Remote Work Is Convenient for Employees…and North Korean Scammers
12:48 Share

Marketers, you know that feeling when your content just works? When you crush a viral trend before 10 a.m.? That's Contentful. Dynamic content made blissfully simple. Contentful helps you create and launch personalized experiences instantly across any digital channel. No limits. No stress. Only possibilities. Come get the feels at Contentful.com.

Hey, TNB listeners. Before we get started, heads up. We're going to be asking you a question at the top of each show for the next few weeks. Our goal here at Tech News Briefing is to keep you updated with the latest headlines and trends on all things tech. And if you're new to the show, we'd love to hear from you.

Now we want to know more about you, what you like about the show, and what more you'd like to hear from us. So our question this week is, how often do you want new episodes? And how long do you want them to be? Do you want shorter shows more often or longer shows less frequently? If you're listening on Spotify, look for our poll under the episode description, or you can send us an email to tnb at wsj.com. Now on to the show.

Welcome to Tech News Briefing. It's Friday, May 30th. I'm Victoria Craig for The Wall Street Journal. Remote jobs have become common for workers in industries across America. They make the work-life balance easier for employees, but they've also allowed countries like North Korea to infiltrate U.S. companies with the help of everyday Americans. Today, we're taking a deep dive into an intricate scam involving illegal paychecks and stolen data.

A scam that the FBI says involves thousands of North Korean workers has brought hundreds of millions of dollars a year into the country. It's a place where international sanctions have frozen the flow of funds, so the country has gotten creative in its quest for cash. And it's capitalized on some of America's remote work opportunities to start laptop farms in states across the U.S. Bob McMillan covers computer security, hackers, and privacy for The Wall Street Journal. Bob...

I'm going to guess that the phrase laptop farm is not a familiar one for most of our listeners. So what is it and what kind of person typically runs one? Yeah, it's a new gig economy job that's popped up since the COVID epidemic and the advent of massive remote work.

It's not something you'll find advertised, but basically you get a request, maybe via LinkedIn or some kind of gig work site that asks if you want to help a foreign company with a U.S. representation. And the next thing you know, you're getting laptops shipped to your house and you're turning them on and you're operating them, but they're shipped to

fake workers who have got jobs at these companies and who need a US address to pretend to be working out of. So Laptop Farmer receives the computers for the fake workers, turns them on, connects them, and then adds remote software so these people offshore can connect to these laptops and then doing things like tech jobs, Python development and stuff like that. Here's the kicker though. The remote workers are actually North Koreans.

And they're trying to, in a very illegal way, make money for the heavily sanctioned regime there. Tell us about Christina Chapman, because she was one of the people in America who participated in this scheme. Christina Chapman's case was interesting because you had the court record that sort of had all these allegations of what she was doing. And then she left a very long,

long TikTok trail of just all kinds of political TikToks, personal TikToks, TikToks about Japanese boy bands. But embedded in that were a few comments on her work and her situation in life. And I did not make my own breakfast this morning. My clients are going crazy. So I just got a smoothie bowl. It's an acai smoothie bowl and it has bananas, strawberries.

But coincidentally, in the background, you can see I counted at least 10 laptops there. They've got like post-it notes on them that apparently say like the name of the worker and the company they're supposed to be working for. And you hear them just whirring away in her apartment. And what made Chapman a target for this kind of scam? Her story is probably in many ways very typical of these people. They are gig workers who reach a point in their life where they're desperate and

And that's what happened with Christina Chapman. She was basically living in a trailer in Minnesota. She didn't have any heat. She was showering at her local gym. She really was at a dead end in her life. And this offer came in through LinkedIn saying, hey, do you want to be our U.S. representative?

It became clear pretty quickly that some of the stuff she was doing was illegal. It's at least fraudulent, right? But she was desperate and it really did turn her life around. I mean, she ended up having a much better quality of life as a result of this job. The problem is it's completely illegal. So the question about whether these people who are acting on behalf essentially of the North Koreans, whether they know what they're doing is illegal. Christina Chapman may not have known the nationality of the people she was working with, but

But you write that she did acknowledge that she could, quote, go to federal prison for falsifying federal documents. Yeah, it's pretty hard to do this gig without realizing you're doing something illegal, right? Because quite often you have to like forge signatures. You have to facilitate the presentation of fake credentials. But if you look at the court record, she's basically saying, hey, what you're asking me to do is illegal all the time. And the

The thing is that if you do fraud, that's one thing. But if you do fraud in support of the North Koreans, that's way worse. Coming up, a look at the corporate side of this scheme, who the scammers are targeting, and what they want after the break.

Marketers, you know that feeling when your content just works? When you crush a viral trend before 10 a.m.? That's Contentful. Dynamic content made blissfully simple. Contentful helps you create and launch personalized experiences instantly across any digital channel. No limits. No stress. Only possibilities. Come get the feels at Contentful.com.

To make a laptop farming scam successful, tech specialists, usually trained in North Korea's technical education programs, need to first find a backdoor into corporate America. We're back with WSJ reporter Bob McMillan, who's been reporting on this.

Bob, you write that Christina Chapman, the so-called laptop farmer who we heard about earlier, helped North Koreans who got jobs at big companies like at a top five national television network here, a premier Silicon Valley tech company, an aerospace and defense manufacturer, and the list goes on.

How exactly does this process work? How do they effectively trick the companies into hiring people who are really based in North Korea, China, or even Russia, as you report? They basically operate a complete shadow economy. They have LinkedIn profiles. They have GitHub repositories where they store source code. They even have fake companies that they can use as references. So they build this sort of

simulation of a legitimate, usually a tech worker profile. And then they just are so good at bombarding people with job requests. Companies have different levels of diligence they do around making sure the people they're hiring for remote work are real. A lot of them require that you come in, but some don't. And so with the people who can just straight up be hired by a staffing agency, for example, and never even have to show up, that's kind of an easy one for them. But

Even if a company requires like a face-to-face meeting, the North Koreans have a way around that. For a while, they were doing virtual face-to-face meetings with AI-driven avatars. So there are these like fake faces that they would show up on Zoom meetings and

And when people started figuring out how to get around that, like if you ask the AI avatar to wave their hand in front of them, then the software doesn't work. And so you can tell it's a fake person. So they got around that though. They started hiring people who legitimately had tech skills to pass these interviews and

And what do the North Koreans ultimately want from these workers? There are three things they want. First and foremost, they want money. Their regime is sanctioned. They have a hard time trading with anyone in the West. And they need cash. They need cash for their weapons program, for example.

And the FBI estimates that they are making hundreds of millions of dollars a year just from paychecks from companies hiring these North Koreans who, by all accounts, some are terrible workers and some are like not bad. Some last months or even years at these companies. And so they found sort of a hack of our remote work.

situation right now. So that's the first thing they want is money. The second thing, they want more money. So quite often they'll exfiltrate data, they'll steal your corporate secrets, your source code, customer information, and then they will threaten to dump it once you fire them. And so they'll extort you. So that's number two. And then the third case is murky, but the FBI suspects that they are also conducting espionage.

So they've hit aerospace companies. There are certain types of companies that might have secrets that the North Korean regime would be interested in. So those are the three things they're doing. And how widespread is this? The FBI thinks there are thousands of these workers out there. And what's fascinating to me is I heard about this scam a couple of years ago. And where it started was in the cryptocurrency world. Like the crypto companies were getting hit with these fake workers all the time.

And I didn't realize until I wrote this story how incredibly widespread it is. It feels like anybody who is hiring a remote worker has to worry about this.

And is there anything the companies can do once they find out that this has happened to them? Since the story published, there's been a lot of debate over this. I actually asked Amazon's CSO about this problem, and he was aware of it. And I said, what can you do about it? And he said, well, you could have your employees come in five days a week. So just to close the loop on Christina for us, what ended up happening to her once Amazon

She was found out, essentially. The FBI raided her house in October of 2023. She was charged the next year and she struck a plea deal. So she's pled guilty and she's due to be sentenced on July 16. According to the terms of her plea deal, she could be facing just a little bit more than nine years in prison for this. Wow.

Wow. But her financial situation didn't turn out any better. She essentially wound up almost back where she was before. Isn't that right? It was worse, really. I mean, she's living in a homeless shelter now.

She attempted to do a variety of things after the raid. The North Koreans didn't pay her for her final month of services. And she tried to do a GoFundMe. She tried to sell coloring books on Amazon. She did DoorDash one night and made $7.25 doing it. She struggled when this gig went away and she eventually lost her home. And she's, yeah, living in a homeless shelter now.

That was WSJ reporter Bob McMillan there. And that's it for Tech News Briefing. Today's show is produced by Julie Chang. I'm your host, Victoria Craig. Jessica Fenton and Michael LaValle wrote our theme music. Our supervising producer is Melanie Roy. Our development producer is Aisha Al-Muslim. Scott Salloway and Chris Sinsley are the deputy editors. And Falana Patterson is The Wall Street Journal's head of news audio. We'll be back this afternoon with TNB Tech Minute. Thanks for listening.

Marketers, you know that feeling when your content just works? When you crush a viral trend before 10 a.m.? That's Contentful. Dynamic content made blissfully simple. Contentful helps you create and launch personalized experiences instantly across any digital channel. No limits. No stress. Only possibilities. Come get the feels at Contentful.com.