Two US nationals sentenced for role in prolific fake worker laptop farms

Two US nationals have been sentenced to 18 months in prison for their part in running 'laptop farms' aimed at raising money for the North Korean government.

Matthew Issac Knoot, of Nashville, Tennessee, and Erick Ntekereze Prince, of New York, were sent company-issued laptops under stolen identities. They then installed unauthorized remote desktop software that allowed fake North Korean IT workers to appear as legitimate US-based employees.

The two worked separately, but according to the Department of Justice, between them generated more than $1.2 million in revenue for the DPRK and impacted nearly 70 companies in the US.

"These sentences hold accountable U.S nationals who enabled North Korea’s illicit efforts to infiltrate US networks and profit on the back of US companies,” said assistant attorney general for National Security John A. Eisenberg.

Latest Videos From

“These defendants helped North Korean ‘IT workers’ masquerade as legitimate employees, compromising US corporate networks and helping generate revenue for a heavily sanctioned and rogue regime. The National Security Division will continue to pursue those who, through deception and cyber-enabled fraud, threaten our national security.”

Prince helped at least three DPRK IT workers obtain remote employment at US companies between around June 2020 and August 2024. Prince used his company, Taggcar Inc, to supply 'certified' IT staff using false and stolen identities.

He also kept laptops provided by the victim companies at his New York home, installing remote access software without authorization to make it look as if the DPRK IT workers were working there.

Prince was sentenced to 18 months in prison, followed by three years of supervised release. He was also ordered to forfeit $89,000, the amount the DPRK IT workers paid him for his help.

Knoot, meanwhile, ran a laptop farm from his Nashville home between around July 2022 and August 2023, supplying North Korean IT workers to at least four US companies.

These firms paid the DPRK IT workers associated with Knoot’s laptop farm more than $250,000 for their work - most of which was falsely reported to the IRS and Social Security Administration under the name of the actual US citizen whose identity had been stolen.

He and his co-conspirators cost the victim companies more than $500,000 for auditing and fixing their devices, systems, and networks.

Fake North Korean IT workers are rampant

The crimes mark the latest in a continuing series of North Korean campaigns to supply fake workers and steal money for the regime.

Notably, these groups increasingly use voice-changing software during remote interviews to disguise their accents, or using the AI app Face Swap to place their faces in stolen identity documents and generate convincing headshots for CVs.

A host of organisations in the US have been affected by these campaigns over the last two years. As ITPro previously reported, cybersecurity company KnowBe4 unknowingly hired a fake IT worker, who immediately began loading malware as soon as they received their Mac workstation.

“This scheme shows how national security threats now enter through ordinary business systems. These defendants helped North Korean IT workers pose as legitimate employees, gain access to American companies, and generate money for a sanctioned regime,” said US attorney Jason A. Reding Quiñones for the Southern District of Florida.

"These were not paperwork violations. They were deliberate acts that exposed U.S. businesses, compromised trust, and supported one of the world’s most dangerous adversaries. These sentences send a clear message: if you help foreign actors infiltrate American companies for profit, you will face federal prison and lose the money you made.”

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.