Remote Work Is Convenient for Employees…and North Korean Scammers - Tech News Briefing

Wall Street Journal

a day ago

Jobs that allow employees to work from home have allowed for more flexibility. But in the quest to achieve a better work-life balance, we've helped open the door for hackers looking to capitalize on America's workforce. Bob McMillan covers computer security, hackers, and privacy for the Wall Street Journal. He joins host Victoria Craig to discuss how laptop farms have allowed North Korean scammers to rake in hundreds of millions of dollars to the sanctioned country.
Full Transcript
This transcript was prepared by a transcription service. This version may not be in its final form and may be updated.
Victoria Craig: Hey, TNB listeners, before we get started, heads up, we're going to be asking you a question at the top of each show for the next few weeks. Our goal here at Tech News Briefing is to keep you updated with the latest headlines and trends on all things tech. Now, we want to know more about you, what you like about the show, and what more you'd like to hear from us. So our question this week is how often do you want new episodes and how long do you want them to be? Do you want shorter shows more often or longer shows less frequently? If you're listening on Spotify, look for our poll under the episode description, or you can send us an email to tnb@wsj.com. Now onto the show. Welcome to Tech News Briefing. It's Friday, May 30th. I'm Victoria Craig for the Wall Street Journal. Remote jobs have become common for workers in industries across America. They make the work-life balance easier for employees, but they've also allowed countries like North Korea to infiltrate US companies with the help of everyday Americans. Today we're taking a deep dive into an intricate scam involving illegal paychecks and stolen data. A scam that the FBI says involves thousands of North Korean workers, has brought hundreds of millions of dollars a year into the country. It's a place where international sanctions have frozen the flow of funds, so the country has gotten creative in its quest for cash. And it's capitalized on some of America's remote work opportunities to start laptop farms in states across the US. Bob McMillan covers computer security hackers and privacy for the Wall Street Journal. Bob, I'm going to guess that the phrase "laptop farm" is not a familiar one for most of our listeners. So what is it and what kind of person typically runs one?
Bob McMillan: Yeah, it's a new gig economy job that's popped up since the COVID epidemic and the advent of massive remote work. That's not something you'll find advertised, but basically you get a request, maybe via LinkedIn or some kind of gig work site that asks if you want to help a foreign company with a US representation. And the next thing you know, you're getting laptops shipped to your house and you're turning them on and you're operating them, but they're shipped to fake workers who have got jobs at these companies and who need a US address to pretend to be working out of. So laptop farmer receives the computers for the fake workers, turns them on, connects them, and then adds remote software so these people offshore can connect to these laptops. And then doing things like tech jobs, Python development and stuff like that. Here's the kicker though. The remote workers are actually North Koreans and they're trying to, in a very illegal way, make money for the heavily sanctioned regime there.
Victoria Craig: Tell us about Christina Chapman because she was one of the people in America who participated in this scheme.
Bob McMillan: Christina Chapman's case was interesting because you had the court record that had all these allegations of what she was doing. And then she left a very long TikTok trail of just all kinds of political TikToks, personal TikToks, TikToks about Japanese boy bands. But embedded in that were a few comments on her work and her situation in life.
Christina Chapman: And I did not make my own breakfast this morning. My clients are going crazy, so I just got a smoothie bowl. It's an acai smoothie bowl and it has bananas, strawberries.
Bob McMillan: But coincidentally in the background, you can see I counted at least 10 laptops there. They've got Post-it notes on them that apparently say the name of the worker and the company they're supposed to be working for. And you hear them just whirring away in her apartment.
Victoria Craig: And what made Chapman a target for this kind of scam?
Bob McMillan: Her story is probably, in many ways, very typical of these people. They are gig workers who reach a point in their life where they're desperate. And that's what happened with Christina Chapman. She was basically living in a trailer in Minnesota. She didn't have any heat. She was showering at her local gym. She really was at a dead end in her life. And this offer came in through LinkedIn saying, "Hey, do you want to be our US representative?" It became clear pretty quickly that some of the stuff she was doing was illegal. It's at least fraudulent, right? But she was desperate, and it really did turn her life around. I mean, she ended up having a much better quality of life as a result of this job. The problem is it's completely illegal.
Victoria Craig: So the question about whether these people who are acting on behalf essentially of the North Koreans, whether they know what they're doing is illegal. Christina Chapman may not have known the nationality of the people she was working with, but you're right that she did acknowledge that she could "go to federal prison for falsifying federal documents."
Bob McMillan: Yeah, it's pretty hard to do this gig without realizing you're doing something illegal, right? Because quite often you have to forge signatures. You have to facilitate the presentation of fake credentials. But if you look at the court records, she's basically saying, "Hey, what you're asking me to do is illegal," all the time. And the thing is that if you do fraud, that's one thing, but if you do fraud in support of the North Koreans, that's way worse.
Victoria Craig: Coming up, a look at the corporate side of this scheme, who the scammers are targeting and what they want after the break. To make a laptop farming scam successful tech specialists usually trained in North Korea's technical education programs need to first find a back door into corporate America. We're back with WSJ reporter, Bob McMillan, who's been reporting on this. Bob, you write that. Christina Chapman, the so-called laptop farmer, who we about earlier helped North Koreans who got jobs at big companies like at a top five national television network here, a premier Silicon Valley tech company, an aerospace and defense manufacturer. And the list goes on. How exactly does this process work? How do they effectively trick the companies into hiring people who are really based in North Korea, China, or even Russia as you report?
Bob McMillan: They basically operate a complete shadow economy. They have LinkedIn profiles, they have GitHub repositories where they store source code. They even have fake companies that they can use as references. So they build this sort of simulation of a legitimate, usually a tech worker profile. And then they just are so good at bombarding people with job requests. Companies have different levels of diligence they do around making sure the people they're hiring for remote work are real. A lot of them require that you come in, but some don't. And so with the people who can just straight up be hired by a staffing agency, for example, and never even have to show up, that's an easy one for them. But even if a company requires a face-to-face meeting, the North Koreans have a way around that. For a while, they were doing virtual face-to-face meetings with AI-driven avatars. So there're these fake faces that they would show up on Zoom meetings. And when people started figuring out how to get around that, if you ask the AI avatar to wave their hand in front of them, then the software doesn't work. And so you can tell it's a fake person. So they got around that though. They started hiring people who legitimately had tech skills to pass these interviews.
Victoria Craig: And what do the North Koreans ultimately want from these workers?
Bob McMillan: There are three things they want. First and foremost, they want money. Their regime is sanctioned. They have a hard time trading with anyone in the West, and they need cash. They need cash for their weapons program, for example. And the FBI estimates that they are making hundreds of millions of dollars a year just from paychecks, from companies hiring these North Koreans, who by all accounts, some are terrible workers and some are not bad, some last months or even years at these companies. And so they found sort of a hack of our remote work situation right now. So that's the first thing they want is money. The second thing, they want more money. So quite often they'll exfiltrate data, they'll steal your corporate secrets, your source code, customer information, and then they will threaten to dump it once you fire them. And so they'll extort you. So that's number two. And then the third case is murky, but the FBI suspects that they're also conducting espionage. So they've hit aerospace companies. There are certain types of companies that might have secrets that the North Korean regime would be interested in. So those are the three things they're doing.
Victoria Craig: And how widespread is this?
Bob McMillan: The FBI thinks there are thousands of these workers out there. And what's fascinating to me is I heard about this scam a couple of years ago. And where it started was in the cryptocurrency world. The crypto companies were getting with these fake workers all the time. And I didn't realize until I wrote this story how incredibly widespread it is. It feels like anybody who is hiring a remote worker has to worry about this.
Victoria Craig: And is there anything the companies can do once they find out that this has happened to them?
Bob McMillan: Since the story published, there's been a lot of debate over this. I actually asked Amazon's CSO about this problem, and he was aware of it. And I said, "What can you do about it?" And he said, "Well, you could have your employees come in five days a week."
Victoria Craig: So just to close the loop on Christina for us, what ended up happening to her once she was found out, essentially?
Bob McMillan: The FBI raided her house in October of 2023. She was charged the next year, and she struck a plea deal. So she's pled guilty, and she's due to be sentenced on July 16. According to the terms of her plea deal, she could be facing just a little bit more than nine years in prison for this.
Victoria Craig: Wow. Wow. But her financial situation didn't turn out any better. She essentially wound up almost back where she was before. Isn't that right?
Bob McMillan: It was worse, really. I mean, she's living in a homeless shelter now. She attempted to do a variety of things after the raid. The North Koreans didn't pay her for her final month of services. And she tried to do a GoFundMe. She tried to sell coloring books on Amazon. She did DoorDash one night and made $7.25 doing it. She struggled when this gig went away, and she eventually lost her home. And she's, yeah, living in a homeless shelter now.
Victoria Craig: That was WSJ reporter, Bob McMillan there. And that's it for Tech News Briefing. Today's show is produced by Julie Chang. I'm your host, Victoria Craig. Jessica Fenton, and Michael LaValle wrote our theme music. Our supervising producer is Melony Roy. Our development producer is Aisha Al-Muslim. Scott Saloway and Chris Zinsli are the deputy editors. And Philana Patterson is the Wall Street Journal's head of news audio. We'll be back this afternoon with TNB Tech Minute. Thanks for listening.