Christina Chapman seemed like a typical work-from-home American on TikTok. Her active "computer business," however, was actually a front for a North Korean scheme that employed US identities and laptops to hack $17.1 million from American businesses.
Christina Chapman, a 50-year-old ex-waitress and bootcamp graduate coder, posted gleefully about her day-to-day grind on TikTok—giving peeks into her client sessions, lunches, and travels. But in the corner of one 2023 video, federal agents noticed more than a dozen idling laptops. These were not for her own projects—they were used by North Korean IT staff illegally impersonating US-based employees, the Wall Street Journal reported.
Chapman was a so-called "laptop farmer," assisting North Koreans to remotely access North Korean jobs at US companies using identities stolen from others. She took their laptops, added remote access software, and deposited paychecks into US accounts before sending money to North Korean-connected individuals.
How the scheme worked
North Korean engineers, schooled in state technical schools, frequently operate out of countries such as China or Russia to conceal their location. They post job requests on sites such as LinkedIn and Upwork, seeking Americans who are willing to work as their US "face." Chapman was recruited in such a message, unaware of the scam's origins.
She processed phony job applications, exported 49 laptops overseas, and even duplicated digital signatures. In return, she was paid almost $177,000 while facilitating North Korean agents to secure jobs at premier US tech, media, and defence firms.
FBI and cyber-experts sound the alarm
The FBI reports that North Korea is operating hundreds of such operations, infusing up to $600 million into its economy every year through schemes like this. Cybersecurity company CrowdStrike has identified laptop farms in at least eight states and detected more than 150 instances of North Korean agents logging into corporate systems.
A few of the employees were caught downloading confidential information or installing personal backdoors. A cybersecurity professional, for example, analysed a confiscated laptop and discovered seven sophisticated applications with the intent to remain undetected and monitor internal meetings.
Generative AI, gig platforms, and identity theft
In order to succeed in job interviews, North Koreans employed generative AI to fake identities and paid others to show up on screen when employers asked for face checks. They've posed as Americans and swindled them into surrendering their IDs or setting up freelance accounts for them. Most often, the actual victims are identity theft victims, who find out later that they owe taxes on money they did not take in.
Chapman's operation alone generated fraudulent tax liabilities of at least 35 Americans. The multiple positions held by certain North Koreans in various companies at the same time earned them six-figure incomes.
By the beginning of 2023, Chapman had relocated into a four-bedroom residence in Phoenix. She posted TikToks of her normal routines and international vacations—while she dealt with federal tax forms and company gear on behalf of her foreign customers. But by October, her plan was foiled when the FBI raided her house and discovered more than 90 devices.
In February, she pleaded guilty to money laundering, identity theft, and wire fraud. She currently resides in a Phoenix shelter and will be sentenced in July, with a possibility of up to nine years in prison.
The case illustrates how North Korea keeps exploiting digital global platforms, remote work culture, and unsuspecting Americans—to make hustle culture a means of state-sponsored cybercrime.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
