Americans sentenced for running 'laptop farms' for North Korea
Phong Xuan
Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies.
Matthew Isaac Knoot and Erick Ntekereze Prince are the seventh and eighth U.S.-based "laptop farmers" sent to prison since the start of the year as part of a federal initiative targeting North Korea's illicit revenue generation schemes.
"These sentences hold accountable U.S nationals who enabled North Korea's illicit efforts to infiltrate U.S. networks and profit on the back of U.S. companies," on Wednesday. "These defendants helped North Korean' IT workers' masquerade as legitimate employees, compromising U.S. corporate networks and helping generate revenue for a heavily sanctioned and rogue regime.
Knoot (who in August 2024) ran a laptop farm from his Nashville residences between July 2022 and August 2023.
During the scheme, he received company-issued laptops addressed to a stolen identity ("Andrew M."), then installed unauthorized remote desktop software that allowed North Korean IT workers to appear as a legitimate U.S.-based employee.
Victim companies paid more than $250,000 to IT workers associated with Knoot's operation, with the payments falsely reported to the Social Security Administration and the Internal Revenue Service under stolen identities.
Prince (who in November) enabled at least three North Korean IT workers to obtain remote employment at U.S. companies from approximately June 2020 through August 2024, operating through his company, Taggcar Inc. Victim companies paid the IT workers hired with the help of Prince more than $943,000 in salary, the majority of which was routed overseas.
Knoot also caused more than $500,000 in auditing and remediation costs at victim companies, while Prince's actions caused more than $1 million in remediation costs. In addition to their 18-month prison sentences, Knoot was ordered to pay $15,100 in restitution and forfeit an additional $15,100, and Prince was ordered to forfeit $89,000.
The FBI about North Korean IT workers since at least 2023 and noted that North Korea maintains a using identity theft to secure employment at each year.
In April, U.S. nationals Kejia Wang and Zhenxing Wang for helping North Korean remote information technology (IT) workers to pose as U.S. residents.
Last July, a 50-year-old Christina Marie Chapman from Arizona for running a laptop farm in her own home, as part of a scheme that helped North Korean IT workers get hired by 309 U.S. companies while using stolen identities.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop.
