Christina Chapman, a 50-year-old Arizona woman, has just been sentenced to 102 months in prison for helping North Korean hackers steal US identities in order to get "remote" IT jobs with more than 300 American companies, including Nike. The scheme funneled millions of dollars to the North Korean state.

Why did Chapman do it? In a letter sent this week to the judge, Chapman said that she was "looking for a job that was Monday through Friday that would allow me to be present for my mom" who was battling cancer. (Her mother died in 2023.) But "the area where we lived didn't provide for a lot of job opportunities that fit what I needed. I also thought that the job was allowing me to help others."

Managing all this fraud required plenty of tedious bureaucracy. The North Koreans had to steal US identities, of course, but then they also had to, you know, get hired. This involved endless paperwork, such as writing resumes and filling out I-9 forms to show eligibility to work in the US. Chapman was also key to the less obvious, more technical part of the scheme—how to make it appear like all these remote workers were actually living in the country?


Part of the laptop farm in Chapman's home. FBI


When her clients got hired, Chapman would receive their corporate laptops in the mail. Sometimes she would re-ship them to "a city in China on the border with North Korea." But she kept more than 90 of the machines at her place in Arizona. Using proxies, VPNs, and remote access software like Anydesk, the North Koreans logged into their "American" computers from afar and then appeared to be normal, US-based remote employees, showing up to staff meetings on Zoom, collecting paychecks, and occasionally exfiltrating data or installing ransomware.