Arizona Woman Sentenced to 8.5 Years for Role in Largest-Ever North Korean IT Worker Scam

In a major breakthrough, an Arizona woman has been sentenced to 8.5 years in prison for her involvement in a massive $17 million North Korean IT worker scam. Christina Marie Chapman, 50, pleaded guilty to conspiracy to commit wire fraud, aggravated identity theft, and conspiracy to launder monetary instruments, and will also serve three years of supervised release.

The scam, which was one of the largest-ever North Korean IT worker scams prosecuted by the Justice Department, involved Chapman running a laptop farm from her home in Arizona, where she hosted computers for overseas IT workers posing as US citizens and residents. These workers, who were actually North Korean operatives, used the devices to gain employment at over 300 American companies, including Fortune 500 corporations, a top-five major television network, and a Silicon Valley technology company.

According to court documents, Chapman also shipped 49 laptops and other devices supplied by US companies to locations overseas, including multiple shipments to a Chinese city near the North Korean border. More than 90 computers were seized from Chapman’s home after a search warrant was executed in October 2023.

The scheme, which was active from October 2020 to October 2023, allowed the fake IT workers to receive payroll checks at Chapman’s home with direct deposits sent to her US bank accounts. The illegal revenue was then laundered and funneled to North Korea, potentially contributing to the country’s weapons programs.

The US Attorney’s Office estimated that the scam cost US businesses at least $88 million over six years, and warned that corporations failing to verify virtual employees pose a significant security risk. To protect businesses from similar threats, the FBI has issued tips to scrutinize identity verification documents and require in-person meetings when possible.

The FBI’s warning echoes similar statements from executives at Google, Snowflake, and other major tech companies, who have warned that companies that think they don’t have a fake IT worker problem are likely already infiltrated by these operatives. The FBI has also issued a list of tips to protect businesses from North Korean IT worker threats, including:

• Scrutinizing identity verification documents to ensure they are legitimate
• Requiring in-person meetings when possible to verify the identity of employees
• Implementing robust cybersecurity measures to prevent unauthorized access to company systems
• Conducting regular audits to detect and prevent suspicious activity

The sentencing of Chapman serves as a reminder of the ongoing threat posed by North Korean IT worker scams, and highlights the importance of vigilance and due diligence in preventing these types of attacks. As the US Attorney’s Office noted, “The call is coming from inside the house,” and companies must be proactive in protecting themselves from these threats.

In a separate case unsealed in December, the DOJ estimated that North Korean IT worker fraud schemes cost US businesses at least $88 million over six years. The US government has also imposed sanctions on alleged North Korean IT sweatshop leaders, and has warned that companies that do business with these entities may be at risk of being targeted by these scams.

The North Korean IT worker scam is a complex and sophisticated threat that requires a comprehensive response. Companies must be proactive in protecting themselves from these threats, and the US government must continue to take steps to disrupt and dismantle these operations.