Major US firms scammed by massive North Korean remote work laptop farm

A massive remote work scam may have fooled hundreds of US companies into hiring North Koreans. US prosecutors have accused North Korean nationals of infiltrating over 300 US companies, including Fortune 500 giants using a so-called laptop farm. The elaborate scheme, facilitated by an American accomplice, allegedly saw millions of dollars funnelled back to the sanctioned nation.

According to the US Attorney’s Office for the District of Columbia, Christina Marie Chapman, 49, of Arizona, stands accused of playing a pivotal role in this international scam. Federal prosecutors charged her with nine counts, including conspiracy to defraud the US.

According to the indictment, starting in 2020, the operation exploited the identities of roughly 60 unsuspecting US citizens. These stolen identities became the masks for North Korean IT workers seeking remote employment opportunities within the US. The scheme’s reach extended far and wide, impacting over 300 companies across diverse sectors. Prosecutors estimate the gains at $6.8 million, siphoned back to North Korea in defiance of US sanctions.

The indictment details how Chapman allegedly served as the linchpin of the operation. In March 2020, she was reportedly approached by an unidentified individual seeking her services as the “US face” of their company. This seemingly innocuous proposition snowballed into a full-blown criminal conspiracy.

Chapman allegedly facilitated the overseas IT workers’ applications for remote positions at prestigious American companies. The list of targeted firms is an eye-opener, encompassing a major television network, a leading Silicon Valley tech company, an aerospace manufacturer, and even a prominent American carmaker.

Prosecutors allege that the workers used virtual private networks (VPNs) to mask their real locations, making it appear as though they were working remotely from within the United States, likely routed through Chapman’s residence. To further disguise their identities, Chapman is accused of receiving and forging payroll checks, with the workers’ wages funneled into her bank account. This stolen income, exceeding $6.8 million according to the indictment, was then allegedly reported to the IRS and Social Security Administration under the stolen identities, adding a layer of financial fraud to the scheme.

The indictment further suggests that Chapman wasn’t alone in profiting from the scam. In exchange for her services, she reportedly charged a monthly fee to the North Korean workers.

This elaborate scheme has sent shockwaves through the American business world. Nicole M. Argentieri, head of the Justice Department’s Criminal Division, emphasized that these charges should serve as a “wake-up call” for companies employing remote IT workers. Businesses must now reassess their hiring practices to ensure robust verification processes are in place to prevent such infiltration in the future.

Beyond the white collar

This operation appears to highlight how North Korea is attempting to circumvent international sanctions. With the passage of the North Korea Sanctions and Policy Enhancement Act in 2016, the nation was effectively cut off from the US financial system. This has pushed North Korea towards increasingly sophisticated schemes to bypass these restrictions.

Kevin Vorndran, assistant director of the FBI’s Counterintelligence Division, emphasised the gravity of the situation. He explained that while the charges might appear to be a “typical white-collar” crime on the surface, they represent a “new high-tech campaign to evade US sanctions, victimize US businesses, and steal US identities.” This underscores the evolving tactics of state-sponsored cybercrime, highlighting the need for heightened vigilance within the US business community.