I'm curious what HN thinks is the best course of action when you are reasonably certain you have interviewed someone who is attempting to gain access to your company from a certain place that is famously totalitarian.
Let's assume they are a state actor, Here are some things that crossed my mind:
- Citizens from this region of the world are forced to do this and it amounts to slave labor. I have empathy for their situation. What is a responsible way to report things like this?
- I try to avoid communicating with law enforcement in general, is the FBI or other US agency the only avenue to warn others?
- Without hiring this person, what exposure should we worry about? What precautions are worth taking in the future?
Thanks for your insights :)
stevenicr2 hours ago
npr had a segment not too long ago exposing this and walked through the steps for one company, and it led to additional training for HR and the first line of checking resmume's and such - can't recall the date it ran.
There have been similar stories recently: https://www.techtarget.com/searchSecurity/feature/How-to-spo...
https://www.wbur.org/onpoint/2025/06/12/cybersecurity-indust...
https://cloud.google.com/transform/ultimate-insider-threat-n...
https://ogletree.com/insights-resources/blog-posts/fbi-warns...
I think the npr segment was like a third party cybersecurity podcast they aired to buffer time in daytime(?)
runjakea day ago
If I was in the US and the state actor was not Israeli, I would contact my local FBI office and give them details.
They will be kinda rude and very short with you on the phone, but nonetheless, they will gather information from you, which will go into their systems and get paid attention to at some level. They seem especially interested in CN/NK/RU/IR actors, obviously.
If they were Israeli, I'd keep my mouth shut because I don't want to get in the middle of that, nor get on any radars.
Spooky2315 hours ago
Good advice. I’ve engaged with them before - in my case very professional to deal with.
channeleatona day ago
I’ve posted about this problem before. It’s happened to me twice at two different companies.
This is a legit problem. They pose as American citizens or permanent residents. Sometimes even using a VPN into the US. HR folks would not catch on.
I’ve actually interviewed two of these people over the years. They somehow got through the initial screenings. It’s a bizarre experience. Most of the time there is a significant delay with silence between your question and their answer. It’s as if they’re being fed the perfect answer. Problem is they could never answer or pretended to not understand any follow-up questions.
You could always hear others in the background. One time I was given an answer that I had heard someone else in the room give just 2 minutes before.
The question that really solidified my hunch was about their location. The applicants would always claim to be from a very small town somewhere in the US. In my two experiences I happened to know a lot about those towns. The first said they “really enjoyed the mountains” when I asked what brought them to a Houston suburb. When I asked the other applicant if they had any damage from the hurricane that went through St. Augustine, FL, they replied “What hurricane?”
Now, neither of these people would have been hired even if they had stellar interviews as we do make use of background checks and verification services. This scheme really only works for third-party dev shops or desperate small companies.
I’m glad this problem is getting more attention.
matt_sa day ago
What gave you the impression during what I would assume is a 1-2 hour interview that the person applying for a job is foreign agent?
Do the behaviors exhibited also align with other somewhat common candidate behavior like not being competent in what they say, being nervous, etc.?
puppycodesop20 hours ago
I think determining whether they are or are not is very hard and full issues like bias toward english proficiency, culture and a whole bunch of stuff that could be problematic to screen for.
Thats why I phrased the question as assuming they are a foreign agent because the due dilligence one must do is probably particular to the job and company.
The evidence however seems like it will always be more or less circumstantial unless you have the time and resources to devote to a thorough background check.
Bendera day ago
Ask for a rep from your corporate security department, your legal department and your CSO for a quick meet-up and let them decide what to do. Hand it off to them so it is not your responsibility and so you can focus on your assigned tasks. Provide only the facts.
scrubs2 days ago
Emphasing with the individual has merit, but on balance has the wrong framing. It's the org the individual is in that's the real problem. I'd tell the fbi. Being a nice guy is counter-indicated here. The other side certainly isn't.