Laptop farmer behind $17M North Korean IT worker scam locked up for 8.5 years

An Arizona woman who ran a laptop farm from her home – helping North Korean IT operatives pose as US-based remote workers – has been sentenced to eight and a half years behind bars for her role in a $17 million fraud that hit more than 300 American companies.

After her arrest in May 2024, 50-year-old Christina Marie Chapman pleaded guilty in February to conspiracy to commit wire fraud, aggravated identity theft, and conspiracy to launder monetary instruments. In addition to her 102-month prison term, Chapman will also serve three years of supervised release, and must forfeit $284,555.92 that was to be paid to the North Koreans, in addition to a $176,850 judgment, according to the US Attorney’s Office.

This was one of the largest-ever North Korean IT worker scams prosecuted by the Justice Department, with 68 US persons’ identities stolen and 309 US businesses, along with two international firms, defrauded.

Corporations failing to verify virtual employees pose a security risk for all

According to court documents, Chapman ran a laptop farm out of her home from October 2020 to October 2023. During this time, she hosted computers for overseas IT workers posing as US citizens and residents, enabling the devices to appear as if they were operating from within the United States.

Chapman also shipped 49 laptops and other devices supplied by US companies to locations overseas, including multiple shipments to a Chinese city near the North Korean border. More than 90 computers were seized from Chapman’s home after cops executed a search warrant in October 2023.

Through this scheme, Chapman helped her fellow fraudsters land jobs at more than 300 American companies, including Fortune 500 corporations, a top-five major television network, a Silicon Valley technology company, an aerospace manufacturer, an American car maker, a luxury retail store, and a media and entertainment company, according to the DoJ. 

The fake IT workers also tried to obtain employment — and access to information — with two different US government agencies on three different occasions, “although these attempts were discovered and thwarted, due to the agencies’ enhanced due diligence,” the court documents said.

Workers who successfully obtained employment as part of the scam then received payroll checks at Chapman’s home with direct deposits sent to her US bank accounts. According to the Department of Justice, the illegal revenue was ultimately laundered and funneled to North Korea, potentially contributing to the DPRK’s weapons programs.

In a separate case unsealed in December, the DOJ estimated that North Korean IT worker fraud schemes cost US businesses at least $88 million over six years.

“The call is coming from inside the house,” US Attorney Jeanine Ferris Pirro said in announcing the sentencing. “If this happened to these big banks, to these Fortune 500, brand name, quintessential American companies, it can or is happening at your company.”

Pirro’s warning echoes similar statements from execs at Google, Snowflake, and other major tech companies, all of whom have told The Register that if you think your firm doesn’t have a fake IT worker problem, you’re not paying attention and they’ve likely already infiltrated your workforce.

“Corporations failing to verify virtual employees pose a security risk for all,” Pirro continued. “You are the first line of defense against the North Korean threat.”

The FBI on Wednesday issued a list of tips to protect your business from North Korean IT worker threats, including scrutinizing identity verification documents and, when possible, requiring in-person meetings. ®

READ MORE HERE