In this case, the KVMs are plugged into multiple laptops being run in people's basement/spare bedroom, it seems. Someone will earn a set amount per laptop per month, to accept a company-supplied laptop (from a us company) then plug in one of these little KVMs to give a remote worker access without as much ease in detection.

The Wall Street Journal had an article about the people running these North Korean laptop farms.

https://www.wsj.com/business/north-korea-remote-jobs-e4daa72...

> "I live in a travel trailer. I don’t have running water; I don’t have a working bathroom. And now I don’t have heat,” she said. “I’m really scared. I don’t know what to do."

Whn people have no solutions for basic problems they become the problem.

So the main difference over more typical remote desktop methods is that it pretends to be a physical display and keyboard to fool the PC it's remoting into in if it's overly locked down?

Feels like there's otherwise a hundred different ways to already do remote control without any extra hardware.

All the alternatives have a risk of setting off D&R tripwires. Assuming these things can spoof their device IDs so they look like a Logitech keyboard etc, I think the cost of the hardware setup is gonna easily pay for itself in terms of harder detection.

What does "D&R" stand for in this context?

Detection and response - basically any remote access software usage is very likely to trigger an alert to the IT security team, either from the antivirus or EDR (endpoint detection and response, the most famous is Crowdstrike)

The most infamous at this point one could say.

Either way you've heard of them :)

> Feels like there's otherwise a hundred different ways to already do remote control without any extra hardware

This way the worker doesn't have to know 100 different ways to remote into the machine, just one

> amount per laptop per month

Curious what typical rates would be.

So I must be really dumb here but what exactly does the kvm do? It's just stated that it has an Ethernet port and an HDMI and therefore can remote control a computer? And he said the North Koreans are putting them on people's computers as if North Koreans breaking into people's apartments is a common occurrence we've all experienced? And why did the FBI contact him about this?

There's obviously some context I'm missing here, I always thought kvm was the Linux kennel virtualization system...

> what exactly does the kvm do?

In this context the abbreviation stands for “keyboard, video, and mouse”. These are hardware devices you physically connect to a computer and then you can remotely see the computer’s screen and input keyboard and mouse inputs to it via the network.

> It's just stated that it has an Ethernet port and an HDMI and therefore can remote control a computer?

Yes. That is the purpose of a KVM device.

> he said the North Koreans are putting them on people's computers

What is described here is a scam perpetrated by North Korean state to gain funds despite economic sanctions trying to prevent it from doing so.

The scheme involves someone pretending to be a legitimate remote worker working from a legitimate location, but in reality they are performing the work from North Korea. The person working the remote IT job in North Korea gets a pitance, while the state pockets the larger part of the money paid to them.

As part of the scheme the remote worker gets a laptop from their western employer. Corporate IT installs all kind of security measures on the laptop, but also grants it means to access internal resources. The scammer can’t ship the laptop to North Korea and use it directly because if that gets detected they will be found out and fired. They also can’t install software based remote access tools because corporate IT might detect those too. So they use a KVM to remotely use the laptop from North Korea and stay on the job as long as they can.

> as if North Koreans breaking into people's apartments is a common occurrence

The scheme does not involve North Koreans breaking into apartments.

> And why did the FBI contact him about this?

Who knows. Jeff seems to have described how to use a particular cheap KVM in the past. Likely this KVM device is used by the scammers. Maybe he has connections to the KVMs manufacturer? Maybe the FBI thought he does?

> I always thought kvm was the Linux kennel virtualization system...

Same abreviation, but different thing.

KVM in this context stands for keyboard, video, mouse. There are multiple types of these KVMs, and the ones discussed here are remote KVMs.

https://en.wikipedia.org/wiki/KVM_switch#KVM_over_IP_(IPKVM)

It sounds like the North Koreans pay 1 person in the US to have a ton of laptops with KVMs attached to them, and those laptops are remotely used by North Koreans.

Not to be confused with Kernel-based virtual machine (also called KVM):

https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine

KVM (keyboard, video, mouse): https://en.wikipedia.org/wiki/KVM_switch In particular, https://en.wikipedia.org/wiki/KVM_switch#KVM_over_IP_(IPKVM)

It seems they don’t break into someone’s apartment but instead pay someone to stick a kvm connected laptop somewhere in the apartment.

I imagine they mean a remote KVM. So you remote into a PC sitting in a basement in someones house in the US. You then make all your outgoing internet from thta setup and your IP address would look legit.

Its not just North Koreans using them. Its also everyday US citizens who want to be digital nomads.

When i looked at https://www.reddit.com/r/digitalnomad/ a few years ago it didn't seem like any solution really worked reliably.

But if you had a farm of them and one guy maintaining them, rather than sticking it in your parents basement with nobody to maintain it, that might be something different.