(NatanaelGinting via Getty)
Federal investigators arrested a 38-year-old man in Nashville, Tennessee, for allegedly helping North Koreans fool US companies into thinking they were legitimate remote IT workers.
The Justice Department charged Matthew Isaac Knoot with conspiracy for helping the North Koreans receive “hundreds of thousands of dollars in income” through the remote jobs.
Despite residing thousands of miles away, the North Koreans were able to dupe media, technology, and finance companies based in the US and UK by using the real-life identity of an American referred to as “Andrew M.” They had Knoot—a US citizen—accept laptops the companies sent to new hires they believed to be legitimate IT workers. Knoot logged into the laptops and downloaded and installed remote desktop applications, paving a way for the North Koreans to access the computers remotely.
"The remote desktop applications enabled the North Korean IT workers to work from locations in China, while appearing to the victim companies that ‘Andrew M.’ was working from Knoot’s residences in Nashville,” the Justice Department said.
In return, Knoot agreed to a monthly fee of $500 per laptop during the scheme, which lasted from July 2022 to August 2023. But according to a court document, he only earned $15,100, or what federal agents say was “substantially less” than he agreed to.
It's not clear how federal agents uncovered the conspiracy. But by August 2023, investigators had issued a search warrant for Knoot’s so-called “laptop farm.”
“The overseas IT workers associated with Knoot’s cell were each paid over $250,000 for their work between approximately July 2022 and August 2023,” the Justice Department added.
The same scheme could have also given the North Koreans access to the company employees, giving them an easy way to conduct cyberespionage or hacks. The Justice Department notes the victim companies had to spend "more than $500,000 in costs associated with auditing and remediating their devices, systems, and networks."
The arrest occurs as federal prosecutors warn that North Korea has “dispatched thousands of highly skilled information technology,” mainly to Russia and China, to dupe businesses into giving them remote jobs. This recently included security training company KnowBe4 mistakenly hiring a software engineer who turned out to be a North Korean in disguise.
In Thursday’s announcement, Assistant Attorney General Matthew Olsen said: “This indictment should serve as a stark warning to US businesses that employ remote IT workers of the growing threat from the DPRK (Democratic People's Republic of Korea) and the need to be vigilant in their hiring processes.”
Knoot now faces up to 20 years in prison if convicted of the charges, which include aggravated identity theft and conspiracy to commit wire fraud and cause damage to protected computers.
In May, the US also arrested a 49-year-old woman in Arizona for aiding North Koreans in a similar remote worker scheme.