Comment by Maxious

Comment by Maxious 19 hours ago

Jeff Geerling recently discussed being contacted by the FBI to learn more about minature KVMs, one of the devices North Korean fake IT workers use to appear to be coming from other countries https://www.youtube.com/watch?v=Lc2hB2AwHso

geerlingguy 18 hours ago

In this case, the KVMs are plugged into multiple laptops being run in people's basement/spare bedroom, it seems. Someone will earn a set amount per laptop per month, to accept a company-supplied laptop (from a us company) then plug in one of these little KVMs to give a remote worker access without as much ease in detection.

Reply View 7 replies

nradov an hour ago

The Wall Street Journal had an article about the people running these North Korean laptop farms.
https://www.wsj.com/business/north-korea-remote-jobs-e4daa72...

Reply View | 1 reply
- yard2010 32 minutes ago
  
  > "I live in a travel trailer. I don’t have running water; I don’t have a working bathroom. And now I don’t have heat,” she said. “I’m really scared. I don’t know what to do."
  Whn people have no solutions for basic problems they become the problem.
  
  Reply View | 0 replies
Quitschquat 5 hours ago

> amount per laptop per month
Curious what typical rates would be.

Reply View | 0 replies
moffkalast 11 hours ago

So the main difference over more typical remote desktop methods is that it pretends to be a physical display and keyboard to fool the PC it's remoting into in if it's overly locked down?
Feels like there's otherwise a hundred different ways to already do remote control without any extra hardware.

Reply View | 3 replies
- bjackman 11 hours ago
  
  All the alternatives have a risk of setting off D&R tripwires. Assuming these things can spoof their device IDs so they look like a Logitech keyboard etc, I think the cost of the hardware setup is gonna easily pay for itself in terms of harder detection.
  
  Reply View | 1 reply
  
  InfiniteLoup an hour ago
  
  What does "D&R" stand for in this context?
  
  Reply View | 0 replies
- nightfly 11 hours ago
  
  > Feels like there's otherwise a hundred different ways to already do remote control without any extra hardware
  This way the worker doesn't have to know 100 different ways to remote into the machine, just one
  
  Reply View | 0 replies

snickerbockers 4 hours ago

So I must be really dumb here but what exactly does the kvm do? It's just stated that it has an Ethernet port and an HDMI and therefore can remote control a computer? And he said the North Koreans are putting them on people's computers as if North Koreans breaking into people's apartments is a common occurrence we've all experienced? And why did the FBI contact him about this?

There's obviously some context I'm missing here, I always thought kvm was the Linux kennel virtualization system...

Reply View 4 replies

krisoft 3 hours ago

> what exactly does the kvm do?
In this context the abbreviation stands for “keyboard, video, and mouse”. These are hardware devices you physically connect to a computer and then you can remotely see the computer’s screen and input keyboard and mouse inputs to it via the network.
> It's just stated that it has an Ethernet port and an HDMI and therefore can remote control a computer?
Yes. That is the purpose of a KVM device.
> he said the North Koreans are putting them on people's computers
What is described here is a scam perpetrated by North Korean state to gain funds despite economic sanctions trying to prevent it from doing so.
The scheme involves someone pretending to be a legitimate remote worker working from a legitimate location, but in reality they are performing the work from North Korea. The person working the remote IT job in North Korea gets a pitance, while the state pockets the larger part of the money paid to them.
As part of the scheme the remote worker gets a laptop from their western employer. Corporate IT installs all kind of security measures on the laptop, but also grants it means to access internal resources. The scammer can’t ship the laptop to North Korea and use it directly because if that gets detected they will be found out and fired. They also can’t install software based remote access tools because corporate IT might detect those too. So they use a KVM to remotely use the laptop from North Korea and stay on the job as long as they can.
> as if North Koreans breaking into people's apartments is a common occurrence
The scheme does not involve North Koreans breaking into apartments.
> And why did the FBI contact him about this?
Who knows. Jeff seems to have described how to use a particular cheap KVM in the past. Likely this KVM device is used by the scammers. Maybe he has connections to the KVMs manufacturer? Maybe the FBI thought he does?
> I always thought kvm was the Linux kennel virtualization system...
Same abreviation, but different thing.

Reply View | 0 replies
__david__ 3 hours ago

KVM (keyboard, video, mouse): https://en.wikipedia.org/wiki/KVM_switch In particular, https://en.wikipedia.org/wiki/KVM_switch#KVM_over_IP_(IPKVM)
It seems they don’t break into someone’s apartment but instead pay someone to stick a kvm connected laptop somewhere in the apartment.

Reply View | 0 replies
Thorrez 3 hours ago

KVM in this context stands for keyboard, video, mouse. There are multiple types of these KVMs, and the ones discussed here are remote KVMs.
https://en.wikipedia.org/wiki/KVM_switch#KVM_over_IP_(IPKVM)
It sounds like the North Koreans pay 1 person in the US to have a ton of laptops with KVMs attached to them, and those laptops are remotely used by North Koreans.
Not to be confused with Kernel-based virtual machine (also called KVM):
https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine

Reply View | 0 replies
ianpurton 3 hours ago

I imagine they mean a remote KVM. So you remote into a PC sitting in a basement in someones house in the US. You then make all your outgoing internet from thta setup and your IP address would look legit.

Reply View | 0 replies