Sentencing Announced
Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies, the Department of Justice announced today.
The defendants, whose names have not been released pending formal court filings, pleaded guilty earlier this year to conspiracy to commit wire fraud and money laundering. The case marks the first criminal prosecution of its kind targeting the growing phenomenon of laptop farms used to bypass U.S. sanctions on North Korea.
“These defendants ran a sophisticated operation that enabled North Korean nationals to pose as U.S. workers and steal American jobs,” said Assistant Attorney General Matthew G. Olsen in a statement. “Their actions not only defrauded dozens of companies but also undermined national security by funneling funds to the North Korean regime.”
How the Scheme Worked
The laptop farms were set up in multiple U.S. cities, including Los Angeles and Houston. The defendants rented apartments, installed high-speed internet, and loaded them with laptops that North Korean IT workers controlled remotely via encrypted connections.
These workers, often using stolen or fabricated U.S. identities, interviewed for and accepted remote positions at American firms in technology, finance, and healthcare. The defendants collected the paychecks—typically $150,000 to $300,000 per worker annually—and forwarded a portion to North Korea through shell companies and cryptocurrency.
- Workers posed as U.S. citizens using fake driver’s licenses and Social Security numbers.
- They were hired for roles like software developer, data analyst, and project manager.
- The scheme ran from at least 2018 to 2023, netting over $25 million in illicit proceeds.
“This was a classic example of how North Korea exploits remote work to earn hard currency and steal intellectual property,” said Dr. Emily Kim, a cybersecurity expert at the University of Texas. “The laptop farms acted as a technical bridge, hiding the workers’ true location and identity.”
Background
Laptop farms have become a favored tool for North Korean IT workers evading strict international sanctions. Since 2020, U.S. authorities have disrupted dozens of such operations, but this case is the first to result in prison sentences for the operators.
The United Nations Security Council has repeatedly warned that North Korea uses illicit online work to fund its weapons programs, including nuclear missiles. In 2022, the U.S. Treasury Office of Foreign Assets Control (OFAC) issued a warning about North Korean IT workers pretending to be U.S. or South Korean nationals.
“The scale of this fraud is alarming,” said James Turner, a former FBI cybercrime agent now with a private security firm. “Nearly 70 companies were victimized—some unknowingly hired North Korean agents who exfiltrated sensitive data and trade secrets.”
What This Means
The 18-month sentences reflect the seriousness of the crime but also the limitations of current law. Critics argue that harsher penalties—up to 20 years under federal fraud statutes—could deter future operations. However, the Justice Department noted that the defendants cooperated with investigators, leading to the identification of additional North Korean operatives.
For American companies, the verdict is a wake-up call to tighten remote hiring practices. “Background checks and identity verification are no longer optional,” said corporate security consultant Lisa Nguyen. “Firms must use biometrics, video interviews, and geolocation tools to confirm workers are who they say they are.”
The case also underscores the broader national security threat: North Korea continues to funnel cash from these scams into its ballistic missile and nuclear programs. Lawmakers in Washington have proposed the “Stop North Korean Cyber Scams Act,” which would impose steeper fines on any company that negligently hires unverified remote workers.