North korea skirts us sanctions by secretly selling software around the globe | techcrunch

Fake social media profiles are useful for more than just sowing political discord among foreign adversaries, as it turns out. A group linked to the North Korean government has been able to

duck existing sanctions on the country by concealing its true identity and developing software for clients abroad. This week, the US Treasury issued sanctions against two tech companies

accused of running cash-generating front operations for North Korea: Yanbian Silverstar Network Technology or “China Silver Star,” based near Shenyang, China, and a Russian sister company

called Volasys Silver Star. The Treasury also sanctioned China Silver Star’s North Korean CEO Jong Song Hwa. “These actions are intended to stop the flow of illicit revenue to North Korea

from overseas information technology workers disguising their true identities and hiding behind front companies, aliases, and third-party nationals,” Treasury Secretary Steven Mnuchin said

of the sanctions. As the Wall Street Journal reported in a follow-up story, North Korean operatives advertised with Facebook and LinkedIn profiles, solicited business with Freelance.com and

Upwork, crafted software using Github, communicated over Slack and accepted compensation with Paypal. The country appears to be encountering little resistance putting tech platforms built by

US companies to work building software including “mobile games, apps, [and] bots” for unwitting clients abroad. > US Treasury sanctions North Korea over Sony hack and WannaCry attack The

US Treasury issued its first warnings of secret North Korean software development scheme in July, though did not provide many details at the time. The Wall Street Journal was able to

identify “tens of thousands” of dollars stemming from the Chinese front company, though that’s only a representative sample. The company worked as a middleman, contracting its work out to

software developers around the globe and then denying payment for their services. Facebook suspended many suspicious accounts linked to the scheme after they were identified by the Wall

Street Journal, including one for “Everyday-Dude.com”: > “A Facebook page for Everyday-Dude.com, showing packages with > hundreds of programs, was taken down minutes later as a 

reporter was > viewing it. Pages of some of the account’s more than 1,000 > Facebook friends also subsequently disappeared… >  > “[Facebook] suspended numerous North Korea-linked

 accounts > identified by the Journal, including one that Facebook said appeared > not to belong to a real person. After it closed that account, > another profile, with identical 

friends and photos, soon popped > up.” Linkedin and Upwork similarly removed accounts linked to the North Korean operations. Beyond the consequences for international relations, software

surreptitiously sold by the North Korean government poses considerable security risks. According to the Treasury, the North Korean government makes money off of a “range of IT services and

products abroad” including “website and app development, security software, and biometric identification software that have military and law enforcement applications.” For companies

unwittingly buying North Korea-made software, the potential for malware that could give the isolated nation eyes and ears beyond its borders is high, particularly given that the country has

already demonstrated its offensive cyber capabilities. Between that and sanctions against doing business with the country, Mnuchin urges the information technology industry and other

businesses to exercise awareness of the ongoing scheme to avoid accidentally contracting with North Korea on tech-related projects.