Risky Business Features What to do about North Korean remote workers
Feb 27, 2026
Brad Arkin, former CISO at Adobe, Cisco and Salesforce, brings hands-on cybersecurity and risk management experience. He describes North Korea’s fake IT worker industry. Short segments cover how fake identities and laptop farms operate. They explore detection headaches, legal limits, cross-team controls, and how AI supercharges interview fraud.
AI Snips
Chapters
Transcript
Episode notes
Contractors Via Body Shops Create Identity Gaps
- Many organisations rely on body shops for contractors which creates weak points in identity assurance.
- Brad Arkin explains body shops submit resumes, handle onboarding and drug tests, then deliver contractors who may never meet hiring managers in person.
Laptop Farms Run Hundreds Of Corporate Devices
- Attackers obtain clean identities, bribe verifiers, and arrange laptop delivery to alternate addresses.
- Brad Arkin recounts laptop farms where hundreds of corporate laptops sit in basements and operators perform Touch ID, YubiKey pushes, and mail forwarding.
IP KVMs Hide Remote Human Control
- Operators moved from detectable remote-control malware to IP-based KVMs to avoid endpoint detection.
- Brad Arkin explains IP-KVMs make the corporate laptop appear locally controlled, defeating simple EDR checks.