North Korean hackers ran US-based “laptop farm” from Arizona woman’s home

Christina Chapman, a 50-year-old Arizona woman, has just been sentenced to 102 months in prison for helping North Korean hackers steal US identities in order to get "remote" IT jobs with more than 300 American companies, including Nike. The scheme funneled millions of dollars to the North Korean state. Why did Chapman do it? In a letter sent this week to the judge, Chapman said that she was "looking for a job that was Monday through Friday that would allow me to be present for my mom" who was battling cancer. (Her mother died in 2023.) But "the area where we lived didn't provide for a lot of job opportunities that fit what I needed. I also thought that the job was allowing me to help others." She offered her "deepest and sincerest apologies to any person who was harmed by my actions," thanked the FBI for busting her, and said that when she gets out of prison, she hopes to "pursue the books that I have been working on writing and starting my own underwear company." Managing all this fraud required plenty of tedious bureaucracy. The North Koreans had to steal US identities, of course, but then they also had to, you know, get hired. This involved endless paperwork, such as writing resumes and filling out I-9 forms to show eligibility to work in the US. (In one chat, Chapman said that she was happy to send I-9 forms from her home address but that she would prefer not to "do the paperwork" herself because "I can go to FEDERAL PRISON for falsifying federal documents.") Chapman was also key to the less obvious, more technical part of the scheme—how to make it appear like all these remote workers were actually living in the country? FBI Part of the laptop farm in Chapman's home. Part of the laptop farm in Chapman's home. FBI More computers. More computers. Part of the laptop farm in Chapman's home. FBI More computers. Laptop farm When her clients got hired, Chapman would receive their corporate laptops in the mail. Sometimes she would re-ship them to "a city in China on the border with North Korea." But she kept more than 90 of the machines at her place in Arizona. Using proxies, VPNs, and remote access software like Anydesk, the North Koreans logged into their "American" computers from afar and then appeared to be normal, US-based remote employees, showing up to staff meetings on Zoom, collecting paychecks, and occasionally exfiltrating data or installing ransomware.