< Back
Episode #
113

TIG Risk Services' Duaine Labno on How Remote Hiring Became an Opening for Infiltration

What happens when a DPRK IT worker operation lands inside one of your clients, and the three-letter agency you call says they can't show up? Duaine Labno, Director of Special Investigations & Threat Intelligence at TIG Risk Services, walks through exactly that case: his team built a ruse to recover the compromised laptop, staged a physical handoff at corporate HQ, filmed the courier, ran his plates, and traced him to multiple properties. 

This produced the kind of ground-level intelligence the FBI told him they'd never seen before in a US-based DPRK case. Duaine explains why digital and physical investigations have to run in parallel from day one, not handed off sequentially, and what that looks like operationally when federal resources don't materialize. He also breaks down how post-COVID remote hiring processes that are speed-optimized gave adversaries a repeatable entry point, and why an untrained recruiter doing a soft document check is now a meaningful attack surface for corporate networks.

Topics discussed:

  • How post-COVID remote hiring processes relaxed identity verification standards and created repeatable enterprise network entry points 
  • Running parallel digital and physical investigations simultaneously when tracking identity fraud and insider threats
  • Using open-source intelligence and proprietary threat monitoring software to scan millions of data points for suspect behavioral patterns
  • Executing a live DPRK IT worker case using physical surveillance, a document ruse, and plate runs to identify a U.S.-based operator
  • Why untrained recruiters conducting soft document checks have become a meaningful attack surface in corporate hiring pipelines
  • How adversaries are weaponizing AI for voice alteration, deepfakes, and document manipulation to bypass hiring and KYC verification processes
  • The case for vetted, secure cross-industry intelligence sharing platforms to close gaps that individual organizational silos leave open
  • Where cyber threat intelligence trails end and physical investigation must pick up to produce actionable, court-ready evidence

Key Takeaways: 

  • Treat remote hiring pipelines as an active attack surface by pulling security, legal, and HR into the process.
  • Train recruiters to recognize fraudulent identity documents as a first line of defense against adversarial infiltration of corporate networks.
  • Run digital and physical investigations in parallel from the start rather than waiting for cyber analysis to conclude.
  • Build contingency plans for federal non-response into any investigation involving foreign threat actors.
  • Deploy threat monitoring software capable of scanning open-source data at scale to surface behavioral patterns and connections.
  • Establish vetted, secure intelligence sharing relationships with peer organizations and law enforcement to close the visibility gaps.
  • Pressure-test AI-assisted hiring tools against deepfake and voice alteration scenarios before deploying them.

Listen to more episodes: 

Apple 

Spotify 

YouTube

Website