this post was submitted on 19 Dec 2025
230 points (99.1% liked)

Technology

77768 readers
3214 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
230
North Korean infiltrator caught working in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location (www.tomshardware.com)
submitted 10 hours ago by sqgl@sh.itjust.works to c/technology@lemmy.world
42 comments fedilink hide all child comments
 

https://archive.is/sfYWG

you are viewing a single comment's thread
view the rest of the comments
[–] sqgl@sh.itjust.works 5 points 9 hours ago* (last edited 9 hours ago) (2 children)

But the infiltrator hacked the remote worker's computer.

The actual worker may have been require to use...

https://aws.amazon.com/workspaces/desktop-as-a-service/

But the lag from the infiltrator to that is what was detected. There was presumably no Amazon software installed on the infiltrator's computer so how can the lag be measured?

[–] Brkdncr@lemmy.world 5 points 8 hours ago

Keyboard input over kvm is pretty awful. It’s possible the kvm software was enforcing a delay between keystrokes to make sure they are delivered in order. Seeing keys consistently pressed with 500ms separation would be odd.

[–] Darkassassin07@lemmy.ca 0 points 9 hours ago (1 children)

Perhaps something like time between key pressed and key released being abnormally high? Or erratic mouse movement?

I know whenever a PC I'm using is being remotely controlled, the mouse jerks around instead of moving smoothly around the screen. I'd imagine that gets even worse with ping/more layers of remote connections.

[–] sqgl@sh.itjust.works 0 points 8 hours ago (2 children)

Yes but you need access to the culprit's computer for the lag measurement.

[–] porcoesphino@mander.xyz 4 points 8 hours ago (1 children)

Amazon security experts took a closer look at the flagged ‘U.S. remote worker’ and determined that their remote laptop was being remotely controlled – causing the extra keystroke input lag.

With access to the final remote desktop, and access to the workers laptop you know the delay from these two so if there is more delay, then you can infer it's coming from somewhere else? I'm sure there are more paths too but access to the North Koreans hardware doesn't seem required

[–] porcoesphino@mander.xyz 2 points 8 hours ago

Also worth pointing out that this was a flagged employee (probably from something like data access logs) so they would be under more scrutiny and surveillance than the average employee

[–] Darkassassin07@lemmy.ca 3 points 8 hours ago

No. I'm talking about measuring the time in-between inputs being received over the remote connection. Purely observation from the receiver side of the connection.

Network overhead + dropped and re-sent packets, introducing unusual lag in between commands/keystrokes.

A key being pressed and key being released are two separate events that get transmitted separately and usually happen pretty close together. That gap getting larger, due to the long-distance connection introducing lag, could be what they were looking at.