The Justice Department announced on May 6 the sentencing of two U.S. nationals, Matthew Issac Knoot of Nashville, Tennessee, and Erick Ntekereze Prince of New York, for facilitating Democratic People’s Republic of Korea (DPRK) remote information technology workers. Both Knoot and Prince received sentences of 18 months in prison for their involvement in schemes that generated over $1.2 million in revenue for the DPRK and affected nearly 70 victim companies across the United States.
These cases highlight concerns about national security threats entering through ordinary business systems. The defendants enabled North Korean IT workers to pose as legitimate employees at American companies by hosting company-provided laptops at their residences and installing remote desktop applications that allowed overseas access.
“These sentences hold accountable U.S nationals who enabled North Korea’s illicit efforts to infiltrate U.S. networks and profit on the back of U.S. companies,” said Assistant Attorney General for National Security John A. Eisenberg. “These defendants helped North Korean ‘IT workers’ masquerade as legitimate employees, compromising U.S. corporate networks and helping generate revenue for a heavily sanctioned and rogue regime. The National Security Division will continue to pursue those who, through deception and cyber-enabled fraud, threaten our national security.”
“This scheme shows how national security threats now enter through ordinary business systems,” said Jason A. Reding Quiñones, U.S. Attorney for the Southern District of Florida. “These defendants helped North Korean IT workers pose as legitimate employees, gain access to American companies, and generate money for a sanctioned regime... These were deliberate acts that exposed U.S. businesses, compromised trust, and supported one of the world’s most dangerous adversaries.” Braden H. Boucek, U.S Attorney for the Middle District of Tennessee said: “This case demonstrates our coordinated effort with federal law enforcement to protect businesses in Tennessee and across the country.” Brett Leatherman from the FBI’s Cyber Division added: “Hosting laptops for DPRK IT workers is a federal crime which directly impacts our national security...”
Prince was ordered by Judge Darrin P. Gayles in Florida to serve three years supervised release after his prison term and to forfeit $89,000 he received from DPRK IT workers; Knoot was ordered by Judge Eli Richardson in Tennessee to pay $15,100 restitution plus forfeiture matching payments he received from co-conspirators.
According to court documents cited by prosecutors in both districts—supported by investigations led by FBI field offices—the schemes involved use of stolen identities or aliases so that DPRK IT personnel could appear as domestic hires while working remotely abroad; much of their compensation was routed overseas or reported under false pretenses.
As described on its official website, the Office of the U.S Attorney for the Southern District of Florida prosecutes federal crimes including those impacting national security within an area spanning about 15,197 square miles serving more than seven million people across nine counties.
The Department has previously taken actions against similar DPRK-related cyber-enabled frauds as part of its ongoing RevGen: Domestic Enabler Initiative targeting illicit revenue generation schemes involving foreign actors.
