hacker news hiring

Introduction：

1、AI in Cybersecurity： What's Effective and What's Not – Insights from 200 Experts

2、DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations

AI in Cybersecurity： What's Effective and What's Not – Insights from 200 Experts ♂

　　Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity.

　　Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing survey of 200 industry insiders. This isn't your average tech talk; it's a down-to-earth, insightful discussion about what AI is actually doing for us today.

　　Why Tune In?

　　Get the Inside Scoop: How are real-world security teams using AI right now? Learn about the genuine perks and the real snags, from data hiccups to transparency troubles.

　　Boost Your Cyber Defenses: Discover which cybersecurity corners AI is revolutionizing the most. It's about pinpointing where AI can really beef up your security measures.

　　Walk Away With a Game Plan: This isn't just about high-level ideas. You'll get practical, straightforward tips on making AI work harder for your security needs.

　　This webinar isn't just about listening; it's about transforming your approach to cybersecurity. Find out how to steer clear of overhyped tech and focus on solutions that truly deliver. Learn from peers who are putting AI to the test and gearing up for future challenges.

　　It's the perfect chance to rethink your cybersecurity strategy with AI at the helm. Whether you're fine-tuning your approach or starting from scratch, you'll leave with fresh ideas and sharp insights.

DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations ♂

　　The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme that seeks to generate revenue for the Democratic People's Republic of Korea (DPRK) in violation of international sanctions.

　　The action targets Jin Sung-Il (???), Pak Jin-Song (???), Pedro Ernesto Alonso De Los Reyes, Erick Ntekereze Prince, and Emanuel Ashtor. Alonso, who resides in Sweden, was arrested in the Netherlands on January 10, 2025, after a warrant was issued.

　　All five defendants have been charged with conspiracy to cause damage to a protected computer, conspiracy to commit wire fraud and mail fraud, conspiracy to commit money laundering, and conspiracy to transfer false identification documents. Jin and Pak have also been charged with conspiracy to violate the International Emergency Economic Powers Act. If convicted, each of them faces a maximum penalty of 20 years in prison.

　　The development is the latest step taken by the U.S. government to disrupt the ongoing campaign that involves North Korean nationals using forged and stolen identities to obtain remote IT work at U.S. companies through laptop farms operated within the country.

　　Other efforts include the August 2024 arrest of a Tennessee man for helping North Koreans land jobs in U.S. firms and the indictment of 14 DPRK nationals last month for purportedly generating $88 million over the course of a six-year conspiracy. Last week, the U.S. Treasury sanctioned two North Korean nationals and four companies based in Laos and China for their work on the IT worker scheme.

　　"From approximately April 2018 through August 2024, the defendants and their unindicted co-conspirators obtained work from at least sixty-four U.S. companies," the DoJ said. "Payments from ten of those companies generated at least $866,255 in revenue, most of which the defendants then laundered through a Chinese bank account."

　　According to the indictment document, Jin applied for a position at an unnamed U.S. IT company in June 2021 by using Alonso's identity with his consent and one of Ntekereze's New York addresses, subsequently securing the opportunity for a salary of $120,000 per year.

　　Ashtor's North Carolina residence, per the Justice Department, operated a laptop farm that hosted the company-provided laptops with the goal of deceiving the firms into thinking that their new hires were located in the country when, in reality, they have been found to remotely log in to these systems from China and Russia.

　　Both Ntekereze and Ashtor received laptops from U.S. company employers at their homes and proceeded to download and install remote access software like AnyDesk and TeamViewer without authorization in order to facilitate the remote access. They also conspired to launder payments for the remote IT work through a variety of accounts designed to promote the scheme and conceal its proceeds, the DoJ added.

　　In furtherance of the scheme, Ntekereze is said to have used his company Taggcar Inc. to invoice a U.S. staffing company eight times, totaling about $75,709, for the IT work performed by Jin, who was masquerading as Alonso. A portion of the payment was then transferred to an online payment platform held in the name of Alonso that was accessible to both Jin and Alonso.

　　The wide-ranging effort by North Korea to have their citizens employed at companies across the world is seen as an attempt to earn high-paying IT salaries that can be funneled back to the country to serve the regime's priorities and gain access to sensitive documents for financial leverage.

　　The IT worker scam, as reiterated by the U.S. Federal Bureau of Investigation (FBI) in a separate advisory, involves the use of pseudonymous email, social media, and online job site accounts, as well as false websites, proxy computers, and witting and unwitting third-parties located in the U.S. and elsewhere.

　　"In recent months, in addition to data extortion, FBI has observed North Korean IT workers leveraging unlawful access to company networks to exfiltrate proprietary and sensitive data, facilitate cyber-criminal activities, and conduct revenue-generating activity on behalf of the regime," the agency said.

　　"After being discovered on company networks, North Korean IT workers have extorted victims by holding stolen proprietary data and code hostage until the companies meet ransom demands. In some instances, North Korean IT workers have publicly released victim companies' proprietary code."

　　Other instances entail the theft of company code repositories from GitHub and attempts to harvest sensitive company credentials and session cookies to initiate work sessions from non-company devices.

　　It's not just a U.S. phenomenon, as a new report from threat intelligence firm Nisos reveals that several Japanese firms have also landed themselves in the crosshairs of DPRK IT workers. It specifically highlighted the case of one such IT worker who has held software engineering and full-stack developer roles with different firms since January 2023.

　　The IT worker personas have been fleshed out digitally to lend them a veneer of legitimacy, complete with accounts on GitHub and freelance employment websites like LaborX, ProPursuit, Remote OK, Working Not Working, and Remote Hub, not to mention creating personal websites containing manipulated stock images and hosting resumes with content borrowed from other personas.

Related questions

The "Who Is Hiring" thread on Hacker News is a monthly post where companies share job openings, typically for roles in tech (software engineering, product management, data science, etc.). These threads are posted on the first weekday of each month by the Hacker News account whoishiring. Here's how to find the May 2024 edition and navigate it:

1. Access the May 2024 "Who Is Hiring" Thread

• Direct Link:
  Visit the official thread here:
  May 2024 "Who Is Hiring" Thread
  (Note: This link assumes the thread was posted on May 1, 2024. If it鈥檚 unavailable, check the steps below.)

• Manual Search:

  1. Go to Hacker News.
  2. Search for "Who Is Hiring" in the search bar at the bottom.
  3. Filter results by date to find the May 2024 post.

2. Key Features of the Thread

• Job Listings: Each top-level comment is a job posting. Companies include details like:
  • Role (e.g., "Senior Backend Engineer")
  • Location (or "Remote" availability)
  • Visa sponsorship eligibility
  • Company name and contact info.
• Formatting: Many posts use [LOCATION] [REMOTE] [VISA] tags for quick scanning.

3. Pro Tips for Job Seekers

• Filter with Keywords: Use Ctrl+F/Cmd+F to search for terms like:
  • "Remote"
  • "Entry-level"
  • "Python" or "React"
  • Specific locations (e.g., "Berlin").
• Check Comments: Some companies post salary ranges or hiring process details in replies.
• Use Tools: Try HN Hiring Mapper (a third-party tool) to visualize job locations.

4. Related Threads

Hacker News also posts two other monthly threads:

• "Who Wants to Be Hired?": For job seekers to share their skills.
• "Freelancer? Seeking Freelancer?": For contract/freelance work.
  Find these via the whoishiring profile.

5. Past Threads

If you need older posts (e.g., May 2023), use:

• HN Algolia Search with keywords like "Who Is Hiring May 2023".

Let me know if you need help refining your search or understanding specific job listings! 馃殌