It’s no secret that North Korean threat actors are ramping up their game by using stolen or fake identities to gain employment at Western companies. (Some might say they are faking IT ’til they make it!) One identity assurance company, however, claims that these cyber criminals aren’t the only culprits behind the popular faux hiring scheme.

Last week, HYPR admitted in a blog post that it extended a contract to a European software engineer, dubbed John Doe, who it later discovered was not who he claimed to be.

Doe was extended the employment offer after successfully advancing through several rounds of live interviews with the identity security company and began HYPR’s onboarding and credentialing process—which entailed device verification, location check, document authorization, as well as text and video chat—in mid-October. However, his identity quickly sounded alarm bells.

Red flags. One tell-tale sign of Doe’s false identity was the fact that his location did not align with the information he had provided to the company. HYPR revealed that the new hire’s IP location showed that he was 301 miles away from his home address.

Read the rest here.—BM

It’s a data privacy world, and we’re living in it.

Americans report feeling helpless about their personal information—so much so that as much as 48% feel that they don’t know how to protect their data online, according to a recent survey from YouGov. The report also found that 62% of Americans feel worried about how much of their information is exposed.

Work the solution. That’s not a surprise to Rob Shavell, co-founder and CEO of Abine, the parent company of DeleteMe, a personal information deletion service. Shavell told IT Brew that in his view, the helplessness is connected to the way that the harms and effects of personal information are “hard to define.”

“Most people, when faced with a problem that is hard to define and hard to figure out a solution for, just ignore it,” Shavell said.

State central. Lawmakers have advocated for years for stronger data privacy protections. On Oct. 18, the Department of Justice proposed a rule “prohibiting and restricting certain data transactions with certain countries or persons.” The rule, meant to protect Americans from having their personal information sold to adversaries, is part of the implementation of an executive order from President Biden in February “to protect Americans’ sensitive personal data from exploitation by countries of concern.”

Read more here.—EH

The developers of a right-wing “election integrity” app managed to expose serious allegations of planned election interference—though by total accident, and coming from their own side.

On election day, Wired reported on flaws in the VoteAlert app developed by True the Vote, a Texas-based election-denial nonprofit involved in conservative efforts to purge voter rolls. According to Wired, anyone could navigate to VoteAlert’s website and view the email addresses of individuals who had submitted reports or comments to the app just by scanning the site’s publicly viewable source code.

A spokesperson for the site told Wired a weekend update to introduce infinite scroll had “temporarily” caused configuration errors—although according to Wired, the data had been exposed for weeks. During that time, only 146 users attributable to separate email addresses were active, although Wired wrote that the group submitted and commented on nearly 200 reports of fraud.

One user claiming to be a California-based county election official detailed a “racist and illegal scheme,” Wired reported, to demand IDs from voters based on arbitrary assumptions of non-citizenship status. California State law does not require voter ID, and Gov. Gavin Newsom recently signed a law banning local governments in the state from requiring them.

Keep reading here.—TM