How North Korea Hid an IT Workforce Inside US Companies | Bloomberg Investigates
By Bloomberg Originals
Key Concepts
- IT Worker Scheme: North Korea’s strategy of employing individuals (often posing as Americans) in remote IT jobs to generate revenue, bypassing sanctions.
- Laptop Farming: The practice of American facilitators hosting and maintaining computers used by North Korean IT workers.
- Sanctions Evasion: North Korea’s efforts to circumvent international sanctions imposed due to its nuclear weapons program.
- Identity Theft: The fraudulent use of another person’s personal information (SSN, DOB, etc.) for financial gain.
- Facilitator: An individual who unknowingly (or knowingly) assists in illicit activities, in this case, aiding North Korean operatives.
- AnyDesk: A remote desktop application used to allow North Korean workers access to computers hosted in the US.
- Dandong, China: A Chinese city bordering North Korea, used as a transit point for laptops and funds.
The Case of Christina Chapman: Facilitating North Korean Sanctions Evasion
This account details the story of Christina Chapman, a 49-year-old American woman who unwittingly became a key facilitator in a North Korean scheme to evade international sanctions and generate revenue for its weapons programs. The narrative unfolds from Chapman’s personal background to her eventual conviction and sentencing, highlighting the sophistication of North Korea’s cyber operations and the vulnerabilities exploited in the US financial and employment systems.
Chapman’s Background and Initial Employment
Christina Chapman, born in South Korea, always had a strong connection to her heritage and a preference for solitary activities like reading and drawing. Driven by a desire to financially support her mother battling cancer, she enrolled in a software engineering bootcamp in 2020, aiming for a remote position. The COVID-19 pandemic led to the loss of most job offers, except for one presented through LinkedIn. This job involved acting as a “face” for a company, managing client communication and potentially some database work. The employer claimed to need individuals with coding skills superior to their own, a red flag that Chapman initially dismissed.
The Arrival of the Laptops and Escalating Involvement
The job began normally, but soon computers started arriving at Chapman’s home. Initially, only three or four, the number quickly escalated to around 40 active laptops. Chapman’s role involved setting up the computers, installing remote access software like AnyDesk, and maintaining them for the “clients.” She was instructed to ship some of these laptops to locations including the UAE, Pakistan, Eastern Europe, Nigeria, Egypt, and primarily China (specifically Dandong, a city bordering North Korea). Despite her growing unease, Chapman rationalized the international nature of the work and her desperate need for income. She earned between $900 and $12,000 per month, using the funds to improve her living situation and care for her mother.
The Realization of Deception and Growing Concerns
Chapman’s suspicions began to rise after conversations with her “clients,” who demonstrated a disturbing lack of knowledge about the identities they were using. One client admitted to having a completely fabricated identity, while another confessed ignorance about the person whose name was on the checks Chapman was asked to process. She voiced her concerns, even refusing to process checks she believed were fraudulent, feeling increasingly like a “slave” to their demands. Her mother’s deteriorating health and eventual passing in April 2021 further complicated the situation, as the “clients” showed little empathy or understanding.
FBI Investigation and Chapman’s Arrest
The scheme came to the attention of the FBI through reports from companies that traced suspicious activity back to Chapman’s address. Subpoenas revealed shipping records to China, particularly Dandong, and financial statements showing deposits of checks made out to individuals other than Chapman. The FBI discovered that Chapman’s home was essentially a “laptop farm,” hosting dozens of computers actively used by North Korean operatives. After executing a search warrant and finding a large number of laptops, the FBI contacted Chapman while she was on vacation in California. She was arrested and subsequently pleaded guilty to charges of wire fraud and identity theft.
North Korea’s Cyber Operations and the IT Worker Scheme
The investigation revealed a sophisticated North Korean operation designed to circumvent international sanctions. According to experts, North Korea has transitioned from traditional methods of sanctions evasion (methamphetamine production, bank heists) to a large-scale “IT worker scheme.” Thousands of North Korean students are trained in IT skills and then deployed to remote jobs worldwide, posing as American citizens using stolen or fabricated identities and AI-generated resumes. Companies like NBC Universal, Mass Mutual, Nike, Boeing, and Palo Alto Networks were unknowingly employing these operatives. The scheme generates hundreds of millions, potentially billions, of dollars annually, funding North Korea’s weapons programs.
The Role of Facilitators and the Importance of Vigilance
Chapman’s case highlights the crucial role of American facilitators in enabling this scheme. These individuals, often motivated by financial desperation, provide the physical infrastructure and logistical support necessary for North Korean operatives to operate within the US financial system. Experts emphasize the need for increased vigilance from both companies and individuals. Companies must thoroughly vet remote workers and verify their identities, while individuals should be aware of the risks associated with seemingly legitimate remote job offers.
Sentencing and Aftermath
Christina Chapman was sentenced to 102 months in prison. While some argue the sentence was justified given the severity of the crime and its national security implications, others believe she was exploited and deserves leniency. Chapman herself expressed remorse for her actions and the harm caused to the victims of identity theft. The case serves as a stark warning about the evolving threat posed by North Korea’s cyber capabilities and the importance of proactive measures to protect against sanctions evasion. The FBI warns that similar schemes are likely ongoing, with other facilitators potentially unaware of their involvement.
Notable Quotes:
- FBI Agent (regarding Chapman): “She’s a pawn. She is insignificant and she’s easily replaceable.”
- IRS Criminal Investigation Agent: “We’re talking not just about a fraud, we’re talking about national security.”
- Christina Chapman: “That shame and that guilt I will feel the rest of my life.”
- Expert on North Korea: “It's less of a government and more of a criminal enterprise.”
Data and Statistics:
- Revenue generated by Chapman’s laptop farm: $17 million
- Number of laptops found at Chapman’s residence: 30+
- Number of identified identity theft victims: Approximately 70
- Potential annual revenue generated by the North Korean IT worker scheme: Hundreds of millions to billions of dollars.
Conclusion:
The case of Christina Chapman is a compelling illustration of how North Korea leverages cyber operations and exploits vulnerabilities in the US system to circumvent sanctions and fund its illicit activities. It underscores the importance of heightened awareness, robust security measures, and international cooperation to counter this evolving threat. Chapman’s story serves as a cautionary tale, highlighting the devastating consequences of unknowingly participating in a scheme that compromises national security and harms innocent individuals.
Chat with this Video
AI-PoweredHi! I can answer questions about this video "How North Korea Hid an IT Workforce Inside US Companies | Bloomberg Investigates". What would you like to know?