\n
![](\"https:\/\/fortune.com\/img-assets\/wp-content\/uploads\/2024\/08\/GettyImages-698034510-e1723302075166.jpg?w=2048\")
<\/p>\n [ad_1]
\n<\/p>\n
The Department of Justice this week announced<\/a> that it charged a Nashville man for running what it called a \u201claptop farm\u201d out of his home and being part of a vast conspiracy <\/a>that connects North Korean tech workers with jobs at large American and British companies looking for remote employees.<\/p>\n According to the FBI, the salaries paid to the IT workers\u2014who were doing real work\u2014were illegally funneled to North Korea to fund its illicit weapons programs.<\/p>\n Matthew Isaac Knoot, 38, allegedly helped<\/a> the IT workers, who were North Korean nationals living there, Russia or China, by using his residence to host numerous laptops. He is also accused of stealing the identity of a man in Georgia who authorities identified as \u201cAndrew M.\u201d Through Knoot the North Korean tech workers used Andrew M.\u2019s driver\u2019s license and identity to get well-paying contract jobs at American companies, authorities alleged.\u00a0<\/p>\n After the tech workers got the remote-work jobs, Knoot had companies ship work laptops to his address in of Nashville, Tenn., according to the DOJ. He would then log in, install remote desktop applications, and then access company networks. The remote desktop app disguised the location of the North Korean IT workers living abroad, so that it looked like they were working at Knoot\u2019s Nashville address under Andrew M. identity, authorities said. <\/p>\n Knoot would also launder the tech workers\u2019 salaries\u2014some as high as $300,000 a year, authorities said\u2014and then transfer the money to accounts associated with North Korean and Chinese nationals, according to a DOJ statement. The indictment did not name the specific companies but described them as a media company in New York City, a UK financial institution, a tech company in Portland, and a media company in McLean, Va.\u00a0<\/p>\n \u201cAs alleged, this defendant facilitated a scheme to deceive U.S. companies into hiring foreign remote IT workers who were paid hundreds of thousands of dollars in income funneled to the DPRK for its weapons program,\u201d said Assistant Attorney General Matthew Olsen of the national security division in a statement, referring to North Korea\u2019s formal name as the Democratic People\u2019s Republic of Korea. \u201cThis indictment should serve as a stark warning to U.S. businesses that employ remote IT workers of the growing threat from the DPRK and the need to be vigilant in their hiring processes.\u201d<\/p>\n For his part in the scheme that ran from July 2022 to August 2023, Knoot got paid every month by a facilitator named Yang Di, according to the indictment. Di allegedly paid Knoot a flat rate of for each laptop he hosted at his home and a percentage of the salaries. Knoot faces a maximum penalty of 20 years in prison, plus a mandatory two years for one count of aggravated identity theft.<\/p>\n The DOJ and the FBI<\/a> have been investigating laptop farms funded by North Korea for the past three years. The scheme to generate money to fund its weapons of mass destruction program generates hundreds of millions each year, authorities said. It involves the use of pseudonyms, fake emails, social media profiles, and websites to scour online job listings. A UN report<\/a> found that lower-paid workers involved in the scheme are allowed to keep 10% of their salaries, while higher-paid employees keep 30%. The UN estimated the workers generate about $250 million to $600 million per year.\u00a0<\/p>\n \u201cNorth Korea has dispatched thousands of highly skilled information technology workers around the world to dupe unwitting businesses and evade international sanctions so that it can continue to fund its dangerous weapons program,\u201d said U.S. Attorney Henry Leventis for the Middle District of Tennessee in a statement.\u00a0<\/p>\n Knoot appears to be the second U.S. citizen arrested in a laptop farming operation involving the thousands of North Korean IT workers sent around the world to raise funds for its weapons programs in recent years. In May 2024, the DOJ unsealed charges<\/a> against four people living abroad and one Arizona woman, Christina Marie Chapman, 49. <\/p>\n Chapman, who lived on the outskirts of Phoenix, allegedly ran a laptop farm that assisted North Korean IT workers who had remote jobs at more than 300 companies, authorities said. The companies included \u201cwell-known Fortune 500 companies<\/a>, U.S. banks, and other financial service providers,\u201d according to the U.S. attorney\u2019s office. Chapman\u2019s farm allegedly exploited the identities of 60 people in the U.S. used by the tech workers to disguise themselves as Americans. <\/p>\n The companies where the IT workers had jobs included a top-five TV network, a Silicon Valley tech company, aerospace manufacturer, car company, and a luxury retail store\u2014all of which are in the Fortune 500, according to court records. Those who had their identities stolen had false tax bills in their names totaling at least $6.8 million in the scheme facilitated by Chapman, said the DOJ.\u00a0\u00a0<\/p>\n\n