Category Archives: Cyber War

Russian Nationals, Cyber Scheme Infected Thousands of Computers

Posted on by

Charges Announced in Malware Conspiracy

Indictment

The case appears to have begun in 2011. The DOJ has connected Yakubets and Turashev to cyberattacks as recently as March of this year, according to the indictment. As a part of its investigation, the U.S. in 2010 transmitted a mutual legal assistance treaty request to Russia, and according to Bowdich, the Russian government was “helpful to a point.” Once the hackers were in possession of the bank credentials, they would use “money mules” to funnel the funds into foreign bank accounts. In one case, an employee of a Pennsylvania school district clicked on a graphic in a phishing email sent by Yakubets and Turashev, and the two later attempted to transfer nearly $1 million from the district’s bank account to a bank in Ukraine. The malware was deployed by Yakubets and Turashev infected tens of thousands of computers across North America and Europe, including two banks, a school district, four Pennsylvania companies and a North Carolina firearm manufacturer.

Two Russian Nationals Engaged in Cybercrime Scheme That Infected Tens of Thousands of Computers

The U.S. Department of Justice today joined with the U.S. Department of State and the United Kingdom’s National Crime Agency in charging two Russian nationals with a vast and long-running cybercrime spree that stole from thousands of individuals and organizations in the United States and abroad.

Along with several co-conspirators, Maksim V. Yakubets and Igor Turashev are charged with an effort that infected tens of thousands of computers with a malicious code called Bugat. Once installed, the computer code, also known as Dridex or Cridex, allowed the criminals to steal banking credentials and funnel money directly out of victims’ accounts. The long-running scheme involved a number of different code variants, and later version also installed ransomware on victim computers. The criminals then demanded payment in cryptocurrency for returning vital data or restoring access to critical systems.

Dridex is typically spread through phishing emails. In its early phases, these messages were sent in massive, widespread campaigns. More recent attacks have been more strategic—specifically targeting businesses and organizations that have valuable computer systems and access to significant financial resources. The malware is usually delivered through a link or attachment that appears to come from a trusted source.

“Although their realm is a digital one, this is one of the world’s largest organized crime groups,” said FBI Supervisory Special Agent Adam Lawson of the Major Cyber Crimes Unit. “They are personally getting rich, and new organizations and individuals are being victimized every day.”

Turashev and Yakubets were both indicted in the Western District of Pennsylvania on conspiracy to commit fraud, wire fraud, and bank fraud, among other charges. Yakubets was also tied to charges of conspiracy to commit bank fraud issued in the District of Nebraska after investigators were able to connect him to the indicted moniker “aqua” from that case, which involved another malware variant known as Zeus.

Assisted in some cases by money mules who funneled the stolen funds through U.S. bank accounts before shipping the money overseas, the group stole or extorted tens of millions of dollars from victims. Among those affected was a Pennsylvania school district that saw $999,000 wired out of its accounts and an oil company that lost more than $2 million.

The FBI, in partnership with the State Department’s Transnational Organized Crime Rewards Program, also announced a reward of up to $5 million for information leading to the arrest of Yakubets, who is alleged to be the leader of the scheme. The reward is the largest ever offered for a cyber criminal.

“The actions highlighted today, which represent a continuing trend of cyber-criminal activity emanating from Russian actors, were particularly damaging as they targeted U.S. entities across all sectors and walks of life,” said FBI Deputy Director David Bowdich. “The FBI, with the assistance of private industry and our international and U.S. government partners, is sending a strong message that we will work together to investigate and hold all criminals accountable.”

According to the charges, the co-conspirators distributed the malware through email phishing campaigns. In the early years, these messages were sent in massive, widespread campaigns. More recent attacks have been more strategic—specifically targeting businesses and organizations that have valuable computer systems and access to significant financial resources.

Victims were tricked into opening a document or clicking on a graphic or link that appeared to be from a legitimate source. The link or attachment downloaded the malicious code onto the user’s machine, where it could also spread to any networked computers.

According to FBI Supervisory Special Agent Steven Lampo, this campaign deployed a stealth type of malware designed to avoid detection by antivirus software. “The full program does too much and is too big to avoid detection,” Lampo said. The smaller piece of code, however, can inject itself into the running processes of the machine—beginning a process that allows the full suite of malware to load onto the machine or network. The malware’s creators were constantly creating new variants of the code to avoid antivirus tools.

Thousand Talents = J Visa = Espionage = Stupid

Posted on by

It was just this morning that I sent a text to a former CIA operative asking if he was comfortable with the FBI being the lone government agency tracking foreign spies operating in the United States. His reply was NO. Sigh…My gut was telling me that espionage in the United States is out of control and while performing some research for about an hour, it IS out of control. Understand foreign operatives come from several countries into the United States using several visa methods and for the sake of this article, the concentration will be on China. It is a sure bet however, the same techniques are used by other rogue countries that just are for sure either best described as adversaries or enemies of our homeland.

So, back to the question of the FBI being the lone tracking government agency. One of the first Reuters articles had this headline: FBI wishes it had acted quicker as China stole intellectual property

The admission by John Brown, assistant director of the Counterintelligence Division at the FBI, backed up a Senate subcommittee report that found federal agencies had responded too slowly as China recruited the researchers, leaving U.S. taxpayers unwittingly funding the rise of China’s economy and military. Despite China’s announcement in 2008 of the Thousand Talents Plan – for which China had originally hoped to recruit 2,000 people but ended up recruiting more than 7,000 by 2017 – the FBI did not respond strongly until last year, the report released on Monday by the Senate’s Permanent Subcommittee on Investigations found. 

Just a few days before that Reuters’ article there was this headline: U.S. charges Chinese national with stealing trade secrets

Haitao Xiang, 42, an employee of Monsanto and its Climate Corp subsidiary from 2008 to 2017, was stopped by federal officials at a U.S. airport before he could board a flight to China carrying proprietary farming software, the department said in a statement.

“The indictment alleges another example of the Chinese government using Talent Plans to encourage employees to steal intellectual property from their U.S. employers,” Assistant Attorney General John Demers said.

Notice 9 years of employment above. Sigh. Read on, there is more.

US prosecutors have accused a tour guide of picking up US security secrets and delivering them cloak-and-dagger-style to Beijing. From October 2015 to July 2018, an FBI double agent conducted “dead drops,” in which, authorities say, Peng fetched information in the San Francisco Bay Area and Columbus, Georgia. Authorities say the double agent, identified only as “the Source,” went to the FBI in 2015, after the State Security Ministry tried to recruit him as a spy by telling him that he could rely on “Ed,” who had family and business dealings in China. As officials grapple with the threat of infiltrators trying to steal information from US companies, prosecutors have opened multiple cases against people suspected of spying for China. Last October, prosecutors charged a spy with attempting to steal trade secrets from several US aviation and aerospace companies.

Just last week in the Senate, the Homeland Security Committee Chairman, Portman held a hearing. Finding a summary from the hearing on the FBI website was the following:

Time and time again, the Communist government of China has proven that it will use any means necessary to advance its interests at the expense of others, including the United States, and pursue its long-term goal of being the world’s superpower by 2049. Among its many ways of collecting information, prioritized in national strategies such as the Five-Year Plan, the Chinese government oversees expert recruitment programs known as talent plans. Through these programs, the Chinese government offers lucrative financial and research benefits to recruit individuals working and studying outside of China who possess access to, or expertise in, high-priority research fields. These talent recruitment programs include not only the well-known Thousand Talents Plan but also more than 200 similar programs, all of which are overseen by the Chinese government and designed to support its goals, sometimes at U.S. taxpayers’ expense. Read on here.

Senate report accuses China of technology theft | NHK ...

200 similar programs? WHAT?

The Thousand Talents program is nothing more than a espionage recruiting operation. This past September, the FBI arrested Zhongsan Liu who was operating a front operation in New Jersey called the China Association for International Exchange of Personnel. According to the criminal complaint, Liu beginning in 2017 used the company to fraudulently procure U.S. visas for for many Chinese officials under J-1 research. Liu has actually led this front group however for 26 years. The program among others were created and directed by the Chinese government’s State Administration of Foreign Expert Affairs. Liu is a senior official of that agency. He also worked at the Chinese embassy in Washington and at the consulate in New York while this recruiting operation was going on.

“Chinese government sources claim over 44,000 highly skilled Chinese personnel have returned to China since 2009 through talent plans,” the report said. “As noted by China Daily, which is owned by the Chinese Communist Party: ‘China has more than 300 entrepreneurial parks for students returned from overseas. More than 24,500 enterprises have been set up in the parks by over 67,000 overseas returnees.'”

According to the Pentagon’s latest annual report on the Chinese military, the Thousand Talents Plan is used to bolster the People’s Liberation Army military buildup.

“China uses various incentive strategies to attract foreign personnel to work on and manage strategic programs and fill technical knowledge gaps, including the ‘Thousand Talents Program,’ which prioritizes recruiting people of Chinese descent or recent Chinese emigrants whose recruitment the Chinese government views as necessary to Chinese scientific and technical modernization, especially with regard to defense technology,” the report said.

The program of China’s Thousand Talents is really an unadvertised method to facilitate the legal and illicit transfer of U.S. technology, intellectual property and know-how as summarized by the National Intelligence Council.The NIC is a midterm and long term strategic thinking center formed in 1979. That report is found here. It is dated 2018 and titled: How China’s Economic Aggression Threatens the Technologies and Intellectual Property of the United States and the World

Do we really want a trade deal after all this with China? It can be argued that the trade has already taken place by China’s theft. This all complicates the bi-lateral signing of a trade deal between the United States and China or does it in the end?

Basic qualifications for the Thousand Talents program include the following:

1. Basic Qualifications for Candidates

The Recruitment Program for Innovative Talents (Long Term) targets people under 55 years of age who are willing to work in China on a full-time basis, with full professorships or the equivalent in prestigious foreign universities and R&D institutes, or with senior titles from well-known international companies or financial institutions.

2. Preferential Policies and Treatments

Awardees will be conferred the title of “National Distinguished Experts” and be provided with enabling working and living conditions.

(1) Enabling working conditions

Awardees are entitled to assume some leadership, professional or technical positions in universities, R&D institutes, central SOEs as well as state-owned commercial and financial institutions; to serve as project principals of the National Key Scientific and Technological Projects, “863 Program”(or the National High-tech R&D Program), “973 Program”(or the National Program on Key Basic Research Project), the National Nature Science Fund Projects; to apply for S&T funds and industrial development funds from government to support scientific research as well as production and operating activities in China; to participate in the consultation and demonstration of China’s major projects, the formulation of key scientific research plans and national standards, the construction of major projects, etc; to determine the expenditure and employment within the prescribed scope of responsibilities as project principals; to be engaged in various domestic academic organizations and the election of academicians of the Chinese Academy of Sciences and the Chinese Academy of Engineering(foreign academicians) and become the candidates of a wide range of government rewards.

(2) Special living benefits

Awardees as well as their spouses and minor children with alien nationality may apply for “Permanent Residence for Aliens” and/or multiple entry visas, the validity of which lasts 2-5 years. Awardees with Chinese citizenship will be free to settle down in any city of their choice and will not be restricted by his or her original residence registry. Each awardee shall receive a one-off, start-up package of RMB 1 million yuan from the nation’s central budget; be entitled to medical care, social insurance including pensions, medical insurance and work-related injury insurance; and may purchase one residential apartment for personal use. The housing and meal allowance, removing indemnity, home-leave-subsidy, and children-education-allowance in the wage income in Chinese territory within 5 years shall be deducted before taxes in accordance with relevant laws and regulations. Employers have to offer job opportunities to spouses, and children will have guaranteed admission to schools. The income level should be decided on their previous jobs overseas through negotiation with due living allowances.

(3) Key points of the Recruitment Program of Global Experts in the Field of Liberal Arts and Social Science

By the end of 2010, overseas high-level scholars in fields of liberal arts and social sciences, particularly urgently needed professionals specialized in Intellectual Property Law, Environment and Resources Protection Law, International Law, Diplomacy, Psychology etc. are eligible to apply for the Key National Innovative Projects. People who are introduced by this program shall support the Communist Party of China and the socialist system, maintaining compliance with the Constitution, laws, regulations and policies of the People’s Republic of China, with full professorships or the equivalent in prestigious foreign universities, R&D institutes and other institutions of art and culture, enjoying a high global reputation and being influential in their academic fields which are urgently needed in China; they shall be within 60 years of age, andd willing to work in China on a full-time basis.

With regard to application procedures, the “Liberal Arts and Social Sciences” plan is a subdivision of “The Recruitment Program for Key Disciplines”. Overseas talents are required to sign an employment contract or a letter of intention for talent recruitment with employers before applying for the Program. Please refer to the application procedures of “The Recruitment Program for Innovative Talents (Long Term)”.

 

 

 

Trump Should Eliminate 2 Agencies

Posted on by

Formed in 1947, The National Security Council  is the President’s in house forum for national security and foreign policy matters. The President also has the ‘President’s Intelligence Advisory Board which is to assess intelligence collection and activities. The operating budget is unknown but it is estimated to be in the range of $18 billion.

The 1947 National Security Act established the NSC in order to “advise the President with respect to the integration of domestic, foreign, and military policies relating to the national security so as to enable the military services and the other departments and agencies of the government to cooperate more effectively in matters involving the national security.” Presidents have latitude to structure and use the NSC as they see fit. In practice, the NSC staff’s activities now extend somewhat beyond providing policy advice. First, as one former NSC official notes, “White House involvement is often needed for precise execution of policy, especially when secrecy is required to perform delicate tasks.” Second, the rise in strategic importance of transnational threats such as terrorism and narco-trafficking, along with post-Cold War military campaigns in the Balkans, Iraq and Afghanistan, have increasingly necessitated “whole of government” responses that leverage diplomatic, military, and development tools from a variety of different U.S. government agencies. The NSC often coordinates such responses, and as the international security environment has become more complex, whole-of-government responses to individual crises have become more frequent, translating into even greater NSC involvement. This is leading many scholars and practitioners to question the appropriate size, scope and role for the NSC.

Much has changed since 1947 especially under the GW Bush administration and then later under the Obama administration where the size of the NSC grew dramatically with approved appropriations from Congress. The NSC appears to have an estimated 400-500 people assigned. With this size of agency heads on the Council, staffers, lawyers and rotations, how can there be any real control? Are there misguided agendas inside the Council? For sure. What about leaks? Oh yes. At least 3 people assigned to the NSC have been fingered as leakers or whistle-blowers since Trump became President. An estimated 80% of the NSC staff comes from the CIA, the State Department and the Pentagon.

Image result for national security council

There are competing agencies inside the Federal government, think tanks, non-government agencies and the entire diplomatic wing as well as the agencies operating under what is commonly referred to as the IC= intelligence community. This agency is simply redundant and has overlapping policies.

Speaking of redundant, the next agency that should be eliminated is the DNI, know as the Director of National Intelligence, created in 2004. It is currently headed by Joseph Maguire. It oversees 16 other intelligence agencies, advises the President and produces the PDB, the Presidential Daily Briefing which is also shared with several other officials that are cleared to receive it. DNI was recommended by the 9/11 Commission report due to intelligence failures leading up to the attack on the United States. The annual budget for DNI is estimated to be in the range of $90 billion and there are over 2000 employees. There are 6 centers and 15 offices where the NIP, National Intelligence Program resides.

Image result for odni

There are four directorates, each led by a deputy director of national intelligence:

Enterprise Capacity Directorate
Mission Integration Directorate
National Intelligence Council
National Security Partnerships Directorate
Strategy & Engagement Directorate
Intelligence Advanced Research Projects Activity

There are four mission centers, each led by a director of that center:

Cyber Threat Intelligence Integration Center
National Counterproliferation Center
National Counterterrorism Center
National Counterintelligence and Security Center

There are also four oversight offices:

Office of Civil Liberties, Privacy and Transparency
Office of Equal Employment Opportunity & Diversity
Office of the Intelligence Community Inspector General
Office of General Counsel

For sure many things have changed with regard to national security and foreign relations since 1947 but it can be argued that confusion ensues with all the competing departments. There is the matter of the ongoing Overseas Contingency Operation, Cyber wars and now the military frontier of Space.

Image result for defense intelligence agency

So the solution is to eliminate these two agencies and concentrate the work on the DIA, Defense Intelligence Agency. The DIA is in fact an intersection of the Department of Defense, the Intelligence Community, mobilized warfighters, policy-makers and force-planners including weapons systems acquisitions. DIA also covers, history, doctrine, economics, chemistry, asymetrical capabilities, cyber and political science.

Do you see the need for streamlining, control, management, and eliminating competing challenges? Perhaps this is but one solution to stopping leaks, draining more of the swamp, achieving concise intelligence and policy.

 

Trump’s Reelection Operation Targeted by Cyber Attacks

Posted on by

Hey Hillary it is not Russia, but they are out there for sure. This time most notable attributions are pointing to Iran.

When the Pentagon recently awarded Microsoft a $10 billion contract to transform and host the US military’s cloud computing systems, the mountain of money came with an implicit challenge: Can Microsoft keep the Pentagon’s systems secure against some of the most well-resourced, persistent, and sophisticated hackers on earth?

“They’re under assault every hour of the day,” says James Lewis, vice president at the Center for Strategic and International Studies. 

Microsoft’s latest win over cloud rival Amazon for the ultra-lucrative military contact means that an intelligence-gathering apparatus among the most important in the world is based in the woods outside Seattle. These kinds of national security responsibilities once sat almost exclusively in Washington, DC. Now in this corner of Washington state, dozens of engineers and intelligence analysts are dedicated to watching and stopping the government-sponsored hackers proliferating around the world.

Members of the so-called MSTIC (Microsoft Threat Intelligence Center) team are threat-focused: one group is responsible for Russian hackers code-named Strontium, another watches North Korean hackers code-named Zinc, and yet another tracks Iranian hackers code-named Holmium. MSTIC tracks over 70 code-named government-sponsored threat groups and many more that are unnamed.

El acuerdo del Pentágono con Microsoft conlleva un centro ...

What are the superpowers of Microsoft?

“Microsoft sees stuff that just nobody else does,” says Williams, who founded the cybersecurity firm Rendition Infosec. “We routinely find stuff, for instance, like flags for malicious IPs in Office 365 that Microsoft flags, but we don’t see it anywhere else for months.”

Connect the dots

Cyber threat intelligence is the discipline of tracking adversaries, following bread crumbs, and producing intelligence you can use to help your team and make the other side’s life harder. To achieve that, the five-year-old MSTIC team includes former spies and government intelligence operators whose experience at places like Fort Meade, home to the National Security Agency and US Cyber Command, translates immediately to their roles at Microsoft. 

MSTIC names dozens of threats, but the geopolitics are complicated: China and the United States, two of the most significant players in cyberspace and the two biggest economies on earth, are virtually never called out the way countries like Iran, Russia, and North Korea frequently are. 

“Our team uses the data, connects the dots, tells the story, tracks the actor and their behaviors,” says Jeremy Dallman, a director of strategic programs and partnerships at MSTIC. “They’re hunting the actors—where they’re moving, what they’re planning next, who they are targeting—and getting ahead of that.”

Microsoft, like other tech giants including Google and Facebook, regularly notifies people targeted by government hackers, which gives the targets the chance to defend themselves. In the last year, MSTIC has notified around 10,000 Microsoft customers that they’re being targeted by government hackers. 

New targets

Beginning in August, MSTIC spotted what’s known as a password spraying campaign. Hackers took around 2,700 educated guesses at passwords for accounts associated with an American presidential campaign, government officials, journalists, and high-profile Iranians living outside Iran. Four accounts were compromised in this attack.

“Once we understand their infrastructure—we have an IP address we know is theirs that they use for malicious purposes—we can start looking at DNS records, domains created, platform traffic,” Dallman says. “When they turn around and start using that infrastructure in this kind of attack, we see it because we’re already tracking that as a known indicator of that actor’s behavior.” 

After doing considerable reconnaissance work, Phosphorus tried to exploit the account recovery process by using targets’ real phone numbers. MSTIC has spotted Phosphorus and other government-sponsored hackers, including Russia’s Fancy Bear, repeatedly using that tactic to try to phish two-factor authentication codes for high-value targets.

What raised Microsoft’s alarm above normal on this occasion was that Phosphorus varied its standard operating procedure of going after NGOs and sanctions organizations. The cross-hairs shifted, the tactics changed, and the scope grew.

Microsoft’s sleuthing ultimately pointed the finger at Iranian hackers for targeting presidential campaigns including, Reuters reported, Donald Trump’s 2020 reelection operation.

One consequence of the 2016 US election is a rise in the sheer number of players fighting to hack political parties, campaigns, and think tanks, not to mention government itself. Election-related hacking has typically been the province of the “big four”—Russia, China, Iran, and North Korea. But it’s spreading to other countries, although the Microsoft researchers declined to specify what they’ve seen.

“What is different is that you’re getting additional countries joining the fray that weren’t necessarily there before,” says Jason Norton, a principal project manager on MSTIC. “The big two [Russia and China]—now, we can say they’ve been historically going after this since well before the 2016 election. But now you’re getting to see additional countries do that—poking and prodding the soft underbelly in order to know the right pieces to have an influence or impact in the future.” 

“The field is getting crowded,” Dallman agrees. “Actors are learning from each other. As they learn tactics from the more prominent names, they turn that around and use them.” 

The upcoming election is different, too, in that no one is surprised to see this malicious activity. Leading into 2016, Russian cyber activity was greeted with a collective dumbfounded naïveté, contributing to paralysis and an unsure response. Not this time.

You saw them in 2016, you saw what they did in Germany, you saw them in the French elections—all following the same MO. The 2018 midterms, too—to a lesser degree, but we still saw some of the same MO, the same actors, the same timing, the same techniques. Now we know, going into 2020, that this is the MO we’re looking for. And now we’ve started to see other countries come out and start doing other tactics.”

In 2016, it was CrowdStrike that first investigated and pointed the finger at Russian activity aiming to interfere with the American election. The US law enforcement and intelligence community later confirmed the company’s findings and eventually, after Robert Mueller’s investigation, indicted Russian hackers and detailed Moscow’s campaign.

MIT Technology Review visited Microsoft, the full summary is here.

281 Arrested Worldwide in Business Email Compromise

Posted on by

Operation ReWired:

Federal authorities announced today a significant coordinated effort to disrupt Business Email Compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals, including many senior citizens. Operation reWired, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, U.S. Postal Inspection Service, and the U.S. Department of State, was conducted over a four-month period, resulting in 281 arrests in the United States and overseas, including 167 in Nigeria, 18 in Turkey and 15 in Ghana. Arrests were also made in France, Italy, Japan, Kenya, Malaysia, and the United Kingdom (UK). The operation also resulted in the seizure of nearly $3.7 million.

Operation WireWire - Law enforcement arrested 74 ... photo

BEC, also known as “cyber-enabled financial fraud,” is a sophisticated scam often targeting employees with access to company finances and businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The same criminal organizations that perpetrate BEC also exploit individual victims, often real estate purchasers, the elderly, and others, by convincing them to make wire transfers to bank accounts controlled by the criminals. This is often accomplished by impersonating a key employee or business partner after obtaining access to that person’s email account or sometimes done through romance and lottery scams. BEC scams may involve fraudulent requests for checks rather than wire transfers; they may target sensitive information such as personally identifiable information (PII) or employee tax records instead of, or in addition to, money; and they may not involve an actual “compromise” of an email account or computer network. Foreign citizens perpetrate many BEC scams. Those individuals are often members of transnational criminal organizations, which originated in Nigeria but have spread throughout the world.

“The Department of Justice has increased efforts in taking aggressive enforcement action against fraudsters who are targeting American citizens and their businesses in business email compromise schemes and other cyber-enabled financial crimes,” said Deputy Attorney General Jeffrey Rosen. “In this latest four-month operation, we have arrested 74 people in the United States and 207 others have been arrested overseas for alleged financial fraud. The coordinated efforts with our domestic and international law enforcement partners around the world has made these most recent actions more successful. I want to thank the FBI, more than two dozen U.S. Attorney’s Offices, U.S. Secret Service, U.S. Postal Inspection Service, Homeland Security Investigations, IRS Criminal Investigation, U.S. Department of State’s Diplomatic Security Service, our partners in Nigeria, Ghana, Turkey, France, Italy, Japan, Kenya, Malaysia, and the UK, and our state and local law enforcement partners for all of their hard work to combat these fraud schemes and protect the hard-earned assets of our citizens. Anyone who engages in deceptive practices like this should know they will not go undetected and will be held accountable.”

“The FBI is working every day to disrupt and dismantle the criminal enterprises that target our businesses and our citizens,” said FBI Director Christopher A. Wray. “Cooperation is the backbone to effective law enforcement; without it, we aren’t as strong or as agile as we need to be. Through Operation reWired, we’re sending a clear message to the criminals who orchestrate these BEC schemes: We’ll keep coming after you, no matter where you are. And to the public, we’ll keep doing whatever we can to protect you. Reporting incidents of BEC and other internet-enabled crimes to the IC3 brings us one step closer to the perpetrators.”

“The Secret Service has taken a multi-layered approach to combating Business Email Compromise schemes through our Global Investigative Operations Center (GIOC),” said U.S. Secret Service Director James M. Murray. “Domestically, the GIOC assists Secret Service Field Offices and other law enforcement partners with analysis and investigative tactics to enhance the impact of local BEC investigations. Internationally, the GIOC targets and identifies transnational organized crime networks that perpetrate these cyber-enabled financial fraud schemes. Through this approach, the Secret Service continues to strive to protect the citizens of the United States and our financial infrastructure from these complex crimes.”

“Homeland Security Investigations (HSI), together with its law enforcement partners, has proven once again, that cyber-enabled financial fraud will not be tolerated in the United States,” said Acting Director Matthew T. Albence of U.S. Immigration and Customs Enforcement (ICE). “Operation reWired sends a clear message to criminals, that no matter how or where crimes are committed, we will do everything within our means to dismantle criminal enterprises that seek to manipulate U.S. institutions and taxpayers.”

“The consequences of this type of fraud scheme are far reaching, affecting not only people in the United States, but also across the world,” said Chief Postal Inspector Gary Barksdale. “This investigation is just another example of how effective law enforcement agencies can be when they join forces. By working together, we can keep our communities and our vulnerable populations safe from financial exploitation. The U.S. Postal Inspection Service is proud to be at the forefront of the fight against fraud and Postal Inspectors will continue to adapt to the ever changing landscape to stop the scammers and protect our customers.”

“In unraveling this complex, nationwide identity theft and tax fraud scheme, we discovered that the conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, attempting to receive more than $91 million in refunds,” said Chief Don Fort of IRS Criminal Investigation. “We will continue to work with our international, federal and state partners to pursue all those responsible for perpetrating this fraud, preying on innocent victims and attempting to cheat the U.S. out of millions of dollars.”

“The investigation of these crimes crossed international borders,” said Director Todd J. Brown of the U.S. Department of State’s Diplomatic Security Service (DSS). “Today’s charges are another successful example of our commitment to working together with both foreign colleagues abroad as well as local, state and federal law enforcement partners here at home in the pursuit of those who commit cyber-related financial crimes.”

A number of cases involved international criminal organizations that defrauded small to large sized businesses, while others involved individual victims who transferred high dollar funds or sensitive records in the course of business. The devastating effects these cases have on victims and victim companies affect not only the individual business but also the global economy. According to the Internet Crime Complaint Center (IC3), nearly $1.3 billion in loss was reported in 2018 from BEC and its variant, Email Account Compromise (EAC), nearly twice as much as was reported the prior year. BEC and EAC are prevalent scams and the Justice Department along with our partners will continue to aggressively pursue and prosecute the perpetrators, including money mules, regardless of where they are located.

Money mules may be witting or unwitting accomplices who receive ill-gotten funds from the victims and then transfer the funds as directed by the fraudsters. The money is wired or sent by check to the money mule who then deposits it in his or her own bank account. Usually the mules keep a fraction for “their trouble” and then wire the money as directed by the fraudster. The fraudsters enlist and manipulate the money mules through romance scams or “work-at-home” scams, though some money mules are knowing co-conspirators who launder the ill-gotten gains for profit.

BEC scams are related to, and often conducted together with, other forms of fraud such as:

“Romance scams,” where victims are lulled into believing they are in a legitimate relationship, and are tricked into sending or laundering money under the guise of assisting the paramour with an international business transaction, a U.S. visit, or some other cover story;

“Employment opportunities scams,” where victims are convinced to provide their PII to apply for work-from-home jobs, and, once “hired” and “overpaid” by a bad check, to wire the overpayment to the “employer’s” bank before the check bounces;

“Fraudulent online vehicle sales scams,” where victims are convinced they are purchasing a nonexistent vehicle and must pay for it by sending the codes of prepaid gift cards in the amount of the agreed upon sale price to the “seller;”

“Rental scams,” where a scammer agrees to rent a property, sends a bad check in excess of the agreed upon deposit, and requests the overpayment be returned via wire before the check bounces; and

“Lottery scams,” where victims are convinced they won an international lottery but must pay fees or taxes before receiving the payout.

Starting in May 2019, this coordinated enforcement action targeted hundreds of BEC scammers. Law enforcement agents executed over 214 domestic actions including arrests, money mule warning letters, and asset seizures and repatriations totaling nearly $3.7 million. Local and state law enforcement partners on FBI task forces across the country, with the assistance of multiple District Attorney’s Offices, also arrested alleged money mules for their role in defrauding victims.

Among those arrested on federal charges in BEC schemes include:

Following an investigation led by the FBI’s Chicago Division, Brittney Stokes, 27, of Country Club Hills, Illinois, and Kenneth Ninalowo, 40, of Chicago, Illinois, were charged in the Northern District of Illinois with laundering over $1.5 million from proceeds of BEC scams. According to the indictment, a community college and an energy company were defrauded into sending approximately $5 million to fraudulent bank accounts controlled by the scammers. Banks were able to freeze approximately $3.6 million of the $5 million defrauded in the two schemes. Law enforcement officials seized a 2019 Range Rover Velar S from Stokes and approximately $175,909 from Stokes and Ninalowo.

As a result of a joint investigation by the FBI, HSI, and DSS, Opeyemi Adeoso, 44, of Dallas, Texas, and Benjamin Ifebajo, 45, of Richardson, Texas, were arrested and charged in the Northern District of Texas with bank fraud, wire fraud, money laundering, and conspiracy. Adeoso and Ifebajo are alleged to have received and laundered at least $3.4 million. In furtherance of their scheme, they are alleged to have assumed 12 fictitious identities and defrauded 37 victims from across the United States.

As part of a larger investigation by the FBI and the USSS in Miami, Yamel Guevara Tamayo, 36, of Miami, Florida, and Yumeydi Govantes, 39, of Miami, Florida, were charged in the Southern District of Florida with laundering more than $950,000 of proceeds of BEC scams. The two individuals were also responsible for recruiting approximately 18 other individuals to serve as money mules, who laundered proceeds of BEC scams for an international money laundering network. The victims of the BEC scams included title companies, corporations, and individuals. The individuals were indicted June 18, 2019 and arrested June 20, 2019. The change of plea for both individuals is scheduled for Sept. 16.

In an investigation by FBI Atlanta, two individuals were charged in the Northern District of Georgia for their involvement in a Nigeria-based BEC scheme that began with a $3.5 million transfer of funds fraudulently misdirected from a Georgia-based health care provider to accounts across the United States. Two Nigerian nationals, Emmanuel Igomu, 35, of Atlanta, Georgia, and Jude Balogun, 29, of San Francisco, California, have been arrested on charges of aiding and abetting wire fraud for their part in receiving and transmitting monies derived from the BEC.

Following an investigation by the FBI, Cyril Ashu, 34, of Austell, Georgia; Ifeanyi Eke, 32, of Sandy Springs, Georgia; Joshua Ikejimba, 24, of Houston, Texas; and Chinedu Ironuah, 32, of Houston, Texas, were charged in the Southern District of New York with one count of conspiracy to commit wire fraud and one count of wire fraud for their involvement in a Nigeria-based BEC scheme that impacted hundreds of victims in the United States, with losses in excess of $10 million.

An indictment is merely an allegation and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

The cases were investigated by the FBI, U.S. Secret Service, U.S. Postal Inspection Service, ICE’s Homeland Security Investigations (HSI), IRS Criminal Investigation and U.S. Department of State’s Diplomatic Security Service. U.S. Attorney’s Offices in the Districts of Arizona; Central, Eastern and Southern California; Colorado; Delaware; Southern Florida; Northern Georgia; Northern Illinois; Kansas; Eastern Louisiana; Massachusetts; Nebraska; Nevada; Southern New York; Middle North Carolina; Northern Ohio; Oregon; Northern, Western and Southern Texas; Western Tennessee; Eastern Virginia; Eastern Washington, and elsewhere have ongoing investigations some of which have resulted in arrests in Nigeria. The Justice Department’s Computer Crime and Intellectual Property Section, Money Laundering and Asset Recovery Section, and Office of International Affairs of the Criminal Division provided assistance. District Attorney’s Offices of Harris County, Texas; Fort Bend County, Texas; and Washington County, Arkansas are handling state prosecutions. Additionally, private sector partners and the Nigerian Economic and Financial Crimes Commission, Ghana Police Service (GPS) and Economic and Organized Crime Office (EOCO), Turkish National Police (TNP) Cyber Department, Direction Centrale de la Police aux Frontieres (PAF) of France, Squadra Mobile Di Caserta and Italian National Police, National Police Agency of Japan, Tokyo Metropolitan Police Department (TPMD), Royal Malaysian Police, Directorate of Criminal Investigations (DCI) of Kenya and the National Crime Agency (NCA), North Wales Police, Metropolitan Police Service and Hertfordshire Constabulary of the UK provided significant assistance.

This operation serves as a model for international cooperation against specific threats that endanger the financial well-being of each member country’s residents. Deputy Attorney General Rosen expressed gratitude for the outstanding efforts of the participating countries, including law enforcement actions that were coordinated and executed by the Economic and Financial Crimes Commission (EFCC) in Nigeria to curb business email compromise schemes that defraud businesses and individuals alike.

The Justice Department’s efforts to confront the growing threat of cyber-enabled financial fraud led to the formation of the BEC Counteraction Group (BCG), which assists U.S. Attorney’s Offices and the Department with the coordination of BEC cases and the centralization of related expertise. The BCG facilitates communication and coordination between federal prosecutors, serves as a bridge between federal prosecutors and federal agents, centralizes and manages institutional knowledge and training, and participates in efforts to educate the public about protecting themselves and their organizations from BEC scams.

The BCG draws upon the expertise of the following sections within the Department’s Criminal Division: the Computer Crime and Intellectual Property Section, which regularly investigates and prosecutes cases involving computer crimes, including network intrusions; the Fraud Section, which manages complex litigation involving sophisticated fraud schemes; the Money Laundering and Asset Recovery Section, which brings experience in seizing assets obtained through criminal activity; the Office of International Affairs, which plays a central role in securing international evidence and extradition; and the Organized Crime and Gang Section, which contributes strategic guidance in prosecuting complex transnational criminal cases.

Operation reWired was funded and coordinated by the FBI and the Justice Department’s International Organized Crime Intelligence and Operations Center (IOC-2) and follows “Operation Wire Wire,” the first coordinated enforcement action targeting hundreds of BEC scammers. That effort, announced in June 2018, resulted in the arrest of 74 individuals, the seizure of nearly $2.4 million, and the disruption and recovery of approximately $14 million in fraudulent wire transfers.

Victims are encouraged to file a complaint online with the IC3 at bec.ic3.gov. The IC3 staff reviews complaints, looking for patterns or other indicators of significant criminal activity, and refers investigative packages of complaints to the appropriate law enforcement authorities in a particular city or region. The FBI provides a variety of resources relating to BEC through the IC3, which can be reached at www.ic3.gov.