🇰🇵 She ran a North Korean cyber op from Arizona

Welcome to your Wednesday, {{first_name | friend}}. You know them. You hate them. But the very first pop-up ad wasn’t meant to annoy you, it was actually trying to solve a problem.

🧢 Put on your thinking cap. Why were pop-up ads invented in the first place? Was it: A) To avoid placing ads next to controversial content, B) To boost click-through rates for ads, C) To trick pop-up blockers or D) A coding mistake that worked? The answer pops up at the end.

📂 Click the “From:” address above and add me to your address book. Old school, but so is missing a great thing. Takes a sec but makes a ton of difference. — Kim

📬 Was this forwarded to you? Be the first to know, not the last to hear. Sign up now. It’s free!

This isn’t a ripped-from-the-headlines new Netflix series. This really happened in a quiet neighborhood called Litchfield Park that’s about a 20-minute drive from Phoenix, Arizona.

Christina Chapman, 50, looked like your average middle-aged suburban woman. But inside her humble home? A secret cyber ops center built to help North Korean IT workers buy equipment and tools for their military by infiltrating hundreds of U.S. companies. 

That picture above was just a small part of her setup.

North Korean workers aren’t browsing LinkedIn or applying at Google, Amazon and Meta. They can’t. Sanctions block them from working for American companies, at least legally. So what do they do? 

They steal real Americans’ identities, including names, birth dates, Social Security numbers and more. Then, they use them to pose as remote IT workers, slipping into U.S. companies under anyone’s radar.

But when companies send out laptops and phones to their “remote new hires”? Those devices can’t exactly be shipped to Pyongyang.

Over the course of three years, Christina turned her suburban home into a covert operations hub for North Korea’s elite cybercriminals.

She received more than 100 laptops and smartphones shipped from companies all across the U.S. These weren’t no-name startups. We’re talking major American banks, top-tier tech firms and at least one U.S. government contractor. 

All thought they were hiring remote U.S.-based workers. They had no idea they were actually onboarding North Korean operatives.

Once the gear arrived, Chapman connected the devices to VPNs, remote desktop tools like AnyDesk and Chrome Remote Desktop, and even rigged up voice-changing software. 

The goal? To make it seem like the North Koreans were logging in from inside the United States. Chapman also shipped 49 laptops and other devices supplied by U.S. companies to locations overseas, including multiple shipments to a city in China on the border with North Korea.

These fake employees “showed up” every day, submitting code, answering emails, taking meetings, all from halfway around the world. In reality, they were siphoning U.S. tech and cash straight into Kim Jong Un’s regime.

When HR teams requested video verification, Chapman didn’t blink. 

She jumped on camera herself, sometimes in costume, pretending to be the person in the résumé. She ran the whole operation like a talent agency for cybercriminals, staging fake job interviews, coaching the operatives on what to say and even laundering their salaries through U.S. banks.

Her take? At least $800,000, paid as “service fees.”

The total haul for North Korea? Over $17 million in stolen salaries, according to the FBI, which called the scheme a national security threat. Chapman called it “helping her friends.” Really.

Eventually, the scam began to unravel. Investigators noticed odd patterns like dozens and dozens of remote hires all listing the same Arizona address, or company systems being accessed from countries the workers supposedly had never visited.

Chapman was arrested and sentenced in July 2025 to 102 months in federal prison.

And the wildest part? She did it all from her living room. Talk about working from home! Now, hit those share icons below with your family and friends.

I talk to Joseph Cox, cofounder of 404 Media, who shares troubling information about airlines and your data. Then, AI “workslop” drives your coworkers crazy, and I’ll show you how to be your own data broker and make money. That’s not all: I cover the secret formula behind MrBeast’s empire.

Listen on Komando.com →

🎧 Subscribe on your favorite platform:

☎️ Don’t touch the button: Listen, if a YouTube video tells you hackers are about to raid your Apple Pay unless you “Protect Now,” don’t fall for it by clicking. That just dumps you into some scammy “cleaner” app you’ll never need. And those pop-ups screaming, “Congrats, you won a Mac”? Yeah, no, you just won malware. Save your clicks, save your bank account.

Ring of fire: YouTuber Daniel Rotar’s Samsung Galaxy Ring swelled mid-trip, clamping his finger like a lithium bear trap. Airport security screeners wanted him to take the ring off, but he couldn’t, forcing him and his bulbous device to wait until doctors iced and lubed it off. Samsung paid his hotel, but he’s done with smart rings. 

📚 Speakers, spies and scribes: Amazon rolled out their new gear that includes $100–$220 Echo speakers, Show displays with 13MP cams, new 11-inch Kindle Scribes ($430–$630) that let you doodle in color, updated Fire TVs and Ring cams that spot your lost dog. Oh, and Prime members get free Alexa+ (otherwise $20/month), which gives you beefed-up voice skills, smarter search, more natural conversation and overall better personalization. 

Looking to grow your team before year-end? Top candidates are seeking to connect on LinkedIn right now. This is the perfect time to find great talent to help your business thrive in 2026. Post a job for FREE using my special link.*

🚪 Stop and think: A New Mexico woman handed over $60,000 in cash to a scammer posing as the FDIC. He showed up at her door with a fake badge and somehow disabled her phone so she couldn’t call for help. Reminder: No real agency asks you to hand-deliver your life savings. Ever.

Feds, please call me. I can help: Remember when that pirate sports site Streameast was taken down last month? Well, it’s back online, using the exact same domain Homeland Security seized just 13 months ago. Turns out, the feds let the domain expire, and the original owners just reregistered it like a normal GoDaddy shopper. The government’s Achilles’ heel? Forgot auto-renew. Yikes.

🧻 Feeling flushed: Going to China? New viral footage shows a woman in a public restroom forced to scan a QR code to get toilet paper. Over there, you either pay a few cents or watch an ad before the dispenser spits out your ration. The idea is to cut down on toilet paper theft, but this is just Hulu with higher stakes.

One Ohio mom turned $45 into $93,000 on Etsy by selling simple printables. Here’s how you can start your own side hustle with templates people actually buy.

Listen on Komando.com →

🎧 Subscribe on your favorite platform:

Get a fresher home for less than the cost of a takeout meal.

👕 SteamLite iron (35% off): Nonstick soleplate and spray features smooth out cotton, linens and your “dry clean only” shirts.

Stainless steel squeegee (32% off): Swipe left on streaky glass. Comes with two waterproof hooks, so it’s always within reach.

🌀 Drain clog remover (30% off, eight-pack): Ditch the plumber, save your cash. These can handle up to 200 lbs of pulling force.

Moisture absorbers (35% off, six-pack): Pop one in your closet, by your shoes or in your car to fight those funky odors.

🧼 Washing machine descalers (26% off, six-pack): Extra-large tabs clear out three times more gunk than wimpy little tablets.

✨ Make every corner sparkle: See all the essentials I keep reordering right on my Amazon page.

⚡️ 3-second tech genius: Use your mouse wheel button like a shortcut key. Middle-click any link to open it into a new tab, or middle-click an open tab to close it right away.

🚨 Update your iPhone right now: iOS 26.0.1 is out, fixing Wi-Fi glitches, cell dropouts, camera bugs and more. It also patches a security flaw hackers could’ve used. Go to Settings > General > Software Update to install. PSA: iPad, Mac, Apple Watch, Apple TV and Vision Pro got updates, too.

🌐 Stop overpaying for internet: Run a speed test and check if it matches what you’re paying for. Then Google other ISPs and compare. Call your provider, drop the “I might switch” line and watch them magically lower your bill or bump your speed. Gotta love a little competition.

AI isn’t waiting for you. Download NetSuite’s free guide, “The CFO’s Guide to AI and Machine Learning,” to make informed decisions and ensure your business thrives in the AI era.*

💻 Revive that old laptop for free: This is great. Got a dusty Mac or PC lying around? Install ChromeOS Flex and turn it into a Chromebook-like machine that runs smoothly on minimal resources. Perfect for email, browsing, calls and streaming. Bonus: Google Docs works offline, too. All it takes is a USB. Here’s how to do it. Yea, this tip alone was worth the price of this newsletter.

Meet Tilly Norwood, the gorgeous AI actress making a ruckus in Hollywood. She’s not real, but you’d never know it. Think flawless skin, expressive eyes and a résumé built from pixels, not past roles.

Agents are eyeing her like the “next Scarlett Johansson,” while real actors call it “gross” and rage at agencies backing her. 

💄 Her creator says Tilly is more puppetry than person, like a digital art project, not a job stealer. But try telling that to the SAG members who just finished fighting for their livelihoods against AI stand-ins.

Sure, Hollywood’s embraced CGI darlings before with Dobby, Gollum and even Jar Jar having their moment. But this? This is a whole new kind of spotlight sharing. And not everyone’s clapping.

Nerd humor alert: What do Microsoft and Hollywood have in common? With each release they make, it gets worse and worse.

😱 The answer: A) To avoid placing ads next to controversial content. Back in the late 1990s, Ethan Zuckerman was working for a site called Tripod, which hosted user-generated web pages. Advertisers complained that their banners were showing up alongside ... let’s say, less than brand safe content.

So Zuckerman came up with a solution. Instead of placing ads directly on the page, they’d “pop up” in a separate window. That way, the ad wouldn’t be associated with the questionable content. Years later came his official apology in a 2014 essay titled “The Internet’s Original Sin” (paywall link) in The Atlantic. Thanks, Ethan.

Drop a rating below and a comment. I read them all because this is the #1 free tech newsletter in the United States. Tomorrow, what’s the deal with ultrasonic tracking? I’ll tell you how to turn it off.

✌️ You’re not just keeping up. You’re ahead of the curve. — Kim

📣 Don’t keep me a secret: Share this email with friends (or copy URL here)

Photo credit(s): U.S. Department of Justice, Tilly Norwood

Companies noted with an asterisk (*) sponsor my national radio show. Also, as an Amazon Associate, we earn a small commission from qualifying purchases.

This newsletter and its content are intended for informational purposes only. They are provided without warranty of any kind. You shouldn’t construe anything provided here as legal, health, medical, technical, tax, investment, financial or any other kind of advice.

Missed something? View past issues

Join the lists for my weekly small biz and cryptocurrency newsletters!