Category Archives: Treasury

Russia is a Threat, China Aggression is Under-Reported

Posted on by

President Jimmy Carter gave away the Panama Canal which was officially transferred in 2000. Few know about the other canal project in Nicaragua, which is designed to be bigger and better. It was launched by a Chinese billionaire however, it appears the Chinese government is actually behind it.

Image result for china nicaragua canal

The whole matter is shrouded in secrecy while the Panama Canal is going through a huge expansion.

Image result for china militarize islands PBS

China has been creating islands in the South China Sea while other islands are a source of major dispute. China has been seen as militarizing the manufactured islands giving rise to concerns of major cargo and global shipping lanes. Could China be making a worldwide play to control commerce and sea transportation?

Chinese state firms have expressed an interest to develop land around the Panama Canal, the chief executive of the vital trade thoroughfare said, underlining China’s outward push into infrastructure via railways and ports around the world. China’s state firms have in recent years already chalked up investments in key logistics nodes, including Piraeus in Greece and Bandar Malaysia, a major development project that is set to be the terminal for a proposed high-speed rail link between Kuala Lumpur and Singapore. More here from Reuters.

So is there more to this under reported threat by China? Yes. For instance:

HONG KONG — When the United States Air Force wanted help making military robots more perceptive, it turned to a Boston-based artificial intelligence start-up called Neurala. But when Neurala needed money, it got little response from the American military.

So Neurala turned to China, landing an undisclosed sum from an investment firm backed by a state-run Chinese company.

Chinese firms have become significant investors in American start-ups working on cutting-edge technologies with potential military applications. The start-ups include companies that make rocket engines for spacecraft, sensors for autonomous navy ships, and printers that make flexible screens that could be used in fighter-plane cockpits. Many of the Chinese firms are owned by state-owned companies or have connections to Chinese leaders.

The deals are ringing alarm bells in Washington. According to a new white paper commissioned by the Department of Defense, Beijing is encouraging Chinese companies with close government ties to invest in American start-ups specializing in critical technologies like artificial intelligence and robots to advance China’s military capacity as well as its economy. More here from the New York Times.

Humm, need more? Both China and North Korea are known for hacking. China may have some obscure agreement with North Korea to hack selected global sites. As we know, North Korea is a threat as they are continuing to advance their missile program and super thrust rocket engines which are tied to their nuclear weapons program. China provides that communications, telecom and internet platform and servers for North Korea.

Image result for china hacking BBC

North Korea relies on China for Internet connectivity, partially due to longstanding ties between the two nations and partly because it has few options. North Korea borders just three countries: South Korea, with which it is still technically at war, Russia and China. The Chinese Internet is well developed and the Russian border is far from Pyongyang, the North Korean capital, making China a good choice. Going back to 2014, the U.S. State Department was well aware of all these conditions between China and North Korea, still no solution by the Obama administration.

***

Hackers associated with the Chinese government have repeatedly infiltrated the computer systems of U.S. airlines, technology companies and other contractors involved in the movement of U.S. troops and military equipment, a U.S. Senate panel has found.

Cybersecurity expert Dmitri Alperovitch, chief technology officer with the security firm Crowdstrike, said China had for years shown a keen interest in th the logistical patterns of the U.S. military.

The investigation focused on the U.S. military’s ability to seamlessly tap civilian air, shipping and other transportation assets for tasks including troop deployments and the timely arrival of supplies from food to ammunition to fuel. U.S. authorities charged five Chinese military officers, accusing them of hacking into American nuclear, metal and solar companies to steal trade secrets.

Last month, Community Health Systems (CYH.N), one of the largest U.S. hospital groups, said Chinese hackers had stolen Social Security numbers and other personal data from some 4.5 million patients.

*** North Korea has an elite and secret hacking unit as well known as Bureau 121. The Department of Defense submitted a report to Congress on Bureau 121 using asymmetric warfare. North Korea also has an additional cyber unit known as Office 91.

Office 91 is thought to be the headquarters of North Korea’s hacking operation although the bulk of the hackers and hacking and infiltration into networks is done from Unit 121, which operates out of North Korea and has satellite offices overseas, particularly in Chinese cities that are near the North Korean border. One such outpost is reportedly the Chilbosan Hotel in Shenyang, a major city about 150 miles from the border. A third operation, called Lab 110, participates in much the same work.

There are also several cyberunits under North Korea’s other arm of government, the Workers’ Party of Korea.

Unit 35 is responsible for training cyberagents and is understood to handle domestic cyberinvestigations and operations. Unit 204 takes part in online espionage and psychological warfare and Office 225 trains agents for missions in South Korea that can sometimes have a cyber component. More here from PCWorld.

*** China is well aware of North Korea activities, while China has and is becoming more aggressive globally. There is clearly collusion, yet what is the West and in particular the United States prepared to do in response remains unclear. However, China did approve 38 Trump trademarks. President Trump meets with Xi Jinping, maybe we will know more in April.

 

 

Trump Excluded Iraq From Travel Suspension, BUT….

Posted on by

I the original Executive Order Trump signed to suspend travel from a handful of countries, Iraq was included. When the Executive Order was legally challenged by several courts, yet another Executive Order was issued to excluded Iraq. This decision was made due to the increased security cooperation between the United States and Iraq. Okay so what is the problem? How about other Iraqis that already lied on immigration filings or committed crimes and lied? Fingerprints were the key after the kidnapping. Ever wonder who else is in Virginia? There are plenty….

President Trump should have taken several other preliminary steps prior to those Executive Orders including suspending the entire visa waiver program. But back to Iraq…. and the Al Mahdi Militia, which is still active and operations under variations of the name:

The Mahdi Army, also known as Jaysh al-Mahdi (JAM), was formed by Muqtada al-Sadr in June 2003 in response to the U.S. invasion of Iraq.  [3] [4] Muqtada al-Sadr is the son of Grand Ayatollah Mohammed Sadiq al-Sadr, who founded the prominent Sadrist Movement in the 1980s, a vehemently nationalist political movement popular among Iraq’s Shiite lower class. After Mohammed Sadiq al-Sadr was assassinated in 1999, presumably by the Hussein regime, Muqtada al-Sadr succeeded him as the leader of the Sadrists as well as one of the most powerful and respected Shiite clerics in Iraq. [5] [6] [7] Following the U.S. invasion in 2003, Sadr called upon the Sadrist to join his new militia, the Mahdi Army, with the goal of expelling the U.S. coalition from Iraq and establishing an Iraqi Shiite government. Some of the group’s initial three hundred fighters were recruited in Kuwait and Saudi Arabia and together with their Iraqi counterparts were sent to Hezbollah camps in Lebanon for training. [8] [9] More here.

*** Image result for mahdi army DailyMail

Department of Justice
U.S. Attorney’s Office
Eastern District of Virginia
FOR IMMEDIATE RELEASE
Tuesday, March 28, 2017

Iraqi Refugees Arrested and Charged with Immigration Fraud

ALEXANDRIA, Va. – Two Iraqi refugees living in Northern Virginia were arrested this morning and charged along with another individual with immigration fraud.

The defendants arrested this morning are Yousif Al Mashhandani (“Yousif”), 35, of Vienna, and Adil Hasan, 38, of Burke, who are full biological brothers. The third individual charged is Enas Ibrahim, 32, also of Burke, who is the wife of Hasan. Each are charged with attempting to obtain naturalization contrary to law. The defendants will have their initial appearance today in front of Magistrate Judge Ivan D. Davis at 2 p.m. at the federal courthouse in Alexandria.

According to the affidavit in support of the criminal complaint, on Nov. 1, 2004, a United States citizen, identified as R.H., was kidnapped in Iraq and held with other hostages for months in horrible conditions in an underground bunker. After a raid in 2005 freed the hostages, authorities detained Majid Al Mashhadani (“Majid”), who is a full biological brother of Yousif and Adil Hasan, and he admitted his complicity in the kidnapping of R.H.

According to the affidavit in support of the criminal complaint, Yousif was admitted into the United States as a refugee in 2008. In May 2013, Yousif resided in Vienna and applied for naturalization as a United States citizen. In connection with Yousif’s applications for citizenship, his fingerprints were taken. According to an FBI fingerprint specialist, analysis conducted in November 2013 determined that Yousif’s fingerprints match those found on a document at the underground bunker where forces rescued R.H. and others in Iraq in 2005.

According to the affidavit in support of the criminal complaint, Yousif, Hasan, and Ibrahim are lawful permanent residents and have applied to naturalize and become United States citizens. On various applications and forms throughout their respective immigration processes, each has provided and extensive list of family members and information of their respective family trees; however, none ever listed any reference to Majid.

According to the affidavit in support of the criminal complaint, on March 4, 2016, FBI agents interviewed Yousif, Hasan and Ibrahim. When FBI agents asked Yousif why he failed to include reference to Majid on the family tree form, Yousif said he omitted reference to Majid because, when he was a refugee, he was told by others applying for refugee status that he would not be allowed into the United States if any immediate family members had a criminal background. Hasan admitted to FBI agents that Majid was his brother, and Hasan and Ibrahim each admitted they discussed not including Majid’s name on their applications for refugee status because their connection to Majid might delay their ability to gain such status.

According to the affidavit in support of the criminal complaint, to justify his application for refugee status, Yousif reported that in 2006, while working as an anti-corruption investigator for the Iraqi Commission on Public Integrity in Iraq, he started receiving threats from a Shiite militia known as the “Al Mahdi Militia,” in order to coerce Yousif to drop a particular corruption investigation. Yousif said that in May 2006 Adil was kidnapped by the Al Mahdi Militia, and only released after Yousif arranged to drop the investigation in question and helped pay a large ransom. Yousif said that after Adil was released, he reopened the corruption investigation, only to flee to Jordon in October 2006 after his parents’ house was burned down.

According to the affidavit in support of the criminal complaint, to justify his application for refugee status, Hasan provided sworn testimony that, in 2006, he had been kidnapped and tortured by members of the Al Mahdi Army and held for nearly a month. Hasan said he was released upon the payment of a ransom of $20,000. In an interview by FBI agents in April 2016, Hasan said he was threatened in Iraq on two occasions, but made no mention of being kidnapped, held hostage, and tortured for nearly a month. In a subsequent interview in October 2016, FBI agents confronted Hasan about the discrepancy in his stories and Hasan admitted to making false statements and creating his persecution story.

Each defendant faces a maximum penalty of 10 years in prison if convicted. Actual sentences for federal crimes are typically less than the maximum penalties. A federal district court judge will determine any sentence after taking into account the U.S. Sentencing Guidelines and other statutory factors.

Dana J. Boente, Acting Deputy Attorney General and U.S. Attorney for the Eastern District of Virginia; Andrew W. Vale, Assistant Director in Charge of the FBI’s Washington Field Office; Patrick J. Lechleitner, Special Agent in Charge of U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI) Washington, D.C., made the announcement. The FBI’s Joint Terrorism Task Force, which includes ICE/HSI and U.S. Citizenship and Immigration Services, investigated the case. Assistant U.S. Attorneys Gordon D. Kromberg and Colleen E. Garcia are prosecuting the case.

 

A copy of this press release is located on the website of the U.S. Attorney’s Office for the Eastern District of Virginia. Related court documents and information is located on the website of the District Court for the Eastern District of Virginia or on PACER by searching for Case No. 1:17-mj-143.

A criminal complaint contains allegations that a defendant has committed a crime. Every defendant is presumed to be innocent until and unless proven guilty in court.

What you Should Know About “Las Moicas” and Why

Posted on by

Is there any reason why the Trump administration has not called for all drug cartels to be listed as terror organizations?

Ten Cartels are fighting for control of Guerrero with more brutality and violence

Subject Matter: Organized crime in Guerrero
Recommendation: No prior subject matter knowledge requiredGuerrero occupies the third place in terms of most poverty at 62% of the population and first place for homicides at 2884 in 2016 at the national level. It is the state most disputed among organized crime groups. There is a presence of 10 cartels, five of them top level. Its central zone has converted into a battlefield between two organizations Los Rojos and Los Ardillos and possibly others that authorities have not completely identified yet. The presence of 500 military and state police has not contained the disappearances and executions and the criminals come back each time more brutal.

In the last decade, Guerrero has converted in the land of cartels and death; the dispute between the Sinaloa cartel, CJNG, the Beltran Leyva Organization, the Knights Templar, La Familia Michoacana and no less than five local organizations have converted the state into the most violent with 18,000 executions since 2006, when the call to war against the narco was initiated.

In Guerrero, 12 of the 81 towns are considered neutral zones. The geographic location of Chilapa has converted it into a demarcation most fought over since 2012 by Los Ardillos and Los Rojos, and not only because it is an essential corridor for the transit of drugs, also its land is utilized for the growing of poppys, “that has just finished its first harvest of the year”, according to the Guerrero Coordination Group.

What has happened this year, in Chilapa, there have been 48 executions related to the war between Los Rojos and Los Ardillos, Rojos and a third group of civil organizations known as “Los Jefes” or “Gente Nueva”, different to the Gente Nueva of the Sinaloa cartel, only have a presence int he communities,  and with a population of 129,867 only has 500 soldiers and 100 Municipals to police it.

This last weekend was a violent one in the State with no less that 23 deaths, 10 of them in Chilapa, two women and three men were killed by gunfire in different events and five bodies were incinerated in the interior of a taxi.

At the Start of the month, on Tuesday the 7th, 6 dismembered bodies in a state of decomposition appeared inside 13 plastic bags. On Thursday the 9th, they found another five bodies charred inside a vehicle. The brutality with which they perpetrate the executions in the indigenous town, “is very strong” assured the Governor Hector Astudillo Flores.

The growing wave of violence in the town led to the implementation of Operation Chilapa, in January of 2016. One year after the security strategy was put in place, the Mayor Jesus Parra Garcia blamed social networks and media for “inventing facts that affect the image of the town”. With recent executions of PRI members he had to admit that the violence was aggravated during his administration.

These are times of crisis, of adversity, and are very complex. I have had to govern in the most difficult times for Chilapa, he told reporters.

Who are Los Rojos and Los Ardillos

In the period of 2012 – 2015, when the municipality was governed by PRI Francisco Javier Garcia Gonzalez, Los Rojos settled in Chilapa under the command of Zenen Nava Sanchez “El Chaparro”, alleged family of Jesus Nava Romero ” El Rojo”.

He was a Lieutenant of Arturo Beltran Leyva and who was slaughtered in June of 2013 in Puebla. During this administration, the population lived through the first mass kidnappings, huge extortion of transport and businesses and brutal executions.

Jesus Nava Romero dead in the street (Borderland Beat archive)

Los Ardillos, a gang that comes from the Quechultenango region, whose leaders Celso and Antonio Hernandez Ortega are brothers of ex PRD deputy Bernardo Ortega Jiminez, have extended into the regions of Chilapa, Zitlala, Tixtla, Totoloapan and Acapulco in only one year, 2014, during the transition of the governorships of Angel Aguirre Rivero and Rogelio Ortega Martinez bot of the PRD.

The battle for the central zone of Guerreo tainted at this moment Aguirre Rivero as well as Garcia Gonzalez and also the ex PRI Mario Moreno Arcos of Chilpancingo, and Ignacio Bacilio and Eduardo Nero all accused publicly of ties to Los Rojos.

In 2015, with the change of State Government and municipal, things had begun to escalate. The President of the organization Siempre Vivos, Jose Diaz Navarro, assured that a reduction in the violence would be felt because Zenen Nava, who in January of 2016 escaped after a two hour confrontation with the armed forces, had returned. According to the PGR, El Chaparro in one of the 13 priority objectives of Guerrero and Morelos.

In the last three years, Los Ardillos and Los Rojos, in their dispute for territory, have committed executions of extreme cruelty, torturing, decapitating, and incinerating corpses that were left in public places.

They have also been responsible for the disappearance of 130 persons, according to the Centre for Human Rights. The mass kidnappings in the towns of Zitlata and Chilapa, where the criminal groups kidnap the inhabitants, all in the presence of Military and State Police, denounce the ONG.

The confrontations between various cartels, as well as the kidnappings and executions against the inhabitants, have caused fear in Chilapa. Families prefer not to leave their houses aftern 7 at night , the schools are secured with padlocks and checkpoints that are reinforced.

Nevertheless, the organization Siempre Vivos considers that part of the violence that affects the towns of Tixtla and Zitlala, is a strategy of terror of the State and Federal Governments so that the population calls for the law of Homeland Security, that is pending for discussion at the Congress of the Union.

Totoloapan and the Tequileros

Located in the region of the Tierra Caliente, Totoloapan is, along with Ajuchitlan, Arcelio and Coyuca, the Municipality most threatened by Los Tequileros, a group that separated from La Famila Michoacana and since 2013 have occasioned the displacement of families from no less than 16 communities.

According to reports of the newspaper El Sur, Raibel Jacobo de Almonte, El Tequilero, was a plaza jefe for La Familia Michoacana. Once he had formed his own organization, he began controlling the San Miguel Totolapan and some rural populations in the border area of Rio Balsas. In 2016 his epower extended to populations of the municipalities of Ajuchitlan, Tlapehuala and Arcelia.

In the Tierra Caliente, six out of every ten homicides are attributed to Los Tequileros, who are also linked to a politician, PRI deputy Saul Beltran Orozco. Before the omission, complicity and participation of the local authorities, the local population had chosen to arm itself to the face this criminal organization.

The violence in Guerrero is generalized by the number of cartels that are disputing the third poorest State of the country, but also by the failed security strategy implemented by the Federal and State Governments, that while advising of “big changes” and advances in security the State remains the number one in the list for malicious homicides.  Translated by Otis B Fly-Wheel for Borderland Beat from a Sinembargo article

***
Not finished yet:
Image result for Las Moicas
Meet the Little-Known Mexican Cartel Operating in California

A little-known drug trafficking group in Mexico called “Las Moicas” has not only successfully defended its foothold in the US heroin market for years against Mexico‘s most powerful cartels, but recent reports suggest that it might be expanding.

In an interview with BBC Mundo published on March 15, a spokesperson for the US Drug Enforcement Administration (DEA) said that the Moicas had been expanding their territory in Mexico and that the little-known group had come into conflict with some of Mexico‘s biggest criminal organizations, including the Sinaloa Cartel and the Jalisco Cartel – New Generation (CJNG).

According to a July 2015 report from the DEA, eight major Mexican transnational criminal groups were known to be operating in the United States. Alongside prominent players like the Sinaloa Cartel and CJNG, appeared a trafficking organization called Las Moicas.

According to the report, the Moicas are based in the Mexican state of Michoacán and have ties to the Familia Michoacána, an organization largely displaced by its splinter group, the Knights Templar. Despite the decline of the Familia Michoacána after the death of its top leader in 2014, the Moicas group “remains a regional supplier in California and operate[s] on a smaller scale relative to other major Mexican” criminal organizations.

The Moicas’ first reported run-in with the DEA dates back to 2009, when US authorities seized 50 kilograms of heroin and $250,000 in cash, in addition to arresting several of the 21 suspects from the group later charged in connection with the seizure.

The DEA’s press release concerning the operation asserts that a total of 200 kilograms of heroin, with an estimated retail value of $17.5 million, were smuggled during the run. The group allegedly hid both drugs heading north and drug profits heading south “in elaborate vehicle engine compartments” that allowed them to cross the border undetected.

At the time, the Moicas operated solely in California, but the group has since reportedly expanded to Reno, Nevada, and it operates in some areas of California dominated by the Sinaloa Cartel, according to the DEA’s 2015 report.

As of March 2016, VICE News reported, Mexican authorities had no record of Las Moicas.

InSight Crime Analysis

Mexico’s criminal landscape has become increasingly fragmented as larger cartels continue to rely heavily on smaller groups for specialized criminal tasks and as the government continues to take down top leaders of major criminal organization. In an illustration of this dynamic, Mexican authorities stated that nine cartels — not including the Moicas — operated throughout the country as of July 2016, relying on a total of 37 criminal cells.

Within this context, it appears that the Moicas may have succeeded in quietly growing by maintaining a low profile, as suggested by the absence of official acknowledgement of the group by the Mexican government as well as the scant public information available about the organization. According to the DEA spokesperson contacted by BBC Mundo, the US anti-drug agency does not even know the composition of the Moicas’ hierarchy.

It is possible that the Moicas have followed the blueprint of earlier Mexican drug trafficking organizations, such as the Xalisco Boys who achieved a striking expansion across the United States in the 1990s by investing in the heroin market while maintaining a low profile.

And it is likely that the Moicas’ rise and reported expansion has been fueled by the booming US demand for heroin. The US consumption market for this particularly addictive drug is believed to have tripled over the past decade, boosted by over-prescription of legal opioid drugs and even allegedly criminal activity by executives of some companies in the US pharmaceutical industry.

Fired, Preet Bharara and $100 Million Dollars

Posted on by

With the approval of President Trump, Attorney General Jeff Sessions fired several attorneys general including the United States Attorney General for the Southern District of New York, Preet Bharara. In many instances, this may have been a prudent decision, however, Bharara did in fact perform some stellar legal work and credit must be offered where it is due.

This post is not so much about the Attorney General being fired as it is about the matter of hacking and phishing and costing two domestic internet tech companies $100 million dollars. These schemes are a very common daily event and few if any companies ever talk about it publically as they reveal cyber protection vulnerabilities and how employees are duped to the schemes. To be more clear, this is how Hillary Clinton’s campaign architect, John Podesta had his emails scooped up such that WikiLeaks got them, posted them for global access during the United States campaign and election cycle.

Further, to those out there that are angry with the FBI, this case in some fairness illustrates the work rank and file agents are tasked to investigate. When it comes to cyber/hacking cases, they are among the hardest to solve especially with international operatives.

Image result for preet bharara  BusinessInsider

Now enter Preet Bharara and the case he prosecuted against EVALDAS RIMASAUSKAS. The indictment is found here.

In an additional disclosure, Bharara is also being sued by a hedge-fund.

The summary of the case:

Department of Justice

U.S. Attorney’s Office

Southern District of New York

FOR IMMEDIATE RELEASE

 

Lithuanian Man Arrested For Theft Of Over $100 Million In Fraudulent Email Compromise Scheme Against Multinational Internet Companies

Joon H. Kim, the Acting United States Attorney for the Southern District of New York, and William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced criminal charges against EVALDAS RIMASAUSKAS for orchestrating a fraudulent business email compromise scheme that induced two U.S.-based internet companies (the “Victim Companies”) to wire a total of over $100 million to bank accounts controlled by RIMASAUSKAS. RIMASAUSKAS was arrested late last week by authorities in Lithuania on the basis of a provisional arrest warrant.  The case has been assigned to U.S. District George B. Daniels.

Acting U.S. Attorney Joon H. Kim said:  “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control. This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals. And this arrest should serve as a warning to all cyber criminals that we will work to track them down, wherever they are, to hold them accountable. The charges and arrest in this case were made possible thanks to the terrific work of the FBI and the cooperation of the victim companies and their financial institutions. We thank the companies and their banks for acting quickly, coming forward promptly, and cooperating with law enforcement; it led not only to the charges announced today, but also the recovery of much of the stolen funds.”

FBI Assistant Director William F. Sweeney Jr. said:  “As alleged, Evaldas Rimasauskas carried out a business email compromise scheme creatively targeting two very specific victim companies. He was initially successful, acquiring over $100 million in proceeds that he wired to various bank accounts worldwide. But his footprint would eventually lead investigators to the truth, and today we expose his lies. Criminals continue to commit a wide variety of crimes online, and significant cyber data breaches have had a negative impact across a variety of industries. The FBI will continue to work with our domestic and international partners to pursue criminals who engage in this type of activity, wherever they may be hiding.”

According to the allegations contained in the Indictment unsealed today[1]:

From at least in or around 2013 through in or about 2015, RIMASAUSKAS orchestrated a fraudulent scheme designed to deceive the Victim Companies, including a multinational technology company and a multinational online social media company, into wiring funds to bank accounts controlled by RIMASAUSKAS.  Specifically, RIMASAUSKAS registered and incorporated a company in Latvia (“Company-2”) which bore the same name as an Asian-based computer hardware manufacturer (“Company-1”), and opened, maintained, and controlled various accounts at banks located in Latvia and Cyprus in the name of Company-2.  Thereafter, fraudulent phishing emails were sent to employees and agents of the Victim Companies, which regularly conducted multimillion-dollar transactions with Company-1, directing that money the Victim Companies owed Company-1 for legitimate goods and services be sent to Company-2’s bank accounts in Latvia and Cyprus, which were controlled by RIMASAUSKAS.  These emails purported to be from employees and agents of Company-1, and were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents of Company-1, but in truth and in fact, were neither sent nor authorized by Company-1.  This scheme succeeded in deceiving the Victim Companies into complying with the fraudulent wiring instructions.

After the Victim Companies wired funds intended for Company-1 to Company-2’s bank accounts in Latvia and Cyprus, RIMASAUSKAS caused the stolen funds to be quickly wired into different bank accounts in various locations throughout the world, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.  RIMASAUSKAS also caused forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the Victim Companies, and which bore false corporate stamps embossed with the Victim Companies’ names, to be submitted to banks in support of the large volume of funds that were fraudulently transmitted via wire transfer.

Through these false and deceptive representations over the course of the scheme, RIMASAUSKAS, the defendant, caused the Victim Companies to transfer a total of over $100,000,000 in U.S. currency from the Victim Companies’ bank accounts to Company-2’s bank accounts.

*                *                *

RIMASAUSKAS, 48, of Vilnius, Lithuania, is charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft, which carries a mandatory minimum sentence of two years in prison.

The maximum potential sentences are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.

Mr. Kim praised the outstanding investigative work of the FBI, and thanked the Prosecutor General’s Office of the Republic of Lithuania, the Lithuanian Criminal Police Bureau, the Vilnius District Prosecutor’s Office and the Economic Crime Investigation Board of Vilnius County Police Headquarters for their assistance in the investigation and arrests, as well as the Department of Justice’s Office of International Affairs.

The case is being prosecuted by the Office’s Complex Frauds and Cybercrime Unit.  Assistant U.S. Attorney Eun Young Choi is in charge of the prosecution.  Assistant U.S. Attorney Edward Diskant is handling the forfeiture aspects of the prosecution.

The charges contained in the Indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

 

[1] As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.

About that Trump Server with Pings from Alfa Bank

Posted on by

A matter of note: Alfa Bank has FIFA as a customer. Under Loretta Lynch at DoJ, she prosecuted the FIFA fraud, Further, that pesky Trump dossier that was crafted by Christopher Steele is the same person that broke the case on FIFA. (Note the end of this press release).

Image result for alfa bank  Image result for alfa bank russia

Press Statement: Alfa Bank confirms it has sought help from U.S. authorities, and discloses new cyberattacks linked to Trump hoax  —

Alfa Bank, a privately owned Russian bank, confirmed today that it has contacted U.S. law enforcement authorities for assistance and offered U.S. agencies its complete co-operation in finding the people behind attempted cyberattacks on its servers that have made it appear falsely that it has been communicating with the Trump Organization.

Alfa Bank confirmed a story in Circa News that it had been subjected to three new attempted domain name server (DNS) cyberattacks of increasing intensity over the last few weeks. In the attacks, multiple DNS requests were made by unidentified individuals, mostly using U.S. server providers, to a Trump Organization server. The DNS requests were made to appear as if they originated from Alfa Bank. The DNS responses from the Trump server were then erroneously returned to Alfa Bank, activating Alfa Bank’s automated security systems on February 18 and again on March 11 and 13. Alfa Bank has engaged the U.S.-based cyber forensics firm Stroz Friedberg to investigate these new attacks.

Alfa Bank believes that these malicious attacks are designed to create the false impression that Alfa Bank has a secretive relationship with the Trump Organization. In fact, there is not and never has been such a relationship.

New February 2017 attack on Alfa Bank server

On February 18, 2017, Alfa Bank experienced suspicious cyber-activity from an unidentified third-party. Specifically, the unidentified third-party repeatedly sent suspicious DNS queries from servers in the U.S. to a Trump Organization server. The unidentified individuals made it look as though these queries originated from variants of MOSCow.ALFAintRa.nET. As a result, the DNS responses from the Trump server were returned incorrectly to Alfa Bank’s server, which triggered Alfa Bank’s automated security system.

Alfa Bank believes that unknown individuals — using an identified U.S.-based service provider — are behind this recent attack, and that they are attempting to trigger verification signals between Alfa Bank and a server associated with the Trump Organization.

It believes that someone or some group manufactured this deceit by «spoofing» or falsifying DNS lookups to create the impression of communication between Alfa Bank and the Trump Organization. However, Alfa Bank’s DNS servers neither send nor receive email. Instead, they react when contacted by unwanted and unsolicited messages by sending out DNS verification signals asking, in effect, who is the server contacting Alfa Bank.

An Alfa Bank spokesperson said:

“The cyberattacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ’Trump servers’.

«A simple analogy would be someone in the U.S. sending an empty envelope (in this case a DNS signal) to a Trump office (server) addressed to Trump, but on the back of the envelope the return address is Russia (Alfa Bank) instead of its own real address. The Trump office, recognizing there is nothing in the empty envelope to deal with, returns it as undelivered to Russia instead of to the U.S.-based sender. So, on cursory examination, Alfa Bank appears to have been receiving responses to queries it never actually sent.

«We have gone to the U.S. Justice Department and offered our complete co-operation to get to the bottom of this sham and fraud.»

Other indications of human intervention include the fact that the queries occurring in these logs included mixed uppercased and lowercased letters. The majority of DNS queries are machine based queries (for example, browsers and email clients), which would send lowercased queries to the DNS servers.

A few days after the February 18 DNS attack, Alfa Bank again started to receive inquiries from U.S. media outlets, including CNN, about allegations of cyber links with Donald Trump. No such link exists or, in fact, has ever existed between Alfa Bank and Mr. Trump or his organization.

An anonymous group has been trying for months to persuade news organizations to publish stories that such a link is real. Alfa Bank has asked reporters who have contacted it about the traffic to assist by letting the bank know if someone is trying to create the false impression that Alfa Bank has business or other dealings with Mr. Trump.

Two new confirmed March 2017 attacks on Alfa Bank server

On March 11 and 13, Alfa Bank was subjected to two new DNS attacks using similar methods. These attacks appear to have been orchestrated from multiple servers primarily in the U.S.

Between 02:00 and 07:00 (Moscow Time) on March 11 and at 21:00 on March 13, Alfa Bank experienced suspicious cyber activity from an unidentified third party or parties. The unidentified third parties or party repeatedly sent unusual DNS queries to a Trump server, the responses to which again ultimately triggered Alfa Bank’s automated security system.

Over a five-hour period on Saturday — and again on Monday — Alfa Bank received more than 1,340 DNS responses containing mail.trump-email.com.moscow.alfaintra.net.

These malicious and seemingly co-ordinated DNS attacks are coming from unidentified users using a variety of predominantly U.S. servers, including Google and Amazon web services. These IP service providers are inadvertently allowing their infrastructure to be used to attack Alfa Bank.

Alfa Bank suspects the unidentified parties are attempting to cover their tracks by using cloud services from these providers.

Given the frequency of the attacks and the variety of Internet service providers used in the attacks, Alfa Bank’s working hypothesis is that these new attacks are being launched from a botnet.

Possible third new attack In March 2017

Alfa Bank has now started to monitor all incoming messages to its servers containing the word «trump.» This monitoring has revealed that Alfa Bank also is receiving unsolicited marketing emails from «[email protected].» These incoming spam marketing emails also trigger Alfa Bank’s security system, which automatically sends multiple DNS verification requests back to the originating server — here, the Trump server — in order to ascertain the identity of the sender.

Alfa Bank does not know whether these marketing emails are legitimate, or whether a third-party is orchestrating the campaign in another attempt to create the false impression of inappropriate communications between Alfa Bank and the Trump Organization.

In response to media questions that started last September, Alfa Bank asked Mandiant, one of the world’s leading cyber experts, to investigate allegations suggested by an anonymous cyber group of a link between Alfa Bank and Trump, based on unverified DNS logs.

Mandiant completed its independent investigation late last year. After examining Alfa Bank’s system both remotely and on the ground in Moscow, and the unverified DNS data presented to the media by the anonymous cyber group, Mandiant concluded that there is no evidence of substantive contact, such as emails or financial links, between Alfa Bank and the Trump Campaign or the Trump Organization.

Mandiant investigated (1) the DNS data given to the media, which journalists had shared with independent DNS experts, and (2) Alfa Bank servers for any evidence of links.

Mandiant concluded:

DNS data — There is no information that indicates where the list (obtained by reporters) has come from. The list contains approximately 2,800 look ups of a Domain Name over a period of 90 days. The information is inconclusive and is not evidence of substantive contact or a direct email or financial link between Alfa Bank and the Trump Campaign or Organization.

Alfa Bank servers — Nothing we have or have found alters our view as described above that there is no evidence of substantive contact or a direct email or financial link between Alfa Bank and the Trump Campaign or Organization.

Mandiant’s working hypothesis is that the activity the reporters’ sources alleged last year was caused by an email marketing/spam campaign possibly targeted at Alfa Bank employees by a marketing server, which triggered security software.

Earlier this year, Alfa Bank launched another investigation to find out who was — and maybe still is — behind this elaborate hoax.

Access to other’s DNS data is highly privileged and is usually independently examined for academic purposes and cyber security research. Therefore, the examination and sharing of DNS data by the people involved in these fraudulent activities brings into question whether these data were acquired lawfully and whether it was ethical to misuse privileged access in order to manufacture a deceit.

Alfa Bank’s working hypothesis is that an individual — possibly well known in internet research circles — may have fed selected DNS data to an anonymous cyber group to ensure they reached a specific (and erroneous) conclusion. Alternatively, the cyber group may have been complicit in the deceit. In the most recent cases, unknown individuals demonstrably attempted to insert falsified records onto Alfa Bank’s computer systems designed to create the same impression.

An Alfa Bank spokesperson said: «The anonymous cyber group, which is led according to news accounts by ‘Tea Leaves,’ cannot produce evidence of a link because there never has been one. Alfa Bank believes that it is under attack and has pledged its complete cooperation to U.S. authorities to find out who is behind these malicious attacks and false stories.»

Founded in 1990, Alfa-Bank is a full-service bank operating in most sectors of the financial market, including retail and corporate lending, investment banking, leasing, factoring and trade finance.

According to its IFRS Consolidated Financial Statements as of 31 December 2016, the Alfa Banking Group, which comprises ABH Financial, Joint Stock Company Alfa-Bank as well as its subsidiary financial companies, had total assets of $38.2 bn, gross loans of $23.9 bn, and total equity of $5.7 bn. Net profit for 2016 amounted to $527 mln.

As of December 31, 2016 the Alfa Banking Group serves around 334,000 corporate and 14.3 mln retail customers, while the branch network consists of 733 offices across Russia and abroad, including a subsidiary bank in the Netherlands and financial subsidiaries in United Kingdom and Cyprus.

Alfa-Bank is an official European bank of the 2018 FIFA World Cup and the 2017 FIFA Confederations Cup. Since its foundation in 1990 Alfa-Bank has been known for supporting of large cultural events. With the assistance of Alfa-Bank a lot of world-famous foreign musicians visited Russia: Ray Charles, Elton John, Tina Turner, Bryan Adams, Eric Clapton, Sting, Robbie Williams, Whitney Houston, Paul McCartney, Mark Knopfler and others.

In 2011 the bank organized a 4D show of internationally acknowledged David Atkins on Moscow’s Vorobyovy Hills visited by over 800 000 spectators. In addition, Alfa-Bank is the organizer of the annual modern music and technology festival AlfaFuturePeople.