North Korean IT workers have infiltrated the Fortune 500

A flagged post mentions this is racist and typical anti immigration rhetoric.

That's not true, there are only two types of North Korean people you'll meet, either those that have defected and escaped North Korea or those that are agents of the state of North Korea.

There are very few defectors in existence and once they escape they're given full South Korean citizenship. This article is not about those people.

The vast majority of North Koreans outside North Korea are not defectors, instead they are controlled state assets. There are no North Korean people outside the country that are free citizens. Every single North Korean authorised to leave the country is working directly for their government often to raise money for the regime, to steal IP, to infiltrate for some nefarious purpose.

Having one of these North Korean active assets in your company is extremely dangerous, your business is now at risk of leaks, theft, or worst something being modified like added vulnerabilities that could be exploited later in cyber attacks.

So no, this article is not racist at all and really has nothing to do with the recent political situation.

What about Australia in comparison? Australians can be legally compelled in secret courts to install backdoors in the companies in which they are employed, and gagged from telling the company itself or any journalists (see the Access and Assistance Bill). That doesn't cross the same 'agents of the state' line?

> Australians can be legally compelled in secret courts to install backdoors in the companies in which they are employed, and gagged from telling the company itself or any journalists (see the Access and Assistance Bill).

My thoughts on this as an Australian software engineer: how could they possibly “order” me to “install a backdoor”? To change a production system, I need an issue in the issue tracker, I need a PR, I need a colleague to review and approve it-if I’m not allowed to call it “install backdoor at Australian government’s demand”, what am I going to call it? How am I suppose to justify it to the reviewer? How do I respond to their questions? How do I convince them to approve it? “I’m sorry I’m not allowed to tell you why this PR is needed” is not going to get it approved

And in the (I think highly implausible) event the government did order me to do such a thing-first I’d insist it was impossible (due to the kind of internal controls I’ve already mentioned), and if they wouldn’t accept that answer, then I’d resign rather than do it. I don’t think the law can stop you from quitting your job, and once you quit, you are no longer able to comply with any such orders.

It seems to me like one of these laws which has disturbing wording but is going to be very difficult for the authorities to utilise in practice.

(Disclaimer: of course I don’t speak for my employer, etc)

I suppose you'd do it the same way any North Korean operative would. They'd offer you training on how to bypass the controls. They'd get you to exfiltrate the code and the product roadmap. They'd have someone more skilled suggest a plausible backdoor as part of an innocent change, like the xzutils one.

As for how they'd force you, just like any intelligence agency, they'd start with carrots. They'd offer you money, or the chance to feel you were serving your country (both are free to the Australian government, and likely more effective than a double ration of wheat). They'd have you do very innocent, justifiable things at first. They'd work their way up to higher demands. If you got cold feet, they'd tell you you were in too deep. They'd then consider the sticks. They'd threaten to expose your spying, or release some other compromat. They'd arrest you or a family member on a he-said-the-cops-said enemy-of-the-people crime like drugs, child pornography or terrorism, and make it clear that only your full cooperation would see a release.

Nobody thinks the Australian government relies on this kind of thing as much as NK, and the checks and balances of a democracy make it too expensive to do this at an industrial scale. But you'd be foolish if you thought the state doesn't have these capabilities, and the complete willingness to use them for matters of national security, and the ability to make it "legal", perhaps by pardoning people or not cooperating with any court.