There may be errors in spelling, grammar, and accuracy in this machine-generated transcript.

Caleb Newquist: Long before remote work fraud exploited invisibility. Shell companies existed on paper. Fake vendors existed in accounting systems. Employees existed in payroll databases who never came to work. What changed is the scale. Remote work didn't invent identity fraud. It industrialized it. It allowed someone on the other side of the world to plausibly appear inside your organization without ever physically entering [00:00:30] it. That's the environment Christina Chapman was operating in. Not a dark alley, not a shadow network, but the normal machinery of modern work.

Earmark CPE: Are you an accountant with a continuing education requirement? You can earn free Nasba approved CPE for listening to this episode. Just visit earmarked app in your web browser, take a short quiz and get your certificate.

Caleb Newquist: This [00:01:00] is my fraud. A true crime podcast where dangerous weapons consist of laptops and convincing zoom backgrounds. I'm Caleb Newquist. How's it going? What's happening? Um, I don't remember if I've mentioned this, but I shut off the news alerts from my phone, so I am very. I'm very out of the loop. Kind of. Just generally. So if, you know, if maybe did Bernie Madoff get a posthumous pardon or [00:01:30] maybe Charles Ponzi, George C Parker, was it George? They gave one to George C Parker. That's what happened, right? You know what I'm talking about. Okay, look it up. It's a good one. Okay, imagine, like Elizabeth Holmes, Sam Bankman-Fried, they're they're probably working the angles right now. Stay tuned. Anyway, I'm doing fine. You know, just one day at a time, people. One day at a time. Um, I do have a couple things I want to share with you before we get into it. I received [00:02:00] these recently and I thought they were worth sharing. First an email. This came from Donation Support Initiative and the subject line is charitable donation notification action required. That was the subject line. It reads Dear Sir or Madam, we are pleased to inform you that you have been identified as a potential beneficiary of a charitable donation in the amount of 1 million pounds from Richard and Debbie Nuttall as part of their 2026 [00:02:30] Donation Support initiative. This message serves as a follow up to our previous correspondence as we have not yet received a response.

Caleb Newquist: We kindly request that you reply at your earliest convenience, so we may provide further details and outline the next steps. Yours sincerely, the Richard and Debbie Nuttall. Nuttall. Nuttall. I don't even know. Nuttall team. Um, so yeah, that that's obviously a phishing email. Uh, I did not get [00:03:00] previous correspondence. And I know some of you are hoping that I will now tell you a long story about how I responded to this and strung somebody along for a week or two or whatever. I didn't do any of that, you know, because I know how these scams kind of work. I'm guessing that the other person on the end of this, uh, is being exploited in some terrible way. And, um, you know, they don't really want to rip me off, but they're, you know, they are forced to attempt that, uh, [00:03:30] because they're under duress. So anyway, I did actually look up, uh, the these this Richard and Debbie Nuttall. I don't I don't know how the fuck you say that. What kind of name is that? It's a British name is what it is anyway. Richard and Debbie, I look them up. Uh, they are a couple in the UK. Lancashire, to be precise. Um, and that, of course, because it's Lancashire. It actually looks like Lancashire to the [00:04:00] to the American English. But in the UK it's Lancashire and that's in northwest England.

Caleb Newquist: If you're curious, they won 61 million pounds on January 30th 2024. And that I mean that must have been amazing. That must have been exciting for them. They look very happy in the pictures. If you look them up, they they look very pleased. Um, but anyway, because this is the UK, uh, some of the tabloids, one of the tabloids, [00:04:30] they found Debbie's ex-husband to talk to him for some reason. And, uh, he went on record to say that she should maybe throw him a little of the winnings, and. But he was kidding, so that was kind of nice, I don't know. Anyway, you can never tell with these British, the British subtext. It's always there. You never quite sure what it's saying. But never mind that. Two months after Richard and Debbie won the jackpot, there's a story in the Daily Mirror [00:05:00] reporting that they were already being used in phishing emails for advanced fee schemes. Two months. It only took two months for these lottery winners to become the subject of a ruse. Now, I doubt that's a record of any kind. But, you know, it's two years later and it's still going. And I got one. So, Richard. Debbie, uh, sorry about the, you know, people using you. Hope [00:05:30] you're enjoying the money. Yeah. Okay. Second thing, I got this voicemail recently, and I'll just read the transcript to you now. Hello, this is Nancy from American Tax Consultants.

Caleb Newquist: Today is Saturday, January 24th. I'm following up on the notice we sent out regarding your back taxes and the missed filing and missed filings. Your account. See? Bad. Transcript. This may be our only attempt to reach you. And it's [00:06:00] important that you speak to us today. Please call us right away. We can bring your extension's current request penalty waivers, and review new reduction programs that could significantly reduce or even resolve what you owe. With important deadlines approaching, this is your best opportunity to resolve these issues before they become a larger issue. Please call today to be removed. Please call back the number on your caller ID and press eight. Thanks and I look forward to assisting you. Okay. I don't know, Nancy never spoken to her before. I am not a client [00:06:30] of American Tax consultants. They did not send me a notice. I do not owe back taxes. I have no mis filings. However, American Tax Consultants is the name of a real firm. It's in Pasco, Washington. Which where's Pasco, you ask? It's in North. Excuse me, it's in south central Washington Greg Kite, our resident Washingtonian. He tells me that it's just eastern Washington because it's east of the Cascades. [00:07:00] Okay. I have no reason to doubt that. That's how Washington natives think about it. But it really is in the south part of the state. Okay. It's not like it's not next door to Idaho, but it is next door to Oregon.

Caleb Newquist: So I think that makes it, you know, South Central. All right. Anyway, Pasco is right near the Snake and Columbia rivers, the confluence of those two rivers. It is home to Sacajawea Historical State Park. And [00:07:30] it is one of the three cities making up the Tri-Cities region of Washington state. Okay, that's where American Tax Consultants is located. And shocker, the phone left in the voicemail, which I did not read out loud because I don't want to put anyone in a spot. That phone number is not the phone number on their website. Speaking of their website, on the home page there is a banner that says I am not kidding. Scam alert. Beware of a fraudulent website based in Florida [00:08:00] using our company name. Okay? And it's a funny thing to put on your website when there are also robocalls being made using your firm's name. Uh, but no mention of that. So anyway, American tax consultants, people just know that someone is using your very generic sounding name to to make some robocalls. Okay. And, you know, as far as the website in Florida, I mean, can the website have a domain, can it actually be based in [00:08:30] Florida? I don't know if that's how websites work, but if it is, then all I would say to that is Florida is going to Florida. You know, there's there's just nothing we can really do until Bugs Bunny saws it loose.

Caleb Newquist: Until that time, we're kind of stuck with it. Okay, that's enough business time for some fraud. Christina Chapman had endured a difficult upbringing. [00:09:00] She was born in South Korea, where her father was stationed with the US Marine Corps. But her parents separated when she was just five and then pretty much moved constantly. While she was growing up. She attended more than a dozen schools between kindergarten and 12th grade, and she suffered physical, emotional, and sexual abuse throughout this period. Difficult circumstances continued for Christina into adulthood, as she drifted from one low paying [00:09:30] job to another, doing what she could to support herself financially. Her most stable relationship she had was with her mom, who was diagnosed with renal cancer in 2018. Now, like most people, Christina Chapman wanted to do her best to care for her ailing mother, and she was determined to help her retire and afford her treatment. So Christina enrolled in a computer science boot camp to give her some [00:10:00] better employment opportunities. And it was in March 2020, shortly after she had completed the boot camp, when she finally caught a break. Christina had received a LinkedIn message that offered her to be the US face of a company that assisted foreign workers with obtaining IT jobs in the United States, and the timing was kind of perfect. March 2020 knowledge professionals of all kinds [00:10:30] were confined to their homes as Covid 19, uh, the pandemic began to take hold in the US.

Caleb Newquist: Workers quickly adapted to doing their jobs remotely, and business had to adapt just as quickly whether they wanted to or not. Now, the Democratic People's Republic of Korea is one of the most heavily sanctioned countries [00:11:00] in the world. And these sanctions are not symbolic. They have plenty of teeth. They are designed to cut off the regime's access to foreign currency, international banking systems, advanced technology and trade relationships. The goal of these sanctions is simple make it hard for the North Korean government to fund itself, especially its weapons programs. This matters because foreign [00:11:30] currency is not nice to have. For North Korea, it is existential. Well, why is that? Well, for starters, North Korea doesn't really export anything. It does not Participate meaningfully in global trade. Its economy is tightly controlled, isolated, inefficient. There's just not that many legitimate ways for the country to, [00:12:00] you know, earn money, earn us dollars or earn euros. Okay. So the regime looks for things that can move across borders quietly without triggering customs inspections, tariffs or trade restrictions. Labor is one of those things. Unlike physical goods, labor doesn't move through ports. It doesn't get scanned. It doesn't sit on a ship or a plane. I mean, it [00:12:30] does sit on planes sometimes. But, you know, in this context, no it doesn't. Okay. And when labor is delivered digitally through a laptop over a network connection, it becomes real hard to detect Information technology work is especially attractive.

Caleb Newquist: Software development. Quality assurance, systems administration IT support. These are all jobs where a physical presence is not really necessary. [00:13:00] Output can still be measured, skill can be demonstrated quickly and most importantly, remote work is normalized. So what was this job Christina was actually hired for? It wasn't a quirky international staffing gig. It wasn't a legal gray area. The foreign IT workers Christina was helping, they were North Korean. And the scheme [00:13:30] she just agreed to facilitate was part of a long running, highly organized program run by the North Korean government to secretly place its citizens inside Western companies as remote workers. Christina Chapman had just become a piece of the puzzle for North Korea to evade sanctions. So how did it work? Let's walk through that step by step, because this is where the fraud happens. [00:14:00] And whoa, is it not fancy? Okay. Step one an American company decides it needs a remote IT worker. This is incredibly normal today, but in 2020 and 2021, companies needed engineers, developers IT support. They needed all these people. Projects were behind. Systems were strained. Everyone was hiring. It was a crazy time. It [00:14:30] wasn't even that long ago. I think we all remember it. Most of us anyway. Okay. Step two A worker applies to this remote IT job using a US identity. That identity might be stolen, rented, fabricated.

Caleb Newquist: But it looks real on paper. Okay. Real enough to just pass a screening, a name, resume, LinkedIn profile, some work history. Step [00:15:00] three the interview process happens remotely. So, as we all know, in 2020, 2021, uh, no one really knew how to do. You know, there was a learning curve. I think that's what I'm trying to say. Video calls freeze, cameras malfunction. Audio cuts out. You know, accents don't quite match resumes. Can you see an accent on a resume? I don't know, maybe you can. But anyway, this [00:15:30] is remote work. This is what was happening. Everyone had technical problems. Everyone had explanations for those technical problems. And, you know, there's really nothing at this stage that would have triggered any alarm. According to court records, Kristina Chapman coached workers on how to handle employer questions. In one message, she advised if they ask why you are using two devices, just say the microphone on your laptop doesn't work right. Most [00:16:00] IT people are fine with that explanation. That's the kind of stuff that mattered. It really smoothed things over when maybe otherwise people would have had some questions. Okay. Step four the company hires the worker, and now they need to send equipment to this person. And normally this is where a scheme might collapse because you cannot ship [00:16:30] a corporate laptop to North Korea. So the laptop is instead shipped to a US address. Christina Chapman's address.

Caleb Newquist: Christina gets the laptop. She turns it on. She installs remote access software. She makes sure everything works. And from that moment on, the laptop is no longer meaningfully under her control. Physically, it's in the United States. Operationally, [00:17:00] it's somewhere else. The North Korean worker logs in remotely. They do the work. They attend meetings. So many meetings, they submit code, they respond to tickets. From the company's perspective, nothing looks strange because the work is getting done. The hardware is domestic, the IP address appears. Domestic security systems are seeing what they want to see. This [00:17:30] is a crucial point. The work being real is what makes this fraud Sustainable if the work didn't get done. Companies tend to notice, but the work was getting done. Deadlines were met, code was shipped, tickets closed, projects moved forward. There was no obvious failure that would trigger any suspicion. Okay. Final step. Payroll. [00:18:00] The company pays what it believes is a legitimate employee or contractor. That money goes into a US bank account, moves through some intermediaries, and eventually overseas. There's no dramatic theft. There's no noisy breach, no single moment where someone says, hey, wait a second. Feels like HR stuff it. Onboarding, payroll [00:18:30] feels like all that stuff. And that's exactly why it lasted. Christina Chapman was not writing code for North Korea. She was the infrastructure. She held open the doors. She greased the wheels. According to federal prosecutors, she handled dozens of laptops, at least [00:19:00] 90 and facilitated work for more than 300 US companies.

Caleb Newquist: She received equipment. She shipped replacements. She answered emails. She smoothed things over when necessary. If someone wondered why a camera didn't work, she had an answer. If somebody asked about time zones, she explained it away. If something fell off, she made it right. Fraud at scale almost always depends on [00:19:30] people like this. People who make things work. People who absorb the friction. People who make the system feel boring. Because boring doesn't raise any red flags. One reason this case seems unremarkable at first is because the money doesn't move in this big single dramatic moment, or even a series of dramatic moments. It just moves [00:20:00] slow, routinely. Very ordinary clockwork. According to court filings and Department of Justice press releases, however, companies paid what they believed were legitimate US based employees or contractors. Those payments pass through normal payroll or accounts payable systems. In many cases, the workers appear to be individual contractors. In other cases, they were full time employees. [00:20:30] Either way, the payments they did not look unusual in isolation. The factors that made this case so significant were a couple of things time and scope. Over time, payrolls run regularly every other week or twice a month usually. And so the money from hundreds of companies flowed into a smaller number of US based bank accounts controlled by [00:21:00] facilitators like Christina Chapman. From there, the funds were moved, sometimes in smaller transfers, sometimes through additional intermediaries, and eventually made its way overseas.

Caleb Newquist: Prosecutors emphasized that the structure was intentional. The goal was to distance the original source of funds, US companies from the ultimate beneficiary, North Korean IT workers operating [00:21:30] under state control. In total. Investigators attributed more than $17 million in revenue to the scheme that Christina Chapman oversaw. That number was not based on guesswork. It came from payroll records, bank statements, seized devices and cooperation from companies that were unknowingly participating. And the scale is what pushed this case out of the realm of ordinary fraud and somewhere into [00:22:00] sanctions enforcement. To understand how the scheme lasted as long as it did, you have to understand what hiring looks like in 2020 and 2021. Almost everything that normally would slow fraud down disappeared before the pandemic. Hiring was slow and physical. People went into an office. [00:22:30] Someone checked your ID. Equipment was handed to you face to face. If someone never showed up, it was very obvious. You know, there were these little frictions everywhere and they made a difference. But then there was a pandemic, and all of that stopped. Entire companies went remote in a very short period of time. Days. Hr departments were overwhelmed. [00:23:00] Managers were scrambling. Executives were telling people just to make it work or still come into the office and get sick. Anyway, hiring pipelines that used to take months were compressed into weeks or even days.

Caleb Newquist: Identity verification became document uploads and video calls. Onboarding became asynchronous. Nobody ever physically met anyone anymore. And [00:23:30] into that chaos stepped a workforce that was already optimized for remote work. Nobody was really checking. Shipping addresses weren't scrutinized, payroll systems paid. Whoever cleared onboarding security teams were focused on ransomware, not resumes. The system didn't fail because it was hacked. It failed because it worked pretty much as well as it could under a tremendous amount of pressure. Everyone was just rolling with the punches. Nobody thought they were being reckless. Nobody [00:24:00] felt like they were abandoning controls. They thought they were modernizing. Hr was adapting. Managers were being flexible in a crisis. It thought they were streamlining. Remote work made it possible for someone on the other side of the world to convincingly appear inside your company without ever setting foot in your country. And Christina's job made that failure even easier. No [00:24:30] one would blame you if you said you knew nothing about North Korea. Or maybe everything you know about North Korea comes from the 2004 puppet comedy film Team America World Police. Or maybe the 2014 political satire The Interview, starring James Franco and Seth Rogen. North Korea has a population of 26 million people and an estimated GDP of around $18 billion. That's roughly [00:25:00] the size of Vermont the GDP. Vermont only has 650,000 people and yet has GDP of 18 billion. Very nice. Nice job, Vermont.

Caleb Newquist: Way to go. That seems good. Satellite images of the Korean Peninsula at night show South Korea blazing with light. North Korea almost completely dark. Most North Koreans don't have reliable electricity. Most [00:25:30] have never been on the internet. And yet somehow this country is running a very sophisticated remote IT workforce scheme that's generating hundreds of millions of dollars a year. How does that work? The answer is very selectively. North Korea doesn't give everyone access to technology and training. It gives access to a very small number of people who are useful to the state. According to the Wikipedia article [00:26:00] on this scheme, North Korean intelligence services recruit top graduates from prestigious institutions like Kim University of Technology and the University of Sciences in Pyongsong. They train them in hacking techniques, foreign languages and software development, and then they promise them something that sounds absurd until you think about where they're coming from. Higher wages. Internet access. Those are [00:26:30] big incentives in North Korea. Yeah, in most countries, internet access isn't a perk. It's a utility like water or electricity. In North Korea, it is a luxury reserved for the elite. Research firm Recorded Future and others shows that North Korea's internet access is stratified into tears. The general population. Basically, everyone [00:27:00] has no access to the global internet whatsoever. Meanwhile, a small elite group has limited access to the domestic intranet called Kwangmyong, which is heavily censored and monitored. It's got some government websites, educational content, and even a cooking site with recipes for Korean dishes.

Caleb Newquist: And then there's an even smaller group, what [00:27:30] one report described as just a few dozen families who have full unrestricted internet access. The IT workers fall somewhere in between. According to a 38 North article about a North Korean cloud server used for animation work. The average IT worker inside the country does not have direct access to the internet. Typically, an organization might have just 1 or 2 computers with internet access. Workers need approval to use them [00:28:00] and are monitored while they do so. They're not in the inner circle, but they're also not in the general population that's totally cut off. They get just enough access to do their jobs. And that access by itself makes them part of an elite class. According to one analysis, jobs that require internet access typically come with lavish salaries, high end government housing, and lots of prestige. Either [00:28:30] you are granted access to the internet because you are very elite, or you are granted elite status because of your internet access. But the two always go hand in hand. Now, lavish is obviously relative here. We are not talking about the kind of salaries that afford you penthouses and sports cars. But compared to the average North Korean, these IT workers are doing quite well. And here's the thing. They're probably good at what they do. They'd [00:29:00] have to be. Because if they weren't, then the scheme wouldn't work.

Caleb Newquist: Companies would have noticed. Code reviews would have flagged problems. Managers would have asked questions. But none of that happened. Which means these workers are skilled enough to pass us tech interviews. Write production code, closed tickets meet deadlines. In some cases, they're probably better than the domestic candidates [00:29:30] who got passed over. So the North Korean regime invests in them special facilities, reliable power, high speed internet equipment that works. It's a country of 26 million people, and the regime has built a high tech enclave for maybe a few thousand, just enough to keep the money flowing. The rest of the country can go dark, and the money those workers earn. According to US Department of [00:30:00] Justice reports cited by Palo Alto Networks, individual IT workers can earn up to $300,000 annually. But the North Korean government takes 90% of that 90%. So if a worker earns $300,000, they keep 30,000. The regime takes the rest of that 270. That's the deal. You [00:30:30] work and most of the money goes to the Supreme Leader. The state uses that money to fund weapons programs, pay party officials, and keeps the lights on, literally in Pyongyang. It doesn't go toward building infrastructure. It doesn't feed anybody. It doesn't improve anyone's life. If you don't like the deal, that's fine. You don't have to have the internet. You can just check into the Gulag defect. Maybe if you [00:31:00] can get out.

Caleb Newquist: But defection means leaving your family behind. And the state doesn't really look kindly on that. So the people do the work, and they become part of a system that uses their skills to operate programs that make the world less safe. An American companies, without even knowing it, They're funding the whole damn thing. There's another layer to this story that doesn't [00:31:30] get much attention, but it shows up repeatedly in reporting on North Korean remote worker schemes. And that's the role of technology itself in eroding the signals we used to rely on for a long time. Job interviews were kind of a fraud filter. Not a perfect one, but a real one. You could hear how somebody spoke. You could see how they reacted. You could notice inconsistencies. You could ask follow up questions in real time. Remote interviews weaken that filter, [00:32:00] and AI has started to dismantle it entirely, according to reporting from wired and others. Some North Korean IT workers have used AI assisted tools during interviews. Real time transcription response generation. Even accent smoothing to present a version of themselves that passes screening. If interviews are already mediated through screens, microphones and bandwidth, then anything that improves the signal on one side or disguises it on the other [00:32:30] has an outsized effect. The result is that interviews increasingly measure performance, but not identity. Interviews tell you whether someone can answer questions. They tell you whether someone can solve problems.

Caleb Newquist: They tell you almost nothing about who is actually doing the work. And that's not a moral failing. That's just a technical limitation. And it matters because many companies still treat interviews as identity [00:33:00] checks when they are no longer capable of playing that role. The North Korean scheme exploits this deliberately. If you can perform competently through a digital interface, the system rarely asks who sits behind that performance. And once the job is secured, that's it. The interview doesn't matter anymore. From that point forward, all that matters is the output. Tickets are closed. Code is [00:33:30] shipped. Messages answered. Identity fades into the background. This is another reason the Christina Chapman case worked as long as it did. The system wasn't designed to detect imposters after they were hired. It assumed that problem had already been solved. Eventually, the routine broke down, not because a single company suddenly realized it had been defrauded, but because patterns began to emerge that [00:34:00] could only be seen across many organizations at once. Investigators noticed repeated shipping addresses being used by supposedly unrelated workers at different companies. They noticed clusters of payments flowing to the same bank accounts from employers who had no relationship with one another. They noticed digital activity that suggested workers were not operating where they claimed to be. None of these indicators were conclusive on their own, but altogether they told a [00:34:30] story. And this is an important distinction. Individual managers didn't notice anything wrong.

Caleb Newquist: Individual companies didn't think they'd been defrauded. The work was getting done. When investigators noticed were repetitions at the system level. This is how large scale fraud is usually detected, not by one person having a sudden realization, but by systems noticing patterns that humans aren't looking for. Once federal investigators began mapping [00:35:00] those connections, the focus narrowed quickly on domestic facilitators. And that led them to Christina Chapman. In 2023, federal agents executed a search warrant at Kristina Chapman's home in Arizona. What they found made the abstract suddenly very concrete. Inside the house, agents discovered what prosecutors later described as a [00:35:30] laptop farm. According to reporting based on court records, agents found racks of company issued laptops, many of them labeled with sticky notes linking each device to a specific fake worker identity and employer evidence of a fully functioning operation designed to make it appear that North Korean IT workers were physically present in the United States. These were not spare machines just sitting in a closet. They were active, configured devices [00:36:00] powered, connected, and set up to allow remote access. Investigators ultimately recovered more than 90 laptops and related equipment from the residence. The physicality of the evidence mattered up to that point. The scheme could be described in terms of emails, bank transfers and remote connections. The raid made it all real. It was a house full of laptops quietly generating millions of dollars in revenue for North Korea.

Caleb Newquist: Kristina [00:36:30] Chapman pleaded guilty in February 2025, in federal court in Washington, D.C. that plea followed months of investigation and was supported by documentary evidence, seized devices, bank records and communications between Chapman and her coconspirators. One of the most striking pieces of evidence came from Chapman's own messages. According to court filings cited in press coverage, Chapman [00:37:00] warned her coconspirators about the risks of falsifying employment paperwork, writing, I hope you guys can find other people to do your physical i-9s. These are federal documents. I will send them for you, but have someone else do the paperwork. I can go to federal prison for falsifying federal documents. That message undercut any claim that she was unaware of the legal stakes. Prosecutors argued that it showed she understood the nature of what she was doing [00:37:30] and the consequences. Specifically, she pleaded guilty to conspiracy to commit wire fraud, aggravated identity theft and conspiracy to launder monetary instruments. Those charges mattered because they framed her actions not as an isolated employment scam, but as a coordinated effort that involves stolen identities, deception of US companies, and the movement of money for the benefit of a sanctioned foreign government. In the government's telling, Christina's [00:38:00] role was central. Prosecutors did not describe her as a peripheral helper or a one time participant. They described her as a domestic facilitator who made the scheme work on a day to day basis. The government emphasized that this conduct was repeated and sustained over time.

Caleb Newquist: This was not a single lapse in judgment. It was a pattern. At sentencing, the defense and the prosecution presented [00:38:30] sharply different narratives. The defense focused on Kristina's personal history, her unstable childhood, her financial precarity, and her mother's illness. Argument was that she was not motivated by greed or ideology, but by desperation. The prosecution did not dispute those facts. Instead, it emphasized the scale, repetition, and intent. According to the Department of Justice, Kristina Chapman perpetrated a years long scheme that resulted [00:39:00] in millions of dollars raised for the DPRK regime, exploited more than 300 American companies and government agencies, and stole dozens of identities of American citizens In announcing the sentence, the U.S. Attorney's Office emphasized the broader threat, stating that North Korea, quote, is not just a threat to the homeland from afar, but one that was perpetrating fraud on American citizens, American companies, and American banks. The court ultimately agreed that mitigating factors existed, but concluded they did not outweigh [00:39:30] the seriousness of the offense. Christina Chapman was sentenced on July 24th, 2025, to 102 months in federal prison. Eight and a half years. One reason this case can feel kind of abstract is that there's no single obvious victim. No individual company was bankrupted. No single person lost their life savings. But that doesn't mean there [00:40:00] weren't victims. Us companies were deceived into hiring workers they believed to be domestic employees or contractors. They were denied the opportunity to assess sanctions risk or comply with US law because the true nature of the work was deliberately concealed.

Caleb Newquist: There were also victims of identity theft. Dozens of US citizens had their personal information used without consent to create false employment records. And there were kind of these broad societal harms, right? [00:40:30] Sanctions enforcement depends on collective compliance. But if those systems are undermined, then we all kind of pay the price. You know, it's it's hard to see, but it's it's still harm. It's you know, it shows up as weaker foreign policy as diminished leverage, uh, against, you know, a hostile foreign power. Um, that's, you know, building nuclear weapons instead of feeding starving citizens. [00:41:00] I mean, it's it's it's easy to dismiss because we don't see it right in front of us. It's not personal. It's not dramatic, but it's still harm. There are still consequences. So, did we learn anything? Sure. Uh, first, remote work is not inherently risky. Kind [00:41:30] of relocates it. It concentrates it in places where few organizations are looking. Places they didn't think they needed to watch. So remote work didn't break a part of the system. It just revealed assumptions the system had been making all along. And fraud doesn't really show up as greed all the time. Sometimes it shows up as people [00:42:00] doing their work. Logistics, you know, someone trying to keep things moving during a crisis. And sometimes it's just looks like somebody's trying to take care of their mom.

Caleb Newquist: And that matters because it fits into our fraud triangle almost too cleanly. Right? The pressure is obvious. Christina's mother was sick. Cancer treatment is expensive. She needed stability. Time was of the essence. And [00:42:30] as far as the opportunity, she wanted a job, okay? She wanted to be able to do that. And she could do it remotely. She could get the equipment shipped to her house. She could set up the bank accounts. She could help with the verification. And no one is seeing the full picture. And as far as rationalization, you know, that's easy, because work was being done. [00:43:00] Performed. Work was being performed. Companies weren't complaining. The systems were functioning. Didn't feel like stealing. And that is kind of in a weird way. That's how fraud kind of survives is if it's disguised as something perfectly reasonable. Another lesson is intermediaries are probably more important than we give them credit for. So as we mentioned, Christina wasn't [00:43:30] writing code or hacking anything. She was just coordinating stuff. You know, smoothen the edges. Okay. A scheme of this magnitude doesn't depend on a mastermind. It needs people to absorb friction. Uh, so people don't stop and ask more questions. You might hear it called streamlining, [00:44:00] sometimes from a controls perspective. Maybe should make you uncomfortable because most organizations don't design controls around the person who makes things run smoothly, they design them with bad actors in mind.

Caleb Newquist: Which brings us to the most important lesson of all. This case wasn't uncovered by a white hat hacker. It wasn't exposed by a whistleblower. It didn't collapse because someone [00:44:30] suddenly felt like something was wrong. It was uncovered through pattern recognition, repeated shipping addresses, repeated payment paths, repeated behaviors across organizations that had no reason to be connected. That's just good investigative work. That's what those people are trained to do look for those patterns. And yet, in this case, the damage had already been done because no one thought to look until someone finally [00:45:00] did. The truth is this. The next version of this scheme is probably already running. It just hasn't been noticed yet. That's it for this episode. And remember, if your laptop farm requires sticky notes to keep track of which fake identity goes with which employer, you might want to reconsider your business model. If you have questions, comments, or suggestions for stories, drop me a line at oh, fraud at CPE. Com. This [00:45:30] episode was written by me and Zach Frank. Oh my Fraud is created, written, produced and hosted by me, Caleb Newquist Zach Frank is my co-producer, audio engineer, and music supervisor. Laura Hobbs designed our logo rate review and subscribe to the show wherever you listen to podcasts. If you listen on your mark, you can earn CPE there. Join us next time for more avarice, swindlers and scams from stories that will make you say oh my fraud!