Two Americans sentenced for North Korea ‘laptop farms’

Two U.S. nationals were sentenced to 18 months in prison after federal prosecutors concluded they ran “laptop farms” that concealed North Korean IT contractors, routed more than $1.2 million to the Democratic People’s Republic of Korea and touched nearly 70 U.S. companies.

Erick Ntekereze Prince of New York and Matthew Issac Knoot of Nashville, Tennessee, each received 18-month terms for their roles in the scheme. Prince was ordered to serve three years of supervised release and to forfeit $89,000, the amount prosecutors say he received for facilitating employment for DPRK IT workers.

Prosecutors say the defendants used stolen identities and unauthorized remote access tools to make overseas contractors appear as legitimate U.S.-based employees. Companies sent laptops to addresses tied to the defendants under false names. The defendants then installed remote desktop software so North Korean contractors could connect and appear to be working from inside the United States.

Court filings say Prince used his business, Taggcar Inc., to present workers as “certified” IT staff with forged documents and to place DPRK workers at U.S. firms. He is accused of helping at least three North Korean IT contractors obtain remote positions with U.S. companies between about June 2020 and August 2024. Prince kept company-issued laptops at his New York home and installed the remote access software without employer authorization.

Knoot is accused of operating a laptop farm from his Nashville residence from about July 2022 to August 2023 and supplying North Korean workers to at least four U.S. companies. Companies that hired workers tied to Knoot sent more than $250,000 in wages to accounts linked to DPRK contractors. Much of that pay was reportedly falsely reported to the IRS and Social Security Administration under the names of U.S. citizens whose identities had been stolen.

The Department of Justice said victim firms spent more than $500,000 on auditing and repairing devices, systems and networks after the scheme was uncovered. DOJ prosecutors described the case as part of a pattern of operations that use deceptive hiring to move money to North Korea, including voice-altering software during interviews and manipulated headshots to create convincing identity documents.

Assistant Attorney General for National Security John A. Eisenberg described the sentences as holding accountable U.S. nationals who enabled North Korea’s illicit efforts to infiltrate American networks and profit from U.S. companies. U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida characterized the defendants’ actions as exposing U.S. businesses, compromising trust, and supporting a heavily sanctioned regime.

The Justice Department’s National Security Division said it will continue to pursue individuals who use deception or cyber-enabled fraud to threaten national security interests. Prosecutors noted the convictions highlight ongoing enforcement targeting financial schemes that exploit remote work hiring and corporate equipment to move funds to sanctioned states.