Clearwater cybersecurity firm accidentally hires North Korean hacker, issues warning


Clearwater cybersecurity company admits it has "egg on its face" after it unwittingly hired the wrong guy.

"KnowBe4" is going public after a North Korean hacker was selected for a position from a field of hundreds of applicants.

Their CEO says no data was breached, but still says the lesson for employers everywhere is crucial.

They say the job applicant's resume included a neat headshot, and listed even more impressive credentials.

"(He) met all the right checkboxes and made it through four interviews," said Erich Kron, a KnowBe4 security awareness advocate, "video interviews as a matter of fact."

Company officials say the applicant had an unremarkable name and spoke smooth English and was hired for a remote worker job studying AI.

He said he was from Atlanta, but that his laptop should be sent to Washington state, because he was moving.

"Immediately we started seeing some strange behavior with software trying to be loaded," said Kron. "(We found it) through all of our security software."

Within hours of hitting the payroll, they locked down his laptop without any client data being exposed.

Turns out, the neat headshot was created from a stock photo.

After giving shifty explanations, he went dark. KnowBe4 alerted the FBI, who suspects he's a North Korean hacker.

"He essentially had access to our training materials, to get him started on the training," said Kron. "But had this continued, there's a possibility that this person could have gotten access to a lot more information." 

Comments