Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
Crime Businesses United States

North Korean 'Laptop Farm' Operation Netted $17 Million Through Unwitting American Accomplice (wsj.com) 55

Posted by msmash from the laptop-farm-to-table dept.
A former Minnesota waitress unknowingly helped North Korean workers steal $17.1 million in wages from over 300 American companies through an elaborate remote work scheme, federal prosecutors said this week. Christina Chapman operated a "laptop farm" from her home, managing dozens of computers that allowed North Koreans using stolen U.S. identities to work as legitimate tech employees.

The FBI estimates this broader infiltration involves thousands of North Korean workers generating hundreds of millions annually for the sanctions-hit regime. Chapman, recruited via LinkedIn in 2020 to serve as "the U.S. face" for overseas IT workers, handled logistics including receiving company laptops, installing remote access software, and processing falsified employment documents.

The North Korean workers accessed the devices daily from overseas, with some maintaining jobs for months or years at major American corporations. Chapman earned just under $177,000 before the FBI raided her Arizona operation in October 2023, seizing over 90 computers. She pleaded guilty in February to wire fraud, identity theft, and money laundering charges, facing up to nine years in prison at her July sentencing.

North Korean 'Laptop Farm' Operation Netted $17 Million Through Unwitting American Accomplice More | Reply

North Korean 'Laptop Farm' Operation Netted $17 Million Through Unwitting American Accomplice

Comments Filter:
  • Belonging to the nation of NK, should be totally cut off from the wider world until such time as human rights are recognized within the nation. Dear Fat Leader, should be CUT OFF from the wider world. He is a petulant child who tortures a whole nation like a kid killing ants with a magnifying glass...

    • It's difficult to cut them off with China and Russia enabling their behavior.

      Hard to believe that anyone would be stupid enough to fall for being a NK laptop minder though. It's not a matter of IF you'll get caught, but WHEN.

      • Let's not confuse greed with stupidity.

        • Re:Every IP Address Range.... (Score:4, Insightful)

          by zurkeyon ( 1546501 ) on Wednesday May 28, 2025 @08:37AM (#65410155)
          Couldn't it be both?
        • I'm not sure what the local cost of living looks like; but a few job-related sites are claiming that waitress/server jobs in Minnesota are in the ~$16/hr range(and food service does not always have the most reliable hours per week; though sometimes you can pick up more shifts than normal); so it's not at all hard to imagine the temptation to overlook some slightly fishy details.

          I would be curious if there's also some polished psychological work in getting people onboard; or if they go with a relatively u

          • either start them with some slightly sketchy but not super bad 'work from home $$$' then, once they already start to feel implicated, introduce the fact that you will also be fudging I-9s; or just open with "This is a remote working scam; if you don't like that walk away but you don't know who I am" and then use whoever doesn't walk away.

            You forgot an additionnal option:

            Increase the sketchiness of the task assigned.
            Once the mark raise suspicion, answer "Yes, that's indeed a scam. If you don't like that, we could tell the police all the fine details of what you've done up to this point.... Or you could just shut up, abstain from asking to many question and the money will keep coming in."

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Many companies already DO block NK/Iran/etc address space at their border router. That's precisely why they were using some patsy to host these laptops on their home broadband connection in the US.

      • It is honestly a little bit interesting that they have found physically locating the laptops in US residences to be the optimal solution.

        Obviously an officially NK IP isn't going to cut it; and for anyone who is paying the slightest attention to the VPN or cloud service IdP even an American AWS or random colo IP isn't going to be a convincing substitute for something in AS7922 that geolocates to roughly the right location(if they are claiming to live in an area with Comcast service); but based on the rep
        • From my read (of the summary, because I can't be bothered to get around the paywall) it seems like the collaborator was running corporate laptops that the company would send out to remote employees out of her home - not just generic Windows boxes for the North Koreans to remote into. I can imagine that it would be a lot easier to find a local collaborator than to somehow physically get them to a location where the hackers can use them, even if you did have a convincing way of spoofing IPs and geolocation d

        • Re: (Score:2)

          by EvilSS ( 557649 )
          Might be a bit suspicious if you asked to have your new company laptop sent to North Korea during your onboarding.

    • Belonging to the nation of NK, should be totally cut off from the wider world

      North Korea net access is mostly via proxies in China using resources of legitimate ISPs.

      In trying to promote freedom of access to information for Chinese citizens, we in the west have made it very easy for a Chinese IP address to connect to western hosted VPNs -almost no questions asked. The CCP takes advantage of this. Why do you think they don't just block access to western-hosted VPNs? They are officially disallowed, but... everyone knows how to do it. The government can hide their agent's activitie

      • Yeah that would make it hard to accomplish. I can see the crux of the problem there. Encrypted Geo-tagged packets? Sniff out the IPs providing routing. Down them too? Hard to get it to stop when you can't sue the offender, or charge them criminally. Watching that prick get fatter while his people starve is very distasteful. To see them pilfer our money just to fund his own lavish lifestyle, while still starving his people, is worse.
      • Every colleague or associate I work with in China uses VPNs. When asked whether they were scared to get caught, they generally respond "of who?"

        One guy explained that the firewall was just a soft block and without VPNs, it would be Impossible to do business with the rest of the world.

        The idea I get is that most people like the firewall because you have to actively circumvent it to be flooded by American style hate news (read any news site. They are nonstop hate streams) and pornography. Like "ok... I'm read

    • compare NK to Israel. .Israel is far far worse yet gets preferential treatment.

      No, MORALITY is a false scale being used in the United States to justify nonsense.

  • Paid her poorly... (Score:5, Insightful)

    by Bert64 ( 520050 ) <bert@@@slashdot...firenzee...com> on Wednesday May 28, 2025 @08:12AM (#65410095) Homepage

    If she was only paid 177k for nearly 4 years of work that's not a great salary...

    The term "steal" is not entirely appropriate either, "fraudulently obtained" would be more accurate. After all the companies willingly paid the money, and the workers carried out the work expected of them to a high enough standard otherwise they'd have been fired.

    • Re: (Score:2)

      by Entrope ( 68843 )

      the workers carried out the work expected of them to a high enough standard otherwise they'd have been fired.

      In my experience, the overhead costs of firing people are usually high enough that "high enough" is a dismayingly low threshold.

      • Re: (Score:2)

        by Bert64 ( 520050 )

        Most employees have a probationary period where it's trivially easy to terminate someone if they're not up to the standard expected.

        Yes the threshold is often alarmingly low, but this is less to do with the difficulty of firing and more to do with the difficulty of replacement.

      • Re: (Score:2)

        by mspohr ( 589790 )

        What "overhead" costs are there to firing a remote worker in another country?
        Corporations don't seem hesitant to fire even US workers on the slightest whim.

    • Re: (Score:2)

      by pjt33 ( 739471 )

      You may consider that poor pay if she was working 40 hour weeks keeping those laptops turned on, but it's better than minimum wage (possibly still true after costs, I haven't tried to research Minnesota electricity prices) and in reality probably didn't require 40 hour weeks. More like monthly reboots and occasionally installing a new laptop when they delivered it to her.

      • Re: (Score:2)

        by mspohr ( 589790 )

        I am confused.
        TFS says "Minnesota waitress" but then refers to her "Arizona operation" containing over 90 computers.

    • I mean that's not a bad side gig. Most people could have their house paid off with it.

    • Re: (Score:1)

      by mspohr ( 589790 )

      It sounds like they were good workers and were paid appropriately by US companies who just outsourced the work and were happy to have the work done.
      No different than outsourcing to any other cocountry except the PRK is on the "bad country" list.

  • and now all the source code and other docs may be in open court?

  • Not just fraud ... (Score:5, Informative)

    by dbu ( 256902 ) on Wednesday May 28, 2025 @09:05AM (#65410241)

    While the headline frames this as a quirky “laptop farm” scam, the DOJ filings show it’s far more serious:

    - This wasn’t a typical remote-work fraud. It was a structured operation involving North Korean IT workers, false identities, and money laundering, with explicit goals of evading sanctions and funding the DPRK regime.
    - Over 300 U.S. companies, including Fortune 500s, were unknowingly infiltrated. Some of the targets were strategic industries (aerospace, media, finance).
    - Workers didn’t just "do the job", they did it under stolen identities, triggering false tax liabilities and access to internal systems, with implications for both data security and federal compliance.

    Calling this “just wage theft” is like calling a phishing campaign "email misunderstandings." It misses the real issue: this was a nation-state operation masked as freelance tech work.

    https://www.justice.gov/usao-d... [justice.gov]
    https://www.justice.gov/usao-d... [justice.gov]

  • It seems like a bad sign that just having their onsite person install remote access software on the laptops wasn't seen as unacceptably high risk.

    That's not something you try to keep an eye on specifically because Bob from Accounting might secretly be Bob from Accounting from Pyongyang; but because endpoint malware generally is a fairly common risk; and (usually social-engineering driven, just fullscreening a browser with some scary text about how you've been haxx0red and need to call Microsoft support i

    • Re: (Score:2)

      by AvitarX ( 172628 )

      Wouldn't you use some type of KVM to network for your remote access?

      The computer wouldn't have any way to know.

      • The article said that the accomplice "handled logistics including receiving company laptops, installing remote access software, and processing falsified employment documents"; which I interpreted as meaning that software remote access was still a viable strategy.

        As I noted; a proper network KVM would be essentially invisible and relatively low effort(you couldn't necessarily just grab something off the shelf; unless they are pure desktop/laptop or young enough to have known only 'cloud', IT might well no

        • Re: (Score:2)

          by AvitarX ( 172628 )

          I just assumed sloppy journalism wording.

          The person sets up the KVMs and manages making sure they can be connected to remotely.

  • Nothing unwitting about it (Score:5, Insightful)

    by rsilvergun ( 571051 ) on Wednesday May 28, 2025 @09:37AM (#65410331)
    They wanted cheap labor and they got it. But if you get caught hiring people from hostile foreign Nation then have to pretend you're the victim.

    Remember folks the only reason your boss hasn't killed you and sold your organs is because it's not legal but yet.

    • Re: (Score:2)

      by EvilSS ( 557649 )
      Who told you they were cheap? These people were applying for open positions as US citizens. It's not like they went out to outsourcing.nk to find them.
      • Wow somebody doesn't know what supply and demand is... Or the concept of posting a job for substantially less than you can find people willing to take it.

        It's funny this is supposed to be a science and technology forum but even basic mathematics is too much for a lot of people here.

    • Re: (Score:2)

      by mjwx ( 966435 )

      They wanted cheap labor and they got it. But if you get caught hiring people from hostile foreign Nation then have to pretend you're the victim.

      Remember folks the only reason your boss hasn't killed you and sold your organs is because it's not legal but yet.

      Correction good sir, the only reason your boss hasn't harvested and sold your organs is because he might still get punished if caught. That is slowly changing, at least in the US.

  • Ha! (Score:5, Funny)

    by ArchieBunker ( 132337 ) on Wednesday May 28, 2025 @09:42AM (#65410343)

    She should have stolen classified documents and kept them in her bathroom.

  • Unwitting? (Score:3)

    by Zontar_Thing_From_Ve ( 949321 ) on Wednesday May 28, 2025 @09:43AM (#65410349)
    Calling her "unwitting" seems more like something a lawyer would say to get their client the lowest sentence possible rather than an accurate description of what was going on.
    • Really, you think a Minnesota waitress could have figured out that entering information on designated forms for a job she got on Linkedin was probably illegal? I don't.
  • That's a seriously messed up situation. She was the patsy and almost certainly had no idea what she was doing. She should go free regardless of what that does to any future case. justice without mercy is not justice.

    • Re: (Score:3)

      by N1AK ( 864906 )
      This is a really stupid position. It's not like she got prosecuted for some random crime like 'helping someone who turned out to be a hacker'. She was prosecuted for crimes like identity theft which, even in the dubious American system, would require their to be evidence that she knew she was helping someone commit identity theft. She absolutely did know what she was doing (helping people falsely claim to be working from her property using false identities) even if she didn't know exactly who they were etc.
      • >would require their to be evidence that she knew she was helping someone commit identity theft.

        No it wouldn't. I would look up the case, but TFA is adwalled and/or paywalled
  • This accounts for somewhere around 1% of North Korea's remote work fraud. When is the FBI going to track the rest down? I don't know that news of this case will cause all of them to just quietly shutdown when the associated mules hear about the 8 years-in-prison downside to their operations, but some of those that hear about this are just going to demand more money. Christina Chapman doesn't sound like the type of person to read the news, guessing the other laptop farm operators similarly are not news rea

    • Re: (Score:2)

      by Pascoea ( 968200 )

      When is the FBI going to track the rest down?

      They are far too busy for such menial and pointless investigative work. There are far far more pressing matters to look into, like who dropped a baggie of coke in the White House reception room, and who leaked the per-determined result of the Dobbs case. You know, the heavy-hitting stuff. [reuters.com]

  • Rich target for humor again finds none on Slashdot. Details at 11.

    I wanted to see this story as evidence the FBI was still functional in some constructive sense, but turns out this is old news. Does anyone know if the new director is still permitting this sort of investigation? The YOB could get dragged in via his crypto bros. Recently heard some reporting about how that special dinner was handled. The biggest buyers of his "special" coins had a private reception and personal meeting with him, followed up w

  • While some were fired early, some also stayed on for months/years and were clearly doing the job they were being paid for to an acceptable enough level to pass muster.

  • She settled - that means, the prosecutors probably threatened her with unreasonably strong and inappropriate charges that she probably didn't understand, so that she'd settle for the appropriate charges, and the prosecutors get to avoid a trial. That aspect is rarely covered in these stories. A lot about this case could have been revealed by a court case. But a persistent conspiracy to short circuit that process keeps that from happening with regularity. Justice my ass.

Slashdot Top Deals

A freelance is one who gets paid by the word -- per piece or perhaps. -- Robert Benchley

Close