Latest news with #Wordpress
Yahoo
12-05-2025
- Business
- Yahoo
The North Korean IT worker scheme infiltrated an American election campaign website
Home remodeling and architectural design are among the new areas North Korean IT workers are expanding into in an effort to continue to make money to fund their country's weapons of mass destruction program, a source told Fortune. The IT worker scam, which has collected billions for North Korea, is innovating beyond remote tech work after being disrupted by law enforcement; even the most mundane tasks are under threat. A candidate for Oregon's state legislature—who was later elected to represent southwest Portland and East Beaverton—had her team hire a designer for her campaign website last year. According to a staff member familiar with the work, the web developer was hired from freelance platform Upwork after a phone interview. There were no red flags during the interview process, nor did the developer indicate that there would be anyone else working on the website, the staffer said. The contract started May 10, the site went live around mid-July, and the contract ended on August 27. The budgeted cost was $2,000. However, the web developer hired to design the site had a subcontractor handle minor edits at the end of the project. A North Korean information technology worker, known and tracked by cybersecurity professionals around the world, logged into the WordPress content management system on the backend of the campaign website using credentials linked to the web developer. The hired developer told Fortune he had no knowledge of the North Korean IT worker scheme and wasn't aware of the threat or the vast ongoing conspiracy perpetuated by authoritarian leader Kim Jong-Un to fund the regime's nuclear weapons program. The developer denied any collaboration with North Koreans. In a statement, Oregon state Rep. Dacia Grayber told Fortune the campaign website did not store any user data or sensitive details. 'As soon as we learned there was a suspicious login to the Wordpress site, my team and I took steps to secure all login information, and ensure that no user data was put at risk,' Grayber told Fortune. 'We appreciate being made aware of this larger trend, and find it deeply concerning that in such a tech-dependent world, traditionally trusted means of identity verification are still not enough to mitigate entities that may want to do America harm.' In case you're unfamiliar, the Democratic People's Republic of Korea (DPRK) has deployed more than 100,000 workers to 40 countries around the world to work in sewing, construction, and other industries to avoid crushing financial sanctions. Jobs in information technology, the bowels of tech, have proven to be a reliable cash cow for the regime and a seismic challenge for Fortune 500 companies to thwart. In sum: North Korean software developers are posing as Americans to get high-paying remote jobs in tech. The plan has been so successful they are trying out new ways to generate cash and crypto now that word has spread about the highly lucrative IT worker scheme. Under the scam, trained DPRK IT workers steal or rent American identities, use generative AI to craft résumés and fake LinkedIn profiles, and then get remote jobs with U.S. firms under false pretenses and in violation of international laws. All told, the IT worker program reliably generates between $250 million to $600 million per year, according to the UN. DPRK authoritarian ruler Kim Jong-Un uses the money to fund the country's illegal nuclear weapons and ballistic-missile program. A UN report detailing the IT worker scheme revealed the North Korean developers make about $15,000 to $60,000 per month apiece, and all are required to earn a minimum of $100,000 a year through full-time and freelance tech work. While the IT worker scheme is generally grounded in making money for North Korea, it also yields intelligence that fuels the country's flourishing criminal cyber-heist empire. Between 2017 and 2023, the UN estimates DPRK attacks yielded at least $3 billion in crypto. The crimes were allegedly carried out by North Korean Advanced Persistent Threat (APT) actors who operate under the Reconnaissance General Bureau of the Korean People's Army. The scheme has since been disrupted by numerous indictments, reports, and companies stepping up their game in terms of identity verification. Just this month, the U.S. Treasury financial crimes enforcement network (FinCen) launched a rule proposal that identified Cambodia-based Huione Group as a money-laundering concern. FinCen claimed Huione Group was behind money-washing related to at least $37 million in proceeds from DPRK cyber heists. 'Huione Group has established itself as the marketplace of choice for malicious cyber actors like the DPRK and criminal syndicates, who have stolen billions of dollars from everyday Americans,' said Secretary of the Treasury Scott Bessent in a FinCen statement. Bryan Vorndran, assistant director of the FBI's cyber division, told an audience of cybersecurity experts in Las Vegas last week that he gets 'many' calls from companies and highly sophisticated venture-capital firms with tech businesses in their portfolios that are dealing with the DPRK worker problem. 'The threat has evolved as industries and the government have tried to counter it,' said Vorndran, speaking at the RSAC annual security conference. 'It's very pervasive.' Bill Pulte, director of the Federal Housing Finance Agency told Bloomberg TV in an interview that he referred North Koreans and Chinese workers at Fannie Mae and Freddie Mac to criminal authorities. 'I mean, what are the North Koreans and the Chinese doing in these companies,' Pulte said at the Milken Institute Global Conference in California. Given the spotlight on the issue, DPRK IT workers are pivoting. Michael 'Barni' Barnhart, an investigator who leads DPRK efforts at security firm DTEX, told Fortune the specific area that IT workers have been testing involves an early-stage scheme to pose as heating, ventilation, and air conditioning (HVAC) or remodeling and architectural specialists. The IT workers are posing as experienced engineers in Minnesota, Illinois and countries like Australia by fabricating licenses and then offering their services to people looking to get blueprints approved, Barnhart said. The IT workers have also faked permitting and design approvals for their own work. Barnhart said the workers are targeting residential markets in Australia and the U.S. and the scheme takes place entirely online. The workers look up state government and municipal websites to find the certifications and approvals needed, copy profiles from real people to make their own appear legitimate, and then offer to provide designs and renderings from licensed professionals to people looking to improve their homes. 'They love doing cyber crime that is so far underneath the threshold of giving a damn about that it's not reportable,' said Barnhart. 'But when thousands of people do it at the same time, it's quite profitable for the regime.' By tracking known DPRK IT worker profiles, Barnhart said he found evidence that a restaurant in Chino, California, purchased plans online from a North Korean operative and used them to rebuild their outdoor patio. DPRK workers selling plans used for homebuilding or commercial construction could easily go south if the plans are unsound or the workers get aggressive. And, potential involvement in campaign donations or U.S. elections is also concerning, he said. 'What if it was a bigger campaign?' said Barnhart. An IT worker embedded with an APT could have designed the website, added a tracker or malware to it, and used it for propaganda, he said. Jef Green, president of compliance and merchant services provider C&E Systems, which handled the Grayber campaign's donation collections, told Fortune there's a complete separation between funding and the information the campaigns use to build their websites. 'If someone has access to her website, they never have any access whatsoever to the merchant page or the donation page,' said Green. 'That is our software.' These incidents appear minor and are focused on revenue generation, but they are still warning signs, said Barnhart. 'You can do all the right things to verify workers but the second you outsource something' there can be lapses in policies and procedures, said Barnhart. 'They love to do these things through a third party.' In a statement, Upwork told Fortune fraud prevention and compliance with U.S. and international sanctions are critical priorities. The company said it has invested in industry-leading security and identity verification measures. 'It represents a challenge that affects the entire online work industry, and Upwork is at the forefront of combating these threats,' the company said. 'Any attempt to use a false identity, misrepresent location, or take advantage of Upwork customers is a strict violation of our terms of use, and we take aggressive action to detect, block, and remove bad actors from our platform.' An Upwork spokesperson told Fortune the web developer profile who was hired to work on Grayber's campaign has been deactivated from the platform. This story was originally featured on
Forbes
02-04-2025
- Business
- Forbes
How To Start A Million Dollar Business In A Weekend
Want to build a million-dollar business? Stop planning and start launching. While you perfect your business plan, someone with less experience is making more money because they took action. They built a basic product, found paying customers, and created momentum. All in a single weekend. I've met and interviewed entrepreneurs who built seven figure businesses by testing ideas fast and doubling down on what worked. The path to a million-dollar business begins with a weekend of focused action. You won't hit seven figures by Monday morning. But you can build the foundation for a business that scales to that level faster than you think possible. The biggest business killer isn't competition or lack of funding. It's overthinking. Successful entrepreneurs launch before they feel ready. They put something into the market and improve it based on real customer feedback. Waiting for the perfect moment means missing countless opportunities. Every day you spend planning, someone else spends launching and iterating. Every week you delay, potential customers find other solutions. Technologies now exist that let you build in days what once took months. AI tools create content and designs instantly. No-code platforms let anyone build apps without programming skills. Payment processors set up in minutes. There's no excuse. Here's what to do. Start with problems you understand personally. What frustrates you daily? What would you pay to fix? Pick a problem that meets three criteria: you understand it deeply, others share it, and people would pay to solve it. Identify the simplest possible solution. Figure out the minimum viable product you could build in two days that delivers value. Zero in on that core offering and nothing else. As the day closes out, send messages to 10 people you know or suspect have the problem your business solves. Don't tell them your solution outright, but get feedback on what they'd be willing to pay for. Develop your brand identity using Looka. For $20, you'll get a professional-looking logo and visual identity in minutes. Buy a domain that matches your business name through any standard registrar. Next, construct a simple website using Wordpress or Thrivecart. Both of their drag-and-drop interfaces let you create functional websites without writing code. Then you can build them, within Thrivecart itself or with a no-code tool like Prioritize clear navigation and strong calls to action. Use Claude to generate your website copy. Share information about your business concept, describe your dream customer, and watch pages of compelling messaging appear. Edit to match your voice, but let AI handle the first draft. Now build the simplest version of your solution. For a service, create your delivery process. For software, use AI and no-code tools to build a functional demo. Perfection kills progress. Your goal is something you can put in front of real people by Sunday. It won't be polished, and that's okay. Concentrate solely on solving the core problem better than existing alternatives. That's your only job today. Create a Typeform that says "Join the waitlist" or "Be the first to know when we launch." Place it prominently on your website. This collects potential customer information and validates market interest. Set up a payment processing system like Stripe. Even if you're not selling immediately, having this ready shows you mean business. Develop a simple email sequence that welcomes people who sign up, explains your solution, and prepares them for launch. Schedule it to send automatically when someone joins your list. Five business models get you to a million dollars: Repeatable monthly income. Annual subscriptions, high ticket sales, high-volume-low-cost, or building up to a million dollar exit. Plan your way forward from this exact point. Go public. Share your creation everywhere relevant. Post on social media. Tell friends who have the problem you're solving. Probe those initial people you told about your idea. Message more people in your network who might benefit from your solution. Your goal is feedback and validation. Talk to everyone who shows interest. Ask what they like, what they don't, and what would make them pay for your solution. Here's when you can build your offer to fit the demand. Study how people interact with your website. Note where they click, where they hesitate, and where they leave. This data tells you what's working and what needs fixing. Watch for promising signs: people signing up, asking questions about features, or inquiring about pricing. These indicate you might be onto something worth pursuing beyond the weekend. Your weekend work is just the beginning. If you've found promising signs of market interest, double down on what works. Listen carefully to early users. Focus on generating revenue right away. Money from customers provides validation and freedom that investors never will. Document your processes immediately. Systems let you delegate or automate tasks as you grow, so at some point you can make your business run without you. Dreamers plan forever while doers launch imperfect businesses and improve them using real market feedback. Many successful businesses started with a burst of focused action like your weekend sprint. Start now and adapt fast. What are you waiting for?
The Guardian
27-03-2025
- The Guardian
Man who said woman ‘won't get a cent' ordered to pay $300,000 for defamation by NSW court
A man who said 'your scumbag client won't get one cent' has been ordered to pay $300,000 in aggravated damages and costs after accusing a family dispute resolution practitioner of supporting paedophiles. Adam Whittington, a 'child recovery agent' who was involved in the 60 Minutes abduction scandal in Lebanon, has been ordered by the New South Wales supreme court to pay Jasmin Newman $160,000 in damages and $147,796 in costs after it found he defamed her in a series of online posts dating back to 2019. Whittington posted on Wordpress, Facebook and Twitter about Newman, who is accredited to practise as a family dispute practitioner with the federal attorney general's department. Sign up for Guardian Australia's breaking news email Newman argued that the posts contained 59 defamatory imputations, including that she sympathised and supported paedophiles, attacked women who wanted to protect their sexually abused children, and committed fraud. Judge Nicholas Chen found on Wednesday that the imputations were conveyed, and that Whittington continued to defame Newman while the court case was ongoing. Whittington did not attend court during the proceeding, Chen said. He said Whittington was an Australian citizen who, 'at least at some point in the past, resided overseas, either in Sweden or in Russia, although precisely where he now resides is unknown'. Chen said Whittington was the founder and chief executive officer of a Swedish company which operates a Facebook page called 'Child Abduction Recovery International'; and the founder 'of what is said to be a 'charity'' known as Project Rescue Children. Whittington responded to emails about the case, Chen said, including by replying to a lawyer for Newman on 12 December 2024. 'Stop wasting my time opening rubbish and tagging me into your nonsense emails,' Whittington said. 'In fact, to make sure you don't waste another minute of my time, I'll block you from this day on. 'Your scumbag client won't get one cent. That I promise.' Chen said there was some uncertainty about Whittington's ability to pay the penalties. He said that while the audience for the posts was limited, they had a serious impact on Newman. 'The impact of the defamatory matters upon the plaintiff has, I accept, been exacerbated not only by the defendant's failure to apologise, but by his continuing publication of defamatory matters … after the plaintiff commenced these proceedings,' Chen said. 'Notwithstanding the hearing has proceeded without any participation by the defendant, no attempt was made to overstate the impact of these defamatory imputations; rather, my impression was that she tended to understate them. 'I have no doubt that they have caused her anguish, anxiety, hurt and distress.' Chen granted a permanent and mandatory injunction restraining Whittington from repeating the defamation.
Yahoo
14-02-2025
- Yahoo
Elon Musk's DOGE Website Is Super Easy to Hack
The DOGE website is wide open and vulnerable to hackers, according to reporting from 404 Media. Two coders had already infiltrated the site and left their own messages on it at the time of 404's reporting on Thursday evening: 'THis is a joke of a .gov site,' said one, and 'THESE 'EXPERTS' LEFT THEIR DATABASE OPEN -roro' said another. This will be unsurprising to anyone who has visited the website since its inception—it looks like a high schooler could've made it. 404's Jason Koebler previously referred to it as 'just a Wordpress theme placeholder page.' Anonymous experts told 404 Media that the website is supported by a Cloudflare page outside of government servers, making it easily accessible to third party hackers.. 'Feels like it was completely slapped together,' one of the sources said. 'Tons of errors and details leaked in the page source code.' Musk has yet to comment on the hacks as he continues promising 'transparency.'
Yahoo
30-01-2025
- Business
- Yahoo
Flex Pricing Releases First Ever User Level Dynamic Pricing Software
For the first time ever, small and medium sized ecommerce merchants have access to advanced user level dynamic pricing through Flex Pricing's patent pending software application. CHEYENNE, Wyo., Jan. 30, 2025 (GLOBE NEWSWIRE) -- Flex Pricing is announcing the release of the world's first user level dynamic pricing software for e-commerce. The software enables merchants to set pricing rules based on user attributes including shoppers estimated income, type of device they're browsing on and their geographic location. Unique prices display to each shopper, in real-time, without any perception that the prices rendered are unique to Logo This technology has previously only been developed and used internally, by large multinational companies. Flex Pricing will not bring this advanced technology to small and medium sized merchants in the e-commerce industry. Flex Pricing has released it's software as a Woo Commerce plugin, supporting merchants that sell goods on Wordpress sites through Woo Commerce. Additionally Flex Pricing plans the release of a Shopify compatible application by March 1st. With the release of the Shopify app, Flex Pricing's patent pending software will become available to nearly 90% of all U.S. based ecommerce businesses. Merchants using the Flex Pricing application can expect benefits in both conversion rate and margin, which is a unique benefit of a user level dynamic pricing system. Shoppers with greater price sensitivities, determined by a variety of user attributes can be rendered a lower, more competitive price to increase the likelihood of a conversion. Whereas shoppers who are less price sensitive, often determined by attributes indicative of high affluence can be rendered a higher price to increase margins. Learn more about Flex Pricing at and follow us on Twitter or YouTube Media Contact: Brendon FieldsFlex Pricing LLCpress@ A photo accompanying this announcement is available at
