Some background. I'm a senior developer who has performed hundreds of interviews and seen dozens of questionable recruits long before AI. Typically the scam is that an offshore consultancy wants to place some roles to collect wages. Many of these agencies are from collectivist cultures, so in the mind of the agency, they all work in our project. This may not be true, but the agency sees the position as theirs, not the recruit's. So they typically don't the issue with putting recruit A in front of the interviewer and then slotting recruit B in after the position is secured. I've seen this done with A talking while B moves their lips on camera. Now with chatGPT (and earlier to some degree with just Google Search) we just see applicants eyes focused on something they're reading when we ask questions. All of this is just as easy as an AI generated applicant (if not easier) and quite likely to get the recruit hired.
A lot of this narrative is pointing the finger at China, North Korea and Russia/Ukraine. The best candidates I've fielded have been Ukrainian, Russian and Chinese. These are countries well known for their tech sectors. North Korea has executed the largest crypto heists in history. These are not groups who need to fake it.
So who does this narrative serve? It serves the RTO CEOs. This makes CEOs scared to hire remote workers and lets the ones who demand it have a reason.
If anything the panic around AI should reinforce the need to think critically about these things.
A LOT of people are far worse at interviewing than they think they are. And so, a bullshit artist can get hired. Technology now allows these bullshit artists to propagate more, and do more damage than would have previously be possible. AI in the workplace is a similar problem. Can you tell the different between someone who really just leans on ChatGPT all day but is actually incompetent? Probably so, but someone who was that incompetent just wouldn't have previously been able to hang on for quite as long, or deceive so many people.
[edit]
It's clear that my comment was not clearly written -- when I said "A LOT of people are far worse at interviewing than they think they are," I was referring to the people holding the interviews, and not referring to candidates. I'm shocked at just how bad a lot of folks are at holding interviews, and just how misplaced their confidence in their ability seems to be.
This works both ways right? Would it be fair to say that interview processes don't differentiate good hires from bullshit artists? Feels like framing the problem differently might make it tractable.
A LOT of interviews are one-sided bully sessions, so people don't jump through the hoops they are expected to.. especially in hazing-friendly cultures like the security and finance sectors
They've all drunk the leetcode / cs question koolaid, instead of just talking about projects, and how they would solve some things, and checking their personality (this is like 70% of the weight for me for new team members) if nobody likes you because of your attitude / personality, you'll bring down the team with your personality.
Age old question, who will judge the judge?
More relevant question: even if you can easily tell the difference, can you convince the person who makes the hiring decisions that your colleague is incompetent and only relays words to/from ChatGPT?
Ways to combat bait and switch is to alter interview questions, add new questions to every interview, ask deeper level questions, and observe the candidate in how they respond. It should be a more conversational tone the entire time, random discussion paths pursued, especially if the candidate's interests perk up about something. Every candidate has a different background so getting them to talk about that and problems they solved and diving into those in detail should be a good gauge of ability.
Fast forward nearly 18 months into the 6 month contract, and about $40k later, there is no working app and the "CEO" says "well I would love to give you some of your money back but the contract has expired so I am no longer able to do that, we could sign another one for $20k to finish if you'd like."
I've worked with probably a dozen offshoring companies in my life in one way or another and every single one of them has been deceitful to the point of being fraudulent, and puts out some of the worst code you have ever seen.
I tell everyone considering it that if you can afford it, you're getting scammed in one way or another. You're better off going with a US-based firm that guarantees you'll get American workers who are physically in the US working on your product.
I'd rather hire Deloitte or Accenture for 10x the price - I know they offshore a ton but you'll at least have avenues to get your money back if they don't deliver.
Will we get AI to determine if the candidates are using AI?
reality is way more messy and worse. There are multiple actors involved in each part. Eg 2-3 "actors" for visual screen are ready for each call, 2-4 "audio" knowledge only experts on the call, 1 dedicated speaker, 1 person coordinating answers from audio folks to actor folks.
they are even ready for once in a while visit to offices in us, so they have actors there on the field as well ready to attend calls (probably 1 to 1 mapping after first visit)
and the work assigned is assigned to a completely different set of people, not involved in any of above. those folks and these folks dont interact.
i have worked part time as one of the "audio" person in above interviews. also involved on work side. ama.
It’s as if someone else disconnected us.
I am sure they are North Koreans. Next time I will have a picture of fat leader printed out and I am asking the candidate what they think of Kim.
If you think these scams aren't real, you aren't looking. We're a remote company, but our policy is now to only hire candidates from internal referrals, or candidates who are in a location where someone on the team they're hiring into can grab coffee with them.
Guess France is a collectivist culture. That's 101 of many consultancies: get the contract by presenting the A-Team then switch with junior employees a couple weeks in.
In-person interviews.
And if you don't want to pay for that, proctoring.
And if you don't want to pay for that, I have next to zero sympathy for you.
I've run into this with a Ukrainian consultancy. It wasn't even a scam. They told us up-front that they were prepared to pull their best engineers from some other clients and put them on our team in order to win our business. Our obvious reaction: and when you get another opportunity, you will pull those engineers from us and we'll get the B-team, just like you're about to do to someone else.
Naturally we didn't move forward with them (this was before the war, so very lucky decision)
Out of curiosity, what tech sector does Ukraine have? I don't remember ever hearing of any large successful Ukrainian SW compony or unicorn.
(Their response to a customer-service request a year or so ago was sobering. Along the lines of "yes, that's a bug we know about, but the developer who owns that feature lost his home in a missile strike last week. Once he's got housing and a new laptop he'll fix it." A week later he fixed it.)
Europe doesn't have a ton of large and high paying software companies, but it does have a ton of good developers.
Romania probably has produced half a million software developers over the past 30 years (in a population of about 20 million), yet it basically doesn't have any large software companies. Probably the biggest you might have heard of are Bitdefender or in the past Softpedia.
Or the alternative, foreign companies set up shop there to scoop up the local developers. Using Romania as an example, Bucharest has R&D centers with at least hundreds of developers each (some with thousands), for: Amazon, Google, Microsoft, Oracle, Adobe, SAP, UIPath, Huawei, Honeywell, IBM, Cognizant, Ericsson, Ubisoft, HP, etc.
Russia, on the other hand, has traditionally focused more on building its own products and brands, both for its domestic market (Yandex, VK) and the global market (Karsperky, ABBYY, JetBrains). When a technology they create for themselves turns out to be pretty good, it often spills over to the West and gains global popularity - examples being ClickHouse (originally to support metrics collection at Yandex), nginx (originally a reverse proxy at Rambler), etc. I have a hard time remembering something similar coming out of Ukraine?..
I may be wrong, it's just my impression of it (reading Ukrainian/Russian job postings etc.)
JxBrowser: https://teamdev.com/jxbrowser/ DotNetBrowser: https://teamdev.com/dotnetbrowser/
A deepfaked recruit is a slight extension of that.
I got my only remote BigTech job post Covid where the entire loop was remote. But it was customary before then to fly people into the office for the final interview.
Yes I realize “remote first” companies may not have an office. But even then, you could fly the interviewees to the location of the interviewer and use a hotel conference room.
Call me a conspiracy theorist but it seems vastly more likely that China and Russia (far and away NK’s strongest, nearest, and largest allies) are executing these hacks and blaming them on the NKs to avoid retribution.
You either believe that or that NKs are genetically superior specimens because they’re not doing anything else that would yield the superior results they attain.
I'm 100% sure there are some people there using AI to try to get through interviews, but what's the end game? The article mentions faking identification documents and work history. Well the first is a crime, and the second takes about 5 minutes to verify. "RTO to prevent crime" is so dumb even the RTO CEOs aren't pushing that one yet.
Maybe in the future it will be a more significant problem but not this year, not next year and probably not even this decade.
> The applicant, a Russian coder named Ivan, seemed to have all the right qualifications for the senior engineering role. When he was interviewed over video last month, however, Pindrop’s recruiter noticed that Ivan’s facial expressions were slightly out of sync with his words.
> That’s because the candidate, whom the firm has since dubbed “Ivan X,” was a scammer using deepfake software and other generative AI tools in a bid to get hired by the tech company, said Pindrop CEO and co-founder Vijay Balasubramaniyan.
Hm, let's read on.
> As for “Ivan X,” Pindrop’s Balasubramaniyan said the startup used a new video authentication program it created to confirm he was a deepfake fraud.
Oh, I get it, it's an ad for Pindrop.
Christ the future is stupid.
There is a Reddit community with over 400k members to show how prevalent this is [1]. There's lots of tactics like not allowing mentions on LinkedIn so they can't be publicly mentioned and seen by other unsuspecting employers, and just maintaining plausible deniability about why they can't make an on camera meeting. It is technically not illegal so it is very lucrative and hard to detect.
2. I'm not aware of anyone who is the CEO of 4 companies; well, except Mr Musk, but don't you dare say for a second that no one is batting an eye at that. Most CEOs I know barely have enough time for one company; and obviously the performance of Musk's companies recently suggests he's in the same boat.
3. The original poster pretty clearly inferred that, in these situations, generally speaking these workers are not meeting performance expectations.
If you want to work at 4 companies and your 4 managers don't have a problem with it, then go for it. Real problem arises when one lie about it and does it stealthily. Lying shouldn't be allowed, neither for CEOs nor for worker bees.
As they say, "Turnabout is fair play".
But god forbid the laborers do anything that takes advantage of a situation to better their lot in life.
For the record, I ain't one of those folks either. I'm not looking to hold more than one job at a time, and I suspect the actual majority of workers are like this too, so even if the argument held water for someone, 400K people is less than 0.1% of the workforce. That is hardly worth worrying about beyond simple precautions if it something you think is an issue
(I work remotely for a big corp and this is how I feel and act as well.)
This is the same as grouping all workers together as being lazy.
Especially in the WFH era where it's much easier to get away with it clean, I don't see anything all that wrong with working 2 or 3 such jobs at the same time. If all of them are happy, or at least not too terribly upset, with your performance, what's the harm. There's definitely been times in my life where I could see myself doing that just for the sake of being bored.
What do you do in your second and third job? How did you find it?
Just because the fraud or theft isn't at the moment illegal doesn't meant it isn't fraud or theft.
You notice that they have two "executive assistants" on staff at the 30-person company you're applying to. Gee, I wonder if this "CEO" does any actual work? No, of course they fucking don't. Linkedin post about how they balance work with family despite all this, LOL, it's because all your "jobs" are fake and you have enough money to pay to make all your personal work go away, too. You're a goddamn part-time worker dilettante playing pretend that you're a "hard worker" with amazing time management skills.
Yeah, demands that employees operate under far greater constraints and give more than the near-zero shits about the company than the owner- and executive-classes for way less compensation are totally reasonable and should be respected. /s
And as others have pointed out, apparently it's only ok when a genius-level CEO takes four different CEO spots and a few board seats and continues to play video games all day. Yep, totally ok and not for anyone else.
Somehow that's fine for higher ups to 'sit' on 10 boards. And they do not see that like 'steal as many paychecks'.
On the other hand, I am the hiring manager at a healthcare company and I have to layoff 1-2 people per year who do this. I know all the tell tale signs, random blocks on calendar, missing meetings, sudden health issues when there are production incidents, getting stuck on simple problems for days at a time. Of course you can always back it up by looking at their stats (staring at Microsoft teams 4-5 hours a day).
I just close that company’s laptop and never think about them again.
There is no linkedin to update, no resume to update, no desperate dash or networking for another role.
Although there is less sympathy for being sacked for performance issues when thats the reason, the realities in my overemployment journey have been companies running out of runway for reasons not solvable by engineering direction, furloughs, government contracts where the top performers only lasted 5 more weeks longer than I did after being promised that the project was a 5 year contract, whole org adjustments, “we are going in a different direction” and more. Tech is not a stable sector. This is a far superior position to be in.
I’ve met expectations and gotten raises from simultaneous full time roles as well.
He struck me as somebody who was just overextended and flailing around for immediate cash revenue. So I think he had convinced himself he could do his two companies and a full-time job. But I expect that in practice he'd stint us on hours and be so sleep-deprived during them that he'd be somewhere between marginally and negatively productive until we fired him.
But then it's hard to tell the difference between a desperate schmuck and a scammer, as I think it's a continuum. A lot of out-and-out scams get started like that.
To be fair, I could probably replace children with running a company on the side and still end up less sleep deprived.
A pre-employment background check (which you typically do after accepting an offer and right before starting the job) would clearly show all your previous places of employment (for up to 7 years at the very least), along with the timelines. How would one explain that to the employer?
The most they can realistically do to you for violating that section is just firing you. I don’t see them trying to collect the “damages” in the civil court.
I am not saying it's not happening. But we haven't seen it happen on HN.
Onsite interviews were a normal practice just a few years ago.
Getting a taste of their own medicine after all those fake or evergreen postings. Feels shitty doesn't it? At least the people looking for hires still have a job to feed their families, unlike many on the job seeker side.
It's hilarious that the same technique is now being used against them and companies are angry and frustrated. Too bad they are not actually human to understand what those feelings mean.
We talked to some recruiters recently and they essentially said atleast 1 step of the hiring process must be in person unless a valid reason can be made. i.e. single mother taking care of child going through a divorce backed up by a court record.
One fun thing to do is stress test their GPU / CPU out during part of a coding exam. (Only do this for 99% confirmed cases) This can slow the deepfake software down so much that it starts looking messed up and obvious. Securing employee onboarding with KYE IAM is also critical. Most of these people don't put much effort on the 360 review of an applicant and verifications beyond video calls spot them early on. There are countless solutions to the problem so you need to be creative. These applicants think they are next level fakes, but a lot can be spotted a mile away.
Unless they've changed tactics, I think they might just blow up literally any job listing they can because the cost of not getting called back is nil anyway.
Nobody is moving across the nation to a town in the middle of nowhere to make $10/hr.
And I have been contacted many times to such kind of arrangement that the offered me that we will give you realistic fake US profile, you have to give interview, if you get hired, we will take some share of salary. And I denied, as I do not want to live with feeling of guilty of lying for earning more than I need where I live, I can live way better with what I make than my other fellow countrymen.
Want to add tech to the mix? Give the hired ones in-person a device to take home that will need to be verifiably at their stated location. Also require confirmation they are located where they say they are located, maybe even hire a PI to verify. And yes, traveling digital nomads could be accommodated; "I'll be in Bali the next month"; "fine, just send us a pic of your passport stamp and the location device will confirm it". Yes, it is a bit of light surveillance, you are paying for work and basic honesty and verifiability is not too big of an ask.
Sure, some of that could be fooled by working with an accomplice, but it would certainly cut down the fakers by orders of magnitude, and the NKs by ~100%.
"A bit of light surveillance" my ass.
Who said anything about install? They give you a company phone.
And you really think it is unreasonable for a person/company paying you money to do a task to know where on the planet you are located, emergency contacts, etc.? What happens when you get hit by a bus in Bangkok or have a scuba incident in Bali and are in the hospital for a week or worse? You just go dark and they have no way to send aid or even get status on the work you are now suddenly not doing, or obtain the current files so someone else can make progress?
Of course there are many inconsequential gigs/jobs for which it doesn't matter if you disappear, or lie about your identity or location, or are a North Korean spy trying to destroy the company, and you're welcome to work for those.
But I'm 100% in favor of remote work, and I would not remotely consider hiring someone for any consequential project or position without knowing they are who they say they are and they are where they say they are located.
And from a Corporate and National Security perspective, while I consider Return To Office largely outrageous, it seems quite reasonable for simple physical security measures to verify an employee is who and where they say they are.
Even more so considering the massive amounts of both nation-state-level corporate espionage and remote work fraud going on.
I'm getting whiplash from how quickly this article jumps to conclusions. Most corporate cybersecurity is quite strong. Why is this the very first conclusion they come to? Not even that the fake profiles collect a salary, just.. "virus!!!"
I just had a PR opened that was a two character change, in Javascript, changing `if (!warned)` to `if (!== warned)`. They assured me, in an H1 no less, that they had tested everything and that it was fixing some problem, but didn't say what.
What the hell is happening, and what are we supposed to collectively do about this? Or is this just some new norm we'll have to adapt to?
I have this theory in general that paper is going to make a huge comeback. We've passed the point now where there is no meaningful way to tell if something is AI unless it physically cannot be. Hand written paper and physical art is literally the only thing left that passes this.
I didn't see any "AI" candidates, but I was suspicious about a few / if they were in fact who they said they were.
The part I worry about is that maybe I was just too suspicious and some poor guy was playing it straight and I gave a thumbs down due to my suspicions.
Except the "them" who've been wasting applicants' time for decades is not the same as the "them" who are facing the flood of fake job seekers.
It's generally preferable that "justice" treats innocent parties and guilty parties quite differently.
The empire strikes back. Until now, the job market, was flooded with false vacancies.
Oh, they're nothing fancy, just perfect-bound with card covers and spines hand-lettered in silver paint on black bookbinder's tape. But they're workmanlike and sturdy and sound in the hand, and maybe it'll be worth someone's value to own words that not only have obviously been labored over at length, but that never change even when no one is looking at them.
Why not, I suppose. Printed words are already becoming a luxury, with the decline in material and workmanship in modern hardbound "prestige" editions reflecting their place among the economy of aspirational, status- and status-anxiety-signaling goods. Obviously I would have no market among these dreary neoliberal bourgeoisie, but I'm sure there are a few perverts on websites like this one who'd pay more for the produce of hours in an attic over hand tools and muttered swears, for something that even if it's just a trade paperback still feels and reads the way a book should.
> More than 300 U.S. firms inadvertently hired impostors with ties to North Korea for IT work
"Impostors" implies that the people they hired couldn't do the job. That's not true: These were people who just faked their location/identity. They had the skills and worked for a long time for those companies. As far as the company was concerned, they were just regular employees. If they couldn't do the job they would've been fired.
If these "impostor" employees actually couldn't do the job and they somehow were able to stick around for as long as they did there's a different sort of crisis going on in "US companies" that has to do with management.
But two, are you serious with "If they couldn't do the job they would've been fired"? I think the most charitable assumption I could make is that you must not have been in the working world long. There are plenty of places that are bad noticing and getting rid of underperformers, even when everybody involved is well meaning. If somebody is actively running it as a scam, it could be hard indeed to detect. And really, they don't have to evade detection forever. Even a few months of paycheck may be more than enough for them to cover the costs of getting the jobs.
Undoubtedly there would be many who would say "I would never spend even one cent to apply for a job position". However, given that such positions tend to pay tens of dollars per hour, and given that a proper application takes at least a few minutes to fill out, I think this is economically unviable. And, of course, if I'm wrong and you now have thousands of applicants anyway, you then have a small fund to draw from for other recruiting activities like in-person interviews.
Or a job description which has X, but X is a very small subset but in fact its a mostly legacy system using Y.
Want to pay me for my time?
