Government Agencies Warn Canadian Businesses Against Hiring North Korean IT Workers

In a significant advisory, the Royal Canadian Mounted Police (RCMP), Public Safety Canada, Global Affairs Canada, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), and the Canadian Centre for Cyber Security have alerted Canadians and businesses to the dangers posed by information technology (IT) workers reportedly linked to the North Korean government. 

These advisories caution that hiring such workers could lead to severe legal repercussions under Canadian sanctions and expose organizations to risks including corporate espionage and data breaches. The United Nations Security Council has issued prohibitions against North Korea’s weapons programs, making it illegal for Canadians to engage with individuals or companies directly associated with these activities.

North Korean IT workers, representing the Democratic People’s Republic of Korea (DPRK), often present themselves as freelancers operating from various foreign locations. They provide a broad array of IT services, including mobile and web application development, general IT support, graphic design, and database management. 

Their goal is multifaceted: to gain skills, create networks in lucrative industries, and potentially assist in future cyberattacks. According to Canadian authorities, these workers are typically well-trained and adept in their fields. Additionally, they might use advanced techniques such as virtual private networks (VPNs) and encryption tools to mask their identities, complicating the identification process for employers. 

The Canadian government has implemented sanctions against North Korea due to its ongoing aggression and violations relating to weapons development, regulated under the United Nations Act and the Special Economic Measures Act. Canadian businesses and individuals must refrain from any activities that fall under these regulations. Violations may trigger substantial penalties, including fines that can reach up to $100,000 or even longer prison sentences depending on the severity of the offence. The RCMP and the Canada Border Services Agency are responsible for enforcing these laws.

Small businesses and startups may be particularly vulnerable to the tactics employed by North Korean IT workers. These organizations often lack the resources to conduct thorough vetting of candidates, making them an appealing target for illicit actors seeking to exploit their need for affordable IT expertise. 

To assist in identifying potential North Korean IT workers, the advisory outlines several warning signs. Key indicators may include unusual payment requests, such as demands for cryptocurrency transactions, frequent international money transfers, and discrepancies in personal information. Furthermore, individuals who are reluctant to provide timely identification or documentation and those using advanced deepfake technologies during meetings should be approached with caution. 

Canadian businesses are urged to exercise diligence when hiring freelance IT professionals. To mitigate risks, companies should avoid making payments in cryptocurrency, verify documents thoroughly, and conduct interviews through multiple communication channels. Additionally, background checks and reference verifications are critical to ensuring that potential hires pose no threat.

The North Korean government has long prioritised technological advancement as part of its national strategy, further intensifying efforts in 2019 to enhance its educational system to nurture skilled workers in science and technology. Despite numerous and ongoing sanctions imposed by the international community, including Canada, North Korea continues to enact sophisticated strategies to elude these restrictions, funded in part by illicit cyber activities. Security analysts have reported that the nation has engaged in large-scale theft of cryptocurrencies since 2021, believed to directly contribute to its weapons programs.

For those seeking further information on the risks associated with North Korean IT workers, governmental advisories from Australia, the Republic of Korea, and the United States may provide valuable insights. The Canadian Centre for Cyber Security also offers resources tailored to individuals and small to medium-sized enterprises seeking guidance on cybersecurity and safe hiring practices.

Suspicious activities or potential sanctions violations should be reported to the RCMP National Security Information Network at 1-800-420-5805. Service is available in both of Canada’s official languages.

Through these proactive measures and awareness campaigns, Canadian authorities aim to safeguard businesses and the broader community against the complexities and risks of illicit affiliations with North Korean operatives.