Arizona Woman Running a Laptop Farm for North Korean IT Workers

 

Going digital is changing -almost- everything, and that's mostly a good thing. But it also means that it brings new dangers to our lives. One area we really need to look at is how we hire people. The old ways of doing things might not be safe anymore in this digital world. We have to think about these new risks and find ways to protect ourselves. Otherwise, we're going to keep seeing stories like the one about the woman in Arizona. She set up a whole system to create fake online workers, a "laptop farm" as they called it. She made a ton of money, over $17 million, by pretending these fake workers were real people working in the US. And, unbelievably, some of that money ended up going to North Korea. This kind of thing shows us just how important it is to update how we hire people. We need to find ways to make sure we're hiring real people and not falling for these kinds of scams. If we don't change how we do things, these problems are just going to get worse.

https://bit.ly/3CWVuin

Headlines:

"An Arizona woman who created 'laptop farm' in her home to help fake IT workers pose as US-based employees has pleaded guilty in a scheme that generated over $17 million for herself... and North Korea."

"According to court documents, Chapman ran a laptop farm out of her home from October 2020 to October 2023. During this time she hosted computers for overseas IT workers — who were posing as American citizens and residents — to ensure the devices had local IP addresses, making them appear to be in the US."

"Those who successfully obtained employment as part of the scam then received payroll checks at Chapman's home with direct deposits sent to her US bank accounts before ultimately being laundered and funneled to North Korea, and then potentially contributing to the DPRK's weapons programs, the court document says."

"Some of the overseas workers were hired at Fortune 500 companies, including a top-five television network, a premier Silicon Valley technology company, an aerospace and defense manufacturer, an American car manufacturer, a luxury retail chain, and a US-hallmark media and entertainment company."

"In total, more than 300 US companies were scammed,..."

Chinese AI DeepSeek Database Is Exposed

A Chinese company DeepSeek AI Database is exposed recently and over 1 million log lines and secret keys are leaked.

Choose your AI wisely. Choose your software wisely. Cheap software might end up costing you far more in the long run. While no choice is entirely risk-free, it's best to use software from countries that uphold strong democratic values, justice, and human rights. Your data is being collected and sold to third parties. This is almost unavoidable. If it must happen, it's (relatively) safer in the hands of democratic countries. (Consider it the lesser of two evils.)

https://bit.ly/4hmIqBQ

[Headlines]

"Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data.

The ClickHouse database 'allows full control over database operations, including the ability to access internal data,' Wiz security researcher Gal Nagli said.

The exposure also includes more than a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information, such as API Secrets and operational metadata. DeepSeek has since plugged the security hole following attempts by the cloud security firm to contact them.

The database, hosted at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000, is said to have enabled unauthorized access to a wide range of information. The exposure, Wiz noted, allowed for complete database control and potential privilege escalation within the DeepSeek environment without requiring any authentication."

"Furthermore, DeepSeek's apps became unavailable in Italy shortly after the country's data protection regulator, the Garante, requested information about its data handling practices and where it obtained its training data..."

"Bloomberg, Financial Times, and The Wall Street Journal have also reported that both OpenAI and Microsoft are probing whether DeepSeek used OpenAI's application programming interface (API) without permission to train its own models on the output of OpenAI's systems, an approach referred to as distillation."