US woman faces years in federal prison for running laptop farm for N Korean IT workers

A 48-year-old woman from Arizona has pleaded guilty to charges related to a criminal scheme which saw North Korean IT workers employed remotely by hundreds of US companies.

Christian Marie Chapman, of Litchfield Park, Arizona, is said to have helped generate over US $17 million for North Korea after over 300 US companies unwittingly hired staff believing them to be US citizens.

Chapman was arrested in May 2024, and charged alongside Ukrainian Oleksandr Didenko (27), for helping three unidentified foreign nationals, in a sophisticated fraud scheme that saw skilled IT workers from North Korea and elsewhere secure remote IT positions within US businesses.

According to the US State Department, the three men who assisted Didenko and Chapman are "linked to the DPRK’s Munitions Industry Department, which oversees the development of the DPRK’s ballistic missiles, weapons production, and research and development programs."

The workers had access to company networks, posing a significant cybersecurity threat, while raising funds for North Korea.

To assist with the scheme, chapman ran a laptop farm at her home - which allowed overseas IT workers to remotely access company networks, while appearing to be based in the United States.

Victims of the scheme included Fortune 500 firms such as US banks, financial service providers, a car manufacturer, a technology company, a luxury retail store, an aerospace manufacturer, and a major TV network.

In addition, more than 70 identities of US individuals were compromised, with those names used to falsely report income to the IRS.

Chapman who was facing multiple charges including conspiracy to defraud the United States, wire fraud, identity theft, and money laundering, faced a mximum potential sentence of 97.5 years in prison.

However, under the terms of her plea agreement the court looks likely to impose a federal prison sentence of 94 - 111 months (roughly 7-9 years.)

To reduce the chances of companies inadvertently employing individuals from North Korea, particularly in remote IT roles, it is critical that robust identity verification procedures are put in place during the hiring process.

Furthermore, comprehensive background checks should be performed on all candidates, looking closely at their employment history and checking for any discrepancies in their CVs or online profiles.

In addition, firms and recruitment agencies should look out for suspicious behaviour - such as if someone is accessing company systems from multiple IP addresses or working odd hours.

In 2023, the FBI and South Korea offered sensible advice about the so-called "red flags" that could indicate your potential new employee could actually be working for North Korea.

All businesses would be wise to tread very careful to ensure that they are not hiring North Korean freelance coders and IT staff, as the theft of intellectual property, data, as well as funds, could lead to both reputational harm and legal consequences.

Last month, two other Americans were indicted for running a laptop farm in a similar North Korean IT worker scam.