NewzIntel.com

Category: Intelligence Agencies

  • MIL-OSI Security: Ohio Man Arrested on Felony and Misdemeanor Charges for Actions During January 6 Capitol Breach

    Source: US FBI

                 WASHINGTON — An Ohio man was arrested on felony and misdemeanor charges related to his alleged conduct during the Jan. 6, 2021, breach of the U.S. Capitol. His alleged actions and the actions of others disrupted a joint session of the U.S. Congress convened to ascertain and count the electoral votes related to the 2020 presidential election.

                 David Valentine, 46, of Wilmington, Ohio, is charged in a criminal complaint filed in the District of Columbia with a felony charge of civil disorder. In addition to the felony, Valentine is charged with misdemeanor offenses of knowingly entering or remaining in any restricted building or grounds without lawful, knowingly, and with intent to impede or disrupt the orderly conduct of government business or official functions and disorderly conduct in a Capitol building or grounds.

                 Valentine was arrested on Aug. 22, 2024, in Milwaukee, Wisconsin, and he made his initial appearance in the Eastern District of Wisconsin.

                 According to court documents, Valentine was identified within the restricted grounds of the U.S. Capitol building at around 1:30 p.m. on Jan. 6, 2021, near a line of police officers and bike-rack barricades preventing rioters from advancing toward the U.S. Capitol building. At about 1:40 p.m., rioters carried and passed a large metal-framed “Trump 2020” sign toward the police line.

                 It is alleged that when the sign reached the police line, Valentine joined the rioters who pushed the sign against the police officers. It is alleged that Valentine reached for the sign with his right hand and pushed the sign. The rioters used the large sign as a battering ram against the officers who were holding the line and attempted to breach the bike-rack barricades while the officers were attacked with the large sign.

                 Later, Valentine was identified on the West Plaza of Capitol grounds and was seen entering a lower part of the Inaugural stage within the West Plaza. Valentine then allegedly climbed into an area that appeared to be under construction and seemed to cut some wires with a folding knife.

                 At about 2:30 p.m., members of the Metropolitan Police Department (MPD) retreated to an area inside the archway of the U.S. Capitol building’s Lower West Terrace Doors, referred to as the Tunnel. The Tunnel was the site of some of the most violent attacks against law enforcement on January 6th.  There, rioters massed in front of the Tunnel and attacked police officers, pushing in a collective effort to overwhelm the police officers guarding this entrance to the building. Valentine was present outside the Tunnel.

                 At approximately 5:00 p.m., rioters collectively pushed against the police officers in the Tunnel, and Valentine allegedly joined the group, placing his hand against the back of the rioter in front of him before being repelled by a chemical irritant.

                 This case is being prosecuted by the U.S. Attorney’s Office for the District of Columbia and the Department of Justice National Security Division’s Counterterrorism Section. Valuable assistance was provided by the U.S. Attorney’s Office for the Southern District of Ohio and the U.S. Attorney’s Office for the Eastern District of Wisconsin.

                 The case is being investigated by the FBI’s Cincinnati and Washington Field Offices. Valuable assistance was provided by the U.S. Capitol Police and the Metropolitan Police Department.

                 In the 43 months since Jan. 6, 2021, more than 1,488 individuals have been charged in nearly all 50 states for crimes related to the breach of the U.S. Capitol, including nearly 550 individuals charged with assaulting or impeding law enforcement, a felony. The investigation remains ongoing.

                 Anyone with tips can call 1-800-CALL-FBI (800-225-5324) or visit tips.fbi.gov.

                 A complaint is merely an allegation, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

    MIL Security OSI

  • MIL-OSI Security: Jury Finds Members of Violent Third World Mob Gang Guilty of Trafficking More Than 1,000 Kilograms of Marijuana

    Source: US FBI

    COLUMBUS, Ohio – A federal jury has convicted two members of the Third World Mob gang with conspiring to traffic more than 2,000 pounds of marijuana. Third World Mob is a violent criminal organization in Columbus.

    After an 8-day trial before U.S. District Judge Edmund A. Sargus, Jr., jurors deliberated for less than six hours before finding Klegewerges Abate, 35, and Abubakarr Savage, 34, both of Columbus, guilty on all counts.

    Abate, who is also known as “Bells,” “Robell” and “Sosa,” was convicted of conspiring to traffic at least 1,000 kilograms of marijuana, firearms offenses, and wire fraud related to illegally obtaining COVID-19 pandemic relief funds.

    Savage was charged with and convicted of conspiring to distribute at least 1,000 kilograms of marijuana. Savage is also known as “Sav” and “Savdripp.”

    According to court documents and trial testimony, Third World Mob members brought hundreds of pounds of marijuana into Ohio from other states like California and Georgia to sell in central Ohio. They used U-Haul trucks and rental cars to move the drugs.  Coconspirators used rental houses or houses leased or owned in other individuals’ names as “stash houses” or “trap houses” to facilitate the drug trafficking and to store significant amounts of cash from the drug proceeds.

    For example, in August 2019, Abate and others possessed a suitcase with approximately $940,000 in cash in it in a house on Phlox Avenue in Blacklick.

    During a November 2022 search of a residence on Chapel Stone Road in Blacklick, law enforcement officials found Abate and two of his co-conspirators, along with more than 700 kilograms of marijuana and three firearms.

    Third World Mob leaders and members used violence and the threat of violence to maintain authority over their drug trafficking.

    Surveillance video presented at trial showed Abate, a convicted felon, shooting a man at a restaurant in Columbus. Jurors also heard testimony about numerous shootings, a pistol-whipping, and other acts of intimidation.

    Abate was also convicted of wire fraud for falsely applying for Pandemic Unemployment Assistance, fraudulently claiming that he had been a self-employed landscaper during the time he trafficked drugs.

    In total, seven members of the Third World Mob have been charged federally since 2021. Fellow member Menelik Solomon pleaded guilty in November 2023 and was sentenced to more than 15 years in prison. Coconspirator Teddy Asefa entered a guilty plea to conspiracy to possess with intent to distribute marijuana and wire fraud just prior to trial. Another defendant stood trial with Abate and Savage and was acquitted of the single obstruction of justice charge against him.

    Kenneth L. Parker, United States Attorney for the Southern District of Ohio; Elena Iatarola, Special Agent in Charge, Federal Bureau of Investigation (FBI), Cincinnati Division; Orville O. Greene, Special Agent in Charge, Drug Enforcement Administration (DEA), Detroit; and Franklin County Sheriff Dallas Baldwin announced the verdict. U.S. Attorney Parker recognized the assistance from the Columbus, Whitehall and Tucson, Arizona, police departments and the Ohio Bureau of Criminal Investigation. Assistant United States Attorneys Elizabeth A. Geraghty and S. Courter Shimeall represented the United States in this case.

    # # #

    MIL Security OSI

  • MIL-OSI Security: Cincinnati Man Sentenced to More Than 13 Years in Prison for Sex Trafficking Missing Teen

    Source: US FBI

    CINCINNATI – A Cincinnati man was sentenced in federal court here today to 162 months in prison for sex trafficking a missing teen girl.

    As part of his conviction, Payton Jamar Brown, 26, was ordered to pay nearly $58,000 in restitution to the minor victim and forfeit his home on Niagara Street in Cincinnati. Proceeds of the sale of his forfeited home will be paid to Brown’s victim as restitution.

    According to court documents, from June until October 2022 and again in February 2023, Brown sex trafficked the teenaged girl.

    Brown met the victim online and began a relationship with her. The victim began to reside with Brown, who created prostitution advertisements of her. Brown would transport the victim to hotels for prostitution dates that he had arranged. Brown arranged at least 40 prostitution dates in this timeframe and collected the proceeds from the victim.

    In October 2022, Colerain police officers responded to Brown’s residence and recovered the victim, who was subsequently taken to a juvenile facility in another state.

    In February 2023, the juvenile escaped the facility and messaged Brown on Instagram to pick her up. Brown drove interstate to pick up the victim and her friend and bring them to his residence. Brown again created a prostitution advertisement of the victim and arranged sexual encounters with other men for money.

    Throughout his time with the victim, Brown would regularly engage in sex acts with the minor and record those acts with a cell phone. He would then sell the photos and videos to others online.

    Brown was arrested by the FBI in February 2023. He pleaded guilty in October 2023.

    Kenneth L. Parker, United States Attorney for the Southern District of Ohio; Elena Iatarola, Special Agent in Charge, Federal Bureau of Investigation (FBI), Cincinnati Division; Colerain Township Police Chief Edwin C. Cordie III; and members of the Regional Electronics and Computer Investigations (RECI) task force announced the sentence imposed today by U.S. District Judge Douglas R. Cole. Assistant United States Attorney Kyle J. Healey is representing the United States in this case.

    # # #

    MIL Security OSI

  • MIL-OSI Security: Former Columbus Police Officer Pleads Guilty to Stealing Cocaine From Crime Scenes, Police Evidence Room

    Source: US FBI

    COLUMBUS, Ohio – A former Columbus police officer pleaded guilty in federal court here today to crimes involving more than 10 kilograms of cocaine and money laundering.

    Joel M. Mefford, 35, of London, Ohio, pleaded guilty to two counts of possessing with intent to distribute 500 grams or more of cocaine, one count of possessing with intent to distribute five kilograms or more of cocaine, and one count of money laundering.

    According to court documents, Mefford was a Columbus police officer assigned to investigate drug crimes. On three occasions between February and April 2020, Mefford worked with another officer to steal and traffic cocaine.

    In February 2020, Mefford and the other officer were investigating a drug crime and unlawfully gained access to a detached garage belonging to the subject of the investigation. Without a warrant, they entered the garage and discovered two kilograms of cocaine in the rafters. They unlawfully seized one of the kilograms and left the other to be found during the execution of a search warrant the next morning. The other officer gave the stolen narcotics to another individual to sell.

    Similarly, in February and March 2020, Mefford and the other officer were investigating drug-trafficking activity at houses on Ambleside Drive and Kilbourne Avenue in Columbus. On March 7, 2020, the officers took a bag containing multiple kilograms of cocaine from the house on Ambleside Drive and arrested an individual there. They then traveled to the house on Kilbourne Avenue and removed a kilogram of cocaine. That same day, Mefford turned in one kilogram of cocaine to evidence, and the officers stole the other kilograms to be sold.

    In April 2020, Mefford and the other officer stole between 10 and 20 kilograms of cocaine from the Columbus police property room and replaced it with fake cocaine. Mefford transported the stolen cocaine in a police cruiser and the other officer later gave the drugs to another individual to sell. The drug proceeds were then given to the other officer, who provided Mefford his cut. Mefford personally received a total of approximately $130,000 from cocaine sales.

    Mefford deposited more than $72,000 of the cash derived from the cocaine sales into his personal bank account.

    Possessing with intent to distribute five kilograms or more of cocaine is punishable by at least 10 years and up to life in prison. Possessing with intent to distribute 500 grams or more of cocaine carries a potential penalty of five to 40 years in prison. Money laundering is punishable by up to 10 years in prison. Congress sets the minimum and maximum statutory sentences. Sentencing of the defendant will be determined by the Court at a future hearing based on the advisory sentencing guidelines and other statutory factors.

    Kenneth L. Parker, United States Attorney for the Southern District of Ohio; and Elena Iatarola, Special Agent in Charge, Federal Bureau of Investigation (FBI), Cincinnati Division, announced the plea entered today before U.S. District Judge Edmund A. Sargus Jr.

    Assistant United States Attorneys Peter K. Glenn-Applegate and Elizabeth A. Geraghty are representing the United States in this case.

    The case was investigated by the FBI’s Southern Ohio Public Corruption Task Force, which includes special agents and officers from the FBI, Ohio Attorney General’s Bureau of Criminal Investigation, the Ohio Auditor of State’s Office and the Columbus Division of Police.

    # # #

    MIL Security OSI

  • MIL-OSI Security: BLM Activist Sentenced to Prison for Wire Fraud and Money Laundering

    Source: US FBI

    TOLEDO, Ohio – Sir Maejor Page, 35, of Toledo, has been sentenced to 42 months in prison by U.S. District Judge Jeffrey Helmick after a jury convicted him of wire fraud and money laundering for defrauding donors of more than $450,000 that they collectively gave to his nonprofit “Black Lives Matter of Greater Atlanta” (BLM of Greater Atlanta) based on Page’s false representations. He was also ordered to pay a $400 special assessment fee.

    Page continued to collect donations to his purported social justice charity through the organization’s Facebook page even after its tax-exempt status was revoked for failure to submit IRS Form 990 for three consecutive years.  He regularly posted content to Facebook about social and racial issues to give his nonprofit the appearance of legitimacy, despite no longer being tax-exempt. He also used Facebook to message privately with users, and he falsely represented that their donations would be used to “fight for George Floyd” and the “movement.” As a result, approximately 18,000 people donated to the BLM of Greater Atlanta charity through its Facebook account, which Page administered.

    Page used the donations to BLM for his own personal benefit. He purchased entertainment, hotel rooms, clothing, firearms, and a property that he intended to use as his personal residence. He attempted to conceal the purchase of the property by using the name “Hi Frequency Ohio” and asked the seller to sign a nondisclosure agreement that would have prevented the seller from listing Page as the actual buyer.

    “Mr. Page took advantage of a cause meant to fight social injustices, using it instead to line his own pockets with thousands of dollars of donations,” said U.S. Attorney Rebecca C. Lutzko for the Northern District of Ohio. “People donate their hard-earned money to support causes they believe in, and when a fraudster like Page comes along and tries to get away with a fake charity scheme, it hurts legitimate nonprofit organizations that rely on the generosity of others to advance their missions and make positive change in the world. This Office will hold accountable those who try to profit by scamming unsuspecting people out of their money like Page did here.”

    “The FBI will aggressively investigate individuals, like Sir Maejor Page, who engage in fraudulent charity schemes at the expense of the American public,” said FBI Cleveland Special Agent in Charge Greg Nelsen.  “Page is a calculating criminal who willingly conspired to steal hundreds of thousands of dollars through the trusting public. Today’s sentence holds him accountable and demonstrates that the FBI will steadfastly pursue perpetrators who target American citizens.”

    This case was investigated by the FBI Cleveland Division and prosecuted by Assistant U.S. Attorneys Gene Crawford and Rob Melching.

    MIL Security OSI

  • MIL-OSI Security: U.S. Army Soldier Sentenced to 14 Years in Prison For Attempting to Assist ISIS to Conduct Deadly Ambush on U.S. Troops

    Source: US FBI

    U.S. Army Private First Class Provided Tactical Guidance in Attempt to Help ISIS Attack and Murder U.S. Service Members in the Middle East

    Cole Bridges, also known as Cole Gonzales, 24, of Stow, Ohio, was sentenced to 168 months in prison followed by 10 years of supervised release for attempting to provide material support to a designated foreign terrorist organization and attempting to murder U.S. military service members, based on his efforts to assist the Islamic State of Iraq and al-Sham (ISIS) to attack and kill U.S. soldiers in the Middle East.

    Bridges pleaded guilty to terrorism charges on June 14, 2023. According to court documents, Bridges joined the U.S. Army in approximately September 2019 and was assigned as a cavalry scout in the Third Infantry Division based in Fort Stewart, Georgia. Before he joined the Army, beginning in at least 2019, Bridges began researching and consuming online propaganda promoting jihadists and their violent ideology, and began to express his support for ISIS and jihad on social media. In or about October 2020, approximately one year after joining the Army, Bridges began communicating with an FBI online covert employee (the OCE), who was posing as an ISIS supporter in contact with ISIS fighters in the Middle East. During these communications, Bridges expressed his frustration with the U.S. military and his desire to aid ISIS. Bridges then provided training and guidance to purported ISIS fighters who were planning attacks, including advice about potential targets in New York City. Bridges also provided the OCE with portions of a U.S. Army training manual and guidance about military combat tactics, with the understanding that the materials would be used by ISIS in future attack planning.

    In or about December 2020, Bridges began to supply the OCE with instructions for the purported ISIS fighters on how to attack U.S. forces in the Middle East. Among other things, Bridges diagrammed specific military maneuvers intended to help ISIS fighters maximize the lethality of future attacks on U.S. troops. Bridges also provided advice about the best way to fortify an ISIS encampment to ambush U.S. Special Forces, including by wiring certain buildings with explosives to kill the U.S. troops. Then, in January 2021, Bridges provided the OCE with a video of himself in his U.S. Army body armor standing in front of a flag often used by ISIS fighters and making a gesture symbolic of support for ISIS. Approximately one week later, Bridges sent a second video in which Bridges, using a voice manipulator, narrated a propaganda speech in support of the anticipated ambush by ISIS on U.S. troops.

    The FBI’s New York Joint Terrorism Task Force investigated the case, with valuable assistance provided by the FBI field offices in Washington, Atlanta, and Cleveland; U.S. Army Counterintelligence, the U.S. Attorney’s Office for the Southern District of Georgia, Air Force Office of Special Investigations, U.S. Army Criminal Investigation Command, and U.S. Army Third Infantry Division.

    Assistant U.S. Attorneys Sam Adelsberg and Matthew Hellman for the Southern District of New York prosecuted the case, with assistance from Trial Attorney Michael Dittoe of the National Security Division’s Counterterrorism Section.

    MIL Security OSI

  • MIL-OSI Security: Bryan County Resident Pleads Guilty to Assault with Intent to Commit Murder

    Source: US FBI

    MUSKOGEE, OKLAHOMA – The United States Attorney’s Office for the Eastern District of Oklahoma announced that Jason Edward Lewis, age 48, of Kenefic, Oklahoma, entered a guilty plea to one count of Assault with Intent to Commit Murder in Indian Country.

    The Superseding Indictment alleged that on or about July 10, 2024, Lewis assaulted an individual with intent to commit murder.  The crime occurred in Bryan County, within the boundaries of the Choctaw Nation Reservation, in the Eastern District of Oklahoma.

    The charges arose from an investigation by the Federal Bureau of Investigation, the Choctaw Nation Lighthorse Police, and the Bryan County Sheriff’s Office.

    The Honorable D. Edward Snow, U.S. Magistrate Judge in the United States District Court for the Eastern District of Oklahoma, accepted the plea and ordered the completion of a presentence investigation report.  Lewis will remain in the custody of the United States Marshals Service pending sentencing.

    Assistant U.S. Attorney Rachel Geizura represented the United States.

    MIL Security OSI

  • MIL-OSI Security: Adair County Resident Sentenced for Child Abuse

    Source: US FBI

    MUSKOGEE, OKLAHOMA – The United States Attorney’s Office for the Eastern District of Oklahoma announced that Brian Keith Bowen Jr., age 26, of Stilwell, Oklahoma, was sentenced to 48 months in prison for one count of Child Abuse in Indian Country.

    The charges arose from an investigation by the Federal Bureau of Investigation and the Cherokee Nation Marshals Service.

    On May 22, 2024, Bowen pleaded guilty to the charge.  According to investigators, between April and May of 2023, Bowen maliciously harmed a child entrusted in his care.  Bowen’s mistreatment came to light on May 2, 2023, when medical professionals treating the child observed numerous injuries, including fading bruises, petechiae, and a spiral bone fracture consistent with child abuse.

    The crimes occurred in Adair County, within the boundaries of the Cherokee Nation Reservation, in the Eastern District of Oklahoma.

    The Honorable Ronald A. White, Chief U.S. District Judge in the United States District Court for the Eastern District of Oklahoma, presided over the hearing.  Bowen will remain in the custody of the U.S. Marshals Service pending transportation to a designated United States Bureau of Prisons facility to serve a non-paroleable sentence of incarceration.

    Assistant U.S. Attorney Jessie K. Pippin represented the United States.

    MIL Security OSI

  • MIL-OSI Security: Adair County Resident Pleads Guilty to Involuntary Manslaughter

    Source: US FBI

    MUSKOGEE, OKLAHOMA – The United States Attorney’s Office for the Eastern District of Oklahoma announced that Jade Larae Duncan, age 27, of Stilwell, Oklahoma, entered a guilty plea of one count of Involuntary Manslaughter in Indian Country.

    The Indictment alleged that on December 2, 2022, Duncan unlawfully killed an individual in the commission of an unlawful act not amounting to a felony and in the commission in an unlawful manner, without due caution and circumspection, while driving under the influence of alcohol and departing the roadway into a creek bed.  The crime occurred in Adair County, within the boundaries of the Cherokee Nation Reservation, in the Eastern District of Oklahoma.

    The charge arose from an investigation by the Federal Bureau of Investigation, the Oklahoma Highway Patrol, and the Adair County Sheriff’s Department.

    The Honorable Gerald L. Jackson, U.S. Magistrate Judge in the United States District Court for the Eastern District of Oklahoma, accepted the plea and ordered the completion of a presentence investigation report.

    Assistant U.S. Attorneys Patrick M. Flanigan, Lewis M. Reagan, and T. Cameron McEwen represented the United States.

    MIL Security OSI

  • MIL-OSI Security: Medford Man Sentenced to Federal Prison for Role in Fatal Fentanyl Overdose of a Teenager

    Source: US FBI

    MEDFORD, Ore.—A Medford man was sentenced to federal prison Monday for distributing fentanyl that caused the overdose death of a local teenager.

    John Rocha, 31, was sentenced to 78 months in federal prison and four years’ supervised release.

    According to court documents, on September 7, 2021, officers from the Medford Police Department responded to a report of an overdose death of a local 17-year-old high school student. Investigators soon learned that the teenager had taken counterfeit Percocet pills containing fentanyl. Within days, investigators identified Rocha as the victim’s fourth-level drug supplier and, when confronted by law enforcement, he admitted to having recently sold counterfeit pills.

    On February 3, 2022, a federal grand jury in Medford returned a five-count indictment charging Rocha and four others with distributing fentanyl, possessing with intent to distribute fentanyl, and possessing a firearm in furtherance of a drug trafficking crime.

    On February 20, 2024, Rocha pleaded guilty to distributing fentanyl.

    This case was investigated by the FBI and the Medford Area Drug and Gang Enforcement Team (MADGE). It was prosecuted by Marco A. Boccato, Assistant U.S. Attorney for the District of Oregon.

    MADGE is a multi-jurisdictional narcotics task force that identifies, disrupts, and dismantles local, multi-state, and international drug trafficking organizations using an intelligence-driven, multi-agency prosecutor-supported approach. MADGE is supported by the Oregon-Idaho High-Intensity Drug Trafficking Area (HIDTA) and is composed of members from the Medford Police Department, the Jackson County Sheriff and District Attorney’s Offices, the Jackson County Community Corrections, FBI, and Homeland Security Investigations (HSI).

    The Oregon-Idaho HIDTA program is an Office of National Drug Control Policy (ONDCP) sponsored counterdrug grant program that coordinates with and provides funding resources to multi-agency drug enforcement initiatives.

    MIL Security OSI

  • MIL-OSI Canada: G7 Finance Ministers and Central Bank Governors’ Communiqué

    Source: Government of Canada News

    Statement

    Banff, May 20-22, 2025

    1. We, the G7 Finance Ministers and Central Bank Governors, met on May 20-22, 2025 in Banff, Canada together with the Heads of the International Monetary Fund (IMF), World Bank Group (WBG), Organisation for Economic Cooperation and Development (OECD), and Financial Stability Board (FSB). We were also joined by Ukrainian Finance Minister Sergii Marchenko and the President of the Financial Action Task Force (FATF) for parts of the meeting.
    2. We began by reiterating our shared commitment to the G7. After 50 years of working together, transcending national differences and promoting global prosperity, the value of the G7 is clear. We held a productive and frank exchange of views on the current global economic and financial situation, the risks and opportunities common to our countries, and ways to address them. This joint statement reflects the outcome of the discussion between G7 Finance Ministers and Central Bank Governors during the meeting.  

    Global Economy

    1. In the face of multiple complex global challenges, we are committed to pursuing our shared policy objectives. We agree that the G7 can leverage our strong economic relationships to advance our common goals. International organizations signaled at our last meeting that trade and economic policy uncertainty was high and weighing on global growth. We acknowledge that economic policy uncertainty has declined from its peak, and we will work together to achieve further progress. We also shared our concerns over unsustainable global macro imbalances.
    2. In this respect, we also underscore the need to address excessive imbalances and strengthen macro fundamentals, given potential global spillovers. We call on the IMF to continue to enhance its analysis of imbalances in both its bilateral and multilateral surveillance. We continue to engage with each other and with international partners to advance international cooperation and deliver prosperity.
    3. Strong and sustainable economic growth is the cornerstone of economic prosperity. We are committed to working together to achieve a balanced and growth-oriented macroeconomic policy mix that supports our economic security and resilience and ensures that all of our citizens can benefit from that growth. We are committed to maintaining well-functioning financial markets. We recognize that elevated uncertainty can have implications for the economy and for financial stability. We will continue to monitor and consult closely on these matters. Our central banks remain strongly committed to ensuring price stability, consistent with their respective mandates. We reaffirm our May 2017 exchange rate commitments.

    Economic Resilience and Security

    1. We recognize the need for a common understanding of how non-market policies and practices (NMPPs) aggravate imbalances, contribute to overcapacity, and impact the economic security of other countries. Building on our previous commitments and as guided by Leaders, we will contribute, as appropriate, to the monitoring of NMPPs, continuing to assess the distortions they cause in markets and their global spillovers. We agree on the importance of a level playing field and taking a broadly coordinated approach to address the harm caused by those who do not abide by the same rules and lack transparency.
    2. We call on international organizations to address data gaps and deepen our collective understanding of NMPPs and their domestic and global implications. We agree that joint analysis of market concentration and international supply chain resilience would be useful areas of future work. This analysis will inform our respective policy approaches, which will in part be shaped by our underlying industrial and consumer structures. Where appropriate and relevant, we will engage partners beyond the G7.
    3. We recognize a significant increase in international low-value shipments being sent to our economies in a decentralized manner, and the potential for this to overwhelm and take advantage of customs controls and duty and tax collection infrastructure. Collectively, we recognize the potential for illicit drug trafficking, the importation of counterfeit goods, the misclassification of merchandise, revenue leakage, inequity for our retailers, and significant environmental waste. We commit to exploring ways that our low-value importation systems could address these risks.

    Support for Ukraine

    1. We condemn Russia’s continued brutal war against Ukraine and commend the immense resilience from the Ukrainian people and economy. Ukraine has suffered significant destruction. The G7 remains committed to unwavering support for Ukraine in defending its territorial integrity and right to exist, and its freedom, sovereignty and independence toward a just and durable peace.
    2. We welcome ongoing efforts to achieve a ceasefire. If such a ceasefire is not agreed, we will continue to explore all possible options, including options to maximize pressure such as further ramping up sanctions. We reaffirm that, consistent with our respective legal systems, Russia’s sovereign assets in our jurisdictions will remain immobilized until Russia ends its aggression and pays for the damage it has caused to Ukraine.
    3. We agree that private sector mobilization will be important in the recovery and reconstruction of Ukraine, with costs estimated by the WBG at US$524 billion over the next decade. We collectively commit to help build investor confidence through bilateral and multilateral initiatives. To this end, in addition to the ongoing support through the MIGA SURE (Support for Ukraine’s Reconstruction and Economy) trust fund, we will work, including through the Ukraine Donor Platform, with the Government of Ukraine, international financial institutions (IFIs), and the insurance industry towards removing the blanket ban imposed on Ukraine as soon as possible. We will continue to coordinate support to promote the early recovery and reconstruction of Ukraine, including at the Ukraine Recovery Conference, which will take place in Rome on July 10-11, 2025. Further, we agree to work together with Ukraine to ensure that no countries or entities, or entities from those countries that financed or supplied the Russian war machine will be eligible to profit from Ukraine’s reconstruction.

    Bolstering Long-term Growth and Productivity

    1. We agree on the importance of pursuing public policies that spur innovation, raise productivity and promote greater labour force participation. In an environment of high public debt and increasing fiscal pressures, we also agree that raising long-term growth potential is essential to manage risks to fiscal sustainability and increase wages and living standards.
    2. We discussed and shared experiences on how best to pursue growth-enhancing policies in a fiscally prudent manner. We agree that structural reforms can help set the foundations for strong and sustainable economic growth. We recognize that specific growth policies need to be adapted to each country’s needs and circumstances. We agree that maintaining a stable and predictable macroeconomic environment is important for strong growth and productive long-term investment.

    Artificial Intelligence

    1. We deepened our understanding of prospects for AI to raise productivity growth, and of the policies needed to realize the benefits. We appreciate the framework provided by the OECD to better quantify and monitor AI-driven productivity gains. We recognized the benefits of AI for the financial sector and the need to monitor and assess potential risks to financial stability as AI adoption further increases.

    Financial Sector Issues

    1. We are committed to a strong, resilient and stable financial sector. We reiterate that a continued focus on financial stability and regulatory issues remains vital to ensure the effective functioning of the financial system. We noted our support for the important work of the FSB and Standard Setting Bodies. We focused on non-bank financial intermediaries, which play an increasingly important role in financing the real economy. Their activities can contribute to the efficiency of financial markets but can also pose risks to the global financial system. We discussed sources of potential risk, including those from liquidity mismatch, leverage and interconnectedness. We agree on the need to assess non-bank data availability, use and quality and to share knowledge and approaches to monitoring and assessing potential risks.
    2. Enhancing cross-border payments can have widespread benefits for citizens and economies worldwide. We remain committed to delivering cheaper, faster, more transparent and more accessible cross-border payments while maintaining their safety, resilience, and financial integrity. This includes supporting the implementation of the G20 Roadmap as well as appropriate future actions as necessary to meet these goals.
    3. Cyber risks threaten to disrupt global financial systems and the institutions that support them. To address the evolving cyber threat landscape, we will continue to take action to further strengthen our shared response capabilities and protocols in the event of a significant cyber incident. We look forward to the G7 Cyber Expert Group’s assessment of the risks and opportunities that AI presents for cybersecurity.
    4. The potential effects of quantum technologies on the global financial landscape are becoming increasingly visible. Our central banks will explore how we can identify, categorize and mitigate potential risks to data security and financial stability and promote economic resilience.

    Financial Crime Call to Action

    1. We remain steadfast in our commitment to tackling financial crime, including money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction (AML/CFT/CPF). We endorse a “Financial Crime Call to Action” to spur further progress and collective efforts of the Financial Action Task Force (FATF) and its Global Network. By bringing together over 200 jurisdictions around the world, the FATF is the ultimate international standard setter, and we welcome its leadership in combatting financial crime since its creation by the G7 in 1989.
    2. Through strengthening our AML/CFT/CPF frameworks and enhanced international cooperation we will endeavor to stay abreast of emerging risks, understand the role of technology and deepen the responsible exchange of information to make it harder for criminals to access the financial system and evade detection.
    3. We recognize financial crime acts as a barrier to growth, development and stability, and support efforts to strengthen frameworks in lower capacity countries. We encourage the international community to join us in this Call to Action and strengthen our collective response to financial crime.

    Support for Developing Countries

    1. We reaffirm our commitment to the ongoing implementation of the World Bank-led Resilient and Inclusive Supply-Chain Enhancement (RISE) Partnership and recognize its progress toward better integrating low- and middle-income countries in the global supply chain of clean energy products, especially in Africa. We welcome the adoption of a country roadmap in Zambia. We encourage the World Bank to further advance this initiative, and we look forward to the launch of the first local and regional information platforms in Africa. We support the expansion of RISE’s activities to Latin America and the Caribbean, and a better integration of all segments of the critical mineral supply chain. We call on Multilateral Development Banks (MDBs) to strengthen collaboration on critical mineral supply chains amongst themselves and with other key stakeholders. We also highlighted linkages to G20 initiatives facilitating private sector development, such as the G20 Compact with Africa.
    2. We recognize that global crises, including health crises and natural disasters, pose significant challenges for all economies, with particularly severe impacts on vulnerable states, including small ones. We reaffirm the importance of strengthening support for these countries by facilitating domestic resource mobilization as well as the use and uptake of crisis preparedness and response tools, including Climate Resilient Debt Clauses and insurance, to help ease fiscal pressures. We encourage the IMF and MDBs to strengthen their focus on crisis prevention in order to reduce the incidence of crises materializing.
    3. We call on the international community to make efforts to support vulnerable countries facing debt challenges. We look forward to the G20 work on improving the implementation of the Common Framework for debt treatments in a predictable, timely, orderly, and coordinated manner. We also agree on the importance of advancing debt transparency to support sound economic governance and financial stability. We call on the international community to make efforts to support vulnerable countries whose debt is sustainable but face near-term liquidity challenges. We recognize the need for continued efforts with all partners, public and private, to enhance the availability and quality of debt data, including through the Data Sharing Exercise with the World Bank.
    4. We reaffirm our commitment to achieving more effective and impactful MDBs through reforms aiming to ensure that they work effectively as a system to address the most pressing global challenges, deliver on their core mandate, and use their resources as efficiently as possible, including by implementing the recommendations from the G20 Capital Adequacy Framework Review. We urge MDBs to continue to step up their efforts to mobilize private capital and enhance domestic resource mobilization in emerging markets and developing countries. We emphasize the importance of implementing quality-based procurement policies and procedures that promote efficiency, competition from the private sector, and transparency.

    G7 Financial Crime Call to Action

    The G7 Finance Ministers and Central Bank Governors remain steadfast in our commitment to tackling financial crime, including money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction (AML/CFT/CPF).

    In 1989, the G7 created the Financial Action Task Force (FATF) to “prevent the utilization of the banking system and financial institutions for the purpose of money laundering” and was soon joined by many other countries and jurisdictions which shared the same concerns and volunteered for a global effort against financial crime. Since its establishment, the FATF’s mandate and standards have expanded to include the combatting of financing of terrorism and the financing of proliferation of weapons of mass destruction. The transnational nature of money laundering, malicious nature of its predicate crimes, and integrated nature of our economies necessitate a collective approach to combatting illicit finance. 2025 marks the 35-year anniversary of the FATF’s “40 Recommendations”, which were developed collectively by FATF members and are now being implemented in more than 200 jurisdictions worldwide thanks to the joint efforts of the FATF Global Network.

    The Intersection of Crime, Security, and Economic Prosperity

    Organized criminals, including cartels, are exploiting gaps in global AML safeguards to launder the profits of their criminal activities such as drug trafficking (including fentanyl and synthetic opioids), fraud, cybercrimes, and human smuggling that generate billions in illicit revenue annually. These crimes are not only having a devastating impact on our communities, but they are also impacting national security and economic integrity as profits are re-invested into vast criminal networks that seek to undermine the rule of law and destabilize our governments and economies.

    Financial crime is also harming global economic growth. The International Monetary Fund has found that illicit finance reduces productivity, widens inequality, inhibits legitimate investment and hinders an effective allocation of resources. The World Bank has found that financial crimes are a barrier to development sparking political instability, deterring private capital, undermining good governance and the rule of law, and generally eroding trust in governments and institutions. Illicit finance also robs treasuries of badly needed tax revenue at a time when so many economies around the world are facing historically high debt levels.

    The World Bank sees tackling illicit finance in low-capacity countries as vital to their development priorities and requiring sustained engagement. Strengthening AML/CFT/CPF capacity in developing and low-capacity countries would improve financial inclusion and further deprive international organized crime groups of opportunities to launder their illicit proceeds or finance terrorism.

    In this context, technically sound and effective AML/CFT/CPF frameworks contribute to safer communities, our collective security, and to stronger economies in the G7 and around the globe.  

    The Way Forward

    Under the Canadian G7 Presidency, Finance Ministers and Central Bank Governors have taken stock of the fight we launched in 1989 and identified areas for further action. Today, we endorse the present Financial Crime Call to Action to strengthen global security, protect financial sector integrity, and foster economic growth and economic development.

    Strengthening our Frameworks

    • We re-commit to the founding principles of the FATF and will continue to actively support the organization.
      • The FATF is the ultimate AML/CFT/CPF standard setter that catalyzes improvements in members’ AML/CFT/CPF regimes. It is essential to maintain the FATF’s role at the centre of the global fight against illicit finance.
      • We commit to ensuring that the FATF remains a technical body that produces in-depth and impartial peer reviews and research that inform our ongoing understanding of risk.
    • We commit to improving the effectiveness of our respective AML/CFT/CPF regimes. The G7 must lead by example.
      • G7 financial systems remain the most interconnected in the world and continue to represent attractive targets for bad actors seeking to launder ill-gotten gains. The G7 will continue to improve our effectiveness in preventing the proceeds of crime from entering our financial sectors, detecting and disrupting money laundering threats, sanctioning criminals and depriving them of their illegitimate proceeds in a manner consistent with our domestic legal frameworks.
      • Shell companies are enablers for criminals to hide proceeds of crime and engage in illicit activities, such as large-scale tax and sanctions evasion. Ensuring that competent authorities, particularly law enforcement, have sufficient resources and tools to investigate and prosecute money laundering, terrorist financing, and proliferation financing involving shell companies is critical to fighting financial crime.
      • The procurement of dual use and military technology through circumvention of sanctions violates United Nations Security Council Resolutions and undermines global security. We commit to enhancing implementation of our targeted financial sanctions and ensuring they are the most effective in the world.

    Enhancing International Cooperation

    • We will stay abreast of emerging risks tied to money laundering, terrorist financing and proliferation financing through research and the development of joint typologies and strategic intelligence.
      • We express our serious concerns that virtual asset thefts and scams, including by the Democratic People’s Republic of Korea, have reached unprecedented levels. These threats, as well as the methods used by criminals to launder their proceeds, must be better understood and addressed. This is necessary to raise awareness, enhance prevention, and mitigate money laundering as well as being critical to promoting responsible innovation in virtual assets and protecting virtual asset users in our jurisdictions. We will further research and exchange information such as typology work on emerging risks related to virtual assets, including from the perspectives of cybersecurity and AML/CFT/CPF, and take necessary measures.
      • We recognize that illicit actors will continue to take advantage of jurisdictional differences in approaches to countering sanctions evasion and the financing of proliferation. Therefore, we commit to work together to maintain an up-to-date and common understanding of relevant threats, vulnerabilities, and typologies to prevent and combat complex proliferation financing and sanctions evasion schemes.
    • We must break down silos and deepen the responsible exchange of information internationally to make it harder for criminals to access the financial system and evade detection.
      • Bad actors are exploiting silos within, and across, AML/CFT/CPF regimes to conceal their actions. In response, we will improve risk-based and secure information sharing internationally between our national competent authorities, and domestically amongst the private sector and between public and private sector partners, consistent with our domestic legal frameworks. Facilitating this type of information sharing supports G7 efforts to mitigate the negative impacts of fraud on our businesses and citizens and to combat illicit activities by transnational organized crime groups, including cartels.
      • Many of our financial institutions operate across G7 markets. We will encourage deeper cooperation between our regulators who supervise on a group-wide basis. We commit to ensuring that our AML/CFT/CPF supervision is risk-based, effective and focused on stopping financial crime. We will also ensure that sanctions for non-compliance are proportionate, dissuasive and effective.

    Addressing Financial Crime as a Barrier to Growth and Stability

    • We will support efforts to strengthen AML/CFT/CPF frameworks in lower capacity countries to foster growth and economic development.
      • This can be achieved through many channels, including bilateral and multilateral assistance and collaboration. This work will ensure the G7 together with other FATF members keep pace with evolving regional risks, and support asset recovery to further deprive criminals of illicit proceeds and reduce opportunities for money laundering.
      • The FATF and its Global Network of nine FATF-Style Regional Bodies (FSRBs), which bring together more than 200 jurisdictions and 20 observer international organizations, are at the heart of the global fight against financial crime. We reiterate our commitment to supporting the FSRBs in overseeing the consistent and effective implementation of the FATF standards worldwide, including in the next round of mutual evaluations.
    • We commit to supporting the effective implementation of AML/CFT/CPF measures that are risk-based and proportionate.
      • We recognize that a risk-based approach can promote economic development and financial inclusion by encouraging assessments of risk, identifying lower and higher risk scenarios, and implementing simplified AML/CFT/CPF measures in certain scenarios proportionate to the relevant risks. 
      • By implementing the revised FATF standards, we will facilitate legitimate funds continuing to move through the formal financial sector, promoting economic development and financial inclusion while mitigating unintended consequences.
    • We commit to exploring the role of technology in AML/CFT/CPF implementation.
      • We encourage adoption of new technologies that can more effectively detect, report and interdict illicit finance. This includes partnering with the private sector to understand how emerging technologies (including artificial intelligence) can be used to improve the efficiency and effectiveness of AML/CFT/CPF regimes. This should be consistent with our respective domestic legal frameworks and risk-based, while ensuring data protection and human rights.
      • We continue to support the FATF’s initiatives to accelerate global implementation of its standards on virtual assets and virtual asset service providers (VASPs) as well as its work on emerging risks, including those that arise from misuse of stablecoins and peer-to-peer transactions, offshore VASPs, and decentralized finance (DeFi) arrangements.
      • We are contributing to the FATF’s ongoing work to strengthen its Standards on Payment Transparency to adapt to changes in payment business models and messaging standards and to foster payment systems that are more transparent, inclusive, accessible, safe and secure, while enabling faster and cheaper transactions, including remittances. Consistent with this work, we also support the G20 Roadmap for Enhancing Cross-border Payments.

    Lastly, we commit to furthering this work under the French G7 Presidency in 2026, in coordination with all FATF members, and to report on the actions taken to implement the commitments in this Call to Action.

    We encourage all countries to join us in this Call to Action. The international community can, and must, strengthen our collective response to financial crime and its impact on communities, security, and prosperity.

    MIL OSI Canada News

  • MIL-OSI USA: AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems

    News In Brief – Source: US Computer Emergency Readiness Team

    Executive summary

    This Cybersecurity Information Sheet (CSI) provides essential guidance on securing data used in artificial intelligence (AI) and machine learning (ML) systems. It also highlights the importance of data security in ensuring the accuracy and integrity of AI outcomes and outlines potential risks arising from data integrity issues in various stages of AI development and deployment.

    This CSI provides a brief overview of the AI system lifecycle and general best practices to secure data used during the development, testing, and operation of AI-based systems. These best practices include the incorporation of techniques such as data encryption, digital signatures, data provenance tracking, secure storage, and trust infrastructure. This CSI also provides an in-depth examination of three significant areas of data security risks in AI systems: data supply chain, maliciously modified (“poisoned”) data, and data drift. Each section provides a detailed description of the risks and the corresponding best practices to mitigate those risks. 

    This guidance is intended primarily for organizations using AI systems in their operations, with a focus on protecting sensitive, proprietary, or mission critical data. The principles outlined in this information sheet provide a robust foundation for securing AI data and ensuring the reliability and accuracy of AI-driven outcomes.

    This document was authored by the National Security Agency’s Artificial Intelligence Security Center (AISC), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the New Zealand’s Government Communications Security Bureau’s National Cyber Security Centre (NCSC-NZ), and the United Kingdom’s National Cyber Security Centre (NCSC-UK). 

    The goals of this guidance are to: 

    1. Raise awareness of the potential risks related to data security in the development, testing, and deployment of AI systems;
    2. Provide guidance and best practices for securing AI data across various stages of the AI lifecycle, with an in-depth description of the three aforementioned significant areas of data security risks; and
    3. Establish a strong foundation for data security in AI systems by promoting the adoption of robust data security measures and encouraging proactive risk mitigation strategies.

    Download the PDF version of this report: 

    Introduction

    The data resources used during the development, testing, and operation of an AI1 system are a critical component of the AI supply chain; therefore, the data resources must be protected and secured. In its Data Management Lexicon, [1] the Intelligence Community (IC) defines Data Security as “The ability to protect data resources from unauthorized discovery, access, use, modification, and/or destruction…. Data Security is a component of Data Protection.” 

    Data security is paramount in the development and deployment of AI systems. Therefore, it is a key component of strategies developed to safeguard and manage the overall security of AI-based systems. Successful data management strategies must ensure that the data has not been tampered with at any point throughout the entire AI system lifecycle; is free from malicious, unwanted, and unauthorized content; and does not have unintentional duplicative or anomalous information. Note that AI data security depends on robust, fundamental cybersecurity protection for all datasets used in designing, developing, deploying, operating, and maintaining AI systems and the ML models that enable them.

    Audience and scope

    This CSI outlines potential risks in AI systems stemming from data security issues that arise during different phases of an AI deployment, and it introduces recommended protocols to mitigate these risks. This guidance builds upon the NSA’s joint guidance on Deploying AI Systems Securely [2] and delves deeper into securing the data used to train and operate AI-based systems. This guidance is primarily developed for organizations that use AI systems in their day-to-day operations, including the Defense Industrial Base (DIB), National Security System (NSS) owners, Federal Civilian Executive Branch (FCEB) agencies, and critical infrastructure owners and operators. Implementing these mitigations can help secure AI-enabled systems and protect proprietary, sensitive, and/or mission critical data.

    Securing data throughout the AI system lifecycle

    Data security is a critical enabler that spans all phases of the AI system lifecycle. ML models learn their decision logic from data, so an attacker who can manipulate the data can also manipulate the logic of an AI-based system. In the AI Risk Management Framework (RMF) [3], the National Institute of Standards and Technology (NIST) defines six major stages in the lifecycle of AI systems, starting from Plan & Design and progressing all the way to Operate & Monitor. The following table highlights relevant data security factors for each stage of the AI lifecycle: 

    Table 1: The AI System Lifecycle with key dimensions, necessary ongoing assessments, focus areas for data security, and particular data security risks covered in this CSI. [3] 
    AI Lifecycle Stage Key Dimensions Test, Evaluation, Verification, & Validation (TEVV) Potential Focus Areas for Data Security Particular Data Security Risks Covered in this CSI
    1) Plan & Design Application Context Audit & Impact Assessment Incorporating data security measures from inception, designing robust security protocols, threat modeling, and including privacy by design Data supply chain
    2) Collect & Process Data Data & Input Internal & External Validation Ensuring data integrity, authenticity, encryption, access controls, data minimization, anonymization, and secure data transfer Data supply chain,
    maliciously modified data
    3) Build & Use Model AI Model Model Testing Protecting data from tampering, ensuring data quality and privacy (including differential privacy and secure multi-party computation when appropriate and possible), securing model training, and operating environments   Data supply chain,
    maliciously modified data
    4) Verify & Validate AI Model Model Testing Performing comprehensive security testing, identifying and mitigating risks, validating data integrity, adversarial testing, and formal verification when appropriate and possible Data supply chain,
    maliciously modified data
    5) Deploy & Use Task & Output Integration, Compliance Testing, Validation Implementing strict access controls, zero-trust infrastructure, secure data transmission and storage, secure API endpoints, and monitoring for anomalous behavior Data supply chain,
    maliciously modified data,
    data drift
    6) Operate & Monitor Application Context Audit & Impact Assessment Conducting continuous risk assessments, monitoring for data breaches, deleting data securely, complying with regulations, incident response planning, and regular security auditing Data supply chain,
    maliciously modified data, data drift

    Throughout the AI system lifecycle, securing data is paramount to maintaining information integrity and system reliability. Starting with the initial Plan & Design phase, carefully plan data protection measures to provide proactive mitigations of potential risks. In the Collect & Process Data phase, data must be carefully analyzed, labeled, sanitized, and protected from breaches and tampering. Securing data in the Build & Use Model phase helps ensure models are trained on reliably sourced, accurate, and representative information. In the Verify & Validate phase, comprehensive and thorough testing of AI models, derived from training data, can identify security flaws and enable their mitigation. 

    Note that Verification & Validation is necessary each time new data or user feedback is introduced into the model; therefore, that data also needs to be handled with the same security standards as AI training data. Implementing strict access controls protects data from unauthorized access, especially in the Deploy & Use phase. Lastly, continuous data risk assessments in the Operate & Monitor phase are necessary to adapt to evolving threats. Neglecting these practices can lead to data corruption, compromised models, data leaks, and non-compliance, emphasizing the critical importance of robust data security at every phase.

    Best practices to secure data for AI-based systems

    The following list contains recommended practical steps that system owners can take to better protect the data used to build and operate their AI-based systems, whether running on premises or in the cloud. For more details on general cybersecurity best practices, see also NIST SP 800-53, “Security and Privacy Controls for Information Systems and Organizations.” [33]

    1. Source reliable data and track data provenance
    Verify data sources use trusted, reliable, and accurate data for training and operating AI systems. To the extent possible, only use data from authoritative sources. Implement provenance tracking to enable the tracing of data origins, and log the path that data follows through an AI system. [7],[8],[9] Incorporate a secure provenance database that is cryptographically signed and maintains an immutable, append-only ledger of data changes. This facilitates data provenance tracking, helps identify sources of maliciously modified data, and helps ensure that no single entity can undetectably manipulate the data.
    2. Verify and maintain data integrity during storage and transport
    Maintaining data integrity2 is an essential component to preserve the accuracy, reliability, and trustworthiness of AI data. [4] Use checksums and cryptographic hashes to verify that data has not been altered or tampered with during storage or transmission. Generating such unique codes for AI datasets enables the detection of unauthorized changes or corruption, safeguarding the information’s authenticity.

    3. Employ digital signatures to authenticate trusted data revisions
    Digital signatures help ensure data integrity and prevent tampering by third parties. Adopt quantum-resistant digital signature standards [5][6] to authenticate and verify datasets used during AI model training, fine tuning, alignment, reinforcement learning from human feedback (RLHF), and/or other post-training processes that affect model parameters. Original versions of the data should be cryptographically signed, and any subsequent data revisions should be signed by the person who made the change. Organizations are encouraged to use trusted certificate authorities to verify this process.
    4. Leverage trusted infrastructure
    Use a trusted computing environment that leverages Zero Trust architecture. [10] Provide secure enclaves for data processing and keep sensitive information protected and unaltered during computations. This approach fosters a secure foundation for data privacy and security in AI data workflows by isolating sensitive operations and mitigating risks of tampering. Trusted computing infrastructure supports the integrity of data processes, reduces risks associated with unverified or altered data, and ultimately creates a more robust and transparent AI ecosystem. Trusted environments are essential for AI applications where data accuracy directly impacts their decision-making processes.
    5. Classify data and use access controls
    Categorize data using a classification system based on sensitivity and required protection measures. [11] This process enables organizations to apply appropriate security controls to different data types. Classifying data enables the enforcement of robust protection measures like stringent encryption and access controls. [33] In general, the output of AI systems should be classified at the same level as the input data (rather than creating a separate set of guardrails).
    6. Encrypt data
    Adopt advanced encryption protocols proportional to the organizational data protection level. This includes securing data at rest, in transit, and during processing. AES-256 encryption is the de facto industry standard and is considered resistant to quantum computing threats. [12],[13] Use protocols, such as TLS with AES-256 or post-quantum encryption, for data in transit. Refer to NIST SP 800-52r2, “Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations” [14] for more details.
    7. Store data securely
    Store data in certified storage devices that enforce NIST FIPS 140-3 [15] compliance, ensuring that the cryptographic modules used to encrypt the data provide high-level security against advanced intrusion attempts. Note that Security Level 3 (defined in NIST FIPS 140-2 [16]) provides robust data protection; however, evaluate and determine the appropriate level of security based on organizational needs and risk assessments.
    8. Leverage privacy-preserving techniques 
    There are several privacy-preserving techniques [17] that can be leveraged for increased data security. Note that there may be practical limitations to their implementation due to computational cost.

    • Data depersonalization techniques (e.g., data masking [18]) involve replacing sensitive data with inauthentic but realistic information that maintains the distributions of values throughout the dataset. This enables AI systems to utilize datasets without exposing sensitive information, reducing the impact of data breaches and supporting secure data sharing and collaboration. When possible, use data masking to facilitate AI model training and development without compromising sensitive information (e.g., personally identifiable information [PII]).
    • Differential privacy is a framework that provides a mathematical guarantee quantifying the level of privacy of a dataset or query. It requires a pre-specified privacy budget for the level of noise added to the data, but there are tradeoffs between protecting the training data from membership inference techniques and target task accuracy. Refer to [17] for further details.
    • Decentralized learning techniques (e.g., federated learning [19]) permit AI system training over multiple local datasets with limited sharing of data among local instances. An aggregator model incorporates the results of the distributed models, limiting access on the local instance to the larger training dataset. Secure multi-party computation is recommended for training and inferencing processes.

    9. Delete data securely
    Prior to repurposing or decommissioning any functional drives used for AI data storage and processing, erase them using a secure deletion method such as cryptographic erase, block erase, or data overwrite. Refer to NIST SP 800-88, “Guidelines for Media Sanitization,” [20] for guidance on appropriate deletion methods.
    10. Conduct ongoing data security risk assessments
    Conduct ongoing risk assessments using industry-standard frameworks, such as the NIST SP 800-3r2, Risk Management Framework (RMF) [4][21], and the NIST AI 100-1, Artificial Intelligence RMF [3]. These assessments should evaluate the AI data security landscape, identify risks, and prioritize actions to minimize security incidents. Continuously improve data security measures to keep pace with evolving threats and vulnerabilities, learn from security incidents, stay up to date with emerging technologies, and maintain a robust security posture. 

    Data supply chain – risks and mitigations

    Relevant AI Lifecycle stages: 1) Plan & Design; 2) Collect & Process Data; 3) Build & Use Model; 4) Verify & Validate; 5) Deploy & Use; 6) Operate & Monitor

    Developing and deploying secure and reliable AI systems requires understanding potential risks and methods of introducing inaccurate or maliciously modified (a.k.a. “poisoned”) data into the system. In short, the security of AI systems depends on thorough verification of training data and proactive measures to detect and prevent the introduction of inaccurate material.

    Threats can stem from large-scale data collected and curated by third parties, as well as from data that is not sufficiently protected after ingestion. Data collected and/or curated by a third party may contain inaccurate information, either unintentionally or through malicious intent. Inaccurate material can compromise not only models trained using that data, but also any additional models that rely on compromised models as a foundation.  

    It is crucial, therefore, to verify the integrity of the training data used when building an AI system. Organizations that utilize third-party data must take appropriate measures to ensure that: 1) the data is not compromised upon ingestion; and 2) the data cannot be compromised after it has been incorporated into the AI system. As such, both data curators and data consumers should follow the best practices for digital signatures, data integrity, and data provenance that are described in detail above.

    General risks for data consumers3 

    The use of web-scale databases includes all of the risks outlined earlier, and one cannot simply assume that these datasets are clean, accurate, and free of malicious content. Third-party models trained on web-scraped data used to train a model for downstream tasks could also affect the model’s learning process and result in behavior that was unintended by the AI system designer.

    From the moment data is ingested for use with AI systems, the data acquirer must secure it against insider threats and malicious network activity to prevent unauthorized modification. 

    Mitigation strategies: 

    • Dataset verification: Before ingest, the consumer or curator should verify, as much as possible, that the dataset to be ingested is free of malicious or inaccurate material. Any detected abnormalities should be addressed, and suspicious data should not be stored. The dataset verification process should include a digital signature of the dataset at time of ingestion.
    • Content credentials: Use content credentials to track the provenance of media and other data. Content credentials are “metadata that are secured cryptographically and allow creators the ability to add information about themselves or their creative process, or both, directly to media content…. Content Credentials securely bind essential metadata to a media file that can track its origin(s), any edits made, and/or what was used to create or modify the content…. This metadata alone does not allow a consumer to determine whether a piece of content is ‘true,’ but rather provides contextual information that assists in determining the authenticity of the content.” [24]
    • Foundation model assurances: In the case where a consumer is not ingesting a dataset but a foundation model trained by another party, the developers of the foundation model need to be able to provide assurances regarding the data and sources used and certify that their training data did not contain any known compromised data. Take care to track the training data used in various model lineages. Exercise caution before using a model without such assurances.
    • Require certification: Data consumers should strongly consider requiring a formal certification from dataset and model providers, attesting that their systems are free from known compromised data before using third-party data and/or foundation models.
    • Secure storage: After ingest, data needs to be stored in a database that adheres to the best practices for digital signatures, data integrity, and data provenance that are described in detail above. Note that an append-only cryptographically signed database should be used where feasible, but there may be a need to delete older material that is no longer relevant. Each time a data element is updated (e.g., resized, cropped, flipped, etc.) for augmentation purposes in a non-temporary fashion, then the updated data should be stored as a new entry with documented changes. The database’s certificate should be verified at the time the database is accessed for a training run. If the database does not pass the certificate check, abort the training and conduct a comprehensive database audit to discover any data modifications. 

    2023 investigations by various industry professionals explored low-resource methods for introducing malicious or inaccurate material into web-scale datasets, and potential strategies to mitigate this risk.  [29] These vulnerabilities depend on the fact that curators or collectors do not have control over the data, as seen in cases of datasets curated by third parties (e.g., LAION) or datasets that are continually updated and released (e.g., Wikipedia). 

    Risk: Curated web-scale datasets

    Curated AI datasets (e.g., LAION-2B or COYO-700M) are vulnerable to a type of technique known as split-view poisoning. This risk arises because these datasets often contain data hosted on domains that may have expired or are no longer actively maintained by their original owners. In such cases, anyone who purchases these expired domains gains control over the content hosted on them. This situation creates an opportunity for malicious actors to modify or replace the data that the curated list points to, potentially introducing inaccurate or misleading information into the dataset. In many instances, it is possible to purchase enough control of a dataset to conduct effective poisoning for roughly $1,000 USD. In some cases, effective techniques can cost as little as $60 USD (e.g., COYO-700M), making this a viable threat from low-resource threat actors. 

    Mitigation strategies:

    • Raw data hashes: Data curators should attach a cryptographic hash to all raw data referenced in the dataset. This will enable follow-on data consumers to verify that the data has not changed since it was added to the list.
    • Hash verification: Data consumers should incorporate a hash check at time of download in order to detect any changes made to it, and the downloader should discard any data that does not pass the hash check.
    • Periodic checks: Curators should periodically scrape the data themselves to verify that the data has not been modified. If any changes are detected, the curator should take appropriate steps to ensure the data’s integrity.
    • Verifying data: Curators should verify that any changed data is clean and free from inaccurate or malicious material. If the content of the data has been altered in any way, the curator should either remove it from their list or flag it for further review.
    • Certification by curators: Since the data supply chain begins with the curators, the certification process must start there as well. To the best of their ability, curators should be able to certify that, at the time of publication, the dataset contains no malicious or inaccurate material. 

    Risk: Collected web-scale datasets

    Collected web-scale datasets (e.g., Wikipedia) are vulnerable to frontrunning poisoning techniques. Frontrunning poisoning occurs when an actor injects malicious examples in a short time window before websites with crowd-sourced content collect a snapshot of their data. Wikipedia in particular conducts twice-monthly snapshots of their data and publishes these snapshots for people to download. Since the snapshots happen at known times, it is possible for malicious actors to edit pages close enough to the snapshot time so that malicious edits will be captured and published before they can be discovered and corrected. Industry analysis demonstrated potential malicious actors would be able to successfully poison as much as 6.5% of Wikipedia. [29]

    Mitigation strategies:

    • Test & verify web-scale datasets: Be cautious when using web-scale datasets that are vulnerable to frontrunning poisoning. Check that the data hasn’t been manipulated, and only use snapshots verified by a trusted party.
    • (For web-scale data collectors) Randomize or lengthen snapshots: Collectors such as Wikipedia should defend against actors making malicious edits ahead of a planned snapshot by:
    1. Randomizing the snapshot order.

    2. Freezing edits to content long enough for edits to go through review before releasing the snapshot.

      These mitigations focus on increasing the amount of time a malicious actor must maintain control of the data for it to be included in the published snapshot. Any reasonable methods that increase the time a malicious actor must control the data are also recommended. 

      Note that these mitigations are limited since they rely on trusted curators who can detect malicious edits. It is more difficult to defend against subtle edits (e.g., attempts to insert hidden watermarks) that appear valid to human reviewers but impact machine understanding.

    Risk: Web-crawled datasets 

    Web-crawled datasets present a unique intersection of the risks discussed above. Since web-crawled datasets are substantially less curated than other web-scale datasets, they bring increased risk. There are no trusted curators to detect malicious edits. There are no original curated views to which cryptographic hashes can be attached. The unfortunate reality is that “updates to a web page have no realistic bound on the delta between versions which might act as a signal for attaching trust.” [29]

    Mitigation strategies:

    • Consensus approaches: Data consumers using web-crawled datasets should rely on consensus-based approaches, since notional determinations of which domains to trust are ad-hoc and insufficient. For example, an AI developer could choose to only trust an image-caption pair when it appears on many different websites to reduce susceptibility to poisoning techniques, since a malicious actor would have to poison a sufficiently large number of websites to be successful.
    • Data curation: Ultimately, it is incumbent on organizations to ensure malicious or inaccurate material is not present in the data they use. If an organization does not have resources to conduct the necessary due diligence, then the use of web-crawled datasets is not recommended until some sort of trust infrastructure can be implemented.

    Final note on web-scale datasets and data poisoning

    Both split-view and frontrunning poisoning are reasonably straightforward for a malicious actor to execute, since they do not require particularly sophisticated methodology. These poisoning techniques should be considered viable threats by anyone looking to incorporate web-scale data into their AI systems. The danger here comes not only from directly using compromised data, but also from using models which may themselves have been trained on compromised data. 

    Ultimately, data poisoning must be addressed from a supply chain perspective by those who train and fine-tune AI models. Proper supply chain integrity and security management (i.e., selecting reliable model providers and verifying the legitimacy of the models used) can reduce the risk of data poisoning and system compromise. The most reliable providers are those who assure that they do everything possible to prevent the influence and distribution of poisoned data and models. [34] 

    Every effort must be made by those building foundation models to filter out malicious and inaccurate data. Foundation models are evolving rapidly, and filtering out inaccurate, unauthorized, and malicious training data is an active area of research, particularly at web-scale. As such, is currently impractical to prescribe precise methods for doing so; it is a best-effort endeavor. Ideally, data curators and foundation model providers should be able to attest to their filtering methods and provide evidence (e.g. test results) of their effectiveness. Likewise, if possible, downstream model consumers should include a review of the security claims as part of their security processes before accepting a foundation model for use. 

    Maliciously modified data – risks and mitigations

    Relevant AI Lifecycle stages: 2) Collect & Process Data; 3) Build & Use Model; 4) Verify & Validate; 5) Deploy & Use; 6) Operate & Monitor

    Maliciously modified data presents a significant threat to the accuracy and integrity of AI systems. Deliberate manipulation of data can result in inaccurate outcomes, poor decisions, and compromised security. Note that there are also risks associated with unintentional data errors and duplications that can affect the security and performance of AI systems. Challenges like adversarial machine learning threats, statistical bias, and inaccurate information can impact the overall security of AI-driven outcomes.

    Risk: Adversarial Machine Learning threats

    Adversarial Machine Learning (AML) threats involve intentional, malicious attempts to deceive, manipulate, or disrupt AI systems. [7],[17],[22] Malicious actors employ data poisoning to corrupt the learning process, compromising the integrity of training datasets and leading to unreliable or malicious model behavior. Additionally, malicious actors may introduce adversarial examples into datasets that, while subtle, can evade correct classification, thereby undermining the model’s performance. Furthermore, sensitive information in training datasets can be indirectly extracted through techniques like model inversion4, posing significant data security risks.

    Mitigation Strategies:

    • Anomaly detection: Incorporate anomaly detection algorithms during data pre-processing to identify and remove malicious or suspicious data points before training. These algorithms can recognize statistically deviant patterns in the data, making it possible to isolate and eliminate poisoned inputs.
    • Data sanitization: Sanitize the training data by applying techniques like data filtering, sampling, and normalization. This helps reduce the impact of outliers, noisy data, and other potentially poisoned inputs, ensuring that models learn from high-quality, representative datasets. Perform sanitization on a regular basis, especially prior to each and every training, fine-tuning, or any other process that adjusts model parameters.
    • Secure training pipelines: Secure data collection, pre-processing, and training pipelines to prevent malicious actors from tampering with datasets or model parameters.
    • Ensemble methods / collaborative learning: Implement collaborative learning frameworks that combine an ensemble of multiple, distinct AI models to reach a consensus on output predictions. This approach can help counteract the impact of data poisoning, since malicious inputs may only affect a subset of the collaborative models, allowing the majority to maintain accuracy and reliability.
    • Data anonymization: Implement anonymization techniques to protect sensitive data attributes, keeping them confidential while allowing AI models to learn patterns and generate accurate predictions.

    Risk: Bad data statements

    Bad data statements5 [7][23], such as missing metadata, can significantly influence AI data security by introducing data integrity issues that can lead to faulty model performance. Error-free metadata provides valuable contextual information about the data, including its structure, purpose, and collection methods. When metadata is missing, it becomes difficult to interpret data accurately and draw meaningful conclusions. This situation can result in incomplete or inaccurate data representation, compromising AI system performance and reliability. If metadata is modified by a malicious actor, then the security of the AI system is also at risk.

    Mitigation strategies:

    • Metadata management: Implement strong data governance practices to help ensure metadata is well-documented, complete, accurate, and secured.
    • Metadata validation: Establish data validation processes to check the completeness and consistency of metadata before data is used for AI training.
    • Data enrichment: Use available resources, such as reference data and trusted third-party data, to supplement missing metadata and improve the overall quality of the training data.

    Risk: Statistical bias6 

    Robust data security and collection practices are key to mitigating statistical bias. Executive Order (EO) 14179 mandates that U.S. government entities “develop AI systems that are free from ideological bias or engineered social agendas.” [25] Note that “an AI system is said to be biased when it exhibits systematically inaccurate behavior.” [26] Statistical bias in AI systems can arise from artifacts present in training data that can lead to artificially slanted or inaccurate outcomes. Sampling biases or biases in data collection can affect the overall outcomes and performance of AI. Left unaddressed, statistical bias can degrade the accuracy and effectiveness of AI systems. 

    Mitigation strategies:

    • Regular training data audits: Regularly audit training data to detect, assess, and address potential issues that can result in systematically inaccurate AI systems.
    • Representative training data: Ensure that training data is representative of the totality of the information relevant to any given topic to reduce the risk of statistical bias. Also ensure that AI data is properly divided into training, development, and evaluation sets without overlap to properly measure statistical bias and other measures of performance.
    • Edge cases: Identify and mitigate edge cases that can cause models to malfunction.
    • Test and correct for statistical bias: Create a repository with instances of observed model output bias. Leverage that information to improve training data audits and with reinforcement learning to “undo” some of the measured bias.

    Risk: Data poisoning via inaccurate information

    One form of data poisoning (sometimes referred to as “disinformation” [27]) involves the intentional insertion of inaccurate or misleading information in AI training datasets, which can negatively impact AI system performance, outcomes, and decision-making processes. 

    Mitigation strategies:

    • Remove inaccurate information from training data: Identify and remove inaccurate or misleading information from AI datasets to the extent feasible.
    • Data provenance and verification: Implement provenance verification mechanisms during data collection to help ensure that only accurate and reliable data is used. This process can include methods such as cross-verification, fact-checking, source analysis, data provenance tracking, and content credentials.
    • Add more training data: Increasing the amount of non-malicious data makes training more robust against poisoned examples—provided that these poisoned examples are small in number. One way to do this is through data augmentation—the creation of artificial training set samples that are small variations of existing samples. The goal is to “outnumber” the poisoned samples so the model “forgets” them. Note that this mitigation can only be applied during training, and therefore does not apply to an already trained model. [28]
    • Data quality control: Perform quality control on data including detecting poisoned samples through integrity checks, statistical deviation, or pattern recognition. Proactively implement data quality controls during the training phase to prevent issues before they arise in production.

    Risk: Data duplications

    Unintended duplicate data elements [7] in training datasets can skew model performance and cause overfitting, reducing the AI model’s ability to generalize across a variety of real-world applications. Duplicates are not always exact; near-duplicates may contain minor differences like formatting, abbreviations, or errors, which makes detecting them more complex. Duplicate data often leads to inaccurate predictions, making the AI system less effective in real-world applications.

    Mitigation strategies:

    • Data deduplication: Implement deduplication techniques (such as fuzzy matching, hashing, clustering, etc.) to carefully identify and handle duplicates and near-duplicates in the data.

    Data drift – risks and mitigations

    Relevant AI Lifecycle stages: 5) Deploy & Use; 6) Operate & Monitor

    Data drift, or distribution shift, refers to changes in the underlying statistical properties of the input data to an operational AI system. Over time, the input data can become significantly different from the data originally used to train the model. [7],[8] Degradation caused by data drift is a natural and expected occurrence, and AI system developers and operators need to regularly update models to maintain accuracy and performance. Data drift ordinarily begins as small, seemingly insignificant degradations in model performance. Left unchecked, the degradation caused by data drift can snowball into substantial reductions in AI system accuracy and integrity that become increasingly difficult to correct. 

    It is crucial to distinguish between data drift and data poisoning attacks designed to affect an AI model. Continuous monitoring of system accuracy and performance provides important indicators based on the nature of the changes observed. If the changes are slow and gradual over time, it is more likely that the model is experiencing data drift. If the changes are abrupt and dramatic in one or more dimensions, it is more likely that an actor is trying to compromise the model. Cyber compromises often aim to manipulate the model’s performance quickly and significantly, leading to abrupt changes in the input data or model outputs.

    AI system operators and developers should employ a wide range of techniques for detecting and mitigating data drift, including data preprocessing, increasing dataset coverage of real-world scenarios, and adopting robust training and adaptation strategies. [30] Packages that automate dataset loading assist AI system developers in creating application-specific detection and mitigation techniques for data drift.

    There are many potential causes of data drift, including: 

    1. A change in the upstream data pipeline not represented in the model training data (e.g., the units of a particular data element change from miles to kilometers)
    2. The introduction of completely new data elements that the model had not previously seen (e.g., a new type of malware not recognized in the ML layer of an anti-virus product)
    3. A change in the context of how inputs and outputs are related (e.g., a change in organizational structure due to a merger or acquisition could lead to new data access patterns that might be misinterpreted as security threats by an AI system)

    The data associated with a given AI model should be regularly checked for any updates to help ensure the model still predicts as expected. [7],[8],[9] The interval for this update and check will depend on the particular AI system and application. For example, in high-stakes applications such as healthcare, early detection and mitigation of data drift are critical prior to patient impact. Thus, continuous monitoring of model performance with additional direct analysis of the input data is important in such applications. [30] 

    Mitigation strategies:

    • Data management: Employ a data management strategy in keeping with the best practices in this CSI to help ensure that it is easy to add and track new data elements for model training and adaptation. This management strategy enables identification of data elements causing drift for appropriate mitigation or action.
    • Data-quality testing: AI system developers should use data-quality assessment tools to assist in selecting and filtering data used for model training or adaptation. Understanding the current dataset and its impact on model behavior is critical to detecting data drift.
    • Input and output monitoring: Monitor the AI system inputs and outputs to verify the model is performing as expected. [9] Regularly update your model using current data. Utilize meaningful statistical methods that measure expected dataset metrics and compare the distribution of the training data to the test data to help determine if data drift is occurring. [7] 

    Data management tools and methods are currently an active area of research. However, data drift can be mitigated by incorporating application-specific data management protocols that include: continuous monitoring, retraining (regularly incorporating the latest data into the models), data cleansing (correcting errors or inconsistencies in the data), and using ensemble models (combining predictions of multiple models). Incorporation of a data management framework into the design of AI systems from the beginning is essential for improving the overall integrity and security posture. [31]

    Conclusion

    Data security is of paramount importance when developing and operating AI systems. As organizations in various sectors rely more and more on AI-driven outcomes, data security becomes crucial for maintaining accuracy, reliability, and integrity. The guidance provided in this CSI outlines a robust approach to securing AI data and addressing the risks associated with the data supply chain, malicious data, and data drift.

    Data security is an ever-evolving field, and continuous vigilance and adaptation are key to staying ahead of emerging threats and vulnerabilities. The best practices presented here encourage the highest standards of data security in AI while helping ensure the accuracy and integrity of AI-driven outcomes. By adopting these best practices and risk mitigation strategies, organizations can fortify their AI systems against potential threats and safeguard sensitive, proprietary, and mission critical data used in the development and operation of their AI systems. 

    References

    1 In this document, Artificial Intelligence (AI) has the meaning set forth in 15 U.S.C. 9401(3): 
    “… a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments. AI systems use machine- and human-based inputs to:
      (A) Perceive real and virtual environments;
      (B) Take these perceptions and turn them into models through analysis in an automated manner; and
      (C) Use model inference to formulate options for information or action.”

    2 Data integrity is defined by the IC Data Management Lexicon [1] as “The degree to which data can be trusted due to its provenance, pedigree, lineage and conformance with all business rules regarding its relationship with other data. In the context of data movement, this is the degree to which data has verifiably not been changed unexpectedly by a person or NPE.”

    3 The term data consumers is defined as technical personnel (e.g. data scientists, engineers) who make use of data that they themselves did not produce or annotate to build and/or operate AI systems. 

    4 Model inversion refers to the process by which an attacker analyzes the output patterns of an AI system to reverse-engineer and uncover details about the training dataset, such as individual data points or patterns. This process can potentially expose confidential or proprietary information from the data that was used to train the AI models.

    5 “A data statement is a characterization of a dataset that provides context to allow developers and users to better understand how experimental results might generalize, how software might be appropriately deployed, and what biases might be reflected in systems built on the software.” [23] 

    6 “In technical systems, bias is most commonly understood and treated as a statistical phenomenon. Bias is an effect that deprives a statistical result of representativeness by systematically distorting it, as distinct from random error, which may distort on any one occasion but balances out on the average.” [26],[32] 

    Works cited

    [1] Office of the Director of National Intelligence. The Intelligence Community Data Management Lexicon. 2024. https://dni.gov/files/ODNI/documents/IC_Data_Management_Lexicon.pdf   
    [2] National Security Agency et al. Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems. 2024. https://media.defense.gov/2024/Apr/15/2003439257/-1/-1/0/CSI-DEPLOYING-AI-SYSTEMS-SECURELY.PDF  
    [3] National Institute of Standards and Technology (NIST). NIST AI 100-1: Artificial Intelligence Risk Management Framework (AI RMF 1.0). 2023. https://doi.org/10.6028/NIST.AI.100-1  
    [4] NIST. NIST Special Publication 800-37 Rev. 2: Guide for Applying the Risk Management Framework to Federal Information Systems. 2018. https://doi.org/10.6028/NIST.SP.800-37r2  
    [5] NIST. Federal Information Processing Standards Publication (FIPS) 204: Module-Lattice-Based Digital Signature Standard. 2024. https://doi.org/10.6028/NIST.FIPS.204  
    [6] NIST. FIPS 205: Stateless Hash-Based Digital Signature Standard. 2024. https://doi.org/10.6028/NIST.FIPS.205  
    [7] Bommasani, R. et al. On the Opportunities and Risks of Foundation Models. arXiv:2108.07258v3. 2022. https://arxiv.org/abs/2108.07258v3  
    [8] Securing Artificial Intelligence (SAI); Data Supply Chain Security. ESTI GR SAI 002 V1.1.1. 2021. https://etsi.org/deliver/etsi_gr/SAI/001_099/002/01.01.01_60/gr_SAI002v010101p.pdf  
    [9] National Cyber Security Centre et al. Guidelines for Secure AI System Development. 2023. https://www.ncsc.gov.uk/files/Guidelines-for-secure-AI-system-development.pdf  
    [10] NIST. NIST Special Publication 800-207: Zero Trust Architecture. 2020. https://doi.org/10.6028/NIST.SP.800-207  
    [11] NIST. NIST IR 8496 ipd: Data Classification Concepts and Considerations for Improving Data Protection. 2023. https://doi.org/10.6028/NIST.IR.8496.ipd  
    [12] Cybersecurity and Infrastructure Security Agency (CISA), NSA, and NIST. Quantum-Readiness: Migration to Post-Quantum Cryptography. 2023. https://www.cisa.gov/resources-tools/resources/quantum-readiness-migration-post-quantum-cryptography 
    [13] NIST. FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard. 2024. https://doi.org/10.6028/NIST.FIPS.203  
    [14] NIST. NIST SP 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. 2019. https://doi.org/10.6028/NIST.SP.800-52r2  
    [15] NIST. FIPS 140-3, Security Requirements for Cryptographic Modules. 2019. https://doi.org/10.6028/NIST.FIPS.140-3    
    [16] NIST. FIPS 140-2, Security Requirements for Cryptographic Modules. 2001. https://doi.org/10.6028/NIST.FIPS.140-2  
    [17] NIST. NIST AI 100-2e2023: Trustworthy and Responsible AI, Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. 2024. https://doi.org/10.6028/NIST.AI.100-2e2023  
    [18] Adak, M. F., Kose, Z. N., & Akpinar, M. Dynamic Data Masking by Two-Step Encryption. In 2023 Innovations in Intelligent Systems and Applications Conference (ASYU) (pp. 1-5). IEEE. 2023 https://doi.org/10.1109/ASYU58738.2023.10296545    
    [19] Kairouz, P. et al. Advances and Open Problems in Federated Learning. Foundations and Trends in Machine Learning 14 (1-2): 1-210. arXiv:1912.04977. 2021. https://arxiv.org/abs/1912.04977  
    [20] NIST. NIST SP 800-88 Rev. 1: Guidelines for Media Sanitization. 2014. https://doi.org/10.6028/NIST.SP.800-88r1  
    [21] NIST. NIST Special Publication 800-3 Rev. 2: Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. 2018. https://doi.org/10.6028/NIST.SP.800-37r2  
    [22] U.S. Department of Homeland Security. Preparedness Series June 2023: Risks and Mitigation Strategies for Adversarial Artificial Intelligence Threats: A DHS S&T Study. 2023. https://www.dhs.gov/sites/default/files/2023-12/23_1222_st_risks_mitigation_strategies.pdf  
    [23] Bender, E. M., & Friedman, B. Data Statements for Natural Language Processing: Toward Mitigating System Bias and Enabling Better Science. Transactions of the Association for Computational Linguistics (TACL) 6, 587–604. 2018. https://doi.org/10.1162/tacl_a_00041  
    [24] NSA et al. Content Credentials: Strengthening Multimedia Integrity in the Generative AI Era. 2025. https://media.defense.gov/2025/Jan/29/2003634788/-1/-1/0/CSI-CONTENT-CREDENTIALS.PDF  
    [25] Executive Order (EO) 14179: “Removing Barriers to American Leadership in Artificial Intelligence” https://www.federalregister.gov/executive-order/14179   
    [26] NIST. NIST Special Publication 1270: Framework for Identifying and Managing Bias in Artificial Intelligence. 2023. https://doi.org/10.6028/NIST.SP.1270  
    [27] NIST. NIST AI 600-1: Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile. 2023. https://doi.org/10.6028/NIST.AI.600-1  
    [28] Open Web Application Security Project (OWASP). AI Exchange. #Moretraindata. https://owaspai.org/goto/moretraindata/  
    [29] Carlini, N. et al. Poisoning Web-Scale Training Datasets is Practical. arXiv:2302.10149. 2023. https://arxiv.org/abs/2302.10149  
    [30] Kore, A., Abbasi Bavil, E., Subasri, V., Abdalla, M., Fine, B., Dolatabadi, E., & Abdalla, M. Empirical Data Drift Detection Experiments on Real-World Medical Image Data. Nature Communications 15, 1887. 2024. https://doi.org/10.1038/s41467-024-46142-w  
    [31] NIST. NIST Special Publication 800-208: Recommendation for Stateful Hash-Based Signature Schemes. 2020. https://doi.org/10.6028/NIST.SP.800-208  
    [32] The Organisation for Economic Cooperation and Development (OECD). Glossary of statistical terms. 2008. https://doi.org/10.1787/9789264055087-en  
    [33] NIST. NIST SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations. 2020. https://doi.org/10.6028/NIST.SP.800-53r5 
    [34] OWASP. AI Exchange. How to select relevant threats and controls? risk analysis. https://owaspai.org/goto/riskanalysis/  

    Disclaimer of Endorsement

    The information and opinions contained in this document are provided “as is” and without any warranties or guarantees. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the United States Government, and this guidance shall not be used for advertising or product endorsement purposes.

    Purpose

    This document was developed in furtherance of the authoring organizations’ cybersecurity missions, including their responsibilities to identify and disseminate threats, and to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders. 

    Notice of Generative AI Use

    Generative AI technology was carefully and responsibly used in the development of this document. The authors maintain ultimate responsibility for the accuracy of the information provided herein.

    Contact 

    U.S. Organizations

    National Security Agency

    Australian organizations

    • Visit cyber.gov.au/report or call 1300 292 371 (1300 CYBER1) to report cybersecurity incidents and vulnerabilities.

    New Zealand organizations

    MIL OSI USA News

  • MIL-OSI Security: Leader of Qakbot Malware Conspiracy Indicted for Involvement in Global Ransomware Scheme

    Source: United States Attorneys General

    A federal indictment unsealed today charges Rustam Rafailevich Gallyamov, 48, of Moscow, Russia, with leading a group of cyber criminals who developed and deployed the Qakbot malware. In connection with the charges, the Justice Department filed today a civil forfeiture complaint against over $24 million in cryptocurrency seized from Gallyamov over the course of the investigation. These actions are the latest step in an ongoing multinational effort by the United States, France, Germany, the Netherlands, Denmark, the United Kingdom, and Canada to combat cybercrime.

    “Today’s announcement of the Justice Department’s latest actions to counter the Qakbot malware scheme sends a clear message to the cybercrime community,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “We are determined to hold cybercriminals accountable and will use every legal tool at our disposal to identify you, charge you, forfeit your ill-gotten gains, and disrupt your criminal activity.”

    “The criminal charges and forfeiture case announced today are part of an ongoing effort with our domestic and international law enforcement partners to identify, disrupt, and hold accountable cybercriminals,” said U.S. Attorney Bill Essayli for the Central District of California. “The forfeiture action against more than $24 million in virtual assets also demonstrates the Justice Department’s commitment to seizing ill-gotten assets from criminals in order to ultimately compensate victims.”

    “Mr. Gallyamov’s bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally,” said Assistant Director in Charge Akil Davis of the FBI’s Los Angeles Field Office. “The charges announced today exemplify the FBI’s commitment to relentlessly hold accountable individuals who target Americans and demand ransom, even when they live halfway across the world.”

    According to court documents, Gallyamov developed, deployed, and controlled the Qakbot malware beginning in 2008. From 2019 onward, Gallyamov allegedly used the Qakbot malware to infect thousands of victim computers around the world in order to establish a network, or “botnet,” of infected computers. As alleged, once Gallyamov gained access to victim computers, he provided access to co-conspirators who infected the computers with ransomware, including Prolock, Dopplepaymer, Egregor, REvil, Conti, Name Locker, Black Basta, and Cactus. In exchange, Gallyamov was allegedly paid a portion of the ransoms received from ransomware victims.

    The announcement of charges today is the latest step taken by the Justice Department against the Qakbot conspiracy. In August 2023, a U.S.-led multinational operation disrupted the Qakbot botnet and malware. At that time, the Justice Department announced the seizure of illicit proceeds from Gallyamov, including over 170 bitcoin and over $4 million of USDT and USDC tokens.

    According to the indictment, after the disruption and takedown of the Qakbot botnet, Gallyamov and his co-conspirators continued their criminal activities. Instead of a botnet, they allegedly used different tactics, including “spam bomb” attacks on victim companies, where co-conspirators would trick employees at those victim companies into granting access to computer systems. The indictment alleges that Gallyamov orchestrated spam bomb attacks against victims in the United States as recently as January 2025. It also alleges that Gallyamov and his co-conspirators deployed Black Basta and Cactus ransomware on victim computers.

    On April 25, 2025, pursuant to a seizure warrant, the FBI seized additional illicit proceeds from Gallyamov, including over 30 bitcoin and over $700,000 of USDT tokens. Today, the Department filed a civil forfeiture complaint in the Central District of California against all of the illicit proceeds seized from Gallyamov — worth over $24 million as of today — in order to forfeit and ultimately return those funds to victims.

    The investigation of Gallyamov was led by the FBI’s Los Angeles Field Office, which worked closely with investigators from Germany’s Bundeskriminalamt (BKA), the Netherlands National Police, The Public Prosecutor’s Office of the Netherlands, France’s Anti-Cybercrime Office (Office Anti-cybercriminalité) and Cyber Division of the Paris Prosecution Office, and Europol. The Justice Department’s Office of International Affairs and the FBI Milwaukee Field Office provided significant assistance.

    Trial Attorney Jessica Peck of the Justice Department’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Khaldoun Shobaki, Lauren Restrepo, and James Dochterman for the Central District of California are prosecuting the case.

    These law enforcement actions were taken in conjunction with Operation Endgame, an ongoing, coordinated effort among international law enforcement agencies aimed at dismantling and prosecuting cybercriminal organizations around the world.

    Resources for victims can be found on the following website, which will be updated as additional information becomes available: https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources

    An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

     

    MIL Security OSI

  • MIL-OSI Security: Colombian National Sentenced to Over 20 Years in Prison for Role in Conspiracy to Kidnap and Assault U.S. Army Soldiers in Colombia

    Source: United States Attorneys General

    A Colombian national was sentenced today in the Southern District of Florida for her role in kidnapping and assaulting two members of the U.S. military who were on temporary duty in Bogotá, Colombia.

    Kenny Julieth Uribe Chiran, 35, was sentenced to 262 months in prison followed by three years of supervised release, and ordered to pay $24,115 in restitution. She is the third and final defendant to be sentenced and held accountable for this criminal conspiracy. She pleaded guilty in March 2025 to conspiracy to kidnap an internationally protected person.

    “Uribe Chiran and her co-defendants mercilessly preyed on U.S. soldiers when they drugged their drinks, stole their valuables, and left them incapacitated on the street,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “Kidnapping and assaulting two U.S. military service members is deplorable and the Criminal Division will continue to prioritize protecting our service members through these prosecutions. I thank the prosecutors and our law enforcement partners who work tirelessly to bring justice to these victims.”

    “Members of our military, whether serving here or abroad, can count on this Department of Justice’s respect, support, and protection,” said U.S. Attorney Hayden P. O’Byrne for the Southern District of Florida. “Kidnappings and assaults against U.S. service members will not be tolerated. To those who would dare commit such reprehensible acts against America’s heroes, know this: We will identify you; we will find you; and we will prosecute you as aggressively as the law permits.”

    “The FBI’s commitment to investigate criminal acts against the U.S. military beyond our borders is clearly demonstrated by our persistent pursuit of justice for the two kidnapped soldiers,” said Acting Special Agent in Charge Brett D. Skiles of the FBI Miami Field Office. “Our close cooperation with Colombian and Chilean law enforcement authorities was essential to this international investigation’s success. To all would be kidnappers the message is clear: target our citizens with violence anywhere in the world and we will hold you accountable for your actions.”

    According to court documents, the two U.S. soldiers went to an entertainment district in Bogotá to watch a soccer game on the evening of March 5, 2020. They later went to a pub, where Uribe Chiran and one of her co-defendants approached the soldiers and, without their knowledge, put drugs in their drinks that rendered them incapacitated. Medical examinations later confirmed the presence of benzodiazepines in the two soldiers’ systems. The defendants then kidnapped the soldiers, took their valuables, including their credit and debit card information, and left them incapacitated on the street in separate locations. The defendants used one victim’s credit card and the other victim’s debit card to make purchases and withdraw money.

    Uribe Chiran was extradited in September 2024 from Colombia to the United States. Co-defendant Pedro Jose Silva Ochoa was extradited in April 2024 from Chile to the United States, pleaded guilty in December 2024, and was sentenced in March 2025 to 27 years and three months in prison. Co-defendant Jeffersson Arango Castellanos was extradited in May 2023 from Colombia to the United States, pleaded guilty in January 2024, and was sentenced in May 2024 to 48 years and nine months in prison.

    The FBI Miami Field Office investigated the case. The Justice Department’s Office of International Affairs and the Criminal Division’s Narcotic and Dangerous Drug Section’s Office of the Judicial Attaché in Bogotá provided significant assistance in this matter. The United States thanks Colombian law enforcement authorities for their valuable assistance.

    Trial Attorneys Clayton O’Connor and Elizabeth Nielsen of the Criminal Division’s Human Rights and Special Prosecutions Section and Assistant U.S. Attorney Bertila Fernandez for the Southern District of Florida are prosecuting the case.

    MIL Security OSI

  • MIL-OSI Security: Fifteen Charged with Drug Conspiracy and Weapons Charges

    Source: United States Attorneys General

    A 29-count indictment was unsealed today charging 12 men and 3 women for their roles in a drug trafficking organization and related gun offenses.

    According to court documents, the defendants were part of a drug trafficking organization that distributed methamphetamine, powder cocaine, crack cocaine, heroin, oxycodone, Xanax, psylocibin mushrooms, and marijuana. Six of the defendants face additional charges for gun crimes relating to their alleged drug trafficking. The defendants are alleged to have used several drug houses and a food truck to store illegal drugs and conduct drug transactions. As alleged, in one notable instance in June of 2023, U.S. Customs and Border Protection agents seized 29 kilograms of methamphetamine that one defendant was attempting to transport into the United States.

    “As alleged, this drug trafficking organization imported methamphetamine directly from Mexico and used the U.S. mail, a taco truck, and homes in different Houston neighborhoods to distribute and sell methamphetamine and other dangerous drugs,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “Several of the defendants are also alleged to have used firearms in furtherance of their narcotics trafficking and illegally possessed firearms despite having previously been convicted of felonies. The Criminal Division, along with our federal, state, and local partners, will continue to work tirelessly to combat the scourge of drug trafficking in communities.”

    “The defendants are alleged to have engaged in a multi-drug narcotics distribution ring, and, as often seen in the drug trade, are also alleged to have used illegal firearms to facilitate their enterprise,” said U.S. Attorney Nicholas J. Ganjei for the Southern District of Texas. “Some of the charges indicate methamphetamine was alleged to have been sourced from Mexico, and thus this investigation highlights why this office’s enforcement efforts on the border are so critical. The Southern District of Texas will do everything it can to prevent narcotics from entering our country and will be relentless in apprehending those that would distribute drugs in our communities.”

    “For years, the transnational criminal organization allegedly operated by these gang members has brazenly flooded our local communities with deadly narcotics,” said Special Agent in Charge Chad Plantz of ICE Homeland Security Investigations Houston. “​Working in conjunction with the Houston Police Department and our OCDETF partners, we were able to expose and dismantle their drug trafficking scheme, eliminating a significant contributor to violent crime in the area and saving an untold number of Houstonians from becoming addicted.”

    James Michael Brewer, also known as “Creeper,” 33; Jonathan Alvarado, also known as “Joker,” 28; Hector Luis Lopez, also known as “Capulito,”23; Alfredo Gomez, also known as “Fredo,” 26; and Victor Norris Ellison, 35, all of Houston, have been indicted on drug trafficking and firearm charges. If convicted, they each face a mandatory minimum penalty of 15 years in prison and a maximum penalty of life in prison.

    The following defendants, all of Houston unless otherwise noted, have been indicted on drug trafficking charges. If convicted, they each face a mandatory minimum penalty of 10 years in prison and a maximum penalty of life in prison.  

    • Jose Francisco Garcia-Martinez, also known as “Paco,” 29, a Mexican national,
    • Enzo Xavier Dominguez, also known as “Smiley,” 32,
    • Alexis Delgado, also known as “Chino,” 28,
    • Jose Eduardo Morales, also known as “Primo,” 22,
    • William Alexander Lazo, also known as “Miclo,” 21,
    • Kylie Rae Alvarado, 24,
    • Ruby Mata, 31,
    • Mexi Dyan Garcia, also known as “Mexi,” 31, and
    • Jesus Gomez-Rodriguez, also known as “Jr.,” 33.

    Marcos Rene Simaj-Guch, also known as “Taco Man,” 41, a Mexican national, is charged with drug trafficking. If convicted, he faces a mandatory minimum penalty of five years in prison and a maximum penalty of 40 years in prison.

    The Department of Homeland Security Homeland Security Investigations and the Houston Police Department conducted the investigation with the assistance of the FBI, Bureau of Alcohol, Tobacco, Firearms and Explosives and Texas Board of Criminal Justice Office of the Inspector General.

    Trial Attorneys Ralph Paradiso and Amanda Kotula of the Criminal Division’s Violent Crime and Racketeering Section and Assistant U.S. Attorney Francisco Rodriguez for the Southern District of Texas are prosecuting the case.

    This case is part of the Criminal Division’s Violent Crime Initiative to prosecute violent crimes in Houston, Texas. The Criminal Division and the U.S. Attorney’s Office for the Southern District of Texas have partnered, along with local, state, and federal law enforcement agencies, to confront violent crimes committed by gang members and associates through the enforcement of federal laws and use of federal resources to prosecute the violent offenders and prevent further violence.

    OCDETF identifies, disrupts and dismantles the highest-level drug traffickers, money launderers, gangs and transnational criminal organizations that threaten the United States by using a prosecutor-led, intelligence-driven, multi-agency approach that leverages the strengths of federal, state and local law enforcement agencies against criminal networks. For more information about Organized Crime Drug Enforcement Task Forces, please visit Justice.gov/OCDETF.

    An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

    MIL Security OSI

  • MIL-OSI: Preferred Bank Announces Stock Buyback

    Source: GlobeNewswire (MIL-OSI)

    LOS ANGELES, May 22, 2025 (GLOBE NEWSWIRE) — Preferred Bank (NASDAQ: PFBC), one of the largest independent commercial banks in California, today reported that the shareholders have approved a new $125 million stock repurchase plan. Also, on May 8, 2025, the Bank completed its prior stock repurchase plan. This was the final portion of the Bank’s $150 million repurchase authorized by shareholders in 2023. The final tranche of repurchase activity saw the Bank repurchase 818,059 shares for total consideration of $65.7 million over the first and second quarters of 2025. For the entire $150 million repurchase, the Bank repurchased 2,146,252 shares at an average price of $70.13 per share.

    For the new $125 million repurchase, the Bank will be required to gain regulatory approval due to the Bank’s corporate structure of having no holding company. It is expected that these approvals should be obtained in relatively short order.

    Chairman and CEO Li Yu stated, “As organic growth has slowed, the Bank’s capital ratios will continue to climb due to our high level of profitability. In this setting, buying back our common stock is a great use of the Bank’s excess capital and an indirect way of returning capital to our shareholders.”

    About Preferred Bank

    Preferred Bank is one of the larger independent commercial banks headquartered in California. The Bank is chartered by the State of California, and its deposits are insured by the Federal Deposit Insurance Corporation, or FDIC, to the maximum extent permitted by law. The Bank conducts its banking business from its main office in Los Angeles, California, and through twelve full-service branch banking offices in the California cities of Alhambra, Century City, City of Industry, Torrance, Arcadia, Irvine (2 branches), Diamond Bar, Pico Rivera, Tarzana and San Francisco (2 branches) and two branches in New York (Flushing and Manhattan) and one branch in the Houston suburb of Sugar Land, Texas. Additionally, the Bank operates a Loan Production Office in Sunnyvale, California. Preferred Bank offers a broad range of deposit and loan products and services to both commercial and consumer customers. The Bank provides personalized deposit services as well as real estate finance, commercial loans and trade finance to small and mid-sized businesses, entrepreneurs, real estate developers, professionals and high net worth individuals. Although originally founded as a Chinese-American Bank, Preferred Bank now derives most of its customers from the diversified mainstream market but does continue to benefit from the significant migration to California of ethnic Chinese from China and other areas of East Asia.

    AT THE COMPANY:
    Edward J. Czajka         
    Executive Vice President
    Chief Financial Officer
    (213) 891-1188    		   AT FINANCIAL PROFILES:
    Jeffrey Haas
    General Information
    (310) 622-8240
    PFBC@finprofiles.com    		  

    The MIL Network

  • MIL-OSI USA: ICE leads joint operation in southern Indiana

    Source: US Immigration and Customs Enforcement

    INDIANAPOLIS — A coordinated, multi-agency law enforcement operation conducted April 29 to May 1, resulted in the arrest of 23 aliens in the Evansville and Bloomington areas, as part of an ongoing initiative to combat criminal activity and enhance public safety. The successful three-day operation was conducted by a coalition of federal partners, including U.S. Immigration and Customs Enforcement (ICE), the Federal Bureau of Investigation (FBI), the Drug Enforcement Administration (DEA), the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), the U.S. Marshals Service (USMS), and the U.S. Attorney’s Office (USAO).

    Of the 23 aliens taken into custody, 18 had prior criminal arrests or convictions, including:

    • 10 aliens with one or more Operating While Intoxicated (OWI) offenses
    • 10 aliens involved in crimes that resulted in injury to others
    • 3 aliens connected to drug possession and trafficking

    Additionally, four aliens were arrested on federal warrants, including one subject previously convicted of cocaine trafficking:

    • Martin Cortez-Lopez, 36, who was arrested as he left court in Bloomington, Indiana.
      • Criminal History: 2007 disorderly intoxication and resisting law enforcement with violence; 2010 possession of cocaine and failure to appear for resisting officer with violence; 2024 possession of cocaine x2 and operating while intoxicated/endangerment.
      • Previously removed 2011.  
    • Amin Reynosa-Diaz, 29, arrested in Evansville, Indiana. Reynosa-Diaz was located at a construction site and taken into custody.
      • Criminal History: 2020 driving while intoxicated; 2024 domestic violence.
      • Previously removed 2019.
    • Jaime Ortiz-Guzman, 46, arrested in Bloomington, Indiana.
      • Criminal History: 1999 federal arrest, fraud, imposter, false documents; 2006 battery; 2008 operating while intoxicated and operating a motor vehicle without ever receiving a license; 2024 operating while intoxicated and driving without a license.
      • Previously removed felon.
    • Jonathan Regules-Hernandez, 44, arrested in Bloomington, Indiana, after a short foot pursuit.
      • Criminal History: 2000 larceny and possession of stolen goods; 2004 maintaining a vehicle/dwelling/place with controlled substances and trafficking in cocaine; 2005 breaking and entering with the intent to commit felony and larceny after breaking and entering; 2025 operating a motor vehicle without ever receiving a license.
      • Previously removed felon.

    This operation underscores the effectiveness of interagency collaboration in addressing public safety threats. By combining investigative resources, intelligence sharing, and enforcement capabilities, federal agencies are better equipped to identify, locate, and apprehend aliens who pose risks to the community or have violated federal laws, including immigration statutes.

    “ICE officers are integral in keeping communities across our country safe from those who would commit violent, criminal acts,” said ERO Chicago’s Assistant Field Office Director Douglas Thompson. “Thanks to our federal law enforcement partnerships, criminal aliens with no lawful basis to remain in the U.S. will be held accountable to the immigration laws of our nation.”

    Members of the public can report crimes and suspicious activity by dialing 866-DHS-2-ICE (866-347-2423) or completing the online tip form.

    Learn more about ICE’s mission to increase public safety in your community on X at @EROChicago.

    MIL OSI USA News

  • MIL-OSI USA: UMARY- USA.COM Issues Voluntary Nationwide Recall of UNAVY ÁCIDO HIALURÓNICO Caplets and UMOVY ÁCIDO HIALURÓNICO Caplets Due to the Presence of Undeclared Drug Ingredients Dexamethasone, Diclofenac and Omeprazole

    Source: US Department of Health and Human Services – 3

    Summary

    Company Announcement Date:
    May 21, 2025
    FDA Publish Date:
    May 22, 2025
    Product Type:
    Drugs
    Reason for Announcement:

    Recall Reason Description
    The product contains undeclared Dexamethasone, Diclofenac and Omeprazole

    Company Name:
    UMARY USA
    Brand Name:

    Brand Name(s)
    UNAVY & UMOVY

    Product Description:

    Product Description
    Unavy Acidio Hialuronico (30 caplets/850 mg) and Umovy Acidio Hialuronico (30 caplets/850 mg)

    Company Announcement
    FOR IMMEDIATE RELEASE – Date: May 21 2025, Nogales, AZ, UMARY USA is voluntarily recalling all lots of Unavy Ácido HIALURÓNICO (30 caplets/850 mg) and Umovy Ácido HIALURÓNICO (30 caplets/850 mg), to the consumer level. FDA laboratory analysis confirmed that these products are tainted with the drug ingredients Diclofenac, Dexamethasone and Omeprazole. Products containing Diclofenac, Dexamethasone or Omeprazole cannot be marketed as dietary supplements. UNAVY ÁCIDO HIALURÓNICO and UMOVY ÁCIDO HIALURÓNICO are unapproved new drugs for which safety and efficacy have not been established and, therefore, subject to recall.
    Risk Statement: Dexamethasone is a corticosteroid commonly used to treat inflammatory conditions. Corticosteroid use can impair a person’s ability to fight infections and can cause high blood sugar levels, muscle injuries, psychiatric problems, and lead to cardiovascular events. When corticosteroids are taken for a prolonged period, or at high doses, they can suppress the adrenal gland (a disorder in which the adrenal glands do not produce enough hormones) and adverse consequences can range from limited adverse consequences to death. Additionally, abrupt discontinuation can cause withdrawal symptoms. Diclofenac is a non-steroidal anti-inflammatory drug (commonly referred to as NSAIDs). Consumption of undeclared diclofenac could result in serious adverse events that include cardiovascular, gastrointestinal, renal, and anaphylaxis in patients taking concomitant NSAIDs and/or anticoagulants, in those who have allergies to diclofenac, or those with underlying illnesses. Omeprazole is a proton pump inhibitor (commonly referred to as PPI) used to treat gastric (stomach) acid-related disorders. Consumption of undeclared omeprazole may mask stomach issues such as erosions, ulcers, and stomach cancer. Consumption of undeclared dexamethasone, diclofenac, and omeprazole can also interact with other medications and cause serious side effects. Umary- usa.com has not received any reports of adverse events related to this recall.
    These products are marketed as dietary supplements for joint pain and arthritis. UNAVY ÁCIDO HIALURÓNICO is packaged in a white plastic container with a black background label, and white and yellow writing on it. The bottle has 30 caplets/ 850 mg. The affected product includes all lots and expiration dates. UMOVY ÁCIDO HIALURÓNICO is a black plastic bottle with a black label with white and blue lettering on the label. The bottle has 30 caplets/ 850mg. The affected product includes all lots and expiration dates. Product was distributed Nationwide via internet, exclusively via umary-usa.com.
    Umary-usa.com is notifying its distributors and customers by Press release and email and is arranging for return and refund of all recalled products. Consumers who have any of these products, should immediately work with their physician and/or health care provider to safely discontinue use of these products. Consumers with questions regarding this recall can contact umary-usa.com at umaryusa2025@gmail.com, available seven days a week, 24 hours a day. Consumers should contact their physician or healthcare provider if they have experienced any problems that may be related to taking or using this drug product.
    Adverse reactions or quality problems experienced with the use of this product may be reported to the FDA’s MedWatch Adverse Event Reporting program either online, by regular mail or by fax.

    This recall is being conducted with the knowledge of the U.S. Food and Drug Administration.

    Company Contact Information

    Media:
    Hugo Ramirez
    520-342-7385

    Product Photos

    Content current as of:
    05/22/2025

    Regulated Product(s)

    Follow FDA

    MIL OSI USA News

  • MIL-OSI Security: Convicted Felon Sentenced to 24 Months for Possession of a Glock Semiautomatic Pistol

    Source: Office of United States Attorneys

               WASHINGTON – Tyrell Anthony West, 30, a previously convicted felon and resident of the District of Columbia, was sentenced today in U.S. District Court to 24 months in prison in connection with being in possession of a loaded Glock semiautomatic pistol when police encountered him with a stolen Mercedes.

               The sentencing was announced by U.S. Attorney Jeanine Ferris Pirro, ATF Special Agent in Charge Anthony Spotswood of the Bureau of Alcohol, Tobacco, Firearms, and Explosives – Washington Division, and FBI Assistant Director in Charge Steven J. Jensen of the Washington Field Office, and Chief Pamela Smith of the Metropolitan Police Department.

               West pleaded guilty on Feb. 13, 2025, unlawful possession of a firearm by a felon. In addition to the prison term, U.S. District Court Judge Amit P. Mehta ordered West to serve three years of supervised release. 

               According to court documents, on Feb. 26, 2024, about 7:30 p.m., the officers with the MPD’s Robbery Suppression Unit were travelling down the 2900 block of Knox Place, SE, in unmarked vehicles. An officer noticed a parked silver Mercedes Benz C300 park and watched as West quickly closed the car door and crossed the street at a brisk pace to where a group was congregated. 

               Officers ran the Mercedes’ plate number and learned it was not registered in the database. They approached the vehicle to discover that its VIN number was covered. 

               An officer uncovered the VIN. Another asked West if the car’s registration was in the glove compartment. West opened the glove compartment and then opened the vehicle’s center console. One of the officers immediately spotted a firearm. Three seconds later, the officer checking the VIN number learned the Mercedes had been reported stolen from a car dealership in Howard County, Maryland. 

               From the center console, MPD officers recovered a black Glock 30. .45 caliber semi-automatic firearm loaded and ready to fire with one round of ammunition in the chamber and 13 additional rounds in the magazine. DNA evidence later linked West to the firearm.

               Officers also recovered three plastic bags containing a white rock substance with a combined weight of 82.79 grams, and a black digital scale with white residue. Later testing by the DEA determined the substance was N, Ndimethylpentalone, an illegal synthetic controlled-substance otherwise known as ‘boot.” Officers also recovered 28 suspected suboxone strips from the trunk of the Mercedes. 

               West has a previous conviction for carrying a pistol without a license. On April 22, 2022, he was sentenced to 18 months in prison, which was suspended. On Feb. 9, 2023, he was resentenced to nine months in prison. 

               This case was investigated by the FBI and the Metropolitan Police Department. The matter is being prosecuted by Special Assistant U.S. Attorney Emily Reeder-Ricchetti, former Assistant U.S. Attorney Omeed Ali Assefi, and former Special Assistant U.S. Attorney Monica Svetoslavov.

    24cr134

    MIL Security OSI

  • MIL-OSI Security: Several convicted for roles in deadly transnational human smuggling operation

    Source: Office of United States Attorneys

    LAREDO, Texas – A sixth and final person has admitted her role in a human smuggling conspiracy that resulted in death, announced U.S. Attorney Nicholas J. Ganjei.

    Mexican national Cynthia Gabriela Muniz Carreon, 30, pleaded guilty to conspiracy to transport an undocumented alien causing serious bodily injury and resulting in death.

    Those previously convicted include Mexican nationals Martha Angelica Limon Parra and David Alejandro Gomez Flores, both 29; Guatemalan national Edy Ronaldo Lima Flores, 37; and Dagoberto Flores, 24, and Angel Elias, 22 both of Laredo.

    All six were part of a transnational human smuggling organization responsible for moving illegal aliens across the southern border of Texas. Their actions led to the death of a Guatemalan man and several other dangerous events, including a rollover crash.

    “For those that may have relatives, friends, or other loved ones that are considering hiring a smuggler, urge them to think twice. If you are thinking about coming to this country illegally, also think twice.” said Ganjei. “Human smuggling is a dangerous, and often deadly, business, and those that are transporting you have little or no regard for your safety or well-being. Do not put your life in the hands of these criminals.”

    Authorities identified Carreon and Parra as Mexico-based coordinators for the organization. Cellphone data revealed both women were part of a WhatsApp group chat titled “La Oficina,” which the organization used to coordinate human smuggling activity. The group maintained detailed ledgers and color-coded spreadsheets documenting the aliens’ biographical information, arrival dates, assigned stash houses, guides and payment status.

    Although many of the aliens were from Guatemala, the smuggling group instructed them to falsely claim Mexican nationality. This tactic exploited U.S. immigration procedure by ensuring the aliens would be removed to Mexico instead of their home country which made it faster and easier for the organization to smuggle them back into the United States.

    Ledgers shared in “La Oficina” chat revealed the organization generated approximately $79,000 in smuggling proceeds between April 12 and 17, 2024, alone.

    Authorities identified Lima Flores as the organization’s Laredo-based transportation coordinator, who hired Dagoberto Flores. Authorities also identified Gomez Flores as the stash house coordinator responsible for receiving aliens from Mexico and illegally harboring them in Laredo. Cellphone evidence revealed Gomez Flores had been involved with the organization since at least 2003 and had received more than $300,000 for helping conceal and transport aliens illegally.

    Elias worked with Lima Flores and acted as both a transporter and scout for the organization.

    The investigation revealed additional smuggling incidents dating back to April 2024, including one in which an alien became so weak and delirious that he could no longer walk through the brush. Authorities also linked the same organization to a smuggling event April 19, 2024, that resulted in a rollover crash near Laredo. A Guatemalan alien involved in the crash suffered serious back injuries and required hospitalization.

    On July 2, 2024, Dagoberto Flores was driving a Ford F-150 transporting aliens. He fled when authorities attempted a traffic stop. The aliens scattered into the brush, including a Guatemalan national who became separated from the group. The investigation revealed he had repeatedly contacted Lima Flores and Carreon asking for help and sharing his location. Carreon told him to stay well hidden and be patient. Authorities later found him deceased. His cause of death was determined to be from heat exhaustion, with temperatures reaching 100 degrees that day.

    U.S. District Judge Marina Garcia Marmolejo will set sentencing at a later date. At that time, each faces up to life in federal prison and a possible $250,000 fine.

    All six have been and will remain in custody pending sentencing.

    Immigration and Customs Enforcement – Homeland Security Investigations, Laredo Police Department Gang Unit, Border Patrol, Texas Department of Public Safety, Encinal Police Department Customs and Border Protections (CBP) and CBP Air and Marine Operations conducted the investigation.

    The case is the result of an Organized Crime Drug Enforcement Task Forces (OCDETF) operation and coordinated efforts of Joint Task Force Alpha (JTFA).

    OCDETF identifies, disrupts and dismantles the highest-level criminal organizations that threaten the United States using a prosecutor-led, intelligence-driven, multi-agency approach.

    JTFA, a partnership with Department of Homeland Security, has been elevated and expanded with a mandate to target cartels and transnational criminal organizations to eliminate human smuggling and trafficking networks operating in Mexico, Guatemala, El Salvador, Honduras, Panama and Colombia that impact public safety and the security of our borders. JTFA currently comprises detailees from U.S. Attorneys’ Offices along the southwest border, including the Southern District of California, Districts of Arizona and New Mexico and Western and Southern Districts of Texas. Dedicated support is provided by the Justice Department’s Criminal Division, led by the Human Rights and Special Prosecutions Section and supported by the Money Laundering and Asset Recovery Section, Office of Enforcement Operations and the Office of International Affairs, among others. JTFA also relies on substantial law enforcement investment from DHS, FBI, DEA and other partners. To date, JTFA’s work has resulted in more than 365 domestic and international arrests of leaders, organizers and significant facilitators of alien smuggling, more than 334 U.S. convictions, more than 281 significant jail sentences imposed and forfeitures of substantial assets.

    This case is also part of Operation Take Back America, a nationwide initiative that marshals the full resources of the Department of Justice to repel the invasion of illegal immigration, achieve the total elimination of cartels and transnational criminal organizations and protect our communities from the perpetrators of violent crime. Operation Take Back America streamlines efforts and resources from the Department’s OCDETF and Project Safe Neighborhood.

    JTFA detailee Assistant U.S. Attorney Jennifer Day is prosecuting the case.   

    MIL Security OSI

  • MIL-OSI USA: Cornyn, Welch Introduce the Carla Walker Act to Help Solve Cold Cases

    US Senate News:

    Source: United States Senator for Texas John Cornyn

    WASHINGTON – U.S. Senators John Cornyn (R-TX) and Peter Welch (D-VT) today introduced the Carla Walker Act, which would dedicate existing federal grant funds to support forensic genetic genealogy (FGG) DNA analysis and help solve previously unsolvable cold cases. The bill is named for Carla Walker, a Fort Worth native whose murderer was finally identified 46 years after her death with the help of this advanced technology.

    “Fort Worth native Carla Walker was abducted in a bowling alley and tragically murdered in 1974, but it took more than four decades and the advent of forensic genetic genealogy DNA analysis for her killer to be identified and brought to justice,” said Sen. Cornyn. “I am proud to have authored this legislation, which would make this cutting-edge DNA testing technology more widely available to law enforcement so they can better identify and prosecute offenders, solve cold cases, and bring closure to victims’ families.”

    “Advancements in forensic DNA technology have revolutionized our ability to combat crime. In Vermont, detectives were able to use forensic genetic genealogy analysis to help provide answers to a family who thought they might never come. We’ve also seen how this technology can be a powerful tool in giving those wrongly accused a chance to clear their names,” said Sen. Welch. “Our bipartisan bill will help investigators across the country harness the incredible power of FGG technology to crack cold cases and deliver justice to countless victims and families, and I’m thankful for Senator Cornyn’s leadership on it.”

    U.S. Congressman Wesley Hunt (TX-38) is leading companion legislation in the House of Representatives.

    Background:

    Typically, when a suspect’s identity is unknown, a crime laboratory uploads the genetic material recovered from a crime scene into the FBI’s national database to search for DNA matches between the forensic sample and any known offenders. While this traditional form of forensic DNA profiling only examines 13-20 Short tandem repeat (STR) DNA markers, forensic genetic genealogy (FGG) technology examines over half a million Single Nucleotide Polymorphisms (SNPs) that span the entirety of the human genome. It does so by cross-referencing shared blocks of SNP markers to identify relatives of the genetic profile by uncovering shared blocks of DNA. This enables criminal investigators to build family trees that ultimately help determine the sample’s identity and solve cases.

    Carla Walker was abducted from a bowling alley parking lot in Fort Worth, Texas, on February 17, 1974. Her body was found three days later in a drainage ditch 30 minutes south of Fort Worth. The Fort Worth Police Department was able to collect a few forensic samples and clothing items from the crime scene, but law enforcement could not solve the murder due to limited forensic technology at the time. Carla’s brother, Jim Walker, never stopped searching for answers and nearly 50 years later, FGG DNA analysis was conducted on the last remaining DNA on a piece of Walker’s clothing, which led to a successful DNA match with the McCurley family and ultimately identified Glen McCurley, Jr. as the killer, who confessed in 2021 and died in prison on July 14, 2023.

    Sen. Cornyn’s Carla Walker Act would create a pilot program to make this cutting-edge FGG DNA analysis more widely available to investigative agencies to:

    • Aid in resolving previously unsolvable cold cases;
    • Assist in the identification of criminals;
    • Seek justice for previously unidentified victims;
    • Help exonerate wrongly accused suspects;
    • And bring closure for the victims’ loved ones. 

    MIL OSI USA News

  • MIL-OSI USA: SEC Charges Former Real-Estate Investment CEO with Operating Multimillion Dollar Ponzi-Like Scheme

    Source: Securities and Exchange Commission

    The Securities and Exchange Commission today charged San Francisco Bay Area resident Kenneth Mattson, the former CEO of real estate investment business LeFever Mattson, with defrauding approximately 200 investors of at least $46 million by selling them fake interests in real estate investment limited partnerships. Many of these investors were retired senior citizens Mattson met through his church community.

    According to the SEC’s complaint, LeFever Mattson managed legitimate limited partnerships that invested in residential and commercial real estate, and that were owned by a set of real investors. From approximately 2007 to April 2024, Mattson allegedly offered and sold fake ownership interests in these limited partnerships to defrauded investors. According to the complaint, the fake sales were not reflected in the legitimate records of ownership, and investors who purchased the fake interests never became actual limited partners or received ownership rights. Instead, Mattson allegedly commingled new investor funds with personal and business funds and used the commingled funds to make Ponzi-like payments, gave defrauded investors false tax records, and misappropriated investor funds to pay for personal expenses and real estate transactions and expenses related to his personal partnership, KS Mattson Partners LP. The complaint further alleges that Mattson solicited investors to transfer funds from their individual retirement accounts (IRA) to so-called self-directed IRAs, enabling them to invest in the purported limited partnership interests Mattson offered and sold. These purported sales were not recorded in LeFever Mattson’s books and records, and these investors did not become actual limited partners, according to the complaint.

    “As our complaint alleges, Mattson lied to hundreds of individual investors, many of whom were retirees investing their hard-earned savings, and did not actually sell them the ownership interests that he promised,” said Sam Waldon, Acting Director of the SEC’s Division of Enforcement. “The SEC is firmly committed to pursuing those who prey on retail investors and retirees, such as the individuals we allege that Mattson targeted.”

    The SEC’s complaint, filed in the U.S. District Court for the Northern District of California, charges Mattson with violating the antifraud and registration provisions of the federal securities laws. The SEC seeks permanent injunctions, including a conduct-based injunction, disgorgement with prejudgment interest, civil penalties, and an officer and director bar. The complaint also names KS Mattson Partners LP as a relief defendant and seeks disgorgement of its ill-gotten gains with prejudgment interest.

    The SEC’s Office of Investor Education and Advocacy has issued an Investor Alert with tips on how investors can identify and avoid frauds that operate in connection with self-directed IRAs.

    In a parallel action, the U.S. Attorney’s Office for the Northern District of California today announced criminal charges against Mattson.

    The SEC’s investigation was conducted by Duncan C. Simpson LaGoy, Natasha Bronn Schrier, and Michael Foley and was supervised by David Zhou and Jason H. Lee of the San Francisco Regional Office. The litigation will be led by Mr. Simpson LaGoy and Ms. Bronn Schrier. The SEC appreciates the assistance of the U.S. Attorney’s Office for the Northern District of California and the FBI.

    MIL OSI USA News

  • MIL-OSI: ESET participates in operation to disrupt the infrastructure of Danabot infostealer

    Source: GlobeNewswire (MIL-OSI)

    • ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructure.
    • While primarily developed as an infostealer, Danabot also has been used to distribute additional malware, including ransomware.
    • Danabot’s authors promote their toolset through underground forums and offer various rental options to potential affiliates.
    • This ESET Research analysis covers the features used in the latest versions of the malware, the authors’ business model, and an overview of the toolset offered to affiliates.
    • Poland, Italy, Spain and Turkey are historically one of the most targeted countries by Danabot.

    PRAGUE and BRATISLAVA, Czech Republic, May 22, 2025 (GLOBE NEWSWIRE) — ESET has participated in a major infrastructure disruption of the notorious infostealer, Danabot, by the US Department of Justice, the FBI, and US Department of Defense’s Defense Criminal Investigative Service. U.S. agencies were working closely with Germany’s Bundeskriminalamt, the Netherlands’ National Police, and the Australian Federal Police. ESET took part in the effort alongside Amazon, CrowdStrike, Flashpoint, Google, Intel471, PayPal, Proofpoint, Team Cymru and Zscaler. ESET Research, which has been tracking Danabot since 2018, contributed assistance that included providing technical analysis of the malware and its backend infrastructure, as well as identifying Danabot’s C&C servers. During that period, ESET analyzed various Danabot campaigns all over the world, with Poland, Italy, Spain and Turkey historically being one of the most targeted countries. The joint takedown effort also led to the identification of individuals responsible for Danabot development, sales, administration, and more.

    “Since Danabot has been largely disrupted, we are using this opportunity to share our insights into the workings of this malware-as-a-service operation, covering the features used in the latest versions of the malware, the authors’ business model, and an overview of the toolset offered to affiliates. Apart from exfiltrating sensitive data, we have observed that Danabot is also used to deliver further malware, which can include ransomware, to an already compromised system,” says ESET researcher Tomáš Procházka, who investigated Danabot.

    The authors of Danabot operate as a single group, offering their tool for rental to potential affiliates, who subsequently employ it for their malicious purposes by establishing and managing their own botnets. Danabot’s authors have developed a vast variety of features to assist customers with their malevolent motives. The most prominent features offered by Danabot include: the ability to steal various data from browsers, mail clients, FTP clients, and other popular software; keylogging and screen recording; real-time remote control of the victims’ systems; file grabbing; support for Zeus-like webinjects and form grabbing; and arbitrary payload upload and execution. Besides utilizing its stealing capabilities, ESET Research has observed a variety of payloads being distributed via Danabot over the years. Furthermore, ESET has encountered instances of Danabot being used to download ransomware onto already compromised systems.

    In addition to typical cybercrime, Danabot has also been used in less conventional activities such as utilizing compromised machines for launching DDoS attacks… for example, a DDoS attack against Ukraine’s Ministry of Defense soon after the Russian invasion of Ukraine.

    Throughout its existence, according to ESET monitoring, Danabot has been a tool of choice for many cybercriminals and each of them has used different means of distribution. Danabot’s developers even partnered with the authors of several malware cryptors and loaders, and offered special pricing for a distribution bundle to their customers, helping them with the process. Recently, out of all distribution mechanisms ESET observed, the misuse of Google Ads to display seemingly relevant, but actually malicious, websites among the sponsored links in Google search results stands out as one of the most prominent methods to lure victims into downloading Danabot. The most popular ploy is packing the malware with legitimate software and offering such a package through bogus software sites or websites falsely promising users to help them find unclaimed funds. The latest addition to these social engineering techniques are deceptive websites offering solutions for fabricated computer issues, whose only purpose is to lure victims into execution of a malicious command secretly inserted into the user’s clipboard.

    The typical toolset provided by Danabot’s authors to their affiliates includes an administration panel application, a backconnect tool for real-time control of bots, and a proxy server application that relays the communications between the bots and the actual C&C server. Affiliates can choose from various options to generate new Danabot builds, and it’s their responsibility to distribute these builds through their own campaigns.

    “It remains to be seen whether Danabot can recover from the takedown. The blow will, however, surely be felt, since law enforcement managed to unmask several individuals involved in the malware’s operations,” concludes Procházka.

    For technical overview of Danabot and insight into its operation, check out ESET Research blogpost: “Danabot: Analyzing a fallen empire” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.

    Worldwide Danabot detections as seen in ESET telemetry since 2018

    About ESET

    ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown— securing businesses, critical infrastructure, and individuals. Whether it’s endpoint, cloud, or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit www.eset.com or follow our social media, podcasts and blogs.

    A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/2306cbf1-1ef7-4040-8c12-ca8be3cc6689

    The MIL Network

  • MIL-OSI USA: Colombian National Sentenced to Over 20 Years in Prison for Role in Conspiracy to Kidnap and Assault U.S. Army Soldiers in Colombia

    Source: US State of California

    A Colombian national was sentenced today in the Southern District of Florida for her role in kidnapping and assaulting two members of the U.S. military who were on temporary duty in Bogotá, Colombia.

    Kenny Julieth Uribe Chiran, 35, was sentenced to 262 months in prison followed by three years of supervised release, and ordered to pay $24,115 in restitution. She is the third and final defendant to be sentenced and held accountable for this criminal conspiracy. She pleaded guilty in March 2025 to conspiracy to kidnap an internationally protected person.

    “Uribe Chiran and her co-defendants mercilessly preyed on U.S. soldiers when they drugged their drinks, stole their valuables, and left them incapacitated on the street,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “Kidnapping and assaulting two U.S. military service members is deplorable and the Criminal Division will continue to prioritize protecting our service members through these prosecutions. I thank the prosecutors and our law enforcement partners who work tirelessly to bring justice to these victims.”

    “Members of our military, whether serving here or abroad, can count on this Department of Justice’s respect, support, and protection,” said U.S. Attorney Hayden P. O’Byrne for the Southern District of Florida. “Kidnappings and assaults against U.S. service members will not be tolerated. To those who would dare commit such reprehensible acts against America’s heroes, know this: We will identify you; we will find you; and we will prosecute you as aggressively as the law permits.”

    “The FBI’s commitment to investigate criminal acts against the U.S. military beyond our borders is clearly demonstrated by our persistent pursuit of justice for the two kidnapped soldiers,” said Acting Special Agent in Charge Brett D. Skiles of the FBI Miami Field Office. “Our close cooperation with Colombian and Chilean law enforcement authorities was essential to this international investigation’s success. To all would be kidnappers the message is clear: target our citizens with violence anywhere in the world and we will hold you accountable for your actions.”

    According to court documents, the two U.S. soldiers went to an entertainment district in Bogotá to watch a soccer game on the evening of March 5, 2020. They later went to a pub, where Uribe Chiran and one of her co-defendants approached the soldiers and, without their knowledge, put drugs in their drinks that rendered them incapacitated. Medical examinations later confirmed the presence of benzodiazepines in the two soldiers’ systems. The defendants then kidnapped the soldiers, took their valuables, including their credit and debit card information, and left them incapacitated on the street in separate locations. The defendants used one victim’s credit card and the other victim’s debit card to make purchases and withdraw money.

    Uribe Chiran was extradited in September 2024 from Colombia to the United States. Co-defendant Pedro Jose Silva Ochoa was extradited in April 2024 from Chile to the United States, pleaded guilty in December 2024, and was sentenced in March 2025 to 27 years and three months in prison. Co-defendant Jeffersson Arango Castellanos was extradited in May 2023 from Colombia to the United States, pleaded guilty in January 2024, and was sentenced in May 2024 to 48 years and nine months in prison.

    The FBI Miami Field Office investigated the case. The Justice Department’s Office of International Affairs and the Criminal Division’s Narcotic and Dangerous Drug Section’s Office of the Judicial Attaché in Bogotá provided significant assistance in this matter. The United States thanks Colombian law enforcement authorities for their valuable assistance.

    Trial Attorneys Clayton O’Connor and Elizabeth Nielsen of the Criminal Division’s Human Rights and Special Prosecutions Section and Assistant U.S. Attorney Bertila Fernandez for the Southern District of Florida are prosecuting the case.

    MIL OSI USA News

  • MIL-OSI USA: Fifteen Charged with Drug Conspiracy and Weapons Charges

    Source: US State of California

    A 29-count indictment was unsealed today charging 12 men and 3 women for their roles in a drug trafficking organization and related gun offenses.

    According to court documents, the defendants were part of a drug trafficking organization that distributed methamphetamine, powder cocaine, crack cocaine, heroin, oxycodone, Xanax, psylocibin mushrooms, and marijuana. Six of the defendants face additional charges for gun crimes relating to their alleged drug trafficking. The defendants are alleged to have used several drug houses and a food truck to store illegal drugs and conduct drug transactions. As alleged, in one notable instance in June of 2023, U.S. Customs and Border Protection agents seized 29 kilograms of methamphetamine that one defendant was attempting to transport into the United States.

    “As alleged, this drug trafficking organization imported methamphetamine directly from Mexico and used the U.S. mail, a taco truck, and homes in different Houston neighborhoods to distribute and sell methamphetamine and other dangerous drugs,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “Several of the defendants are also alleged to have used firearms in furtherance of their narcotics trafficking and illegally possessed firearms despite having previously been convicted of felonies. The Criminal Division, along with our federal, state, and local partners, will continue to work tirelessly to combat the scourge of drug trafficking in communities.”

    “The defendants are alleged to have engaged in a multi-drug narcotics distribution ring, and, as often seen in the drug trade, are also alleged to have used illegal firearms to facilitate their enterprise,” said U.S. Attorney Nicholas J. Ganjei for the Southern District of Texas. “Some of the charges indicate methamphetamine was alleged to have been sourced from Mexico, and thus this investigation highlights why this office’s enforcement efforts on the border are so critical. The Southern District of Texas will do everything it can to prevent narcotics from entering our country and will be relentless in apprehending those that would distribute drugs in our communities.”

    “For years, the transnational criminal organization allegedly operated by these gang members has brazenly flooded our local communities with deadly narcotics,” said Special Agent in Charge Chad Plantz of Immigration and Customs Enforcement – Homeland Security Investigations (ICE-HSI) Houston. “Working in conjunction with the Houston Police Department (HPD) and our Organized Crime Drug Enforcement Task Forces (OCDETF) partners, we were able to expose and dismantle their drug trafficking scheme, eliminating a significant contributor to violent crime in the area and saving an untold number of Houstonians from becoming addicted.”

    James Michael Brewer, also known as Creeper, 33; Jonathan Alvarado, also known as Joker, 28; Hector Luis Lopez, also known as Capulito, 23; Alfredo Gomez, also known as Fredo, 26; and Victor Norris Ellison, 35, all of Houston, have been indicted on drug trafficking and firearm charges. If convicted, they each face a mandatory minimum penalty of 15 years in prison and a maximum penalty of life in prison.

    The following defendants, all of Houston unless otherwise noted, have been indicted on drug trafficking charges. If convicted, they each face a mandatory minimum penalty of 10 years in prison and a maximum penalty of life in prison.

    • Jose Francisco Garcia-Martinez, also known as Paco, 29, a Mexican national;
    • Enzo Xavier Dominguez, also known as Smiley, 32;
    • Alexis Delgado, also known as Chino, 28;
    • Jose Eduardo Morales, also known as Primo, 22;
    • William Alexander Lazo, also known as Miclo, 21;
    • Kylie Rae Alvarado, 24;
    • Ruby Mata, 31;
    • Mexi Dyan Garcia, also known as Mexi, 31; and
    • Jesus Gomez-Rodriguez, also known as Jr., 33.

    Marcos Rene Simaj-Guch, also known as Taco Man, 41, a Mexican national, is charged with drug trafficking. If convicted, he faces a mandatory minimum penalty of five years in prison and a maximum penalty of 40 years in prison.

    ICE-HSI and HPD conducted the investigation with the assistance of the FBI, Bureau of Alcohol, Tobacco, Firearms, and Explosives and Texas Board of Criminal Justice Office of the Inspector General.

    Trial Attorneys Ralph Paradiso and Amanda Kotula of the Criminal Division’s Violent Crime and Racketeering Section and Assistant U.S. Attorney Francisco Rodriguez for the Southern District of Texas are prosecuting the case.

    This case is part of the Criminal Division’s Violent Crime Initiative to prosecute violent crimes in Houston, Texas. The Criminal Division and the U.S. Attorney’s Office for the Southern District of Texas have partnered, along with local, state, and federal law enforcement agencies, to confront violent crimes committed by gang members and associates through the enforcement of federal laws and use of federal resources to prosecute the violent offenders and prevent further violence.

    This case is part of Operation Take Back America, a nationwide initiative that marshals the full resources of the Department of Justice to repel the invasion of illegal immigration, achieve the total elimination of cartels and transnational criminal organizations and protect our communities from the perpetrators of violent crime. Operation Take Back America streamlines efforts and resources from the Department’s OCDETF and Project Safe Neighborhoods.

    An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

    MIL OSI USA News

  • MIL-OSI USA: Rep. Huffman Statement on Capital Jewish Museum Shooting and Antisemitism

    Source: United States House of Representatives – Congressman Jared Huffman Representing the 2nd District of California

    May 22, 2025

    Washington, D.C. – Today, U.S. Representative Jared Huffman (CA-02) released the following statement in response to the deadly act of violence at the Capital Jewish Museum: 

    “The deadly display of antisemitic violence that transpired outside the Capital Jewish Museum in Washington, D.C. last night is appalling. In what the FBI believes may be a targeted attack, two young members of the Jewish community were senselessly murdered. As we await additional details, one thing remains clear: antisemitism has no place in our country, and we need to take action to put an end to this vile hate as violence worsens both at home and around the globe. 

    “In the days since the October 7th attack, we’ve seen an undeniable rise in antisemitism and hate crimes. Antisemitism, along with Islamophobia and other forms of ethno-religious hatred, have festered far too long in the United States. We cannot allow violent extremists – or their enablers – to sow hatred and threaten our communities. I condemn these tragic murders and all other antisemitic hate crimes unequivocally and unconditionally. We must also reaffirm our commitment to confronting and eliminating all ethno-religious hatred and political violence once and for all. 

    “I send my deepest condolences to the loved ones of the Israeli embassy staff who were murdered last night, and my thoughts and sympathies are with the victims and all those affected by this tragic attack. I will continue fighting back unequivocally against ethno-religious hate and political violence in all its forms and locations.”

    Previous Article

    MIL OSI USA News

  • MIL-OSI Security: Montgomery Man Sentenced for Possessing Machinegun Conversion Device During Tuskegee University Shooting Incident

    Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)

    MONTGOMERY, AL – Acting United States Attorney Kevin Davidson announced today that a Montgomery man who was present during a campus shooting at Tuskegee University has been sentenced in federal court. On May 20, 2025, 25-year-old Jaquez Kevon Myrick was sentenced to 24 months in prison for possession of a firearm equipped with a machinegun conversion device. Following his prison term, Myrick will serve three years of supervised release. There is no parole in the federal system.

    According to court records and the criminal complaint, on November 10, 2024, law enforcement officers responded to reports of a mass shooting in a parking lot on the campus of Tuskegee University in Tuskegee, Alabama. Upon arrival, officers encountered a large crowd and heard gunfire in the area. During the response, an officer observed Myrick moving through the parking lot with a firearm in his hand and detained him.

    Upon inspection, agents determined that the handgun Myrick possessed was equipped with a machinegun conversion device—commonly referred to as a “switch.” When installed, such a device transforms a semi-automatic firearm into a fully automatic weapon, capable of firing up to 20 rounds per second with a single pull of the trigger. Myrick pleaded guilty to possession of the device on January 29, 2025.

    “This case is yet another example of the danger posed by illegal machinegun conversion devices,” said Acting U.S. Attorney Davidson. “These devices turn handguns into weapons of war, with no place on our streets or campuses. We will continue to work with our law enforcement partners to keep our communities safe and hold offenders accountable.”

    The investigation was conducted by the Alabama Law Enforcement Agency (ALEA), Tuskegee University Police Department, City of Tuskegee Police Department, Macon County Sheriff’s Office, Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), Federal Bureau of Investigation (FBI), Fifth Judicial Circuit District Attorney’s Office, and the Alabama Attorney General’s Office. Assistant United States Attorney Tara S. Ratz prosecuted the case for the Middle District of Alabama.

    MIL Security OSI

  • MIL-OSI Security: Gang Leaders Among 16 Indicted for Drug Trafficking, Firearm Offenses

    Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)

    CHARLESTON, S.C. — A federal grand jury in Charleston returned two multi-count indictments (United States v. Gailliard et al. and United States v. Bailey et al.) charging a total of 16 individuals for their roles in trafficking cocaine, methamphetamine and fentanyl as well as the use of firearms in furtherance of drug trafficking.

    The indictments stem from a lengthy investigation led by the Lowcountry Violent Crime Task Force to address significant drug trafficking in our local communities and the violence associated with such activities.  The individuals charged in these indictments operated primarily out of the North Charleston and West Ashley areas and several are associated with the Gangster Disciple and Fruit Town Piru street gangs.  During the course of this investigation, law enforcement has seized approximately 60 kilograms of cocaine, 1 kilogram of methamphetamine, 24 pounds of marijuana, 600 grams of fentanyl, 500 grams of heroin and thousands of narcotics pills, as well as 12 firearms.

    “These indictments send a clear message that we will not tolerate the proliferation of dangerous drugs and the violence they breed in our communities. The significant quantities of fentanyl, cocaine, methamphetamine, heroin, along with numerous firearms, underscore the scale and severity of the alleged criminal activity,” said U.S. Attorney Bryan Stirling for the District of South Carolina. “Our local, state, and federal partners demonstrated their commitment to aggressively dismantling drug trafficking networks, particularly those fueling violent street gangs.”

    “These indictments and arrests should provide the community with a sense of reassurance of the FBI’s commitment to work with our state and local partners to make our communities safer,” said Reid Davis, acting special agent in charge of the FBI Columbia field office. “Every resident deserves to live in a safe environment, free from the threats of drugs and violence. The FBI is committed to justice, and we will continue to stand firm in protecting our communities by upholding the rule of law.”

    In the Gailliard et al indictment, the following charges have been filed in United States District Court, according to court documents:

    • Shawntez Gaillard, 32, of North Charleston, was charged with conspiring to distribute 5 kilograms or more of cocaine and 50 grams or more of methamphetamine, as well as two counts of distribution of cocaine and one count of distribution of 50 gram or more of methamphetamine.
    • Bernard Garland Gregory, 36, of North Charleston, was charged with conspiring to distribute cocaine.
    • Harold Alvin Champaigne, 49, of North Charleston was charged with conspiring to distribute 5 kilograms or more of cocaine, as well as one count of distribution of 500 grams or more of cocaine.
    • Dominic Jaquan Mack, 44, of North Charleston, was charged with conspiring to distribute 5 kilograms or more of cocaine.
    • Sharon T. Carter, 53, of Summerville, was charged with conspiring to distribute 5 kilograms or more of cocaine, as well as one count of possessing with intent to distribute 5 kilograms or more of cocaine.
    • Mary Nelly Ayala, 48, of Summerville, was charged with conspiring to distribute 5 kilograms or more of cocaine.
    • Scott Clayton Hollins, 55, of North Charleston, was charged with conspiring to distribute 50 grams or more of methamphetamine and a quantity of cocaine, as well as one count of possessing with intent to distribute 50 grams or more of methamphetamine and quantities of cocaine and fentanyl, and one count of possessing a firearm in furtherance of a drug trafficking crime.
    • Quentin Rambert, 34, of North Charleston, was charged with conspiring to distribute 5 kilograms or more of cocaine.
    • Levi Cohen, IV, 30, of Charleston, was charged with conspiring to distribute 500 grams or more of cocaine.
    • Jabari Cortez Lee, 28, of North Charleston, was charged with conspiring to distribute a quantity of cocaine.
    • Marchevis Jefferson, 33, of Charleston, was charged with conspiring to distribute a quantity of cocaine.

    In the Bailey et al indictment, the following charges have been filed in United States District Court, according to court documents:

    • Jarell Montsho Bailey, 31, of Charleston, was charged with conspiring to distribute 50 grams or more of methamphetamine, 40 grams or more of fentanyl and 500 grams or more of cocaine, as well as eight counts of distribution of cocaine, four counts of distribution of methamphetamine, three counts of distribution of fentanyl, and one count of possessing a firearm in furtherance of a drug trafficking crime.
    • DaQuan Hakeem Lee, 33, of Charleston, was charged with conspiring to distribute a quantity of cocaine.
    • Cleo Williams, Jr, 36, of Summerville, was charged with conspiring to distribute 500 grams or more of cocaine, as well as one count of distribution of cocaine.
    • Meri Elizabeth Sottile, 42, of Charleston, is charged with conspiring to distribute a quantity of methamphetamine, as well as one count of possessing methamphetamine with intent to distribute and one count of possessing a firearm in furtherance of a drug trafficking crime.
    • Amanda Danielle Forth, 34, of Charleston, is charged with conspiring to distribute 50 grams or more of methamphetamine, as well as possessing 50 grams or more of methamphetamine with intent to distribute.

    This prosecution is part of an Organized Crime Drug Enforcement Task Forces (OCDETF) investigation. OCDETF identifies, disrupts, and dismantles the highest-level drug traffickers, money launderers, gangs, and transnational criminal organizations that threaten the United States by using a prosecutor-led, intelligence-driven, multi-agency approach that leverages the strengths of federal, state, and local law enforcement agencies against criminal networks. Additional information about the OCDETF Program can be found at https://www.justice.gov/OCDETF

    The case was investigated by the FBI Columbia field office, Bureau of Alcohol, Tobacco, Firearms and Explosives, United States Secret Service, City of Charleston Police Department, Charleston County Sheriff’s Office, Dorchester County Sheriff’s Office, State Law Enforcement Division, North Charleston Police Department, Summerville Police Department, Mount Pleasant Police Department, Charleston Aviation Authority and Berkeley County Sheriff’s Office.  Assistant U.S. Attorneys Chris Lietzow, Nick Bianchi, and Katie Orville are prosecuting the case. 

    All charges in the indictment are merely accusations and defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

    ###

    MIL Security OSI

  • MIL-OSI Security: Kansas City Man Pleads Guilty to Attempted Bank Robbery

    Source: Office of United States Attorneys

    KANSAS CITY, Mo. – A Kansas City, Mo., man has pleaded guilty in federal court to attempting to rob a local bank.

    Cleburn Bruce Greene, 50, pleaded guilty before U.S. District Judge Brian C. Wimes today to one count of attempted bank robbery. Greene has been detained in federal custody since his arrest.

    According to reports of bank employees and surveillance videos, on October 1st, 2024, Greene entered the bank at approximately 10:08 a.m. and went to the customer service counter where he wrote on a piece of paper.  Greene then approached a teller and showed the note that read: “Give me your money.” The teller asked Greene if the male had an account at the bank and Greene stated: “No. this is a robbery.” Greene further stated: “Don’t play with me” and “don’t make me do something crazy,” or words to that effect.  While the teller was typing on his computer to get access to emergency cash, Greene exited the bank and threw the note in a dumpster adjacent to the bank. Investigators later recovered the note.  Surveillance video footage captured Greene fleeing the scene in a nearby Kia Sportage vehicle.

    At approximately 3:30 p.m., Kansas City, Missouri Police Department Officers observed Greene in a restaurant parking lot in Kanas City, Missouri.  Greene was wearing the same clothing he had on during the attempted bank robbery. Greene drove to a Gas Station where officers arrested him without further incident.

    Under federal statutes, Greene is subject to a sentence of up to 20 years in federal prison without parole. The maximum statutory sentence is prescribed by Congress and is provided here for informational purposes, as the sentencing of the defendant will be determined by the court based on the advisory sentencing guidelines and other statutory factors. A sentencing hearing will be scheduled after the completion of a presentence investigation by the United States Probation Office.

    This case is being prosecuted by Assistant U.S. Attorney Trey Alford.  It was investigated by the FBI and the Kansas City, Mo. Police Department.

    Project Safe Neighborhoods

    This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.

    MIL Security OSI

  • MIL-OSI Security: Philadelphia Man Sentenced to 121 Months for Carjacking a Woman at Gunpoint

    Source: Office of United States Attorneys

    PHILADELPHIA – United States Attorney David Metcalf announced that Kavon Coleman, 23, of Philadelphia, was sentenced to ten years and one month in prison and five supervised release by United States District Court Judge Juan R. Sánchez for carjacking, using, carrying, and brandishing a firearm during and in furtherance of a crime of violence, and aiding and abetting.

    On December 7, 2023, a grand jury in the Eastern District of Pennsylvania indicted Kavon Coleman on one count of carjacking and aiding and abetting, as well as one count of using, carrying, and brandishing a firearm in relation to a crime of violence.

    These charges arose from the defendant and an accomplice committing a gunpoint carjacking of a woman sitting in her car in Philadelphia, Pennsylvania on February 17, 2022. The victim was waiting for a food order at 3300 Fairmont Avenue around 5 p.m., when Coleman and his accomplice approached with guns. Coleman’s accomplice pointed his gun at the victim and demanded her keys, while Coleman got into her driver’s seat. The two men drove her car away. The next day, Coleman and others engaged police in a high-speed chase in a different carjacked vehicle and crashed into another driver during their flight. Police ultimately located a gun discarded by Coleman with no serial number, known as a ghost gun, along with other evidence. On July 9, 2024, the defendant pleaded guilty to the Indictment after jurors had been selected for trial.

    This case was investigated by the joint Carjacking Task Force comprised of the FBI, ATF, and the Philadelphia Police Department. The Carjacking Task Force was launched in January of 2022 to combat the rise of violent carjackings in and around Philadelphia.

    The case was investigated by the FBI, with the assistance of the ATF and the Philadelphia Police Department, and is being prosecuted by Assistant United States Attorneys Katherine Shulman and Joseph LaBar.

    MIL Security OSI