Category: Federal Bureau of Investigation

MIL-OSI Security: District Man Sentenced to 11.5 Years in Scheme to Steal Residential Real Estate Using Fraudulent Deeds

Source: US FBI

WASHINGTON – Jeffrey M. Young-Bey, 68, of the District of Columbia, was sentenced today to 138 months in prison for his role a scheme that stole residential real estate property in order to generate more than $850,000 in fraudulent loans, announced U.S. Attorney Jeanine Ferris Pirro.

Young-Bey was found guilty by a jury on Feb.12, 2024, on 12 federal charges: one count of conspiracy to commit mail fraud and bank fraud, two counts of bank fraud, two counts of mail fraud, two counts of money laundering, and five counts of aggravated identity theft. In addition to the term of incarceration, U.S. District Judge Colleen Kollar-Kotelly ordered five years of supervised release.

Joining in the announcement was FBI Assistant Director in Charge Steven J. Jensen of the Washington Field Office, which led the investigation.

According to the government’s evidence, beginning in November 2019, Young-Bey conspired to steal a residential townhome located in LeDroit Park in order to obtain mortgage financing against the stolen property.

Young-Bey identified a target property owned free and clear by an elderly homeowner. He then prepared a fraudulent property deed, including forged signatures of the true owners and used a fake notary stamp to make the deed appear legitimate.

Young-Bey filed the deed with the District of Columbia Recorder of Deeds, transferring the title from the true owners to a corporate entity. Young-Bey passed a check to the D.C. Recorder of Deeds to pay for the transfer taxes but put a stop payment order on the check before the D.C. government could cash the check. After causing the fake deed to be recorded with the D.C. Recorder of Deeds, he falsely told a mortgage services business that another individual had inherited the property and wanted to take a large loan against the value of the home.

Young-Bey created a fake rental lease and deceived the mortgage company into loaning one of his associates approximately $360,000 against the value of the home they did not own, which was split evenly between the two. Young-Bey used his half of the proceeds to buy a BMW 3-Series valued at approximately $23,000.

After succeeding on the first scam, Young-Bey executed a second fraudulent scheme on a Shephard Park property in the District, forging the names of the two owners, using the fake notary stamp, and recording the deed at the D.C. Recorder of Deeds Office. Young-Bey again put a stop payment order on the transfer tax check before it could be cashed. Young-Bey used the recorded deed to obtain a construction loan of more than $500,000 against the value of the house. Young-Bey took a portion of the loan and purchased a BMW 7-Series worth approximately $120,000. He promptly sold the home to a legitimate real estate company for an additional $42,000 in profit. The fraud was discovered when the real estate company began performing renovations on the home and the rightful owners were alerted to the construction and demolition by their neighbors.

This case was investigated by the FBI’s Washington Field Office with assistance from the Metropolitan Police Department. It was prosecuted by Assistant U.S. Attorneys Christopher R. Howland and Kevin L. Rosenberg of the Fraud, Public Corruption, and Civil Rights Section with the assistance of Paralegal Specialist Gina Torres. Valuable assistance was provided by Assistant U.S. Attorney Joshua S. Rothstein, who investigated and indicted the case, as well as former Assistant U.S. Attorney Virginia Cheatham, former Special Assistant U.S. Attorney Viviana Vasiu, and Paralegal Specialist Lisa Abbe, each of whom assisted in investigating the case. The prosecution team was also assisted by Tonya Jones from the Victim Witness Assistance Unit and Assistant U.S. Attorney Daniel Lenerz from the Appellate Section.

21cr661

MIL Security OSI –

July 23, 2025

MIL-OSI: YieldMax® ETFs Announces Distributions on HOOY, CONY, ULTY, AMDY, YMAG, and Others

Source: GlobeNewswire (MIL-OSI)

CHICAGO and MILWAUKEE and NEW YORK, July 23, 2025 (GLOBE NEWSWIRE) — YieldMax® today announced distributions for the YieldMax® Weekly Payers and Group C ETFs listed in the table below.

ETF Ticker¹	ETF Name	Distribution Frequency	Distribution per Share		Distribution Rate^2,⁴	30-Day SEC Yield³	ROC⁵	Ex-Date & Record Date	Payment Date
CHPY	YieldMax® Semiconductor Portfolio Option Income ETF	*Weekly*	$0.3723		35.54%	0.04%	100.00%	7/24/25	7/25/25
GPTY	YieldMax® AI & Tech Portfolio Option Income ETF	*Weekly*	$0.3219		35.36%	0.00%	100.00%	7/24/25	7/25/25
LFGY	YieldMax® Crypto Industry & Tech Portfolio Option Income ETF	*Weekly*	$0.4876		62.94%	0.00%	100.00%	7/24/25	7/25/25
QDTY	YieldMax® Nasdaq 100 0DTE Covered Call ETF	*Weekly*	$0.1944		22.64%	0.00%	86.12%	7/24/25	7/25/25
RDTY	YieldMax® R2000 0DTE Covered Call ETF	*Weekly*	$0.3901		44.01%	1.65%	100.00%	7/24/25	7/25/25
SDTY	YieldMax® S&P 500 0DTE Covered Call ETF	*Weekly*	$0.1607		18.44%	0.07%	42.60%	7/24/25	7/25/25
ULTY	YieldMax® Ultra Option Income Strategy ETF	*Weekly*	$0.1029		85.29%	0.00%	100.00%	7/24/25	7/25/25
YMAG	YieldMax® Magnificent 7 Fund of Option Income ETFs	*Weekly*	$0.2033		68.60%	63.17%	42.42%	7/24/25	7/25/25
YMAX	YieldMax® Universe Fund of Option Income ETFs	*Weekly*	$0.1838		68.48%	82.40%	6.23%	7/24/25	7/25/25
ABNY	YieldMax® ABNB Option Income Strategy ETF	Every 4 weeks	$0.3748		40.32%	2.85%	0.00%	7/24/25	7/25/25
AMDY	YieldMax® AMD Option Income Strategy ETF	Every 4 weeks	$0.5656		85.13%	2.82%	0.00%	7/24/25	7/25/25
CONY	YieldMax® COIN Option Income Strategy ETF	Every 4 weeks	$0.7951		103.37%	2.93%	0.00%	7/24/25	7/25/25
CVNY	YieldMax® CVNA Option Income Strategy ETF	Every 4 weeks	$2.0473		61.43%	2.71%	97.34%	7/24/25	7/25/25
DRAY*	YieldMax® DKNG Option Income Strategy ETF	Every 4 weeks		–	–	–	–	–	–
FIAT	YieldMax® Short COIN Option Income Strategy ETF	Every 4 weeks	$0.1381		60.28%	4.73%	93.10%	7/24/25	7/25/25
HOOY	YieldMax® HOOD Option Income Strategy ETF	Every 4 weeks	$6.8981		121.23%	1.43%	100.00%	7/24/25	7/25/25
MSFO	YieldMax® MSFT Option Income Strategy ETF	Every 4 weeks	$0.4139		29.80%	2.97%	0.00%	7/24/25	7/25/25
NFLY	YieldMax® NFLX Option Income Strategy ETF	Every 4 weeks	$0.4350		32.40%	2.80%	0.00%	7/24/25	7/25/25
PYPY	YieldMax® PYPL Option Income Strategy ETF	Every 4 weeks	$0.2731		27.61%	3.48%	0.00%	7/24/25	7/25/25
Weekly Payers & Group D ETFs scheduled for next week: CHPY GPTY LFGY QDTY RDTY SDTY ULTY YMAG YMAX AIYY AMZY APLY DISO MSTY SMCY WNTR XYZY YQQQ

Standardized Performance and Fund details can be obtained by clicking the ETF Ticker in the table above or by visiting us at www.yieldmaxetfs.com

Performance data quoted represents past performance and is no guarantee of future results. Investment return and principal value of an investment will fluctuate so that an investor’s shares, when sold or redeemed, may be worth more or less than their original cost and current performance may be lower or higher than the performance quoted above. Performance current to the most recent month-end can be obtained by calling (866) 864 3968.

Note: DIPS, FIAT, CRSH, YQQQ and WNTR are hereinafter referred to as the “Short ETFs.”

Distributions are not guaranteed. The Distribution Rate and 30-Day SEC Yield are not indicative of future distributions, if any, on the ETFs. In particular, future distributions on any ETF may differ significantly from its Distribution Rate or 30-Day SEC Yield. You are not guaranteed a distribution under the ETFs. Distributions for the ETFs (if any) are variable and may vary significantly from period to period and may be zero. Accordingly, the Distribution Rate and 30-Day SEC Yield will change over time, and such change may be significant.

Investors in the Funds will not have rights to receive dividends or other distributions with respect to the underlying reference asset(s).

*The inception date for DRAY is July 14, 2025

¹All YieldMax® ETFs shown in the table above (except YMAX, YMAG, FEAT, FIVY and ULTY) have a gross expense ratio of 0.99%. YMAX, FEAT have a Management Fee of 0.29% and Acquired Fund Fees and Expenses of 0.99% for a gross expense ratio of 1.28%. YMAG has a management fee of 0.29% and Acquired Fund Fees and Expenses of 0.83% for a gross expense ratio of 1.12%. FIVY has a Management Fee of 0.29% and Acquired Fund Fees and Expenses of 0.59% for a gross expense ratio of 0.88%. “Acquired Fund Fees and Expenses” are indirect fees and expenses that the Fund incurs from investing in the shares of other investment companies, namely other YieldMax® ETFs. ULTY has a gross expense ratio of 1.40%, and a net expense ratio after the fee waiver of 1.30%. The Advisor has agreed to a fee waiver of 0.10% through at least February 28, 2026.

²The Distribution Rate shown is as of close on July 22, 2025. The Distribution Rate is the annual distribution rate an investor would receive if the most recent distribution, which includes option income, remained the same going forward. The Distribution Rate is calculated by annualizing an ETF’s Distribution per Share and dividing such annualized amount by the ETF’s most recent NAV. The Distribution Rate represents a single distribution from the ETF and does not represent its total return. Distributions may also include a combination of ordinary dividends, capital gain, and return of investor capital, which may decrease an ETF’s NAV and trading price over time. As a result, an investor may suffer significant losses to their investment. These Distribution Rates may be caused by unusually favorable market conditions and may not be sustainable. Such conditions may not continue to exist and there should be no expectation that this performance may be repeated in the future.

³ The 30-Day SEC Yield represents net investment income, which excludes option income, earned by such ETF over the 30-Day period ended June 30, 2025, expressed as an annual percentage rate based on such ETF’s share price at the end of the 30-Day period.

⁴ Each ETF’s strategy (except those of the Short ETFs) will cap potential gains if its reference asset’s shares increase in value, yet subjects an investor to all potential losses if the reference asset’s shares decrease in value. Such potential losses may not be offset by income received by the ETF. Each Short ETF’s strategy will cap potential gains if its reference asset decreases in value, yet subjects an investor to all potential losses if the reference asset increases in value. Such potential losses may not be offset by income received by the ETF.

⁵ROC refers to Return of Capital. The ROC percentage indicates how much the distribution reflects an investor’s initial investment. The figures shown for each Fund in the table above are estimates and may later be determined to be taxable net investment income, short-term gains, long-term gains (to the extent permitted by law), or return of capital. Actual amounts and sources for tax reporting will depend upon the Fund’s investment activities during the remainder of the fiscal year and may be subject to changes based on tax regulations. Your broker will send you a Form 1099-DIV for the calendar year to tell you how to report these distributions for federal income tax purposes.

Each Fund has a limited operating history and while each Fund’s objective is to provide current income, there is no guarantee the Fund will make a distribution. Distributions are likely to vary greatly in amount.

Important Information

This material must be preceded or accompanied by the prospectus. For all prospectuses, click here.

Tidal Financial Group is the adviser for all YieldMax® ETFs.

THE FUND, TRUST, AND ADVISER ARE NOT AFFILIATED WITH ANY UNDERLYING REFERENCE ASSET.

Risk Disclosures (applicable to all YieldMax ETFs referenced above, except the Short ETFs)

YMAX, YMAG, FEAT and FIVY generally invest in other YieldMax® ETFs. As such, these Funds are subject to the risks listed in this section, which apply to all the YieldMax® ETFs they may hold from time to time.

Investing involves risk. Principal loss is possible.

Referenced Index Risk. The Fund invests in options contracts that are based on the value of the Index (or the Index ETFs). This subjects the Fund to certain of the same risks as if it owned shares of companies that comprised the Index or an ETF that tracks the Index, even though it does not.

Indirect Investment Risk. The Index is not affiliated with the Trust, the Fund, the Adviser, or their respective affiliates and is not involved with this offering in any way. Investors in the Fund will not have the right to receive dividends or other distributions or any other rights with respect to the companies that comprise the Index but will be subject to declines in the performance of the Index.

Russell 2000 Index Risks. The Index, which consists of small-cap U.S. companies, is particularly susceptible to economic changes, as these firms often have less financial resilience than larger companies. Market volatility can disproportionately affect these smaller businesses, leading to significant price swings. Additionally, these companies are often more exposed to specific industry risks and have less diverse revenue streams. They can also be more vulnerable to changes in domestic regulatory or policy environments.

Call Writing Strategy Risk. The path dependency (i.e., the continued use) of the Fund’s call writing strategy will impact the extent that the Fund participates in the positive price returns of the underlying reference asset and, in turn, the Fund’s returns, both during the term of the sold call options and over longer periods.

Counterparty Risk. The Fund is subject to counterparty risk by virtue of its investments in options contracts. Transactions in some types of derivatives, including options, are required to be centrally cleared (“cleared derivatives”). In a transaction involving cleared derivatives, the Fund’s counterparty is a clearing house rather than a bank or broker. Since the Fund is not a member of clearing houses and only members of a clearing house (“clearing members”) can participate directly in the clearing house, the Fund will hold cleared derivatives through accounts at clearing members.

Derivatives Risk. Derivatives are financial instruments that derive value from the underlying reference asset or assets, such as stocks, bonds, or funds (including ETFs), interest rates or indexes. The Fund’s investments in derivatives may pose risks in addition to, and greater than, those associated with directly investing in securities or other ordinary investments, including risk related to the market, imperfect correlation with underlying investments or the Fund’s other portfolio holdings, higher price volatility, lack of availability, counterparty risk, liquidity, valuation and legal restrictions.

Options Contracts. The use of options contracts involves investment strategies and risks different from those associated with ordinary portfolio securities transactions. The prices of options are volatile and are influenced by, among other things, actual and anticipated changes in the value of the underlying instrument, including the anticipated volatility, which are affected by fiscal and monetary policies and by national and international political, changes in the actual or implied volatility or the reference asset, the time remaining until the expiration of the option contract and economic events.

Distribution Risk. As part of the Fund’s investment objective, the Fund seeks to provide current income. There is no assurance that the Fund will make a distribution in any given period. If the Fund does make distributions, the amounts of such distributions will likely vary greatly from one distribution to the next.

High Portfolio Turnover Risk. The Fund may actively and frequently trade all or a significant portion of the Fund’s holdings. A high portfolio turnover rate increases transaction costs, which may increase the Fund’s expenses.

Liquidity Risk. Some securities held by the Fund, including options contracts, may be difficult to sell or be illiquid, particularly during times of market turmoil.

Non-Diversification Risk. Because the Fund is “non-diversified,” it may invest a greater percentage of its assets in the securities of a single issuer or a smaller number of issuers than if it was a diversified fund.

New Fund Risk. The Fund is a recently organized management investment company with no operating history. As a result, prospective investors do not have a track record or history on which to base their investment decisions.

Price Participation Risk. The Fund employs an investment strategy that includes the sale of call option contracts, which limits the degree to which the Fund will participate in increases in value experienced by the underlying reference asset over the Call Period.

Single Issuer Risk. Issuer-specific attributes may cause an investment in the Fund to be more volatile than a traditional pooled investment which diversifies risk or the market generally. The value of the Fund, which focuses on an individual security (ARKK, TSLA, AAPL, NVDA, AMZN, META, GOOGL, NFLX, COIN, MSFT, DIS, XOM, JPM, AMD, PYPL, SQ, MRNA, AI, MSTR, Bitcoin ETP, GDX®, SNOW, ABNB, BABA, TSM, SMCI, PLTR, MARA, CVNA, HOOD, BRK.B, DKNG), may be more volatile than a traditional pooled investment or the market as a whole and may perform differently from the value of a traditional pooled investment or the market as a whole.

Inflation Risk. Inflation risk is the risk that the value of assets or income from investments will be less in the future as inflation decreases the value of money. As inflation increases, the present value of the Fund’s assets and distributions, if any, may decline.

Indirect Investment Risk. The Index is not affiliated with the Trust, the Fund, the Adviser, or their respective affiliates and is not involved with this offering in any way.

Risk Disclosures (applicable only to GPTY)

Artificial Intelligence Risk. Issuers engaged in artificial intelligence typically have high research and capital expenditures and, as a result, their profitability can vary widely, if they are profitable at all. The space in which they are engaged is highly competitive and issuers’ products and services may become obsolete very quickly. These companies are heavily dependent on intellectual property rights and may be adversely affected by loss or impairment of those rights. The issuers are also subject to legal, regulatory, and political changes that may have a large impact on their profitability. A failure in an issuer’s product or even questions about the safety of the product could be devastating to the issuer, especially if it is the marquee product of the issuer. It can be difficult to accurately capture what qualifies as an artificial intelligence company.

Technology Sector Risk. The Fund will invest substantially in companies in the information technology sector, and therefore the performance of the Fund could be negatively impacted by events affecting this sector. Market or economic factors impacting technology companies and companies that rely heavily on technological advances could have a significant effect on the value of the Fund’s investments. The value of stocks of information technology companies and companies that rely heavily on technology is particularly vulnerable to rapid changes in technology product cycles, rapid product obsolescence, government regulation and competition, both domestically and internationally, including competition from foreign competitors with lower production costs. Stocks of information technology companies and companies that rely heavily on technology, especially those of smaller, less-seasoned companies, tend to be more volatile than the overall market. Information technology companies are heavily dependent on patent and intellectual property rights, the loss or impairment of which may adversely affect profitability.

Risk Disclosure (applicable only to MARO)

Digital Assets Risk: The Fund does not invest directly in Bitcoin or any other digital assets. The Fund does not invest directly in derivatives that track the performance of Bitcoin or any other digital assets. The Fund does not invest in or seek direct exposure to the current “spot” or cash price of Bitcoin. Investors seeking direct exposure to the price of Bitcoin should consider an investment other than the Fund. Digital assets like Bitcoin, designed as mediums of exchange, are still an emerging asset class. They operate independently of any central authority or government backing and are subject to regulatory changes and extreme price volatility.

Risk Disclosures (applicable only to BABO and TSMY)

Currency Risk: Indirect exposure to foreign currencies subjects the Fund to the risk that currencies will decline in value relative to the U.S. dollar. Currency rates in foreign countries may fluctuate significantly over short periods of time for a number of reasons, including changes in interest rates and the imposition of currency controls or other political developments in the U.S. or abroad.

Depositary Receipts Risk: The securities underlying BABO and TSMY are American Depositary Receipts (“ADRs”). Investment in ADRs may be less liquid than the underlying shares in their primary trading market.

Foreign Market and Trading Risk: The trading markets for many foreign securities are not as active as U.S. markets and may have less governmental regulation and oversight.

Foreign Securities Risk: Investments in securities of non-U.S. issuers involve certain risks that may not be present with investments in securities of U.S. issuers, such as risk of loss due to foreign currency fluctuations or to political or economic instability, as well as varying regulatory requirements applicable to investments in non-U.S. issuers. There may be less information publicly available about a non-U.S. issuer than a U.S. issuer. Non-U.S. issuers may also be subject to different regulatory, accounting, auditing, financial reporting, and investor protection standards than U.S. issuers.

Risk Disclosures (applicable only to GDXY)

Risk of Investing in Foreign Securities. The Fund is exposed indirectly to the securities of foreign issuers selected by GDX®’s investment adviser, which subjects the Fund to the risks associated with such companies. Investments in the securities of foreign issuers involve risks beyond those associated with investments in U.S. securities.

Risk of Investing in Gold and Silver Mining Companies. The Fund is exposed indirectly to gold and silver mining companies selected by GDX®’s investment adviser, which subjects the Fund to the risks associated with such companies.

The Fund invests in options contracts based on the value of the VanEck Gold Miners ETF (GDX®), which subjects the Fund to some of the same risks as if it owned GDX®, as well as the risks associated with Canadian, Australian and Emerging Market Issuers, and Small-and Medium-Capitalization companies.

Risk Disclosures (applicable only to YBIT)

YBIT does not invest directly in Bitcoin or any other digital assets. YBIT does not invest directly in derivatives that track the performance of Bitcoin or any other digital assets. YBIT does not invest in or seek direct exposure to the current “spot” or cash price of Bitcoin. Investors seeking direct exposure to the price of Bitcoin should consider an investment other than YBIT.

Bitcoin Investment Risk: The Fund’s indirect investment in Bitcoin, through holdings in one or more Underlying ETPs, exposes it to the unique risks of this emerging innovation. Bitcoin’s price is highly volatile, and its market is influenced by the changing Bitcoin network, fluctuating acceptance levels, and unpredictable usage trends.

Digital Assets Risk: Digital assets like Bitcoin, designed as mediums of exchange, are still an emerging asset class. They operate independently of any central authority or government backing and are subject to regulatory changes and extreme price volatility. Potentially No 1940 Act Protections. As of the date of this Prospectus, there is only a single eligible Underlying ETP, and it is an investment company subject to the 1940 Act.

Bitcoin ETP Risk: The Fund invests in options contracts that are based on the value of the Bitcoin ETP. This subjects the Fund to certain of the same risks as if it owned shares of the Bitcoin ETP, even though it does not. Bitcoin ETPs are subject, but not limited, to significant risk and heightened volatility. An investor in a Bitcoin ETP may lose their entire investment. Bitcoin ETPs are not suitable for all investors. In addition, not all Bitcoin ETPs are registered under the Investment Company Act of 1940. Those Bitcoin ETPs that are not registered under such statute are therefore not subject to the same regulations as exchange traded products that are so registered.

Risk Disclosures (applicable only to the Short ETFs)

Investing involves risk. Principal loss is possible.

Price Appreciation Risk. As part of the Fund’s synthetic covered put strategy, the Fund purchases and sells call and put option contracts that are based on the value of the underlying reference asset. This strategy subjects the Fund to certain of the same risks as if it shorted the underlying reference asset, even though it does not. By virtue of the Fund’s indirect inverse exposure to changes in the value of the underlying reference asset, the Fund is subject to the risk that the value of the underlying reference asset increases. If the value of the underlying reference asset increases, the Fund will likely lose value and, as a result, the Fund may suffer significant losses.

Put Writing Strategy Risk. The path dependency (i.e., the continued use) of the Fund’s put writing (selling) strategy will impact the extent that the Fund participates in decreases in the value of the underlying reference asset and, in turn, the Fund’s returns, both during the term of the sold put options and over longer periods.

Purchased OTM Call Options Risk. The Fund’s strategy is subject to potential losses if the underlying reference asset increases in value, which may not be offset by the purchase of out-of-the-money (OTM) call options. The Fund purchases OTM calls to seek to manage (cap) the Fund’s potential losses from the Fund’s short exposure to the underlying reference asset if it appreciates significantly in value. However, the OTM call options will cap the Fund’s losses only to the extent that the value of the underlying reference asset increases to a level that is at or above the strike level of the purchased OTM call options. Any increase in the value of the underlying reference asset to a level that is below the strike level of the purchased OTM call options will result in a corresponding loss for the Fund. For example, if the OTM call options have a strike level that is approximately 100% above the then-current value of the underlying reference asset at the time of the call option purchase, and the value of the underlying reference asset increases by at least 100% during the term of the purchased OTM call options, the Fund will lose all its value. Since the Fund bears the costs of purchasing the OTM calls, such costs will decrease the Fund’s value and/or any income otherwise generated by the Fund’s investment strategy.

Options Contracts. The use of options contracts involves investment strategies and risks different from those associated with ordinary portfolio securities transactions. The prices of options are volatile and are influenced by, among other things, actual and anticipated changes in the value of the underlying reference asset, including the anticipated volatility, which are affected by fiscal and monetary policies and by national and international political, changes in the actual or implied volatility or the reference asset, the time remaining until the expiration of the option contract and economic events.

High Portfolio Turnover Risk. The Fund may actively and frequently trade all or a significant portion of the Fund’s holdings.

Liquidity Risk. Some securities held by the Fund, including options contracts, may be difficult to sell or be illiquid, particularly during times of market turmoil.

Price Participation Risk. The Fund employs an investment strategy that includes the sale of put option contracts, which limits the degree to which the Fund will participate in decreases in value experienced by the underlying reference asset over the Put Period.

Single Issuer Risk. Issuer-specific attributes may cause an investment in the Fund to be more volatile than a traditional pooled investment which diversifies risk or the market generally. The value of the Fund, for any Fund that focuses on an individual security (e.g., TSLA, COIN, NVDA, MSTR), may be more volatile than a traditional pooled investment or the market as a whole and may perform differently from the value of a traditional pooled investment or the market as a whole. Inflation Risk. Inflation risk is the risk that the value of assets or income from investments will be less in the future as inflation decreases the value of money. As inflation increases, the present value of the Fund’s assets and distributions, if any, may decline.

Risk Disclosures (applicable only to CHPY)

Semiconductor Industry Risk. Semiconductor companies may face intense competition, both domestically and internationally, and such competition may have an adverse effect on their profit margins. Semiconductor companies may have limited product lines, markets, financial resources or personnel. Semiconductor companies’ supply chain and operations are dependent on the availability of materials that meet exacting standards and the use of third parties to provide components and services.

The products of semiconductor companies may face obsolescence due to rapid technological developments and frequent new product introduction, unpredictable changes in growth rates and competition for the services of qualified personnel. Capital equipment expenditures could be substantial, and equipment generally suffers from rapid obsolescence. Companies in the semiconductor industry are heavily dependent on patent and intellectual property rights. The loss or impairment of these rights would adversely affect the profitability of these companies.

Risk Disclosures (applicable only to YQQQ)

Index Overview. The Nasdaq 100 Index is a benchmark index that includes 100 of the largest non-financial companies listed on the Nasdaq Stock Market, based on market capitalization.

Index Level Appreciation Risk. As part of the Fund’s synthetic covered put strategy, the Fund purchases and sells call and put option contracts that are based on the Index level. This strategy subjects the Fund to certain of the same risks as if it shorted the Index, even though it does not. By virtue of the Fund’s indirect inverse exposure to changes in the Index level, the Fund is subject to the risk that the Index level increases. If the Index level increases, the Fund will likely lose value and, as a result, the Fund may suffer significant losses. The Fund may also be subject to the following risks: innovation and technological advancement; strong market presence of Index constituent companies; adaptability to global market trends; and resilience and recovery potential.

Index Level Participation Risk. The Fund employs an investment strategy that includes the sale of put option contracts, which limits the degree to which the Fund will benefit from decreases in the Index level experienced over the Put Period. This means that if the Index level experiences a decrease in value below the strike level of the sold put options during a Put Period, the Fund will likely not experience that increase to the same extent and any Fund gains may significantly differ from the level of the Index losses over the Put Period. Additionally, because the Fund is limited in the degree to which it will participate in decreases in value experienced by the Index level over each Put Period, but has significant negative exposure to any increases in value experienced by the Index level over the Put Period, the NAV of the Fund may decrease over any given period. The Fund’s NAV is dependent on the value of each options portfolio, which is based principally upon the inverse of the performance of the Index level. The Fund’s ability to benefit from the Index level decreases will depend on prevailing market conditions, especially market volatility, at the time the Fund enters into the sold put option contracts and will vary from Put Period to Put Period. The value of the options contracts is affected by changes in the value and dividend rates of component companies that comprise the Index, changes in interest rates, changes in the actual or perceived volatility of the Index and the remaining time to the options’ expiration, as well as trading conditions in the options market. As the Index level changes and time moves towards the expiration of each Put Period, the value of the options contracts, and therefore the Fund’s NAV, will change. However, it is not expected for the Fund’s NAV to directly inversely correlate on a day-to-day basis with the returns of the Index level. The amount of time remaining until the options contract’s expiration date affects the impact that the value of the options contracts has on the Fund’s NAV, which may not be in full effect until the expiration date of the Fund’s options contracts. Therefore, while changes in the Index level will result in changes to the Fund’s NAV, the Fund generally anticipates that the rate of change in the Fund’s NAV will be different than the inverse of the changes experienced by the Index level.

YieldMax® ETFs are distributed by Foreside Fund Services, LLC. Foreside is not affiliated with Tidal Financial Group, or YieldMax® ETFs.

The MIL Network –

July 23, 2025

MIL-OSI Russia: D. Trump accused B. Obama of “treason”

Translation. Region: Russian Federal

Source: People’s Republic of China in Russian – People’s Republic of China in Russian –

An important disclaimer is at the bottom of this article.

Source: People’s Republic of China – State Council News

WASHINGTON, July 23 (Xinhua) — U.S. President Donald Trump on Tuesday accused former President Barack Obama of “treason” over the 2016 presidential election, prompting a sharp response from Obama’s spokesman, who called the accusations “ridiculous” and a “weak attempt to distract.”

Answering a media question about the case involving the late American financier Jeffrey Epstein, D. Trump moved on to attacks on B. Obama.

“They tried to rig the election, and they got caught. And there are going to be very serious consequences for that,” Trump told reporters in the Oval Office.

Calling B. Obama a “gang leader,” D. Trump claimed that Democrats, including Joseph Biden and Hillary Clinton, allegedly engaged in election manipulation from 2016 through 2020.

“It was treason. It was everything you could think of. They tried to steal the election. They tried to confuse the election,” Trump said.

“Out of respect for the institution of the presidency, our office does not typically dignify a response to the constant nonsense and disinformation emanating from the White House. But these allegations are outrageous enough to merit refutation,” Obama’s press secretary Patrick Rhodenbush said.

“These bizarre accusations are ridiculous and a feeble attempt to distract attention,” he said in a statement.

J. Epstein, who had extensive connections to the US political and business elite, was arrested on sex crimes charges and died in prison in August 2019. It was determined that he died by suicide.

During his 2024 presidential campaign, Trump promised to release documents related to the Epstein case if he was re-elected. But earlier this month, the Justice Department and the Federal Bureau of Investigation (FBI) released a joint memo saying that there was no “client list” for Epstein and that “further disclosure would not be appropriate or warranted.”

The Trump administration’s shifting stance on the issue has drawn widespread criticism, with some angry supporters even calling for Attorney General Pam Bondi to resign, demanding more transparency from the government. –0–

Please note: This information is raw content obtained directly from the source of the information. It is an accurate report of what the source claims and does not necessarily reflect the position of MIL-OSI or its clients.

.

MIL OSI Russia News –

July 23, 2025
MIL-OSI USA: Stauber Announces the Federal Prison Camp in Duluth Will Remain Open and Operational

Source: United States House of Representatives – Congressman Pete Stauber (MN-08)

DULUTH, MN – Today, Congressman Pete Stauber (MN-08) announced that the Biden administration’s misguided decision to close the Federal Prison Camp in Duluth has been overturned by the Trump administration, ensuring the facility will remain open and operational for years to come. This decision follows a recent visit to the camp by William Marshall, the newly appointed Director of the Federal Bureau of Prisons under the Trump administration, a visit Stauber helped facilitate and personally attended.

Of this news, Stauber said, “I am overjoyed by the news that the Federal Prison Camp in Duluth will remain open, and that the 90 federal employees who currently work there will remain employed. Since the Biden administration announced their disastrous decision to close FPC Duluth in December, I made it a top priority to work with the Trump administration to keep it open. During last week’s visit to FPC Duluth, Director Marshall was able to see firsthand the prison’s top-notch programming, dedicated employees, and the value it brings to our community. I join FPC Duluth’s employees and their families in thanking Director Marshall and the Trump administration for their attention to this issue and for making the right decision.”

###

MIL OSI USA News –

July 23, 2025
MIL-OSI USA: WATCH: Padilla Sets the Record Straight on Trump Administration’s Harmful Mass Deportation Agenda

US Senate News:

Source: United States Senator Alex Padilla (D-Calif.)

WATCH: Padilla Sets the Record Straight on Trump Administration’s Harmful Mass Deportation Agenda

Highlighted testimony from Alejandro Barranco — a veteran and the son of Narciso, who was violently detained by masked CBP agents in Orange County

WATCH: Padilla criticizes Trump and Republicans for backtracking on pledge to target violent criminalsWASHINGTON, D.C. — Today, U.S. Senator Alex Padilla (D-Calif.), Ranking Member of the Senate Judiciary Immigration Subcommittee, joined a Senate Judiciary Subcommittee hearing to set the record straight on President Trump and Stephen Miller’s cruel mass deportation campaign, blasting the Administration for intentionally stoking fear and scapegoating immigrants.
Padilla emphasized that far from the Trump Administration’s stated plan to target violent criminals, less than 10 percent of immigrants whom Immigration and Customs Enforcement (ICE) has taken into custody have serious criminal convictions, and there has been a staggering 500 percent increase in the number of arrests of noncitizens without criminal records. He stressed that these ICE sweeps often illegally profile and target people based on their race, accents, or occupation, while hurting the economy by ripping away farm workers, service industry employees, and other essential workers.
Padilla called out Republicans for attempting to distract from the sharp turn in public opinion away from the President’s immigration policy by relitigating complaints from the Biden presidency more than six months into Trump’s second term. An all-time record 79 percent of Americans believe immigration is a good thing for the country.
He also criticized the $150 billion funding surge to carry out Trump’s enforcement agenda in Republicans’ billionaire-first reconciliation bill, underscoring that ICE’s budget is now larger than the budget of the Federal Bureau of Investigation (FBI); Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF); Drug Enforcement Administration (DEA); U.S. Marshals Service, and Bureau of Prisons combined.
“It’s clear why we’re here today: we’re here because Donald Trump is scapegoating immigrants,” Padilla said in committee. “It’s always been his outlet. This is their break-glass-in-case-of-emergency option when public sentiment turns against them and their agenda. It hasn’t been about only targeting violent criminals and it’s certainly not about fixing or modernizing our immigration system.”
Padilla questioned three witnesses on the Trump Administration’s harmful immigration enforcement. He asked Deborah Fleischaker, a former ICE Acting Chief of Staff and longtime Department of Homeland Security official, to set the record straight that the Biden Administration encouraged ICE to do its job to detain violent criminals. He also highlighted the need for additional funding beyond immigration enforcement to support the hiring of more immigration judges and asylum officers.
Padilla heard further from Alejandro Barranco — a Marine veteran and the eldest son of Narciso Barranco, who was violently detained by masked Customs and Border Protection (CBP) agents in Orange County — about the dangers of indiscriminate immigration enforcement, including sweeping up hardworking people with no history of violent crime.
PADILLA: The way they present it, the way they talk about President Biden’s administration and prior Democratic administrations is like it was never a priority for Democratic administrations to go after criminals, and that Democrats and Democratic administrations just didn’t care about the presence of dangerous people in our communities. Simply not true. … Ms. Fleischaker, you were in ICE leadership. In your view, in your experience, did the Biden Administration ever restrain ICE from pursuing serious criminals?
FLEISCHAKER: We absolutely did not stop ICE agents from enforcing the law and going after public safety threats. In fact, we encouraged them to do so. We very much want to want to find and arrest public safety threats in the community. […]
PADILLA: I don’t think anyone here would disagree with the idea of rooting out the ‘worst of the worst,’ even if we disagree over what immigration policy should be, but I believe it’s unacceptable that these raids are so indiscriminate that they end up sweeping up people with no history of violent crime, hardworking people trying to give their children a better life, like Alejandro’s father, Narciso. Alejandro, question is for you. … Is there anything else that you would like to share about the cruelty with which your father was treated or what your family’s gone through?
BARRANCO: I think that the way they treated him and the way they handled that situation was very unprofessional. It showed men who were not trained. It doesn’t seem like it. … They were running with guns in their hand, with fingers on the trigger, pointing it at civilian vehicles. And honestly, I don’t think that’s for the best of public safety, and I believe that they should have better training and go out and chase after the real criminals.
PADILLA: Well, I couldn’t agree more, and the more resources, personnel, funding, and otherwise that’s directed at again, just broad-based enforcement is less focus, less prioritization of those violent criminals that we know are out there, the Administration knows are out there, but they’re not the clear priority or focus.
Padilla also expressed concern about indiscriminate immigration raids creating widespread fear, keeping people home from work, businesses, church, and public spaces, while limiting the reporting of crimes. He heard from Dr. Giovanni Veliz, a retired Minneapolis Police Department Commander, about the importance of building trust with immigrant communities to combat crime and keep police officers safe.
Video of Senator Padilla’s opening remarks is available here, and his questions are available here.
More information on the hearing is available here.

MIL OSI USA News –

July 23, 2025
MIL-OSI USA: ICYMI: Tuberville Joins the Chris Salcedo Show to Discuss Ways to Expose the Deep State and Protect Law Enforcement

US Senate News:

Source: United States Senator Tommy Tuberville (Alabama)

WASHINGTON – U.S. Senator Tommy Tuberville (R-AL) joined Newsmax’s Chris Salcedo Show to discuss DNI Tulsi Gabbard’s recent report exposing the FBI’s involvement in covering up then-Secretary of State Hillary Clinton’s mishandling of classified information. Sen. Tuberville and Salcedo also discussed the Senate’s effort to continue advancing President Trump’s America First policy agenda as well as the Radical Democrat Socialist Party’s violence against law enforcement.

Excerpts from the interview can be found below and the full interview can be viewed on YouTube or Rumble.

SALCEDO: “Senator Tommy Tuberville. Senator, it’s always good to see you. DNI Gabbard releases revelations about Obama, Comey, Brennan, and that gang. Now, we learn that James Comey’s FBI rigged the Hillary Clinton investigation so we would never know how badly she damaged our national security when they didn’t probe those crucial thumb drives. Senator, where is your party’s push for accountability?”

TUBERVILE: “Well, thanks for having me on, Chris. What a colossal cover up this has been. I got here right after Joe Biden took office, and it has been a disaster of […] most Republicans watching this go down. It is a huge cover up.

They’ve tried to push a narrative that, basically, they wanna change our country [into] something that it’s not. They wanted to take all the ability of us as Republicans, as Americans, to try to keep our country going in the right direction. But the mainstream media, the Democrats, and a few Republicans have pushed this narrative of ‘let’s do it the right way. Let’s make sure we’re doing the right thing.’ It has been something that I’ve been shocked at since I’ve been here. And now we’re finally seeing things start to leak out, the truth of really what happened.

The American people are going to find out. It is going to be fun up here to watch all this start taking a narrative, a true narrative, of what really happened of the Democrats trying to change this country into a socialist-communist country for the last four years. These people need to lawyer up, and they need to find out what it’s really like to be under the gun. Putting their hand up, testifying in front of people all over this country because it’s gonna be much-watched as we look at all this narrative being brought forward.”

SALCEDO: “Well, Senator, you know, getting real Americans put into prosecutorial positions would help bring this accountability to these lawless Democrats. There are a number of confirmations for U.S. Attorney backed up in the United States Senate right now. Some have been waiting for months. Has leader Thune committed to you that this backlog will be done away with before the August recess?”

TUBERVILLE: “Well, we’ve talked about that. We’re trying to catch up. The problem, Chris, is the Democrats are playing four corners of basketball here. Slow play. They don’t get back anytime.

It’s a lot of fundamental errors that have happened, not just from here in the Senate, but also the White House. We have to have some firepower. We have to be able to fight back. But at the end of the day, we’re gonna get this done, even if we have to stay up here weekends through August. The Democrats don’t think that we’ll stay up here and work. Guess what? We’ll stay up here and work. We’ll have enough people up here to get a quorum to make sure that we push the agenda. And if they don’t wanna take a vacation, we don’t have to take one.”

SALCEDO: “Wow. I think you’re breaking some news right there. ‘The Senate actually works.’ That’s some big news, Senator. Look, over the weekend, an off-duty CBP officer was shot in the face by an illegal alien suspect. In Wisconsin, an illegal alien was finally arrested by ICE after he allegedly decapitated a woman and stored her body three months after a nut job Illinois judge let him walk free on those gruesome charges. And then there’s Hunter Biden. He’s upset with Americans for trying to stop illegal immigration and the effort to deport illegal aliens.” […]

TUBERVILLE: “This is coming from somebody that’s never had a job, Joe Biden’s son. He’s lived off his dad for many, many years. And so whatever you get from him, you can take [with] a grain of salt. Again, but he’s coming back even at his Democrat team, the members that have actually pushed everything towards the Republicans. But 800% surge of assault on our law enforcement officers in this country. Our justice system, Chris, is in shambles.

Judges taking people that are arrested, letting them go in the front door, go out the back door. That is stopping as we speak, but we have to continue to push that. Again, the Democrats pushed a lot of these judges out in the last few years. They’re overwhelmed all over the country of being very lax on crime. But if we don’t take our neighborhoods back and our streets back, we do not have a country […] but we’ve gotta protect our law enforcement people. They get up every day, ICE, Border Patrol. They get up every day, put a badge on, a gun on their side, and not knowing whether they’re gonna come back or not.

President Trump gave them authority, and they need to take that authority. That [if they’re] shot at, they need to shoot back. We need to take advantage of what’s going on right now and make sure we take our streets back because the Democrats […] could[n’t] care less about that. They want their voters to vote for them, that’s the voters for the Democratic Party. These people are breaking all these laws all over the country.” […]

Senator Tommy Tuberville represents Alabama in the United States Senate and is a member of the Senate Armed Services, Agriculture, Veterans’ Affairs, HELP and Aging Committees.

MIL OSI USA News –

July 23, 2025
MIL-OSI Security: Springfield Man Sentenced to 25 Years for Methamphetamine Trafficking, Illegal Firearms

Source: Office of United States Attorneys

SPRINGFIELD, Mo. – A Springfield, Mo., man was sentenced in federal court today for his role in a conspiracy to distribute large amounts of methamphetamine in Greene County, Mo., and possessing firearms.

Russell Lee Deck, Jr., 47, was sentenced by U.S. District Court Judge Brian C. Wimes to a total sentence of 25 years in federal prison without parole, followed by three years of supervised release.

On Nov. 8, 2024, Deck pleaded guilty to one count of conspiracy to distribute methamphetamine and one count of possessing a firearm in furtherance of a drug trafficking crime. Deck admitted he participated in a conspiracy to distribute methamphetamine in Greene County from June 1 to Aug. 25, 2022, and to possessing firearms.

The drug trafficking conspiracy ended when a Springfield police officer attempted to conduct a traffic stop on Deck on Aug. 18, 2022. When the officer pulled behind Deck’s vehicle in a hotel parking lot and activated his lights, Deck put the car in reverse and rammed the officer’s vehicle. The officer got out of his vehicle, pulled his duty weapon, and ordered the vehicle’s occupants to stop. Instead, Deck drove forward, then put his vehicle in reverse and rammed the officer’s vehicle again before fleeing the parking lot.

A police pursuit ensued, with Deck driving at a high rate of speed in a residential neighborhood, while Deck’s passenger shot at the officer’s vehicle. The pursuit ended when Deck crashed into a Jeep SUV at an intersection. While the Jeep suffered significant damage, the innocent driver appeared to be unharmed. Deck’s passenger fled the crash on foot and was arrested after Greene County deputies found the passenger hiding under a car. Shell casings and damage from gunfire were located throughout the neighborhood.

Officers removed Deck from the wrecked vehicle and found two bags containing a total of 46.2 grams of methamphetamine in Deck’s pockets. Inside Deck’s vehicle, officers found two handguns on the front passenger side floorboard.

Deck’s passenger who fired the shots during the pursuit, Blake Basten, was sentenced in federal court to a total sentence of 10 years for two counts of felon in possession of a firearm on Feb. 27, 2024.

Deck’s co-defendant in the drug trafficking conspiracy, Justin Hollingsworth, was sentenced to a total sentence of 18 years for conspiracy to distribute methamphetamine and possession of a firearm in furtherance of a drug trafficking crime on June 24, 2024.

This case was prosecuted by Assistant U.S. Attorney Stephanie Wan. It was investigated by the Bureau of Alcohol, Tobacco, Firearms and Explosives, the Federal Bureau of Investigation, and the Springfield, Mo., Police Department.

Project Safe Neighborhoods

This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: Springfield Man Sentenced to 25 Years for Methamphetamine Trafficking, Illegal Firearms

Source: Office of United States Attorneys

SPRINGFIELD, Mo. – A Springfield, Mo., man was sentenced in federal court today for his role in a conspiracy to distribute large amounts of methamphetamine in Greene County, Mo., and possessing firearms.

Russell Lee Deck, Jr., 47, was sentenced by U.S. District Court Judge Brian C. Wimes to a total sentence of 25 years in federal prison without parole, followed by three years of supervised release.

On Nov. 8, 2024, Deck pleaded guilty to one count of conspiracy to distribute methamphetamine and one count of possessing a firearm in furtherance of a drug trafficking crime. Deck admitted he participated in a conspiracy to distribute methamphetamine in Greene County from June 1 to Aug. 25, 2022, and to possessing firearms.

The drug trafficking conspiracy ended when a Springfield police officer attempted to conduct a traffic stop on Deck on Aug. 18, 2022. When the officer pulled behind Deck’s vehicle in a hotel parking lot and activated his lights, Deck put the car in reverse and rammed the officer’s vehicle. The officer got out of his vehicle, pulled his duty weapon, and ordered the vehicle’s occupants to stop. Instead, Deck drove forward, then put his vehicle in reverse and rammed the officer’s vehicle again before fleeing the parking lot.

A police pursuit ensued, with Deck driving at a high rate of speed in a residential neighborhood, while Deck’s passenger shot at the officer’s vehicle. The pursuit ended when Deck crashed into a Jeep SUV at an intersection. While the Jeep suffered significant damage, the innocent driver appeared to be unharmed. Deck’s passenger fled the crash on foot and was arrested after Greene County deputies found the passenger hiding under a car. Shell casings and damage from gunfire were located throughout the neighborhood.

Officers removed Deck from the wrecked vehicle and found two bags containing a total of 46.2 grams of methamphetamine in Deck’s pockets. Inside Deck’s vehicle, officers found two handguns on the front passenger side floorboard.

Deck’s passenger who fired the shots during the pursuit, Blake Basten, was sentenced in federal court to a total sentence of 10 years for two counts of felon in possession of a firearm on Feb. 27, 2024.

Deck’s co-defendant in the drug trafficking conspiracy, Justin Hollingsworth, was sentenced to a total sentence of 18 years for conspiracy to distribute methamphetamine and possession of a firearm in furtherance of a drug trafficking crime on June 24, 2024.

This case was prosecuted by Assistant U.S. Attorney Stephanie Wan. It was investigated by the Bureau of Alcohol, Tobacco, Firearms and Explosives, the Federal Bureau of Investigation, and the Springfield, Mo., Police Department.

Project Safe Neighborhoods

This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: Special Police Officer Pleads Guilty to Violating an Arrestee’s Rights

Source: Office of United States Attorneys

WASHINGTON – Brigette O. Robertson of Washington, D.C. pled guilty today to violating the constitutional rights of a detained citizen by stomping on her face in June 2023, announced U.S. Attorney Jeanine Ferris Pirro.

Joining in the announcement was FBI Assistant Director in Charge Steven J. Jensen of the Washington Field Office.

U.S. District Judge Dabney L. Friedrich took Robertson’s guilty plea and scheduled sentencing for Oct. 21, 2025. For the offense to which she pled guilty – a misdemeanor count of violating constitutional rights – the defendant faces a potential penalty of up to one year in prison and a fine of up to $100,000.

According to court documents, on June 24, 2023, Robertson was employed by Specific Protection Services, LLC., as a Special Police Officer (SPO). She was licensed in the District of Columbia to act and to carry out law enforcement actions as a SPO. That day, while in full uniform and vested with police powers, Robertson was assigned to and providing security services at a McDonald’s restaurant on the 3900 block of Minnesota Avenue, NE.

At about 3:30 p.m., Robertson got into a verbal altercation with a patron at the restaurant. The altercation escalated into a physical confrontation. Metropolitan Police Department officers responded to the scene. After the patron was under the control of an MPD officer, the patron remained prone on the ground. Robertson stepped over the patron and, while doing so, stomped on the patron’s face. The stomp to the face caused the patron to experience pain and bleeding. The stomp was without legal justification and in violation of the individual’s constitutional rights.

Use-of-force investigations generally

The U.S. Attorney’s Office reviews police-involved use of force to determine whether sufficient evidence exists to conclude that any officers violated either federal criminal civil rights laws or District of Columbia law. To prove civil rights violations, prosecutors must typically be able to prove that the involved officers willfully used more force than was reasonably necessary. Proving “willfulness” is a heavy burden. Prosecutors must not only prove that the force used was excessive, but must also prove, beyond a reasonable doubt, that the officer acted with the deliberate and specific intent to do something the law forbids.

The U.S. Attorney’s Office remains committed to investigating allegations of excessive force by law enforcement officers and will continue to devote the resources necessary to ensure that all allegations of serious civil rights violations are investigated fully and completely.

The FBI Washington Field Office and the Metropolitan Police Department Internal Affairs Division investigated the case. Prosecuting the case is Assistant U.S. Attorney Michael Truscott for the U.S. Attorney’s Office for the District of Columbia’s Fraud, Public Corruption, and Civil Rights Section.

25cr167

MIL Security OSI –

July 23, 2025
MIL-OSI Security: Zuni Man Charged in Unprovoked Stabbing That Left Victim Seriously Injured

Source: Office of United States Attorneys

ALBUQUERQUE – A Zuni man has been charged in federal court for allegedly stabbing another man without provocation, causing serious injuries.

According to court documents, on the night of June 16, 2025, Adrian Cheama, 36, an enrolled member of the Zuni Pueblo, allegedly approached the victim while he was walking with a friend along a residential street in Zuni, New Mexico. Without provocation, Cheama stabbed the victim in the abdomen with a weapon described as either a circular metal pole or a knife, then walked away laughing. The victim sustained serious injuries as a result.

Multiple witnesses placed Cheama at the scene and described him carrying a backpack and a baton-like object before and during the attack. The investigation revealed that Cheama had previously made statements suggesting he was looking for the victim.

Cheama is charged with assault resulting in serious bodily injury and assault with a dangerous weapon. He will remain in custody pending trial, which has not yet been scheduled. If convicted of the current charges, Cheama faces up to 10 years in prison.

U.S. Attorney Ryan Ellison and Philip Russell, Acting Special Agent in Charge of the Federal Bureau of Investigation’s Albuquerque Field Office, made the announcement today.

The Gallup Resident Agency of the Federal Bureau of Investigation’s Albuquerque Field Office investigated this case with assistance from the Zuni Police Department. Assistant U.S. Attorney Aaron Jordan is prosecuting the case.

A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: ‘We knocked her out with some gummies:’ trafficker sent to prison for conspiring to smuggle toddler from Mexico

Source: Office of United States Attorneys

LAREDO, Texas – A 23-year-old Laredo woman has been ordered to prison for her role in an unaccompanied minor smuggling ring, announced U.S. Attorney Nicholas J. Ganjei.

Vanessa Valadez pleaded guilty Sept. 20, 2024, admitting she smuggled a child into the United States for financial gain.

U.S. District Judge Keith P. Ellison has now ordered her to serve 18 months in federal prison to be immediately followed by three years of supervised release.

“Those that choose to engage in the human trafficking business are not good people. They aren’t motivated by altruism or sympathy. They are paid to traffic in human beings, and they treat people they smuggle as nothing more than cargo,” said Ganjei. “The Southern District of Texas will not rest until all such smuggling rings—particularly those that deal in children—are completely eradicated.”

“The sentencing of this individual underscores the serious consequences for those who exploit and endanger vulnerable populations, especially children,” said Immigration and Customs Enforcement – Homeland Security Investigations (ICE-HSI) San Antonio Special Agent in Charge Craig S. Larrabee. “Drugging children to facilitate human smuggling is not only criminal it’s inhumane. HSI is committed to identifying and dismantling the criminal networks behind these horrific acts and ensuring those responsible are brought to justice.”

From August to September 2023, Valadez and other family members operated a child smuggling ring working to bring young illegal minors from Nuevo Laredo, Mexico, into the United States. All the children were under the age of five.

On the night of Sept. 19, 2023, members of the smuggling ring retrieved a young girl from a stash house which the organization members operated. The co-conspirators smuggled the girl across the border and delivered her to Valadez in downtown Laredo. Co-conspirators then took the child further into the United States and delivered her to unknown people.

Two days later, the ring attempted to transport another young girl. However, law enforcement intercepted them following a routine border inspection at the Juarez Lincoln Bridge in Laredo. To carry out their scheme, co-conspirators had sedated the girl with melatonin gummies and used an unlawfully obtained birth certificate to deceive authorities into believing the girl was a family member.

The investigation revealed the smuggling ring had attempted to similarly transport at least four girls into the United States, three of whom remain unidentified and their whereabouts are unknown. Members of the smuggling ring obtained birth certificates of U.S. citizen children to pose as a family unit at ports of entry to the United States. At times, organization members used melatonin gummies to sedate at least one child to ensure a successful smuggling attempt.

One text message uncovered in the investigation showed an image depicting an unconscious child and a caption, “La noquiamos con unas gomitas,” translated in English as “we knocked her out with some gummies.”

Co-conspirators Ana Laura Bryand, 47, Dallas; her niece Kayla Marie Bryand, 20, Jose Eduardo Bryand, 43, and Nancy Guadalupe Bryand, 44, all of Laredo; and Lizeth Esmeralda Bryand Arredondo, 32, Mexico, previously pleaded guilty and have all already been sentenced to federal prison.

ICE-HSI conducted the investigation with Customs and Border Protection’s Office of Field Operations and assistance from Border Patrol, Laredo Police Department, Department of Health and Human Services – Office of the Inspector General and FBI. Assistant U.S. Attorney Michael Makens and former Special Assistant U.S. Attorney Terence A. Check Jr. prosecuted the case.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: Local man gets over 10 years after picking up and delivering “aparatos”

Source: Office of United States Attorneys

LAREDO, Texas – A 25-year-old Laredo resident has been sentenced for conspiracy to possess with intent to distribute five kilograms or more of cocaine, announced U.S. Attorney Nicholas J. Ganjei.

Fernando Tadeo Cerda, 25, pleaded guilty July 19, 2023.

U.S. District Judge Keith P. Ellison has now ordered Cerda to serve 120 months in federal prison to be immediately followed by five years of supervised release for the drug trafficking conviction. At the hearing, the court considered Cerda was subject to a mandatory 10 years in prison due to being previously convicted of smuggling aliens.

Cerda had also admitted he violated his term of supervised release and received another nine months to be served consecutively for a total 129-month-term of imprisonment.

The investigation revealed Cerda had conspired with his uncle, Jesus Garza, to coordinate delivery of large amounts of cocaine.

On Nov. 27, 2020, Cerda met with Garza and provided him a duffle bag containing the drugs. As Garza departed the location in Laredo, law enforcement conducted a traffic stop and discovered the bag with five bricks which contained over 5,000 grams of cocaine.

Cerda later admitted Garza had instructed him to pick up and deliver “aparatos” (kilograms of cocaine). He further stated he made a total of four deliveries and was paid $1,000.

He will remain in custody pending transfer to a Federal Bureau of Prisons facility to be determined in the near future.

Garza, 63, Laredo, had also pleaded guilty and later sentenced to 48 months in prison.

Drug Enforcement Administration and Bureau of Alcohol, Tobacco, Firearms and Explosives conducted the Organized Crime Drug Enforcement Task Forces (OCDETF) operation. OCDETF identifies, disrupts and dismantles the highest-level criminal organizations that threaten the United States using a prosecutor-led, intelligence-driven, multi-agency approach. Additional information about the OCDETF Program can be found on the Department of Justice’s OCDETF webpage.

Assistant U.S. Attorney Brandon Scott Bowling prosecuted the case.

MIL Security OSI –

July 23, 2025
MIL-OSI: BlackLine Announces Date for Second Quarter 2025 Earnings Release and Conference Call

Source: GlobeNewswire (MIL-OSI)

LOS ANGELES, July 22, 2025 (GLOBE NEWSWIRE) — BlackLine, Inc. (Nasdaq: BL) announced today that it will release financial results for the second quarter ended June 30, 2025 after market close on Tuesday, August 5, 2025 followed by a conference call hosted by management at 2:00 p.m. PT / 5:00 p.m. ET. A live webcast and replay will be accessible on BlackLine’s investor relations website at https://investors.blackline.com/. To access the conference call by phone, please register here, and dial-in details will be provided. To avoid delays, we encourage participants to dial into the conference call fifteen minutes ahead of the scheduled start time.

About BlackLine

BlackLine (Nasdaq: BL), the future-ready platform for the Office of the CFO, drives digital finance transformation by empowering organizations with accurate, efficient, and intelligent financial operations.

BlackLine’s comprehensive platform addresses mission-critical processes, including record-to-report and invoice-to-cash, enabling unified and accurate data, streamlined and optimized processes, and real-time insight through visibility, automation, and AI. BlackLine’s proven, collaborative approach ensures continuous transformation, delivering immediate impact and sustained value. With a proven track record of innovation, industry-leading R&D investment, and world-class security practices, more than 4,400 customers across multiple industries partner with BlackLine to lead their organizations into the future.

For more information, please visit blackline.com.

Investor Relations Contact:
Matt Humphries, CFA
matt.humphries@blackline.com

The MIL Network –

July 23, 2025
MIL-OSI Security: Passenger Pleads Guilty to Sexual Assault Charges During Flight From Montana to Texas

Source: US FBI

MISSOULA – A New Jersey man accused of sexual assault while flying from Bozeman, Montana to Dallas, Texas admitted to charges today, U.S. Attorney Kurt Alme said.

The defendant, Bhaveshkumar Dahyabhai Shukla, 37, pleaded guilty to one count of abusive sexual contact in the special aircraft jurisdiction of the United States. Shukla faces up to 2 years of imprisonment, a $250,000 fine, and at least 5 years of supervised release.

U.S. Magistrate Judge Kathleen L. DeSoto presided. U.S. District Court Judge Dana L. Christensen will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors. Sentencing is set for November 19, 2025. Shukla was detained pending further proceedings.

The government alleged in court documents that on January 26, 2025, Shukla was flying from Bozeman to Dallas on American Airlines. He was seated next to Jane Doe and Doe’s daughter. Jane Doe had a coat on her lap because she was cold. Shukla also placed his coat on his lap and initially acted as if he was sleeping but began using his right hand to rub Jane Doe’s left leg near her pocket on her hip. Jane Doe initially thought Shukla was trying to pick her pocket, so she and her daughter got up and went to the restroom to diffuse the situation.

Shukla continued rubbing Jane Doe’s inner and outer thigh throughout the flight. Doe was scared and firmly told him to “stop touching me.” Shukla said he was sorry and attempted to offer her something out of his bag. He also tried to talk to Jane Doe’s daughter, and Doe responded, “she’s fine. Don’t talk to my daughter.” As the flight continued, the plane hit some turbulence and the flight crew remained seated. Shukla continued to rub Jane Doe’s thigh and, frightened, she turned her back to him, at which point he started rubbing her lower back and buttocks.

A witness seated in the row behind Shukla and Jane Doe confirmed that Shukla inappropriately touched Jane Doe for a large portion of the flight.

Assistant U.S. Attorneys Zeno Baucus and Brian Lowney prosecuted the case. The FBI, ICE and Dallas Fort Worth International Airport Police conducted the investigation.

XXX

MIL Security OSI –

July 23, 2025
MIL-OSI USA: Five Defendants Sentenced in Connection with Operating One of the Largest Illegal Television Show Streaming Services in the United States

Source: US State of North Dakota

Yesterday, the final judgments were issued for five Nevada men, including a citizen of Germany, who were sentenced on May 29 and 30 to terms of up to 84 months in prison for running Jetflicks, one of the largest illegal television streaming services in the United States.

“The defendants operated Jetflicks, an illegal paid streaming service that made available more television episodes than any licensed streaming service on the market,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division. “This scheme generated millions of dollars in criminal profits, and hurt thousands of U.S. companies and individuals who owned the copyrights to these shows but never received a penny in compensation from Jetflicks. The sentences issued in this case demonstrate the Criminal Division’s commitment to protect American creativity and to ensure that large-scale infringers are brought to justice and punished for their crimes.”

“Digital crimes are not victimless crimes,” said U.S. Attorney Sigal Chattah for the District of Nevada. “The copyright owners lost millions of dollars as a result of the illegal paid streaming service. These sentences underscore our joint commitment with the Computer Crime and Intellectual Property Section and FBI to deter and disrupt intellectual property crime via thorough investigation and prosecution of those who violate federal intellectual property laws.”

“By building and running one of the largest unauthorized streaming services in the U.S., these individuals not only stole from content creators and legitimate streaming services, they undermined the integrity of our economy and the rule of law,” said Assistant Director Jose A. Perez of the FBI Criminal Investigative Division. “These sentencings are a reminder that illegal actions have consequences. The FBI and our partners are unwavering in our commitment to protect intellectual property rights and hold criminals accountable.”

After a 14-day trial that ended in June 2024, a federal jury in the District of Nevada convicted Kristopher Lee Dallmann, 42; Peter H. Huber, 67; Jared Edward Jaurequi, also known as Jared Edwards, 44; Felipe Garcia, 43; and Douglas M. Courson, 65, all of Las Vegas, of conspiracy to commit copyright infringement. The jury also convicted Dallmann of criminal copyright infringement by distribution, criminal copyright infringement by public performance, and money laundering. Subsequently, the court sentenced Dallmann to 84 months in prison; Huber to 18 months in prison; Jaurequi to time served (almost 5 months in prison), 180 days of home confinement, and 500 hours of community service; Garcia to three years probation with 49 days in prison and 1000 hours of community service; and Courson to three years probation with 48 days in prison.

According to court documents and evidence presented at trial, the defendants ran a site called Jetflicks, an online subscription-based service headquartered in Las Vegas, that permitted users to stream and at times download copyrighted television programs without the permission of the relevant copyright owners. At one point, Jetflicks claimed to have 183,285 different television episodes, significantly more than Netflix, Hulu, Vudu, Amazon Prime, or any other licensed streaming service. This was the largest internet piracy case — as measured by the estimated total infringement amount and total number of infringements — ever to go to trial as well as the first illegal streaming case ever to go to trial. The defendants’ conduct harmed every major copyright owner of a television program in the United States. Copyright owners lost millions of dollars from the operation.

Evidence presented at trial showed that the defendants used automated software and computer scripts that ran constantly to scour sites around the world hosting pirated content. The software and scripts would download, process, and store illegal content, and then make it immediately available on servers in the United States and Canada to tens of thousands of paid subscribers located throughout the United States for streaming and/or downloading. The defendants often delivered episodes to subscribers the day after the shows originally aired on television. The service was not only available to subscribers over the internet but specifically designed to work on many different types of devices, platforms, and software.

Each defendant performed at least one and often multiple roles at Jetflicks including management, computer programming and coding, design of the website, applications, and customer interface, technical assistance, content acquisition, subscriptions and revenue, and customer support.

Dallmann reaped millions of dollars in profit from the operation. The government conservatively estimated the value of the copyright infringement in the case at $37.5 million. This included the approximate retail value of the defendants’ reproduction of infringing works to create the Jetflicks inventory as well as the approximate retail value of the streams of pirated television episodes that the defendants provided to subscribers.

The five defendants sentenced were among eight defendants originally indicted in the Eastern District of Virginia in connection with operating Jetflicks. In addition to the defendants just sentenced in Nevada, defendant Darryl Polo previously pleaded guilty in the Eastern District of Virginia to four counts of criminal copyright infringement and one count of money laundering for his involvement with Jetflicks as well as an equally large illegal streaming site he ran called iStreamItAll. Similarly, defendant Luis Villarino also previously pleaded guilty in the Eastern District of Virginia to conspiracy to commit criminal copyright infringement. In May 2021, a judge in the U.S. District Court for the District of Virginia sentenced Polo and Villarino to, respectively, 57 months in prison and 12 months and a day in prison.

After the case was transferred to the District of Nevada for trial, defendant Yoany Vaillant was tried separately from the other five remaining defendants. In November 2024, after an eight-day trial, a federal jury convicted Vaillant of conspiracy to commit criminal copyright infringement. Vaillant is scheduled to be sentenced on Sept. 4.

The FBI Washington Field Office investigated the case, with assistance from the FBI Las Vegas Field Office.

Senior Counsel Matthew A. Lamberti, Trial Attorney Michael Christin, and Acting Deputy Chief Christopher S. Merriam of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorneys Jessica Oliva and Edward G. Veronda for the District of Nevada are prosecuting the case. The CCIPS Cybercrime Lab, the Justice Department’s Office of International Affairs, and the Royal Canadian Mounted Police in Canada provided significant assistance.

MIL OSI USA News –

July 23, 2025
MIL-OSI Security: Former Real Estate Podcaster Sentenced to More Than Five Years in Prison for Orchestrating $7 Million Ponzi Scheme

Source: US FBI

CLEVELAND – A popular former podcaster was sentenced to 70 months in federal prison for orchestrating a real estate Ponzi scheme that took in over $7.3 million from at least 63 victims from across the United States, involving a wide range of income levels and ages.

According to court documents, from October 2017 to March 2022, Matthew Motil, 45, of North Olmsted, was a licensed real estate agent in Ohio who owned and operated several companies. He devised a scheme to defraud investors by using his podcast and other marketing tools to position himself as an expert in the field. Branding himself as the “Cash Flow King,” Motil produced and hosted programs which he promoted through social media and his websites. He also authored a book, “Man on Fire,” to further his credibility with investors. Using a combination of marketing tactics, he solicited prospective investors to invest their money with him and his real estate companies as a lucrative way to generate passive income. Motil provided the victim investors with promissory notes he said were secured by mortgages on properties located throughout Northeast Ohio. Unbeknownst to them, he used the same properties over and over to obtain money from one victim after another, each time providing them with a promissory note purportedly secured by a mortgage. Each victim believed that they were the sole mortgage holder of the investment property and that they would be able to recover their investment through foreclosure if Motil failed to make the payments he promised.

Motil deflected mortgage questions from investors by saying that there were long processing times. As he convinced more people to invest with him, he used those new funds to pay earlier investors to keep the scheme going.

“These victims were deceived and manipulated into handing over their hard-earned money to a shameless and selfish individual for his own benefit,” said Acting U.S. Attorney Carol M. Skutnik for the Northern District of Ohio. “Our office will take action to prosecute anyone who preys on the trusting nature of others.”

Motil also used the victim investors’ money to fund his lifestyle. He funded personal expenses such as leasing a large home on Lake Erie and securing courtside seats to Cleveland Cavaliers home games. He also used the funds to pay his credit cards and financially sustain his fitness businesses.

“The 63 victims of this investment/Ponzi scheme are at the forefront of our work, and this conviction reflects our steadfast commitment to justice on their behalf,” said U.S. Secret Service Special Agent in Charge Blaine M. Forschen for the Cleveland Field Office. “Together with our federal, state, and local partners on the Secret Service Money Laundering Task Force, we will continue to protect our communities from those who exploit trust and inflict financial harm.”

Motil pleaded guilty to securities fraud and wire fraud on Sept. 5, 2024. U.S. District Court Judge Donald C. Nugent imposed the sentence July 18, 2025. Motil was also sentenced to serve three years of supervised release after imprisonment and pay $5,085,247.08 in restitution.

The investigation was conducted by the United States Secret Service Money Laundering Task Force* with significant assistance from the Cuyahoga County Prosecutor’s Office and the former Major Crime Task Force hosted by the Cuyahoga County Sheriff’s Department. The Office of the United States Trustee for Region 9 – Cleveland, Ohio, also significantly contributed to the case.

This case was prosecuted by Assistant United States Attorney Erica D. Barnhill for the Northern District of Ohio.

*The United Secret Service Task Force consists of the following agencies: Social Security-OIG, US Postal-OIG, US Postal Inspection Service, USDA-OIG, HUD-OIG, FBI, TIGTA-OIG, IRS-CI, Ohio BCI, Westlake PD, Parma PD, Amherst PD, North Olmsted PD, Cuyahoga County Sheriff’s Department, Cuyahoga County Prosecutor’s Office, Ohio Investigative Unit, Lorain County Sheriff’s Department, Stark County Prosecutor’s Office, Geauga County Prosecutor’s Office, Lorain County Prosecutor’s Office, Ohio Casino Commission, Richfield PD and North Ridgeville PD.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: Five Defendants Sentenced in Connection with Operating One of the Largest Illegal Television Show Streaming Services in the United States

Source: United States Attorneys General

Yesterday, the final judgments were issued for five Nevada men, including a citizen of Germany, who were sentenced on May 29 and 30 to terms of up to 84 months in prison for running Jetflicks, one of the largest illegal television streaming services in the United States.

“The defendants operated Jetflicks, an illegal paid streaming service that made available more television episodes than any licensed streaming service on the market,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division. “This scheme generated millions of dollars in criminal profits, and hurt thousands of U.S. companies and individuals who owned the copyrights to these shows but never received a penny in compensation from Jetflicks. The sentences issued in this case demonstrate the Criminal Division’s commitment to protect American creativity and to ensure that large-scale infringers are brought to justice and punished for their crimes.”

“Digital crimes are not victimless crimes,” said U.S. Attorney Sigal Chattah for the District of Nevada. “The copyright owners lost millions of dollars as a result of the illegal paid streaming service. These sentences underscore our joint commitment with the Computer Crime and Intellectual Property Section and FBI to deter and disrupt intellectual property crime via thorough investigation and prosecution of those who violate federal intellectual property laws.”

“By building and running one of the largest unauthorized streaming services in the U.S., these individuals not only stole from content creators and legitimate streaming services, they undermined the integrity of our economy and the rule of law,” said Assistant Director Jose A. Perez of the FBI Criminal Investigative Division. “These sentencings are a reminder that illegal actions have consequences. The FBI and our partners are unwavering in our commitment to protect intellectual property rights and hold criminals accountable.”

After a 14-day trial that ended in June 2024, a federal jury in the District of Nevada convicted Kristopher Lee Dallmann, 42; Peter H. Huber, 67; Jared Edward Jaurequi, also known as Jared Edwards, 44; Felipe Garcia, 43; and Douglas M. Courson, 65, all of Las Vegas, of conspiracy to commit copyright infringement. The jury also convicted Dallmann of criminal copyright infringement by distribution, criminal copyright infringement by public performance, and money laundering. Subsequently, the court sentenced Dallmann to 84 months in prison; Huber to 18 months in prison; Jaurequi to time served (almost 5 months in prison), 180 days of home confinement, and 500 hours of community service; Garcia to three years probation with 49 days in prison and 1000 hours of community service; and Courson to three years probation with 48 days in prison.

According to court documents and evidence presented at trial, the defendants ran a site called Jetflicks, an online subscription-based service headquartered in Las Vegas, that permitted users to stream and at times download copyrighted television programs without the permission of the relevant copyright owners. At one point, Jetflicks claimed to have 183,285 different television episodes, significantly more than Netflix, Hulu, Vudu, Amazon Prime, or any other licensed streaming service. This was the largest internet piracy case — as measured by the estimated total infringement amount and total number of infringements — ever to go to trial as well as the first illegal streaming case ever to go to trial. The defendants’ conduct harmed every major copyright owner of a television program in the United States. Copyright owners lost millions of dollars from the operation.

Evidence presented at trial showed that the defendants used automated software and computer scripts that ran constantly to scour sites around the world hosting pirated content. The software and scripts would download, process, and store illegal content, and then make it immediately available on servers in the United States and Canada to tens of thousands of paid subscribers located throughout the United States for streaming and/or downloading. The defendants often delivered episodes to subscribers the day after the shows originally aired on television. The service was not only available to subscribers over the internet but specifically designed to work on many different types of devices, platforms, and software.

Each defendant performed at least one and often multiple roles at Jetflicks including management, computer programming and coding, design of the website, applications, and customer interface, technical assistance, content acquisition, subscriptions and revenue, and customer support.

Dallmann reaped millions of dollars in profit from the operation. The government conservatively estimated the value of the copyright infringement in the case at $37.5 million. This included the approximate retail value of the defendants’ reproduction of infringing works to create the Jetflicks inventory as well as the approximate retail value of the streams of pirated television episodes that the defendants provided to subscribers.

The five defendants sentenced were among eight defendants originally indicted in the Eastern District of Virginia in connection with operating Jetflicks. In addition to the defendants just sentenced in Nevada, defendant Darryl Polo previously pleaded guilty in the Eastern District of Virginia to four counts of criminal copyright infringement and one count of money laundering for his involvement with Jetflicks as well as an equally large illegal streaming site he ran called iStreamItAll. Similarly, defendant Luis Villarino also previously pleaded guilty in the Eastern District of Virginia to conspiracy to commit criminal copyright infringement. In May 2021, a judge in the U.S. District Court for the District of Virginia sentenced Polo and Villarino to, respectively, 57 months in prison and 12 months and a day in prison.

After the case was transferred to the District of Nevada for trial, defendant Yoany Vaillant was tried separately from the other five remaining defendants. In November 2024, after an eight-day trial, a federal jury convicted Vaillant of conspiracy to commit criminal copyright infringement. Vaillant is scheduled to be sentenced on Sept. 4.

The FBI Washington Field Office investigated the case, with assistance from the FBI Las Vegas Field Office.

Senior Counsel Matthew A. Lamberti, Trial Attorney Michael Christin, and Acting Deputy Chief Christopher S. Merriam of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorneys Jessica Oliva and Edward G. Veronda for the District of Nevada are prosecuting the case. The CCIPS Cybercrime Lab, the Justice Department’s Office of International Affairs, and the Royal Canadian Mounted Police in Canada provided significant assistance.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: Former Taney County Volunteer Firefighter Sentenced to 180 Months for Child Pornography

Source: US FBI

SPRINGFIELD, Mo. – A Hollister, Mo., man was sentenced in federal court today for sharing child pornography over the internet.

Cameron Allen Ryan, 36, was sentenced by U.S. District Judge M. Douglas Harpool to 15 years in federal prison without parole. The court also sentenced Ryan to 10 years of supervised release following incarceration. The court ordered Ryan to pay $51,000 in restitution to his victims and a $5,000 special assessment under the Justice for Victims of Trafficking Act.

Ryan will be required to register as a sex offender upon his release from prison and will be subject to federal and state sex offender registration requirements, which may apply throughout his life.

Ryan pleaded guilty on Dec. 17, 2024, to one count of receipt and distribution of child pornography. According to court documents, Ryan, who was a volunteer with the Taney County Volunteer Fire Department, admitted to receiving and trading files of child pornography with the undercover FBI agent and other individuals on the internet.

Law enforcement was alerted by a CyberTip made to the National Center for Missing and Exploited Children. On Nov. 28, 2023, an undercover FBI agent downloaded numerous images of minor children which had been posted to an image hosting website by the suspect user profile and began communicating with suspect via email. The undercover officer made contact with the suspect, and the suspect sent a video to the agent that depicted a minor engaged in sexually explicit conduct.

The FBI identified Ryan as the suspect user. When officers searched Ryan’s cell phones, one of the phones was logged in to the email account that had been messaging the undercover FBI agent. A forensic analysis of the two phones found over 1800 files containing child pornography.

This case was prosecuted by Assistant U.S. Attorney Stephanie L. Wan. It was investigated by the Federal Bureau of Investigation, the Southwest Missouri Cyber Crimes Task Force, the Springfield, Mo., Police Department, and the Taney County, Mo., Sheriff’s Office.

Project Safe Childhood

This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, please visit www.usdoj.gov/psc . For more information about Internet safety education, please visit www.usdoj.gov/psc and click on the tab “resources.”

MIL Security OSI –

July 23, 2025
MIL-OSI Security: New Jersey Doctor Charged with Distributing Opioids in Exchange for Sexual Favors and Defrauding New Jersey Medicaid

Source: US FBI

NEWARK, N.J. – A New Jersey doctor was charged with distributing opioids without a legitimate medical purpose, soliciting sexual favors from patients in exchange for opioid prescriptions, and defrauding New Jersey Medicaid by billing for visits that never happened, U.S. Attorney Alina Habba announced.

Ritesh Kalra, 51, of Secaucus, New Jersey, was charged in a 5-count Complaint with 3 counts of distributing opioids outside the usual course of professional practice, not for a legitimate medical purpose, and in exchange for sexual favors, and 2 counts of healthcare fraud. Kalra made his initial appearance yesterday before U.S. Magistrate Judge André M. Espinosa in Newark federal court and was released on home incarceration and an unsecured $100,000 bond. He also is prohibited from practicing medicine and prescribing medication and will be required to shut down his medical practice while the case is pending.

“Physicians hold a position of profound responsibility—but as alleged, Dr. Kalra used that position to fuel addiction, exploit vulnerable patients for sex, and defraud New Jersey’s public healthcare program. By allegedly exchanging prescriptions for sexual favors and billing Medicaid for ghost appointments, he not only violated the law but endangered lives. Our Office will continue to pursue those who turn their medical licenses into tools for personal gain and sexual gratification.”

– U.S. Attorney Alina Habba

“When we seek medical advice and treatment from doctors, we have to assume they have our best interests in mind. This investigation, conducted by the FBI and our partners, illustrates that Dr. Kalra had little regard for actually taking care of his patients. As alleged, he instead used them for his sexual gratification and, in the process, defrauded the state of New Jersey. A patient’s relationship and trust in a physician, while at their most vulnerable, is not something to be exploited for personal gain. We are asking anyone who may be a victim or knows someone who was treated by Dr. Kalra to get in touch with our office at 1-800-CALL-FBI,” stated Special Agent in Charge Stefanie Roddy.

“In the fight against the opioid crisis, we often witness the painful struggles of those battling addiction. Rather than offering help, Dr. Kalra exploited his victims at their most vulnerable—using opioids as leverage in exchange for sexual favors—further deepening their addiction and worsening the crisis” stated DEA New Jersey Special Agent in Charge Cheryl Ortiz. “The DEA will continue to work with our partners in making sure those who abuse their professional oath are held accountable.”

“Physicians who recklessly and illegitimately distribute controlled substances undermine critical efforts to battle the opioid crisis and betray their professional responsibility to serve the health and well-being of the public. As alleged, Dr. Kalra took advantage of individuals struggling with addiction all for his own personal gratification,” said Special Agent in Charge Naomi Gruchacz of the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG). “HHS-OIG will continue to work with our law enforcement partners to address such abuse to protect patients, communities, and taxpayers from such dangerous conduct.”

According to documents filed in the case and statements made in court:

Dr. Kalra, an internist in Fair Lawn, New Jersey, allegedly operated a pill mill out of his medical office, where he routinely prescribed high-dose opioids—including oxycodone—and promethazine with codeine to patients without a legitimate medical purpose. Between January 2019 and February 2025, Kalra issued more than 31,000 prescriptions for oxycodone, including days when he wrote upwards of 50 prescriptions. Several of Kalra’s former employees reported that female patients complained that Kalra touched them sexually and demanded sexual favors of them, including oral sex, in order to obtain their prescriptions. One patient described being sexually assaulted by Kalra on multiple occasions, including forced anal sex during clinical appointments. Another patient continued to receive opioid prescriptions from Kalra when the patient was incarcerated at Essex County Correctional Facility and had no contact with Dr. Kalra.

Kalra also allegedly billed for in-person visits and counseling sessions that never occurred. As part of the health care fraud scheme, Kalra’s electronic medical records allegedly contained false progress notes listing fabricated dates of service, and included examination notes that were generally identical from visit to visit and did not record vital signs.

Each count of distributing controlled substances carries a maximum penalty of 20 years in prison and a $1 million fine. Each count of health care fraud is punishable by a maximum potential penalty of 10 years in prison and a fine of $250,000, or twice the gross profit or loss caused by the offense, whichever is greatest.

Individuals who believe they may be victims of Dr. Kalra or have information about this case may contact the FBI at 1-800-CALL-FBI (225-5324) or by email at NK-Victim-Assistance@fbi.gov.

U.S. Attorney Habba credited the following law enforcement organizations with the investigation leading to yesterday’s charges: the Federal Bureau of Investigation, under the direction of Special Agent in Charge Stefanie Roddy; the Drug Enforcement Administration, under the direction of Special Agent in Charge Cheryl Ortiz; the U.S. Department of Health and Human Services Office of Inspector General, under the direction of Special Agent in Charge Naomi Gruchacz; the Internal Revenue Service—Criminal Investigation, under the direction of Special Agent in Charge Jenifer Piovesan; the Social Security Administration Office of Inspector General, under the direction of Special Agent in Charge Amy Connelly; the New Jersey Office of the Attorney General Division of Criminal Justice; and the Fair Lawn Police Department.

The Government is represented by Assistant U.S. Attorneys Katherine M. Romano and Jessica R. Ecker and of the Health Care Fraud and Opioids Enforcement Unit in Newark.

The charges and allegations contained in the complaint are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

25-225 ###

Defense counsel: Michael Baldassare, Esq.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: Diamond District Fence Pleads Guilty in Connection with Large Scale Stolen Property Operation

Source: US FBI

The Defendant Operated a Large-Scale Fencing Operation in Manhattan’s Diamond District that Serviced South American Theft Groups that Committed Burglaries Nationwide

Earlier today, in federal court in Brooklyn, Dimitriy Nezhinskiy pleaded guilty to conspiring to receive stolen property that had been transported in interstate commerce. The proceeding was held before United States District Judge William F. Kuntz. When sentenced, Nezhinskiy faces a maximum sentence of five years’ imprisonment as well as restitution of approximately $2,500,000, and forfeiture of more than $2,500,000.

Joseph Nocella, Jr., United States Attorney for the Eastern District of New York; Christopher G. Raia, Assistant Director in Charge, Federal Bureau of Investigation, New York Field Office (FBI); Jessica S. Tisch, Commissioner, New York City Police Department (NYPD); and Patrick J. Ryder, Commissioner, Nassau County Police Department (NCPD) announced the guilty plea.

“The defendant’s criminal conduct, purchasing items stolen from homes and businesses nationwide, provided a vital market for South American Theft Groups and other criminals to sell the proceeds of their crimes,” stated United States Attorney Nocella. “Our Office and our law enforcement partners are dedicated to ensuring that those who facilitate the victimization of people and businesses are brought to justice.”

“For more than five years, Dimitriy Nezhinskiy established a demand for stolen merchandise, which allowed South American Theft Groups to profit from repeated burglaries,” stated FBI Assistant Director in Charge Raia. “His purchases perpetuated a ripple of criminality targeting residences and business across the country. The FBI will never tolerate any individual who provides economic support to other criminal actors to continue their illicit operations in our city.”

“This defendant ran a black-market pipeline, buying stolen luxury goods from organized theft crews that targeted homes and businesses,” said NYPD Commissioner Tisch. “It was a deliberate operation that helped professional burglars prey on innocent people. Today’s guilty plea sends a clear message: If you profit off stolen property, we will find you and dismantle your operation. I want to thank our detectives and federal partners for their work on this case.”

“Thanks to the hard work of our Detective Division, working closely with our local and federal partners, the residents of Nassau County can rest easy that we have shut down another criminal group that set out to victimize innocent people,” stated Nassau County Police Commissioner Ryder. “Let this be a message to the South American Theft Groups and anyone who chooses to work with them: our detectives will find you and bring you to justice if you prey on the good people of our County.”

According to court filings and statements the defendant made at today’s guilty plea, between approximately 2020 and 2025, the defendant conspired with his co-defendant, Juan Villar, and others, to receive and purchase stolen property, including jewelry, watches, handbags, and assorted luxury items that had been stolen outside of the state of New York and transported into New York. Nezhinskiy and Villar regularly served as “fences” for South American Theft Groups, burglary crews based out of South America, who traveled around the United States committing burglaries, typically targeting wealthier neighborhoods or jewelry vendors, and stealing luxury accessories like watches, jewelry, and handbags. Nezhinskiy and Villar’s operation, which consisted of purchasing stolen property from these crews for cash, provided an essential market for the stolen goods, perpetuating the dangerous criminal activities of the burglary and theft crews composed largely of foreign nationals.

As detailed in court filings and the guilty plea, evidence linked Nezhinskiy and Villar to thefts around the country, including at least two dozen residential or commercial burglaries across the United States between 2019 and 2025. Additionally, between October 2022 and January 2024, an undercover detective conducted seven controlled sales of purported stolen property, including high-end handbags and luxury accessories, to Nezhinskiy or Villar, or both, at their business location on 47^th Street in Manhattan’s Diamond District. During these controlled sales, the undercover detective provided the defendants with items that the undercover told the defendants had been stolen, and received cash in exchange for the stolen goods.

Simultaneous with the defendant’s arrest in February 2025, law enforcement executed a search warrant at the location in the Diamond District where Nezhinskiy and Villar operated a pawn shop and seized large quantities of suspected stolen property, including dozens of high-end watches and jewelry. Law enforcement also recovered large quantities of cash and marijuana. A search warrant was also executed at storage units belonging to Nezhinskiy in New Jersey where an additional cache of suspected stolen property was found. From inside Nezhinskiy’s storage units, law enforcement recovered large quantities of luxury goods and clothing, including high-end handbags, wine, sports memorabilia, jewelry, artwork, and power tools consistent with those commonly used in burglaries and opening safes.

On June 16, 2025, Villar pled guilty to conspiring to receive stolen property that had been transported in interstate commerce and is pending sentencing.

The government’s case is being handled by the Criminal Section of the Office’s Long Island Division and the Office’s General Crimes Section. Assistant United States Attorneys Michael R. Maffei, Katherine P. Onyshko, and Sean M. Sherman are in charge of the prosecution.

The Defendants:

DIMITRIY NEZHINSKIY
Age: 43
North Bergen, New Jersey

JUAN VILLAR
Age: 48
Queens, New York

E.D.N.Y. Docket No. 25-CR-40 (WFK)

MIL Security OSI –

July 23, 2025
MIL-OSI Security: CaaStle Founder Charged in $300 Million Fraud Scheme

Source: US FBI

United States Attorney for the Southern District of New York, Jay Clayton, and Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), Christopher G. Raia, announced today the unsealing of an Indictment charging CHRISTINE HUNSICKER with wire fraud, securities fraud, money laundering, making false statements to a financial institution, and aggravated identity theft. The charges in the Indictment arise from an alleged scheme by the defendant to defraud investors in the fashion technology business CaaStle and a related venture out of more than $300 million through false statements, misleading claims, and fabricated documents. HUNSICKER self-surrendered this morning and will be presented this afternoon before U.S. Magistrate Judge Jennifer E. Willis. The case has been assigned to U.S. District Judge J. Paul Oetken.

“As alleged, Christine Hunsicker defrauded investors of hundreds of millions of dollars through document forgery, fabricated audits, and material misrepresentations about her company’s financial condition,” said U.S. Attorney Jay Clayton. “The promise of pre-IPO technology companies can be fertile ground for fraudsters who play on investor euphoria. Investors should be aware of these incentives and that pre-IPO companies are not subject to the rigors of SEC registration. This Office is committed to protecting investors who place their trust and capital in emerging companies. We will continue to work closely with our law enforcement partners to investigate, detect, and prosecute those individuals who abuse our markets and our investors”

“Christine Hunsicker allegedly submitted fraudulent financial statements to swindle investors and banks of more than $300 million,” said FBI Assistant Director in Charge Christopher G. Raia. “This alleged scheme was stitched together with repeated deception and misinformation, ultimately betraying the trust of the defendant’s clients. The FBI remains committed to apprehending any business owners who implement unlawful practices to increase their personal wealth.”

As alleged in the Indictment:^[1]

HUNSICKER, a well-known entrepreneur and successful businessperson in the fashion-tech industry, founded and was the chief executive officer of CaaStle, a clothing technology business. While promoting CaaStle as a rapidly growing business valued at more than $1.4 billion, HUNSICKER knew that CaaStle was in financial distress with limited cash and significant expenses. To raise the capital for CaaStle’s operations, HUNSICKER provided investors with falsified income statements, fake audited financial statements, fictitious bank records, and sham corporate documents that grossly overstated CaaStle’s operating profit, revenue, and available cash. She also misrepresented to investors that their funds would be used to purchase discounted shares from existing shareholders who needed liquidity, when in fact she fabricated the existence of those shareholders and used the money as new capital for CaaStle while concealing the company’s cash needs. In total, HUNSICKER fraudulently induced more than $275 million in investments.

When confronted by an audit firm in October 2023 about transmitting a fake audit to an investor, HUNSICKER lied, falsely claiming that she had created the fake audit in connection with a lecture she gave at Princeton University, and that sending the audit to the investor had been a one-time error. In reality, HUNSICKER had provided two fake audits to the investor while soliciting an investment. She later repaid that investor to prevent the public disclosure of her fraud. Undeterred, she continued the scheme, providing an investor with fake bank account screenshots showing nearly $200 million in available cash when CaaStle had less than $200,000. One month later, in October 2024, HUNSICKER provided a different investor with a fake draft audit. In 2024, HUNSICKER also falsified the signature of a Board director to make it appear that the Board had authorized the grant of stock options to another investor, raising more than $20 million for CaaStle. Around the same time, HUNSICKER extended her fraudulent activities to a new business venture, P180, using false information about CaaStle’s success to raise approximately $30 million for P180. HUNSICKER also submitted false information about CaaStle to a bank in order to obtain and keep a $20 million personal loan.

Even after the CaaStle Board removed HUNSICKER as Chair and prohibited her from soliciting investments, she continued her fraudulent activities and attempted to raise new capital. In early 2025, she sold $8 million of her CaaStle shares and more than $5 million in P180 convertible notes without disclosing material information to investors. In February 2025, HUNSICKER attempted to sell an additional $19 million of her CaaStle shares to another investor. HUNSICKER persisted in her deceptive practices even after law enforcement agents seized her electronic devices in March 2025, continuing to meet with the investor about a fake audit without revealing its fraudulent nature, her removal from the Board, or the prohibition against her selling shares. CaaStle filed for Chapter 7 bankruptcy on June 20, 2025.

* * *

HUNSICKER, 48, of Lafayette, New Jersey, is charged with one count of wire fraud, two counts of securities fraud, and one count of money laundering, each of which carries a maximum sentence of 20 years in prison. HUNSICKER is also charged with one count of making false statements to a financial institution, which carries a maximum sentence of 30 years in prison, and aggravated identity theft, which carries a mandatory sentence of two years in prison.

The maximum potential sentences are prescribed by Congress and provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.

Mr. Clayton praised the outstanding work of the FBI. Mr. Clayton also expressed appreciation for the assistance of the U.S. Securities and Exchange Commission, which separately initiated civil proceedings against the defendant today.

The case is being handled by the Office’s Securities and Commodities Fraud Task Force. Assistant U.S. Attorneys Marguerite Colson and Alexandra Rothman are in charge of the prosecution.

^[1] As the introductory phrase signifies, the entirety of the text of the Indictment and the descriptions of the Indictment set forth herein constitute only allegations, and every fact described should be treated as an allegation.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: Former Stoughton Water Department Employee Sentenced for Tampering with Drinking Water

Source: US FBI

BOSTON – A former Stoughton Water Department employee was sentenced today in federal court in Boston for tampering with the Stoughton drinking water supply.

Robert J. Bullock, Sr., 60, of Brockton, was sentenced by U.S. District Court Chief Judge Denise J. Casper to a period of time-served (approximately one day) to be followed by three years of supervised release. The government recommended a sentence of one year and one day in prison. In March 2025, Bullock pleaded guilty to one count of tampering with a water system. Bullock was indicted by a federal grand jury in March 2024.

Bullock is a former employee of the Water Department in Stoughton. On the evening of Nov. 29, 2022, Bullock went into one of the Water Department’s pumping stations and turned off the pump that introduces chlorine into drinking water. As a result, insufficiently disinfected water was introduced into the drinking water system.

United States Attorney Leah B. Foley; Ted E. Docks, Special Agent in Charge, Federal Bureau of Investigations, Boston Division; and Kathryn Rivera, Acting Assistant Special Agent in Charge of Environmental Protection Agency, Criminal Investigation Division in Boston made the announcement today. Valuable assistance was provided by the Massachusetts State Police and the Stoughton and Brockton Police Departments. Assistant U.S. Attorney Benjamin Tolkoff of the Criminal Division prosecuted the case.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: California Man Sentenced to 14 Years in Prison for Trafficking Fentanyl and Methamphetamine

Source: US FBI

Defendant is known member of the Norteno gang, a Mexican American gang in Northern California, as well as the Bloods gang and the RideZilla prison gang

BOSTON – A California man was sentenced today in federal court in Boston for trafficking and conspiring to traffic large quantities of methamphetamine and fentanyl.

Marcos Haro, 40, of Sacramento, Calif., was sentenced by U.S. Senior District Court Judge William G. Young to 14 years in prison, to be followed by five years of supervised release. In March 2025, Marcos Haro pleaded guilty to one count of conspiracy to distribute and to possess with intent to distribute 50 grams or more of methamphetamine and 40 grams or more of fentanyl; two counts of distribution of and possession with intent to distribute 50 grams or more of methamphetamine; aiding and abetting; and one count of distribution of and possession with intent to distribute 40 grams or more of fentanyl; aiding and abetting. In April 2023, Marcos Haro was indicted along with his brother Noel Haro.

Noel Haro is a member and influential leader of the “Border Brothers” gang – a large-scale international gang known to be involved in drug, weapon and human trafficking in Southern Arizona with a presence in Nogales, Mexico and the Arizona prison system. Noel Haro is currently serving a life sentence following convictions in Arizona for drug distribution, conspiracy and money laundering. Noel Haro was previously serving his sentence at a facility in Arizona but was transferred to serve his sentence in Massachusetts upon being deemed a security concern due to his alleged influence over other inmates and repeated introduction of cell phones and narcotics into Arizona facilities.

Beginning in or about April 2019, and investigation began into Noel Haro’s attempts to facilitate the trafficking of narcotics to Massachusetts. Investigators monitoring Noel Haro’s inmate calls learned that he was soliciting friends and family members to transport narcotics from Arizona to Massachusetts on his behalf. In April 2022, recorded inmate calls indicated that Noel Haro worked with his brother, Marcos Haro, to arrange drug deals outside of prison.

In June 2022, Marcos Haro agreed to supply a cooperating witness with samples of multiple narcotics, including fentanyl and methamphetamine. Marcos Haro later mailed the narcotics concealed in a purple teddy bear inside a postal package. On July 13, 2022, the package was retrieved and found to contain powdered fentanyl, five counterfeit fentanyl pills, methamphetamine and approximately 3 grams of heroin. On July 25, 2022, during a recorded inmate call, Noel Haro and Marcos Haro discussed selling one pound of methamphetamine to the same individual. On July 27, 2022, investigators retrieved the package sent from Marcos Haro which contained approximately 446.6 grams of 99% pure methamphetamine. On Aug. 10, 2022, Noel Haro directed Marcos Haro to arrange the sale of five pounds of methamphetamine to the same individual. Later, on Sept. 12, 2022, investigators retrieved two packages sent from Marcos Haro, which contained approximately 892.3 grams of 86% pure methamphetamine and approximately 1,320.2 grams of 95% pure methamphetamine.

In October 2022, Marcos and Noel Haro made arrangements to sell an individual 2,000 fentanyl pills. On Nov. 17, 2022, Marcos sent the individual a photograph of a United States Postal Service shipping box, label and receipt. On Nov. 20, 2022, investigators retrieved the package sent by Marcos Haro, which contained approximately 2,000 blue pills, which tested positive for approximately 215.3 grams of fentanyl.

On April 2, 2023, Marcos Haro was arrested in Sacramento, Calif. following a motor vehicle stop. A 9mm handgun with eight live rounds in the magazine and approximately 2.9 grams of suspected fentanyl that field tested positive for the presence of opiates, were found during a subsequent search of the vehicle. Marcos Haro has a lengthy criminal history that includes 10 prior convictions, including a 2016 conviction for possession of a controlled substance while armed and illegal possession of an assault weapon with a large capacity magazine, for which he was sentenced to seven years in prison. Marcos Haro is a known member of the Norteno gang which is a Mexican American gang located in Northern California, as well as the Bloods gang and the RideZilla prison gang.

On July 10, 2025, Noel Haro was sentenced to 188 months in prison.

This case is part of an Organized Crime Drug Enforcement Task Forces (OCDETF) operation. OCDETF identifies, disrupts, and dismantles the highest-level criminal organizations that threaten the United States using a prosecutor-led, intelligence-driven, multi-agency approach. Additional information about the OCDETF Program can be found at https://www.justice.gov/OCDETF.

United States Attorney Leah B. Foley; Ted E. Docks, Special Agent in Charge of the Federal Bureau of Investigation, Boston Division; and Department of Correction’s Commissioner Shawn Jenkins made the announcement today. Valuable assistance was provided by the California Department of Corrections and Rehabilitation, the Sacramento County Sheriff’s Department and the Federal Bureau of Investigation, Sacramento Division. Assistant U.S. Attorneys Alathea E. Porter and Charles Dell’Anno of the Narcotics & Money Laundering Unit prosecuted the case.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: Tokio, North Dakota, Woman Sentenced to Federal Prison for Involuntary Manslaughter and Child Neglect

Source: US FBI

Fargo – Acting United States Attorney Jennifer Klemetsrud Puhl announced today that Tierra Lynn Scott, age 31 from Tokio, ND, was sentenced before Chief Judge Peter D. Welte, United States District Court for the District of North Dakota, to 168 months in federal prison – the statutory maximum of 96 months for Involuntary Manslaughter and 24 months consecutive on each of the three Child Neglect counts in Indian country. Judge Welte also sentenced Scott to serve three years of supervised release following her incarceration and to pay restitution for funeral-related expenses.

On August 17, 2024, law enforcement responded to a residence in Fort Totten, North Dakota, where an adult male was later pronounced dead. The investigation revealed the man had been struck and run over by a motor vehicle driven by Scott. Scott had no driver’s license and was under the influence of intoxicating liquor and in possession of a controlled substance and drug paraphernalia and Scott was backing and otherwise driving recklessly, and without due care for the rights and safety of others. The investigation further revealed Scott had three minor children in the vehicle with her at the time.

“In August 2024, a man lost his life due to the negligence of Tierra Scott,” said FBI Minneapolis Special Agent in Charge Alvin M. Winston Sr. “She also placed three minor children at risk, driving with them while under the influence of alcohol and in possession of drugs and drug paraphernalia. The FBI will work together with our law enforcement partners to ensure our community is safe for all, especially for children.”

“This was an entirely preventable death which was tragically witnessed by others, including children who were in and outside the defendant’s vehicle, all who have no doubt been traumatized,” said Acting US Attorney Jennifer Puhl. “Sadly, in recent years law enforcement has responded to increased incidents of alcohol-impaired driving deaths on the Spirit Lake Reservation. I hope this sentence serves as a reminder of the severe legal consequences for individuals who choose to drive under the influence and will deter that behavior.”

This case was investigated by the Federal Bureau of Investigation with assistance from the Bureau of Indian Affairs and was prosecuted by Assistant United States Attorney Lori H. Conroy.

# # #

MIL Security OSI –

July 23, 2025
MIL-OSI Security: St. Louis County Man Sentenced for Hosting Dogfights

Source: US FBI

ST. LOUIS – U.S. District Judge Sarah E. Pitlyk on Friday sentenced a man who hosted dogfights and trained dogs to fight to 18 months in prison followed by 3 years of supervised release.

Terrell Williams, 52, has also agreed to give up the dogs and training equipment seized by law enforcement during the investigation.

Williams hosted dog fights in the basement of his home in Riverview, Missouri, on two occasions in July and August of 2021. Williams also bred and owned multiple bull terriers or terrier mixes between Sept. 5, 2020, and May 1, 2022, that were used for fights. On June 22, 2022, FBI agents conducted a court-approved search of Williams’ home and seized eight bull terrier mixes and three Yorkshire terriers, as well as equipment used to train and condition dogs. Multiple dogs appeared to be aggressive towards humans and other dogs, anxious or fearful. Dogs also bore scars consistent with dog bites or dog fighting, Williams’ plea agreement says.

Williams pleaded guilty in March to a felony charge of dogfighting, which is punishable by up to five years in prison.

The FBI investigated the case. Assistant U.S. Attorney Jillian Anderson prosecuted the case.

MIL Security OSI –

July 23, 2025
MIL-OSI USA: Engineer pleads guilty to stealing trade secret technology designed for missile launch detection

Source: US Immigration and Customs Enforcement

LOS ANGELES — A Santa Clara County man and former engineer at a Southern California company pleaded guilty July 21 to stealing trade secret technologies developed for use by the United States government to detect nuclear missile launches, track ballistic and hypersonic missiles, and to allow U.S. fighter planes to detect and evade heat-seeking missiles.

Chenguang Gong, 59, of San Jose, pleaded guilty to one count of theft of trade secrets. He remains free on $1.75 million bond.

According to his plea agreement, Gong — a dual citizen of the United States and China — transferred more than 3,600 files from a Los Angeles-area research and development company where he worked — identified in court documents as the victim company — to personal storage devices during his brief tenure with the company last year.

The files Gong transferred include blueprints for sophisticated infrared sensors designed for use in space-based systems to detect nuclear missile launches and track ballistic and hypersonic missiles, as well as blueprints for sensors designed to enable U.S. military aircraft to detect incoming heat-seeking missiles and take countermeasures, including by jamming the missiles’ infrared tracking ability. Some of these files were later found on storage devices seized from Gong’s temporary residence in Thousand Oaks.

In January 2023, the victim company hired Gong as an application-specific integrated circuit design manager responsible for the design, development and verification of its infrared sensors. Beginning on approximately March 30, 2023, and continuing until his termination on April 26, 2023, Gong transferred thousands of files from his work laptop to three personal storage devices, including more than 1,800 files after he had accepted a job at one of the victim company’s main competitors.

Many of the files Gong transferred contained proprietary and trade secret information related to the development and design of a readout integrated circuit that allows space-based systems to detect missile launches and track ballistic and hypersonic missiles and a readout integrated circuit that allows aircraft to track incoming threats in low visibility environments.

Gong also transferred files containing trade secrets relating to the development of “next generation” sensors capable of detecting low observable targets while demonstrating increased survivability in space, as well as the blueprints for the mechanical assemblies used to house and cryogenically cool the victim company’s sensors. This information was among the victim company’s most important trade secrets that are worth hundreds of millions of dollars. Many of the files had been marked “[VICTIM COMPANY] PROPRIETARY,” “FOR OFFICIAL USE ONLY,” “PROPRIETARY INFORMATION,” and “EXPORT CONTROLLED.”

Law enforcement also discovered that, between approximately 2014 and 2022, while employed at several major technology companies in the United States, Gong submitted numerous applications to ‘Talent Programs’ administered by the People’s Republic of China government. The PRC government has established these talent programs as a means to identify individuals who have expert skills, abilities, and knowledge of advanced sciences and technologies in order to access and utilize those skills and knowledge in transforming the PRC’s economy, including its military capabilities.

In 2014, while employed at a U.S. information technology company headquartered in Dallas, Gong sent a business proposal to a contact at a high-tech research institute in China focused on both military and civilian products. In his proposal, translated from Chinese, Gong described a plan to produce high-performance analog-to-digital converters like those produced by his employer.

In another Talent Program application from September 2020, Gong proposed to develop “low light/night vision” image sensors for use in military night vision goggles and civilian applications. Gong’s proposal included a video presentation that contained the model number of a sensor developed by an international defense, aerospace, and security company where Gong worked from 2015 to 2019.

Gong travelled to China several times to seek Talent Program funding in order to develop sophisticated analog-to-digital converters. In his Talent Program applications, Gong underscored that the high-performance analog-to-digital converters he proposed to develop in China had military applications, explaining that they “directly determine the accuracy and range of radar systems” and that “[m]issile navigation systems also often use radar front-end systems.” In a 2019 email, translated from Chinese, Gong remarked that he “took a risk” by traveling to China to participate in the Talent Programs “because [he] worked for…an American military industry company” and thought he could “do something” to contribute to China’s “high-end military integrated circuits.”

According to his plea agreement, the intended economic loss from Gong’s criminal conduct exceeds $3.5 million.

United States District Judge John F. Walter scheduled a September 29 sentencing hearing, at which time Gong will face a statutory maximum sentence of 10 years in federal prison.

The FBI’s Los Angeles Field Office through the Counterintelligence Task Force in partnership with the State Department’s Diplomatic Security Service and U.S. Immigration and Customs Enforcement Homeland Security Investigations is investigating this matter. The FBI’s San Francisco Field Office and the U.S. Attorney’s Office for the Northern District of California also provided substantial assistance.

Assistant United States Attorneys David C. Lachman of the Terrorism and Export Crimes Section and Nisha Chandran of the Major Frauds Section are prosecuting this case, with valuable assistance from Department of Justice Trial Attorney Brendan P. Geary of the National Security Division’s Counterintelligence and Export Control Section.

As a member of the FBI Counterintelligence Task Force, HSI contributes to the whole-of-government efforts to defeat hostile intelligence activities targeting the U.S., to include countering the proliferation of sensitive technology to potential adversaries. This case highlights the partnership between HSI, the FBI and DSS, each leveraging their unique capabilities and authorities, to disrupt insider threats at U.S. technology companies and to safeguard sensitive U.S. technology.

MIL OSI USA News –

July 23, 2025

MIL-OSI USA: #StopRansomware: Interlock

News In Brief – Source: US Computer Emergency Readiness Team

Summary

Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC)—hereafter referred to as “the authoring organizations”—are releasing this joint advisory to disseminate known Interlock ransomware IOCs and TTPs identified through FBI investigations (as recently as June 2025) and trusted third-party reporting.

The Interlock ransomware variant was first observed in late September 2024, targeting various business, critical infrastructure, and other organizations in North America and Europe. FBI maintains these actors target their victims based on opportunity, and their activity is financially motivated. FBI is aware of Interlock ransomware encryptors designed for both Windows and Linux operating systems; these encryptors have been observed encrypting virtual machines (VMs) across both operating systems. FBI observed actors obtaining initial access via drive-by download from compromised legitimate websites, which is an uncommon method among ransomware groups. Actors were also observed using the ClickFix social engineering technique for initial access, in which victims are tricked into executing a malicious payload under the guise of fixing an issue on the victim’s system. Actors then use various methods for discovery, credential access, and lateral movement to spread to other systems on the network.

Interlock actors employ a double extortion model in which actors encrypt systems after exfiltrating data, which increases pressure on victims to pay the ransom to both get their data decrypted and prevent it from being leaked.

FBI, CISA, HHS, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Interlock ransomware incidents.

Download the PDF version of this report:

For a downloadable copy of IOCs, see:

Note: This advisory uses the MITRE ATT&CK® Matrix for Enterprise framework, version 17. See the MITRE ATT&CK Tactics and Techniques section of this advisory for tables mapped to the threat actors’ activity.

Overview

Since September 2024, Interlock ransomware actors have impacted a wide range of businesses and critical infrastructure sectors in North America and Europe. These actors are opportunistic and financially motivated in nature and employ tactics to infiltrate and disrupt the victim’s ability to provide their essential services.

Interlock actors leverage a double extortion model, in which they both encrypt and exfiltrate victim data. Ransom notes do not include an initial ransom demand or payment instructions; instead, victims are provided with a unique code and are instructed to contact the ransomware group via a .onion URL through the Tor browser. To date, Interlock actors have been observed encrypting VMs, leaving hosts, workstations, and physical servers unaffected; however, this does not mean they will not expand to these systems in the future. To counter Interlock actors’ threat to VMs, enterprise defenders should implement robust endpoint detection and response (EDR) tooling and capabilities.

The authoring agencies are aware of emerging open-source reporting detailing similarities between the Rhysida and Interlock ransomware variants.¹ For additional information on Rhysida ransomware, see the joint advisory, #StopRansomware: Rhysida Ransomware.

Initial Access

FBI has observed Interlock actors obtaining initial access [TA0001] via drive-by download [T1189] from compromised legitimate websites, an atypical method for ransomware actors. Interlock ransomware methods for initial access have previously disguised malicious payloads as fake Google Chrome or Microsoft Edge browser updates, though a cybersecurity company recently reported a shift to payload filenames masquerading as updates for common security software (see Table 5 for a list of filenames).²

In some instances, FBI has observed Interlock actors using the ClickFix social engineering technique, in which unsuspecting users are prompted to execute a malicious payload by clicking a fake Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) [T1189]. The CAPTCHA contains instructions for users to open the Windows Run window, paste the clipboard contents, and then execute a malicious Base64-encoded PowerShell process [T1204.004].³

Note: This ClickFix technique has been used in several other malware campaigns, including Lumma Stealer and DarkGate.⁴

Execution and Persistence

Based on FBI investigations, the fake Google Chrome browser executable functions as a remote access trojan (RAT) [T1105] designed to execute a PowerShell script [T1059.001] that drops a file into the Windows Startup folder. From there, the file is designed to run the RAT every time the victim logs in [T1547.001], establishing persistence [TA0003].

FBI also observed instances in which Interlock actors executed a PowerShell command designed to establish persistence via a Windows Registry key modification [T1547.001]. To do so, Interlock actors used a PowerShell command [T1059.001] designed to add a run key value named “Chrome Updater” [T1036.005] that uses a specific log file as an argument upon user login.

Reconnaissance

To facilitate reconnaissance, a PowerShell script executes a series of commands [T1059.001] designed to gather information on victim machines (see Table 1).

Table 1. PowerShell Commands for Reconnaissance
PowerShell Command	Description
WindowsIdentity.GetCurrent()	Returns a WindowsIdentity object that represents the current Windows user [T1033].
systeminfo	Displays detailed configuration information [T1082] about a computer and its operating system, including operating system configuration, security information, product ID, and hardware properties.
tasklist/svc	Lists unabridged service information [T1007] for each process currently running on the local computer.
Get-Service	Gets objects that represent the services [T1007] on a computer, including running and stopped services.
Get-PSDrive	Gets the drives [T1082] in the current session, such as: Windows logical drives on the computer, including drives mapped to network shares. Drives exposed by PowerShell providers. Session-specified temporary drives and persistent mapped network drives.
arp -a	Displays and modifies entries in the Address Resolution Protocol (ARP) cache table [T1016], which contains entries on the IPv4 and IPv6 addresses on host endpoints.

Command and Control

FBI observed Interlock actors using command and control (C2) [TA0011] applications like Cobalt Strike and SystemBC. Interlock actors also used Interlock RAT⁵ and NodeSnake RAT (as of March 2025)⁶ for C2 and executing commands.

Credential Access, Lateral Movement, and Privilege Escalation

FBI observed that once Interlock actors establish remote control of a compromised system, they use a series of PowerShell commands to download a credential stealer (cht.exe) [TA0006] and keylogger binary (klg.dll) [T1056.001],[T1105]. According to open source reporting, the credential stealer collects login information and associated URLs for victims’ online accounts [T1555.003], while the keylogger dynamic link library (DLL) logs users’ keystrokes in a file named conhost.txt [T1036.005].⁷ As of February 2025, private cybersecurity analysts also observed Interlock ransomware infections executing different versions of information stealers [TA0006], including Lumma Stealer⁸ and Berserk Stealer, to harvest credentials for lateral movement and privilege escalation [T1078].⁹

Interlock actors leverage compromised credentials and Remote Desktop Protocol (RDP)¹⁰ [T1021.001] to move between systems. They also use tools like AnyDesk to enable remote connectivity and PuTTY to assist with lateral movement [T1219].¹¹ In addition to stealing users’ online credentials, Interlock actors have compromised domain administrator accounts (possibly by using a Kerberoasting attack [T1558.003])¹² to gain additional privileges [T1078.002].

Collection and Exfiltration

Interlock actors leverage Azure Storage Explorer (StorageExplorer.exe) to navigate victims’ Microsoft Azure Storage accounts [T1530] prior to exfiltrating data. According to open source reporting, Interlock actors execute AzCopy to exfiltrate data by uploading it to the Azure storage blob [T1567.002].¹³ Interlock actors also exfiltrate data over file transfer tools, including WinSCP [T1048].

Impact

Following data exfiltration, Interlock actors deploy the encryption binary as a 64-bit executable named conhost.exe [T1486],[T1036.005]. FBI has observed Interlock ransomware encryptors for both Windows and Linux operating systems. Encryptors are designed to encrypt files using a combined Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman (RSA) algorithm. In addition, cybersecurity researchers have identified Interlock ransomware samples using a FreeBSD ELF encryptor [T1486], a departure from usual Linux encryptors designed for VMware ESXi servers and VMs.¹⁴

A cybersecurity company identified a DLL binary named tmp41.wasd—executed after encryption using rundll32.exe [T1218.011]—which uses the remove() function to delete the encryption binary [T1070.004];¹⁵ on Linux machines, the encryptor uses a similar technique to execute the removeme function.

Encrypted files are appended with either a .interlock or .1nt3rlock file extension, alongside a ransom note titled !__README__!.txt delivered via group policy object (GPO). Interlock actors use a double-extortion model [T1657], encrypting systems after exfiltrating data. The ransom note provides each victim with a unique code and instructions to contact the ransomware actors via a .onion URL.

Interlock actors do not leave an initial ransom demand or payment instructions on compromised networks, and do not relay this information until contacted by the victim. The actors instruct victims to make ransom payments in Bitcoin to cryptocurrency wallet addresses provided by the actors. The actors threaten to publish the victim’s exfiltrated data to their leak site on the Tor network unless the victim pays the ransom demand; the actors have previously followed through on this threat.¹⁶

See Table 2 for publicly available tools and applications used by Interlock ransomware actors. This includes legitimate tools repurposed for their operations.

Disclaimer: Use of these tools and applications should not be attributed as malicious without analytical evidence to support threat actor use and/or control.

Table 2. Tools Used by Interlock Ransomware Actors
Tool Name	Description
AnyDesk	A common legitimate remote monitoring and management (RMM) tool maliciously used by Interlock actors to obtain remote access and maintain persistence. AnyDesk also supports remote file transfer.
Cobalt Strike	A penetration testing tool used by security professionals to test the security of networks and systems.
PowerShell	A cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework, which runs on Windows, Linux, and macOS.
PSExec	A tool designed to run programs and execute commands on remote systems.
PuTTY.exe	An open source file transfer application commonly used to remotely connect to systems via Secure Shell (SSH). PuTTY also supports file transfer protocols like Secure File Transfer Protocol (SFTP) and Secure Copy Protocol (SCP).
ScreenConnect	A remote support, access, and meeting software that allows users to control devices remotely over the internet. CISA observed Interlock actors using a cracked version of this software in at least one incident. These versions may be standalone versions not connecting to ScreenConnect’s official cloud domains (domains available upon request from ConnectWise).
SystemBC	Enables Interlock actors to compromise systems, run commands, download malicious payloads, and act as a proxy tool to the actors’ C2 servers.
Windows Console Host	Windows Console Host (`conhost.exe`) manages the user interface for command-line applications in Windows, including Command Prompt and PowerShell.
WinSCP	A free and open source SSH File Transfer Protocol (FTP), WebDAV, Amazon S3, and secure copy protocol client.

See Table 3 and Table 4 for files used by Interlock ransomware actors. These were obtained from FBI investigations as recently as June 2025.

Disclaimer: Some of the hashes are for legitimate tools and applications and should not be attributed as malicious without analytical evidence to support threat actor use and/or control. The authoring agencies recommend organizations investigate or vet these hashes prior to taking action, such as blocking.

Table 3. Files Used by Interlock Ransomware Actors (SHA-256)
File Name	Hash
1.ps1	fba4883bf4f73aa48a957d894051d78e0085ecc3170b1ff50e61ccec6aeee2cd
advanced_port_scanner.exe	4b036cc9930bb42454172f888b8fde1087797fc0c9d31ab546748bd2496bd3e5
Aisa.exe	18a507bf1c533aad8e6f2a2b023fbbcac02a477e8f05b095ee29b52b90d47421
AnyDesk.exe	1a70f4eef11fbecb721b9bab1c9ff43a8c4cd7b2cafef08c033c77070c6fe069
autoservice.dll	a4069aa29628e64ea63b4fb3e29d16dcc368c5add304358a47097eedafbbb565
Autostart.exe	d535bdc9970a3c6f7ebf0b229c695082a73eaeaf35a63cd8a0e7e6e3ceb22795
cht	FAFCD5404A992850FFCFFEE46221F9B2FF716006AECB637B80E5CD5AA112D79C
cht.exe	C20BABA26EBB596DE14B403B9F78DDC3C13CE9870EEA332476AC2C1DD582AA07
cleanup.dll (SystemBC)	1845a910dcde8c6e45ad2e0c48439e5ab8bbbeb731f2af11a1b7bbab3bfe0127
conhost	44887125aa2df864226421ee694d51e5535d8c6f70e327e9bcb366e43fd892c1
conhost.dll	a70af759e38219ca3a7f7645f3e103b13c9fb1db6d13b68f3d468b7987540ddf
conhost.dll	96babe53d6569ee3b4d8fc09c2a6557e49ebc2ed1b965abda0f7f51378557eb1
difxepi.dll (SystemBC)	1845a910dcde8c6e45ad2e0c48439e5ab8bbbeb731f2af11a1b7bbab3bfe0127
iexplore.exe	d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb
klg.dll	A4F0B68052E8DA9A80B70407A92400C6A5DEF19717E0240AC608612476E1137E
!!!OPEN_ME!!!.txt	68A49D5A097E3850F3BB572BAF2B75A8E158DADB70BADDC205C2628A9B660E7A
processhacker-2.39-bin.zip	88f26f3721076f74996f8518469d98bf9be0eaee5b9eccc72867ebfc25ea4e83
PsExec.exe	078163d5c16f64caa5a14784323fd51451b8c831c73396b967b4e35e6879937b
putty.exe	7a43789216ce242524e321d2222fa50820a532e29175e0a2e685459a19e09069
puttyportable.exe	97931d2e2e449ac3691eb526f6f60e2f828de89074bdac07bd7dbdfd51af9fa0
PuTTYPortable.zip	ff7ad2376ae01e4b3f1e1d7ae630f87b8262b5c11bc5d953e1ac34ffe81401b5
qrpce91.exe.asd	64a0ab00d90682b1807c5d7da1a4ae67cde4c5757fc7d995d8f126f0ec8ae983
ScreenConnect.ClientService.exe	2814b33ce81d2d2e528bb1ed4290d665569f112c9be54e65abca50c41314d462
SophosendpointAgent.exe	f51b3d054995803d04a754ea3ff7d31823fab654393e8054b227092580be43db
SophosScaner.exe	dfb5ba578b81f05593c047f2c822eeb03785aecffb1504dcb7f8357e898b5024
Starship.exe	94bf0aba5f9f32b9c35e8dfc70afd8a35621ed6ef084453dc1b10719ae72f8e2
start	28c3c50d115d2b8ffc7ba0a8de9572fbe307907aaae3a486aabd8c0266e9426f
start.exe	70bb799557da5ac4f18093decc60c96c13359e30f246683815a512d7f9824c8f
StorageExplorer.exe	73a9a1e38ff40908bcc15df2954246883dadfb991f3c74f6c514b4cffdabde66
Sysmon.sys	1d04e33009bcd017898b9e1387e40b5c04279c02ebc110f12e4a724ccdb9e4fb
upd_2327991.exe	7b9e12e3561285181634ab32015eb653ab5e5cfa157dd16cdd327104b258c332
webujgd.lnk	70EE22D394E107FBB807D86D187C216AD66B8537EDC67931559A8AEF18F6B5B3
WinSCP-6.3.5-Setup.exe	8eb7e3e8f3ee31d382359a8a232c984bdaa130584cad11683749026e5df1fdc3
Proxy Tool	e4d6fe517cdf3790dfa51c62457f5acd8cb961ab1f083de37b15fd2fddeb9b8f
Encryptor	e86bb8361c436be94b0901e5b39db9b6666134f23cce1e5581421c2981405cb1
Encryptor	c733d85f445004c9d6918f7c09a1e0d38a8f3b37ad825cd544b865dba36a1ba6
Encryptor	28c3c50d115d2b8ffc7ba0a8de9572fbe307907aaae3a486aabd8c0266e9426f

Table 4. Files Used by Interlock Ransomware Actors (SHA-1)
File Name	Hash
autorun.log	514946a8fc248de1ccf0dbeee2108a3b4d75b5f6
jar.jar	b625cc9e4024d09084e80a4a42ab7ccaa6afb61d
pack.jar	3703374c9622f74edc9c8e3a47a5d53007f7721e

See Table 5 through Table 16 for all referenced threat actor tactics and techniques in this advisory. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.

Table 5. Initial Access
Technique Title	ID	Use
Drive-By Compromise	T1189	Interlock actors obtain initial access by compromising a legitimate website that network users visit, or by disguising malicious payloads as fake browser updates or common security software, including the following:¹⁷ FortiClient.exe Ivanti-Secure-Access-Client.exe GlobalProtect.exe Webex.exe AnyConnectVPN.exe Cisco-Secure-Client.exe zyzoom_antimalware.exe Interlock actors also gain access via the ClickFix social engineering technique, in which users are tricked into executing a malicious payload by clicking on a fake CAPTCHA that prompts users to execute a malicious PowerShell script.

Table 6. Execution
Technique Title	ID	Use
Command and Scripting Interpreter: PowerShell	T1059.001	Interlock actors implement PowerShell scripts to drop a malicious file into the Windows Startup folder. Interlock actors execute a PowerShell command for registry key modification. Interlock actors use a PowerShell script to execute a series of commands to facilitate reconnaissance.
User Execution: Malicious Copy and Paste	T1204.004	Via the ClickFix social engineering technique, users are tricked into clicking a fake CAPTCHA and prompted into executing a malicious Base64-encoded PowerShell process by following instructions to open a Windows Run window (Windows Button + R), pasting clipboard contents (“CTRL + V”), and then executing the malicious script (“Enter”).

Table 7. Persistence
Technique Title	ID	Use
Boot or Logon Autostart Execution: Registry Run Keys/Startup Folder	T1547.001	Interlock actors establish persistence by adding a file into a Windows StartUp folder that executes a RAT every time a user logs in. Interlock actors also implement registry key modification by using a PowerShell command to add a run key value (named “Chrome Updater”) that uses a log file as an argument every time a user logs in.

Table 8. Privilege Escalation
Technique Title	ID	Use
Valid Accounts: Domain Accounts	T1078.002	Interlock actors compromise domain administrator accounts to gain additional privileges.

Table 9. Defense Escalation
Technique Title	ID	Use
Defense Evasion	TA0005	Interlock actors execute the `removeme` function on Linux systems to delete the encryption binary for defense evasion.
Masquerading: Match Legitimate Resource Name or Location	T1036.005	Interlock actors disguise a malicious run key value by naming it “Chrome Updater”; the run key value uses a specific log file as an argument upon user login. Interlock actors disguise files of keystrokes logged by one of their credential stealers with a legitimate Windows filename: `conhost.txt`. Interlock actors disguise an encryption binary, a 64-bit executable, by giving it the same name as the legitimate Console Windows Host executable: `conhost.exe`
System Binary Proxy Execution: Rundll32	T1218.011	Interlock actors use `rundll32.exe` to proxy execution of a malicious DLL binary `tmp41.wasd`.
Indicator Removal: File Deletion	T1070.004	Interlock actors execute a DLL binary `tmp41.wasd` that uses the `remove()` function to delete their encryption binary for defense evasion.

Table 10. Credential Access
Technique Title	ID	Use
Credential Access	TA0006	Interlock actors download credential stealer `cht.exe` and execute other versions information stealers (including Lumma Stealer and Berserk Stealer) to harvest credentials.
Credentials from Password Stores: Credentials from Web Browsers	T1555.003	Interlock actors download a credential stealer that collects login information and associated URLs for victims’ online accounts.
Input Capture	T1056	Interlock actors execute Lumma Stealer and Berserk Stealer information stealers on victim systems.
Input Capture: Keylogging	T1056.001	Interlock actors download `klg.dll`, a keylogger binary, onto compromised systems, where it logs users’ keystrokes in a file named `conhost.txt`.
Steal or Forge Kerberos Tickets: Kerberoasting	T1558.003	Interlock actors possibly use a Kerberoasting attack to compromise domain administrator accounts.

Table 11. Discovery
Technique Title	ID	Use
System Owner/User Discovery	T1033	Interlock actors execute a PowerShell command `WindowsIdentity.GetCurrent()` on victim systems to retrieve a WindowsIdentity object that represents the current Windows user.
System Information Discovery	T1082	Interlock actors execute a PowerShell command `systeminfo` on victim systems to access detailed configuration information about the system, including OS configuration, security information, product ID, and hardware properties. Interlock actors execute a PowerShell command `Get-PSDrive` on victim systems to discover the drives in the current session, such as: Windows logical drives on the computer, including drives mapped to network shares. Drives exposed by PowerShell providers. Session-specified temporary drives and persistent mapped network drives.
System Service Discovery	T1007	Interlock actors execute a PowerShell command `tasklist /svc` on victim systems that lists service information for each process currently running on the system. Actors also execute a PowerShell command `Get-Service` on victim systems that retrieves objects that represent the services (including running and stopped services) on the system.
System Network Configuration Discovery	T1016	Interlock actors execute a PowerShell command `arp -a` on victim systems that displays and modifies entries in the Address Resolution Protocol (ARP) cache table (which contains entries on the IPv4 and IPv6 addresses on host endpoints).

Table 12. Lateral Movement
Technique Title	ID	Use
Valid Accounts	T1078	Interlock actors harvest and abuse valid credentials for lateral movement and privilege escalation.
Remote Services: Remote Desktop Protocol	T1021.001	Interlock actors use RDP and valid credentials to move laterally between systems.

Table 13. Collection
Technique Title	ID	Use
Data from Cloud Storage	T1530	Interlock actors use `StorageExplorer.exe`, the cloud storage solution Azure Storage Explorer, to explore Microsoft Azure Storage accounts.

Table 14. Command and Control
Technique Title	ID	Use
Command and Control	TA0011	Interlock actors use applications Cobalt Strike and SystemBC for C2.
Ingress Tool Transfer	T1105	Interlock actors use a fake Google Chrome or Microsoft Edge browser update to cause users to execute a RAT on the victimized system. Interlock actors download credential stealers (`cht.exe`) and keylogger binaries (`klg.dll`) once actors establish remote control of a compromised system.
Remote Access Tools	T1219	Interlock actors use legitimate remote access tools such as AnyDesk to enable remote connectivity and PuTTY to assist with lateral movement.

Table 15. Exfiltration
Technique Title	ID	Use
Exfiltration Over Web Service: Exfiltration to Cloud Storage	T1567.002	Interlock actors exfiltrate data to cloud storage by executing AzCopy to upload data to the Azure storage blob.
Exfiltration Over Alternative Protocol	T1048	Interlock actors use file transfer tools like WinSCP to exfiltrate data.

Table 16. Impact
Technique Title	ID	Use
Data Encrypted for Impact	T1486	Interlock actors encrypt victim data using a combined AES and RSA algorithm on compromised systems to interrupt availability to system and network resources. Actors code encryptors using C/C++. Interlock actors use encryptors for both Windows and Linux operating systems. Interlock actors also use a FreeBSD ELF encryptor to encrypt victim data.
Financial Theft	T1657	Interlock actors deliver a ransom note titled `!__README__!.txt` via a GPO which provides victims with instructions to use a `.onion` URL to contact the actors over the Tor network. Actors use a double-extortion model, both encrypting victim data and threatening release of victim data on their Tor network leak site if the ransom is not paid.

The authoring agencies recommend organizations implement the mitigations below to improve your organization’s cybersecurity posture on the basis of the Interlock ransomware actors’ activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats and TTPs. Visit CISA’s CPGs webpage for more information on the CPGs, including additional recommended baseline protections.

In addition to the below mitigations, Healthcare and Public Health (HPH) organizations should use HPH Sector CPGs to implement cybersecurity protections to address the most common threats and TTPs used against this sector.

At-risk organizations should implement the following mitigations:

Prevent Interlock ransomware actors from obtaining initial access:
- Implement domain name system (DNS) filtering to block users from accessing malicious sites and applications.
- Implement web access firewalls to mitigate and prevent unknown commands or process injection from malicious domains or websites.
- Train users [CPG 2.I] to identify, avoid, and report social engineering attempts.
Implement a recovery plan [CPG 5.A] to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (e.g., hard drive, storage device, the cloud) [CPG 2.R].
Require all accounts with password logins (e.g., service accounts, admin accounts, and domain admin accounts) to comply with NIST password standards.
- Require employees to use long passwords [CPG 2.B] and consider not requiring recurring password changes, as these can weaken security.
Require MFA [CPG 2.H] for all services to the extent possible, particularly for webmail, virtual private networks (VPNs), and accounts that access critical systems.
- Implement ICAM policies across the organization as a precursor to MFA.
Keep all operating systems, software, and firmware up to date; prioritize patching known exploited vulnerabilities in internet-facing systems [CPG 1.E].
- Timely patching is efficient and cost effective for minimizing an organization’s exposure to cybersecurity threats.
Implement robust EDR capabilities on VMs, systems, and networks.
Segment networks [CPG 2.F] to prevent the spread of ransomware.
- Network segmentation can help prevent the spread of ransomware by controlling traffic flows between—and access to—various subnetworks and by restricting adversary lateral movement.
Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware [CPG 3.A] with a networking monitoring tool [CPG 2.T].
- To aid in detecting ransomware, implement a tool that logs and reports all network traffic, including lateral movement activity on a network.
- Implement EDR tools; these are useful for detecting lateral connections as they provide insight into common and uncommon network connections for each host.
Filter network traffic by preventing unknown or untrusted origins from accessing remote services on internal systems.
- This prevents threat actors from directly connecting to remote access services that they have established for persistence.
Install, regularly update, and enable real time detection for antivirus software on all hosts.
Review domain controllers, servers, workstations, and active directories for new and/or unrecognized accounts.
Audit user accounts with administrative privileges and configure access controls according to the principle of least privilege [CPG 2.E].
Disable unused ports.
Consider adding an email banner to emails received from outside of your organization [CPG 2.M].
Disable hyperlinks in received emails.
Implement time-based access for accounts set at the admin level and higher; for example, the just-in-time (JIT) access method provisions privileged access when needed and can support enforcement of the principle of least privilege (as well as the Zero Trust model):
- This is a process where a network-wide policy is set in place to automatically disable admin accounts at the Active Directory level when the account is not in direct need.
- Individual users may submit their requests through an automated process that grants them access to a specified system for a set timeframe when they need to support the completion of a certain task.
Disable command line and scripting activities and permissions [CPG 2.N].
- Disabling software utilities that run from the command line makes it more difficult for threat actors to escalate privileges and move laterally.
Maintain offline backups of data and regularly maintain backups and restorations [CPG 2.R]; this avoids severe service interruption and irretrievable data in the event of a compromise.
Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure [CPG 2.R].

In addition to applying mitigations, the authoring agencies recommend exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. The authoring agencies recommend testing your existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory.

To get started:

Select an ATT&CK technique described in this advisory (see Table 5 through Table 16).
Align your security technologies against the technique.
Test your technologies against the technique.
Analyze your detection and prevention technologies’ performance.
Repeat the process for all security technologies to obtain a set of comprehensive performance data.
Tune your security program, including people, processes, and technologies, based on the data generated by this process.

The authoring agencies recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory.

Your organization has no obligation to respond or provide information back to FBI in response to this joint advisory. If, after reviewing the information provided, your organization decides to provide information to FBI, reporting must be consistent with applicable state and federal laws.

FBI is interested in any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, a sample ransom note, communications with threat actors, Bitcoin wallet information, decryptor files, and/or a benign sample of an encrypted file.

Additional details of interest include a targeted company point of contact, status and scope of infection, estimated loss, operational impact, transaction IDs, date of infection, date detected, initial attack vector, and host- and network-based indicators.

The authoring agencies do not encourage paying ransom as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Regardless of whether you or your organization have decided to pay the ransom, FBI and CISA urge you to promptly report ransomware incidents to FBI’s Internet Crime Complain Center (IC3), a local FBI Field Office, or CISA via the agency’s Incident Reporting System or its 24/7 Operations Center (contact@mail.cisa.dhs.gov) or by calling 1-844-Say-CISA (1-844-729-2472).

State, local, tribal, and territorial governments should report incidents to the MS-ISAC (SOC@cisecurity.org or 866-787-4722).

HPH Sector organizations should report incidents to FBI or CISA but also can reach out to HHS at HHScyber@hhs.gov for cyber incident support focused on mitigating adverse patient impacts.

The information in this report is being provided “as is” for informational purposes only. The authoring agencies do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favor by the authoring agencies.

Cisco Talos contributed to this advisory.

July 22, 2025: Initial version.

¹ Elio Biasiotto, et. al., “Unwrapping the Emerging Interlock Ransomware Attack,” Talos Intelligence (blog), Cisco Talos, last modified November 7, 2024, https://blog.talosintelligence.com/emerging-interlock-ransomware/.

² Sekoia Threat Detection and Research team, “Interlock Ransomware Evolving Under the Radar,” Sekoia (blog), Sekoia, last modified April 16, 2025, https://blog.sekoia.io/interlock-ransomware-evolving-under-the-radar/.

³ Yashvi Shah and Vignesh Dhatchanamoorthy, “ClickFix Deception: A Social Engineering Tactic to Deploy Malware,” McAfee Labs (blog), McAfee,last modified June 11, 2024, https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to-deploy-malware/ and “HC3 Sector Alert: ClickFix Attacks,” Health Sector Cybersecurity Coordination Center, Department of Health and Human Services, last modified October 29, 2024, https://www.hhs.gov/sites/default/files/clickfix-attacks-sector-alert-tlpclear.pdf.

⁴ Shah, “ClickFix Deception: A Social Engineering Tactic to Deploy Malware.”

⁵ Sekoia Threat Detection and Research team, “Interlock Ransomware Evolving Under the Radar.”

⁶ Bill Toulas, “Interlock Ransomware Gang Deploys New NodeSnake RAT on Universities,“ Bleeping Computer, May 28, 2025, https://www.bleepingcomputer.com/news/security/interlock-ransomware-gang-deploys-new-nodesnake-rat-on-universities/.

⁷ Biasiotto, “Unwrapping the Emerging Interlock Ransomware Attack.”

⁸ International law-enforcement and Microsoft took down the Lumma Stealer malware in May 2025 by seizing internet domains the actors used to distribute the malware to actors and taking down domains that hosted the malware’s infrastructure. For more information, see Tara Seals, “Lumma Stealer Takedown Reveals Sprawling Operation,” Dark Reading, May 21, 2025, https://www.darkreading.com/cybersecurity-operations/lumma-stealer-takedown-sprawling-operation, and Steven Masada, “Disrupting Lumma Stealer: Microsoft Leads Global Action Against Favored Cybercrime Tool,” Microsoft On the Issues (blog), Microsoft, last modified May 21, 2025, https://blogs.microsoft.com/on-the-issues/2025/05/21/microsoft-leads-global-action-against-favored-cybercrime-tool/.

⁹ Sekoia Threat Detection and Research team, “Interlock Ransomware Evolving Under the Radar.”

¹⁰ Biasiotto, “Unwrapping the Emerging Interlock Ransomware Attack.”

¹¹ Biasiotto, “Unwrapping the Emerging Interlock Ransomware Attack.”

¹² Biasiotto, “Unwrapping the Emerging Interlock Ransomware Attack.”

¹³ Biasiotto, “Unwrapping the Emerging Interlock Ransomware Attack.”

¹⁴ Lawrence Abrams, “Meet Interlock — The New Ransomware Targeting FreeBSD Servers,” Bleeping Computer, November 3, 2024, https://www.bleepingcomputer.com/news/security/meet-interlock-the-new-ransomware-targeting-freebsd-servers/.

¹⁵ Biasiotto, “Unwrapping the Emerging Interlock Ransomware Attack.”

¹⁶ Graham Cluley, “Interlock Ransomware: What You Need to Know,” Fortra (blog), Fortra, last modified May 30, 2025, https://www.tripwire.com/state-of-security/interlock-ransomware-what-you-need-know.

¹⁷ Sekoia Threat Detection and Research team, “Interlock Ransomware Evolving Under the Radar.”

MIL OSI USA News –

July 23, 2025

MIL-OSI Security: Across-the-Board Convictions in Final Highs RICO Trial of 2025

Source: Office of United States Attorneys

MINNEAPOLIS – Following an eight-day jury trial, a federal jury convicted two defendants of all charged counts for their involvement in the Highs street gang, announced Acting U.S. Attorney Joseph H. Thompson.

Defendants Cortez Davon Blakemore, 35, and Robert Lesure, 23, were convicted by a jury of federal RICO conspiracy and conspiracy to distribute controlled substances. A sentencing hearing will be set at a later date. According to court documents and evidence presented at trial, Blakemore and Lesure were long-standing and prolific drug traffickers for the Highs criminal street gang. They sold fentanyl at the intersection of Broadway and Lyndale in North Minneapolis, which the Highs had taken control of and turned into an open-air drug market. As the jury heard at trial, the Highs is a violent criminal street gang that has long wreaked havoc on North Minneapolis, selling fentanyl and other deadly drugs and enforcing its terorrity through violence, kidnapping, and murder, including the murders of innocent civlians caught in the crossfire. Forty members of the Highs gang were charged in this large RICO indictment. Blakemore and Lesure are the 37^th and 38^th defendants to be convicted in this case. A final RICO defendant is set to be tried in 2026.

“These convictions bring justice not just to the victims of the Highs gang, but to an entire community that has endured years of violence, fear, and loss,” said Acting U.S. Attorney Joseph H. Thompson. “For too long, this gang terrorized Minneapolis, maintaining control through chaos. Today, the people of this city get something they’ve long been denied: peace. This case is the result of a relentless federal coalition—the U.S. Attorney’s Office side-by-side with our federal, state, and local law enforcement partners. Our message is clear: if you endanger our communities, we are coming for you. And we won’t stop until every neighborhood in this city is free from fear.”

“This isn’t just another trial; it’s a continuation of our full-court press to dismantle the Highs street gang and hold every last member accountable,” said Travis Riddle, ATF Special Agent in Charge of the St. Paul Field Division. “We’re proud to stand alongside our prosecution and investigative partners who’ve shown unmatched determination, trial after trial, to bring justice to the communities harmed by this violence.”

“As the summer progresses, Minneapolis is continuing to see a drop in violent crime, especially gun violence throughout the city,” said Minneapolis Police Chief Brian O’Hara. “The outstanding work of MPD officers and our partnership with the U.S. Attorney’s Office have been instrumental in targeting the small number of individuals committing a disproportionate amount of violence in the city. This conviction is the latest result of efforts that can not only be seen in the reduction of crime, but also felt by the community as we work to rebuild trust.”

“Our focus isn’t just on the money—it’s on the damage that money fuels,” said Jason Bushey, IRS Acting Special Agent in Charge of the Chicago Field Office. “When violent gangs push drugs and fear into our communities, our agents work relentlessly to expose the money behind the violence. This conviction is the result of that effort and a clear reminder that those who profit from chaos and pain will be held accountable.”

“In the wake of the guilty verdicts in the Highs gang RICO trial, it becomes abundantly clear that the efficacy of our justice system hinges not merely on the application of law, but on the transformative power of collaborative law enforcement partnerships,” stated FBI Minneapolis Special Agent in Charge Alvin M. Winston, Sr. “These alliances are essential, for they weave a fabric of shared intelligence and resources that fortify our collective resolve against violent crime, ensuring that justice is not merely an ideal, but a tangible reality for our communities.”

This case is the result of an investigation conducted by the ATF, FBI, Minneapolis Police Department, IRS Criminal Investigation, U.S. Postal Inspection Service, Hennepin County Sheriff’s Office, Minnesota Bureau of Criminal Apprehension, and Minnesota Department of Corrections with the assistance of the U.S. Marshals Service, DEA, Homeland Security Investigation, and the Hennepin County Attorney’s Office. The Ramsey County Sheriff’s Office, Dakota County Sheriff’s Office, St. Paul Police Department, and numerous other law enforcement agencies contributed to the investigation.

The U.S. Attorney’s Office also is deeply grateful to the Justice Department’s Violent Crime & Racketeering Section (VCRS) for their continued partnership and expertise on this and other ongoing RICO cases. This partnership has been critical to the success of these gang prosecutions.

Assistant U.S. Attorneys Thomas Calhoun-Lopez, Albania Concepcion, and Carla Baumel tried this case. They are prosecuting the case along with Attorney Brian Lynch of the Justice Department’s Violent Crime & Racketeering Section.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: Repeat Domestic Violence Offender from Ganado Sentenced to 96 Months in Prison

Source: Office of United States Attorneys

PHOENIX, Ariz. – Brian Jason Gishie, 46, of Ganado, Arizona, was sentenced on July 16, by Senior United States District Judge David G. Campbell to 96 months in prison, followed by three years of supervised release. Gishie, an enrolled member of the Navajo Nation, previously pleaded guilty to assault with a dangerous weapon and assault of an intimate partner by strangling.

On or about June 20, 2024, Gishie brutally assaulted an intimate partner at his home in Greasewood, Arizona, within the Navajo Nation community. Using a baseball bat, Gishie hit the victim several times on her head and body. He then strangled her with both hands for several seconds. The victim was medically treated for injuries related to the assault. Gishie had previously been convicted of multiple domestic violence related offenses, including Aggravated Domestic Violence in Maricopa County in 2004, and Assault by Strangling in the District of Arizona in 2019.

The FBI Phoenix Division’s Flagstaff office and the Navajo Nation Police Department conducted the investigation in this case. The United States Attorney’s Office, District of Arizona, Phoenix, handled the prosecution.

CASE NUMBER: CR-24-08120-PCT-DGC
RELEASE NUMBER: 2025-123_Gishie

# # #

For more information on the U.S. Attorney’s Office, District of Arizona, visit http://www.justice.gov/usao/az/
Follow the U.S. Attorney’s Office, District of Arizona, on Twitter @USAO_AZ for the latest news.

MIL Security OSI –

July 23, 2025
MIL-OSI Security: Amherst Businessman Sentenced for COVID Fraud
Source: US FBI

BUFFALO, N.Y. – U.S. Attorney Michael DiGiacomo announced today Hormoz Mansouri, 71, of Amherst, NY, who was convicted of conspiracy to commit wire fraud and bank fraud, and bank fraud, was sentenced to time served and five years’ supervised release, to include one year of home detention. He was also ordered to pay restitution totaling $3,197,562 and to forfeit $1,888,603.

Assistant U.S. Attorney Paul E. Bonanno, who handled the case, stated that Mansouri filed fraudulent loan applications under both the Paycheck Protection Program (PPP) and Economic Injury Disaster Loan (EIDL) program. The loans available for these programs were designed to provide emergency financial assistance pursuant to the Coronavirus Aid, Relief, and Economic Security (CARES Act). Mansouri controlled the following business entities which applied for loans:
- HLM Holding LLC,
- El Team Inc.,
- NPTS Inc.,
- 2060 Sheridan Drive LLC,
- 212 Holden Avenue LLC,
- 350 Old Niagara Falls Boulevard LLC,
- 47 East Amherst LLC, and
- 3600 Harlem Road LLC.
The PPP loans that the Mansouri-controlled entities obtained, either inflated or completely fabricated the average monthly payroll and six of the eight entities had no actual employees or payroll expenses at all. The total amount of money received from the fraudulent PPP loans totaled approximately $3,000,000. The Mansouri controlled entities also received approximately $450,600 in Economic Injury Disaster Loans (EIDL). These loan applications falsely represented revenues and cost of goods sold. On May 28, 2021, the United States Attorney’s Office seized approximately $1,923,603 of the fraudulently obtained money.

Mansouri also moved the fraudulent PPP and EIDL funds between various bank accounts; commingling the proceeds with legitimate business revenues; and funding certain accounts, including a campaign account (in the name of “Mansouri for County Comptroller”).

The sentencing is the result of an investigation by the Federal Bureau of Investigation, under the direction of Acting Special Agent-in-Charge Mark Grimm, and the Internal Revenue Service, Criminal Investigation Division, under the direction of Special Agent-in-Charge Harry Chavis.

# # # #

MIL Security OSI –
July 23, 2025