🎭 The Spy Who Applied to Code
What if your next remote hire wasn’t a developer, but a North Korean spy?
No, it’s not a Netflix plot. It happened. And the story is wild.
👨💻 “Steven Smith,” Software Engineer (and Spy)
In October 2023, the hiring team at Kraken, a U.S.-based crypto exchange, received an application from someone named Steven Smith. On paper, he was a strong candidate, a Computer Science degree from NYU, 11+ years of experience, and stints at companies like Cisco. But something felt off.
🎃 Red Flags Everywhere
Nick Percoco, Chief Security Officer at Kraken, wasn’t ready to toss the application just yet. Sensing something deeper at play, he decided to move “Steven” forward in the hiring process—not to hire him, but to test him.
So they set up what looked like a casual cultural interview. In reality, it was a trap.
And “Steven” walked right into it.
Said he liked “food,” but couldn’t name a single favorite. (Suspicious behavior for a self-proclaimed foodie.)
Claimed to live in Houston, but when asked about local restaurants, he blanked.
Had no idea what Halloween was. A tough sell for someone supposedly living in the U.S.
And when asked for ID, he produced one… with an address hundreds of miles from where he said he lived.
You don’t need to be a detective to spot something wrong here. It sounded like a spy movie, and honestly, it kind of was.
💣 Why It Matters: The North Korean Threat
North Korean operatives have been posing as remote IT workers to infiltrate U.S. companies. Their goal? Fund the regime’s weapons programs and, if possible, steal from inside.
📊 The stats:
-
Fortune reports, Thousands of North Korean IT workers have infiltrated the Fortune 500.
-
CrowdStrike reported a North Korean IT workers group called Famous Chollima were behind more than 300 incidents last year.
-
The Lazarus Group has pulled off some of the largest crypto heists in history.
Kraken may have dodged a bullet, but many others weren’t so lucky.
🎥 Watch the Interrogation
Want to see what this looked like in action? Here’s CBS coverage of the story and “Steven” being asked about his favorite restaurant:
🔍 Tips to Spot a Faked Identity in Remote Interviews
Here’s how you can tighten your interview process:
1. Location-Specific Questions
Ask about:
-
Local holidays (like Halloween!)
-
Favorite places to eat
-
Regional slang or events
2. Ask for Real-Time ID Verification
-
Use video to ask for government-issued ID.
-
Compare the location on the ID to their resume and story.
-
Watch body language. Stalling might be a red flag.
3. Behavioral Consistency
-
Do answers match the resume?
-
Do they sound rehearsed or copy/pasted?
-
Ask open-ended questions to gauge authenticity.
4. Technical Checks
-
Check social media accounts and compare LinkedIn profiles against the resume.
-
Contact references and check their LinkedIn and social media accounts too.
-
Check IP addresses if possible.
-
Verify timezone activity in collaboration tools.
-
Use background screening vendors that flag known fraud patterns.
🎯 What This Means for Hiring Teams
Kraken didn’t just dodge a bullet, they turned a threat into a teachable moment that we can all learn from.
🔐 Remote hiring isn’t going away. Neither are social engineering threats. In fact, they’re evolving. With AI-generated avatars and voice cloning tools becoming almost indistinguishable from real people, verifying identity in virtual interviews is only getting harder.
That means it’s time to rethink how we screen candidates, especially for remote roles with access to sensitive systems. Companies need stronger identity verification practices, not just background checks, but real-time, human-led vetting and technical testing.
Go Deeper
-
North Korea Stole Your Job: Wired (More wild North Korean remote IT job stories)
-
Read the fascinating book, The Lazarus Heist by Geoff White to learn more about the Lazarus Group
Big thanks to my buddy Chris Young, who casually mentioned this story and accidentally triggered a full blog post. Honestly, this one’s kind of your fault.
Want more stories like this?
Subscribe to Between The Hacks and follow us for more practical cybersecurity with a human twist.
About the Author
