Christina Chapman, 50, an Arizona woman who pleaded guilty to charges connected to the global North Korean IT workers scheme, has been sentenced to 8.5 years in federal prison. U.S. District Court Judge Randolph D. Moss also ordered Chapman to forfeit proceeds of $284,000 that was to be paid to the North Koreans. She was also ordered to pay a judgement of $176,850—the same amount she charged North Koreans for her help in the scheme that authorities said was one of the largest IT worker conspiracies charged by the Department of Justice.
According to court documents, Chapman helped North Korean workers fraudulently obtain remote-work jobs at U.S. companies. Authorities said she helped to conceal their identities by accepting and safeguarding their laptops, installing remote-access software, and filling out identity forms to make it seem like they were in the U.S. when they were actually overseas. Prosecutors said Chapman turned her home into a “laptop farm,” with labels on each device identifying the associated company and stolen identity, photos from a 2023 raid of Chapman’s house show. All told, the scheme Chapman involved herself in claimed about $17.1 million in salaries from 309 U.S. businesses, paid to North Koreans posing as American IT workers. Nearly 70 Americans had their identities stolen, authorities said.
“North Korea is not just a threat to the homeland from afar. It is an enemy within. It is perpetrating fraud on American citizens, American companies, and American banks. It is a threat to Main Street in every sense of the word,” said U.S. Attorney Jeanine Pirro in a statement. “The call is coming from inside the house. If this happened to these big banks, to these Fortune 500, brand name, quintessential American companies, it can or is happening at your company. Corporations failing to verify virtual employees pose a security risk for all. You are the first line of defense against the North Korean threat.”
Pirro, in a press conference, said Nike was one of the victims and wrote a letter identifying themselves as one of the companies that unwittingly hired a North Korean IT worker and paid the employee $70,000.
Acting Assistant Attorney General Matthew Galeotti said in a statement: “The defendant’s role as a U.S.-based facilitator was critical to North Korea’s complex scheme to defraud American companies and steal the identities of American citizens. This multi-year plot highlights the unique threat that North Korea poses to U.S. companies who hire remote workers. The Criminal Division remains steadfast in its commitment to identify and prosecute individuals who facilitate these criminal schemes against U.S. companies.”
Before Thursday’s hearing, prosecutors said a sentence that was too lenient would convey the wrong message to North Koreans perpetuating the scheme and any potential U.S. facilitators. Cybersecurity experts said the sentence will set a strategic precedent about punishment for Americans who get involved in the way adversaries use AI to deceive the U.S.
Andrew Borene, executive director at Flashpoint threat intelligence, told Fortune: “This prosecution aims to draw a line, deterring future U.S. facilitators and sending a message to Pyongyang.”
Chapman’s role running a laptop farm in the scheme peels back the curtain on a coordinated campaign by the Democratic People’s Republic of Korea (DPRK) to infiltrate American, and increasingly, European businesses.
Following crushing financial sanctions in 2016 that cut off North Korea from the U.S. financial system and banned North Korean workers from getting jobs at U.S. businesses, DPRK leaders created a scheme to weaponize remote work, court documents show. Workers, trained in tech and AI from an early age, are deployed to China, Russia, Nigeria, or the United Arab Emirates to manage dozens of fake or stolen identities, apply for remote IT jobs, and then send their salaries back to North Korea. UN documents show DPRK authoritarian ruler Kim Jong Un allegedly uses the illicit funds to finance the country’s nuclear-weapons program.
For corporate America, the North Korean IT worker scheme has been a wake-up call that has been ringing off the hook for the past two years. Hundreds of Fortune 500 companies have been found to have hired thousands of North Korean IT workers—and the workers have continued to get jobs. UN estimates show the scheme generates between $250 million to $600 million annually for the regime.
Prosecutors said human cost is unmistakable and the Americans who had their identities stolen in the scheme have faced severe consequences. Fake tax liabilities were created in their names, and they’ve faced ongoing monitoring from the IRS and Social Security Administration. One victim was denied unemployment because an IT worker was using their Social Security number, according to Chapman’s sentencing memo.
While Chapman’s role in the scheme involved direct contact with laptops—including shipping devices to China, Pakistan, the UAE, and Nigeria—other Americans who have become embroiled in the scheme have done so unwittingly. A North Korean defector who uses the alias “Kim Ji-min” previously told Fortune, via an interpreter, that Americans involved had “no idea” they were working with North Koreans. Kim said he received and carried out development orders from American companies and concealed his identity completely.
“The North Korean regime has generated millions of dollars for its nuclear weapons program by victimizing American citizens, businesses, and financial institutions,” said FBI Assistant Director Roman Rozhavsky of the FBI’s Counterintelligence Division in a statement. “However, even an adversary as sophisticated as the North Korean government can’t succeed without the assistance of willing U.S. citizens like Christina Chapman, who was sentenced today for her role in an elaborate scheme to defraud more than 300 American companies by helping North Korean IT workers gain virtual employment and launder the money they earned. Today’s sentencing demonstrates that the FBI will work tirelessly with our partners to defend the homeland and hold those accountable who aid our adversaries.”
