In a significant crackdown on North Korea’s illicit IT worker scheme, a U.S. District Court sentenced Arizona resident Christina Marie Chapman to eight and a half years in prison for operating a laptop farm that facilitated the scheme.
Chapman, aged 50, pleaded guilty in February to charges of wire fraud, money laundering, and identity theft after the FBI uncovered her pivotal role in enabling North Korean operatives to secure high-paying IT jobs at major U.S. companies using stolen identities.
The operation was extensive, assisting North Korean IT workers in obtaining employment at 309 companies, including prominent organizations such as a major television network, a car manufacturer, a media company, and a Silicon Valley tech firm. The scheme also involved unsuccessful attempts to infiltrate two U.S. government agencies, highlighting the audacity and scope of the operation.
The mechanics of the fraud involved North Korean operatives using fake identities to secure remote IT positions, with work laptops shipped to Chapman’s Arizona home. From there, she facilitated daily remote access to the IT networks of the unsuspecting U.S. companies, allowing the North Korean workers to perform their roles covertly from abroad.
In October 2023, the FBI raided Chapman’s home, seizing over 90 laptops used in the scheme. She also shipped 49 laptops to overseas locations, including a Chinese city near the North Korean border, further enabling the remote work arrangement. Her operation generated approximately $17 million for the North Korean government, marking it as one of the largest such schemes prosecuted by the Department of Justice.
Chapman’s role extended to managing the financial aspects of the fraud. She used 68 stolen identities to forge payroll checks and handle wages through direct deposits, subsequently transferring the funds to overseas recipients. She also reported millions in income to the IRS under the names of the identity theft victims, further concealing the scheme’s true nature.
U.S. District Court Judge Randolph Moss sentenced Chapman to 102 months in prison, followed by three years of supervised release. She was ordered to forfeit nearly $300,000 intended for North Korea and to pay a fine exceeding $175,000.
Chapman’s arrest in May 2024 was part of a broader U.S. effort to dismantle the North Korean IT worker network, which also involved the arrest of a Ukrainian accomplice, Oleksandr Didenko, in Poland, with extradition to the U.S. pending.
The scheme’s broader implications were underscored by its ties to North Korea’s Munitions Industry Department, which oversees the country’s ballistic missile and weapons programs.
The North Korean operatives, posing as software developers under aliases like Jiho Han, Chunji Jin, and Haoran Xu, exploited remote work trends post-pandemic, using artificial intelligence to craft convincing resumes and navigate job interviews, often stealing sensitive data or cryptocurrency if detected.
The sentencing coincided with multiple U.S. actions against the scheme, including sanctions on three senior North Korean officials and a $15 million reward for information on six others.
The FBI, alongside other agencies, has been pursuing these networks for nearly three years, as North Korea continues to exploit remote IT roles across regions like China, Russia, and Southeast Asia to fund its nuclear weapons program, victimizing American citizens and businesses in the process.
