In 1924, a typical American house might have concealed a speakeasy, serving up illicit drinks during Prohibition. Fast forward to 2024, and a similar façade sheltered a data center run by hackers remotely operating from North Korea. Unfortunately for one individual, Christina Chapman, her involvement in this operation has landed her in trouble with the law, resulting in a prison sentence.
Chapman, after a federal investigation, will spend 8.5 years behind bars, followed by three years of supervised release, and is potentially liable to pay back hundreds of thousands of dollars in restitution. While she was certainly aware of the illegal nature of her role—she even commented on the risks of falsifying federal documents in her chat logs—her circumstances paint her as a victim of sorts. At 50 years old, Chapman was seeking a remote job to care for her ailing mother, who was battling cancer.
This search led her to a position that ultimately resulted in her arrest. Her job involved acting as a facilitator for remote employees who were actually North Korean agents masquerading as Americans, stealing funds and sensitive information from various U.S. companies. These agents employed identity theft and remote tools such as VPNs and proxies to execute their scheme.
They would operate from a base in North Korea while Chapman received and forwarded paychecks and handled company-issued laptops. When the FBI apprehended her, they found over 90 laptops in her home, functioning as an ad hoc data center. The prosecutors highlighted that these hackers had infiltrated several prominent companies, including Fortune 500 giants like Nike.
Many individuals have since learned that their colleagues were not who they purported to be. In her pre-sentencing letter to the judge, Chapman expressed gratitude to the FBI for helping her escape from the situation, despite the consequences.