Christina Chapman, a 35-year-old resident of the United States, was sentenced to over eight years in prison. In all, she appears to have run an elaborate North Korean remote-work scam that relied on stolen identities and defrauded hundreds of employers. On October 25, 2023, Judge Chen sentenced Chapman. This was all brought to a halt shortly after an investigation revealed his participation in a scheme orchestrated by the North Korean government to export thousands of “highly skilled IT workers” to American firms illegally.
Federal authorities were tipped off to the operation after they raided Chapman’s home, where they found 90 stolen laptops connected to the scheme. The devices were intended to support hybrid/remote work. They allowed North Koreans to interact with platforms in the same way that U.S. citizens can. Chapman will have to forfeit $284,000 that was sent to North Korean operatives. On top of that, she has been fined $176,000.
Chapman’s participation in the fraudulent scheme started in earnest in mid-2020. This was about six months after she had gotten a LinkedIn message that first exposed her to the scam. She had been taking care of her mother, who had just been diagnosed with renal cancer. Simultaneously, she battled the effects of working in a low wage job and being housing unstable.
When Covid came, everyone went remote overnight. Cybersecurity expert and member of the FCC Cybersecurity Advisory Committee, Benjamin Racenberg, who closely tracked the case, noted that for a whole realm of tech jobs, the office never reopened. He noted that businesses soon realized that they could find talent in any location. This flexibility made it easier for all types of criminals, including those in the North Korean scheme, to penetrate hiring systems.
To benefit the North Korean workers, Chapman authenticated stolen identity data used to enable the workers to authenticate as U.S. citizens. She got her people logged into the computers, which enabled foreign workers to connect remotely. This policy change allowed them to do their jobs in good faith. Chapman collected paychecks directly from the employers, which he then redirected to the workers.
Though that was not her original intention, as time went on Chapman ended up admitting she had made a mistake. To those that were victimized, I extend my deepest remorse. I never intended to cause harm to anybody,” she said in court at her sentencing. Coming to terms with having worked for an organization that aimed to hurt people is heartbreaking.
Her regret was inadequate to shield her from criminal liability. Chapman was charged with conspiracy to commit wire fraud, aggravated identity theft, and conspiracy to launder monetary instruments. She made a shocking admission about the dangers of her actions. “I don’t know why I should go to federal prison for falsifying federal documents,” she said.
Law enforcement officials have coined the term Chapman’s “laptop farms.” In these schemes, she masked illegal employment practices as valid business functions. Her all-star activities were not without their challenges of course. She was climbing the shark-tank pressure cooker environment rife with fear and intimidation. As she considered her own uncertain fate, she was mainly unable to find jobs in her field of expertise — social work — due to the lack of available opportunities where they lived.
Chapman’s case illustrates the cracks in hiring systems that dishonest criminals can slip through. This concern is particularly acute in our post-pandemic society, where remote work is now the default. Racenberg explained that employment fraud has developed in sophistication along with the increase of remote work. “In other words, North Koreans and other employment fraudsters have figured out that they can game hiring algorithms to obtain positions,” he said. Bottom line, “I don’t think that we have done enough as a community to protect against this.”