My work brings me into regular contact with DPRK IT professionals, for example by [teaching open source sotware](<a href="https://izbicki.me/blog/teaching-open-source-in-north-korea.html" rel="nofollow">https://izbicki.me/blog/teaching-open-source-in-north-korea....</a>) or [teaching proper web design](<a href="https://izbicki.me/blog/fixing-north-korea-kcna-webpage.html" rel="nofollow">https://izbicki.me/blog/fixing-north-korea-kcna-webpage.html</a>). I make a lot of effort to respect sanctions, but documents like this are incredibly unhelpful. I've read through the document, and it seems completely devoid of actionable, DPRK-specific information that can help IT professionals avoid sanctions violations. For example, the document encourages websites to monitor for the following activity as "indications of DPRK IT workers who may be using their platforms":<p>• Multiple logins into one account from various IP addresses in a relatively short period of time,
especially if the IP addresses are associated with different countries;<p>• Developers are logging into multiple accounts on the same platform from one IP address;<p>• Developers are logged into their accounts continuously for one or more days at a time;<p>• Router port or other technical configurations associated with use of remote desktop sharing
software, such as port 3389 in the router used to access the account, particularly if usage of
remote desktop sharing software is not standard company practice;<p>• Developer accounts use a fraudulent client account to increase developer account ratings, but
both the client and developer accounts use the same PayPal account to transfer/withdraw
money (paying themselves with their own money);<p>• Frequent use of document templates for things such as bidding documents and project
communication methods, especially the same templates being used across different developer
accounts;<p>• Multiple developer accounts receiving high ratings from one client account in a short period,
with similar or identical documentation used to establish the developer accounts and/or the
client account;<p>• Extensive bidding on projects, and a low number of accepted project bids compared to the
number of projects bids on by a developer; and<p>• Frequent transfers of money through payment platforms, especially to PRC-based bank
accounts, and sometimes routed through one or more companies to disguise the ultimate
destination of the funds.<p>This list is so generic that I'm not sure what the point of it is. I think it would make sense to ban some of these practices from a general security perspective. But these practices would give way too many false positives if you were trying to use them to identify DPRK developers.<p>I'm honestly really confused about who the target audience is for publications like this. It can't be actual IT professionals due to the lack of actionable information. Is it journalists? Do we publish these things just to remind them that we don't like the DPRK?
So weird, this part about validating for DRPK workers:<p>Conduct a pre-employment background check, drug test, and fingerprint/biometric log-in to verify identity and claimed location.<p>Background check, sure. Fingerprint/biometric identity verification? Lol. I would never, ever submit to such a thing. DRUG TEST? How the hell does that catch DRPK workers?
> DPRK IT companies and their workers normally engage in a wide range of IT development work of varying complexity and difficulty, such as:<p>> building virtual currency exchange platforms and digital coins,<p>> DPRK IT workers often take on projects that involve virtual currency.<p>> Some DPRK IT workers have designed virtual currency exchanges or created analytic tools and applications for virtual currency traders and marketed their products themselves<p>@bitfinexed lol
From the review of Dr.
Suzy Kim’s “Everyday Life in the North Korean Revolution, 1945-1950”:<p>“The anglophone archive on the DPRK is a bleak record of imperialist slander, replete with the most lurid and theatrical tales of passively suffering masses and the flamboyant pseudo-socialist “regime” that supposedly keeps them in a state of total servitude. Between hypocritical fears of its nuclear power and conscience-rattling anxieties over the alleged condition of human rights within, the DPRK looms as a symbol of the negation of liberal freedoms. It is within this context that Suzy Kim’s Everyday Life in the North Korean Revolution, 1945-1950 must be considered.”<p><a href="https://liberatedtexts.com/reviews/socialist-construction-in-korea-suzy-kims-everyday-life-in-the-north-korean-revolution-1945-1950/" rel="nofollow">https://liberatedtexts.com/reviews/socialist-construction-in...</a>
How do you get IT workers there being highly skilled when most of the population isn't on the internet. Also, considering the treatment of throwing lots of them in forced labor camps over percieved slights and poverty..<p>I just don't understand where are these people coming from? It's not like NK has universities and a lively educated class.
> DPRK IT workers have also assisted DPRK officials in procuring WMD and ballistic missile-related
items for the DPRK’s prohibited weapons programs.<p>In what context are these programs "prohibited"? Do they violate a UN treaty that DPRK has ratified? How come USA can develop hypersonic nukes but DPRK is "prohibited"?<p>Also this explains why a Venmo transaction was held for a week after I put a joke about Glorious Leader in the description...
> DPRK IT workers can individually earn more than USD 300,000 a year in some cases<p>i'd say it is one of the best description of the current successful state of remote work :)<p>And in overall that guidance reads like an advertisement for the offshoring to DRPK - can you imagine how highly disciplined those workers given that they are managed by the NK security service who is taking a share of their money - imagine missing a deadline with a gun to your head - the word "fired" gets that Schwarzenegger's meaning :)