American arrested for allegedly outsourcing IT jobs to North Korea
TENNESSEE, UNITED STATES — The Federal Bureau of Investigation (FBI) recently arrested Matthew Isaac Knoot, a 38-year-old Tennessee resident, for allegedly orchestrating a complex scheme that involved outsourcing IT jobs to North Korean workers.
The operation reportedly funneled funds to support Pyongyang’s weapons programs.
Uncovering the “laptop farm” scheme
According to U.S. prosecutors, Knoot deceived multiple American and British companies by applying for remote technology positions under the stolen identity of a U.S. citizen, Andrew M.
Once hired, he allegedly set up a “laptop farm” in the United States, allowing North Korean workers to access the machines remotely and complete the tasks assigned to them. This setup enabled the North Koreans to bypass geographical restrictions and conceal their true location from employers.
The scheme, which ran from July 2022 to August 2023, reportedly generated over $250,000 per outsourced job. The funds were allegedly channeled through North Korean and Chinese accounts to the North Korean government, contributing to its weapons development initiatives.
Financial and legal repercussions
The Justice Department highlighted the broader implications of such operations, noting that North Korea’s industrial-scale use of laptop farming generates significant revenue annually, aiding its pursuit of weapons of mass destruction.
Knoot’s activities, alongside those of an accomplice named Yang Di, reportedly cost the defrauded companies an additional half a million dollars in cleanup efforts.
Knoot faces multiple charges, including conspiracy to employ foreigners and aggravated identity theft unlawfully. If convicted, he could face up to 20 years in prison, with a minimum sentence of two years for identity theft.
Government response and industry impact
Assistant Attorney General Matthew Olsen emphasized the severity of the situation, stating, “As alleged, this defendant facilitated a scheme to deceive US companies into hiring foreign remote IT workers who were paid hundreds of thousands of dollars in income funneled to the Democratic People’s Republic of Korea for its weapons program.”
He urged American businesses to remain vigilant in their hiring processes to combat the growing threat from North Korea.
Just last month, security awareness training company KnowBe4 revealed that they had unknowingly hired a North Korean hacker who attempted to load malware into the company’s network immediately upon receiving their work-issued laptop.
The FBI’s efforts to dismantle such operations have been ongoing. In a related case, an Arizona woman and her Ukrainian accomplice were apprehended in May for allegedly infiltrating over 300 companies to secure jobs for North Koreans, generating $6.8 million.
The case against Knoot underscores the need for heightened scrutiny of remote hiring practices as the U.S. continues to address the challenges posed by North Korea’s illicit activities.
