, which Musk clearly refuses to admit too, all the horse power in the world doesn’t mean much when they die instantly from… weather.

A brand new Cybertruck showing severe instant moisture decay gets put out with the other garbage in the East Bay

The Cybertruck demonstrates what happens when fraud meets reality, and I mean the most basic things like a bump, scrape or atmosphere. Nazis either steal viable ideas from others, disposing of the inventors quickly to hide the evidence, or they target and seduce non-expert believers into unsustainable fantasy death-traps while deflecting all blame.

The Nazis in public used to not say the obvious Heil Hitler out loud, or give their obvious Hitler salute, because that would be far too obvious. Instead they stick a “88” everywhere to represent the 8th alphabet letters H-eil and H-itler. So clever, who could ever detect these genius Nazis hiding in plain sight?

Elon Musk made Tesla market their cars as $88K, with 88kWh power, 88 computer functions, recommended to drive at 88 km/hr to charging stations with 88 ports. NOT a joke. All those are the actual statements promoted by Tesla, just like tweets exposing himself as a Nazi.

Fast forward to Cybertrucks dying everywhere and guess who is emboldened by such failure…

Anyone surviving the massive Tesla fraud rooted in pathetic anti-science Nazism can say after losing hundreds of thousands of dollars (that they’ll never get back because Elon Musk apparently lives above the law) they’re at least still alive to warn others before more fall victim to one man’s elaborate swasticar scams.

Sam Altman’s Strategic Reversals: A Pattern of Manipulation at OpenAI

Sam Altman, CEO of OpenAI, has developed a concerning pattern of using false reversals as a manipulation tactic. By analyzing his public statements across multiple issues, we can see how he weaponizes apparent honesty to advance his interests while building false trust. The following examples suggest a systematic use of false candor and manufactured vulnerability that extends beyond normal strategic pivoting. The key difference is a consistent deployment of emotional manipulation tactics rather than straightforward position changes.

Antisemitism (December 2023)

  1. Before: Claimed “antisemitism, particularly on the American left, was not as bad as people claimed”
  2. After: “I’d like to just state that I was totally wrong”
  3. Framing: Presented as a personal revelation while admitting “I still don’t understand it, really”
  4. Strategic Benefit: Aligned with period of intense scrutiny of tech leadership positions on antisemitism, particularly regarding campus responses

Burning Man (September 2024)

  1. Before: “Super anti-Burning Man” and dismissed it as “ridiculous, escapism, crazy party”
  2. After: Declares it “the most beautiful man-made thing” and model for post-AGI society
  3. Framing: “OK, I was wrong to be so negative”
  4. Strategic Benefit: Ties directly to OpenAI’s AGI vision and tech industry networking, positioning Burning Man as prototype for AI-enabled future

Trump (January 2025)

  1. Before: Anti-Trump stance documented in previous tweets
  2. After: “Watching @potus more carefully recently has really changed my perspective on him… I think he will be incredible for the country in many ways!”
  3. Framing: Claims he “fell in the npc trap” and wishes he had “done more of my own thinking”
  4. Strategic Benefit: Coincides with $500 billion Stargate Project announcement by the White House, positioning OpenAI to receive massive taxpayer funding

The Manipulation Playbook

Altman’s technique consistently follows these steps:

  1. False Humility: Uses “I was wrong” rhetoric to appear intellectually honest
  2. Complete Reversal: Switches to strong support of whatever benefits current interests
  3. Enlightenment Narrative: Frames shifts as personal growth rather than strategic moves
  4. Strategic Timing: Each reversal coincides with business opportunities
  5. Trust Building: Uses apparent vulnerability to build credibility while actually pushing agenda

What we see with Altman’s pattern is fundamentally different from normal business logic expected of a CEO. Take the Burning Man reversal as an example: He moves from calling it a “ridiculous, escapism, crazy party” to declaring it “the most beautiful man-made thing” and a model for post-AGI society. This isn’t just changing a business position – it’s a complete reversal of a personal value judgment, repackaged with an ideological framework that happens to align with OpenAI’s business interests.

His antisemitism flip-flop is particularly telling because it demonstrates how this pattern extends beyond business headlines. The timing of his reversal coincided with intense scrutiny of tech leadership positions on campus antisemitism. But notice the specific language: “I’d like to just state that I was totally wrong” followed by “I still don’t understand it, really.” This combination of absolute certainty in the reversal while admitting continued lack of understanding suggests the change wasn’t driven by new insights or learning.

The pattern reveals a deeply manipulative approach to public discourse, which shouldn’t surprise anyone who heard the warnings by a board of directors that tried to push out Altman for being extremely deceptive with them. His public appearance of honest self-reflection is in fact evidence of weaponized turns of phrase to bypass critical thought:

  1. Builds false trust through manufactured vulnerability
  2. Retroactively rewrites his own history
  3. Frames opposition to his current positions as “unthinking”
  4. Advances business interests while appearing to have genuine changes of heart

This raises very serious questions about leadership ethics in public investments in technology boondoggles that look a lot more like Teapot Dome Scandal than anything else. OpenAI’s unfortunate influential position in shaping AI development is counter-intuitive to others proving them hugely wasteful, opaque and slow compared to actual AI innovators.

…unlike ChatGPT’s o1, DeepSeek is an “open-weight” model that (although its training data remains proprietary) enables users to peer inside and modify its algorithm. Just as important is its reduced price for users — 27 times less than o1. Besides its performance, the hype around DeepSeek comes from its cost efficiency; the model’s shoestring budget is minuscule compared with the tens of millions to hundreds of millions that [OpenAI burned through already, desperate for more].

The consistency of his manipulation pattern across multiple issues reveals not any genuine evolution of thought, but the very opposite in a calculated deception strategy to force his latest pivot past everyone without proper scrutiny. The reversals aren’t just rational or normative business adaptations but complete 180-degree turns with manufactured vulnerability to undermine all opposition. Each “revelation” campaign somehow perfectly aligns with Altman’s immediate interests at that very moment, suggesting these aren’t authentic changes of perspective and instead strategic moves sweetened by Silicon Valley “rapid growth” placebos.

When a leader repeatedly uses false candor to manipulate public trust, it threatens the integrity of crucial discussions about technology’s best path and AI’s real future. The most pressing concern right now may be how OpenAI is meant to be used in targeting civilians with the new “Papers Please” role of America’s elite combat troops being mobilized on domestic soil.

Trump Proposes Final Solution for “Cleansing” Gaza

Critics have suggested the Israeli President Netanyahu defending use of Nazi salutes at U.S. political rallies is indicative of an historically ignorant extremist right-wing alignment with U.S. leaders overtly planning mass ethnic cleansing.

“@elonmusk is being falsely smeared,” [Netanyahu] wrote. “Elon is a great friend of Israel. He visited Israel….”

That logic is so impeccable, where do I even begin.

Do you know who else visited Israel?

Hamas.

Do you know who else adopts and promotes Nazi symbolism?

Hamas.

Somehow we are supposed to believe however that Elon Musk is totally different and a friend because what… his grandfather was so anti-Semitic and racist that after Hitler lost WWII he ran towards South African apartheid to raise Elon on blood money?

That kind of friend?

Let’s all just admit Netanyau is a politician notorious for saying whatever gives him power in the instant and erasing accountability for it soon after. There’s been a pattern of selective historical memory and inconsistent application of standards by him when assessing threats.

He’s obviously no historian, in other words. And perhaps more importantly he has zero credibility left on the topic of threats to Israel, that’s for certain, given Hamas invaded on his watch while he directly undermined the political independence, authority and judgment of the Israeli military.

And now this:

“You’re talking about a million and a half people, and we just clean out that whole thing,” Trump said… an analyst with Israeli network Channel 12 News, cited Israeli officials and reported that the move was “not a slip of the tongue….”

An ethnic cleansing plan? Let’s run that one up the flag pole and see who salutes it.

Israelis must be thinking “first they came for“… because that’s what is going on now.

Americans are also seeing it on home soil for very similar sounding Trump plans, where large populations allegedly will soon be confronted by combat troops demanding “papers please” like the 1930s.

Have a nice house? Papers please.

Successful business? Papers please.

Sandy beach access to the sea? Papers please.

Practically speaking, as a matter of national security extended into interventions/invasions abroad, the American GOP has forever (since at least my time in the early 1990s on Capitol Hill meetings with Senator Bob Dole) complained they have been blocked as foreigners from rapidly acquiring and owning property in Israel. The American eminent domain (eviction for profit) aspiration in foreign policy being reported is not really news on that note, but this marks a substantial pace change. The sloppy “grab them by the glaciers” bombast replaces decades of norms that meant more orchestrated diplomatic whispers behind closed doors.

The current situation should thus be framed more accurately beyond a political crisis of the moment in Gaza. It’s the abrupt unstable convergence at the White House of historical patterns of racist displacement, economic interests in foreign value extraction, and the normalization of the worst extremist rhetoric by high-profile American politicians.

We’re in a particularly dangerous moment because various strands of extremist ideology, economic interests, and weakened institutional protections are amplifying each other without sufficient evidence of safety from resistence let alone impedance.

The very instant Netanyau said the obvious Nazi salute by a man with a long documented history of Nazi affinity isn’t a threat to Israel, the shock should have been registered appropriately. An Israeli leader should face full accountability for endorsing Nazism in 2025, such as surrendering his seat and authority to lead. It’s much more clear-cut than America, and so ethnic cleansing statements there represent a bellweather of what’s likely coming for America. The lack of immediate consequences after such clear breaches in integrity, blowing past historical lines, suggests a catastrophic weakening of institutional safeguards against violent extremism.

Update: Israelis mock Trump.

At this rate Trump is likely to propose that Gazans be launched ‘voluntarily’ into space and settle Mars, in the spirit of his promise in his inauguration speech: ‘And we will pursue our manifest destiny into the stars, launching American astronauts to plant the Stars and Stripes on the planet Mars’,” the editorial board wrote.

“Why not the Palestinian flag too? It’s possible his partner Elon Musk is already working on it.”

Chaim Levinson, a columnist at Haaretz, wrote: “I’m sorry, but I must disappoint you. After checking with a number of officials, both in Israel and in the relevant countries – along with diplomats involved in the negotiations – it seems this is the vision of an experienced real estate tycoon, and no such concrete plan of action exists.”