Two Americans are headed to prison for helping North Korean hackers compromise US corporate networks. The US Department of Justice (DoJ) has announced that the accused, Matthew Isaac Knoot from Nashville and Erick Ntekereze Prince from New York, both got 18-month sentences for their involvement in the scam. The sentencing marks a major step in stopping foreign scammers from using ordinary business systems to fund their operations.
The duo collectively ran a laptop farm, keeping company-issued computers at their homes so overseas workers could appear to be operating from within the US. While the companies thought they were hiring locals, the workers were actually sending money back to the North Korean government, and the two men facilitated this deception.
How the Fraud Worked
According to the DoJ’s press release, the whole saga began with hackers using stolen identities to get remote IT jobs. When a company hired one of these workers, they sent a work laptop to the address on the application, which landed at the homes of Knoot and Prince. Afterward, the men installed remote desktop applications to let someone control a computer from afar, in this case, from another country.
Using this software, North Korean workers logged in from overseas, but their employer thought they were working from Nashville or New York. One worker even used the stolen name Andrew M. while Knoot looked after the hardware. Reportedly, Prince used his business, Taggcar Inc., to help find these jobs.
Now the duo is paying the price for these wrongdoings. US Attorney Jason A. Reding Quiñones noted that these were not just small mistakes but “deliberate acts that exposed US businesses, compromised trust, and supported one of the world’s most dangerous adversaries.”
A Costly Criminal Network
The operation was huge, targeting at least 70 companies with over $1.2 million made through the scheme, most of which went to North Korea, a country that’s facing strict sanctions.
The scheme went on for years. Knoot’s farm was active from July 2022 to August 2023, when the FBI raided his house, whereas Prince’s farm lasted even longer- from June 2020 to August 2024. Some other suspects linked to this scheme have also been identified, including Emanuel Ashtor, Pedro Ernesto Alonso de los Reyes, and two North Koreans named Jin Sung-il and Pak Jin-Song. They are currently on the run.
Both men have been ordered to give back the money they were paid by the hackers for running the laptop farm. Prince will give up $89,000 (the total he received for hosting the equipment and helping the workers get hired), and Knoot will pay $15,100 back to the victim companies. This crackdown is part of a project called the DPRK RevGen: Domestic Enabler Initiative. It focuses on catching people inside the US who help foreign threat actors.
(Photo by Towfiqu Barbhuiya on Unsplash)
