A Belgian startup founder's search for a new coder ended up finding him more than an eager employee. Simon Wijckmans, based in London and running the web security company c/side, began spotting candidates with strong resumes but odd signals: suspicious accents, noisy backgrounds, shaky connections, and a preoccupation with salary, per Wired. More interviews raised even more red flags—one applicant's glasses even reflected a chatbox with messages scrolling by during the call, suggesting the applicant was talking to someone (or something) else during the interview. Wijckmans hadn't yet realized that he'd stumbled onto a novel type of cybercrime: remote IT workers claiming to be US-based but actually tied to North Korea.
These workers were part of a sophisticated operation using fake IDs and, increasingly, AI tools to get hired by American and European tech companies. Once they landed jobs, they needed help inside the US—enter "facilitators" like Christina Chapman, who handled phony paperwork, received paychecks that she'd take a piece of before sending the rest overseas, and managed "laptop farms" that allowed North Korean operatives to control company-issued computers remotely.
Chapman's home in Arizona housed at least a dozen laptops, each set up to appear as if operated by American employees. Federal prosecutors say her network laundered millions for North Korea, with at least 300 employers—some high-profile—duped by the scheme. Chapman pleaded guilty to wire fraud, identity theft, and money laundering charges in February, per a release. The Record notes that, from October 2020 to October 2023, she helped North Korea steal more than 70 identities of US citizens, including setting up fake tax liabilities in their names.
story continues below
North Korean fake-worker operations have ramped up, aided by pandemic-driven remote work policies and advances in AI and deepfake tech. Security experts note that these teams can quietly harvest data or install malicious code, often undetected for months or even years. As companies fight back with more identity checks and technical scrutiny, fraudsters grow more sophisticated, even sending look-alikes for in-person ID checks. Wijckmans, for his part, now tricks suspicious candidates into viewing fake coding pages loaded with Rickrolls and pop-ups on how to defect from North Korea. "Just a little payback," he says. (This content was created with the help of AI. Read our AI policy.)
,
uBlock 
,
and
Ghostery 
)
