JBS, the Meat Processor Paid $11M in Ransom

Reuters: JBS USA, subsidiary of Brazilian firm JBS SA (JBSS3.SA), confirmed in a statement on Wednesday the company paid the equivalent of $11 million in ransom in response to a criminal hack against its operations.

The world’s largest meat producer canceled shifts at its U.S. and Canadian meat plants last week, after JBS said it was hit with a crippling cyberattack that threatened to disrupt food supply chains and inflate food prices.

***

“This was a very difficult decision to make for our company and for me personally,” JBS USA CEO Andre Nogueira said in a statement. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

The company said it paid the ransom to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.”

According to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, ransomware is a type of malware that shuts down a company’s computer infrastructure with hackers demanding payment to unlock the system.

Earlier this month, the FBI attributed the infiltration to Russia-based hackers.

JBS said it was in constant contact with federal officials, and while investigations are ongoing, “preliminary investigation results confirm that no company, customer or employee data was compromised.”

Texas JBS meatpacking plant rejects state effort to test ...

The company said it spends $200 million annually in IT services.

JBS is not the first company to recently pay ransom to cyber criminals based in Russia. JBS said its ability to resolve the issues resulting from the attack was “due to its cybersecurity protocols, redundant systems and encrypted backup servers.” Additionally, the company employs more than 850 IT professionals around the world. JBS maintained that no company, customer or employee data was compromised.

Bloomberg: 

It also halted slaughter operations across Australia and idled one of Canada’s largest beef plants. The FBI has attributed the incident to REvil, a hacking group that researchers say has links to Russia.

The global shutdowns upended agricultural markets and raised concerns about food security as hackers increasingly target critical infrastructure.Operations have returned to normal levels and the company expected lost production to be fully recovered by the end of this week.

In its latest statement, JBS said the vast majority of the company’s facilities were operational at the time of payment. It had made the decision to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated” in consultation with internal IT professionals and third-party cybersecurity experts.

JBS added it has maintained constant communications with government officials throughout the incident, and that third-party forensic investigations are still ongoing.

Dow Jones had earlier reported the ransom payment.

VP Harris Trip Results in Joint Task Force Alpha

Harris meets with Mexico's president, declares 'new era' - Los Angeles Times source

In part from USA Today: GUATEMALA CITY – Vice President Kamala Harris, during a trip to Guatemala, announced initiatives Monday to address corruption and human trafficking in Central America and urged people from the region not to come to the U.S.-Mexican border. Harris announced that a task force would be created to work with the Justice, Treasury and State Departments to investigate corruption in the region. U.S. officials will train law enforcement in Guatemala to conduct their own investigations.

Joint Task Force Alpha was established to enhance U.S. law enforcement efforts against human smuggling and trafficking groups in Mexico and the Northern Triangle countries of Guatemala, El Salvador and Honduras.

“I have personally worked on these cases in my career and can say that when we see some of the most vulnerable in our communities being taken advantage of, being sold for profit, being abused, it should be a priority for all of us who care about the human condition and humanity,” Harris said.

“Corruption really does sap the wealth of any country and in Central America is at a scale where it is a large percentage of GDP across the region,” said Ricardo Zuniga, the State Department’s special envoy for the Northern Triangle. “We see corruption as one of the most important root causes to be dealt with.”

Part of the strategy to slow the pace of migration is creating better living conditions and economic opportunities for people in the region through investment. Last month, Harris secured the commitment of 12 U.S. companies and organizations – including MasterCard, Microsoft and Chobani – to invest in Guatemala, Honduras and El Salvador.

US: Kamala Harris declares Mexico, Guatemala trip ′a success′ | News | DW |  09.06.2021

From the DOJ:

“Transnational human smuggling and trafficking networks pose a serious criminal threat,” said Attorney General Garland. “These networks profit from the exploitation of migrants and routinely expose them to violence, injury, and death. The joint efforts we are announcing today will combine investigative, prosecutorial, and capacity-building efforts of both the Departments of Justice and Homeland Security. Our focus will remain on disrupting and dismantling smuggling and trafficking networks that abuse, exploit, or endanger migrants, pose national security threats, and are involved in organized crime. Together, we will combat these threats where they originate and operate.”

In addition to the work of the Joint Task Force, Attorney General Garland directed the Office of Prosecutorial Development, Assistance, and Training (OPDAT) and the International Criminal Investigative Training Assistance Program (ICITAP), in coordination with the State Department, to enhance the assistance provided to counterparts in the Northern Triangle countries and Mexico to support their efforts to prosecute smuggling and trafficking networks in their own courts.

The Joint Task Force will consist of federal prosecutors from U.S. Attorney’s Offices along the Southwest Border (District of Arizona, Southern District of California, Southern District of Texas, and Western District of Texas), from the Criminal Division and the Civil Rights Division, along with law enforcement agents and analysts from DHS’s Immigration and Customs Enforcement and Customs and Border Patrol. The FBI and the Drug Enforcement Administration will also be part of the Task Force. And it will work closely with Operation Sentinel, a recently announced DHS operation focused on countering transnational criminal organizations affiliated with migrant smuggling.

 

The Under Reported Threat to the US of Smuggling Chinese

We have watched for years the chaos at the U.S. Southern border with Mexico. While there is has been a single focus on Latin Americans crossing into the United States, very little has been reported about the volume of Chinese. This should stimulate some critical thinking and questions.

Is this espionage, operatives or the building of a force for other reasons? In February of 2020, NBC News was asking some of the same questions.

A Chinese student walked around a perimeter fence at a U.S. naval base in Key West, taking pictures of government buildings. Stopped by police, he said he was trying to capture images of the sunrise.

aerial view of nas key west naval air station base truman ...

And nine days after that, two more Chinese students drove past a guard at the same naval base. When stopped by security 30 minutes later, they voluntarily displayed the videos and photos they had taken of the base.

The first Chinese student arrested at the naval base in Key West was Zhao Qianli, 20, who was taken into custody on Sept. 26, 2018.

Zhao entered the base by walking along the facility’s secure fence line and trudging through the beach, court documents say.

Zhao headed directly to the Joint Interagency Task Force South property, according to court records, where he took several photographs on his Motorola cellphone and his Canon EOS digital camera.

His devices contained photos and videos of sensitive equipment at the facility’s “antenna farm,” as well as images of warning signs that read “Military Installation” and “Restricted Area,” according to court documents.

Zhao initially told military police that he was “lost” and that he was a “dishwasher from New Jersey.” In later conversations with the FBI, Zhao said he traveled to Key West to “see the sights, such as the Hemingway House,” but there were no images of tourist attractions on his phone, according to his sentencing memo.

Zhao admitted to receiving military training as a university student in China and was found to have a “police blouse” and a People’s Republic of China Interior Ministry belt buckle at his hotel, the memo says.

 

In 2016, Newsweek in part reported:

Smuggling Chinese across the southern U.S. border appeals to traffickers because it is more lucrative than smuggling individuals from Mexico or Central America. A longer journey commands a steeper price and the going rate per person is believed to be somewhere between $50,000 and $70,000; the total value of the trade for the Chinese mafias involved has been estimated at $750 million.

The role of Chinese mafia groups (triads) in bringing migrants across the border has also deepened their exposure to and ties with Latin American narcotics cartels, both in human smuggling and beyond.

An “alliance between Chinese and Latin American smuggling rings” was noted as early as 1993, but today the scope of this “alliance” encompasses not just smuggling, but also other illicit activity including the sale of drug precursors from Asia and pirated materials.

In Mexico, contact between triads and cartels occurs in various regions, including those ruled by the ruthless Los Zetas syndicate and the Gulf and Juarez cartels, depending on what routes are used for migrants. Triad groups are believed to operate in the Mexican state of Chiapas and the Red Dragon triad, which operates in Peru, is involved not only in smuggling, but also in extortion and drug trafficking within Latin America. The wide-ranging activities of transnational organized crime groups generate additional law enforcement concerns beyond border security.

But it is important to look to the other side of our country, the area of the Bahamas and South Florida. A few islands in the Bahamas are now fully owned by China, one such island is Bird Cay. From Forbes in 2019 in part:

Quoting CaribbeanNews.com directly:

“China has set its sights on The Bahamas and has invested billions of dollars in building new infrastructure and industry across the country.

New roads, new businesses, new hotels, and booming Chinese immigration has led to many companies being staffed with more Chinese workers than local Bahamians.”

Plus, “Reports show that over 200,000 Chinese are illegally smuggled into the Caribbean every year to open their shops or work at Chinese businesses, with many sending their money back to China.”

However, the local government doesn’t see how it’s in a good position to do anything about it since Chinese state banks are simultaneously flooding the islands with tens of millions of dollars… even going so far as to finance new ports there.

Private Islands for sale - Bird Cay - Bahamas - Caribbean Bird Cay, owned now by China

Hold on, there is South Florida where those smuggled Chinese are making their way into the United States aboard some very expensive yachts.

The Miami Herald just last year told us:

Dozens of Chinese nationals without proper papers have been smuggled from the Bahamas to South Florida by operators of luxury yachts who are charging them thousands of dollars each for the short Atlantic journey, according to federal criminal cases.

In recent instances, the Coast Guard stopped two vessels approaching the South Florida shore, leading to the arrests of three men accused of transporting a total of 26 Chinese passengers and one Bahamian, court records show. The alien smuggling operations were not related, however.

Rocco Oppedisano, a 51-year-old Italian national, is scheduled for arraignment in Miami federal court Wednesday on charges of conspiring to transport aliens into the United States and bringing them here for financial gain. Oppedisano told a magistrate judge this week that properties he once owned in the Northeast have been sold along with his Mercedes-Benz, Porsche and Fiat vehicles to pay for legal costs over his immigration troubles.

Oppedisano was stopped by the Coast Guard on Dec. 2 while he was commandeering a 63-foot Sunseeker yacht named INXS FINALLY with 14 Chinese passengers and one Bahamian, according to an indictment. Among the passengers was a Chinese national, Ying Lian Li, who was deported last April but tried to re-enter the country.

It is unclear why these Chinese nationals — unlike Cubans and Haitians smuggled here in both go-fast and rickety boats in the past — sought to come to South Florida. But over the past five years, the Bahamas has experienced an influx of Chinese workers flocking to the archipelago as part of a push by China to invest in the country’s hotel, tourism and trade industries.

In the other alien smuggling case, a Coast Guard cutter encountered a 70-foot Hatteras yacht about 20 miles east of South Florida on July 23, when officers radioed the vessel to ask how many people were on board. The yacht’s response: two crew and eight Japanese passengers with passports, who did not need additional visas to enter the United States.

It was all a lie, according to a Homeland Security Investigations criminal affidavit.

About 10 miles east of Port Everglades, Coast Guard officers boarded the yacht and asked crew member Robert L. McNeil Jr. to bring all the passengers on deck. The officers counted 12 passengers with passports from the People’s Republic of China but without required visas to enter the United States, according to the HSI affidavit.

The Coast Guard concluded that none of the 12 Chinese nationals possessed documents that would allow them to enter the United States legally. McNeil, and the yacht’s charter captain, James A. Bradford, along with the 12 Chinese nationals were transferred to the Coast Guard cutter.

During questioning, Bradford said he left South Florida on the Hatteras yacht bearing the name CAREFREE on July 22 and arrived in Nassau, Bahamas, that day. He admitted that the purpose of the trip was to pick up a “tour group of aliens” in the Bahamas, transport them to South Florida and return to the Bahamas on July 26.

Bradford, who has been a charter captain for decades, said “he never checked to see if the passengers had proper documents to come to the U.S.,” according to the affidavit.

A search of the yacht uncovered 10 cellphones in the bridge area; none of the Chinese nationals had mobile phones on them.

“Based on my knowledge and experience in human smuggling cases, smugglers often collect cell phones from migrants until they are paid for delivering the migrants to the U.S.” wrote HSI special agent David Jansen, who added that none of the passengers carried any luggage.

The search also uncovered $118,100 hidden behind the wall paneling of the yacht’s master bedroom, the affidavit said. Investigators also seized more than $2,800 from McNeil.

Both Bradford and McNeil were indicted on charges of conspiring to transport aliens into the United States and bringing them here for financial gain. To resolve his case, McNeil pleaded guilty earlier this month to one count of alien smuggling to make a profit. He faces up to 10 years in prison.

The Hill says this is a disturbing trend.

Matt Cardy/Getty Images

While it’s unclear why these Chinese nationals sought to come to South Florida, the move is part of a larger five-year trend in the region. The Bahamas has seen a surge of Chinese workers as China invests in the archipelago’s hospitality and tourism industries. China’s presence in the Bahamas reportedly stems from a burgeoning relationship between the two countries, after China provided disaster relief in a bid to establish trade.

 

Have you Heard of the FBI’s Trojan Shield Program?

New court records detail how the FBI turned encrypted phone company ‘Anom’ into a honeypot for organized crime.

Vice: For years the FBI has secretly run an encrypted communications app used by organized crime in order to surreptitiously collect its users’ messages and monitor criminals’ activity on a massive scale, according to a newly unsealed court document. In all, the elaborate operation netted more than 20 million messages from over 11,800 devices used by suspected criminals.

The news signals a major coup for law enforcement: ordinarily, agencies either shut down or crack messages on an already established service, such as Phantom Secure or Encrochat, two similar encrypted messaging networks. But in this case, the FBI took control of a communications company called ‘Anom’ in its infancy and turned that into a wide reaching honeypot, with the suspected criminal users instead coming to them.

“The FBI opened a new covert investigation, Operation Trojan Shield, which centered on exploiting Anom by inserting it into criminal networks and working with international partners, including the Australian Federal Police (“AFP”), to monitor the communications,” the unsealed court record reads, referring to Anom, the app at the center of the investigation. Seamus Hughes, a researcher at George Washington University, shared the document with Motherboard.

Do you know anything else about Anom? Were you a user? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on [email protected], or email [email protected].

The AFP began going public with the contours of Anom Tuesday morning local time, and announced it had begun making arrests with data pulled from the honeypot.

In 2018, the FBI arrested Vincent Ramos, the CEO of Phantom Secure, which provided custom, privacy-focused devices to organized criminals. In the wake of that arrest, a confidential human source (CHS) who previously sold phones on behalf of Phantom and another firm called Sky Global, was developing their own encrypted communications product. This CHS then “offered this next generation device, named ‘Anom,’ to the FBI to use in ongoing and new investigations,” the court document reads. While criminals left Phantom, they flocked to other offerings. One of those was Anom; the FBI started what it called Operation Trojan Shield, in which it effectively operated a communications network targeted to criminals and intercepted messages running across it.

The FBI, AFP, and CHS built the Anom system in such a way that a master key silently attached itself to every message set through the app, enabling “law enforcement to decrypt and store the message as it is transmitted,” the document reads.

“A user of Anom is unaware of this capability,” it adds.

But first the FBI and their source needed to establish Anom as an option in the criminal underworld. As Motherboard showed in a years-long investigation, using sources around Phantom as well as FBI files, Phantom was particularly popular in Australia. The CHS introduced Anom to his already trusted distributors of mobile devices, who were in turn trusted by criminal organizations, the document reads. Three people in Australia who had previously distributed Phantom, “seeing a huge payday,” agreed to then sell these Anom devices, the document adds. With this, “the FBI aimed to grow the use of Anom organically through these networks,” it reads.

anom-site.png

A screenshot of the Anom site Motherboard took before Anom closed. Image: Motherboard.

Earlier on Monday before obtaining the court record, Motherboard reviewed Anom’s social media presence. The company’s Reddit account first announced the existence of the company two years ago, according to a since deleted but cached Reddit post that Motherboard found.

“Introducing Anom—a Ultra-Secure Mobile-Cell-Phone Messaging App for Android,” the announcement read. “Your Confidentiality, Assured. Software hardened against targeted surveillance and intrusion—Anom Secure. Keep Secrets Safe!”

Anom started to grow, with initially 50 devices distributed in Australia and the AFP able to monitor the phones. It was slow at first, but soon word of the new devices spread, with Anom gathering several hundred users a year later, the document continued.

A third country also got involved in the investigation, and provided the FBI with Anom user data three times a week.

“This data comprises the encrypted messages of all of the users of Anoms with a few exceptions (e.g., the messages of approximately 15 Anom users in the U.S. sent to any other Anom device are not reviewed by the FBI),” the document reads.

Anom had grown exponentially in size, stretching beyond its Australian beginnings to having over 10,000 devices in over 90 countries. Germany, the Netherlands, Spain, and Serbia were also popular, with over 300 distinct transnational criminal organizations (TCOs) using the devices, the document reads. When authorities closed down Sky, as Motherboard reported in March, Anom’s user base tripled.

The number of obtained messages totalled at over 20 million messages since October 2019. Messages include discussions around drug smuggling, corruption, and other high-level organized criminal activities. The document also includes direct quotes of messages from Anom users discussing cocaine shipments.

anom-message.png

A series of messages included in the court document. Image: Motherboard.

“There is 2kg put inside french diplomatic sealed envelopes out of Bogotta [sic],” one message reads referring to how the people are allegedly hiding shipments of cocaine.

“The Trojan Shield investigation has uncovered that Anom devices are used by TCOs to traffic drugs and launder the proceeds of those drug sales,” the document reads. “The distributors of these devices also obstruct justice by remotely wiping the content of devices when law enforcement seizes them. Additionally, the review of Anom messages has initiated numerous high-level public corruption cases in several countries. The most prominent distributors are currently being investigated by the FBI for participating in an enterprise which promotes international drug trafficking, money laundering, and obstruction of justice.”

anom-map.png

A screenshot of a map showing what the FBI says its Anom’s spread around the world. Image: Motherboard

Late Monday, the FBI said that it would be holding “a news conference announcing a massive worldwide takedown based on the San Diego FBI’s unprecedented investigation involving the interception of encrypted communications” on Tuesday.

The Phantom, Sky, and Encrochat operations showed that law enforcement may shutdown or even hack into encrypted phone companies. But the Anom case shows that law enforcement will also go one step further: they will run such a network themselves. A previous DEA operation involved something similar but on a much smaller scale with BlackBerry devices.

“A goal of the Trojan Shield investigation is to shake the confidence in this entire industry because the FBI is willing and able to enter this space and monitor messages,” the document reads.

US has Recovered Ransom Payment of the Colonial Pipeline Hack

Just last month, this site posted a detailed article about the fallout of DarkSide, the hackers of the Colonial Pipeline. In short, U.S. officials seized at least two servers.

Now there is more….like the ransom payment, not all of it, but $2.3 million in real dollars, remember it was paid in cryptocurrency. (Remember, money was paid out to all the dark actors of the DarkSide)

“In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account,” the DarkSide ransomware operation told its affiliates.

DarkSide: New targeted ransomware demands million dollar ...

****

(AP) — The Justice Department has recovered the majority of a multimillion-dollar ransom payment to hackers after a cyberattack that caused the operator of the nation’s largest fuel pipeline to halt its operations last month, officials said Monday.

The operation to recover the cryptocurrency from the Russia-based hacker group is believed to be the first of its kind, and reflects what U.S. officials say is an increasingly aggressive approach to deal with a ransomware threat that in the last month has targeted critical industries around the world.

“By going after an entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks,” Deputy Attorney General Lisa Monaco said at a news conference announcing the operation.

Georgia-based Colonial Pipeline, which supplies roughly half the fuel consumed on the East Coast, temporarily shut down its operations on May 7 after a gang of criminal hackers known as DarkSide broke into its computer system.

Colonial officials have said they took their pipeline system offline before the attack could spread to its operating system, and decided to pay a roughly $4.4 million ransom in an effort to bring itself back online as soon as it could.

The FBI generally discourages the payment of ransom, fearing it could encourage additional hacks.