by WorldTribune Staff, May 29, 2025 Real World News

At least several dozen cases are known in which everyday Americans are setting up multiple laptops in their homes which are then used by North Koreans with fake identities to obtain remote work with hundreds of U.S. companies, a report said.

Christina Chapman, a former waitress from Minnesota, “looked the part of an everyday American trying to make a name for herself in hustle culture,” the Wall Street Journal reported on May 27.

A 2024 FBI poster for North Korean nationals wanted in a scheme in which workers used false identities to get remote jobs with U.S. companies.

“In prolific posts on her TikTok account, which grew to more than 100,000 followers, she talked about her busy life working from home with clients in the computer business and the fantasy book she had started writing. She posted about liberal political causes, her meals and her travels to see her favorite Japanese pop band.”

In reality, the 50-year-old Chapman was operating a “laptop farm.” North Korans using stolen identities gained access to the laptops to take jobs as U.S. tech workers and illegally collect $17.1 million in paychecks, federal prosecutors said.

The “laptop farmers” have popped up across the U.S. as part of a scam to infiltrate American companies and earn money for cash-strapped North Korea.

“People like Chapman typically operate dozens of laptops meant to be used by legitimate remote workers living in the U.S.,” the report said. “What the employers — and often the farmers themselves — don’t realize is that the workers are North Koreans living abroad but using stolen U.S. identities. Once they get a job, they coordinate with someone like Chapman who can provide some American cover — accepting deliveries of the computer, setting up the online connections and helping facilitate paychecks. Meanwhile the North Koreans log into the laptops from overseas every day through remote-access software.”

Related – ‘Real problem’: Scale of North Korean IT contract workers scam called widespread, May 6, 2025

The FBI said the scam more broadly involves thousands of North Korean workers and brings hundreds of millions of dollars a year to the country. “That’s a material percentage of their economy,” said Gregory Austin, a section chief with the FBI.

Adam Meyers, a senior vice president at CrowdStrike, said the cybersecurity company recently identified about 150 cases of North Korean workers on customer networks, and has identified laptop farms in at least eight states.

“The workers, typically technology specialists, are trained in North Korea’s technical education programs. Some stay in North Korea while others fan out to countries like China or Russia — to hide their North Korean connection and benefit from more reliable internet — before seeking their fortunes as IT workers for Western companies,” the Journal’s report said. “Sometimes they’re terrible employees and are quickly dismissed. Others last for months or even years.”

The FBI’s Austin noted: “These DPRK IT workers are absolutely able to hold down jobs that pay in the low six figures in U.S. companies and sometimes they can hold multiple of these jobs.”

They work for almost any conceivable sector that uses remote labor. One cybersecurity company discovered two years ago that it had employed nine North Korean workers — all via staffing agencies, according to court documents. Two of them logged in each morning through Chapman’s laptop farm.

The workers sometimes appear to steal data for espionage or to use as ransom.

Ryan Goldberg, an incident response manager at cybersecurity company Sygnia, was able to examine a laptop that was returned to a client — a life-sciences company — after the FBI raided an East Coast laptop farm.

“As the MacBook booted up, he was amazed by what he saw: a series of seven custom-written programs designed to get around antivirus software and firewalls, giving the North Koreans a virtually undetectable back door into the corporate network,” the Journal’s report said.

One program allowed the North Koreans to spy on Zoom meetings. Others could be used to download sensitive data without being detected. “The way they were employing remote control was something we’d never seen before,” said Goldberg. “They really thought outside of the box on this.”

But first, they need to recruit an American, like Chapman, to open the door, the report said.

After finishing a coding boot camp, Chapman hoped to become a web developer. It wasn’t working out. On Jan. 21, 2021, she pleaded for help finding a place to live in a post on TikTok: “I live in a travel trailer. I don’t have running water; I don’t have a working bathroom. And now I don’t have heat. I’m really scared. I don’t know what to do.”

Court documents say Chapman began working with the North Koreans by around October 2020 and her involvement steadily grew. By January 2023, she had moved to Arizona and was earning enough income to move into a four-bedroom home that she shared with a roommate in Phoenix, with a yard for her chihuahuas.

Chapman helped send the North Koreans’ falsified W-2 tax forms or other verification documents when they got hired, the Journal’s report noted.

“The workers had their company laptops sent to her address. She’d unpack them, install remote access software and power them on for the North Koreans to log on. She made sure connections ran smoothly and helped troubleshoot any issues. Sticky notes on the computers identified the company and the worker they were supposed to belong to.”

Chapman shipped 49 laptops, tablets and other computers overseas, many to Dandong, a Chinese city on the border with North Korea.

She sometimes received paychecks at her house, signed them and deposited them to her bank, and then forwarded the funds to another account after taking a cut, according to court documents.

One of the North Koreans’ most remarkable feats is the way they leverage gig workers to get around almost any controls corporations can put up to detect them.

“They realized it’s really easy to hire people to do anything,” said Taylor Monahan, a security researcher with the crypto company MetaMask who is part of a tightknit community of investigators that studies North Korean teleworkers. “They just know the system that well.”

At one point, North Koreans were using generative artificial intelligence to alter their appearance during online job interviews. But when interviewers figured out an easy way to detect it — ask interviewees to wave their hand in front of their face, a move that causes the AI software to glitch — the North Koreans started hiring tech-savvy people to ace the interviews, Monahan said.

The scam also creates problems for unsuspecting Americans whose personal information gets stolen to obtain jobs, said Meyers of CrowdStrike. Typically the North Koreans take the minimum amount of tax deductions, leaving the person whose identity they stole with a tax liability, he said. Chapman’s laptop farm “created false tax liabilities for more than 35 U.S. persons,” prosecutors said in court documents.

As for Chapman, in another TikTok post, she unboxed a $72 green ring in her backyard. “This is my first jewelry I’ve ever purchased with care instructions,” she said. That night she and her roommate went out to see a drunken Shakespeare performance, where the players are inebriated.

She traveled to Canada and Japan to see her favorite Japanese boy band.

Chapman also messaged with several overseas workers about their I-9 forms.

“In the future, I hope you guys can find other people to do your physical I9s. These are federal documents. I will SEND them for you, but have someone else do the paperwork. I can go to FEDERAL PRISON for falsifying federal documents,” she wrote, according to court documents.

The North Koreans deemed Chapman so helpful that two months later, when they grew frustrated with another alleged laptop farm operator in Virginia, they asked that its operator ship the device to her home.

On Oct. 27, 2023, the FBI raided Chapman’s laptop farm and found more than 90 computers.

Her secret hustle was over. In December, she was nearly out of money. She was facing serious federal charges, but she glossed things over for her “lovelies,” the name she gave her followers on TikTok.

“I lost my job at the end of October and didn’t get paid for that last month,” she said. “Even though I have been applying to at least three to four jobs every day, I haven’t found anything yet.”

As the months dragged on, she tried selling coloring books on Amazon. She opened an Etsy shop. She started a GoFundMe to drum up rent money.

In August 2024, she moved into a homeless shelter in Phoenix. “I will be back soon,” she said in her last TikTok, posted in October. “It’s been a hell of a roller coaster.” She continues to live at a shelter, her lawyer said.

This February she pleaded guilty to wire fraud, identity theft and money laundering charges. Her total earnings amounted to just under $177,000. Under the terms of her plea agreement, she faces a maximum of just over nine years in prison. She is set to be sentenced on July 16.

Revive the American Free Press!

  From 4-bedroom house to homeless shelter: Inside one laptop farm for North Korean tech workers, WorldTribune.com

Source link