How do weekly 1:1 meetings with a manager not catch this very quickly? Okay, maybe the original suave interviewer comes back for those… Still feels like a good EM would pick up on discrepancies between work done and how the suave person talks about it.
It depresses me, but you’re probably right about in-office work being the only guarantee against this type of scam. I wish we could just have nice things.
This isn't necessarily the issue here -- this attempt seemed to be fairly motivated and had access to resources (AI, coaches, ...) to help them get through the process.
IF they can get such a 'candidate' hired... whats to say they couldn't continue the sham. One could imagine a team of hackers could easily pass of work that a single IC could reasonably have produced.
If their goal is exfiltration (or some other hack) of a {bitcoin exchange, govt, ...} actually putting in {weeks/months/year[s]} of actual work to insert someone into the right position at the right company is insanely worth it.
Sure I guess someone could physically turned up to an office to collect a laptop, be onboarded, get ID checked, then dial in to a few hours of meetings a week, muddle through any questions, rely on the team back at base helping, turn up in person to team get togethers every few months and manage to bluff their way through. It's not unprecedented - Frank Abagnale was running that type of con decades ago, Russia had the "Illegals" program of deep cover spies.
Those regular calls is what limits how many places you can work for. You full time job becomes holding those calls, plus knowing just enough about the problem to sound intelligent. You can probably work 4 jobs this way.
I also can’t imagine this not getting caught if not in the interview process surely during every day work. Maybe this says more about their work culture and not actually connecting with co workers. Perhaps the manager was just garbage who knows.
On their first day, they will get a lot of accounts, if they syphon data and m set up backdoors quickly, one day could be enough to cause a good chunk of the damage.
Saddens me a bit. I like to trust hires and give them pretty wide access to everything. For my own company, I've so far only hired people I worked with in the past, but when hiring strangers remotely, I'll probably have to rethink my trust-first model.
True, personally I have never gotten much of my access the first day, week or even month but it's certainly possible. Not sure though if syphoning data is the main goal here though as opposed to 1) syphoning money to NK or 2) planting backdoors.
It depresses me, but you’re probably right about in-office work being the only guarantee against this type of scam. I wish we could just have nice things.