Category Archives: Department of Homeland Security

MisInformationCom and Election Security

Posted on by
Election security top priority for U.S.: DHS chief - newsR ...
So, Dana Perino of Fox News/Daily Briefing had Mary Anne Marsh on the show today to discuss voting security. Mary Ann went on and on about how the Trump administration is not doing enough to ensure foreign interference/election meddling is prevented in the 2018 mid-terms and all the way to the general election in 2020.
Clearly Mary Ann has not been a part of the countless sessions that DHS has hosted for the benefit of each state to protect and harden their respective systems. Frankly, I have participated in 2 conference calls and have watched congressional hearings as well as read documents provided as to the activities on behalf of DHS and the FBI.
Then while few people know, the Justice Department produced a lengthy document by the titled ‘The Cyber Digital Task Force that speaks to all foreign intrusion operations including the matter of the election infrastructure. Pass this on to Mary Ann please. Just one of hundreds of paragraphs is below:
Covert influence operations, including disinformation operations, to influence
public opinion and sow division.
Using false U.S. personas, adversaries could covertly create and operate social media pages and other forums designed to attract U.S. audiences and spread disinformation or divisive messages. This could happen in isolation or in combination with other operations, and could be intended to foster specific narratives that advance foreign political objectives, or could be intended simply to turn citizens against each other. These messages need not relate directly to political campaigns. They could seek to depress voter turnout among particular groups, encourage third-party voting, or convince the public of widespread voter fraud to undermine confidence in election results. These messages could target discrete U.S. populations based on their political
and demographic characteristics. They may mobilize Americans to sign online petitions
and join issue-related rallies and protests, or even to incite violence. For example, advertisements from at least 2015 to 2017 linked to a Russian organization called the Internet Research Agency focused on divisive issues, including illegal immigration and gun rights, among others, and targeted those messages to groups most likely to react.
Meanwhile, there is an external organization made up of subject matter experts collecting evidence and stories of which the Deputy Assistant Attorney General Adam S. Hickey for the National Security Division Delivered Remarks at Misinfo Con.
Thank you for the invitation to speak today, and for the important work you are doing: in organizing this conference devoted to the challenges of misinformation, and, by attending, bringing your experience and expertise to bear on the problem.

It’s a privilege to help kick off this first day of MisinfoCon, focused on state-sponsored misinformation. To do that, I am going to give you an overview of how the Department of Justice views the problem, where it fits in the context of related national security threats, and how we are addressing it.

As you probably know, the Justice Department recently obtained an indictment of 13 Russian individuals and three entities, including the Internet Research Agency (or IRA), for federal crimes in connection with an effort to interfere in the 2016 Presidential election. The defendants allegedly conducted what they called “information warfare against the United States,” with the stated goal of “spread[ing] distrust towards the candidates and the political system in general.”

According to the indictment, the IRA was a structured organization headed by a management group and arranged in departments. It had a “translator project,” designed to focus on the U.S. population, with more than 80 employees assigned by July 2016. They posed as politically and socially active Americans, advocating for and against particular political candidates. They established social media pages and groups to communicate with unwitting Americans. They also purchased political advertisements on social media.

One of the so-called trolls who worked for the IRA recently spoke to the Washington Post about his work in a different department, attempting to influence a domestic, Russian audience. He described it as “a place where you have to write that white is black and black is white.” Hundreds of people “were all writing absolute untruths.”

But as the indictment alleges it, what made the defendants’ conduct illegal in the United States was not the substance of their message, the “accuracy” of their opinions: it was their conspiracy to defraud by, among other ways, lying about who the messenger was.  They were not Americans expressing their own viewpoints; they were Russians on the payroll of a foreign company.

Now, the problem of covert foreign influence is not new. In 1938, a congressional committee found that the Nazi government had established an extensive, underground propaganda apparatus inside the United States using American firms and citizens. The response was to recommend a law that would (in the committee’s words) throw these activities under the “spotlight of pitiless publicity.”  The result is the Foreign Agents Registration Act (FARA), a disclosure statute that, notably, does not prohibit speech. Rather, FARA requires agents of foreign principals who engage in political activities within the United States to file periodic public disclosures with the Department.

The Act’s purpose is to ensure that the American public and our lawmakers know the source of information provided at the behest of a foreign principal, enhancing the public’s and the government’s ability to evaluate such information.

Transparency, not prohibition, has been the government’s response to misinformation. In the 1980s, the government established an interagency committee, the “Active Measures Working Group,” to counter Soviet disinformation. It did so by exposing forgeries and other propaganda, such as fake stories that the Pentagon developed the AIDS virus as part of a biological weapons research program.

Today, we confront misinformation as only one component of a broader, malign foreign influence effort.  As this framework from the Department’s recent Cyber-Digital Task Force report shows, those efforts can also include cyber operations that target election infrastructure or political parties’ networks; covert efforts to assist (or harm) candidates; and overt efforts to influence the American public (for example, through state-run media organizations).

Our responses to those efforts must likewise be multifaceted, from providing indicators and warnings that can help network owners protect themselves from hackers, to criminal investigations and prosecutions, and other measures, like sanctions and expulsions that raise the costs on the states that sponsor such malign activities.

This graphic, also from the Task Force report, depicts the Department’s strategy to counter each phase of a covert influence campaign cycle, from the identification of targets to the production and amplification of content.  The middle rows (in red) depict our adversaries’ activities in stages, while the bottom rows (in blue) suggest the means by which private actors and the government can disrupt and deter the activity.

One aspect of this strategy worth highlighting is that the content of a foreign influence campaign may be true or false.  Whether the message is accurate or not may not be the point: doxing a candidate or a corporation for political reasons might not involve misinformation, but it may nonetheless violate our laws, threaten our values and way of life, compromise privacy and, sometimes, retaliate against and chill free speech.

Covert foreign influence efforts can take many forms, but recently we have seen increased efforts to influence Americans through social media. To counter these efforts, a key component of our approach is sharing information with social media and other Internet service providers, which we do through the FBI’s Foreign Influence Task Force.  It is those providers who bear the primary responsibility for securing their own products and platforms.  By sharing information with them, especially about who certain users and account holders actually are, we can assist their own, voluntary initiatives to track foreign influence activity and to enforce their own terms of service.

As the Task Force report also recognizes, there may be circumstances when it is appropriate for the government itself to expose and attribute foreign influence operations as a means of rendering them less effective. But there are often compelling, countervailing considerations, however.

As a general rule, the Department does not confirm, deny, or comment on pending investigations, both to protect the investigation itself as well as the rights of any accused.

We are also constrained to protect the classified sources and methods that may inform our judgment of what foreign governments are doing.

And, most important of all, we must never act to confer any advantage or disadvantage on any political or social group, individual, or organization, and we must strive to avoid even the appearance of partiality. That could constrain the timing and nature of any disclosure we might make.

All of this is to say, and as the Department’s Policy on the Disclosure of Foreign Influence Operations recognizes, we might not be the best messenger to counter a particular piece of misinformation.

That’s why this conference is so important: what we call the private sector (but which includes a lot of people in public spaces, just like you) has a critical role – larger than the federal government’s – in countering covert foreign influence efforts, particularly misinformation, and ensuring that our democracy rests on the active engagement of an informed public.

The former Russian troll I mentioned at the beginning of my remarks, who worked for the IRA, said his work was “pointless” for Russian audiences, that it would not impact them.  But in America, that kind of trickery might have an impact, he said, because we “live in a society in which it’s accepted to answer for your words.” My challenge to us during this conference, if I may make one, is that we find ways to ensure we all continue to answer for our words, so that the trust we enjoy as an aspect of our free, democratic society can thrive.

*** Someone help out the democrats and Mary Ann….all discussions inside the Beltway include these multi-track discussions. Back in March, the U.S. spending bill provided $380 million for election cyber security. There was an amendment for an additional $250 million that the Senate Republicans on a floor vote rejected. Why? Because many of the states have either been slow to accept money inside that $380 million or not taken any at all.

U.S. is on the Offensive, Espionage and Cyber

Posted on by

In the last few weeks, there was the Aspen Security Forum, a 3 day event. Then there was a DNI report. Then came 2 separate nationwide conference calls hosted by CERT, the cyber division of DHS.

A remarkable White House press briefing included the heads of intelligence agencies explaining the condition of cyber/espionage and the countermeasures against Russia.

Then there is the military side, a division frankly not well known, the Defense Security Services.

 

See the whole 2 page release here.

 

 

 

 

 

 

 

 

 

 

And there is more:

FBI Releases Article on Securing the Internet of Things

The Federal Bureau of Investigation (FBI) has released an article on the risks associated with internet-connected devices, commonly referred to as the Internet of Things (IoT). FBI warns that cyber threat actors can use unsecured IoT devices as proxies to anonymously pursue malicious cyber activities.

As our reliance on IoT becomes an important part of everyday life, being aware of the associated risks is a key part of keeping your information and devices secure. NCCIC encourages users and administrators to review the FBI article for more information and refer to the NCCIC Tip Securing the Internet of Things.

*** IOT?

The internet of things, at its simplest level, is a network of smart devices – from refrigerators that warn you when you’re out of milk to industrial sensors – that are connected to the internet so they can share data, but IoT is far from a simple challenge for IT departments.

Related reading: Five IoT Predictions For 2019

For many companies, it represents a vast influx of new devices, many of which are difficult to secure and manage. It’s comparable to the advent of BYOD, except the new gizmos are potentially more difficult to secure, aren’t all running one of three or four basic operating systems, and there are already more of them.

A lot more, in fact – IDC research says that there are around 13 billion connected devices in use worldwide already, and that that number could expand to 30 billion within the next three years. (There were less than 4 billion smartphone subscriptions active around the world in Ericsson’s most recent Mobility Report.)

With a huge number of companies “doing IoT” – most big-name tech companies, including Google, Microsoft, Apple, Cisco, Intel, and IBM have various types of IoT play – all working to bring as many users as possible into their respective ecosystems, motivation to make sure IoT systems and devices from different companies all work with each other is sometimes lacking.

Internet of Things photo

The problem, of course, is that nobody’s willing to give up on the idea of their own ecosystem becoming a widely accepted standard – think of the benefits to the company whose system wins out! – and so the biggest players in the space focus on their own systems and development of more open technologies lags behind. More here.

Eligible Receiver 97, Red Team Being Applied Today for Cyber Hacks?

Posted on by

An early classified Defense Department cybersecurity exercise named “Eligible Receiver 97” (ER97) featured a previously unpublicized series of mock terror attacks, hostage seizures, and special operations raids that went well beyond pure cyber activities in order to demonstrate the potential scope of threats to U.S. national security posed by attacks in the cyber domain, according to recently declassified documents and a National Security Agency (NSA) video posted today by the nongovernmental National Security Archive at The George Washington University.

“Joint Exercise Eligible Receiver 97”, run during the Clinton presidency, is frequently pointed to as a critical event in the United States’ appreciation of threats in cyber space. The exercise led directly to the formation of what would eventually become United States Cyber Command (USCYBERCOM) and informed key studies such as the formative Marsh Report on critical infrastructure protection. Despite the significance of ER97, however, very little is publicly known about the exercise itself.

ER97 involved an NSA Red Team playing the role of North Korean, Iranian and Cuban hostile forces whose putative aim was to attack critical infrastructure as well as military command-and-control capabilities to pressure the U.S. government into changing its policies toward those states. An interagency Blue Team was required to provide recommendations to personnel enacting defensive responses. Until now, only two phases out of three (infrastructure and command-and-control) had been publicly known.  The video and documents posted today provide new details about the third phase involving kinetic attacks in the physical domain – i.e. more traditional terrorist assaults on civilian targets – which were built upon intelligence gathered through the Red Team’s successes. Read more here on the declassified files.

*** With all the cyber terror going on today in the United States, are we doing more ‘red team’ exercises? Perhaps some of those tactics are paying off many years later.

3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million ...

Three Members of Notorious International Cybercrime Group “Fin7” in Custody for Role in Attacking Over 100 U.S. Companies

Victim Companies in 47 U.S. States; Used Front Company ‘Combi Security’ to Recruit Hackers to Criminal Enterprise

          SEATTLE – Three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe have been arrested and are currently in custody facing charges filed in U.S. District Court in Seattle, announced U.S. Attorney Annette L. Hayes, Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division and Special Agent in Charge Jay S. Tabb Jr. of the FBI’s Seattle Field Office.

According to three federal indictments unsealed today, Ukrainian nationals Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30, are members of a prolific hacking group widely known as FIN7 (also referred to as the Carbanak Group and the Navigator Group, among other names).  Since at least 2015, FIN7 members engaged in a highly sophisticated malware campaign to attack more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries.  As set forth in the indictments, FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers which were used or sold for profit.

In the United States alone, FIN7 successfully breached the computer networks of businesses in 47 states and the District of Columbia, stealing more than 15 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations.  Additional intrusions occurred abroad, including in the United Kingdom, Australia, and France.  Companies that have publicly disclosed hacks attributable to FIN7 include such familiar chains as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli.  Additionally here in Western Washington FIN7 targeted the Emerald Queen Casino (EQC) and other local businesses.  The Emerald Queen Casino was able to stop the intrusion and no customer data was stolen.

“Protecting consumers and companies who use the internet to conduct business – both large chains and small ‘mom and pop’ stores — is a top priority for all of us in the Department of Justice,” said U.S. Attorney Annette L. Hayes.  “Cyber criminals who believe that they can hide in faraway countries and operate from behind keyboards without getting caught are just plain wrong.  We will continue our longstanding work with partners around the world to ensure cyber criminals are identified and held to account for the harm that they do – both to our pocketbooks and our ability to rely on the cyber networks we use.”

“The three Ukrainian nationals indicted today allegedly were part of a prolific hacking group that targeted American companies and citizens by stealing valuable consumer data, including personal credit card information, that they then sold on the Darknet,” said Assistant Attorney General Benczkowski.  “Because hackers are committed to finding new ways to harm the American public and our economy, the Department of Justice remains steadfast in its commitment to working with our law enforcement partners to identify, interdict, and prosecute those responsible for these threats.”

“The naming of these FIN7 leaders marks a major step towards dismantling this sophisticated criminal enterprise,” said Special Agent in Charge Jay S. Tabb Jr., of the FBI’s Seattle Field Office.  “As the lead federal agency for cyber-attack investigations, the FBI will continue to work with its law enforcement partners worldwide to pursue the members of this devious group, and hold them accountable for stealing from American businesses and individuals.”

Each of the three FIN7 conspirators is charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.

In January 2018, at the request of U.S. officials, foreign authorities separately arrested Ukrainian Fedir Hladyr and a second FIN7 member, Dmytro Fedorov.  Hladyr was arrested in Dresden, Germany, and is currently detained in Seattle pending trial.  Hladyr allegedly served as FIN7’s systems administrator who, among other things, maintained servers and communication channels used by the organization and held a managerial role by delegating tasks and by providing instruction to other members of the scheme.  Hladyr’s trial is currently scheduled for October 22, 2018.

Fedorov, a high-level hacker and manager who allegedly supervised other hackers tasked with breaching the security of victims’ computer systems, was arrested in Bielsko-Biala, Poland.  Fedorov remains detained in Poland pending his extradition to the United States.

In late June 2018, foreign authorities arrested a third FIN7 member, Ukrainian Andrii Kolpakov in Lepe, Spain.  Kolpakov, also is alleged to be a supervisor of a group of hackers, remains detained in Spain pending the United States’ request for extradition.

According to the indictments, FIN7, through its dozens of members, launched numerous waves of malicious cyberattacks on numerous businesses operating in the United States and abroad.  FIN7 carefully crafted email messages that would appear legitimate to a business’ employee, and accompanied emails with telephone calls intended to further legitimize the email. Once an attached file was opened and activated, FIN7 would use an adapted version of the notorious Carbanak malware in addition to an arsenal of other tools to ultimately access and steal payment card data for the business’ customers. Since 2015, many of the stolen payment card numbers have been offered for sale through online underground marketplaces. (Supplemental document “How FIN7 Attacked and Stole Data” explains the scheme in greater detail.)

FIN7 used a front company, Combi Security, purportedly headquartered in Russia and Israel, to provide a guise of legitimacy and to recruit hackers to join the criminal enterprise.  Combi Security’s website indicated that it provided a number of security services such as penetration testing.  Ironically, the sham company’s website listed multiple U.S. victims among its purported clients.

 

The charges in the indictments are merely allegations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

The indictments are the result of an investigation conducted by the Seattle Cyber Task Force of the FBI and the U.S. Attorney’s Office for the Western District of Washington, with the assistance of the Justice Department’s Computer Crime and Intellectual Property Section and Office of International Affairs, the National Cyber-Forensics and Training Alliance, numerous computer security firms and financial institutions, FBI offices across the nation and globe, as well as numerous international agencies. Arrests overseas were executed in Poland by the “Shadow Hunters” from CBŚP (Polish Central Bureau of Investigation); in Germany by LKA Sachsen – Dezernat 33, (German State Criminal Police Office) and the Polizeidirektion Dresden (Dresden Police); and in Spain by the Grupo de Seguridad Logica within the Unidad de Investigación Technologica of the Cuerpo Nacional de Policía (Spanish National Police).

This case is being prosecuted by Assistant U.S. Attorneys Francis Franze-Nakamura and Steven Masada of the Western District of Washington, and Trial Attorney Anthony Teelucksingh of the Justice Department’s Computer Crime and Intellectual Property Section.

how_fin7_attacked_and_stole_data.pdf

Fugitive Extradited in Border Patrol Agent Brian Terry Murder

Posted on by

border.jpg Heraclio Osorio-Arellanes, left, and Border Agent Brian Terry FBI/ATF

SAN DIEGO, CA – Heraclio Osorio-Arellanes, who is charged with the first-degree murder of U.nited S.tates Border Patrol Agent Brian Terry, was extradited from Mexico to the United States today, announced Attorney General Jeff Sessions and Southern District of California U.S. Attorney Adam Braverman for the Southern District of California.  He will be arraigned in U.nited S.tates District Court in, Tucson, Arizona, Wednesday tomorrow afternoon.  Osorio-Arellanes has been in custody awaiting extradition since his arrest by Mexican authorities on April 12, 2017.

Agent Terry was fatally shot on Dec.ember 14, 2010, when he and other U.S. Border Patrol agents encountered Osorio-Arellanes and four other members of a “rip crew” (a criminal gang that attempts to steal from drug and alien smugglers) operating in a rural area north of Nogales, Arizona.  Of the six defendants charged along with Osorio-Arellanes in the case, three have pleaded guilty, two were convicted following a jury trial, and one other defendant – Jesus Rosario Favela Astorga (arrested by Mexican authorities in October, 2017) – has not yet been tried. is pending extradition to the United States.

“The Department of Justice is pleased that the suspected killer of Border Patrol Agent Brian Terry has been successfully extradited to the United States and will now face justice for this terrible crime,” said Attorney General Jeff Sessions. “We are grateful for the efforts of the Federal Bureau of Investigation, U.S. Marshals Service and U.S. Customs and Border Protection as well as our law enforcement partners in Mexico. To anyone who would take the life of an American citizen, in particular an American law enforcement officer, this action sends a clear message: Working closely with our international partners, we will hunt you down, we will find you, and we will bring you to justice.”

“The arrest and extradition of Osorio-Arellanes reflects the steadfast commitment and tireless work of the United States and our law enforcement partners in Mexico, who shared the common goal of seeking justice for the murder of Agent Brian Terry,” said U.nited S.tates Attorney Adam Braverman.  “When an agent makes the ultimate sacrifice while serving his country, we must hold all the individuals who played a part in this tragic outcome accountable for their actions.  This extradition moves that important goal forward.”

The indictment charges the defendants with first-degree murder, second-degree murder, conspiracy to interfere with commerce by robbery, attempted interference with commerce by robbery, use and carrying a firearm during a crime of violence and assault on a federal officer.  In addition to the murder of Agent Terry, the indictment alleges that the defendants assaulted U.S. Border Patrol Agents William Castano, Gabriel Fragoza and Timothy Keller, who were with Agent Terry during the firefight with the “rip crew.”

This case is being prosecuted in federal court in Tucson by attorneys from the Southern District of California, Special Attorneys Todd W. Robinson and David D. Leshner.  The U.S. Attorney’s Office for the District of Arizona is recused.  The case is being investigated by the FBI.  The Government of Mexico assisted in the apprehension and extradition.  The Justice Department’s Office of International Affairs provided assistance with the extradition of defendant Osorio-Arellanes.

The public is reminded that an indictment is a formal charging document and defendants are presumed innocent until the government meets its burden in court of proving guilt beyond a reasonable doubt.

DEFENDANT                                                                        Case No. 11-CR-00150-TUC-DCB (BPV)     

Heraclio Osorio-Arellanes

AGENCIES

Federal Bureau of Investigation

U.S. Customs and Border Protection

United States Border Patrol

DOJ Office of International Affairs         

***

 Federal authorities said Tuesday that Heraclio Osorio-Arellanes will be arraigned in U.S. District Court in Tucson on Wednesday.               

 Osorio-Arellanes had been in custody awaiting extradition since being arrested by Mexican authorities on April 12, 2017. Osorio-Arellanes is charged in the death of Border Patrol Agent Brian Terry, who was shot and killed Dec. 14, 2010 when he and other agents encountered a gang preying on smugglers north of Nogales, Arizona.

Terry was part of a four-man team in an elite Border Patrol unit staking out the southern Arizona desert on a mission to find “rip-off” crew members who rob drug smugglers.

They encountered a five-man group of suspected marijuana bandits and identified themselves as police in trying to arrest them.

A jury in Tucson in October 2015 found two men, Jesus Leonel Sanchez-Meza and Ivan Soto-Barraza, guilty on murder and other charges. Another man, Manual Osorio-Arellanes, pleaded guilty to murder and was sentenced to 30 years in prison in 2014.

A fourth man, Rosario Rafael Burboa-Alvarez, pleaded guilty to murder. He was not present during the shooting but is accused of assembling the rip crew.

Authorities are still looking for Jesus Rosario Favela-Astorga, who’s wanted on murder, conspiracy, robbery, assault and firearm charges, reports CBS affiliate KOLD.

Legislation Proposed on Front Co.’s/Foreign Investment

Posted on by

Frankly, Britain has a much worse issue, but big hat tip to Senator Rubio. There are cities in America which are pockets of some nasty dark money in real estate.

There needs to be some real reform to CFIUS, Committee for Foreign Investment in the United States.

Crackdown on dirty money shook Miami real estate. Now, Rubio wants to take it national

WashingtonIn a move with significant implications for the U.S. housing market, Florida Republican Sen. Marco Rubio is seeking to take a Treasury Department crackdown on dirty money in luxury real estate and expand it from a few high-priced enclaves to the entire nation.

Rubio says his proposal is an attempt to root out criminals who use illicit funds and anonymous shell companies to buy homes — a form of money laundering that hides the cash’s tainted origin from law enforcement and banks. The widespread practice enables terrorism, sex trafficking, corruption, and drug dealing by providing an outlet for dirty cash, according to transparency advocates.

Through an amendment to an unrelated major spending bill, Rubio will ask Treasury to study whether government regulators should force shell companies that buy homes priced at $300,000 or more in cash nationwide to disclose their owners. That could be a figure as high as 10 percent of the nation’s real-estate deals.

A similar reporting requirement affecting transactions priced at $1 million or more has already had a chilling effect on all-cash corporate sales in Miami-Dade County, which has been under Treasury’s microscope since 2016.

“Shell companies involved in shady activities are a big problem, especially throughout South Florida,” Rubio said in a statement to McClatchy and the Miami Herald. “With this provision, a study would be conducted to look at requiring all shell companies that make cash transactions, regardless of their area, to disclose their identities.”

The amendment builds on a previous Treasury disclosure order that applied only to certain markets, including South Florida.

That order — which forced shell companies buying homes with cash to reveal their true owners to the government — has been in place in some areas since March 2016 at various price points. Its effects were immediate and stunning. As soon as the order took hold, shell companies buying homes with cash dropped off the map, a recent study by academic economists found. In Miami-Dade, the number of corporate cash sales plummeted 95 percent, although a strong overall market suggests creative buyers found ways to circumvent the rules, researchers said.

Before the crackdown, corporate cash sales accounted for roughly a third of home-sale volume in Miami-Dade, which is popular with foreign investors.

The amendment has the support of the top Democrat on the Senate Finance Committee, Oregon’s Ron Wyden, as well as Rhode Island Democratic Sen. Sheldon Whitehouse. Both have tried to widen disclosure of true owners of shell companies, which can be listed in the names of lawyers, accountants, and other fronts. The lack of corporate transparency frustrates law-enforcement officials, who say it stymies their investigations.

A vote is expected on the overall bill as soon as this week, Rubio’s office said.

The powerful real-estate industry has fought attempts from the government to have it act as a watchdog against money laundering, as banks, precious-metals dealers, money-service businesses, and other financial institutions are required to do. Many Realtors and developers say their clients are simply wealthy buyers seeking privacy, not criminals.

But over the past two years, Treasury has moved with force into what had been a largely unregulated sector of the U.S. financial system. Starting in Miami-Dade County and Manhattan two years ago, Treasury’s Financial Crimes Enforcement Network (FinCEN) began requiring anonymous shell companies to disclose their true owners when they bought pricey homes with cash.

The temporary directives — called “geographic targeting orders” or GTOs — were later expanded to other housing markets in Florida, New York, Texas, California, and Hawaii where foreign and anonymous investors are gobbling up real estate and driving up prices. The rules require title agents to identify the owners of shell companies buying homes with cash and disclose their names to the federal government.

“The GTOs are working, and it’s time they were expanded. Laundering money through real estate isn’t new, but [what is new is] an effective approach to combat dirty money,” said Clark Gascoigne, deputy director of the Financial Accountability and Corporate Transparency (FACT) Coalition, a watchdog nonprofit.

Rubio’s proposal to take the project national, Gascoigne added, “sends a strong message that we’re serious about protecting the U.S. financial system, the real-estate market, and communities across the country.”

Stephen Hudak, a spokesman for FinCEN, declined to comment.

Cracking down

The Rubio amendment asks Treasury to consider expanding the FinCEN directive to include all cash real-estate transactions over $300,000 anywhere in the United States.

It would give Treasury 180 days to submit a study to Congress providing details about the data that has been collected by FinCEN since 2016 and how it is being used. The agency is also being asked to determine if it needs more authority to combat money laundering and whether expanding the targeting order would be of use. In addition, FinCEN is asked if a registry of company owners — something supported by a bipartisan cast of federal legislators — would help authorities fight money laundering, tax evasion, election fraud, and other illegal activities.

Read More

Previously, the FinCEN disclosure requirement kicked in for corporate cash sales that were priced at $3 million or higher in New York City, $1 million or higher in Miami-Dade, Broward, and Palm Beach, and at different price points in other states. In May, FinCEN enacted a new directive that secretly lowered the number to $300,000 in all GTO areas. Sources familiar with the agency’s thinking say the new order was kept confidential because regulators don’t want to give money launderers a road map for structuring their transactions to avoid reporting.

Rubio’s amendment would start at that lower price point, covering a major chunk of home sales nationwide. Last year, the median U.S. home sold for a price of $247,200, according to the National Association of Realtors.

A cash transaction is one in which there is no mortgage and the property is purchased outright. Cash doesn’t just mean stacks of greenbacks; it also includes such financial instruments as wire transfers, checks, and money orders. Unlike mortgages, cash deals don’t involve heavy scrutiny from banks, which can identify potential money laundering and file suspicious-activity reports to the feds.

The 2016 publication of the Panama Papers spotlighted how anonymous shell companies in faraway tax havens were used to camouflage property purchases in the United States by politicians, drug traffickers, and financial fraudsters. Housing analysts argue that the flow of anonymous money is driving up prices.

“There’s hardly a metropolitan area in the country that is not experiencing a real public-policy issue regarding affordable housing,” said Ned Murray, a housing expert and associate director of Florida International University’s Metropolitan Center. “The whole focus of the real-estate industry is on … supplying homes for wealthy investors that we don’t know much about. It really is a factor for prices and supply.”

Much of the world has responded to the threat of corruption in real estate by requiring greater ownership disclosure. The United States has done relatively less, although Rubio’s amendment could help close the gap.

Those operating in the shadows of the real-estate market certainly seem aware of the Treasury disclosure requirements — and are working to get around them.

Take Carmelo Urdaneta Aqui, who is the former legal counsel to the Venezuelan Ministry of Oil and Mining. He was recently among those charged in a federal $1.2 billion money-laundering case involving funds stolen from Venezuela’s state oil company.

When Urdaneta prepared to close on a brand-new, $5.3 million condo at the Porsche Design Tower in Sunny Isles Beach, he was informed by paperwork from the developer that “taking title [to the unit] under a company or trust may trigger FinCEN reporting requirements,” according to a federal indictment filed last week. He was worried enough about the disclosure that he discussed how to avoid it with a government informant.

Ultimately, Urdaneta set up a company in his wife’s name to do the deal, prosecutors allege.

001 Gil Dezer DS
Developer Gil Dezer’s company built the Porsche Design Tower in Sunny Isles Beach, where units sell for millions of dollars to wealthy out-of-towners.
David Santiago [email protected]

Dezer Development did not say why it alerts potential buyers that they might end up on Treasury’s radar.

“All language relating to legal requirements associated with closings was prepared by Dezer Development’s outside legal counsel,” a spokeswoman wrote in an email to the Herald on Monday.

The 60-story Porsche Design Tower is famous for a car elevator that allows owners to park in “sky garages” within their units. On Friday, federal prosecutors indicated that they would move to seize the unit.

Bad for brokers?

While overall home sales held steady even after the FinCEN rule went into place, the real-estate study found, luxury home prices were slightly softer in markets affected by the GTO.

That suggests that expanding the GTO could have a dampening effect on the nation’s real-estate market, said Jeff Morr, a luxury real-estate broker at Douglas Elliman and chairman of the Miami Master Brokers Forum, an industry group.

“Does it stop money laundering? Probably, yes,” Morr said. “Is it good for the real-estate market? Probably, no.”

But at least making the rule nationwide might take some of the heat off Miami, he said.

“It may make Florida less unattractive now that it’s everywhere,” Morr said. “We shouldn’t be treated differently than other areas.”

Real Estate Cycle_Edgewater (4).jpeg
The crane has become the unofficial city bird of Miami during the latest construction boom.
Miami Herald

That was exactly the sentiment of the Miami-Dade County Commission when the rule was first enacted in 2016. At the time, commissioners passed a symbolic resolution asking regulators to stop singling out Miami for special scrutiny. The industry still feels the same way.

Legitimate buyers need privacy, too, said Ron Shuffield, president and CEO of EWM Realty International.

“There are wealthy people who don’t want everyone to know that they live at the end of the block,” Shuffield said. “If someone is determined to launder money, they can pick anywhere in the country to do it, from the smallest city in the Midwest to Miami or New York City. It’s only fair that every area have to report. Otherwise, the rules could be scaring people away from certain markets.”