Americans sentenced for running 'laptop farms' for North Korea
Source: Bleeping Computer
Two U.S. nationals were sentenced to 18 months in prison each for operating so‑called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies.
Matthew Isaac Knoot and Erick Ntekereze Prince are the seventh and eighth U.S.-based “laptop farmers” sent to prison since the start of the year as part of a federal initiative targeting North Korea’s illicit revenue‑generation schemes.
“These sentences hold accountable U.S. nationals who enabled North Korea’s illicit efforts to infiltrate U.S. networks and profit on the back of U.S. companies,” said Assistant Attorney General John A. Eisenberg in the Justice Department release. “These defendants helped North Korean IT workers masquerade as legitimate employees, compromising U.S. corporate networks and helping generate revenue for a heavily sanctioned and rogue regime.”
Source
Sentencing details
| Defendant | Prison term | Restitution / Forfeiture |
|---|---|---|
| Matthew Isaac Knoot | 18 months | $15,100 restitution, $15,100 forfeiture |
| Erick Ntekereze Prince | 18 months | $89,000 forfeiture |
Matthew Isaac Knoot’s operation
- Arrest & charge: August 2024
- Timeframe: July 2022 – August 2023
- Method: Ran a laptop farm from his Nashville residences. Company‑issued laptops were shipped to a stolen identity (“Andrew M.”). Unauthorized remote‑desktop software was installed, allowing North Korean IT workers to appear as legitimate U.S.–based employees.
- Financial impact: Victim companies paid > $250,000 in salaries, falsely reported to the Social Security Administration and the IRS under stolen identities.
- Additional costs: More than $500,000 in auditing and remediation expenses for the victim companies.
Erick Ntekereze Prince’s operation
- Plea: Guilty to wire‑fraud conspiracy (November 2023)
- Timeframe: Approximately June 2020 – August 2024
- Method: Operated through his company, Taggcar Inc., enabling at least three North Korean IT workers to obtain remote employment at U.S. firms.
- Financial impact: Victim companies paid > $943,000 in salaries, the majority routed overseas.
- Additional costs: More than $1 million in remediation expenses for the victim companies.
FBI warnings and broader context
The FBI has been alerting the public about North Korean IT workers infiltrating U.S. firms since at least 2023:
- FBI PSA (May 2024) – warning about North Korean IT workers.
- State Department reward offer – incentives for information.
- Repeated notices that North Korea maintains a large army of thousands of IT workers using identity theft to secure employment at hundreds of American companies each year.
- See BleepingComputer coverage of the IT worker army and related sanctions.
Recent related cases
- Kejia Wang and Zhenxing Wang – U.S. nationals sentenced in April for assisting North Korean remote IT workers. (BleepingComputer report)
- Christina Marie Chapman – 50‑year‑old from Arizona sentenced to 102 months for running a laptop farm that placed North Korean IT workers in 309 U.S. companies. (BleepingComputer report)