Christina Chapman, a 50-year-old Arizona woman, has just been sentenced to 102 months in prison for helping North Korean hackers steal US identities in order to get "remote" IT jobs with more than 300 American companies, including Nike. The scheme funneled millions of dollars to the North Korean state.
Why did Chapman do it? In a letter sent this week to the judge, Chapman said that she was "looking for a job that was Monday through Friday that would allow me to be present for my mom" who was battling cancer. (Her mother died in 2023.) But "the area where we lived didn't provide for a lot of job opportunities that fit what I needed. I also thought that the job was allowing me to help others."
She offered her "deepest and sincerest apologies to any person who was harmed by my actions," thanked the FBI for busting her, and said that when she gets out of prison, she hopes to "pursue the books that I have been working on writing and starting my own underwear company."
Managing all this fraud required plenty of tedious bureaucracy. The North Koreans had to steal US identities, of course, but then they also had to, you know, get hired. This involved endless paperwork, such as writing resumes and filling out I-9 forms to show eligibility to work in the US. (In one chat, Chapman said that she was happy to send I-9 forms from her home address but that she would prefer not to "do the paperwork" herself because "I can go to FEDERAL PRISON for falsifying federal documents.")
Chapman was also key to the less obvious, more technical part of the scheme—how to make it appear like all these remote workers were actually living in the country?
Laptop farm
When her clients got hired, Chapman would receive their corporate laptops in the mail. Sometimes she would re-ship them to "a city in China on the border with North Korea."
But she kept more than 90 of the machines at her place in Arizona. Using proxies, VPNs, and remote access software like Anydesk, the North Koreans logged into their "American" computers from afar and then appeared to be normal, US-based remote employees, showing up to staff meetings on Zoom, collecting paychecks, and occasionally exfiltrating data or installing ransomware.
As the number of computers mounted, Chapman began stacking them on shelves around her residence, labeling them with sticky notes so she could remember which "worker" and company controlled which machine. When Chapman's home was searched, FBI agents took photos of her setup, which is... something to behold, really.
Chapman's origin story is a sad one. According to her public defender, her childhood was marked by "her father’s infidelity, alcoholism, and emotional absence." Chapman was placed in 12 different schools across multiple states before she graduated high school, "leaving her socially isolated, bullied, and unable to form lasting friendships or a sense of belonging." She also suffered "severe and escalating violence from her older brother, who repeatedly beat and choked her, held a shotgun to her chest, and once left her so visibly bruised that her school intervened." And she was "sexually abused at various points in her childhood and adolescence by family members, peers, and even individuals she believed to be friends."
Unfortunately, Chapman's poor choice to involve herself with the North Koreans inflicted plenty of pain on others, too, including those whose identity was stolen. One victim told the court that the crime "left me feeling violated, helpless, and afraid," adding:
Although identity theft is not a physical assault, the psychological and financial damage is lasting. It feels like someone broke into my life, impersonated me, and left me to pick up the pieces. There is a lingering fear that my information is still out there, ready to be misused again. The stigma of being a fraud victim also weighs heavily; I have had to explain myself to banks, creditors, and sometimes even to people I know. There is an ongoing sense of vulnerability and lack of control.
In addition to her 8.5-year sentence, Chapman will serve three years of "supervised release," must forfeit $284,555 that was meant for the North Koreans, and must repay $176,850 of her own money.
Such "remote work" scams have become increasingly common over the last few years, most originating from North Korea, and the FBI has released repeated guidance on what to look for when hiring remote workers.
Intel is spinning off its Network and Edge group