Two Americans Sentenced for Running Laptop Farms for North Korea: A Q&A Breakdown

In a case highlighting sophisticated sanctions evasion, two U.S. nationals received 18-month prison sentences for operating so-called laptop farms that enabled North Korean IT workers to secure remote jobs at nearly 70 American companies. Below, we answer key questions about this scheme, its impact, and its implications for national security.

What were the two U.S. nationals sentenced for?

The two individuals were convicted of conspiracy and other charges related to sanctions evasion. They admitted to running a network of laptop computers—popularly called a laptop farm—that masked the true identity and location of North Korean IT professionals. By providing the workers with American- or foreign-based laptops and logistical support, the defendants helped them pose as non-North Korean freelancers, allowing them to bypass U.S. sanctions and work for numerous U.S. companies illegally.

What exactly are "laptop farms" in this context?

A laptop farm is a physical setup where multiple laptops are operated from a single location—often a rented house or office—to create the illusion that remote workers are based in an allowed country. In this case, the defendants maintained such farms in various U.S. states and possibly overseas. The farms provided the appearance of legitimate American or third-country employees, while the actual North Korean workers logged in from abroad using virtual private networks (VPNs) and other tools to hide their internet footprints.

How did the laptop farm scheme help North Korean IT workers?

North Korea is heavily sanctioned, and its citizens cannot legally work for U.S. firms or receive payments directly. The laptop farms allowed Pyongyang-based IT staff to access American corporate networks as if they were local hires. The scheme typically involved:

• Creating fake identities with U.S. or allied‑country backgrounds.
• Supplying pre-configured laptops with VPN access and communication tools.
• Managing the logistics of payment routing through shell accounts to avoid detection.
• Providing ongoing technical support to keep the deception operational.

This enabled North Korean workers to earn salaries that were funneled back to the regime, funding weapons programs.

How many American companies were defrauded, and what was the impact?

Nearly 70 American companies were affected. Victims ranged from startups to established tech firms, unaware they were employing individuals linked to a hostile foreign government. The impact included financial losses (wages paid to these workers), legal liability for unknowingly violating sanctions, and reputational damage. Moreover, the scheme exposed sensitive corporate data and networks to North Korean state actors, raising national security concerns about industrial espionage and cyber theft.

What sentence did the individuals receive, and why?

Each defendant was sentenced to 18 months in federal prison. The judge cited the seriousness of willfully evading sanctions and the large scale of the fraud—nearly 70 victim companies. While the defendants cooperated and pleaded guilty, their actions directly supported a regime that devotes resources to missile and nuclear programs. The sentences aim to deter similar schemes and send a message that facilitating North Korea’s economic activities via remote‑work fraud will be met with significant prison time.

What does this case reveal about North Korea's efforts to bypass sanctions?

This case demonstrates North Korea’s growing reliance on illicit remote work to generate hard currency. The country has long used IT workers abroad, but the pandemic and tighter border controls accelerated the “laptop farm” model. By exploiting remote‑work trends, Pyongyang can deploy hundreds of skilled programmers without physically moving them. This tactic is part of a broader pattern: North Korea also uses cryptocurrency theft, cyberattacks, and front companies to obtain funds. The verdict underscores the need for companies to strengthen identity verification and background checks, especially for fully remote roles with access to sensitive data.