Laptop Farms Case Study: Anatomy of a $17M Hiring Fraud

Written By Milanie Cleere

The Scam in Brief

Between 2020 and 2023, Christina Chapman, an Arizona woman with no formal ties to any foreign government, ran what investigators later called a “laptop farm” from her home. She took delivery of company-issued laptops for legitimate-looking hires, kept them connected to U.S.-based networks, and then handed access to overseas operatives—many believed to be tied to North Korea. In some cases, she even shipped company laptops directly to locations near the North Korea–China border.

By proxying traffic through her setup, these operatives convincingly posed as remote IT staff. They passed initial hiring steps, performed work, and maintained access for months. Over 90 laptops were found in her home during an October 2023 raid, and at least 49 others were sent abroad. The operation relied on stolen identities from at least 68 Americans, generating more than $17 million in illicit revenue that may have supported North Korea’s weapons program.

Why Traditional Hiring Checks Failed

On paper, these hires looked legitimate. The names matched U.S. citizens. Background checks passed because the stolen identities belonged to real people with clean records. The company laptops appeared to be in the right country. Video calls didn’t raise red flags—especially for remote teams accustomed to occasional glitches in audio or camera quality.

The real weaknesses were in the areas traditional checks rarely touch: the source and movement of devices, the geography of network traffic, and the alignment between a candidate’s claimed history and their observable technical footprint.

How KYD Would Have Stopped It

KYD is built to find precisely these kinds of inconsistencies before a candidate ever gets company equipment or access. It correlates a developer’s public and permissioned data—GitHub activity, LinkedIn history, technical contributions—with geolocation and network patterns. If Chapman’s operatives had been screened, KYD would have flagged the mismatch between the claimed U.S. location and the device’s repeated connections from a single Arizona subnet tied to dozens of unrelated hires.

It would also have identified that these “employees” lacked credible technical histories consistent with their résumés, showing sparse or suspiciously recent public contributions. And once they were onboarded, KYD’s continuous verification could have detected shifts in device location or network origin, triggering a re-check before months of exposure.

The Takeaway

The Chapman case is a reminder that sophisticated hiring fraud can slip past every traditional safeguard. Background checks confirm who someone says they are; KYD verifies whether the identity, technical footprint, and ongoing behavior actually match. That’s the difference between catching a problem during onboarding and discovering it only after millions have been lost.

Sources Cited

  • https://www.justice.gov/opa/pr/arizona-woman-sentenced-17m-information-technology-worker-fraud-scheme-generated-revenue

  • https://www.theguardian.com/us-news/2025/aug/03/ninety-laptops-millions-of-dollars-us-woman-jailed-for-role-in-north-korea-remote-work-scam

  • https://www.pcgamer.com/hardware/remote-it-worker-scam-involving-90-laptops-and-stolen-identities-generated-usd17-million-in-illicit-revenue-allegedly-bound-for-north-koreas-nuclear-weapons-program

Milanie Cleere
Previous

Fake Freelance Developer Profiles on Gig Platforms: Your Worst Hire Isn’t Who You Think
Next

Deepfakes in Interviews: Spotting Signals Before the Offer