A Tennessee man has been arrested for generating revenue for North Korea’s illicit weapons program by using a “laptop farm,” the U.S. Justice Department announced on August 8.
Matthew Isaac Knoot, 38, of Nashville, Tennessee, is accused of helping North Korean workers “pose as a U.S. citizen” as part of a scheme to gain employment at American and British tech companies, and of conspiring to launder money earned by the workers to financial accounts tied to North Korean and Chinese individuals.
“Knoot allegedly assisted them in using a stolen identity to pose as a U.S. citizen; hosted company laptops at his residences; downloaded and installed software without authorization on such laptops to facilitate access and perpetuate the deception; and conspired to launder payments for the remote IT work, including to accounts tied to North Korean and Chinese actors,” the Justice Department explained.
According to the Justice Department, the IT workers, who were North Korean nationals, used the stolen identity of a U.S. citizen, “Andrew M.,” to obtain this remote work. The scheme defrauded U.S. media, technology, and financial companies, ultimately causing them hundreds of thousands of dollars in damages.
According to court documents, Knoot ran a “laptop farm” at his Nashville residences between approximately July 2022 and August 2023. The victim companies shipped laptops addressed to “Andrew M.” to Knoot’s residences. Following receipt of the laptops, and without authorization, Knoot logged on to the laptops, downloaded and installed unauthorized remote desktop applications, and accessed the victim companies’ networks, causing damage to the computers.
The remote desktop applications enabled the North Korean IT workers to work from locations in China, while appearing to the victim companies that “Andrew M.” was working from Knoot’s residences in Nashville.
For his participation in the scheme, Knoot was paid a monthly fee for his services by a foreign-based facilitator who went by the name Yang Di.
The overseas IT workers associated with Knoot’s cell were each paid over $250,000 for their work between approximately July 2022 and August 2023, much of which was falsely reported to the Internal Revenue Service and the Social Security Administration in the name of the actual U.S. person, Andrew M., whose identity was stolen, the department explained.
Knoot and his conspirators’ actions also caused the victim companies more than $500,000 in costs associated with auditing and remediating their devices, systems, and networks.
Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division said, “This defendant facilitated a scheme to deceive U.S. companies into hiring foreign remote IT workers who were paid hundreds of thousands of dollars in income funneled to the DPRK for its weapons program.”
U.S. Attorney Henry C. Leventis for the Middle District of Tennessee highlighted that North Korea has dispatched thousands of highly skilled IT workers around the world to dupe unwitting businesses and evade international sanctions so that it can continue to fund its dangerous weapons program.
Knoot is charged with conspiracy to cause damage to protected computers, conspiracy to launder monetary instruments, conspiracy to commit wire fraud, intentional damage to protected computers, aggravated identity theft and conspiracy to cause the unlawful employment of aliens. If convicted, Knoot faces a maximum penalty of 20 years in prison, including a mandatory minimum of two years in prison on the aggravated identity theft count.
Meanwhile, it’s the second time in three months that an American has been charged with allegedly helping facilitate a wide-ranging North Korean fraud scheme. The Justice Department in May charged an Arizona woman with participating in a similar scheme that helped foreign IT workers pose as Americans and earn $6.8 million in revenue that could benefit the North Korean regime.
BY YOUNGNAM KIM [kim.youngnam@koreadaily.com]
