The U.S. Department of Justice announced yesterday that disrupted a global network of computers compromised by the Russian government’s Federal Security Service of the Russian Federation (FSB). This network employs the Snake #malware to steal sensitive content from hundreds of computer systems in at least 50 countries.
The “disruption”, coded by the Federal Bureau of Investigation (FBI), employs a malware technique to destroy malware – effectively issuing commands into this network that caused the Snake malware to overwrite its own vital components. #Karma
The disruption of this malicious network was focused on US-based systems, but the FBI is working with local authorities around the world to assist victims outside the United States. Kudos to the diligent and elegant attack on this scourge, which has dismantled an active FSB operation for over two decades – all via a lawful, court-authorized process. #RuleOfLaw #StudyInContrast
Earlier this week, the U.S. Department of Justice announced the seizure of $112M USD linked to criminal scams known in the #crypto community as “pig butchering”. These scams are particularly odious, as they involve not just fraud but the long-term manipulation of victims prior to the fraud discovery. These incidents often go un-reported because of this dynamic.
The seizure warrants were issued in three states against #virtualcurrency accounts, used to launder the proceeds of a variety of #cryptocurrency scams. These seizures are quite welcome, but they represent a small percentage of the overall #investmentfraud reported in 2022 – estimated to exceed $3.3B USD in that year alone.
Kudos to the coordinated #lawenforcement efforts of the DoJ’s National Cryptocurrency Enforcement Team (NCET) and the Federal Bureau of Investigation (FBI) for this historic recovery effort.
International #lawenforcement have arrested two individuals, believed to be core members of the odious #DoppelPaymer crime gang. For those who can’t keep all of these gangs straight, this is the group that shut down the University Hospital in Düsseldorf, employing the equally odious #emotet #malware.
The DoppelPaymer group victimized dozens of companies over several years. The US-based victims alone were extorted out of nearly €40M.
Kudos to the diligent #digitalforensic and #lawenforcement collaboration required to perform the attribution and tracing efforts that led to these arrests. Among those involved were the German Regional Police, the Ukrainian National Police, Europol, the Dutch Police, and the United States Federal Bureau of Investigation (FBI).
With any luck, the materials seized during these raids will lead to even more arrests!
In yet another illustration of the fraud-is-fraud axiom, John DeMarr was sentenced to 5 years in prison and over $3.5M USD in forfeiture. DeMarr was convicted of conspiracy to commit securities fraud for his role in promoting scams masquerading as legitimate crypto companies.
Kudos to the Federal Bureau of Investigation, the IRS Criminal Investigation division, and the United States Attorneys’ Offices for investigating this case and securing a conviction.
This one is a bit more of a “landscape” commentary, as it involves the precedent of a U.K. court’s application of court rules directing six different exchanges to cooperate (i.e., cough up customer and transactional details) in a crypto-/cyber-fraud investigation. I say this is a landscape commentary, as it is yet another indicator that jurisdictions are adapting to address the scourge of crypto-related scams in an effort to provide relief to fraud victims.
Kudos to the U.K. court system for expanding its operating procedures to address this pronounced need.
These efforts are the culmination of a years-long investigation of a Brazilian national named Francisley Valdevino da Silva. Da Silva (a.k.a., the “cryptocurrency sheik”) is accused of running a #cryptocurrency #pyramidscheme that raised approximately $767 million. Da Silva’s alleged victims hail from over a dozen different countries.
While this was a fairly mundane scheme (at least in the context of 2017 ICOs, that is), it involved misrepresentations including claims that a prominent rapper was involved in the venture (ostensibly an entertainment streaming platform). The central scam alleged that user adoption would “surpass Netflix” over time.
As it turns out, the defendant merely converted the #ICO proceeds into his personal accounts, purchased a $1.5M USD house, a Ferrari for nearly $200k, and other lavish expenditures. As if this behavior wasn’t toxic enough, the defendant then went on to raise an additional $200k USD via a second ICO scam (ostensibly a cryptocurrency trading exchange), where he also pocketed the proceeds related to that venture.
The U.S. Department of Justice recently extradited the alleged operator of illegal cryptocurrency exchange #BTCe. This extradition is the culmination of over 5 years of litigation, and the 2017 indictment states that the BTC-e exchange ostensibly laundered over $4 billion (USD) in criminal proceeds.
Like other exchanges that have been sanctioned and/or shut down in recent years, BTC-e enabled users to anonymously trade bitcoin, allowing them to cash out proceeds from various #ransomware, #identitytheft, #drugtrafficking, and #taxrefund schemes. Defendant Alexander Vinnik, a Russian national, made his first appearance in federal court last week in San Francisco.
In addition to facing criminal charges, Vinnik also faces Dept of the Treasury/Financial Crimes Enforcement Network civil money penalties for: failing to have an #AML process or program; failing to register as a money services business with the U.S. Department of the Treasury, and failing to have a system for appropriate #KYC verification. The 2017 #FinCEN civil money penalty assessment was for $88.6M USD for BTC-e and $12M USD for Vinnik personally.
If you believe that you are a victim of the Baller Ape Club, EmpiresX, TBIS, and Circle Society schemes, please visit the DOJ website for details on how to submit your “Victim Impact Statement” (and thereby register as a victim).
The U.S. Department of Justice seized assets worth $500k USD from North Korean hackers targeting U.S.-based #healthcare organizations. The seized North Korean assets were either monies directly extorted from companies or monies used in laundering #ransomware payments.
In addition to the general #karma of this action, there was an object lesson about public-private sector collaborations as well. The prompt reporting by one healthcare victim allowed the Federal Bureau of Investigation (FBI) to identify a new strand of North Korean ransomware.
Of course, $500k is a pittance compared against the hundreds of millions of dollars stolen by North Korean cyber actors in recent years. Just the same, it’s important to trumpet the “wins” wherever we can find them.
Forensic Update 