Skip to main content

Go to the WKMG homepage

WEATHER ALERT

A rip current statement in effect for Volusia, Coastal, Inland Region

Investigators

Florida IT security company inadvertently hires North Korean hacker

Company’s security training used by more than 65,000 organizations around the world

Louis Bolden, Investigative Reporter

Published: September 9, 2024 at 5:24 AMUpdated: September 9, 2024 at 6:39 PM

CLEARWATER, Fla. – In July, a Florida IT security company accidentally hired a North Korean hacker who was posing as a western tech worker.

Roger Grimes is a data-driven defense evangelist at KnowBe4, a Clearwater company that provides internet security awareness training to thousands of organizations.

The company inadvertently hired a North Korean hacker as a software engineer after he used a stolen ID during the interview process.

“It was just incredulous at first, that we had been targeted,” Grimes told News 6. “Not only did we find this fake employee, but you have to go back and go, ‘Do we have any others?’” Grimes said.

The company reports in a blog on its website, it performed background checks, verified references and conducted four video conferences before realizing he was a deep fake.

Paul Vann and Justin Marciano are the 20-something founders of west-coast based IdentifAI, a deep-fake cyber security platform that protects enterprises from cyber threats.

“When a cybersecurity company, that serves other cybersecurity companies, gets exploited, it can cause a lot of problems,” Vann said.

“The mechanism that was used in this KnowBe4 attack was in real-time live,” Marciano said.

The person who interviewed with the company is essentially a real person using a valid but stolen U.S. based identity, according to KnowBe4′s CEO Stu Sjouwerman.

“This is pretty much one of the most efficient ways for adversaries today to get within an organization and have the most ability, or greatest capability, to breach or attack that organization,” Vann said.

Vann and Marciano say IdentifAI can create a facial profile of an applicant during an interview and verify their authenticity within minutes.

“We anticipate a lot of deep fake technology being utilized in these fake job scams going forward,” Vann said.

The U.S government is aware of the threat and started warning against it in an advisory in May 2022.

KnowBe4 is using it as a teachable moment for them and other companies to put better hiring protocols in place, Grimes said.

Get today’s headlines in minutes with Your Florida Daily:

Copyright 2024 by WKMG ClickOrlando - All rights reserved.

RELATED STORIES

IRS warns of scams targeting seniors

Read full article: IRS warns of scams targeting seniors

Loading...