Let me take you inside a weird, wild story

As copies of On Muscle start to arrive with subscribers around the country, I’m going to take a diversion off the usual Saturday newsletter path—after all, it’s only a couple of days since I last got in touch. What can I say? The calendar falls where it falls.

Here’s the deal: instead of talking about a book written by somebody else, I’m going to talk about an article written by me! It came out online a couple of days ago in Wired, and will be in the upcoming print edition.

And so I thought I’d use this moment to share a little bit about it with you.

The story starts out as what looks like a fairly basic fraud—people getting remote programming jobs under false pretenses—but quickly turns out to be something much more audacious and weird: a concerted operation by the North Korean government to fake its agents into jobs that can funnel money and information back to Pyongyang.

It was a fun, slightly terrifying story to report and write, and I thought I’d answer a few questions that folks have asked me since it was published.

So hang on, what’s happening again?

Turns out that for several years, gangs of North Koreans have been stealing people’s identities and using them to get remote work—mainly IT jobs and mainly in the US. They use collaborators on the ground to make the illusion seem more real. and then actually work those jobs for weeks, months, and sometimes even years. 

Their earnings go back to Kim Jong Un’s regime, and along the way they get access to data and systems that can be used by other North Korean hackers in the future. Hundreds and possibly thousands of employers have been caught up in these schemes, including some really major companies.

For the story, I followed the sleuthing efforts of one young entrepreneur who found himself being bombarded by fake job applicants, and detail the case of one of the accomplices who was caught in Arizona a while back. I also talk to victims of the scam, experts and academics—and, to top it all off, I even got the chance to sit in on a couple of interviews with North Koreans as they try to fake their way into a job.

How did the story come about? How long did it take?

I first heard about it at the end of last summer, when I met the CEO featured in the story, Simon Wijckmans at an event in San Francisco. I was looking into some other AI-driven scams at the time, and we got chatting about them, and then he shared the experience he’d had recently with these weird job applicants. 

As I looked into it, it turned out that this was somewhat well-known in the cybersecurity industry—often referred to as “DPRK IT worker fraud”—but nobody seemed to have done a big piece about it. I thought it was one of those stories that was too interesting to not write up.

I did most of the reporting in October and November last year, and then some more in February and March as the story finally started getting closer to publication. There was a lot of writing and editing along the way.

What was the hardest part?

Reporting took a lot of effort, and I had to shake off a lot of dust. It wasn’t necessarily hard to report, since I found plenty of people who were willing to talk to me and had way more material than I could include. But the act of getting on the phones and sending out emails and chasing down leads can be demanding. 

Honestly, I’ve never considered myself a very good reporter—I stumbled into journalism, really, and had to learn a lot as I went along. Plus I’ve spent most of the past decade or more focused on editing and publishing, so I was definitely rusty and doing other demanding work at the same time in my other role as an editorial adviser.

Is there more to say? More to know?

As always, even with a long feature, there’s so much you discover that you can’t fit in. I’d love to write more about pretenders and what they mean. But I’m also totally fascinated by the idea of fake identities and fakeness in general. (In fact, I think one of my very first features for a major publication—almost exactly 23 years ago—was recounting the story a cancer blogger who turned out to be a fake.)

There are big questions here to explore, I think: What does it mean when you can’t trust your own eyes? What is the history of copycats, fraudsters, and fakery? And ultimately what’s the difference between real and fake? 

⌘ 

Anyway, that’s all for now. Let me know if you enjoy the article: Next week we’ll be back to our normal programming. 

Onward

Bobbie