Category Archives: Department of Homeland Security

New Calls for Democracy in Venezuela

Posted on by

As Venezuelan President Nicolas Maduro on Sunday thanked ally Iran for helping the South American country overcome U.S. sanctions on its oil industry and floated the idea of purchasing missiles from the country.

Washington maintains strict sanctions against Iran’s oil industry to try to halt the country’s nuclear program. Earlier this year, Tehran sent several gasoline cargoes to Venezuela to help it overcome fuel shortages, as well as equipment to help state oil company PDVSA repair its dilapidated refineries.

***

Thirty-three countries from around the globe, including members of the Lima Group and the International Contact Group and some European Union member states, signed a joint declaration calling for democracy in Venezuela.

EXCLUSIVE: Inside Venezuela: Starved Families Scavenge for ... source

The declaration, released August 14, is a call “to put the interests of Venezuela above politics and engage urgently in support of a process shaped and driven by Venezuelans to establish an inclusive transitional government that will lead the country into free and fair presidential elections, sooner not later,” it says.

Its call for an inclusive transitional government reinforces proposals made by the Venezuelan Interim Government and the U.S. government’s proposed Democratic Transition Framework, released in March.

The framework calls for a transitional government to function as a temporary executive branch. This transitional government would oversee steps leading to a truly free presidential election, ensuring that no candidate has an unfair advantage, and set the country on a path to recovery.

The proposed framework won’t be “a way for Maduro to stay in power in perpetuity, which is what he’s looking for, but it’s a way for everybody around him to say, ‘Actually, we have a pretty good future if we just take it,’” said the State Department’s Michael Kozak at a press availability August 14.

The declaration was signed by a coalition of countries around the world. As of August 19, these countries had signed: Albania, Australia, The Bahamas, Bolivia, Brazil, Canada, Chile, Colombia, Costa Rica, Czech Republic, Dominican Republic, Ecuador, El Salvador, Estonia, Georgia, Guatemala, Guyana, Haiti, Honduras, Hungary, Israel, Republic of Korea, Kosovo, Latvia, Lithuania, Morocco, Panama, Paraguay, Peru, Saint Lucia, Ukraine, United Kingdom, and United States.

The declaration calls for all political persecution and acts of repression to end, especially those committed against:

“It is time for a peaceful, democratic transition in Venezuela,” said Secretary of State Michael R. Pompeo on August 14. “The United States and the international community share an obligation to demonstrate and provide support for the Venezuelan people as they strive to reclaim their democracy.”

***

The US State Department Framework for a Democratic Transition for Venezuela

  1. Full return of all members of the National Assembly (AN); Supreme Court (TSJ) lifts order of contempt and restores all powers to the AN, including immunities for deputies; National Constituent Assembly (ANC) is dissolved. The U.S. lifts sanctions imposed on ANC members due to their membership in the ANC.
  2. All political prisoners are released immediately.
  3. All foreign security forces depart immediately unless authorized by 3/4 vote of the AN.
  4. AN elects new National Electoral Council (CNE) and TSJ members who are acceptable to all parties or coalitions of parties representing 25% or more of AN membership. (This would give both the PSUV and the multi-party Guaidó coalition a veto over personnel for any of these posts.) Upon the selection of a new CNE and TSJ, the U.S. lifts sanctions imposed on former CNE and TSJ members due to their membership in those bodies.
  5. AN approves “Council of State” Law, which creates a Council of State that becomes the executive branch. Each party or coalition of parties with 25% or more of AN membership selects two members of the Council of State, one of whom must be a state governor. The four members of the Council of State then select a fifth member, to be Secretary General, and who serves as Interim President until the elections and is not permitted to be a candidate for president in the elections.  Council members may not be members of the AN or TSJ. Decisions of the Council of State will be reached by majority vote. One member of the National Armed Forces of Venezuela (FANB) will serve as Military Adviser to the Council of State.
  6. All of the powers assigned to the President by the Constitution will be vested exclusively in the Council of State. The U.S. and the EU will lift sanctions on those who claimed Presidential authorities which were imposed due to their holding their previous positions once the Council of State is functioning and those individuals renounce any further claims to hold executive positions and acknowledge the Council of State as the exclusive executive power.
  7. Once the Council of State is established and foreign security forces have departed (unless approved by 3/4 vote at the AN), U.S. sanctions on the Government of Venezuela, PDVSA, and the oil sector are suspended.
  8. Council of State appoints new cabinet. The U.S. lifts sanctions on former cabinet members due to their holding their previous positions. The U.S. also lifts sanctions on members of the FANB that are based on their position in the institution.
  9. The international community provides humanitarian, electoral, governance, development, security, and economic support, with special initial focus on medical care system, water and electricity supply. Existing social welfare programs, now to be supplemented with international support, must become equally accessible to all Venezuelan citizens. Negotiations begin with World Bank, IMF, and Inter-American Development Bank for major programs of support.
  10. A Truth and Reconciliation Commission is established with the task of investigating serious acts of violence that occurred since 1999, and reports to the nation on the responsibilities of perpetrators and the rehabilitation of victims and their families. The Commission has five members, who are selected by the Secretary General of the United Nations with the consent of the Council of State. The AN adopts amnesty law consistent with Venezuela’s international obligations, covering politically motivated crimes since 1999 except for crimes against humanity. Argentina, Canada, Colombia, Chile, Paraguay, and Peru withdraw support for the International Criminal Court referral.
  11. The Council of State sets a date for simultaneous Presidential and AN elections in 6-12 months. Any Venezuelan citizen eligible in accordance with the 1999 Constitution can compete in the election.
  12. Presidential and AN elections are held. With a consensus of international observers that elections were free and fair, remaining U.S. sanctions are lifted.
  13. Bi-partisan commission within the AN is developed to create long term solutions to rehabilitating the economy and refinancing the debt.

Guarantees

  1. The military high command (Defense Minister, Vice Defense Minister, CEOFANB Commander, and Service Chiefs) remains in place for the duration of the transitional government.
  2. State or local authorities remain in place for the duration of the transitional period.

AG Barr on Operation LeGend Successes

Posted on by

Attorney General William Barr announced Wednesday that there have been nearly 1,500 arrests across eight U.S. cities thus far under the “Operation Legend” law enforcement initiative launched roughly six weeks ago. These are Federal charges only. Investigations and cases dealing with state charges or violations of law are turned over to the local District Attorneys for prosecution(s).

Mayors Worry Operation Legend Is About Politics, Not the ... source

Federal officers involved in Operation Legend, a Justice Department initiative to assist cities plagued by violent crime, have made more than 1,000 arrests across the country, Attorney General William Barr said Wednesday.

Of those arrests, more than 200 defendants have been charged with federal crimes, including 90 murder suspects, and nearly 400 guns have been taken off the streets, Mr. Barr said, speaking with reporters in Kansas City, Missouri.

“Operation Legend is the heart of the federal government’s response to this uptick in violent crime,” he said. “Its mission is to save lives, solve crimes and take violent offenders off our streets before they can claim more victims.

“Rather than demonizing or defunding police, we are supporting and strengthening our law enforcement partners at the state and local level.”

Operation Legend is named after 4-year-old LeGend Taliferro, who was shot and killed in Kansas City while he was sleeping. The operation started in that city earlier this month.

Cities that are part of Operation Legend will receive increased resources from the FBI, U.S. Marshals Service, Drug Enforcement Administration and Bureau of Alcohol, Tobacco, Firearms and Explosives to reduce violent crime, with a focus on gun violence. More than 1,000 additional agents have been sent to the nine cities.     The program also has allocated $78.5 million in grants to fund additional police positions, more prosecutors and improve technology to solve gun crimes.

A total of 61 defendants in Chicago have been charged with federal crimes. In Albuquerque, 16 individuals face federal charges, 32 in Cleveland, 22 in Detroit, 11 in Milwaukee, 15 in St. Louis and seven in Memphis, Tennessee.

Indianapolis was not included in the totals because that program began only last week.

Federal charges include illegal possession of a firearm, distribution of narcotics, carjacking, and bank robbery.

***

Barr has noted that Operation Legend, however, is separate from those deployments in response to unrest and that the dozens of investigators being dispatched to the cities are instead more focused on assisting federal and state authorities with probing violent crimes.

“There has been a lot of confusion in the media, some of it not unintentional, conflating two different aspects of law enforcement,” Barr said. “One is dealing with civil unrest, rioting, and the other is the classical traditional work that law enforcement does.”

During the news conference, Barr addressed the recent uptick of violent crime across several parts of the country, at one point saying, without providing evidence, that he believed it might be a result of a combination between “pent up aggression” to state and local quarantine orders, the “premature release of dangerous criminals by the courts” during the COVID-19 pandemic and the “Defund the Police” movement.

Barr added that he expected there will be an increase in the national violent crime rate this year after it saw decreases for the last two years.

N. Korea has 60 Nuclear Bombs, 5000 tons of Chemical Weapons

Posted on by

An Army report has the following information in part regarding North Korea:

A new assessment made by the United States Department of the Army estimates that the North Korean regime is in possession of massive amounts of conventional and non-conventional weapons that they are “highly likely” to use in specific circumstances, according to the Yonhap News Agency.

The assessment was published in a report entitled “North Korean Tactics,” and attributes North Korea’s huge armaments program to a desire to “prevent other countries from contemplating regime change.” Apparently, Kim Jong-un, the North Korean dictator, took note of what happened to his Libyan counterpart Muammar Gaddafi and “does not want something similar to happen” to him. (Gaddafi was killed by rebel Libyan forces, after a multi-national force including NATO countries attacked Libya with the stated goal of imposing an arms embargo, sanctions, and an assets freeze against regime leaders.)

According to the report, North Korea already has between 20 and 60 nuclear bombs and “the capacity to produce six new devices each year.” It also boasts the world’s third-largest stockpile of chemical weapons – between 2,500 and 5,000 tons of various substances – and is engaged in research into biological warfare as well. “Only one kilogram of anthrax could kill up to 50,000 people in Seoul,” the capital of South Korea, the report’s authors note.

Another ongoing source of concern is North Korea’s Cyber Warfare Guidance Unit, which employs over 6,000 computer hackers who “can successfully conduct invasive computer warfare activities from the safety of its own territory.” North Korean operatives are known to already be operating in several foreign countries including Belarus, China, India, Malaysia, and Russia.

Negotiations between the United States and North Korea broke down entirely following an unproductive summit between Kim Jong-un and US President Donald Trump in February, 2019.

Further details in the report to Congress includes:

North Korea’s military “uses tactics based on former Soviet or current Russian doctrine, Chinese developments, lessons learned, and observation of recent military actions,” according to a new US Army manual on the subject.

“While North Korea maintains large amounts of military equipment, much of it is outdated making it quantitatively superior to most armies but qualitatively inferior,” the new manual said. See North Korean Tactics, Army Techniques Publication (ATP) 7-100.2, 24 July 2020.

But North Korea has proved resourceful in other areas, including offensive cyber warfare.

“The primary organization responsible for computer warfare in North Korea is Bureau 121, which fielded at least 1,000 elite hackers in 2010 who focused on other countries’ computer systems. This number is likely much higher now” and includes “cyberspace teams [deployed] in foreign countries.”

And not least of all, “The country’s possession of a nuclear arsenal and its pursuit of missile technology are attempts to ensure that external powers do not interfere with its internal affairs for fear of a nuclear reprisal,” the Army manual said.

 

“North Korea is constantly adapting and evolving its capabilities,” the Army said.

***

Formed in the late 1990s, Bureau 121 is unit 121 of the General Bureau of Reconnaissance in North Korea’s military. (now made up of 6000 hackers)

Part of the unit is sometimes known as the DarkSeoul Gang, according to a report by Reuters.

Despite being one of the poorest countries in the world, North Korea puts a lot of its cash into Bureau 121.

North Korea is still technically at war with South Korea and cyber-warfare is arguably its best weapon. Coming from a defector in 2015, more details were provided to the BBC.

There is an official training school for the younger hacking applicants.

North Korea's Bureau 21 cyber-warriors trained up for ... source

Students sent to the Military school after graduating from Geumseong Middle School in the capital. A report into the cyber threat written by US Major Steve Sin in 2009 revealed Unit 121 had a base in Chilbosan Hotel, in Shenyang, China, from where could launch its attacks.The 164-room three star hotel – which is jointly owned by the North Koreans and Chinese. More details here. 

Hat tip to NSA FBI for Cracking Drovorub

Posted on by

The National Security Agency and the FBI are jointly exposing malware that they say Russian military hackers use in cyber-espionage operations.

Hackers working for Russia’s General Staff Main Intelligence Directorate’s 85th Main Special Service Center, military unit 26165, use the malware, which the Russians themselves call “Drovorub,” to target Linux systems, the NSA and FBI said Thursday in a detailed report.

The hackers, also known as APT28 or Fancy Bear, allegedly hacked the Democratic National Committee in 2016 and frequently target defense, government, and aerospace entities. The Russian military agency is also known as the GRU.

FBI e NSA descobrem novo malware Linux chamado Drovorub ...

While the alert does not include specific details about Drovorub victims, U.S. officials did say they published the alert Thursday to raise awareness about state-sponsored Russian hacking and possible defense sector vulnerabilities. The disclosure comes just months before American voters will conduct a presidential election.

“Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System owners and the public to counter the capabilities of the GRU, an organization which continues to threaten the United States and U.S. allies as part of its rogue behavior, including their interference in the 2016 U.S. Presidential Election,” the NSA and FBI said in the report.

The U.S. intelligence community has assessed that multiple foreign governments may “seek to compromise our election infrastructure.” It was not clear if the Russian hackers were using Drovorub malware in any ongoing interference efforts related to the 2020 presidential elections.

The NSA and FBI urged national security personnel, including the U.S. Department of Defense, to be on the alert for Drovorub attacks.

“The malware represents a threat because Linux systems are used pervasively throughout National Security Systems, Department of Defense, and the Defense Industrial Base,” the statement said. “All stakeholders should take action as appropriate.”

The announcement comes nearly one year after the NSA stood up a new cybersecurity directorate aimed at sharing more adversary threat intelligence with the public, and in recent weeks the NSA has worked to expose a spate of Russian campaigns, including Russian hackers’ efforts to target coronavirus research.

Senior Vice President of Intelligence at CrowdStrike, Adam Meyers, told CyberScoop the release shows these hackers are not easily deterred.

“Most importantly it demonstrates that FANCY BEAR has more tools and capabilities that are still being identified. This actor didn’t pack up and go home, they still have tricks up their sleeve,” Meyers told CyberScoop, adding that the news should raise alarm bells about Linux security. “Another important take away is that Linux is an area that organizations need to keep in mind from a malware perspective, many have not invested in similar security tools for this platform as they have for user platforms.”

Attacks employing Drovorub may be linked with previous Russian military efforts against connected devices, according to the NSA and the FBI. An APT28 attack that Microsoft security researchers identified last year against devices such as an office printer or a VOIP phone, for instance, was linked with an IP address that has also been used to access the Drovorub command and control IP address, the NSA and FBI said.

In such attacks, the hackers appeared interested in exploiting so-called internet of things devices in order to gain access to broader networks, other insecure accounts, and sensitive data, according to Microsoft.

The joint NSA and FBI release also has the effect of alerting the Russian government that U.S. officials are capable of tracking some of their work. The 780th Military Intelligence Brigade, which currently works with the Pentagon’s offensive cyber arm, Cyber Command, tweeted information out about the malware, and tagged a state-funded media outlet, RT, to flag the news for them.

The Drovorub malware consists of several components, the NSA and the FBI said, including an implant, a kernel module rootlet, a file transfer tool, and an attacker-controlled command and control server.

“When deployed on a victim machine, the Drovorub implant (client) provides the capability for direct communications with actor-controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands as ‘root’; and port forwarding of network traffic to other hosts on the network,” the NSA and FBI said.

More detail for zdnet:

“Technical details released today by the NSA and FBI on APT28’s Drovorub toolset are highly valuable to cyber defenders across the United States.”

To prevent attacks, the agency recommends that US organizations update any Linux system to a version running kernel version 3.7 or later, “in order to take full advantage of kernel signing enforcement,” a security feature that would prevent APT28 hackers from installing Drovorub’s rootkit.

The joint security alert [PDF] contains guidance for running Volatility, probing for file hiding behavior, Snort rules, and Yara rules — all helpful for deploying proper detection measures.

Some interesting details we gathered from the 45-page-long security alert:

  • The name Drovorub is the name that APT28 uses for the malware, and not one assigned by the NSA or FBI.
  • The name comes from drovo [дрово], which translates to “firewood”, or “wood” and rub [руб], which translates to “to fell”, or “to chop.”
  • The FBI and NSA said they were able to link Drovorub to APT28 after the Russian hackers reused servers across different operations. For example, the two agencies claim Drovorub connected to a C&C server that was previously used in the past for APT28 operations targeting IoT devices in the spring of 2019. The IP address had been previously documented by Microsoft.

Seizure of Three Terror Finance Cyber-Enabled Campaigns

Posted on by

Global Disruption of Three Terror Finance Cyber-Enabled Campaigns

Largest Ever Seizure of Terrorist Organizations’ Cryptocurrency Accounts

The Justice Department today announced the dismantling of three terrorist financing cyber-enabled campaigns, involving the al-Qassam Brigades, Hamas’s military wing, al-Qaeda, and Islamic State of Iraq and the Levant (ISIS).  This coordinated operation is detailed in three forfeiture complaints and a criminal complaint unsealed today in the District of Columbia.  These actions represent the government’s largest-ever seizure of cryptocurrency in the terrorism context.

These three terror finance campaigns all relied on sophisticated cyber-tools, including the solicitation of cryptocurrency donations from around the world.  The action demonstrates how different terrorist groups have similarly adapted their terror finance activities to the cyber age.  Each group used cryptocurrency and social media to garner attention and raise funds for their terror campaigns.  Pursuant to judicially-authorized warrants, U.S. authorities seized millions of dollars, over 300 cryptocurrency accounts, four websites, and four Facebook pages all related to the criminal enterprise.

Funds successfully forfeited with a connection to a state sponsor of terrorism may in whole or in part be directed to the United States Victims of State Sponsored Terrorism Fund (http://www.usvsst.com/) after the conclusion of the case.

“It should not surprise anyone that our enemies use modern technology, social media platforms and cryptocurrency to facilitate their evil and violent agendas,” said Attorney General William P. Barr.   “The Department of Justice will employ all available resources to protect the lives and safety of the American public from terrorist groups.  We will prosecute their money laundering, terrorist financing and violent illegal activities wherever we find them.  And, as announced today, we will seize the funds and the instrumentalities that provide a lifeline for their operations whenever possible.  I want to thank the investigators from the Internal Revenue Service, Department of Homeland Security, Federal Bureau of Investigation, and the prosecutors from the D.C. United States Attorney’s Office and National Security Division for their hard and innovative work in attacking the networks that allow these terrorists to recruit for and fund their dangerous actions.”

“Terrorist networks have adapted to technology, conducting complex financial transactions in the digital world, including through cryptocurrencies. IRS-CI special agents in the DC cybercrimes unit work diligently to unravel these financial networks,” said Secretary of the Treasury Steven T. Mnuchin.  “Today’s actions demonstrate our ongoing commitment to holding malign actors accountable for their crimes.”

“The Department of Homeland Security was born after the September 11, 2001 terrorist attacks and, nearly 20 years later, we remain steadfast in executing our critical mission to safeguard the American people, our homeland, and our values,” said Acting Secretary of Homeland Security Chad F. Wolf.  “Today’s announcement detailing these enforcement actions targeting foreign terrorist organizations is yet another example of the Department’s commitment to our mission. After launching investigations that identified suspected online payments being funneled to and in support of terrorist networks, Homeland Security Investigations skillfully leveraged their cyber, financial, and trade investigative expertise to disrupt and dismantle cyber-criminal networks that sought to fund acts of terrorism against the United States and our allies.  Together with our federal law enforcement partners, the Department will utilize every resource available to ensure that our Homeland is and remains secure.”

“These important cases reflect the resolve of the D.C. United States Attorney’s Office to target and dismantle these sophisticated cyber-terrorism and money laundering actors across the globe,” stated Acting United States Attorney Michael R. Sherwin.  “While these individuals believe they operate anonymously in the digital space, we have the skill and resolve to find, fix and prosecute these actors under the full extent of the law.”

“IRS-CI’s ability to trace funds used by terrorist groups to their source and dismantle these radical group’s communication and financial networks directly prevents them from wreaking havoc throughout the world,” said Don Fort, Chief, IRS Criminal Investigation.  “Today the world is a safer place.”

“As the primary law enforcement agency charged with defeating terrorism, the FBI will continue to combat illicit terrorist financing regardless of platform or method employed by our adversaries,” said FBI Director Christopher Wray. “As demonstrated by this recent operation, the FBI remains committed to cutting off the financial lifeblood of these organizations that seek to harm Americans at home and abroad.”

“Homeland Security Investigations continues to demonstrate their investigative expertise with these enforcement actions,” said ICE Deputy Director and Senior Official Performing the Duties of the Director Matthew T. Albence.  “Together with law enforcement partners, HSI has utilized their unique authorities to bring to justice those cyber-criminal networks who would do us harm.”

Al-Qassam Brigades Campaign

The first action involves the al-Qassam Brigades and its online cryptocurrency fundraising efforts.  In the beginning of 2019, the al-Qassam Brigades posted a call on its social media page for bitcoin donations to fund its campaign of terror.  The al-Qassam Brigades then moved this request to its official websites, alqassam.net, alqassam.ps, and qassam.ps.

al_qassam_1

The al-Qassam Brigades boasted that bitcoin donations were untraceable and would be used for violent causes.  Their websites offered video instruction on how to anonymously make donations, in part by using unique bitcoin addresses generated for each individual donor.

al_qassam_2

 

However, such donations were not anonymous.  Working together, IRS, HSI, and FBI agents tracked and seized all 150 cryptocurrency accounts that laundered funds to and from the al-Qassam Brigades’ accounts.  Simultaneously, law enforcement executed criminal search warrants relating to United States-based subjects who donated to the terrorist campaign.

With judicial authorization, law enforcement seized the infrastructure of the al-Qassam Brigades websites and subsequently covertly operated alqassam.net.   During that covert operation, the website received funds from persons seeking to provide material support to the terrorist organization, however, they instead donated the funds bitcoin wallets controlled by the United States.

The United States Attorney’s Office for the District of Columbia also unsealed criminal charges for two Turkish individuals, Mehmet Akti and Hüsamettin Karataş, who acted as related money launderers while operating an unlicensed money transmitting business.

Al-Qaeda Campaign

The second cyber-enabled terror finance campaign involves a scheme by al-Qaeda and affiliated terrorist groups, largely based out of Syria.  As the forfeiture complaint details, these terrorist organizations operated a bitcoin money laundering network using Telegram channels and other social media platforms to solicit cryptocurrency donations to further their terrorist goals.  In some instances, they purported to act as charities when, in fact, they were openly and explicitly soliciting funds for violent terrorist attacks.  For example, one post from a charity sought donations to equip terrorists in Syria with weapons:

al_qaeda

Undercover HSI agents communicated with the administrator of Reminder for Syria, a related charity that was seeking to finance terrorism via bitcoin donations.  The administrator stated that he hoped for the destruction of the United States, discussed the price for funding surface-to air missles, and warned about possible criminal consequences from carrying out a jihad in the United States.

Posts from another Syrian charity similarly explicitly referenced weapons and extremist activities:

al_qaeda_2
al_qaeda_3.

Al-Qaeda and the affiliated terrorist groups together created these posts and used complicated obfuscation techniques, uncovered by law enforcement, to layer their transactions so to conceal their actions.  Today’s complaint seeks forfeiture of the 155 virtual currency assets tied to this terrorist campaign.

ISIS Campaign

The final complaint combines the Department’s initiatives of combatting COVID-19 related fraud with combatting terrorism financing.  The complaint highlights a scheme by Murat Cakar, an ISIS facilitator who is responsible for managing select ISIS hacking operations, to sell fake personal protective equipment via FaceMaskCenter.com (displayed below)

isis_1.

The website claimed to sell FDA approved N95 respirator masks, when in fact the items were not FDA approved.  Site administrators claimed to have near unlimited supplies of the masks, in spite of such items being officially-designated as scarce.  The site administrators offered to sell these items to customers across the globe, including a customer in the United States who sought to purchase N95 masks and other protective equipment for hospitals, nursing homes, and fire departments.

The unsealed forfeiture complaint seized Cakar’s website as well as four related Facebook pages used to facilitate the scheme.  With this third action, the United States has averted the further victimization of those seeking COVID-19 protective gear, and disrupted the continued funding of ISIS.

The claims made in these three complaints are only allegations and do not constitute a determination of liability.  The burden to prove forfeitability in a civil forfeiture proceeding is upon the government.  Further, charges contained in criminal complaint are merely allegations, and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

IRS-CI Cyber Crimes Unit (Washington, D.C.), HSI’s Philadelphia Office, and FBI’s Washington D.C., New York, and Los Angeles field offices are investigating the case. Assistant U.S Attorneys Jessi Camille Brooks and Zia M. Faruqui, and National Security Division Trial Attorneys Danielle Rosborough and Alexandra Hughes are litigating the case, with assistance from Paralegal Specialists Brian Rickers and Bria Cunningham, and Legal Assistant Jessica McCormick.  Additional assistance has been provided by Chainalysis and Excygent.