Remote Work Is Convenient for Employees…and North Korean Scammers - WSJ Tech News Briefing

Summary4 min read

WSJ Tech News Briefing: Remote Work Is Convenient for Employees…and North Korean Scammers

Episode Release Date: May 30, 2025
Host: Victoria Craig
Reporter: Bob McMillan
Publication: The Wall Street Journal

Introduction

In this episode of WSJ Tech News Briefing, host Victoria Craig explores the darker side of the remote work revolution. While remote employment offers significant benefits for American workers, it has inadvertently created opportunities for sophisticated scams orchestrated by North Korean operatives. This detailed analysis delves into how these scams operate, their impact on both individuals and corporations, and the broader implications for the tech industry.

The Emergence of Laptop Farms

Victoria Craig introduces the concept of "laptop farms," a new form of gig economy job that has surfaced post-COVID-19 alongside the surge in remote work. These operations are not advertised publicly but are typically recruited through platforms like LinkedIn or gig work websites.

Key Insights:

Laptop Farmers: Individuals who receive laptops to ship to fake workers posing as employees of legitimate U.S. companies. These devices are then remotely controlled by North Korean workers to perform various tech tasks such as Python development.
Bob McMillan explains, “This is a new gig economy job...you get a request maybe via LinkedIn or some kind of gig work site that asks if you want to help a foreign company with U.S. representation.” (02:14)

Case Study: Christina Chapman

Christina Chapman exemplifies the human element within these scams. Initially living in dire circumstances—a trailer in Minnesota without heat and relying on gym showers—Chapman was lured into the scheme through a deceptive job offer on LinkedIn.

Notable Quotes:

Chapman’s life was significantly improved by the job, yet it was entirely illegal. As Bob notes, “[...] she was desperate and it really did turn her life around. The problem is it’s completely illegal.” (04:18)
Post-discovery, Chapman faced severe repercussions, ending up in a homeless shelter despite her initial financial relief from the scam.

Modus Operandi: Infiltrating Corporate America

Bob McMillan details the sophisticated methods North Korean scammers use to infiltrate reputable U.S. companies:

Building Legitimate Profiles: Creating believable LinkedIn profiles, maintaining GitHub repositories, and establishing fake companies as references.
Overwhelming Job Requests: Bombarding companies with applications to bypass standard hiring diligence.
Circumventing Verification Processes: Initially using AI-driven avatars for virtual interviews until companies tightened their verification methods, leading scammers to employ genuinely skilled tech workers to pass interviews.

Quote: “They build this sort of simulation of a legitimate, usually a tech worker profile...” (07:15)

Objectives of the Scammers

North Korean operatives engage in these scams primarily for three reasons:

Financial Gain: Generating hundreds of millions of dollars annually to fund the heavily sanctioned regime, including military programs.
Data Exfiltration: Stealing corporate secrets, source code, and sensitive information to sell or use for extortion.
Espionage: Targeting aerospace and other sensitive industries to gather intelligence and technological advancements.

Bob McMillan summarizes, “First and foremost, they want money... they want more money... and the FBI suspects that they are also conducting espionage.” (08:31)

Scale and Impact

The FBI estimates thousands of such remote workers are involved in these scams, affecting a wide range of industries. Initially prevalent in the cryptocurrency sector, the reach of these scams has expanded significantly, posing a threat to any organization relying on remote employees.

Quote: “It feels like anybody who is hiring a remote worker has to worry about this.” (09:38)

Corporate Response and Mitigation

Companies are grappling with how to address this pervasive issue. Despite awareness among top executives—such as Amazon's Chief Security Officer—solutions remain limited. The suggestion to mitigate risks includes requiring employees to work on-site five days a week, thereby reducing reliance on remote work that facilitates such scams.

Victoria Craig highlights the ongoing debate: “Since the story published, there's been a lot of debate over this.” (10:02)

The Downfall of Christina Chapman

Christina Chapman's involvement in the scam led to severe personal consequences:

Legal Repercussions: In October 2023, the FBI raided her home. Chapman pled guilty and faced potential sentencing of over nine years in prison.
Financial Ruin: Despite initially improving her financial situation, Chapman ended up homeless after her involvement was exposed. Attempts to recover through GoFundMe, selling products on Amazon, and even gig work like DoorDash yielded minimal income.

Quote: “She struck a plea deal...she could be facing just a little bit more than nine years in prison for this.” (10:27)
Further Impact: “She struggled when this gig went away, and she eventually lost her home.” (10:57)

Conclusion

The episode underscores a critical vulnerability in the remote work ecosystem, where the flexibility and reach of digital employment can be exploited by international actors like North Korea. As remote work continues to be a staple in modern employment, the need for robust verification and security measures becomes increasingly paramount to prevent such sophisticated scams.

Produced by: Julie Chang
Theme Music: Jessica Fenton and Michael Lavalle
Supervising Producer: Melanie Roy
Development Producer: Aisha Al Muslim
Deputy Editors: Scott Salloway and Chris Sinsley
Head of News Audio: Falana Patterson

Note: Advertisements and non-content sections have been excluded to focus solely on the episode's core discussions and insights.

Loading summary

Transcript29 lines

[00:01]
Mark
Marketers. You know that feeling when your content just works. When you crush a viral trend before 10am that's contentful, dynamic content made blissfully simple. Contentful helps you create and launch personalized experiences instantly across any digital channel. No limits, no stress, only possibilities. Come get the feels@contentful.com hey TNB listeners.
[00:27]
Victoria Craig
Before we get started, heads up. We're going to be asking you a question at the top of each show for the next few weeks. Our goal here at Tech News Briefing is to keep you updated with the latest headlines and trends on all things tech. Now we want to know more about you, what you like about the show, and what more you'd like to hear from us. So our question this week is how often do you want new episodes and how long do you want them to be? Do you want shorter shows more often or longer shows less frequently? If you're listening on Spotify, look for our poll under the episode description. Or you can send us an email to tnbsj.com now on to the show. Welcome to Tech News briefing. It's Friday, May 30th. I'm Victoria Craig for the Wall Street Journal. Remote jobs have become common for workers in industries across America. They make the work life balance easier for employees, but they've also allowed countries like North Korea to infiltrate US Companies with the help of everyday Americans. Today, we're taking a deep dive into an intricate scam involving illegal paychecks and stolen data. A scam that the FBI says involves thousands of North Korean workers has brought hundreds of millions of dollars a year into the country. It's a place where international sanctions have frozen the flow of funds. So the country has gotten creative in its quest for cash and it's capitalized on some of America's remote work opportunities. Despite start laptop farms in states across the U.S. bob McMillan covers computer security, hackers, and privacy for the Wall Street Journal. Bob, I'm going to guess that the phrase laptop farm is not a familiar one for most of our listeners. So what is it and what kind of person typically runs one?
[02:14]
Bob McMillan
Yeah, it's a new gig economy job that's popped up since the COVID epidemic and the advent of massive remote work. This is not something you'll find advertised, but basically you get a request maybe via LinkedIn or some kind of gig work site that asks if you want to help a foreign company with U.S. representation. And the next thing you know you're getting laptops shipped to your house and you're turning them on and you're operating them. But they're shipped to fake workers who have got jobs at these companies and who need a US address to pretend to be working out of. So laptop farmer receives the computers for the fake workers workers, turns them on, connects them, and then adds remote software so these people offshore can connect to these laptops and then doing things like tech jobs, you know, Python development and stuff like that. Here's the kicker, though. The remote workers are actually North Koreans and they're trying to, in a very illegal way, make money for the heavily sanctioned regime there.
[03:21]
Victoria Craig
Tell us about Christina Chapman, because she was one of the people in America who participated in this scheme.
[03:27]
Bob McMillan
Christina Chapman's case was interesting because you had the court record that sort of had all these allegations of what she was doing. And then she left a very long TikTok trail of just all kinds of political tiktoks, personal tiktoks, tiktoks about Japanese boy bands. But embedded in that were a few comments on her work and her situation in life.
[03:49]
Mark
And I did not make my own breakfast this morning. My clients are going crazy. So I just got a smoothie bowl. It's an acai smoothie bowl and it has bananas, strawberries.
[04:01]
Bob McMillan
But coincidentally in the background you can see I counted at least 10 laptops there. They've got like post it notes on them that apparently say, like the name of the worker and the company they're supposed to be working for. And you hear them just whirring away in her apartment.
[04:16]
Victoria Craig
And what made Chapman a target for this kind of scam?
[04:19]
Bob McMillan
Her story is probably in many ways very typical of these people. They are gig workers who reach a point in their life where they're desperate. And that's what happened with Christina Chapman. She was basically living in a trailer in Minnesota. She didn't have any heat. She was showering at her local gym. She really was at a dead end in her life. And this offer came in through LinkedIn saying, hey, do you want to be our US representative? It became clear pretty quickly that some of the stuff she was doing was illegal. It's at least fraudulent. Right. But she was desperate and it really did turn her life around. I mean, she ended up having a much better quality of life as a result of this job. The problem is it's completely illegal.
[04:58]
Victoria Craig
So the question about whether these people who are acting on behalf essentially of the North Koreans, whether they know what they're doing, is illegal. Christina Chapman may not have known the nationality of the people she was working with, but you write that she did acknowledge that she could, quote, go to Federal prison for falsifying federal documents.
[05:17]
Bob McMillan
Yeah, it's pretty hard to do this gig without realizing you're doing something illegal, right? Because quite often you have to like forge signatures. You have to facilitate the presentation of fake credentials. But if you look at the court record, she's basically saying, hey, what you're asking me to do is illegal all the time. And the thing is that if you do fraud, that's one thing. But if you do fraud in support of the North Koreans, that's way worse.
[05:45]
Victoria Craig
Coming up, a look at the corporate side of this scheme, who the scammers are targeting and what they want. After the break.
[05:57]
Reba
Isn't home where we all want to be? Reba here for realtor.com, the Pro's number one most trusted app. Finding a home is like dating. You're searching for the 1 with over 500,000 new listings every month. You can find the one Today, download the realtor.com app, cause you're nearly home. Make it real with realtor.com Pro's number.
[06:20]
N/A
One most trusted app. Based on August 2024 proprietary survey. Over 500,000 new listings every month based on average new for sale and rental listings. February 2024 through January 2025.
[06:34]
Victoria Craig
To make a laptop farming scam, successful tech specialists usually trained in North Korea's technical education programs, need a backdoor into corporate America. We're back with WSJ reporter Bob McMillan who's been reporting on this. Bob, you write that Christina Chapman, the so called laptop farmer who we heard about earlier, helped North Koreans who got jobs at big companies like at a top five national television network here, a premier Silicon Valley tech company, an aerospace and defense manufacturer, and the list goes on. How exactly does this process work? How do they effectively trick the companies into hiring people who are really based in North Korea, China or even Russia?
[07:15]
Bob McMillan
As you report, they basically operate a complete shadow economy. They have LinkedIn profiles, they have GitHub repositories where they store source code. They even have fake companies that they can use as references. So they build this sort of simulation of a legitimate, usually a tech worker profile. And then they just are so good at bombarding people with job requests. Companies have different levels of diligence they do around making sure the people they're hiring for remote work are real. A lot of them require that you come in, but some don't. And so with the people who can just straight up be hired by a staffing agency, for example, and never even have to show up, that's kind of an easy one. For them. But even if a company requires, like a face to face meeting, the North Koreans have a way around that. For a while, they were doing virtual face to face meetings with AI driven avatars. So they're these, like, fake faces that they would show up on zoom meetings. And when people started figuring out how to get around that, like, if you ask the AI avatar to wave their hand in front of them, then the software doesn't work, and so you can tell it's a fake person. So they got around that, though. They started hiring people who legitimately had tech skills to pass these interviews.
[08:27]
Victoria Craig
And what do the North Koreans ultimately want from these workers?
[08:31]
Bob McMillan
There are three things they want. First and foremost, they want money. Their regime is sanctioned. They have a hard time trading with anyone in the west, and they need cash. They need cash for their weapons program, for example. And the FBI estimates that they are making hundreds of millions of dollars a year just from paychecks from companies hiring these North Koreans, who by all accounts, some are terrible workers, and some are, like, not bad. Some last months or even years at these companies. And so they found sort of a hack of our remote work situation right now. So that's the first thing they want is money. The second thing, they want more money. So quite often they'll exfiltrate data. They'll steal your corporate secrets, your source code, custom information, and then they will threaten to dump it if you once you fire them. And so they'll extort you. So that's number two. And then the third case is murky, but the FBI suspects that they are also conducting espionage. So they've hit aerospace companies. There are certain types of companies that might have secrets that the North Korean regime would be interested in. So those are the three things they're doing.
[09:36]
Victoria Craig
And how widespread is this?
[09:39]
Bob McMillan
The FBI thinks there are thousands of these workers out there. And what's fascinating to me is I heard about this scam a couple of years ago. And where it started was in the cryptocurrency world, like, the crypto companies were getting hit with these fake workers all the time. And I didn't realize until I wrote this story how incredibly widespread it is. It feels like anybody who is hiring a remote worker has to worry about this.
[10:03]
Victoria Craig
And is there anything the companies can do once they find out that this has happened to them?
[10:08]
Bob McMillan
Since the story published, there's been a lot of debate over this. I actually asked Amazon's CSO about this problem, and he was aware of it. And I said, what can you do about it? And he said, well, you could have your employees come in five days a week.
[10:21]
Victoria Craig
So just close the loop on Christina for us. What ended up happening to her once she was found out?
[10:28]
Bob McMillan
Essentially, the FBI raided her house in October of 2023. She was charged the next year, and she struck a plea deal. So she's pled guilty and she's due to be sentenced on July 16. According to the terms of her plea deal, she could be facing just a little bit more than nine years in prison for this.
[10:49]
Victoria Craig
Wow. Wow. But her financial situation didn't turn out any better. She essentially wound up almost back where she was before. Isn't that right?
[10:57]
Bob McMillan
It was worse, really. I mean, she's living in a homeless shelter now. She attempted to do a variety of things after the raid. The North Koreans didn't pay her for her final month of services. And she tried to do a GoFundMe. She tried to sell coloring books on Amazon. She did doordash one night and made $7.25 doing it. She struggled when this gig went away, and she eventually lost her home. And she's. Yeah, living in a homeless shelter now.
[11:27]
Victoria Craig
That was WSJ reporter Bob McMillan there. And that's it for Tech News Briefing. Today's show produced by Julie Chang. I'm your host, Victoria Craig. Jessica Fenton and Michael Lavalle wrote our theme music. Our supervising producer is Melanie Roy. Our development producer is Aisha Al Muslim. Scott Salloway and Chris Sinsley are the deputy editors. And Falana Patterson is the Wall Street Journal's head of news audio. We'll be back this afternoon with TNV Tech Minute. Thanks for listening.
[11:59]
Reba
Isn't home where we all want to be? Reba here for realtor.com the Pro's number one most trusted app. Finding a home is like dating. You're searching for the 1 with over 500,000 new listings every month. You can find the one today. Download the realtor.com app cause you're nearly home. Make it real with realtor.com Pro's number.
[12:21]
N/A
One most trusted app based on August 2024 proprietary survey. Over 500,000 new listings every month based on average new for sale and rental listings February 2024 through January 2025.