US Sentences Two Aiding North Korean IT Scams to 18 Months

Key facts

• Matthew Isaac Knoot sentenced to 18 months in prison.
• Erick Ntekereze Prince sentenced to 18 months in prison.
• Knoot and Prince facilitated North Korean IT worker scams.
• Schemes generated over $1.2 million in fraudulent revenue for North Korea.
• Victimized US companies spent $1.5 million on remediation.
• North Korean IT worker scams earn Pyongyang over $500 million annually.

Two Americans Implicated in Pyongyang's Digital Schemes

Two American citizens have been sentenced to 18 months in prison for their roles in facilitating a sophisticated scheme that allowed North Korean IT workers to remotely infiltrate United States companies. Matthew Isaac Knoot, of Nashville, Tennessee, and Erick Ntekereze Prince, of New York, were handed down their sentences in separate proceedings, the Department of Justice announced Wednesday. These individuals provided crucial infrastructure for the operation, essentially acting as fronts for Pyongyang's efforts to generate illicit revenue. Their involvement enabled North Korean operatives to pose as American IT professionals, gaining access to sensitive systems and siphoning funds that ultimately support the Kim regime's weapons programs. The sentences underscore the Justice Department's ongoing efforts to dismantle these elaborate cybercriminal enterprises, which have become a significant source of funding for North Korea amid international sanctions.

The Mechanics of the Digital Deception

The core of the scheme involved Knoot and Prince misrepresenting themselves or their services to US-based companies. They secured IT work contracts, then provided access to company-owned laptops within their homes or offices. These devices were equipped with remote access software, allowing North Koreans to operate from overseas while appearing to be located within the United States. This setup allowed the North Korean workers to perform IT tasks, often with malicious intent, while masking their true identity and location. The deception was designed to bypass security protocols and exploit the trust placed in legitimate IT service providers. Both men were compensated for their participation, with Knoot reportedly earning $15,100 and Prince receiving approximately $89,000. This money, however, is now subject to restitution orders.

Financial Windfall for Pyongyang, Costly Fallout for US Firms

The operation orchestrated by Knoot and Prince generated more than $1.2 million in fraudulent revenue for North Korea. This illicit income is believed to contribute to Pyongyang's development of prohibited weapons programs. Beyond the direct financial gain for the regime, the victimized US companies incurred substantial costs. The nearly 70 companies affected were forced to spend an estimated $1.5 million to conduct thorough audits and remediate their devices, systems, and networks to eradicate any traces of the North Korean intrusion. These figures highlight the dual impact of such cyberattacks: direct financial extraction for the perpetrators and significant operational and security expenses for the targets.

A Wider Pattern of North Korean Cyber Activity

Knoot and Prince are not isolated actors but are part of a larger, persistent effort by North Korea to leverage its IT workforce for financial gain. According to recent data, these fake IT worker schemes are estimated to be generating over $500 million annually for the Kim regime. This lucrative operation has expanded beyond traditional tech sectors, with North Korean operatives now targeting healthcare, finance, and professional services. These industries offer rich repositories of valuable data and financial opportunities, making them prime targets for exploitation. The Justice Department's actions serve as a warning against enabling these scams, regardless of the financial incentives offered by Pyongyang. Previous sentences, such as those handed down to Kejia Wang and Zhenxing Wang for a larger operation, demonstrate the serious legal consequences for those involved.

Supervised Release and Restitution Orders

Following their 18-month prison sentences, both Knoot and Prince will be subject to periods of supervised release. Knoot faces three years of supervised release, while Prince will be under supervision for one year. Furthermore, restitution orders have been issued, requiring Knoot to repay $15,100 and Prince to return approximately $89,000. These financial penalties aim to recover some of the losses incurred by the victimized companies and the government. The sentences and subsequent conditions are intended to deter future participation in such illicit activities and to hold accountable those who facilitate North Korea's cybercriminal enterprises.

The bottom line

• Two US citizens, Matthew Knoot and Erick Prince, received 18-month prison sentences for aiding North Korean IT scams.
• The schemes generated over $1.2 million for North Korea, with victims spending $1.5 million on remediation.
• North Korean IT worker schemes are estimated to earn Pyongyang over $500 million annually.
• These operations have expanded to target sectors including healthcare, finance, and professional services.
• Both individuals will also serve periods of supervised release and must pay restitution.