Category: Intelligence Agencies

MIL-OSI: SBM Offshore Full Year 2024 Earnings

Source: GlobeNewswire (MIL-OSI)

Amsterdam, February 20, 2025

Record-level results, increasing total shareholder returns

Highlights

Record Directional¹ Revenue of US$6.1 billion (+35%), in line with guidance
Record Directional EBITDA of US$1.9 billion (+44%), in line with guidance
Record US$35.1 billion Directional backlog; US$9.5 billion or EUR51.6/share² Directional net cash backlog³
30% increase in cash return to US$1.59 per share⁴: US$155 million dividend⁵; US$150 million share repurchase⁶
US$1.7 billion cash return to shareholders over the coming 6 years
2025 Directional Revenue guidance of above US$4.9 billion
2025 Directional EBITDA guidance of around US$1.55 billion
Completion of FPSO Prosperity and Liza Destiny sales in Q4 2024
FPSO Almirante Tamandaré achieved first oil on February 15, 2025

SBM Offshore’s 2024 Annual Report can be found on its website under: Annual Reports – SBM Offshore

Øivind Tangen, CEO of SBM Offshore, commented:

“SBM Offshore has delivered excellent results in 2024 with a record-level directional revenue of US$6.1 billion and record-level directional EBITDA of US$1.9 billion, reflecting three new awards and the purchases of FPSOs Prosperity and Liza Destiny by ExxonMobil Guyana. Thanks to the addition of three new awards, we ended the year with a record US$35.1 billion backlog. From this we expect to generate US$9.5 billion net cash, equivalent to almost 52 euro per share². Based on this strong performance, we are increasing our fixed cash return by 30% to US$1.59 per share⁴ through a proposed US$155 million dividend⁵ and US$150 million share repurchase⁶ program. At this level we will deliver a minimum US$1.7 billion cash return to shareholders over the next 6 years.

Our Fast4Ward^® program is setting the pace for deepwater developments. FPSO Almirante Tamandaré achieved first oil on February 15, 2025. This vessel, which benefits from emission reduction technologies, is the largest operating unit in Brazil. Two additional units are on track to achieve first oil in 2025. First, FPSO Alexandre de Gusmão which sailed-away at the end of 2024, followed by FPSO ONE GUYANA. These three units have a combined capacity of 655,000 barrels of oil per day. With these achievements, we are further de-risking our construction portfolio.

We strive for excellence both in terms of project execution and asset management. Our lifecycle approach in the FPSO market is unique and the focus on continuous improvement is setting a strong foundation for success. The outlook for new deepwater projects is strong given their low break-even prices and low emission intensity. In the next three years, we see 16 projects in the
Company’s core market of large and complex FPSOs, driven by the promising prospects in Brazil, Guyana, Suriname and Namibia. We have ordered our 10^th MPF hull giving us two hulls to support tendering activities. We will remain disciplined in selecting the highest quality projects.

As the world’s ocean-infrastructure expert we are using our experience to further diversify and decarbonize the solutions we offer. In 2024, we created a joint venture, Ekwil, with Technip Energies to enhance our floating offshore wind product offering, and in early 2025 we completed a minority equity investment in Ocean-Power to offer lower-emission power solutions. We are now able to offer a market ready near-zero emission FPSO and were recently awarded a contract by Petrobras to qualify SBM’s Carbon Capture Module technology for FPSOs.”

Financial Overview⁷

	Directional			IFRS

in US$ million	FY 2024	FY 2023	% Change	FY 2024	FY 2023	% Change
Revenue	6,111	4,532	35%	4,784	4,963	-4%
Lease and Operate	2,369	1,954	21%	2,074	1,563	33%
Turnkey	3,743	2,578	45%	2,710	3,400	-20%
EBITDA	1,896	1,319	44%	1,041	1,239	-16%
Lease and Operate	1,261	1,124	12%	842	695	21%
Turnkey	724	296	145%	287	646	-56%
Other	(89)	(101)	-12%	(88)	(101)	-13%
Profit attributable to Shareholders	907	524	73%	150	491	-69%
Earnings per share (US$ per share)	5.08	2.92	74%	0.84	2.74	-69%

in US$ billion	FY 2024	FY 2023	% Change	FY 2024	FY 2023	% Change
Pro-forma Backlog	35.1	30.3	16%	–	–	–
Net Debt	5.7	6.7	-15%	8.1	8.7	-7%

Directional revenue increased by 35% to US$6,111 million compared with US$4,532 million in 2023. This increase is driven by the Directional Turnkey revenue which rose to US$3,743 million in 2024 compared with US$2,578 million in 2023. This 45% increase stems from (i) the sale of FPSOs Prosperity and Liza Destiny completed respectively in November and December 2024, (ii) the progress on awarded contracts for the FPSOs Jaguar and GranMorgu, (iii) the 13.5% divestment to CMFL completed in October 2024, and (iv) the increased support to the fleet through brownfield projects. This increase was partly offset by a reduction in charter revenues following (i) the sale of FPSO Liza Unity in November 2023, (ii) the completion of FPSO Prosperity during the last quarter of 2023 as well as a delay in the start-up of FPSO Sepetiba early 2024, and (iii) a comparatively lower level of progress on both FPSOs Almirante Tamandaré and Alexandre de Gusmão as those projects approached completion in 2024.

Directional Lease and Operate revenue stood at US$2,369 million compared with US$1,954 million in the year-ago period. This 21% increase mainly reflects (i) FPSO Prosperity joining the fleet during the last quarter of 2023 and Sepetiba joining the fleet in January 2024, (ii) a higher contribution of FPSOs N’Goma, Saxi Batuque and Mondo following the acquisition of interests held by Sonangol mid-2024, and (iii) an increase in reimbursable scope. This was partly offset by FPSO Liza Unity only contributing in 2024 as an operating contract following the purchase of the unit by ExxonMobil Guyana at the end of 2023.

Directional EBITDA amounted to US$1,896 million, which is a 44% year-on-year increase compared with US$1,319 million in 2023. This was mostly attributable to the Turnkey segment which increased by over US$400 million to US$724 million in 2024. Directional Turnkey EBITDA was mainly impacted by (i) the same drivers as for Directional Turnkey revenue (except that being at relative early stages of completion, FPSO Jaguar only contributed marginally to Turnkey EBITDA and FPSO GranMorgu not at all), and (ii) a reduced investment on Floating Offshore Wind projects following the implementation of Ekwil Joint Venture in partnership with Technip Energies.

Directional Lease and Operate EBITDA stood at US$1,261 million for the year-ended 2024 compared with US$1,124 million in the previous year. The 12% increase reflects (i) the same key factors as for Directional Lease and Operate revenue, (ii) the net gain on the acquisition of interests held by Sonangol in 3 FPSOs and the divestment in the parent company of the Paenal shipyard in Angola, and (iii) the dividends related to FPSO N’Goma partially offset by (iv) additional non-recurring maintenance costs for the fleet under operation.

The other non-allocated costs charged to EBITDA amounted to US$(89) million in 2024, a US$(12) million improvement compared with the previous period mainly due to the one-off impact of US$11 million of restructuring costs in 2023.

During the last quarter of 2024, the Company performed a review of revised estimates of cash flow, maintenance and repair costs. Based on this analysis, actual values and future cash flows related to FPSO Cidade de Anchieta were re-estimated leading to an impairment charge of US$(39) million, accounted for in the 2024 results.

Directional net profit increased by over 70% standing at US$907 million in 2024, or US$5.08 per share, mainly reflecting the increase in Directional EBITDA.

Liquidity, Funding and Directional Net Debt

The Company’s financial position has remained strong as a result of the cash flow generated by the fleet, as well as the positive contribution of the Turnkey activities.

Directional Net debt decreased by US$(936) million to US$5,719 million at year-end 2024. This was driven by the repayment of the FPSOs Prosperity and Liza Destiny financings, the proceeds from the sale of the vessels and the Lease and Operate segment’s strong operating cash flow. This was partially offset by drawings on project financing facilities to fund the construction portfolio. The Company drew on the project finance facilities for FPSO ONE GUYANA, FPSO Almirante Tamandaré and FPSO Alexandre de Gusmão; additionally, the US$1.5 billion construction financing for FPSO Jaguar was signed and partly drawn in November 2024.

More than a third of the Company’s Directional debt for the year-ended 2024 consisted of non-recourse project financing (US$2.2 billion) in special purpose investees. The remainder (US$4 billion) consisted mainly of borrowings to support the ongoing construction of 3 FPSOs which will become non-recourse following achievement of first oil. The project loan for FPSO Jaguar will be repaid following completion of construction. The Company’s RCF was drawn for US$500 million as at December 31, 2024 and the Revolving Credit Facility for MPF hull financing was drawn for US$89 million.

Directional cash and cash equivalents amounted to US$606 million and lease liabilities totaled US$93 million at December 31, 2024.

Cash and undrawn committed credit facilities amount to US$2,639 million at December 31, 2024.

Directional Pro-Forma Backlog

Change in ownership scenarios and lease contract duration have the potential to significantly impact the Company’s future cash flows, net debt balance as well as the profit and loss statement. The Company therefore provides a pro-forma Directional backlog based on the best available information regarding ownership scenarios and lease contract duration for the various projects.

The pro-forma Directional backlog at the end of December 2024 increased by US$4.8 billion to a total of US$35.1 billion. This was mainly the result of (i) the FPSO Jaguar contract awarded in April 2024, (ii) the FSO Trion contract awarded in August 2024, and (iii) the FPSO GranMorgu contract awarded in November 2024, partially offset by (iv) turnover for the period which consumed approximately US$6.1 billion of backlog (including the sale of FPSO Prosperity completed in November 2024 and the sale of FPSO Liza Destiny completed in December 2024, in advance of the initial lease terms which were respectively in November 2025 and in December 2029), and (v) the 13.5% divestment to CMFL completed in October 2024, which was not reflected in the pro-forma Directional backlog end of 2023. The Company’s backlog provides cash flow visibility up to 2050.

in US$ billion	Turnkey	Lease & Operate	Total
2025	2.6	2.3	4.9
2026	1.6	2.6	4.2
2027	3.3	2.1	5.4
Beyond 2028	0.2	20.3	20.5
Total pro-forma Directional backlog	7.7	27.3	35.1

The pro-forma Directional backlog at the end of 2024 reflects the following key assumptions:

The FPSO ONE GUYANA contract covers a maximum lease period of 2 years, within which the ownership of the FPSO will transfer to the client. The impact of the subsequent sale is reflected in the Turnkey backlog.
The FPSO Jaguar contract awarded to the Company in April 2024 covers the construction period within which the FPSO ownership will transfer to the client and is reported in the Turnkey backlog.
10 years of operations and maintenance are considered for FPSOs Liza Destiny, Liza Unity, Prosperity and ONE GUYANA following signature of the Operations & Maintenance Enabling Agreement in 2023. Regarding FPSO Jaguar, the pro-forma Directional backlog includes the operating and maintenance scope for 10 years as it has been agreed in principle, pending a final work order. This is consistent with prior years.
The FPSO GranMorgu contract awarded to the Company in November 2024 covers the construction period within which the FPSO ownership will transfer to the client and is reported in the Turnkey backlog.
The FSO Trion contract awarded to the Company in August 2024 is considered for 20 years in lease and operate contracts at the Company ownership share at year-end (100%).
The transaction with MISC Berhad related to the FPSO Espírito Santo and FPSO Kikeh announced on September 6, 2024, and completed on January 31, 2025, has been reflected in the pro-forma Directional backlog.

Project Review and Fleet Operational Update

Project	Client/Country	Contract	SBM Share	Capacity, Size	Percentage of Completion	Project delivery
FPSO *Alexandre de Gusmão*	Petrobras Brazil	22.5-year L&O	55%	180,000 bpd	>75%	2025
FPSO *ONE GUYANA*	ExxonMobil Guyana	2-year BOT	100%	250,000 bpd	>75%	2025
FPSO *Jaguar*	ExxonMobil Guyana	Sale & Operate	100%	250,000 bpd	>25% <50%	2027
FSO Trion	Woodside	20-year Lease	100%	n/a	<25%	n/a⁸
FPSO *GranMorgu*	TotalEnergies	Sale & Operate	52%	220,000 bpd	<25%	2028

Projects are on track with one major delivery achieved in early 2025. After successful completion of the offshore commissioning activities, FPSO Almirante Tamandaré achieved first oil on February 15, 2025. An update on the individual ongoing projects is provided below considering the latest known circumstances.

FPSO Alexandre de Gusmão – In December 2024, the vessel safely departed from the yard in China after successful completion of the onshore topsides’ integration and commissioning phase. The FPSO is on its way to Brazil. First oil is expected mid-2025.

FPSO ONE GUYANA – Integration activities are completed and project teams are finalizing commissioning activities. First oil is expected in the second half of 2025.

FPSO Jaguar – The Fast4Ward^® MPF hull has been safely delivered and arrived in Singapore in preparation for the remaining vessel activities. The topside modules fabrication in Singapore continues as planned. First oil is expected in 2027.

FSO Trion – Engineering and procurement are progressing in line with project schedule.

FPSO GranMorgu – The Fast4Ward^® MPF hull has been safely delivered. Engineering and procurement are progressing in line with project schedule.

Fast4Ward^®MPF hulls – Under the Company’s successful Fast4Ward^® program, the 10^th MPF hull has been ordered. 4 Fast4Ward^® MPF hulls are in operation, another 4 allocated to projects and 2 reserved as part of tendering activities driven by the strong FPSO market outlook.

Contract extension – The Company has agreed a contract extension related to the lease and operation of FPSO Saxi Batuque up to June 2026.

Fleet Uptime – The fleet’s uptime was 95.9% in 2024.

Safety and Sustainability

Safety – The Total Recordable Injury Frequency Rate (“TRIFR”) year-to-date was 0.10, 17% below the yearly target of below 0.12⁹, notwithstanding the high level of activity.

Fleet emissions – For 2024, the Company set a target to further optimize operational excellence on the FPSOs for which it provides operations and maintenance services amounting to a maximum absolute volume of gas flared below 1.57 mmscft/d as an overall FPSO fleet average during the year. As of December 31, 2024, SBM Offshore outperformed this target with the actual being 1.33 mmscft/d, a 15% improvement compared with 2024 target and mainly driven by a continued focus on reducing the number of unplanned events in its operated fleet.

Sustain-2 Notation – FPSO Liza Unity is the 1^st FPSO which has received a Sustain-2 Notation by American Bureau of Shipping. This sustainability certificate recognizes the Company’s efforts in minimizing environmental impacts over the lifecycle of the FPSO including the use of low carbon technologies as well as the focus on workers’ wellbeing.

ESG ratings – In recognition of the Company’s continued focus on sustainability, MSCI has improved SBM Offshore’s rating from AA in 2023 to AAA in 2024 and Sustainalytics included the Company in its 2024 ESG Industry Top Rated, with the Company ranking 2^nd out of 106 industry peers.

Sustainable recycling – The Deep Panuke Production Field Center recycling project reached completion in Nova Scotia, Canada, in early 2024 with 97% of the waste materials were sold, recycled or reused and the remainder 3% was safely disposed of. As for the FPSO Capixaba project, following the handover to M.A.R.S., the Company continues to monitor the safe execution of the decommissioning which is expected to reach completion in 2026.

Blue Economy

SBM Offshore is a blue economy company aiming to manage ocean resources for economic growth while preserving ecosystems. Using its deepwater expertise, the Company is advancing technologies focusing on decarbonizing and diversifying its ocean infrastructure solutions. Ranging from floating offshore wind to offshore hydrogen and ammonia, SBM Offshore remains selective and disciplined in developing innovative solutions and investing in new ocean infrastructure solutions.

Provence Grand Large – The three floating offshore wind turbines that were installed by SBM Offshore at the end of 2023 for the Provence Grand Large project, jointly owned by EDF Renewables and Maple Power, were fully commissioned and started production in 2024.

Floventis Energy Ltd – In December 2024, SBM Offshore reached an agreement with Cierco Energy to sell its shares in the joint venture company Floventis Energy Ltd, thus transferring the ownership of both Cademo and Llŷr Floating Wind projects to Cierco Energy. As planned, following the advancement of these pioneering projects and acquiring valuable knowledge in the offshore wind market, the Company will continue to concentrate its efforts on the remaining two larger scale projects in its portfolio.

emissionZERO^®program – SBM Offshore continues to address FPSO emissions reduction through its emissionZERO^® program and is offering a market-ready near zero emission FPSO for 2025, featuring advanced technologies such as carbon capture, combined cycle gas turbines and deepwater intake risers.

Carbon Capture Module – SBM Offshore has been awarded a contract by Petrobras to qualify SBM’s Carbon Capture Module technology for FPSOs. The Carbon Capture Module for post combustion removal of CO₂ from gas turbine exhaust gasses on FPSO’s has been developed in partnership with Mitsubishi Heavy Industries, Ltd.

Blue Power Hub – With the aim to decarbonize the offshore power generation sector, SBM Offshore signed in December 2024 an investment agreement with the Norwegian company Ocean-Power AS to develop and commercialize offshore power generation units with CO₂ capture and storage. This investment has been completed in early 2025.

Capital allocation and Shareholder Returns

The Company’s shareholder returns policy is to maintain a stable annual cash return to shareholders which grows over time, with flexibility for the Company to make such cash return in the form of a cash dividend and the repurchase of shares. Determination of the annual cash return is based on the Company’s assessment of its underlying cash flow position. The Company prioritizes a stable cash distribution to shareholders and funding of growth projects, with the option to apply surplus capital towards incremental cash returns to shareholders.

As a result, following review of its cash flow position and forecast, the Company intends to pay US$1.59 per share through a proposed US$155m dividend⁵ (EUR150 million equivalent or US$0.88 per share⁴) and US$150 million (EUR141 million equivalent) share repurchase program⁶. This represents an increase of 30% compared with 2024. The objective of the share buyback program would be to reduce share capital and provide shares for regular management and employee share programs (maximum US$25 million). Shares repurchased as part of the cash return will be cancelled.

The share repurchase program will be launched after the current share repurchase program has ended. The dividend will be proposed at the Annual General Meeting on April 9, 2025.

Guidance

The Company’s 2025 Directional revenue guidance is above US$4.9 billion of which above US$2.2 billion is expected from the Lease and Operate segment and around US$2.7 billion from the Turnkey segment.

2025 Directional EBITDA guidance is around US$1.55 billion for the Company.

Conference Call

SBM Offshore has scheduled a conference call together with a webcast, which will be followed by a Q&A session, to discuss the Full Year 2024 Earnings release.

The event is scheduled for Thursday February 20, 2025, at 10.00 AM (CET) and will be hosted by Øivind Tangen (CEO) and Douglas Wood (CFO).

Interested parties are invited to register prior the call using the link: Full Year 2024 Earnings Conference Call

Please note that the conference call can only be accessed with a personal identification code, which is sent to you by email after completion of the registration.

The live webcast will be available at: Full Year 2024 Earnings Webcast

A replay of the webcast, which is available shortly after the call, can be accessed using the same link.

Corporate Profile

SBM Offshore is the world’s deepwater ocean-infrastructure expert. Through the design, construction, installation, and operation of offshore floating facilities, we play a pivotal role in a just transition. By advancing our core, we deliver cleaner, more efficient energy production. By pioneering more, we unlock new markets within the blue economy.

More than 7,800 SBMers collaborate worldwide to deliver innovative solutions as a responsible partner towards a sustainable future, balancing ocean protection with progress.

For further information, please visit our website at www.sbmoffshore.com.

Financial Calendar	Date	Year
Annual General Meeting	April 9	2025
First Quarter 2025 Trading Update	May 15	2025
Half Year 2025 Earnings	August 7	2025
Third Quarter 2025 Trading Update	November 13	2025
Full Year 2025 Earnings	February 26	2026

For further information, please contact:

Investor Relations

Wouter Holties
Corporate Finance & Investor Relations Manager

Media Relations

Giampaolo Arghittu
Head of External Relations

Market Abuse Regulation

This press release may contain inside information within the meaning of Article 7(1) of the EU Market Abuse Regulation.

Disclaimer

Some of the statements contained in this release that are not historical facts are statements of future expectations and other forward-looking statements based on management’s current views and assumptions and involve known and unknown risks and uncertainties that could cause actual results, performance, or events to differ materially from those in such statements. These statements may be identified by words such as ‘expect’, ‘should’, ‘could’, ‘shall’ and / or similar expressions. Such forward-looking statements are subject to various risks and uncertainties. The principal risks which could affect the future operations of SBM Offshore N.V. are described in the ‘Impacts, Risks and Opportunities’ section of the 2024 Annual Report.

Should one or more of these risks or uncertainties materialize, or should underlying assumptions prove incorrect, actual results and performance of the Company’s business may vary materially and adversely from the forward-looking statements described in this release. SBM Offshore does not intend and does not assume any obligation to update any industry information or forward-looking statements set forth in this release to reflect new information, subsequent events or otherwise.

This release contains certain alternative performance measures (APMs) as defined by the ESMA guidelines which are not defined under IFRS. Further information on these APMs is included in the 2024 Annual Report, available on our website Annual Reports – SBM Offshore.

Nothing in this release shall be deemed an offer to sell, or a solicitation of an offer to buy, any securities. The companies in which SBM Offshore N.V. directly and indirectly owns investments are separate legal entities. In this release “SBM Offshore” and “SBM” are sometimes used for convenience where references are made to SBM Offshore N.V. and its subsidiaries in general. These expressions are also used where no useful purpose is served by identifying the particular company or companies.

“SBM Offshore^®“, the SBM logomark, “Fast4Ward^®”, “emissionZERO^®” and “F4W^®” are proprietary marks owned by SBM Offshore.

¹ Directional reporting, presented in the Financial Statements under section 4.3.2 Operating Segments and Directional Reporting, represents a pro-forma accounting policy, which treats all lease contracts as operating leases and consolidates all co-owned investees related to lease contracts on a proportional basis based on percentage of ownership. This explanatory note relates to all Directional reporting in this document.
² Based on the number of shares outstanding and exchange rate EUR/US$ of 1.039 at December 31, 2024.

³ Reflects a pro-forma view of the Company’s Directional backlog and expected net cash from Turnkey, Lease and Operate and Build Operate Transfer sales after tax and debt service.
⁴ Based on the number of shares outstanding at December 31, 2024. Dividend amount per share depends on number of shares entitled to dividend.
⁵ Equivalent of EUR150 million based on the EUR/US$ exchange rate on February 11, 2025. Dividends will be paid in Euro provided that the minimum Euro dividend shall amount to EUR150 million.
⁶ Including maximum US$25 million for management and employee share plans.

⁷ Numbers may not add up due to rounding.
⁸ Project delivery not disclosed by the client.

⁹ Measured per 200,000 work hours.

Attachment

SBM Offshore Full Year 2024 Earnings

The MIL Network –

February 20, 2025

MIL-OSI: Aegon reports second half year 2024 results
Source: GlobeNewswire (MIL-OSI)

The Hague – February 20, 2025. Please click here to access all 2H 2024 results related documents.

2H 2024 IFRS results
- Net profit of EUR 741 million as operating result and benefit from the a.s.r. stake are partly offset by restructuring charges and net impairments in the US
- Operating result of EUR 776 million, up 14% compared with the second half of 2023, reflecting improved experience variance in the US and business growth in the US and asset management
- Shareholders’ equity per share of EUR 4.53, increases by 13% compared with June 30, 2024, while contractual service margin per share after estimated tax adjustment increases by 5% to EUR 4.38. Valuation equity per share – the sum of these components – grew by 9% to EUR 8.91
2H 2024 capital generation, cash and capital management
- Operating capital generation before holding funding and operating expenses remained broadly stable at EUR 658 million compared with the second half of 2023. Aegon meets its increased guidance of EUR 1.2 billion for 2024
- Capital ratios of Aegon’s main units remain above their respective operating levels and Cash Capital at Holding at EUR 1.7 billion per year-end 2024. EUR 200 million share buyback completed in December
- Free cash flow of EUR 385 million, which includes capital distributions from a.s.r. Full-year free cash flow of EUR 759 million meets guidance of more than EUR 700 million
- 2024 final dividend of EUR 0.19 per common share proposed, an increase of 19% compared with 2023 final dividend
Lard Friese, Aegon CEO, commented:
In 2024, we continued to make good progress with our transformation and are on track to meet the 2025 targets we laid out at our 2023 Capital Markets Day (CMD). We will provide an update on our strategy and new group targets at our next CMD on December 10, 2025, in London. Looking back on the year, I am proud of what the teams achieved, and I am grateful for their hard work.

We have delivered on both our increased guidance for operating capital generation (OCG) of EUR 1.2 billion, and on our free cash flow guidance of more than EUR 700 million for 2024. Our main business units remained well capitalized, and we have generated a full year IFRS operating result of EUR 1.5 billion. Our valuation equity per share, which is a measure of shareholder value, increased by 12% to EUR 8.91.

We continued to execute our strategy to grow our businesses and improve the service we offer to customers. This included the roll-out of a new brand identity across our fully owned units that facilitates improved digital customer experiences. Taking a closer look at our commercial performance in 2024: in the Americas, we strengthened our distribution capabilities as World Financial Group (WFG) grew its number of licensed agents to over 86,000, up 17% compared with the prior year. This contributed to the 22% increase in the operating result of Transamerica’s distribution segment, which reached USD 191 million. Transamerica generated Individual Life sales of USD 473 million, slightly down compared with 2023. The Retirement Plans business experienced outflows but the mid-sized Retirement Plans business continued to grow with strong written plan sales and USD 557 million of net deposits. Throughout the year, we also continued to implement management actions to reduce our exposure to Financial Assets. This included achieving the goals of our program to purchase universal life policies from institutional owners earlier than anticipated.

In the United Kingdom, we are executing the strategy we presented at our June 2024 Teach-In. Our UK Workplace platform performed strongly, with net deposits amounting to GBP 3.7 billion in 2024, due to the onboarding of new schemes and higher regular contributions from existing schemes. While outflows continued in our UK Adviser platform, we are executing our strategy to return the platform to growth by 2028 that includes targeting the top 500 financial adviser firms.

2024 saw our Asset Management business return to growth, with third-party net deposits in Global Platforms and net deposits in Strategic Partnerships combined totaling around EUR 14 billion. This was driven by consecutive net deposits at both businesses during each quarter of 2024.

Our International business saw 15% lower new life sales, mainly driven by pricing actions in China to reflect lower interest rates. At the same time, its value of new business grew by 18%, driven by Brazil and Spain & Portugal, underscoring our focus on profitable growth.

Over the year, we remained disciplined in our management of capital. During the first half of 2024, we completed the EUR 1.535 billion share buyback program. In the second half, we completed a EUR 200 million share buyback program and announced a new EUR 150 million share buyback program, which began in January 2025.

On the basis of our 2024 performance, we today propose a final dividend of 19 eurocents per share. This will result in a total dividend paid for the full-year 2024 of 35 eurocents, up 17% compared with 2023, and means we are on our way to achieve our target of around 40 eurocents per share over 2025.

Additional information
Presentation
The conference call presentation is available on aegon.com.

Supplements
Aegon’s second half 2024 Financial Supplement and other supplementary documents are available on aegon.com.

Webcast and conference call including Q&A
The webcast and conference call starts at 9:00 am CET. The audio webcast can be followed on aegon.com. To join the conference call and/or participate in the Q&A, you will need to register via the following registration link. Directly after registration you will see your personal pin on the confirmation screen, and you will also receive an email with the call details and your personal pin to enter the conference call. The link becomes active 15 minutes prior to the scheduled start time. To avoid any unforeseen connection issues, it is recommended to make use of the “Call me” option. Approximately two hours after the conference call, a replay will be available on aegon.com.

Click to join
With “Call me”, there’s no need to dial-in. Simply click the following registration link and select the option “Call me”.
Enter your information and you will be called back to directly join the conference. The link becomes active 15 minutes prior to the scheduled start time. Should you wish not to use the “Click to join” function, dial-in numbers are also available. For passcode: you will receive a personal pin upon registration.

Dial-in numbers for conference call:
United States: +1 864 991 4103 (local)
United Kingdom: +44 808 175 1536 (toll-free)
The Netherlands: +31 800 745 8377 (toll-free); or +31 970 102 86838 (toll)

Financial calendar 2025
First quarter 2025 trading update – May 16, 2025
Annual General Meeting – June 12, 2025
Second half 2025 results – August 21, 2025
Third quarter 2025 trading update – November 13, 2025
Capital Markets Day – December 10, 2025

About Aegon
Aegon is an international financial services holding company. Aegon’s ambition is to build leading businesses that offer their customers investment, protection, and retirement solutions. Aegon’s portfolio of businesses includes fully owned businesses in the United States and United Kingdom, and a global asset manager. Aegon also creates value by combining its international expertise with strong local partners via insurance joint ventures in Spain & Portugal, China, and Brazil, and via asset management partnerships in France and China. In addition, Aegon owns a Bermuda-based life insurer and generates value via a strategic shareholding in a market leading Dutch insurance and pensions company.

Aegon’s purpose of helping people live their best lives runs through all its activities. As a leading global investor and employer, Aegon seeks to have a positive impact by addressing critical environmental and societal issues, with a focus on climate change and inclusion & diversity. Aegon is headquartered in The Hague, the Netherlands, domiciled in Bermuda, and listed on Euronext Amsterdam and the New York Stock Exchange. More information can be found at aegon.com. More information can be found at aegon.com.

Contacts

Media relations Investor relations

Richard Mackillican Yves Cormier

+31(0) 6 27411546 +31(0) 70 344 8028

richard.mackillican@aegon.com yves.cormier@aegon.com

Local currencies and constant currency exchange rates
This document contains certain information about Aegon’s results, financial condition and revenue generating investments presented in USD for the Americas and in GBP for the United Kingdom, because those businesses operate and are managed primarily in those currencies. Certain comparative information presented on a constant currency basis eliminates the effects of changes in currency exchange rates. None of this information is a substitute for or superior to financial information about Aegon presented in EUR, which is the currency of Aegon’s primary financial statements.

Forward-looking statements
The statements contained in this document that are not historical facts are forward-looking statements as defined in the US Private Securities Litigation Reform Act of 1995. The following are words that identify such forward-looking statements: aim, believe, estimate, target, intend, may, expect, anticipate, predict, project, counting on, plan, continue, want, forecast, goal, should, would, could, is confident, will, and similar expressions as they relate to Aegon. These statements may contain information about financial prospects, economic conditions and trends and involve risks and uncertainties. In addition, any statements that refer to sustainability, environmental and social targets, commitments, goals, efforts and expectations and other events or circumstances that are partially dependent on future events are forward-looking statements. These statements are not guarantees of future performance and involve risks, uncertainties and assumptions that are difficult to predict. Aegon undertakes no obligation, and expressly disclaims any duty, to publicly update or revise any forward-looking statements. Readers are cautioned not to place undue reliance on these forward-looking statements, which merely reflect company expectations at the time of writing. Actual results may differ materially and adversely from expectations conveyed in forward-looking statements due to changes caused by various risks and uncertainties. Such risks and uncertainties include but are not limited to the following:
- Unexpected delays, difficulties, and expenses in executing against Aegon’s environmental, climate, diversity and inclusion or other “ESG” targets, goals and commitments, and changes in laws or regulations affecting us, such as changes in data privacy, environmental, health and safety laws;
- Changes in general economic and/or governmental conditions, particularly in Bermuda, the United States, the Netherlands and the United Kingdom;
- Civil unrest, (geo-) political tensions, military action or other instability in a country or geographic region;
- Changes in the performance of financial markets, including emerging markets, such as with regard to:
  - The frequency and severity of defaults by issuers in Aegon’s fixed income investment portfolios;
  - The effects of corporate bankruptcies and/or accounting restatements on the financial markets and the resulting decline in the value of equity and debt securities Aegon holds;
  - The effects of declining creditworthiness of certain public sector securities and the resulting decline in the value of government exposure that Aegon holds;
  - The impact from volatility in credit, equity, and interest rates;
- Changes in the performance of Aegon’s investment portfolio and decline in ratings of Aegon’s counterparties;
- Lowering of one or more of Aegon’s debt ratings issued by recognized rating organizations and the adverse impact such action may have on Aegon’s ability to raise capital and on its liquidity and financial condition;
- Lowering of one or more of insurer financial strength ratings of Aegon’s insurance subsidiaries and the adverse impact such action may have on the written premium, policy retention, profitability and liquidity of its insurance subsidiaries;
- The effect of applicable Bermuda solvency requirements, the European Union’s Solvency II requirements, and applicable equivalent solvency requirements and other regulations in other jurisdictions affecting the capital Aegon is required to maintain;
- Changes in the European Commissions’ or European regulator’s position on the equivalence of the supervisory regime for insurance and reinsurance undertakings in force in Bermuda;
- Changes affecting interest rate levels and low or rapidly changing interest rate levels;
- Changes affecting currency exchange rates, in particular the EUR/USD and EUR/GBP exchange rates;
- Changes affecting inflation levels, particularly in the United States, the Netherlands and the United Kingdom;
- Changes in the availability of, and costs associated with, liquidity sources such as bank and capital markets funding, as well as conditions in the credit markets in general such as changes in borrower and counterparty creditworthiness;
- Increasing levels of competition, particularly in the United States, the Netherlands, the United Kingdom and emerging markets;
- Catastrophic events, either manmade or by nature, including by way of example acts of God, acts of terrorism, acts of war and pandemics, could result in material losses and significantly interrupt Aegon’s business;
- The frequency and severity of insured loss events;
- Changes affecting longevity, mortality, morbidity, persistence and other factors that may impact the profitability of Aegon’s insurance products and management of derivatives;
- Aegon’s projected results are highly sensitive to complex mathematical models of financial markets, mortality, longevity, and other dynamic systems subject to shocks and unpredictable volatility. Should assumptions to these models later prove incorrect, or should errors in those models escape the controls in place to detect them, future performance will vary from projected results;
- Reinsurers to whom Aegon has ceded significant underwriting risks may fail to meet their obligations;
- Changes in customer behavior and public opinion in general related to, among other things, the type of products Aegon sells, including legal, regulatory or commercial necessity to meet changing customer expectations;
- Customer responsiveness to both new products and distribution channels;
- Third-party information used by us may prove to be inaccurate and change over time as methodologies and data availability and quality continue to evolve impacting our results and disclosures;
- As Aegon’s operations support complex transactions and are highly dependent on the proper functioning of information technology, operational risks such as system disruptions or failures, security or data privacy breaches, cyberattacks, human error, failure to safeguard personally identifiable information, changes in operational practices or inadequate controls including with respect to third parties with which Aegon does business, may disrupt Aegon’s business, damage its reputation and adversely affect its results of operations, financial condition and cash flows, and Aegon may be unable to adopt to and apply new technologies;
- The impact of acquisitions and divestitures, restructurings, product withdrawals and other unusual items, including Aegon’s ability to complete, or obtain regulatory approval for, acquisitions and divestitures, integrate acquisitions, and realize anticipated results, and its ability to separate businesses as part of divestitures;
- Aegon’s failure to achieve anticipated levels of earnings or operational efficiencies, as well as other management initiatives related to cost savings, Cash Capital at Holding, gross financial leverage and free cash flow;
- Changes in the policies of central banks and/or governments;
- Litigation or regulatory action that could require Aegon to pay significant damages or change the way Aegon does business;
- Competitive, legal, regulatory, or tax changes that affect profitability, the distribution cost of or demand for Aegon’s products;
- Consequences of an actual or potential break-up of the European Monetary Union in whole or in part, or further consequences of the exit of the United Kingdom from the European Union and potential consequences if other European Union countries leave the European Union;
- Changes in laws and regulations, or the interpretation thereof by regulators and courts, including as a result of comprehensive reform or shifts away from multilateral approaches to regulation of global or national operations, particularly regarding those laws and regulations related to ESG matters, those affecting Aegon’s operations’ ability to hire and retain key personnel, taxation of Aegon companies, the products Aegon sells, the attractiveness of certain products to its consumers and Aegon’s intellectual property;
- Regulatory changes relating to the pensions, investment, insurance industries and enforcing adjustments in the jurisdictions in which Aegon operates;
- Standard setting initiatives of supranational standard setting bodies such as the Financial Stability Board and the International Association of Insurance Supervisors or changes to such standards that may have an impact on regional (such as EU), national or US federal or state level financial regulation or the application thereof to Aegon, including the designation of Aegon by the Financial Stability Board as a Global Systemically Important Insurer (G-SII);
- Changes in accounting regulations and policies or a change by Aegon in applying such regulations and policies, voluntarily or otherwise, which may affect Aegon’s reported results, shareholders’ equity or regulatory capital adequacy levels;
- Changes in ESG standards and requirements, including assumptions, methodology and materiality, or a change by Aegon in applying such standards and requirements, voluntarily or otherwise, may affect Aegon’s ability to meet evolving standards and requirements, or Aegon’s ability to meet its sustainability and ESG-related goals, or related public expectations, which may also negatively affect Aegon’s reputation or the reputation of its board of directors or its management; and
- Other risks and uncertainties identified in the Form 20-F and in other documents filed or to be filed by Aegon with the SEC.
- Reliance on third-party information in certain of Aegon’s disclosures, which may change over time as methodologies and data availability and quality continue to evolve. These factors, as well as any inaccuracies in third-party information used by Aegon, including in estimates or assumptions, may cause results to differ materially and adversely from statements, estimates, and beliefs made by Aegon or third-parties. Moreover, Aegon’s disclosures based on any standards may change due to revisions in framework requirements, availability of information, changes in its business or applicable governmental policies, or other factors, some of which may be beyond Aegon’s control. Additionally, Aegon’s discussion of various ESG and other sustainability issues in this document or in other locations, including on our corporate website, may be informed by the interests of various stakeholders, as well as various ESG standards, frameworks, and regulations (including for the measurement and assessment of underlying data). As such, our disclosures on such issues, including climate-related disclosures, may include information that is not necessarily “material” under US securities laws for SEC reporting purposes, even if we use words such as “material” or “materiality” in relation to those statements. ESG expectations continue to evolve, often quickly, including for matters outside of our control; our disclosures are inherently dependent on the methodology (including any related assumptions or estimates) and data used, and there can be no guarantee that such disclosures will necessarily reflect or be consistent with the preferred practices or interpretations of particular stakeholders, either currently or in future.
This document contains information that qualifies, or may qualify, as inside information within the meaning of Article 7(1) of the EU Market Abuse Regulation (596/2014). Further details of potential risks and uncertainties affecting Aegon are described in its filings with the Netherlands Authority for the Financial Markets and the US Securities and Exchange Commission, including the 2023 Integrated Annual Report. These forward-looking statements speak only as of the date of this document. Except as required by any applicable law or regulation, Aegon expressly disclaims any obligation or undertaking to release publicly any updates or revisions to any forward-looking statements contained herein to reflect any change in Aegon’s expectations with regard thereto or any change in events, conditions or circumstances on which any such statement is based.

WORLD FINANCIAL GROUP (WFG):
WFG CONSISTS OF:
IN THE UNITED STATES, WORLD FINANCIAL GROUP INSURANCE AGENCY, LLC (IN CALIFORNIA, DOING BUSINESS AS WORLD FINANCIAL INSURANCE AGENCY, LLC), WORLD FINANCIAL GROUP INSURANCE AGENCY OF HAWAII, INC., WORLD FINANCIAL GROUP INSURANCE AGENCY OF MASSACHUSETTS, INC., AND / OR WFG INSURANCE AGENCY OF PUERTO RICO, INC. (COLLECTIVELY WFGIA), WHICH OFFER INSURANCE AND ANNUITY PRODUCTS.
IN THE UNITED STATES, TRANSAMERICA FINANCIAL ADVISORS, INC. IS A FULL-SERVICE, FULLY LICENSED, INDEPENDENT BROKER-DEALER AND REGISTERED INVESTMENT ADVISOR. TRANSAMERICA FINANCIAL ADVISORS, INC. (TFA), MEMBER FINRA, MSRB, SIPC , AND REGISTERED INVESTMENT ADVISOR, OFFERS SECURITIES AND INVESTMENT ADVISORY SERVICES.
IN CANADA, WORLD FINANCIAL GROUP INSURANCE AGENCY OF CANADA INC. (WFGIAC), WHICH OFFERS LIFE INSURANCE AND SEGREGATED FUNDS. WFG SECURITIES INC. (WFGS), WHICH OFFERS MUTUAL FUNDS.
WFGIAC AND WFGS ARE AFFILIATED COMPANIES.

Attachment
- 20250220_PR_Aegon reports second half year 2024 results
The MIL Network –
February 20, 2025
MIL-OSI Australia: Sky News Regional Breakfast

Source: Australian Ministers 1

ORTENZIA BORRE: The Regional Aviation Association of Australia is asking the government to consider regional airline operators during the sale process. Regional airlines, which are competitors to Rex, including Sharp Airlines, are concerned about the proposal where the government purchases Rex. Regional Aviation Association Chief Executive, Rob Walker says Rex has competition on 21 of its 46 routes, claiming the number of operators will reduce further if the government is subsidising the airline. And joining me live now on this and more is Regional Development Minister, Kristy McBain. Kristy, thank you for your time this morning. Now, do you share the same concern about the government stepping in to purchase the airline as the regional aviation Association does?

KRISTY MCBAIN: What is really important is you’ve got a government that backs regional aviation. What we’ve said from day one is that we want to see the administration process go through in its entirety. What we want to see is a private buyer come through. We’ve made sure that there are incentives in place for that to take place, including the fact that the use it or lose it process for Sydney airport slots doesn’t automatically go into recession. We’ve extended that out to 2026. Those are the things that are important to buyers. What we’ve said is we would be a buyer of last resort. We’re not stepping in now. We’re not substituting the administration process. It’s still got a way to run, and the administrator is keen to work with the private market on it.

BORRE: Now, ASIO boss Mike Burgess has revealed there have been multiple attempts by foreign countries to harm Australians, and that the rest of the decade could be even more dangerous. So what does the Albanese Government need to do now before the election to ensure our safety?

MCBAIN: What we say consistently is that we have confidence in our security and intelligence agencies. They do a fabulous job. As Mike Burgess has outlined, they’re doing this all whilst keeping Australians safe. Once a year he gives a speech about the things that are happening across our nation and across the world. Without that, Australians would be none the wiser that these things are taking place in the background. We continue to provide all the resources that our security and intelligence agencies need to do their job and keep Australians safe. What we want to make really clear is that we consider it a form of abuse for anyone to harass us, and we continually monitoring this. Harassment of Australians, individuals or businesses is not on. We have full faith that our security agencies will take the appropriate steps they need to.

BORRE: Now you’re in Goulburn today as part of the $100 million Community Energy Upgrades Fund. Today, $50 million will be delivered to about 58 local governments in grants for energy upgrades. Talk us through this initiative and how it’s going to benefit Australians.

MCBAIN: The Community Energy Upgrade Fund is something that councils have been calling for across the country. They want some help to lower the fixed costs that they have, which in turn helps lower rates for individuals across the country. We’ve supported councils from Geelong in Victoria to Aurukun in Queensland, to the Shire of Flinders Ranges in South Australia. Projects like making community pools fully electric, making sure that there are solar panels and batteries on community libraries, fast car charging stations across our communities to encourage more people to come and visit, or to be able to use electric cars within our community. A really important fund, delivering some cost savings for councils across the country. Round two will be open very soon and we encourage councils to continue to put forward their projects and apply to this fund.

BORRE: Kristy McBain, always a pleasure. Thank you for your time this morning.

MCBAIN: Good to be with you.

MIL OSI News –

February 20, 2025
MIL-Evening Report: The ASIO threat assessment is a dark outlook for Australia’s security. Are our laws up to the task?

Source: The Conversation (Au and NZ) – By Sarah Kendall, Adjunct Research Fellow, The University of Queensland

Shutterstock

This week, ASIO chief Mike Burgess delivered his sixth Annual Threat Assessment.

His approach this time was unprecedented. Instead of focusing on past and present threats, Burgess declassified parts of ASIO’s assessment for the future, warning us about Australia’s security outlook to 2030.

Over the next five years, ASIO is expecting “an unprecedented number of challenges, and an unprecedented cumulative level of potential harm”, Burgess warned. At the same time, the threat environment will become more diverse.

Espionage and foreign interference are already at extreme levels, but are anticipated to intensify. Sabotage is expected to pose an increasing threat. Politically motivated violence and communal violence will also remain an elevated concern.

What does this mean for our criminal laws? Are they robust enough to protect us from the growing and diversifying threat of espionage, sabotage and foreign interference? Or will they need bolstering?

What are the threats?

Espionage, or spying, involves the theft of information. Burgess has warned that both our enemies and our friends will seek to steal information from us.

This includes information about our military capabilities and alliances, such as AUKUS.

Instead of using traditional spies to gather this information, Burgess expects greater use of proxies.

These proxies could be unwittingly involved in the espionage efforts of a foreign country – such as private investigators. Or they could know exactly what they’re doing.

Foreign interference involves covertly shaping decision-making to the advantage of a foreign power. Burgess has warned that foreign governments are monitoring, intimidating and coercing Australians and diaspora communities, including engaging in coerced repatriations.

He also expects that foreign interference may be used to undermine community support for AUKUS.

Concerningly, ASIO has disrupted plots by foreign countries to physically harm (or even kill) people living in Australia. This includes activists, journalists and ordinary citizens – all critics of certain foreign governments.

Both espionage and foreign interference will be enabled by advances in technology, including artificial intelligence (AI), deep fakes and large online pools of personal data.

Sabotage involves deliberately destroying or damaging infrastructure.

Russia has been engaging in diverse acts of sabotage in Europe, aiming to erode support for Ukraine and damage cohesion. These attacks include arson against various types of infrastructure (including defence and munitions facilities), jamming civil aviation GPS systems, and disrupting railways.

While Burgess warned that the risk of similar attacks against Australia is increasing (including attacks against infrastructure arising out of AUKUS), cyber-enabled sabotage will be of more concern. At the moment, foreign governments are exploring and exploiting Australia’s critical infrastructure networks to map systems and maintain access in the future.

As with espionage, Burgess expects criminal proxies to be used more frequently to engage in sabotage. This includes state-sponsored or state-supported terrorist groups.

Are our laws ready to deal with this?

With the espionage, sabotage and foreign interference threat growing and diversifying over the next five years, you’d be right to ask whether our criminal laws are robust enough to stand up to the challenge.

For the most part, they are.

All the laws apply to conduct that occurs “in the real world” and online. The laws also apply to any foreign country, including our friends, as well as terrorist organisations.

In addition to foreign countries, the laws apply to conduct on behalf of a foreign country, including where the conduct is directed, funded or supervised by the foreign country or a person acting on its behalf. This means the laws would apply to proxies hired to engage in espionage or sabotage.

Our sabotage laws are broad enough to cover the explorations of critical infrastructure networks currently being undertaken. An act of sabotage does not have to be committed to be an offence under these laws.

Our foreign interference laws would cover coerced repatriations. While plots to harm Australians may also fall within these offences, a number of other offences also exist for harming or killing Australian citizens or residents.

Room for improvement

Our espionage, sabotage and foreign interference laws certainly are “world-leading”. However, there are some drawbacks.

For example, the laws are yet to grapple with the rise of AI and its use to gather information for espionage or generate mis- or disinformation for foreign interference.

While the laws have broad extraterritorial reach – they apply to conduct that occurs within or outside Australia – the practicalities of enforcing the laws when offenders are located overseas is a big barrier.

But in today’s digital age where espionage, sabotage and foreign interference can be conducted online from the safety of a foreign country and therefore beyond the reach of Australia’s criminal law, we need more than a robust legal response.

As Burgess stressed, these issues “require whole of government, whole of community, whole of society responses […] national security is truly national security: everybody’s business”.

We all need to be aware of the risks and what we – as individuals, employees, researchers and business owners – can do to mitigate them.

This article was written in Sarah Kendall’s personal capacity as an Adjunct Research Fellow at the University of Queensland School of Law. It does not reflect the views of the Queensland Law Reform Commission or the Queensland Government.

– ref. The ASIO threat assessment is a dark outlook for Australia’s security. Are our laws up to the task? – https://theconversation.com/the-asio-threat-assessment-is-a-dark-outlook-for-australias-security-are-our-laws-up-to-the-task-250372

MIL OSI Analysis – EveningReport.nz –

February 20, 2025
MIL-OSI USA: Murphy: if Your Plan is to Destroy the Rule of Law, Kash Patel is the Perfect Person to Lead the FBI

US Senate News:

Source: United States Senator for Connecticut – Chris Murphy
[embedded content]
WASHINGTON—U.S. Senator Chris Murphy (D-Conn.) on Wednesday spoke on the U.S. Senate floor to sound the alarm on President Donald Trump’s blatant disregard for the rule of law. Murphy condemned Trump’s efforts to use the justice system as a tool to punish his critics and protect his allies, warning the confirmation of Kash Patel to lead the FBI would be a dangerous step toward dismantling American democracy.
On the dangerous nomination of Kash Patel to lead the FBI, Murphy said: “If your plan is to destroy the rule of law and turn the Department of Justice into a political weapon that rewards loyalty and punishes dissent, then Kash Patel is the perfect person to lead the FBI, and that is likely exactly why he was chosen. […] He has an enemies list. He thinks that people who helped elect Joe Biden are criminals. […] Honestly, how on Earth are we going to let someone lead the world’s most important, most revered law enforcement agency, who is secretly in business with the Chinese Communist Party, who believes that the FBI organized the invasion of the Capitol, who runs a fake charity, who has a brand in order to make money off of his affiliation with Donald Trump?”
Murphy called out Patel’s sham foundation: “While he believes this, he also knows that there’s a money-making opportunity in all of this. This is his logo: K$H. He’s a brand. He says all these things because he believes them, but also because it makes him a hero to the gullible conspiracy theorists inside MAGA. He uses them. He sells stuff to them: sweatshirts, T-shirts, lapel pins. K$H. Now if you buy this sweatshirt for $55, it says all net profits go to the Kash Foundation. But you know what we found out, unsurprisingly, is that in 2023, by selling all these sweatshirts and merch, the K$H Foundation had $1.3 million in revenues. Now it purports to support heroic whistleblowers with legal services and other support services. You know what percentage of that $1.3 million went to actual services? Less than 15%. Kash Patel pocketed almost all the money that he made from selling these T-shirts.”
Murphy detailed how President Trump is brazenly using the Department of Justice to curry favor and punish critics: “Trump ordered the Department of Justice to cut a deal with the indicted mayor of New York City, Eric Adams. The deal was simple. If Adams pledged loyalty to Trump and agreed specifically to cooperate with Trump’s immigration raids in the city, Trump would look the other way regarding Adams’ corruption. The charges would be dropped, and Adams could keep stealing money as long as he was politically loyal to Trump. They didn’t hide this deal. Adams and a high-ranking Trump official literally went on TV to announce that they had formed an alliance based upon the release of charges in exchange for political loyalty.
He added: “There is not a rule of law anymore. There is one set of law for people or entities who are loyal to Donald Trump, and there is one set of law for people who dare criticize him. That is not democracy. And if we don’t find a way, Republicans and Democrats, to come together to defend the rule of law, if we don’t say that what is happening today – deals being cut with corrupt politicians in exchange for their pledges of loyalty to Donald Trump – if we can’t speak with one voice about that kind of corruption, well, then our democracy is cooked.”
He concluded: “The law loses all meaning when it becomes simply what the president, what the leader, on any given day decides. This is the worst possible moment to put a person like Kash Patel in charge of the FBI. It is heartbreaking to see so many of my Republican colleagues, many of whom I admire, put loyalty to Donald Trump ahead of loyalty to this country, and more specifically loyalty to that sacred principle, the rule of law. My prediction is that if you vote for Kash Patel, more than any other confirmation vote you make, you will come to regret this one to your grave.”
A full transcript of his remarks can be found below:
MURPHY: “Thank you, Mr. President. Mr. President, the idea that men and women citizens are bound by a common set of laws that are applied consistently and universally, regardless of one’s income or political power or political affiliation, it’s a fairly modern invention. Because for thousands of years, laws were simply what rulers used to impose and maintain power, to control people. Laws were applied or crimes were invented for the ruler’s critics, and laws were ignored or waived away for those in favor with the regime.
“Now early Americans had watched the British kings apply laws selectively, both in Britain and in the colonies, and they sought – our founders sought – to create a nation where all men were equal in the face of the law, and [where] the law was applied uniformly and justly.
“That idea – equal justice, the law applies to everybody regardless of who you support politically or who you are aligned with politically – was in many ways the founders’ most vital check against tyranny. That’s the difference between a democracy made of equal citizens and an autocracy where the law is simply whatever the ruler decides. It is a foundational principle of American constitutional democracy. It is not something that we can take for granted.
“Now, I will admit, likely every president has made a decision or decisions that compromised that belief in the rule of law. Often those decisions were related to one of the maximalist powers that the president supposes. That’s the power of the pardon. I, for instance, did not agree with President Biden’s decision to issue pardons to his family members. I thought that was excessive. I thought that compromised the rule of law.
“But this President’s contempt for the rule of law, Donald Trump’s contempt for the rule of law, is unprecedented. What we are all watching right now is Donald Trump throwing away the idea that laws apply to everyone equally. And it is astonishing to watch so many of my Republican colleagues fall in line. Some of them may be on board for the destruction of the rule of law because they want the Trump family to rule forever, but many of them know that this is wrong, what is happening, and their silence is heartbreaking.
“Donald Trump issued a statement over the weekend: quote, ‘He who saves the country does not violate any law.’ That’s a quote attributed to one of the most notorious dictators of the last half millennium: Napoleon Bonaparte. It’s a stunning claim that Trump, not the law or Congress, decides what is legal and illegal.
“If he had said that in 2017, maybe we could just write it off as Trump being Trump, as just bluster trolling. But this time he is actually implementing a methodical campaign to seize control of the law and apply it differently depending on whether you support him or oppose him.
“Take, for example, what happened on Friday night. Trump ordered the Department of Justice to cut a deal with the indicted mayor of New York City, Eric Adams. The deal was simple. If Adams pledged loyalty to Trump and agreed specifically to cooperate with Trump’s immigration raids in the city, Trump would look the other way regarding Adams’ corruption. The charges would be dropped, and Adams could keep stealing money as long as he was politically loyal to Trump.
“They didn’t hide this deal. Adams and a high-ranking Trump official literally went on TV to announce that they had formed an alliance based upon the release of charges in exchange for political loyalty. But when Trump told the highest-ranking Justice Department employees in New York City to execute the corrupt deal, they wouldn’t. The top official resigned rather than take part in the corruption. So did the next in the chain of command. By the time that Trump found someone who would implement the deal, seven DOJ lawyers and four of Adams’ deputy mayors had resigned because what was happening in plain view was a fundamental challenge, a fundamental corruption to the rule of law, a rule of law that up until today Republicans and Democrats had both revered.
“Meanwhile, other parts of Trump’s team are engaging on the other side of the ledger, targeting and harassing – using the law – the President’s critics. Because that’s what happens in a nation without the rule of law. Law enforcement lets loyalists like Adams off the hook and is overzealous in targeting critics.
“Let me give you just one example of what is happening right now as we speak. Last month, Trump’s new FCC Chairman opened an investigation into a single radio station that had the audacity to simply file a news report about an ICE raid that was happening locally. Multiple other sources filed similar reports with similar footage, but only one investigation was opened, and you guessed it, it was against the radio station that was owned by a high-profile critic of Donald Trump, George Soros.
“So the game is clear. Like, we can see it. They’re not even hiding it. There is not a rule of law anymore. There is one set of law for people or entities who are loyal to Donald Trump, and there is one set of law for people who dare criticize him. That is not democracy. And if we don’t find a way, Republicans and Democrats, to come together to defend the rule of law, if we don’t say that what is happening today – deals being cut with corrupt politicians in exchange for their pledges of loyalty to Donald Trump – if we can’t speak with one voice about that kind of corruption, well, then our democracy is cooked.
“Which brings us to the pending nominee to lead the FBI, Kash Patel. If your plan is to destroy the rule of law and turn the Department of Justice into a political weapon that rewards loyalty and punishes dissent, then Kash Patel is the perfect person to lead the FBI, and that is likely exactly why he was chosen.
“Listen, Kash Patel is a joke. Many of my Republican colleagues know this. He has spent the last four years taking the most extreme positions inside the world of MAGA in order to make money for himself.
“For instance, he says that he can provide proof beyond a reasonable doubt that the FBI was behind the January 6 invasion of this building. Let me say that again. The man that my Republican colleagues are about to vote to lead the FBI believes that there is irrefutable proof that the agency he is about to lead secretly organized the violent assault on the Capitol. That is bananas. My Republican colleagues know that. That is a lie. And we’re about to put this guy in charge of the FBI? An agency that he claims organized a secret plot to invade the Capitol?
“He wrote a book called ‘Government Gangsters’ and at the end he added an Appendix entitled ‘Enemies List.’ Like, straight out of the McCarthy era. He has a list – he wrote it down – of people he believes are enemies of America. And, shocker, they’re all Democrats, or Republicans who dared speak out and criticize Donald Trump.
“You’re going to put at the head of the FBI – the agency that can arrest anyone they want, put people in jail – a man who thinks that anyone who disagrees with Donald Trump politically is an enemy of the United States. Patel has further suggested that anybody who administered the 2020 election could be subject to arrest. Why? Because he believes in his heart that the election was rigged, despite the fact that Joe Biden won by seven million votes – far, far more than Trump won by in 2024. So anybody who helped rig the 2020 election is, in his mind, a potential criminal.
“This is off-the-wall stuff. But of course it is, because while he believes this, he also knows that there’s a money-making opportunity in all of this. This is his logo: K$H. He’s a brand. He says all these things because he believes them, but also because it makes him a hero to the gullible conspiracy theorists inside MAGA. He uses them. He sells stuff to them: sweatshirts, T-shirts, lapel pins. K$H.
“Now if you buy this sweatshirt for $55, it says all net profits go to the Kash Foundation. But you know what we found out, unsurprisingly, is that in 2023, by selling all these sweatshirts and merch, the K$H Foundation had $1.3 million in revenues.
“Now it purports to support heroic whistleblowers with legal services and other support services. You know what percentage of that $1.3 million went to actual services? Less than 15%. Kash Patel pocketed almost all the money that he made from selling these T-shirts.
“He even hocks a COVID vaccine reversal pill. Let me say that again: the incoming director of the FBI, in addition to selling T-shirts and pocketing most of the proceeds, also sells a vaccine reversal pill that is just pure snake oil. But if there are enough people loyal to Donald Trump to buy anything Trump’s lieutenants sell on the internet, then fair game.
“To top it all off, just recently after his confirmation hearing, we also found out that Kash Patel has been a fashion consultant to a shadowy holding company controlled, it seems, by members of the Chinese Communist Party. Honestly, how on Earth are we going to let someone lead the world’s most important, most revered law enforcement agency, who is secretly in business with the Chinese Communist Party, who believes that the FBI organized the invasion of the Capitol, who runs a fake charity, who has a brand in order to make money off of his affiliation with Donald Trump? He has an enemies list. He thinks that people who helped elect Joe Biden are criminals.
“This is a really dangerous moment. It’s a really dangerous moment. This deal that Donald Trump just cut with the mayor of New York, it’s a big deal. It’s a big deal. I admit that prior presidents have made decisions that compromise the rule of law. But we’ve never seen anything like this, so brazen and out in the open, that the mayor of New York and a Trump official would go on national TV to announce that they had made an arrangement in which Mayor Adams could continue his corruption as long as he was politically loyal to Donald Trump.
“They did that out in the open on TV because it’s a signal to everybody else out there that the law will be applied differently to you if you are loyal to the president and that the law will be zealously applied to you, maybe in excess of the letter of the law, if you are a critic of the president. That’s why they went on TV, to show the world the corruption, as a signal that things are different now, that the law is not the law, the law is what President Trump decides the law is.
“The law loses all meaning when it becomes simply what the president, what the leader, on any given day decides. This is the worst possible moment to put a person like Kash Patel in charge of the FBI. It is heartbreaking to see so many of my Republican colleagues, many of whom I admire, put loyalty to Donald Trump ahead of loyalty to this country, and more specifically loyalty to that sacred principle, the rule of law. My prediction is that if you vote for Kash Patel, more than any other confirmation vote you make, you will come to regret this one to your grave. I yield the floor.”

MIL OSI USA News –

February 20, 2025
MIL-OSI Australia: Building climate resilience into food systems in the Eastern Gangetic Plains

Source: Australian Centre for International Agricultural Research

The world’s highest concentration of rural poverty occurs in the Eastern Gangetic Plains of Bangladesh, India and Nepal – a region that is home to 450 million people.

Livelihoods in this part of the world rely greatly on agriculture. Opportunities to work with smallholder farmers can lay the foundations for a more productive, sustainable and diversified agricultural economy.

Among the research-for-development professionals on the ground is a team working on the Rupantar project, an ACIAR-supported initiative led by Dr Tamara Jackson of the University of Adelaide.

The Rupantar project operates at a whole-of-system level. It spans both social and farming practices and extends all the way through to policy settings, market opportunities and other agrifood system barriers holding smallholders back. It also builds on prior investments by ACIAR and the Australian Department of Foreign Affairs and Trade (DFAT).

Included in this integrated approach are considerations for climate impacts.

This concern saw 15 team members from the Rupantar project visit the University of Adelaide and regional South Australia and Victoria in October 2024. Funded as part of a DFAT Australia Awards Fellowship program, the study tour focused on climate resilience and adaptation.

The Rupantar project

‘Rupantar’ has a common meaning in Bangla, Hindi and Nepali. It means change on a level so profound that it is transformative. Launched in 2021, the Rupantar project is identifying opportunities for inclusive and diversified food production innovation.

Given the partnership model typical of ACIAR projects, these opportunities need to be priorities for local communities. They also need to be sustainable and to fit with longer-term climate, nutrition and available water resource projections.

Achieving this level of integration requires working on multiple levels at the same time. There is ground-up innovation – from personal to organisational. Then there are high-level policies that work down and can make important change on the ground.

Our hypothesis is that an integrated approach to livelihood change – coupled with inclusive and collaborative approaches – will result in more effective and sustainable development pathways.

Dr Tamara Jackson,
University of Adelaide

‘So, our goal is to understand the processes and practices needed to diversify food production in ways that improve farm livelihoods and reduce inequity, production risk and unsustainable resource use.’

The on-the-ground work with smallholders is implemented at sites in West Bengal (India), Rangpur (Bangladesh) and Koshi Province (Nepal). Implementation involves actioning ‘diversification pathways’ that were co-developed collaboratively with local partners.

Diversification pathways

The aim of these pathways is twofold. The first is to test diversification options and select the most appropriate crop and livestock options that are priorities for local communities. These are then implemented within existing networks and are aligned with institutional settings.

The second aim is to monitor the changes associated with the pathways, including long-term sustainability.

The project is also mindful that diversification can look very different to different members within households and can include off-farm income from seasonal male migration and greater reliance on women household members.

In all, three types of diversified systems are being explored:

• plant-based production, including crops and horticulture
• livestock-based, including chickens, goats and dairy that are especially important to women’s income
• irrigation-constrained systems.

‘The project is working on strengthening what already works about a farming system in the Eastern Gangetic Plain and building on innovations from prior projects, such as ACIAR’s introduction of conservation agriculture cropping practices,’ said Dr Jackson.

Long-running ACIAR initiatives in the Eastern Gangetic Plains worked with smallholder farmers across Bangladesh, India, and Nepal to introduce sustainable practices and innovations to intensify production.

The project team has spent the first 2 years on the ground running baseline surveys and mapping villages to better understand the system.

Implementation started in 2023 once it became clear what would work best in different settings. The visit to Australia in 2024 provided project partners with opportunities to observe what diversified and climate-resilient Australian farms look like.

Participants included Rupantar project partners from provincial government, cooperatives, farmer producer companies, NGOs, local university partners and the International Maize and Wheat Improvement Center.

Climate-smart innovation

Dr Jay Cummins from International Agriculture for Development hosted the study tour group and developed the course that focused on addressing the climate realities in collaboration with the Rupantar project.

The 20-day study tour was entitled ‘Supporting climate-smart, resilient food production networks in the Indo-Gangetic Plains’.

Key experts shared their experiences responding to climate change and on-farm visits examined how Australian agriculture builds climate resilience into its practices in different environmental and socioeconomic settings.

‘Included were visits to more rainfed, dryland cropping systems in the Mallee and, in addition, to irrigated production systems in the Murray–Darling Basin,’ said Dr Cummins.

The Australia Awards program provided a valuable mechanism to connect the participants with a whole range of Australian organisations and professionals, which in turn will help build international networks and collaboration.

Dr Jay Cummins
International Agriculture for Development

In the Eastern Gangetic Plain, food production can be heavily focused on wet season rice crops. In Australia, the visitors were able to explore dry season opportunities for diversified production of crops and livestock, including in mixed farming systems. They saw how Australian farmers manage risks around water scarcity and drought. At South Australian Riverland sites, discussions included irrigation and water management that present different diversification options.

Participant perspectives

Loxton farmer Brycen Rudiger (left)discusses the challenges of growing wheat in the Mallee region with Nepali participant Gautam Bhupal (right).

Among the participants were Dr Deepa Roy from India, Ms Bimala Pokhrel from Nepal and Dr Mamunur Rashid from Bangladesh.

Dr Roy is an agricultural extension expert based at Uttar Banga Krishi Viswavidyalaya, India. She told ACIAR that smallholder farmers in the Eastern Gangetic Plains face numerous challenges that can lock them into poverty.

These range from small and fragmented landholdings that make mechanisation difficult, to a lack of agronomic knowledge, limited agricultural support services, limited market access, financial constraints and climatic hazards.

‘Through the course several key insights and learnings emerged that may help our farmers in understanding and adopting climate resilient technologies,’ said Dr Roy.

Key insights for participants included:

• assessing the carbon footprint of farming and taking action to reduce it
• introducing efficient soil moisture management strategies such as mulching
• adopting agronomic practices such as crop rotations and climate-resilient crops
• building soil fertility
• advocating for improved climate forecasting
• adopting grower-led research and extension
• developing digital tools to monitor the adoption of innovation
• providing financial management training to smallholder farmers
• using podcasts and radio to provide farm advisory services.

Overall, Dr Roy said that the course equipped attendees with a holistic understanding of climate-smart practices. ‘It helped us not only to strengthen technical knowledge but also to develop critical soft skill and a deeper understanding of sustainable climate resilient farming.’

It’s a point of view shared by Ms Pokhrel, who works with the Ministry of Industry Agriculture and Cooperatives in Koshi Province, Nepal. She said the course enriched efforts to both help farmers and policymakers with future planning. And it worked by enhancing both her professional and personal capacity.

‘What stood out was the extent that Australian farmers have already adopted technology to mitigate against climate change,’ said Ms Pokhrel. ‘This was particularly stark when it came to soil health and sustainable soil management practices. One of the key learnings is that we can tailor these practices for our context in the Koshi Province and, in that way, improve crop productivity by improving soil health.’

Mr Rashid agreed. He is a research fellow at Hajee Mohammad Danesh Science and Technology University in Dinajpur, Bangladesh. He noted that while ACIAR is helping to introduce conservation agriculture to Bangladesh, South Australian farmers have already adopted these soil and soil-moisture conserving practices.

They are also growing more legume crops for soil health and fertiliser benefits, adopting risk-aversion strategies amid climate variability, and introducing carbon farming to adapt to climate change.

Improved water management

Both Ms Pokhrel and Mr Rashid were especially impressed by Australian water management systems in drought-prone landscapes. They think these kinds of Australian practices have a role to play at the project sites.

While the cost and expertise required to adopt and maintain technologies such as drip irrigation systems used in Australia may be beyond the capacity of many smallholder farmers, the study tour has already inspired a new water conservation pilot project.

The Bangladesh team will launch ‘Conserving soil moisture through mulching technique in chili farming’ in the Rupantar project areas, focusing on farmers in northern Bangladesh, who experience frequent floods and droughts.

The Rupantar project delegation on tour in the northern Mallee of South Australia.

‘This initiative aims to use soil moisture and reduce irrigation in chilli farming, aided by Chameleon soil water sensors that can support decision-making for the farmers of the Rupantar project,’ said Mr Rashid.

Ms Pokhrel was greatly impressed by the grower-centric research, development and extension infrastructure built around farmers’ needs in Australia. For her, this was typified by organisations such as the Grains Research and Development Corporation and the Almond Board.

She thinks there are opportunities to ‘sensitise’ the different boards in Nepal to this approach.

Surprises for the project partners included the large size of farms given the small number of people working in agriculture.

What also surprised us is the rate of technology adoption by farmers, along with their dedication and the satisfaction they receive from the agricultural profession.

Ms Bimala Pokhrel
Nepal

‘Mallee Sustainable Farming System was impressive and working with farmers groups and developing the communication material in local languages are the things that we can develop for our smallholder farmers too.’

Finally, they praised the networking opportunities provided by the course, including with farmers, and opportunities to understand the people, country and culture.

ACIAR Project WAC/2020/148: ‘Transforming smallholder food systems in the Eastern Gangetic Plain’

MIL OSI News –

February 20, 2025
MIL-OSI Security: St. Louis Area Doctor Sentenced for Health Care Fraud

Source: Office of United States Attorneys

ST. LOUIS – U.S. District Judge Stephen R. Clark on Wednesday sentenced a doctor who ran two urgent care centers in the St. Louis area to 35 months in prison for defrauding Medicare and Missouri Medicaid and ordered him to repay $742,528.

Dr. Sonny Saggar, 57, will also be on supervised release for three years after he leaves prison.

Saggar pleaded guilty in U.S. District Court in St. Louis in August to one count of conspiracy. He admitted that while operating St. Louis General Hospital (SLGH) locations in downtown St. Louis and near Creve Coeur, he and his office manager hired assistant physicians (APs) to see patients but billed Medicare and Missouri Medicaid as if Dr. Saggar had seen them, even when he was out of town. APs are medical school graduates who have not completed a residency program. To legally practice medicine in Missouri, they are required to be closely supervised by a licensed physician under written collaborative practice arrangements (CPAs) that restrict the AP’s ability to provide medical services and limit their practice areas to medically underserved rural or urban areas.

Dr. Saggar admitted hiring “numerous” APs from July 2018 to July 2023 to work at the SLGH locations, which he and office manager Renita Barringer advertised as both urgent and primary care facilities and as a “residency prep” program and a “stepping stone” for the APs. Dr. Saggar admitted that APs were not properly trained or supervised and that he and Barringer advised them to consult each other on their medical questions. One physician can legally supervise no more than six APs, so Dr. Saggar offered stipends of up to $480 per month to various physicians to induce them to sign up to be collaborating physicians, and then submitted CPA forms to the Missouri Board of Registration for the Healing Arts to falsely make it appear as if the APs were being properly supervised. He admitted that the Creve Coeur location is not medical underserved and thus APs are not permitted to work there.

Finally, Dr. Saggar admitted that in January of 2022, he hired a doctor who had been indicted in another case to be the sole collaborating physician at the Creve Coeur location but did not disclose to Medicaid that the co-conspirator was performing services there. That physician’s billing privileges with Medicaid had been suspended.

The conduct of Dr. Saggar and Barringer caused a loss to Medicare and Missouri Medicaid of $742,528.

“Today’s sentencing underscores our commitment to ensuring that providers are held accountable for submitting fraudulent claims for financial gain and for deliberately concealing critical information about healthcare professionals,” said Special Agent in Charge Linda T. Hanley of the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG). “HHS-OIG, in partnership with the U.S. Attorney’s Office and other law enforcement agencies, will continue working together to safeguard the integrity of the Medicare and Medicaid programs.”

“This crime went beyond bilking taxpayer funded healthcare programs. Dr. Sonny Saggar risked the well-being of patients with urgent medical needs. He knew his assistant physicians were not qualified to see patients without supervision,” said Special Agent in Charge Ashley Johnson of the FBI St. Louis Division. “To add further insult to injury, Dr. Saggar falsely claimed he was the one who saw the patients so he could bill Medicare and Medicaid.”

“Doctors are expected to follow a certain code of conduct and obey the laws and regulations put in place to protect their clients,” DEA St. Louis Division Special Agent in Charge Michael Davis said. “Our investigation shows that Dr. Saggar broke with protocol and endangered lives with his negligence. As a result of his misconduct, he was arrested, surrendered his DEA Certificate of Registration, can no longer prescribe controlled substances and faces nearly three years in federal prison.”

Barringer, 51, pleaded guilty in December to one count of conspiracy. She is scheduled to be sentenced on April 22.

The U.S. Department of Health and Human Services Office of Inspector General, the FBI, the Drug Enforcement Administration and the Missouri Attorney General’s Medicaid Fraud Control Unit investigated this case. Assistant U.S. Attorney Amy Sestric is prosecuting the case.

MIL Security OSI –

February 20, 2025
MIL-OSI USA: Klobuchar Urges Action at Senate Judiciary Hearing on Children’s Safety Online

US Senate News:

Source: United States Senator Amy Klobuchar (D-Minn)

WASHINGTON — U.S. Senator Amy Klobuchar (D-MN), Ranking Member of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law, today delivered the following opening statement at the Judiciary Committee hearing on Children’s Safety in the Digital Era: Strengthening Protections and Addressing Legal Gaps.

A transcript of Klobuchar’s full opening statement is available below and a video can be downloaded here.

Senator Klobuchar: Thank you so much, Mr. Chairman, and I am truly looking forward to working with Senator Blackburn on this important Subcommittee. As many of you know, Senator Lee and I chaired the Antitrust Subcommittee for a long time, but I actually think this situation right now, with the possibility of moving on these bills, is going to be a very positive development.

As Senator Blackburn just pointed out, despite the strong support that we have had from Senator Durbin and Senator Grassley and Senator Graham when he chaired this Committee, or was the ranking on this Committee, we’ve just continued to run into roadblocks to passing these laws, and it’s getting absolutely absurd.

Senator Grassley is well aware of the antitrust tech bill that he and I lead, that hundreds and hundreds of millions of dollars are spent against it in TV ads, and despite the fact that the companies, FAANG [Facebook, Amazon, Apple, Netflix, and Google] as we call them, have agreed in other countries to some of these consumer protections that did not happen in America.

I think that this piece of it—whether it’s Instagram’s promotion of content that encourages eating disorders, frightening rise of non-consensual AI-generated pornographic deep fakes, or the tragic stories of kids losing their lives to fentanyl-laced pills—will most likely be leading the way as we continue to push our antitrust and privacy and news bills.

Just this month, this committee heard from Bridgette Norring of Hastings, Minnesota. Her son, Devin, was struggling with migraines, and bought what he thought was a Percocet over Snapchat to deal with the pain. But it really wasn’t a Percocet, it was a fake pill laced with fentanyl. And with that one pill, as we say, “one pill kills,” he died at age 19.

For too long, the companies have turned a blind eye when young children joined their platforms; used algorithms that pushed harmful content—they have done that; and provided a venue for dealers to sell deadly drugs like fentanyl.

We know that social media also increases the risk of mental illness, addiction, exploitation, and even suicide among kids. I will never forget the testimony of the FBI Director telling us that in just one year, I believe it was 2023, over 20 kids had committed suicide just because of the pornography and the images that had been put out there when they were innocently sending a picture to who they thought was a girlfriend or a boyfriend.

That’s why this committee has taken this on on a bipartisan basis, and I am hopeful that this hearing will be the beginning of actually passing these bills into law.

Representative Guffey, you and I met through Senator Cruz, and the bill that he and I have, the TAKE IT DOWN Act. We have an additional bill that Senator Cornyn and I have that’s really important, that’s passed through this committee, the SHIELD Act. And as you know all too well, the threat of dissemination alone can be tragic, especially for kids. We need to enact the Kids Online Safety Act, which, thanks to Senators Blumenthal and Blackburn, [has] passed the Senate on a 91-3 vote. As we know, some of these are stalled out in the House.

We need to get the federal rules of the road in place for safeguarding our data. According to a recent study, social media platforms generated $11 billion in revenue in 2022 from advertising directed at kids and teenagers, including $2 billion in ad profits derived from users age 12 and under.

I am supportive, as was mentioned by Senator Durbin, of the legislation that he and Senator Graham and Hawley and many others have to open the courtroom doors to those harmed by social media by making those reforms to Section 230. That legislation was enacted long before any of this was going on.

And somehow, with respect to other industries, we’ve been able to make smart decisions to put more safety rules in place. Just ask those passengers that were on that flight that flipped upside down in Toronto, who were in those seats that were the result of safety rules that were put in place. And yet, when it comes to this, we just put up our hands and say, “no, they’re lobbying against us,” or “they have too [much] money,” or “we like some of the people that work there.” And we do nothing.

And by doing nothing, instead of reaching some reasonable accommodations of settlements or things we can do on legislation, we just let them run wild at the expense of our kids’ lives. Thank you.

MIL OSI USA News –

February 20, 2025
MIL-OSI Australia: Interview – ABC Afternoon Briefing with Patricia Karvelas

Source: Australian Ministers for Education

PATRICIA KARVELAS: To discuss this, and there’s a whole lot more, let’s bring in our panel, Early Childhood Education Minister Anne Aly and Shadow Immigration Minister Dan Tehan. Welcome to both of you.

MINISTER ANNE ALY: Thank you.

DAN TEHAN: Thanks, Patricia.

KARVELAS: We’re going to start on that. Dan, was that just a thought bubble? Because it’s unconstitutional, it’s been tested in the High Court.

TEHAN: No, it wasn’t. I think there is a real frustration with how the system is currently working at the moment and how the courts are clogged up, how appeal after appeal is used. And I think what the Leader of the Opposition was expressing was that frustration that at some stage we are going to have a look at this.

Now, the High Court obviously made a decision last year. So, you know, there does need to be a discussion around these issues because it would be good if we had clear rules and clear guidelines and clear laws as to how we can make sure that those people who do come to Australia do and know and understand our values and especially our laws.

KARVELAS: But after you become a citizen shouldn’t you be dealt with by the law, and the law should deal with if you have a particular view, which, you know, is hate speech, isn’t that the law that should be dealing with it rather than just kicking people out?

TEHAN: Well, I think what – you know, what we do need to look at is that a lot of these people have dual citizenship. And so we need to look and see, okay, if you’ve got dual citizenship and you breach your trust that the Australian people have given in you with regards to your Australian citizenship, well, if you’re a dual citizen, do you have the right to keep your Australian citizenship?

KARVELAS: The High Court thinks yes.

TEHAN: Well, the High Court made a decision last year. Now, obviously we can have a look at the way that they made that and the laws around that and see whether we do need to have a conversation around whether we need to change some of the laws around this and see whether if people do come here – and especially if they are dual citizens – whether we can act.

KARVELAS: Anne Aly?

ALY: I’m a bit – I’m a bit angry that this conversation about antisemitism has been conveniently turned into a conversation about immigration as if somehow the two are connected. I think that’s a very deliberate political ploy by Peter Dutton, who, I might add, has said that he wants to re-introduce the “golden ticket” visa, which can be bought by people with money and that we know brought in people from organised crime gangs and people of, frankly, unworthy character into Australia.

So I would like to see us talking about the substantive issue here about hatred and the growth of hatred and the spread of hatred in our society. And when we have those conversations, not have those conversations hijacked by another conversation about immigration as if it’s only immigrants that are responsible for spreading hatred in this country. That’s what really disturbs me here, Patricia.

KARVELAS: Anne Aly makes a point about the fact antisemitism is a lot wider than anyone who may have come to this country more recently. It is clearly a big problem. Isn’t that what you really want to deal with?

TEHAN: Well, we have been dealing with that, and we have been appealing to the government now for a very long period of time to deal with that and deal with it right across this nation. So I don’t think you can say that all of a sudden we’ve just made this about immigration. This is an issue which the Leader of the Opposition has led the nation on in trying to rid this country of antisemitism. And it is about ridding it right across our nation, whether it be Australian citizens, whether it be dual citizens, whether it be those who are here as guests of our nation. And I don’t think that we can say all of a sudden that this has just had a narrow focus to it, because his leadership on this issue has been inspiring and outstanding. And so to just try and narrow cast it like that is completely and utterly wrong.

KARVELAS: But Peter Dutton even questioned why a male nurse – this male nurse got citizenship. I understand that actually happened when the Morrison government was in power.

TEHAN: Well, what Peter Dutton has said is that we do need to look as to how this has happened. And there will be –

KARVELAS: But it did happen under –

TEHAN: Yeah, yeah. There are incidences where this will have happened under Labor, under Liberal. But what we do need to do is look at it and say, okay, where is the system failing? How are we getting people coming into our country with these views when they’re required to take a citizenship pledge, we should be looking, okay, what do we do to try and fix this system. And that’s the point that he’s trying to make, because there is a frustration.

KARVELAS: Anne Aly?

ALY: I want – I just want to make this point. When you say, Dan, people coming into this country with these views, what if people are coming into this country as children – and I’m the Minister for Early Childhood, I see a lot of children, and let me tell you, they don’t – they’re not born with hate. They’re not born hating, right? People who are coming to this country may not be necessarily coming with those views. They may form those views because of this country, right?

So what are we doing more broadly in this country to ensure that we have a society that is cohesive and that is harmonious and that we don’t tolerate hatred? When we talk about that, we talk about the concrete steps that our government has done to ensure that – the doxing laws, the hate speech laws, standing up against racism in all its forms and expressing our contempt for hatred.

You know, I think it’s a very simplistic view to say that migrants come into Australia with a particular view and therefore that the whole situation that we’re talking about here around the increase of hatred is somehow linked to immigration.

TEHAN: But that’s not what we’re saying. We’re saying –

ALY: But it’s exactly what you just said.

TEHAN: We’re saying that is one component of it. We’ve also called for a proper National Cabinet meeting to address this issue, so it can be –

KARVELAS: Well, there was. There was one.

TEHAN: Yes, but it was one which wasn’t done with all the chief ministers, all the leaders there, you know, everyone coming to Canberra – a proper serious discussion as to how we address this.

KARVELAS: I have to bring our viewers on Afternoon Briefing here on the ABC News channel some breaking news: a Chinese fighter aircraft has released flares in front of an Australian military plane during what Defence describes as an unsafe and unprofessional interaction in the South China Sea this week. Officials have revealed the encounter occurred on Tuesday during daylight hours with the Peoples Liberation Army J-16 coming within 30 metres of the RAAF P-8 Poseidon. Defence says no personnel were injured and there was no damage to the P-8, but it has lodged formal objections with the PLA, both in Canberra and Beijing. So that’s just breaking news.

I am aware – and I always think, to be fair, you would just be hearing perhaps that news too. But just quick thoughts from you both. Obviously Defence has sent a pretty strong signal here that this is unacceptable.

TEHAN: And let’s see what sort of signal now the Prime Minister sends, because that’s what I think the Australian people will be waiting for and wanting to hear, what sort of strong signal and strong message now the Prime Minister sends. So, as we’ve seen, this is not the first time that this has occurred. So I think we will all watch with great interest to see how the Prime Minister responds to this, this act by the Chinese military.

KARVELAS: Anne Aly?

ALY: My first thought, of course, is relief that nobody was hurt and nobody was injured, Patricia. That’s my first – my first reaction to this news.

KARVELAS: Do you expect the Prime Minister will have strong words?

ALY: Absolutely. Absolutely. This is a pretty serious issue, and I absolutely expect that the Prime Minister will stand up for the Australian people, as he always has done.

KARVELAS: Now, there is another piece of breaking news, which is that your child care bill has just passed.

ALY: Yes.

KARVELAS: You know this?

ALY: Yes.

KARVELAS: Okay, what can you tell us?

ALY: So this is a great bill. It is good policy –

KARVELAS: This is the three day –

ALY: This is the Three Day Guarantee, 72 hours a fortnight for every child. What it basically does, Patricia, is it replaces the activity test, and parents out there who have tried to access subsidised care will know that they have to pass an activity test in order to be eligible to subsidise that care. It means that every child in Australia can now access those really transformative benefits of early childhood education and care. And it is good policy. It was recommended by the PC Review, a number of reviews, and has strong, strong support from across the sector. It’s a good day today for Australian children.

KARVELAS: It didn’t have to pass now, though, did it? I mean, it really could have happened after the election. Was it a political – is it a political play –

ALY: Well, no.

KARVELAS: – so you can talk about this at the election and say, “We got this through,” because it doesn’t start till next year, right?

ALY: That’s right. But, you know, it’s something that had strong support from the sector and it was a recommendation by the PC Review. You know, this is us taking action on things that we know are good policy, part of our reform package in early childhood education and care, getting to that place of a universal system that benefits every child.

KARVELAS: Dan Tehan, you are actually a former Education Minister so you are across these portfolios. I understand at the end the Liberals were not in favour of this change. But actually it is true that there has been a lot of research to say that this change should happen to get children to have the right to have these three days compulsory. Why didn’t you see it that way?

TEHAN: So just a question before, Patricia, I answer that question. So, are we talking about it just passing the House? Or –

KARVELAS: I think it just passed the House –

ALY: It passed the Senate – it’s in the Senate at the moment. So, I know – but it did pass the House earlier.

KARVELAS: It’s going back to – yeah.

TEHAN: Yeah, so it’s – just so your viewers are clear of where we’re at, it’s passed the House. It hasn’t passed the Senate, and it’s actually going to a Senate review which, as I understand it, will report in March. So this legislation –

ALY: I think they’re actually voting on it in the Senate.

KARVELAS: Yeah, my understanding is it’s passed the Parliament. But either way –

TEHAN: Right, okay.

KARVELAS: – I’ll let you continue with the broad political point.

ALY: Last I saw was they were voting on it.

TEHAN: So they are going to now go ahead? So this is sort of –

KARVELAS: So, you can still apparently do the inquiry even if the Bill’s passed.

TEHAN: Right, okay. All right. Well, there’s obviously been a change in the approach that the government’s taking as we’re speaking.

KARVELAS: Let me take you to first principles.

TEHAN: Yes, let’s go back to the Bill itself. We obviously wanted it to go to an inquiry. And the main concerns that we have with this Bill is that the actions that it’s taking, especially with regards to the activity test, without expanding the number of places, and especially the number of places in regional and rural areas, will basically mean for those people who are working or wanting to work, trying to get access to child care will become harder. And so that is one of the concerns that we have.

The second concern is that what we’ve seen with regards to costs under this government when it comes to child care is we’ve seen the costs go up by over 20 per cent. We’ve seen out-of-pocket expenses go up by over 10 per cent and nothing around this is addressing that issue, which obviously, with cost of living the number one issue, is of deep concern to us. So for those reasons and others is why we think that this Bill should have gone to a committee.

KARVELAS: Anne Aly?

ALY: Well, those figures are just wrong, Dan. The cost has come down. Out-of-pocket costs for families across Australia have come down. And in terms of access, yes, we know that access is one of those key areas of reform. That’s why we have a $1 billion Building Early Education Fund targeting those seats, those areas where there is no child – early childhood education or where there is little access to early childhood education and care.

So, you know, you’re talking to a government that’s able to chew gum and walk at the same time. We’re very well aware of all the key pieces of reform that are necessary in early childhood education and care, and only our government has that vision to ensure that every child has access and every child has access to quality, affordable early learning.

KARVELAS: I have to ask –

TEHAN: Anne, I was just going to say, your track record, sadly, doesn’t show that to be the case. So – and the problem here is that what we’re going to see is basically working people having to compete with new entrants now, and that’s going to cause even more trouble for you.

KARVELAS: Now, Dan Tehan, I just have to ask you, just to you before we say goodbye – we’ve had a great conversation; it might be the last day of the Parliament of this term. We don’t know. But it’s –

ALY: Don’t know.

KARVELAS: Well, you don’t know. We don’t know. So, it’s rather – we’re all on the edge of our seats. But I do have to ask you about – you’re a former Trade Minister as well. You’ve had a few hats, so you’re very helpful here. Was Australia so desperate to hang on to our tariff exemption with the US that we agreed to unofficial quotas?

TEHAN: No. No.

KARVELAS: Well, hang on a minute. That’s been reported that that’s what we agreed to. That’s what the US Government thinks.

TEHAN: So the arrangement was very clear. We were given an exemption, and obviously the US said to us that we wouldn’t want to see you exploit that exemption. And we had no intention of trying to exploit that exemption. The majority of our aluminium exports actually go into Asia, and that’s been a longstanding market for us.

KARVELAS: But did we agree to these, essentially, quotas that we didn’t publicise?

TEHAN: No, there was no – no, there was no quotas that weren’t publicised. So –

KARVELAS: But it was agreed to then?

TEHAN: Well, the idea – well, after the exemption, what the US wanted to make sure was all of a sudden our exports didn’t go from 10 per cent to 90 per cent. And obviously given that we were given an exemption we said that of course we’re going to make sure that that isn’t exploited, and it was never going to be exploited because the majority of our aluminium goes into our markets in the – in Asia.

KARVELAS: So that agreement, shouldn’t we know – shouldn’t we have known about it? Shouldn’t you have told the public? Because we didn’t know about it till now.

TEHAN: Well, it’s – there was no official agreement to tell the public about. I mean, the key thing here and the key thing that I would say to the Albanese Labor government is we worked very hard to be able to put an exemption in place which meant that our aluminium smelters here continued to be profitable and continued to be able to export aluminium into Asia, into the US.

KARVELAS: Okay.

TEHAN: My hope is that this government will be able to do exactly the same thing.

KARVELAS: Anne Aly?

ALY: Well, I think we’ve already proven as a government that we have the capacity, and we do the necessary actions to rebuild our international standing and rebuild our standing in terms of trade as well as diplomatic efforts, and I think the Australian people can be confident that this is a government that can, you know, deal with these issues. And in a transparent way.

TEHAN: And we hope so, yes.

KARVELAS: Well, the country hopes so. Thank you to both of you.

TEHAN: Pleasure.

KARVELAS: It’s been a good discussion.

ALY: Thanks, Patricia.

MIL OSI News –

February 20, 2025
MIL-OSI Security: Capital Region Man Indicted on Drug and Gun Charges

Source: Office of United States Attorneys

ALBANY, NEW YORK – Devere Williams, age 36, of Troy, New York, was charged last week by indictment for possession of a controlled substance with intent to distribute, possession of a firearm in furtherance of a drug trafficking crime, and possession of a firearm by a convicted felon. Acting United States Attorney Daniel Hanlon and Craig L. Tremaroli, Special Agent in Charge of the Albany Field Office of the Federal Bureau of Investigation (FBI), made the announcement.

The charges filed against Williams carry a prison term of at least 5 year and up to life in federal prison, a fine of up to $1 million, and a supervised release term of up to 5 years. The charges in the indictment are merely accusations. The defendant is presumed innocent unless and until proven guilty.

A defendant’s sentence is imposed by a judge based on the particular statutes the defendant is charged with violating, the U.S. Sentencing Guidelines and other factors.

Williams was arraigned today in Albany before United States Magistrate Judge Paul J. Evangelista, and will continue to be detained pending a hearing on February 21. The FBI is investigating this case. Assistant United States Attorneys Joseph S. Hartunian and Nicholas Walter are prosecuting this case.

MIL Security OSI –

February 20, 2025
MIL-OSI Security: Former Newport Beach Doctor Pleads Guilty to Possession of Hundreds of Images and Video of Child Sexual Abuse Material

Source: Office of United States Attorneys

SANTA ANA, California – A former Newport Beach gynecologist pleaded guilty today to federal criminal charges for possessing child sexual abuse material (CSAM) across multiple personally owned devices.

Mark Albert Rettenmaier, 72, of Laguna Hills, pleaded guilty to two counts of possession of child pornography. He is free on $600,000 bond.

According to his plea agreement, on June 7, 2020, Rettenmaier uploaded 15 images of CSAM to an Adobe cloud-based storage system. At least four of the images Rettenmaier uploaded depicted two minors, one under the age of 12, engaging in sexually explicit conduct.

On July 22, 2020, law enforcement officers executed a search warrant of Rettenmaier’s residence and seized his cellphone and a laptop. Upon review of the cellphone, law enforcement identified at least two additional images of CSAM. Review of the laptop revealed at least one video and 209 images of minors engaged in sexual activity.

Rettenmaier admitted that he knowingly downloaded the images and video of CSAM from the internet and stored them on his personal devices.

United States District Judge Sherilyn Peace Garnett scheduled an August 6 sentencing hearing at which time Rettenmaier will face a statutory maximum sentence of 20 years in federal prison for each count. Prosecutors have agreed to recommend that Rettenmaier be sentenced to no more than five years in federal prison.

Rettenmaier will also be required to pay a mandatory minimum of $3,000 restitution to each of six victims named in this case, for a total of at least $18,000.

The FBI investigated this matter.

Assistant United States Attorney Melissa Rabbani of the Orange County Office is prosecuting this case.

MIL Security OSI –

February 20, 2025
MIL-OSI Security: Bridgeport Man Sentenced to 51 Months in Prison for Drug Robbery Attempt

Source: Office of United States Attorneys

Marc H. Silverman, Acting United States Attorney for the District of Connecticut, announced that ANDY MARTE, also known as “AD,” 31, of Bridgeport, was sentenced today by U.S. District Judge Victor A. Bolden in New Haven to 51 months of imprisonment, followed by three years of supervised release, for his role in a drug robbery conspiracy.

According to court documents and statements made in court, on April 28, 2023, Marte, Kareem Porter, and Tyrone Allen drove to a Bridgeport apartment building where they intended to carry out a robbery at an apartment they believed contained a substantial quantity of drugs and drug proceeds. Marte separately contacted Jermaine Bethel, who arrived to participate in the robbery. Marte instructed Bethel, Porter, and Allen, who had a crowbar, to carry out the robbery, while Marte remained in the car, with two handguns, to serve as a getaway driver. After failing to enter the apartment, Bethel, Porter, and Allen returned to the vehicle where they were encountered by law enforcement. Investigators learned of the scheme by monitoring Marte’s phone, which was subject to a court-authorized wiretap related to alleged drug trafficking activity. Officers searched the vehicle and its occupants and seized the two handguns and the crowbar.

Marte’s criminal history includes convictions for multiple firearms offenses and a violent robbery.

Marte has been detained since his arrest on April 28, 2023. On March 28, 2024, he pleaded guilty to conspiracy to commit Hobbs Act Robbery.

Porter, Allen, and Bethel pleaded guilty to the same charge. On October 28, 2024, Porter was sentenced to 24 months of imprisonment. On December 2, 2024, Bethel was sentenced to 12 months and one day of imprisonment. Allen awaits sentencing.

This investigation was conducted by FBI’s Bridgeport Safe Streets Task Force and the Bridgeport Police Department. The case is being prosecuted by Assistant U.S. Attorneys Ross Weingarten and Karen Peck.

MIL Security OSI –

February 20, 2025
MIL-OSI Security: Wausau Man Sentenced to 8 Years for Methamphetamine Trafficking

Source: Office of United States Attorneys

MADISON, WIS. – Timothy M. O’Shea, United States Attorney for the Western District of Wisconsin, announced that Bee Her, 45, Wausau, Wisconsin, was sentenced today by U.S. District Judge William M. Conley to 8 years in federal prison for distributing 50 grams or more of methamphetamine. The prison term will be followed by 5 years of supervised release. Her pleaded guilty to this charge on November 26, 2024.

In 2023, investigators with the Central Wisconsin Narcotics Task Force identified Bee Her as a multi-pound methamphetamine dealer operating out of Wausau. On October 13, 2023, a confidential informant purchased one pound of methamphetamine from Her at Her’s residence. On October 23, 2023, a confidential informant received two ounces of methamphetamine from Her at Her’s residence.

On February 8, 2024, Her was arrested on an active supervision warrant. Information obtained during the investigation suggests that Her was working for the cartels to traffic methamphetamine and that the cartels were trying to establish a line and system near Wausau. Her told investigators that he obtained 5 pounds of methamphetamine every two to three weeks to distribute.

During this time, Her was on state supervision for two felony cases, one involving a conviction for Child Enticement-Sexual Contact and the other involving convictions for Possession of Methamphetamine and Possession of Drug Paraphernalia. Her’s supervision on the child sex crime was not revoked. His supervision on the drug case was revoked and he was sentenced to one year in jail.

At sentencing, Judge Conley said Her was identified as a large-scale trafficker of methamphetamine in Wausau with connections to Minnesota and Mexico and weighed the seriousness of Her’s conduct against his addiction to methamphetamine.

The charge against Her was the result of an investigation conducted by the Federal Bureau of Investigation’s Central Wisconsin Narcotics Task Force comprised of investigators from the FBI, Wisconsin State Patrol, Wisconsin Department of Criminal Investigation, Lincoln County Sheriff’s Office, Marathon County Sheriff’s Office, Portage County Sheriff’s Office, Mountain Bay Police Department, Wausau Police Department and Wisconsin National Guard Counter Drug Program. Assistant U.S. Attorney Steven P. Anderson prosecuted this case.

MIL Security OSI –

February 20, 2025
MIL-OSI USA: President of Insurance Brokerage Firm and CEO of Marketing Company Charged in $161M Affordable Care Act Enrollment Fraud Scheme

Source: US State of California

An indictment was unsealed today charging Cory Lloyd, 46, of Stuart, Florida, and Steven Strong, 42, of Mansfield, Texas, in connection with their alleged participation in a scheme to submit fraudulent enrollments to fully subsidized Affordable Care Act insurance plans (ACA plans) in order to obtain millions of dollars in commission payments from insurance companies.

ACA plans offer tax credits to eligible enrollees. These tax credits, or “subsidies,” could be paid by the federal government directly to insurance plans in the form of a payment toward the applicable monthly premium. According to court documents, Lloyd and Strong conspired to enroll consumers in ACA plans that were fully subsidized by the federal government by submitting false and fraudulent applications for individuals whose income did not meet the minimum requirements to be eligible for the subsidies. Lloyd allegedly received commission and other payments from an insurance company in exchange for enrolling consumers in the ACA plans. In turn, Lloyd allegedly paid commissions to Strong in exchange for consumer referrals.

As alleged in the indictment, Lloyd and Strong targeted vulnerable, low-income individuals experiencing homelessness, unemployment, and mental health and substance abuse disorders, and, through “street marketers” working on their behalf, sometimes offered bribes to induce those individuals to enroll in subsidized ACA plans. Marketers working for Strong’s company allegedly coached consumers on how to respond to application questions to maximize the subsidy amount and provided addresses and social security numbers that did not match the consumers purportedly applying. As a result of being enrolled in subsidized ACA plans for which they did not qualify, some of these consumers experienced disruptions in their medical care.

The indictment alleges that Lloyd and Strong used misleading sales scripts and other deceptive sales techniques to convince consumers to state that they would attempt to earn the minimum income necessary to qualify for a subsidized ACA plan, even when the consumer initially projected having no income. Lloyd and Strong also allegedly conspired to bypass the federal government’s attempts to verify income and other information. Lloyd and Strong allegedly engaged in the scheme to maximize the commission payments they received from insurers, resulting in their companies’ receiving millions of dollars in commissions.

As alleged in the indictment, Lloyd and Strong’s scheme caused the federal government to pay at least $161,900,000 in subsidies.

Cory Lloyd and Steven Strong are each charged with conspiracy to commit wire fraud, three counts of wire fraud, conspiracy to defraud the United States, and two counts of money laundering. If convicted, each faces a maximum penalty of 20 years in prison on each count of conspiracy to commit wire fraud and wire fraud, five years in prison for conspiracy to defraud the United States, and 10 years in prison for each count of money laundering.

Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division, Acting Special Agent in Charge Justin Fleck of the FBI Miami Field Office, Acting Special Agent in Charge Isaac Bledsoe of the Department of Health and Human Services Office of Inspector General (HHS-OIG) Miami Regional Office, and Special Agent in Charge Emmanuel Gomez of the IRS Criminal Investigation (IRS-CI) Miami Field Office made the announcement.

The FBI, HHS-OIG, and IRS-CI are investigating the case.

Assistant Chief Jamie de Boer and Trial Attorney D. Keith Clouser of the Criminal Division’s Fraud Section are prosecuting the case.

The Fraud Section leads the Criminal Division’s efforts to combat health care fraud through the Health Care Fraud Strike Force Program. Since March 2007, this program, currently comprised of nine strike forces operating in 27 federal districts, has charged more than 5,800 defendants who collectively have billed federal health care programs and private insurers more than $30 billion. In addition, the Centers for Medicare & Medicaid Services, working in conjunction with HHS-OIG, are taking steps to hold providers accountable for their involvement in health care fraud schemes. More information can be found at www.justice.gov/criminal-fraud/health-care-fraud-unit.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

MIL OSI USA News –

February 20, 2025
MIL-OSI Security: President of Insurance Brokerage Firm and CEO of Marketing Company Charged in $161M Affordable Care Act Enrollment Fraud Scheme

Source: United States Attorneys General 1

An indictment was unsealed today charging Cory Lloyd, 46, of Stuart, Florida, and Steven Strong, 42, of Mansfield, Texas, in connection with their alleged participation in a scheme to submit fraudulent enrollments to fully subsidized Affordable Care Act insurance plans (ACA plans) in order to obtain millions of dollars in commission payments from insurance companies.

ACA plans offer tax credits to eligible enrollees. These tax credits, or “subsidies,” could be paid by the federal government directly to insurance plans in the form of a payment toward the applicable monthly premium. According to court documents, Lloyd and Strong conspired to enroll consumers in ACA plans that were fully subsidized by the federal government by submitting false and fraudulent applications for individuals whose income did not meet the minimum requirements to be eligible for the subsidies. Lloyd allegedly received commission and other payments from an insurance company in exchange for enrolling consumers in the ACA plans. In turn, Lloyd allegedly paid commissions to Strong in exchange for consumer referrals.

As alleged in the indictment, Lloyd and Strong targeted vulnerable, low-income individuals experiencing homelessness, unemployment, and mental health and substance abuse disorders, and, through “street marketers” working on their behalf, sometimes offered bribes to induce those individuals to enroll in subsidized ACA plans. Marketers working for Strong’s company allegedly coached consumers on how to respond to application questions to maximize the subsidy amount and provided addresses and social security numbers that did not match the consumers purportedly applying. As a result of being enrolled in subsidized ACA plans for which they did not qualify, some of these consumers experienced disruptions in their medical care.

The indictment alleges that Lloyd and Strong used misleading sales scripts and other deceptive sales techniques to convince consumers to state that they would attempt to earn the minimum income necessary to qualify for a subsidized ACA plan, even when the consumer initially projected having no income. Lloyd and Strong also allegedly conspired to bypass the federal government’s attempts to verify income and other information. Lloyd and Strong allegedly engaged in the scheme to maximize the commission payments they received from insurers, resulting in their companies’ receiving millions of dollars in commissions.

As alleged in the indictment, Lloyd and Strong’s scheme caused the federal government to pay at least $161,900,000 in subsidies.

Cory Lloyd and Steven Strong are each charged with conspiracy to commit wire fraud, three counts of wire fraud, conspiracy to defraud the United States, and two counts of money laundering. If convicted, each faces a maximum penalty of 20 years in prison on each count of conspiracy to commit wire fraud and wire fraud, five years in prison for conspiracy to defraud the United States, and 10 years in prison for each count of money laundering.

Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division, Acting Special Agent in Charge Justin Fleck of the FBI Miami Field Office, Acting Special Agent in Charge Isaac Bledsoe of the Department of Health and Human Services Office of Inspector General (HHS-OIG) Miami Regional Office, and Special Agent in Charge Emmanuel Gomez of the IRS Criminal Investigation (IRS-CI) Miami Field Office made the announcement.

The FBI, HHS-OIG, and IRS-CI are investigating the case.

Assistant Chief Jamie de Boer and Trial Attorney D. Keith Clouser of the Criminal Division’s Fraud Section are prosecuting the case.

The Fraud Section leads the Criminal Division’s efforts to combat health care fraud through the Health Care Fraud Strike Force Program. Since March 2007, this program, currently comprised of nine strike forces operating in 27 federal districts, has charged more than 5,800 defendants who collectively have billed federal health care programs and private insurers more than $30 billion. In addition, the Centers for Medicare & Medicaid Services, working in conjunction with HHS-OIG, are taking steps to hold providers accountable for their involvement in health care fraud schemes. More information can be found at www.justice.gov/criminal-fraud/health-care-fraud-unit.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

MIL Security OSI –

February 20, 2025
MIL-OSI USA: Chairman Capito Highlights Consensus on Need for NEPA and Permitting Reform Legislation

US Senate News:

Source: United States Senator for West Virginia Shelley Moore Capito
[embedded content]
To watch Chairman Capito’s questions, click here or the image above.
WASHINGTON, D.C. – Today, U.S. Senator Shelley Moore Capito (R-W.Va.), Chairman of the Senate Environment and Public Works (EPW) Committee, led a hearing on improving federal environmental review and permitting processes.
During the hearing, Chairman Capito questioned a panel of leaders from different industries and organizations about challenges they’ve faced while trying to implement projects important to American economic growth. In particular, Chairman Capito focused on the need to craft legislation that creates efficient and reliable timelines for National Environmental Policy Act (NEPA) and permitting processes and addresses endless legal challenges for projects.
HIGHLIGHTS:
AGREEMENT ON CHANGES TO ENVIRONMENTAL REVIEW:
Chairman Capito:
“Both Republican and Democrat administrations over the last couple decades have recognized the need to address the environmental review process, and those administration have taken efforts, through changes to regulations and guidance, to do so. Despite these efforts, federal environmental review and permitting challenges persist…I would like to ask each of you, do you agree that Congress must come together to develop a bipartisan bill to tackle these challenging issues?”
Jeremy Harrell, CEO, ClearPath:
“Yes, Senator.”
Leah Pilconis, General Counsel, The Associated General Contractors of America:
“Yes.”
Carl Harris, Chairman of the Board, National Association of Home Builders:
“Yes, Senator.”
Brent Booker, General President, Laborers’ International Union of North America:
“Yes.”
Nicole Pavia, Director, Clean Energy Infrastructure Deployment, Clean Air Task Force:
“Yes.”
LENGTHY FEDERAL PROCESSES:
Chairman Capito:
“Under current law and regulation, projects can take years or even decades to progress from concept to completing the NEPA process. What are the real world impacts of this lengthy timeline for projects on consumers of goods and services that your members produce?
Leah Pilconis:
“For the construction industry, delays cause uncertainty, and they also cause workforce instability. Our contractors can’t commit to hiring workers. They can’t order materials when there are delays on breaking ground for projects, often because they’re tied up for years with lawsuits, delays also drive up costs.”
Carl Harris:
“The cost of permitting adds to the cost of housing, and every time, as I said in my testimony, every time you raise the cost of a house $1,000, you lock out 106,000 family units. That’s substantial.”
ADDRESSING JUDICIAL REVIEW: “I want to ask about judicial review, it came up in almost everybody’s testimony. Many projects are targeted with litigation all throughout the process. The resulting legal costs and projects delays can be enough to stop a project, which happened with our Atlantic Coast Pipeline in West Virginia.”
BUILDING CONSENSUS: “I think we have a lot of commonality here, a lot of good ideas, and a lot of thought that I think are going along the same lines. I think we should think big, and then come down from big to where we can meet the sweet spot. Because, like Senator Curtis said, we’ve been talking about this for years, we haven’t quite gotten there. So, I’m committed.”
HEARING RECORD REMAINS OPEN: “The hearing record will remain open, as I said earlier, until March 21 and anybody – I would hope that you would submit suggestions that you might have heard today, or other suggestions. The public will be allowed to submit comments and materials for the hearing record by sending these documents to permitting@epw.senate.gov. This email address is also accessible on the Committee’s website.”
Click HERE to watch Chairman Capito’s opening statement.
Click HERE to watch Chairman Capito’s questions.

MIL OSI USA News –

February 20, 2025
MIL-OSI USA: Barrasso: Kash Patel Will Restore Transparency at the FBI

US Senate News:

Source: United States Senator for Wyoming John Barrasso
WASHINGTON, D.C. – U.S. Senator John Barrasso (R-Wyo.), Senate Majority Whip, today spoke on the Senate Floor ahead of voting to confirm Kash Patel, President Donald J. Trump’s nominee to be the Director of the Federal Bureau of Investigation (FBI).
Senator Barrasso also discussed how quickly Senate Republicans are confirming President Trump’s nominees. The Republican-led Senate has now confirmed 18 of President Trump’s nominees. That is faster than the pace of confirmations under President Barack Obama in 2009 and President Joe Biden in 2021.
Click HERE to watch Senator Barrasso’s remarks.
Sen. Barrasso’s remarks as prepared:
“President Trump’s cabinet picks are strong. Senate Republicans are confirming them quickly.
“By the end of today, we will have confirmed 18 of President Trump’s nominees. These nominees are bold and well-qualified.
“That is more nominees than President Obama had in 2009. It is more than President Biden had in 2021. More than twice as many.
“Americans voted for a bold, new direction in Washington. Senate Republicans are delivering it.
“Yesterday, the Senate confirmed Howard Lutnick to be the Secretary of Commerce. He will kickstart the Golden Age of American Manufacturing.
“The Senate is also on track to confirm Kelly Loeffler to be the Administrator of the Small Business Administration. Kelly is our former colleague in the Senate. She will be a voice for Main Street America.
“The Senate will soon vote on the confirmation of Kash Patel. Mr. Patel is the nominee to be the Director of the Federal Bureau of Investigation.
“The United States is seeing increased threats from terrorism.
“The previous FBI Director told the Senate one year ago, ‘I see blinking lights everywhere.’
“On New Year’s Day, 14 Americans were killed in a terrorist attack in New Orleans, Louisiana.
“That is why the Senate must confirm Mr. Patel with speed and urgency.
“Once confirmed, Mr. Patel will begin working to restore trust in one of America’s premier law enforcement agencies.
“Today, regrettably, only 2 in 5 Americans say they hold a favorable view of the FBI. This must change.
“Kash Patel will refocus the FBI on its core mission of fighting crime. He will reshape the Bureau so it is no longer a tool for political attacks. He will rededicate the Bureau to keeping Americans safe.
“This is a uniquely qualified nominee.
“Mr. Patel began his career as a public defender in Florida. He defended the constitutional rights of some of the most dangerous people in the country.
“He later joined the Obama Department of Justice as a counterterrorism prosecutor. He investigated and prosecuted cases that protected our country from the most serious threats.
“He received several awards for excellence for bringing terrorists to justice.
“Mr. Patel saw the power of the FBI to keep Americans safe.
“He also saw how the power of the FBI could be abused.
“In Congress, Mr. Patel lead the investigation that exposed that the FBI was spying unlawfully on President Trump’s 2016 campaign.
“Special Counsel John Durham’s investigation later backed up Mr. Patel’s side of the story. Durham found, ‘The FBI failed to uphold their mission of strict fidelity to the law.’
“This abuse of power was a breach of Americans’ trust in the FBI.
“Kash Patel will restore trust by returning the FBI to its core mission of investigating and fighting crime.
“At his confirmation hearing, he said he will work to cut in half the number of rapes, drug overdoses, and homicides in our country.
“This is something that every law-abiding American should welcome.
“For Democrats, however, this is apparently unacceptable. They claim Mr. Patel wants to weaponize government. That is blatantly false.
“It was Democrats who turned the FBI into a political attack dog against their political opponents.
“The FBI pressured social media companies to censor the Hunter Biden Laptop story.
“It partnered with Joe Biden’s Department of Justice in the targeting of concerned parents who protested woke school board meetings.
“It targeted Catholics as domestic terrorists and spied on them at church.
“It put politics and personal gain over service to the country.
“Mr. Patel will end the weaponization and restore transparency.
“He believes that crime is bad, that two tiers of justice is unacceptable, and that equal justice under the law is good.
“To Democrats, that’s taboo. To the rest of the country, it’s common sense.
“Americans want the FBI to fight crime. Kash Patel is the man to do it.
“If you want to defend our constitutional rights, confirm Kash Patel.
“If you want justice and accountability, confirm Kash Patel. If you want to keep our communities safe, confirm Kash Patel.
“Mr. Patel is a man of integrity and fidelity to the rule of law. I look forward to confirming him.”

MIL OSI USA News –

February 20, 2025
MIL-OSI Security: Ecuadorian Man Sentenced for Conspiring to Introduce Misbranded Prescription Drugs in the United States

Source: Office of United States Attorneys

PHILADELPHIA – Acting United States Attorney Nelson S.T. Thayer, Jr., announced that Daniel Pinos, 30, of Ecuador, was sentenced today to one year of non-reporting probation and a $100 special assessment by United States District Court Judge John M. Gallagher for conspiracy to introduce misbranded drugs into interstate commerce.

Pinos pleaded guilty last week to a one-count information charging him with that offense.

Since in or about 2022, Pinos, an Ecuadorian dentist, made regular trips to the United States to provide dental care and prescription drugs in return for payment. Pinos did so even though he was not licensed to practice dentistry or prescribe drugs in the United States. Some of the drugs he dispensed while in the United States were shipped from Ecuador.

On September 10, 2024, law enforcement encountered Pinos and seized misbranded drugs and medical and dental equipment.

“In the U.S., we regulate health care and medications, to keep people safe,” said Acting U.S. Attorney Thayer. “Pinos understood that he wasn’t licensed to practice dentistry or provide prescription drugs here, but did so, nonetheless. This office and the FBI will continue to investigate such medical malfeasance and hold those who commit it accountable.”

“The FBI remains steadfast in our commitment to protect our citizens and safeguard the integrity of our healthcare systems,” said Wayne A. Jacobs, Special Agent in Charge of FBI Philadelphia. “We applaud the hard work of the Allentown Resident Agency and our partners in this case and in their efforts to keep our communities safe.”

The case was investigated by FBI Philadelphia’s Allentown Resident Agency and is being prosecuted by Assistant United States Attorney John J. Boscia.

MIL Security OSI –

February 20, 2025
MIL-OSI Security: Palmdale Man Indicted for Allegedly Producing Sexually Explicit Material Featuring Teenage Girls

Source: Office of United States Attorneys

LOS ANGELES – A Palmdale man is scheduled to be arraigned today on a 12-count federal grand jury indictment alleging he coerced two minors into producing and sharing with him sexually explicit content of themselves and enticed one minor to have sex with him.

Darius Desean Edwards, 21, of Palmdale, is charged with five counts of production of child pornography, five counts of receipt of child pornography, and two counts of enticement of a minor to engage in criminal sexual activity.

Edwards, who was employed by Palmdale’s Department of Parks and Recreation until his recent termination, was arrested this morning and is scheduled to be arraigned this afternoon in United States District Court in downtown Los Angeles.

According to the indictment, from October 2023 until December 2023, Edwards engaged in sexual conversations with a then 16-year-old girl and requested her to produce and share with him child sexual abuse material (CSAM) of herself. Edwards received at least one video from this victim depicting CSAM.

In March 2024, Edwards communicated with a then 15-year-old girl and requested that she produce and share with him CSAM of herself. Edwards received at least one photo and three videos from this victim depicting CSAM.

An indictment contains allegations that a defendant has committed a crime. Every defendant is presumed to be innocent until and unless proven guilty beyond a reasonable doubt in court.

If convicted, Edwards would face a mandatory minimum sentence of five years in federal prison for each count of receipt of child pornography, a mandatory minimum sentence of 15 years in federal prison for each count of production of child pornography, and a mandatory minimum sentence of 10 years in federal prison and a statutory maximum of life in prison for each count of enticement of a minor to engage in criminal sexual activity.

The FBI is investigating this matter.

Assistant United States Attorney Lyndsi Allsop with the Violent and Organized Crime Section is prosecuting this case.

MIL Security OSI –

February 20, 2025
MIL-OSI USA: ICE investigation leads to 8 criminal arrests and charges for Trinitarios gang members

Source: US Immigration and Customs Enforcement

BOSTON — An investigation led by U.S. Immigration and Customs Enforcement led to federal charges unsealed against two dozen leaders, members and associates of the Trinitarios gang — a violent transnational criminal organization. An ICE Homeland Security Investigations-led a task force arrested eight alleged gang members early Feb. 19, and 22 individuals have been charged with federal offenses, including racketeering conspiracy in connection with six murders and 11 attempted murders. Two individuals, who were juveniles at the time of the alleged criminal offenses, have been charged by the Essex County District Attorney’s Office with murder.

The charges are the result of a multijurisdictional investigation that began in the aftermath of four murders, and a series of attempted murders and shootings that took place in Lynn, Massachusetts in 2023, allegedly committed by the Trinitarios criminal enterprise.

According to court documents, Chapters of the Trinitarios were identified in in Lawrence, Lynn, Boston and Haverhill. Trinitarios members in these cities allegedly undertake efforts to dominate their communities by intimidating rival gangs and establishing control over certain neighborhoods. It is further alleged that the Trinitarios do not hesitate to use violence, including murder, to further the organization’s goals and purposes. According to the charging document, these gang rivalries develop through personal enmity and disrespect between members of the rival gangs, competition over drug territory and customers as well as violent acts (such as robberies, shootings and murders) that have been committed by the gangs against each other in the past. It is alleged that these rivalries have become deadly and multiple murders have been committed by Trinitarios gang members.

Specifically, ICE HSI’s investigation allegedly identified that the Massachusetts Trinitarios have committed at least 10 homicides in Essex County over the past decade and are believed to be responsible for numerous attempted murders, shootings, kidnappings and robberies. Sixteen members of the Trinitarios criminal enterprise in Massachusetts have been charged with six of these murders — two of which took place in Lawrence in 2017 and two double murders in Lynn in 2023. The remaining four homicides are being prosecuted by the Essex District Attorney’s Office.

“Today the message should be loud and clear: transnational criminal organizations and foreign-born malign actors committing violent acts in our communities will never have refuge in the United States. We are working every day with our state, local, and federal partners to tackle transnational crime from all angles with all of the resources available to us to make our streets safer,” said ICE HSI New England Special Agent in Charge, Michael J. Krol.

According to the charging documents, the Trinitarios are a hierarchical criminal organization, with positions that are known to exist at the state and local chapter level, whose members adhere to a code of conduct. Enmanuel Paula-Cabral, aka “Nelfew,” aka “Gordo,” aka “Manny,” allegedly serves as the State Supreme of the Trinitarios for Massachusetts, responsible for the entirety of the gang’s criminal activities, coordination with other state leaders and communication with leadership of the Trinitarios in the Dominican Republic.

Paula-Cabral is also allegedly responsible for the Trinitarios Chapter operating in Manchester, New Hampshire as well the Trinitarios located in Maine, where the gang operates a lucrative drug-trade. Below the Supreme is a position referred to as the “Flag” or “Segundo,” which in Massachusetts is allegedly held by Ery Jordani Rosario, aka “Racacha.”

The Massachusetts Trinitarios allegedly recruit new members among communities of legal immigrants and illegal aliens from the Dominican Republic — specifically juveniles in local high schools in Lawrence and Lynn. To curry favor with these new recruits, the Trinitarios allegedly appeal to their shared Spanish language and culture, Dominican patriotism and use the appearance of prosperity and brotherhood.

It is further alleged that members are generally initiated into the gang after a period of observation or probation and are often inducted following the completion of a “mission” — which is generally a substantial act of violence such as shootings, beatings, or fist fights with rival gang members that were the same age or stature. According to the court documents, upon induction, new members are formally “blessed” into the organization during a formal ceremony, are administered oaths by the State Supreme and are awarded with ceremonial beaded necklaces. Younger members are allegedly tasked with lesser roles during many violent “missions,” including standing lookout during a shooting, holding or concealing weapons on behalf of full members and transporting weapons after their use in shootings.

According to the charging documents, the Trinitarios endeavor to project power over the internet and social media allegedly producing music and music videos featuring members in Trinitarios colors and clothing holding weapons, cash and other items, as well as lyrics that boast about violence, drugs and other criminal endeavors as warnings and threats to other rival gangs.

“As the court papers make clear, for well over a decade, Trinitarios gang members have engaged in brazen acts of murder, assault, and drug distribution — instilling fear in the communities of Lynn and Lawrence in particular. Today’s law enforcement operation has struck a significant blow against the leadership of the Trinitarios operating in Massachusetts — virtually dismantling an organization responsible for years of bloodshed, drug trafficking, and lawlessness,” said United States Attorney Leah B. Foley. “This enforcement action ends the Trinitarios reign of terror in Massachusetts. Today, our communities are safer with the removal of these alleged violent offenders from our streets, and where appropriate, from our country. This operation is a testament to the tireless collaboration among the dedicated members of our federal, state and local law enforcement agencies. Such shameless and senseless acts of violence have no place anywhere; especially not in any city in Massachusetts. If you threaten the safety of our residents, we will find you, we will hold you accountable, and we will ensure that justice is served.”

“This operation is another example of how the FBI and our law enforcement partners work together to dismantle large-scale, violent transnational criminal organizations that cause chaos and death in our communities. We believe those arrested today — leaders, members, and close associates of the Trinitarios – have allegedly shown a reckless indifference to human life in order to control their turf, push their poison, and make money. There is no question our streets are safer because of this takedown,” said Jodi Cohen, Special Agent in Charge of the Federal Bureau of Investigation, Boston Division. “The FBI’s North Shore Gang Task Force will continue to work on the public’s behalf to lock up these dangerous offenders who shatter folks’ sense of security and quality of life.”

“Gang violence, as well as illegal gun and drug trafficking, have no place in the Commonwealth,” said Massachusetts State Police Colonel Geoff Noble. “Operations like this show the Massachusetts State Police is committed to working alongside our law enforcement partners to find those responsible for these crimes, arrest them, and pursue justice. Getting these criminals off the street makes Massachusetts a safer place to live.”

“This investigation and the results represent the best of law enforcement partnerships. The residents of Essex County are safer today with the dismantling of this violent criminal enterprise,” said Essex County District Attorney Paul F. Tucker.

“Today’s operation marks the culmination of an extensive investigation, demonstrating the strength of our collaborative efforts to combat gangs and violent criminal activity. These significant arrests will undoubtedly prevent further harm to our community. I want to express my deepest gratitude to our officers and our State and Federal law enforcement partners, the Essex County District Attorney’s Office and the Office of the United States Attorney for Massachusetts for their relentless pursuit of justice and for their commitment to making our city safer,” said Lynn Police Chief Christopher P. Reddy.

“I commend the successful collaboration with the U.S. Attorney’s Office and Homeland Security Investigations,” says Manchester New Hampshire Police Chief Peter Marr. “By arresting multiple gang members involved in violent criminal activities throughout the region, we are reinforcing the commitment to making our community safer.”

The charge of conspiracy to conduct enterprise affairs through a pattern of racketeering activity (also known as “racketeering conspiracy” or “RICO conspiracy”) provides for a sentence of up to life in prison, five years of supervised release and a fine of up to $250,000. The charge of conspiracy to interfere with commerce by robbery (Hobbs Act conspiracy) provides for a sentence of up to 20 years in prison, three years of supervised release and a fine of up to $250,000.

The investigation was led by ICE HSI New England’s Strike Force, Massachusetts State Police, the Essex District Attorney’s Office, the Lynn Police Department and the Manchester New Hampshire Police Department. Valuable assistance was provided by ICE Enforcement and Removal Operations, the U.S. Attorney’s Office for the District of New Hampshire; U.S. Customs and Border Protection; Federal Bureau of Investigations; and the Andover, Boston, Franklin, Lawrence, Peabody and Salem Police Departments.

MIL OSI USA News –

February 20, 2025
MIL-OSI Security: Ohio Woman Sentenced to Prison for Insurance Claim Fraud

Source: Office of United States Attorneys

CLEVELAND – Angela Frase, 60, of Sterling, Ohio, has been sentenced to 24 months in prison by U.S. District Judge Dan Aaron Polster after pleading guilty to four counts of mail fraud for accepting insurance checks after she knowingly submitted false claims. Frase was also ordered to pay restitution in the amount of $327,072.

Frase pleaded guilty to devising a scheme that took place from July 2 to Aug. 23, 2019, to defraud a homeowner’s insurance company. According to court documents, the scheme began when Frase called fire emergency services on July 2, 2019, and again on July 3, 2019, to report a fire in her home. Fire marshals were unable to determine the cause of the fire at the time. The insurance company then housed Frase and her husband at an extended stay hotel. An investigation later conducted by insurance company experts determined no evidence of electrical failure as the cause of the fire.

On the morning of Aug. 6, 2019, the fire department responded to a natural gas leak at the Frase residence. Home remodeling employees entered the home to work on the damage caused by the fire but were forced to evacuate due to the strong smell of natural gas. The fire marshal later determined that the stove was turned on, filling the residence with explosive-causing levels of natural gas. Frase and her husband were the last people in the home prior to the discovery of gas and claimed to have locked the doors. There was no sign of forced entry.

On Aug. 6, 2019, at approximately 10:43 p.m., Frase left her extended stay hotel room, drove to her home on Spruce Street in Seville, Ohio, and started a fire. Investigators later learned through her cellphone location data that she remained in the area of her home from 10:54 p.m. until 11:39 p.m. and then returned to her hotel room. On Aug. 7, 2019, at approximately 12:36 a.m., the Sterling Fire Department and Wayne County Sheriff’s Office responded to the home in reference to a fire and explosion. The Ohio State Fire Marshal later determined the cause of the fire was incendiary in nature. In addition to starting the fire, Frase spray-painted what appeared to be racial disparities on her own garage and vandalized her neighbor’s vehicle.

On Aug. 11, 2019, between 9:30 and 10 p.m., Frase returned to her home and again spray-painted hate speech on her own garage. When a sheriff’s deputy responded and discovered the words, Frase told the deputy that she saw two suspicious individuals running through the field behind her property. Three days later, on Aug. 14, Frase called authorities again after she placed a stuffed doll painted black with a noose tied around its neck in her own mailbox. On Aug. 23, she once again contacted law enforcement to report that she found an envelope at her residence while walking around the property that had a racial slur written on it and inside was a plastic bag filled with an unknown white substance and the word “die.”

From Nov. 1, 2019 to June 17, 2020, the insurance company mailed four checks to Frase for property losses and damages which she accepted. She was later charged with four counts of mail fraud for attempting to swindle money from the homeowner’s insurance company through intentionally deceptive actions.

This case was investigated by the FBI Cleveland Division, Wayne County Sheriff’s Office, and Ohio’s Division of State Fire Marshal. Assistant U.S. Attorney Scott Zarzycki for the Northern District of Ohio prosecuted the case.

MIL Security OSI –

February 20, 2025
MIL-OSI Security: Federal Grand Jury in Louisville Indicts 3 Illegal Aliens

Source: Office of United States Attorneys

Louisville, KY – A federal grand jury in Louisville, Kentucky, returned indictments on February 19, 2025, charging 3 illegal aliens with federal criminal offenses.

U.S. Attorney Michael A. Bennett of the Western District of Kentucky, Special Agent in Charge Michael E. Stansbury of the FBI Louisville Field Office, Special Agent in Charge Rana Saoud of Homeland Security Investigations, Nashville, Police Chief Mike Canon of the Calvert City Police Department, and Sam Olson, Field Office Director for Enforcement and Removal Operations (ERO) Chicago, U.S. Immigration Customs Enforcement made the announcement.

According to the indictments:

Juan Baltazar Felipe-Pedro, age 26, a citizen of Guatemala, was charged with reentry after deportation or removal. On or about January 23, 2025, Felipe-Pedro was an alien found in the United States after having been denied admission, excluded, deported, and removed from the United States on or about April 25, 2019. If convicted he faces a maximum sentence of 2 years in prison. This case is being investigated by HSI and ICE/ERO.

Jhoandiris Jimenez-Barrio, age 26, and Yirvel Yonaker Rios-Castro, age 20, citizens of Venezuela, were indicted for conspiracy to commit bank larceny and attempted bank larceny. On or about January 31, 2025, they conspired with each other and others to break into and steal money from an automated teller machine (ATM). They traveled to a bank in Calvert City, Kentucky and attempted to open an ATM to steal money. Homeland Security Investigations verified that Jimenez-Barrio and Rios-Castro are Venezuelan and entered the United States illegally. If convicted, the men face a maximum sentence of 50 years in prison. The case is being investigated by the FBI, Calvert City Police Department, and HSI.

A federal district court judge will determine any sentence after considering the sentencing guidelines and other statutory factors.

There is no parole in the federal system.

Assistant U.S. Attorneys A. Spencer McKiness, Seth Hancock, and Raymond McGee are prosecuting the cases.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

###

MIL Security OSI –

February 20, 2025
MIL-OSI Security: New Orleans Man Guilty of Commodity Exchange Act Violation

Source: Office of United States Attorneys

NEW ORLEANS, LA – Acting U.S. Attorney Michael M. Simpson announced today that MICHAEL BRIAN DEPETRILLO, (“DEPETRILLO”), age 43, from New Orleans, pled guilty on February 18, 2025 to violating the Commodity Exchange Act, in violation of Title 7, United States Code, Section 13(a). DEPETRILLO faces up to ten (10) years imprisonment, up to three (3) years of supervised release, up to a $1,000,000.00 fine, plus the amount of any proceeds, and a mandatory $100 special assessment fee.

According to court documents, DEPETRILLO was not properly registered as a Commodity Pool Operator (“CPO”) or an Associated Person (“AP”) of a CPO with the United States Commodity Futures Trading Commission (“CFTC”). DEPETRILLO, through various companies including, Meteor, LLC; NOLA FX Capital Management, LLC; ELC Enterprise Solutions, LLC; and Argosapolis, LLC, acted as a CPO and AP of a CPO and embezzled client funds in violation of federal law. DEPETRILLO, while acting as an AP of unregistered CPOs, represented to victim investors that their funds would be pooled and invested in the NOLA FX FUND, that, in turn, would be used to trade foreign currency pairs on a leveraged, margined, or financed basis (“retail forex”).

DEPETRILLO told investors that pooling their funds would be beneficial to them. DEPETRILLO further represented, to certain investors, that either METEOR or NOLA FX CAPITAL managed the NOLA FX FUND. In at least one representation, however, DEPETRILLO identified “NOLA FX Capital,” not the NOLA FX FUND, as the pooled investment vehicle. DEPETRILLO lured investors by claiming he was investing their funds by trading in the foreign currency exchange, gold futures options, stocks, and cryptocurrency. Instead of trading as promised, DEPETRILLO misappropriated pool funds. DEPETRILLO then used these misappropriated pool funds to pay approximately $3,700,000 in “returns” to prior investors; approximately $575,000 on his own personal investments; approximately $425,000 on rent; approximately $200,000 on private air travel; and approximately $300,000 on online gambling, among other personal expenses. To conceal DEPETRILLO’s misappropriation, he created and issued fictitious account statements in the names NOLA FX FUND and NOLA FX CAPITAL. The fictitious account statements purported to show that: (1) DEPETRILLO had traded forex using pool participant funds, and (2) the NOLA FX FUND and NOLA FX CAPITAL had achieved significant trading returns for pool participants because of his profitable forex trading. In fact, DEPETRILLO never deposited pool participant funds into trading accounts belonging to NOLA FX FUND or NOLA FX CAPITAL, and he never achieved the trading returns represented on the false account statements. DEPETRILLO also did not set up the forex pool in the manner required by the regulations, did not receive pool participant funds in the name of the forex pool, and commingled pool participant funds with his own funds. DEPETRILLO took in approximately $9.2 million in investor funds from approximately 55 victim investors during a seven-year period.

Sentencing in this matter is scheduled for May 25, 2025, before United States District Judge Jay C. Zainey.

The case is being investigated by the Federal Bureau of Investigation (“FBI”). The FBI is seeking information that may help identify potential victims of DEPETRILLO’s fraudulent scheme. FBI encourages the public to report any information to http://fbi.gov/depetrillovictims.

The prosecution of this case is being handled by Assistant United States Attorneys Kathryn McHugh of the Financial Crimes Unit and Brian M. Klebba, Chief of the Financial Crimes Unit.

MIL Security OSI –

February 20, 2025
MIL-OSI Africa: Community engagement in the fight against cholera in Angola: Mr Celestino Mbambali – “The Lifesaver”

Source: Africa Press Organisation – English (2) – Report:

BRAZZAVILLE, Congo (Republic of the), February 19, 2025/APO Group/ —

For more than twenty-five years of volunteering in his community, 55-year-old Celestino Mbambali has witnessed countless health emergencies, including cholera outbreaks. A qualified nurse by profession, he was always concerned about the lack of a health center in his neighborhood and, driven by his commitment to his neighbors, decided to take action. In the improvised space he built next to his house, he assists his neighbors on a daily basis, ensuring that they have access to first aid without having to travel long distances.

In front of the modest sheet metal structure he built with his own hands, Celestino says: “Here, neighbors are family. Taking care of my community is a duty and a pleasure. From malaria cases to diarrheal diseases, I’m always available to help.”

A resident of the Ngueto Maka neighborhood, in the municipality of Cabiri, Icolo e Bengo province, Celestino has become a health reference for his neighbors and is affectionately referred to as the “life saver” of his neighborhood. When he heard about the cholera outbreak on the radio, Celestino began a tireless door-to-door awareness campaign with his patients, warning them about the importance of drinking treated water, hand hygiene and safe food handling. With 512 cases and 19 deaths recorded by February 17 in his province, Celestino has become an essential partner in epidemiological surveillance, promptly reporting suspected cases to the health authorities.

“So far, I’ve assisted 16 suspected cases of cholera, 10 of which have been confirmed. Thanks to the support of the health authorities, all the patients have had prompt access to treatment and have returned home alive.”

The efforts of Celestino and other community volunteers have been essential at a critical time for Angola, which is facing a cholera outbreak in ten provinces, with a total of 4,235 cases and 150 deaths. “With his quick action and proximity to the community, we’ve managed to greatly reduce the risk of cholera deaths. Whenever he notifies us of a suspected case, we immediately send the ambulance to ensure the patient is brought for the necessary treatment. Collaboration with community volunteers has been essential in saving lives, especially in places that are further away from health facilities.’’ Says Dr. Santos, Municipal Health Director of Catete.

The fight against cholera is not an individual one, and Celestino also has the support of community development agents (ADECOs) who reinforce social mobilization. With the support of The World Health Organization (WHO), as part of the response to the outbreak, door-to-door awareness-raising activities, educational sessions and the distribution of information materials on the prevention of the disease have been promoted throughout the country, reinforcing families’ awareness of safe hygiene and sanitation practices.

The WHO has played a key role in responding to the cholera outbreak in Angola, collaborating closely with the Ministry of Health (MINSA), Ministry of Water and Energy and the Provincial Health Office to contain the spread of the disease. ‘‘With a community-based approach, WHO has facilitated the implementation of the National Cholera Response Plan, mobilizing human and material resources to the affected provinces and reinforcing epidemiological monitoring, which is essential for containing the outbreak.’’ says Dr Zabulon Yoti, WHO Representative in Angola.

In addition, community mobilizers have been trained in effective communication strategies on hygiene, sanitation and early case detection. Thanks to this coordination, rapid responses have enabled suspected cases to be identified, referred to and treated quickly.

Celestino Mbambali’s story demonstrates the impact an individual can have on protecting their community, but it also highlights the importance of the coordinated response between local authorities, international organizations and civil society. With collective work, solidarity and awareness, it is possible to save lives and defeat cholera.

“I’m relieved to know that we have life saver in our neighborhood. When I started having symptoms, I was quickly helped by Mr. Celestino and transferred to the hospital. After two difficult weeks, I was finally able to return home, healthy and grateful for everything they did for me.’’ Fernando Alberto, one of the patients who successfully recovered, says with emotion.

In the context of this public health emergency, the Ministry of Health, with the support of the WHO, the United Nations Children’s Fund (UNICEF) and the World Bank, carried out a reactive vaccination campaign from 3 to 7 February 2025 to immunize around 930,000 people aged one year and above in the provinces most affected by cholera, namely Luanda, Bengo and Icolo e Bengo. The oral cholera vaccine is being used to compliment other preventive measures including improving access to safe water, addressing sanitation and hygiene gaps.

MIL OSI Africa –

February 20, 2025
MIL-OSI Security: 14 members of Bandidos motorcycle gang indicted for offenses including racketeering, assault and murder

Source: Office of United States Attorneys

HOUSTON – A 22-count indictment has been unsealed in the Southern District of Texas (SDTX) following an operation targeting multiple members of an allegedly violent, transnational motorcycle gang in the Houston metropolitan area.

Current and former members of the Bandidos Outlaw Motorcycle Gang and Mascareros Motorcycle Club are charged for their alleged roles in a criminal enterprise engaged in violent criminal activity in and around Houston. The Mascareros is a support club of the Bandidos.

Several of those are expected to make their initial appearance before U.S. Magistrate Judge Dena Hanovice Palermo at 2 p.m. Feb. 20.

A federal grand jury returned an indictment Feb. 11 against 14 members and associates of the Bandidos outlaw motorcycle gang accusing them of various crimes, to include engaging in a conspiracy to commit racketeering activity and committing violent crimes in furtherance of the gang such as murder, attempted murder and assault. The indictment alleges the Bandidos are a self-identified “outlaw” motorcycle organization with a membership of approximately 1,500 to 2,000 in the United States and an additional 1,000 to 1,500 members internationally, including in Mexico.

“Ensuring the safety of the public is SDTX’s paramount concern,” said U.S. Attorney Nicholas J. Ganjei. “The indictment here not only alleges shocking crimes of violence, but also alleges that these offenses were committed openly and wantonly, where any innocent member of the public could have been hurt or killed.”

“Today’s indictment is an important step in eliminating the Bandidos Outlaw Motorcycle Gang,” said Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division. “The Bandidos declare war on rivals—and they wage that war on our streets. Criminal behavior like this has no place in America, and the Department of Justice is fully committed to bringing peace back to our communities.”

The indictment alleges that beginning in 2019, a violent turf war erupted between the Bandidos and B*EAST, a rival outlaw motorcycle gang in the Houston area. As part of this turf war, Bandidos national leadership allegedly put out a “smash on site” order to commit physical assaults, including murder, against B*EAST members. The turf war has resulted in gunfire exchanged on public roadways and in public establishments with innocent civilians present, according to the charges.

John M. Pfeffer aka Big John, 32, Darvi Hinojosa aka 10 Round, 35, Bradley Rickenbacker aka Dolla Bill, 37, all of Katy; Michael H. Dunphy aka Money Mike, 57, Cleveland; Christopher Sanchez aka Monster, 40, Tomball; and Brandon K. Hantz aka Loco and Gun Drop, 33, Crosby; are charged with conspiracy to commit racketeering activity. Pfeffer, Dunphy, Hinojosa, Rickenbacker and Sanchez are further charged with multiple counts of assault in aid of racketeering. Pfeffer, Hinojosa, Rickenbacker and Sanchez are also charged with using a firearm during and in relation to a crime of violence, while Sanchez faces charges of being a felon in possession of a firearm. Hantz is also charged with arson.

Pfeffer, Hinojosa, Rickenbacker and Sanchez each face up to life in prison if convicted, while Dunphy and Hantz each face up to 20 years on each of their counts upon conviction.

The indictment also charges David Vargas aka Brake Check and First Time, 33, Houston, with murder in aid of racketeering; using a firearm during and in relation to a crime of violence resulting in death; attempted murder in aid of racketeering; and using, carrying, brandishing, discharging and possessing a firearm during and in relation to the attempted murders. All those charges relate to the killing of a rival and the shooting of two others. Murder in aid of racketeering carries a mandatory life sentence or the death penalty, if convicted.

Further, Pfeffer and Rickenbacker are also charged with assault in aid of racketeering and using a firearm during and in relation to a crime of violence along with Marky Baker aka Pinche Guero and Guero, 40, Ronnie McCabe aka Meathead, 56, and Jeremy Cox aka JD, 37, all of Houston; Roy Gomez aka Repo, 50, Richmond; and Marcel Lett, 56, Pearland. These charges are in relation to an alleged assault and robbery that resulted in the death of a rival. If convicted, they face up to life in prison.

Hinojosa is also charged along with John Sblendorio aka Tech9, 54, Houston, with conspiracy to commit murder in aid of racketeering, attempted murder in aid of racketeering, assault in aid of racketeering and using a firearm during and in relation to a crime of violence in connection with the shooting of a rival gang member. Hinojosa is also charged with conspiracy to distribute cocaine and three counts of possession with intent to distribute cocaine. Sblendorio and Hinojosa each face up to life in prison, if convicted.

In addition, Sean G. Christison, aka Skinman, 30, Katy, is charged with possession with intent to distribute cocaine and possession of a firearm in furtherance of a drug trafficking crime. He faces a maximum penalty of life imprisonment.

The FBI, Texas Board of Criminal Justice – Office of Inspector General, Texas Department of Public Safety and Montgomery County Sheriff’s Office conducted the Organized Crime Drug Enforcement Task Forces (OCDETF) investigation with the assistance of Harris County Sheriff’s Office; Houston and Pasadena Police Departments; Texas Alcoholic Beverage Commission; LaMarque and Katy Police Departments; U.S. Marshals Service; Bureau of Alcohol, Tobacco, Firearms and Explosives; and the Cypress-Fairbanks Independent School District Police Department.

OCDETF identifies, disrupts and dismantles the highest-level drug traffickers, money launderers, gangs and transnational criminal organizations that threaten the United States by using a prosecutor-led, intelligence-driven, multi-agency approach that leverages the strengths of federal, state and local law enforcement agencies against criminal networks. Additional information about the OCDETF Program can be found on the Department of Justice’s OCDETF webpage.

This case is being prosecuted as part of the joint federal, state and local Project Safe Neighborhoods (PSN) Program, the centerpiece of the Department of Justice’s violent crime reduction efforts. PSN is an evidence-based program proven to be effective at reducing violent crime. Through PSN, a broad spectrum of stakeholders work together to identify the most pressing violent crime problems in the community and develop comprehensive solutions to address them. As part of this strategy, PSN focuses enforcement efforts on the most violent offenders and partners with locally based prevention and reentry programs for lasting reductions in crime.

Assistant U.S. Attorneys Byron H. Black and Kelly Zenón-Matos of the Southern District of Texas are prosecuting the case in partnership with Trial Attorneys Grace H. Bowen and Christopher Taylor of the Department of Justice’s Criminal Division – Violent Crime and Racketeering Section.

An indictment is a formal accusation of criminal conduct, not evidence. A defendant is presumed innocent unless convicted through due process of law.

MIL Security OSI –

February 20, 2025
MIL-OSI Security: Detroit Man Sentenced To Over Four Years in Federal Prison For Participating In Multi-State Pandemic Unemployment Insurance Fraud Scheme

Source: Office of United States Attorneys

DETROIT – A man from Detroit, Michigan was sentenced today for his role in a multi-state, million-dollar unemployment insurance fraud scheme aimed at defrauding the U.S. government and the states of Michigan, Pennsylvania, and Maryland, of funds earmarked for unemployment assistance during the COVID-19 pandemic, announced Acting United States Attorney Julie A. Beck.

Joining in the announcement were Special Agent in Charge Cheyvoryea Gibson, Federal Bureau of Investigation, Special Agent in Charge Charles Miller, Internal Revenue Service-Criminal Investigation, and Megan Howell, Acting Special Agent in Charge, Chicago Region, U.S. Department of Labor Office of Inspector General.

Tracey Dotson, 49, was sentenced to 51 months in prison and ordered to pay more than $900,000 in restitution in the sentence handed down by United States District Judge Matthew F. Leitman.

According to court records, Dotson and a co-defendant conspired to, and did, defraud the federal government and the states of Michigan, Pennsylvania, and Maryland of roughly $1 million in funds intended to support individuals who had lost their jobs during the COVID-19 pandemic. The pair committed their crimes through the use of interstate wires and the unauthorized possession and use of social security numbers and other means of identification belonging to other individuals.

Dotson pleaded guilty to wire fraud and conspiracy to commit wire fraud in April 2024. Dotson and his co-defendant, using stolen personal identification, filed hundreds of false unemployment claims with state unemployment insurance agencies in Michigan, Pennsylvania, and Maryland in the names of other individuals without their knowledge or consent. The defendants then received hundreds of Bank of America prepaid debit cards in the names of those individuals loaded with roughly $1 million in Pandemic Unemployment Assistance funds at addresses in Michigan and Pennsylvania. Dotson, his co-defendant, and their accomplices then successfully unloaded more than $930,000 from the cards via cash withdrawals and purchases that included high-end jewelry, designer fashion accessories by Gucci and Louis Vuitton, drugs, at least one vehicle, and at least one firearm.

“Taxpayer unemployment assistance funds diverted to the pockets of criminals during the pandemic resulted in fewer resources that were available for those genuinely in need at that challenging time,” said Acting U.S. Attorney Julie Beck. “Our office is steadfast in its commitment to bringing those to justice who used a global health crisis as a means to illegally line their own pockets at the expense of taxpayers. “

“This sentence underscores the FBI’s commitment to investigating complex financial crimes,” said Cheyvoryea Gibson, Special Agent in Charge of the FBI in Michigan. “We will not tolerate the greed and selfish conduct demonstrated by those who chose to defraud the unemployment insurance system, especially when we faced an unprecedented global pandemic. The FBI and our federal partners remain steadfast in holding criminals accountable and protecting government assistance programs. The pandemic may be in our rearview mirrors, but our investigations continue to move forward in the name of justice.”

“Individuals who commit such blatant unemployment insurance fraud and identity theft of this magnitude deserve to be punished to the fullest extent of the law,” said Charles Miller, Special Agent in Charge, Detroit Field Office, IRS Criminal Investigation. “Tracey Dotson and his co-conspirator took advantage of a program intended to help those in need get through a devastating global pandemic, exposed personal identity information of many, and caused immeasurable hardship to innocent victims. IRS Criminal Investigation remains committed to the pursuit of pandemic fraud and identity theft, together with our partners at the U.S. Attorney’s Office, we will hold those who engage in similar conduct accountable.”

“Tracey Dotson and his co-conspirator defrauded multiple state workforce agencies by using stolen identities to obtain unemployment insurance (UI) benefits. As a result, he stole vital taxpayer resources intended for unemployed American workers in dire need of UI benefits. Today’s sentencing affirms the Office of Inspector General’s commitment to work with our law enforcement partners to investigate and bring to justice those who exploit this critical benefit program,” said Megan Howell, Acting Special Agent-in-Charge, Great Lakes Region, U.S. Department of Labor, Office of Inspector General.

This case was prosecuted by Assistant United States Attorneys Carl D. Gilmer-Hill and Jessica A. Nathan. The investigation was conducted jointly by the Federal Bureau of Investigation, Internal Revenue Service – Criminal Investigation, and Department of Labor, Office of Inspector General.

MIL Security OSI –

February 20, 2025
MIL-OSI Security: Financial TV News Analyst-Turned-Fugitive Agrees to Plead Guilty to Federal Charge for Conning Investors Out of Millions of Dollars

Source: Office of United States Attorneys

LOS ANGELES – A former San Gabriel Valley resident – who was a frequent guest on financial television news programs then became a fugitive from justice after being accused of scamming investors – has agreed to plead guilty to defrauding his victims out of at least $2.7 million, the Justice Department announced today.

James Arthur McDonald Jr., 53, formerly of Arcadia, has agreed to plead guilty to one count of securities fraud, a felony that carries a statutory maximum sentence of 20 years in federal prison.

McDonald has been in federal custody since June 2024, when he was arrested in a residence in Port Orchard, Washington, after being a fugitive since November 2021, when he failed to appear before the United States Securities and Exchange Commission (SEC) to testify after allegations arose that he had defrauded investors.

According to his plea agreement, at McDonald’s Washington state hideout, law enforcement found, among other things, a fake Washington, D.C., driver’s license bearing McDonald’s photograph and the name “Brian Thomas.”

McDonald was the CEO and chief investment officer of two companies headquartered in Los Angeles: Hercules Investments LLC and Index Strategy Advisors Inc. (ISA). He frequently appeared as an analyst on the CNBC financial television news network.

In late 2020, McDonald lost tens of millions of dollars of Hercules client money after adopting a risky short position that effectively bet against the health of the United States economy in the aftermath of the U.S. presidential election. McDonald projected that the COVID-19 pandemic and the election would result in major selloffs that would cause the stock market to drop. When the market decline didn’t occur, Hercules clients lost between $30 million and $40 million. By December 2020, Hercules clients were complaining to company employees about the losses in their accounts, according to court documents.

In early 2021, McDonald solicited millions of dollars’ worth of funds from investors in the form of a purported capital raise for Hercules but misrepresented how the funds would be used and failed to disclose the massive losses Hercules previously sustained. As part of the capital raise, McDonald obtained $675,000 in investment funds from one victim group on March 9, 2021. He misappropriated most of those funds in various ways, including spending $174,610 at a Porsche dealership and transferring $109,512 to the landlord of a home McDonald was renting in Arcadia.

McDonald also defrauded clients of ISA, his other firm, using less than half of the approximately $3.6 million he raised for trading purposes. Instead, McDonald frequently commingled ISA client funds with funds from his personal bank account, which he used to purchase luxury cars and to pay rent on his home, personal credit card charges, and Hercules operating expenses and to make Ponzi-like payments to ISA clients — that is, paying some ISA clients using funds from other clients.

In total, McDonald caused losses of between approximately $2,745,892 and approximately $3,025,892, according to his plea agreement.

The FBI and IRS Criminal Investigation are investigating this matter.

In September 2022, the SEC filed a civil complaint charging McDonald and Hercules with violations of federal securities law. In April 2024, United States District Judge Percy Anderson found McDonald and Hercules liable and ordered that they pay several million dollars in disgorgement and civil penalties.

Assistant United States Attorneys Alexander B. Schwab and Nisha Chandran of the Corporate and Securities Fraud Strike Force are prosecuting this case.

MIL Security OSI –

February 20, 2025
MIL-OSI USA: Fourteen Members and Associates of Violent Transnational Motorcycle Gang Indicted on RICO and Murder Charges

Source: US State of North Dakota

An indictment was unsealed today in the Southern District of Texas charging 14 members and associates of the Bandidos Outlaw Motorcycle Gang for their alleged roles in a criminal enterprise engaged in murder, robbery, arson, narcotics distribution, and witness intimidation in and around Houston.

The indictment accuses the defendants of various crimes, including engaging in a conspiracy to commit racketeering (RICO) activity and committing violent crimes in furtherance of the gang such as murder, attempted murder, and assault. The indictment alleges that the Bandidos are a self-identified “outlaw” motorcycle organization with a membership of approximately 1,500 to 2,000 in the United States and an additional 1,000 to 1,500 members internationally, including in Mexico.

“Today’s indictment is an important step in eliminating the Bandidos Outlaw Motorcycle Gang,” said Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division. “The Bandidos declare war on rivals — and they wage that war on our streets. Criminal behavior like this has no place in America, and the Department of Justice is fully committed to bringing peace back to our communities.”

“Ensuring the safety of the public is Southern District of Texas’ paramount concern,” said U.S. Attorney Nicholas J. Ganjei for the Southern District of Texas. “The indictment here not only alleges shocking crimes of violence, but also alleges that these offenses were committed openly and wantonly, where any innocent member of the public could have been hurt or killed.”

According to court documents and statements in court, beginning in 2019, a violent turf war erupted between the Bandidos and B*EAST, a rival outlaw motorcycle gang in the Houston area. As part of this turf war, Bandidos national leadership allegedly put out a “smash on site” order to commit physical assaults, including murder, against B*EAST members. The turf war has resulted in gunfire exchanged on public roadways and in public establishments with innocent civilians present, according to the charges.

John M. Pfeffer, also known as Big John, 32, Darvi Hinojosa, also known as 10 Round, 35, and Bradley Rickenbacker, also known as Dolla Bill, 37, all of Katy, Texas; Michael H. Dunphy, also known as Money Mike, 57, of Cleveland, Texas; Christopher Sanchez, also known as Monster, 40, of Tomball, Texas; and Brandon K. Hantz, also known as Loco and Gun Drop, 33, of Crosby, Texas, are charged with conspiracy to commit racketeering activity. Pfeffer, Dunphy, Hinojosa, Rickenbacker, and Sanchez are further charged with multiple counts of assault in aid of racketeering. Pfeffer, Hinojosa, Rickenbacker, and Sanchez are also charged with using a firearm during and in relation to a crime of violence, while Sanchez faces charges of being a felon in possession of a firearm. Hantz is also charged with arson.

If convicted, Pfeffer, Hinojosa, Rickenbacker, and Sanchez each face a maximum penalty of life in prison, while Dunphy and Hantz each face a maximum penalty of 20 years in prison on each of their counts.

The indictment also charges David Vargas, also known as Brake Check and First Time, 33, of Houston, with murder in aid of racketeering; using a firearm during and in relation to a crime of violence resulting in death; attempted murder in aid of racketeering; and using a firearm during and in relation to the attempted murders. All those charges relate to the killing of a rival and the shooting of two others. If convicted, Vargas faces a mandatory penalty of life in prison or the death penalty.

Further, Marky Baker, also known as Pinche Guero and Guero, 40; Ronnie McCabe, also known as Meathead, 56; and Jeremy Cox, also known as JD, 37, all of Houston; Roy Gomez, also known as Repo, 50, of Richmond, Texas; and Marcel Lett, 56, of Pearland, Texas, are charged along with Pfeffer and Rickenbacker with assault in aid of racketeering and using a firearm during and in relation to a crime of violence. These charges are in relation to an alleged assault and robbery that resulted in the death of a rival. If convicted, they each face a maximum penalty of life in prison.

Hinojosa is also charged along with John Sblendorio, also known as Tech9, 54, of Houston, with conspiracy to commit murder in aid of racketeering, attempted murder in aid of racketeering, assault in aid of racketeering, and using a firearm during and in relation to a crime of violence in connection with the shooting of a rival gang member. Hinojosa is also charged with conspiracy to distribute cocaine and three counts of possession with intent to distribute cocaine. If convicted, Sblendorio and Hinojosa each face a maximum penalty of life in prison.

In addition, Sean G. Christison, also known as Skinman, 30, of Katy, is charged with possession with intent to distribute cocaine and possession of a firearm in furtherance of a drug trafficking crime. He faces a maximum penalty of life in prison.

For all defendants, a federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

The FBI, Texas Board of Criminal Justice — Office of Inspector General, Texas Department of Public Safety, and Montgomery County Sheriff’s Office conducted the investigation, with assistance from the Harris County Sheriff’s Office; Houston and Pasadena Police Departments; Texas Alcoholic Beverage Commission; LaMarque and Katy Police Departments; U.S. Marshals Service; Bureau of Alcohol, Tobacco, Firearms and Explosives; and Cypress-Fairbanks Independent School District Police Department.

Trial Attorneys Grace H. Bowen and Christopher Taylor of the Criminal Division’s Violent Crime and Racketeering Section and Assistant U.S. Attorneys Byron H. Black and Kelly Zenón-Matos for the Southern District of Texas are prosecuting the case.

This investigation was part of an Organized Crime Drug Enforcement Task Forces (OCDETF) operation. OCDETF identifies, disrupts and dismantles the highest-level drug traffickers, money launderers, gangs and transnational criminal organizations that threaten the United States by using a prosecutor-led, intelligence-driven, multi-agency approach that leverages the strengths of federal, state and local law enforcement agencies against criminal networks. Additional information about the OCDETF Program can be found on the Justice Department’s OCDETF webpage.

This case is being prosecuted as part of the joint federal, state and local Project Safe Neighborhoods (PSN) Program, the centerpiece of the Justice Department’s violent crime reduction efforts. PSN is an evidence-based program proven to be effective at reducing violent crime. Through PSN, a broad spectrum of stakeholders work together to identify the most pressing violent crime problems in the community and develop comprehensive solutions to address them. As part of this strategy, PSN focuses enforcement efforts on the most violent offenders and partners with locally based prevention and reentry programs for lasting reductions in crime. For more information about PSN, please visit www.justice.gov/psn.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

MIL OSI USA News –

February 20, 2025
MIL-OSI USA: CISA and Partners Release Advisory on Ghost (Cring) Ransomware

News In Brief – Source: US Computer Emergency Readiness Team

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations.

Ghost actors conduct these widespread attacks targeting and compromising organizations with outdated versions of software and firmware on their internet facing services. These malicious ransomware actors are known to use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) where available patches have not been applied to gain access to internet facing servers. The known CVEs are CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207.

CISA encourages network defenders to review this advisory and apply the recommended mitigations. See #StopRansomware and the #StopRansomware Guide for additional guidance on ransomware protection, detection, and response. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including added recommended baseline protections.

MIL OSI USA News –

February 20, 2025

MIL-OSI USA: #StopRansomware: Ghost (Cring) Ransomware

News In Brief – Source: US Computer Emergency Readiness Team

Summary

Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)—(“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025.

Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware. This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.

Ghost actors rotate their ransomware executable payloads, switch file extensions for encrypted files, modify ransom note text, and use numerous ransom email addresses, which has led to variable attribution of this group over time. Names associated with this group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture. Samples of ransomware files Ghost used during attacks are: Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.

Ghost actors use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) and gain access to internet facing servers. Ghost actors exploit well known vulnerabilities and target networks where available patches have not been applied.

The FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Ghost ransomware incidents.

Download the PDF version of this report:

For a downloadable copy of IOCs, see:

Technical Details

Note: This advisory uses the MITRE ATT&CK^® Matrix for Enterprise framework, version 16.1. See the MITRE ATT&CK Tactics and Techniques section of this advisory for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques.

Initial Access

The FBI has observed Ghost actors obtaining initial access to networks by exploiting public facing applications that are associated with multiple CVEs [T1190]. Their methodology includes leveraging vulnerabilities in Fortinet FortiOS appliances (CVE-2018-13379), servers running Adobe ColdFusion (CVE-2010-2861 and CVE-2009-3960), Microsoft SharePoint (CVE-2019-0604), and Microsoft Exchange (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207— commonly referred to as the ProxyShell attack chain).

Execution

Ghost actors have been observed uploading a web shell [T1505.003] to a compromised server and leveraging Windows Command Prompt [T1059.003] and/or PowerShell [T1059.001] to download and execute Cobalt Strike Beacon malware [T1105] that is then implanted on victim systems. Despite Ghost actors’ malicious implementation, Cobalt Strike is a commercially available adversary simulation tool often used for the purposes of testing an organization’s security controls.

Persistence

Persistence is not a major focus for Ghost actors, as they typically only spend a few days on victim networks. In multiple instances, they have been observed proceeding from initial compromise to the deployment of ransomware within the same day. However, Ghost actors sporadically create new local [T1136.001] and domain accounts [T1136.002] and change passwords for existing accounts [T1098]. In 2024, Ghost actors were observed deploying web shells [T1505.003] on victim web servers.

Privilege Escalation

Ghost actors often rely on built in Cobalt Strike functions to steal process tokens running under the SYSTEM user context to impersonate the SYSTEM user, often for the purpose of running Beacon a second time with elevated privileges [T1134.001].

Ghost actors have been observed using multiple open-source tools in an attempt at privilege escalation through exploitation [T1068] such as “SharpZeroLogon,” “SharpGPPPass,” “BadPotato,” and “GodPotato.” These privilege escalation tools would not generally be used by individuals with legitimate access and credentials.

See Table 1 for a descriptive listing of tools.

Credential Access

Ghost actors use the built in Cobalt Strike function “hashdump” or Mimikatz [T1003] to collect passwords and/or password hashes to aid them with unauthorized logins and privilege escalation or to pivot to other victim devices.

Defense Evasion

Ghost actors used their access through Cobalt Strike to display a list of running processes [T1057] to determine which antivirus software [T1518.001] is running so that it can be disabled [T1562.001]. Ghost frequently runs a command to disable Windows Defender on network connected devices. Options used in this command are: Set-MpPreference -DisableRealtimeMonitoring 1 -DisableIntrusionPreventionSystem 1 -DisableBehaviorMonitoring 1 -DisableScriptScanning 1 -DisableIOAVProtection 1 -EnableControlledFolderAccess Disabled -MAPSReporting Disabled -SubmitSamplesConsent NeverSend.

Discovery

Ghost actors have been observed using other built-in Cobalt Strike commands for domain account discovery [T1087.002], open-source tools such as “SharpShares” for network share discovery [T1135], and “Ladon 911” and “SharpNBTScan” for remote systems discovery [T1018]. Network administrators would be unlikely to use these tools for network share or remote systems discovery.

Lateral Movement

Ghost actors used elevated access and Windows Management Instrumentation Command-Line (WMIC) [T1047] to run PowerShell commands on additional systems on the victim network— often for the purpose of initiating additional Cobalt Strike Beacon infections. The associated encoded string is a base 64 PowerShell command that always begins with: powershell -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIA… [T1132.001][T1564.003].

This string decodes to “$s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(“” and is involved with the execution of Cobalt Strike in memory on the target machine.

In cases where lateral movement attempts are unsuccessful, Ghost actors have been observed abandoning an attack on a victim.

Exfiltration

Ghost ransom notes often claim exfiltrated data will be sold if a ransom is not paid. However, Ghost actors do not frequently exfiltrate a significant amount of information or files, such as intellectual property or personally identifiable information (PII), that would cause significant harm to victims if leaked. The FBI has observed limited downloading of data to Cobalt Strike Team Servers [T1041]. Victims and other trusted third parties have reported limited uses of Mega.nz [T1567.002] and installed web shells for similar limited data exfiltration. Note: The typical data exfiltration is less than hundreds of gigabytes of data.

Command and Control

Ghost actors rely heavily on Cobalt Strike Beacon malware and Cobalt Strike Team Servers for command and control (C2) operations, which function using hypertext transfer protocol (HTTP) and hypertext transfer protocol secure (HTTPS) [T1071.001]. Ghost rarely registers domains associated with their C2 servers. Instead, connections made to a uniform resource identifier (URI) of a C2 server, for the purpose of downloading and executing Beacon malware, directly reference the C2 server’s IP address. For example, http://xxx.xxx.xxx.xxx:80/Google.com where xxx.xxx.xxx.xxx represents the C2 server’s IP address.

For email communication with victims, Ghost actors use legitimate email services that include traffic encryption features. [T1573] Some examples of emails services that Ghost actors have been observed using are Tutanota, Skiff, ProtonMail, Onionmail, and Mailfence.

Note: Table 2 contains a list of Ghost ransom email addresses.

Impact and Encryption

Ghost actors use Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe, which are all ransomware executables that share similar functionality. Ghost variants can be used to encrypt specific directories or the entire system’s storage [T1486]. The nature of executables’ operability is based on command line arguments used when executing the ransomware file. Various file extensions and system folders are excluded during the encryption process to avoid encrypting files that would render targeted devices inoperable.

These ransomware payloads clear Windows Event Logs [T1070.001], disable the Volume Shadow Copy Service, and delete shadow copies to inhibit system recovery attempts [T1490]. Data encrypted with Ghost ransomware variants cannot be recovered without the decryption key. Ghost actors hold the encrypted data for ransom and typically demand anywhere from tens to hundreds of thousands of dollars in cryptocurrency in exchange for decryption software [T1486].

The impact of Ghost ransomware activity varies widely on a victim-to-victim basis. Ghost actors tend to move to other targets when confronted with hardened systems, such as those where proper network segmentation prevents lateral moment to other devices.

Indicators of Compromise (IOC)

Table 1 lists several tools and applications Ghost actors have used for their operations. The use of these tools and applications on a network should be investigated further.

Note: Authors of these tools generally state that they should not be used in illegal activity.

*Table 1: Tools Leveraged by Ghost Actors*
Name	Description	Source
Cobalt Strike	Cobalt Strike is penetration testing software. Ghost actors use an unauthorized version of Cobalt Strike.	N/A
IOX	Open-source proxy, used to establish a reverse proxy to a Ghost C2 server from an internal victim device.	github[.]com/EddieIvan01/iox
SharpShares.exe	SharpShares.exe is used to enumerate accessible network shares in a domain. Ghost actors use this primarily for host discovery.	github[.]com/mitchmoser/SharpShares
SharpZeroLogon.exe	SharpZeroLogon.exe attempts to exploit CVE-2020-1472 and is run against a target Domain Controller.	github[.]com/leitosama/SharpZeroLogon
SharpGPPPass.exe	SharpGPPPass.exe attempts to exploit CVE-2014-1812 and targets XML files created through Group Policy Preferences that may contain passwords.	N/A
SpnDump.exe	SpnDump.exe is used to list service principal name identifiers, which Ghost actors use for service and hostname enumeration.	N/A
NBT.exe	A compiled version of SharpNBTScan, a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration.	github[.]com/BronzeTicket/SharpNBTScan
BadPotato.exe	BadPotato.exe is an exploitation tool used for privilege escalation.	github[.]com/BeichenDream/BadPotato
God.exe	God.exe is a compiled version of GodPotato and is used for privilege escalation.	github[.]com/BeichenDream/GodPotato
HFS (HTTP File Server)	A portable web server program that Ghost actors use to host files for remote access and exfiltration.	rejitto[.]com/hfs
Ladon 911	A multifunctional scanning and exploitation tool, often used by Ghost actors with the MS17010 option to scan for SMB vulnerabilities associated with CVE-2017-0143 and CVE-2017-0144.	github[.]com/k8gege/Ladon
Web Shell	A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access.	Slight variation of github[.]com/BeichenDream/Chunk-Proxy/blob/main/proxy.aspx

*Table 2: MD5 File Hashes Associated with Ghost Ransomware Activity*
File name	MD5 File Hash
Cring.exe	c5d712f82d5d37bb284acd4468ab3533
Ghost.exe	34b3009590ec2d361f07cac320671410 d9c019182d88290e5489cdf3b607f982
ElysiumO.exe	29e44e8994197bdb0c2be6fc5dfc15c2 c9e35b5c1dc8856da25965b385a26ec4 d1c5e7b8e937625891707f8b4b594314
Locker.exe	ef6a213f59f3fbee2894bd6734bbaed2
iex.txt, pro.txt (IOX)	ac58a214ce7deb3a578c10b97f93d9c3
x86.log (IOX)	c3b8f6d102393b4542e9f951c9435255 0a5c4ad3ec240fbfd00bdc1d36bd54eb
sp.txt (IOX)	ff52fdf84448277b1bc121f592f753c5
main.txt (IOX)	a2fd181f57548c215ac6891d000ec6b9
isx.txt (IOX)	625bd7275e1892eac50a22f8b4a6355d
sock.txt (IOX)	db38ef2e3d4d8cb785df48f458b35090

Ransom Email Addresses

Table 3 is a subset of ransom email addresses that have been included in Ghost ransom notes.

*Table 3: Ransom Email Addresses*
Email Addresses
asauribe@tutanota.com	ghostbackup@skiff.com	rainbowforever@tutanota.com
cringghost@skiff.com	ghosts1337@skiff.com	retryit1998@mailfence.com
crptbackup@skiff.com	ghosts1337@tuta.io	retryit1998@tutamail.com
d3crypt@onionmail.org	ghostsbackup@skiff.com	rsacrpthelp@skiff.com
d3svc@tuta.io	hsharada@skiff.com	rsahelp@protonmail.com
eternalnightmare@tutanota.com	just4money@tutanota.com	sdghost@onionmail.org
evilcorp@skiff.com	kellyreiff@tutanota.com	shadowghost@skiff.com
fileunlock@onionmail.org	kev1npt@tuta.io	shadowghosts@tutanota.com
fortihooks@protonmail.com	lockhelp1998@skiff.com	summerkiller@mailfence.com
genesis1337@tutanota.com	r.heisler@skiff.com	summerkiller@tutanota.com
ghost1998@tutamail.com	rainbowforever@skiff.com	webroothooks@tutanota.com

Ransom Notes

Starting approximately in August 2024, Ghost actors began using TOX IDs in ransom notes as an alternative method for communicating with victims. For example: EFE31926F41889DBF6588F27A2EC3A2D7DEF7D2E9E0A1DEFD39B976A49C11F0E19E03998DBDA and E83CD54EAAB0F31040D855E1ED993E2AC92652FF8E8742D3901580339D135C6EBCD71002885B.

MITRE ATT&CK Tactics and Techniques

See Table 4 to Table 13 for all referenced threat actor tactics and techniques in this advisory. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, version 16.1, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.

*Table 4: Initial Access*
Technique Title	ID	Use
Exploit Public-Facing Application	T1190	Ghost actors exploit multiple vulnerabilities in public-facing systems to gain initial access to servers.

*Table 5: Execution*
Technique Title	ID	Use
Windows Management Instrumentation	T1047	Ghost actors abuse WMI to run PowerShell scripts on other devices, resulting in their infection with Cobalt Strike Beacon malware.
PowerShell	T1059.001	Ghost actors use PowerShell for various functions including to deploy Cobalt Strike.
Windows Command Shell	T1059.003	Ghost actors use the Windows Command Shell to download malicious content on to victim servers.

*Table 6: Persistence*
Technique Title	ID	Use
Account Manipulation	T1098	Ghost actors change passwords for already established accounts.
Local Account	T1136.001	Ghost actors create new accounts or makes modifications to local accounts.
Domain Account	T1136.002	Ghost actors create new accounts or makes modifications to domain accounts.
Web Shell	T1505.003	Ghost actors upload web shells to victim servers to gain access and for persistence.

*Table 7: Privilege Escalation*
Technique Title	ID	Use
Exploitation for Privilege Escalation	T1068	Ghost actors use a suite of open source tools in an attempt to gain elevated privileges through exploitation of vulnerabilities.
Token Impersonation/Theft	T1134.001	Ghost actors use Cobalt Strike to steal process tokens of processes running at a higher privilege.

*Table 8: Defense Evasion*
Technique Title	ID	Use
Application Layer Protocol: Web Protocols	T1071.001	Ghost actors use HTTP and HTTPS protocols while conducting C2 operations.
Impair Defenses: Disable or Modify Tools	T1562.001	Ghost actors disable antivirus products.
Hidden Window	T1564.003	Ghost actors use PowerShell to conceal malicious content within legitimate appearing command windows.

*Table 9: Credential Access*
Technique Title	ID	Use
OS Credential Dumping	T1003	Ghost actors use Mimikatz and the Cobalt Strike “hashdump” command to collect passwords and password hashes.

*Table 10: Discovery*
Technique Title	ID	Use
Remote System Discovery	T1018	Ghost actors use tools like Ladon 911 and ShapNBTScan for remote systems discovery.
Process Discovery	T1057	Ghost actors run a ps command to list running processes on an infected device.
Domain Account Discovery	T1087.002	Ghost actors run commands such as net group “Domain Admins” /domain to discover a list of domain administrator accounts.
Network Share Discovery	T1135	Ghost actors use various tools for network share discovery for the purpose of host enumeration.
Software Discovery	T1518	Ghost actors use their access to determine which antivirus software is running.
Security Software Discovery	T1518.001	Ghost actors run Cobalt Strike to enumerate running antivirus software.

*Table 11: Exfiltration*
Technique Title	ID	Use
Exfiltration Over C2 Channel	T1041	Ghost actors use both web shells and Cobalt Strike to exfiltrate limited data.
Exfiltration to Cloud Storage	T1567.002	Ghost actors sometimes use legitimate cloud storage providers such as Mega.nz for malicious exfiltration operations.

*Table 12: Command and Control*
Technique Title	ID	Use
Web Protocols	T1071.001	Ghost actors use Cobalt Strike Beacon malware and Cobalt Strike Team Servers which communicate over HTTP and HTTPS.
Ingress Tool Transfer	T1105	Ghost actors use Cobalt Strike Beacon malware to deliver ransomware payloads to victim servers.
Standard Encoding	T1132.001	Ghost actors use PowerShell commands to encode network traffic which reduces their likelihood of being detected during lateral movement.
Encrypted Channel	T1573	Ghost actors use encrypted email platforms to facilitate communications.

*Table 13: Impact*
Technique Title	ID	Use
Data Encrypted for Impact	T1486	Ghost actors use ransomware variants Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe to encrypt victim files for ransom.
Inhibit System Recovery	T1490	Ghost actors delete volume shadow copies.

Mitigations

The FBI, CISA, and MS-ISAC recommend organizations reference their #StopRansomware Guide and implement the mitigations below to improve cybersecurity posture on the basis of the Ghost ransomware activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s CPGs webpage for more information on the CPGs, including additional recommended baseline protections.

Maintain regular system backups that are known-good and stored offline or are segmented from source systems [CPG 2.R]. Ghost ransomware victims whose backups were unaffected by the ransomware attack were often able to restore operations without needing to contact Ghost actors or pay a ransom.
Patch known vulnerabilities by applying timely security updates to operating systems, software, and firmware within a risk-informed timeframe [CPG 1.E].
Segment networks to restrict lateral movement from initial infected devices and other devices in the same organization [CPG 2.F].
Require Phishing-Resistant MFA for access to all privileged accounts and email services accounts.
Train users to recognize phishing attempts.
Monitor for unauthorized use of PowerShell. Ghost actors leverage PowerShell for malicious purposes, although it is often a helpful tool that is used by administrators and defenders to manage system resources. For more information, visit NSA and CISA’s joint guidance on PowerShell best practices.
- Implement the principle of least privilege when granting permissions so that employees who require access to PowerShell are aligned with organizational business requirements.
Implement allowlisting for applications, scripts, and network traffic to prevent unauthorized execution and access [CPG 3.A].
Identify, alert on, and investigate abnormal network activity. Ransomware activity generates unusual network traffic across all phases of the attack chain. This includes running scans to discover other network connected devices, running commands to list, add, or alter administrator accounts, using PowerShell to download and execute remote programs, and running scripts not usually seen on a network. Organizations that can successfully identify and investigate this activity are better able to interrupt malicious activity before ransomware is executed [CPG 3.A].
- Ghost actors run a significant number of commands, scripts, and programs that IT administrators would have no legitimate reason for running. Victims who have identified and responded to this unusual behavior have successfully prevented Ghost ransomware attacks.
Limit exposure of services by disabling unused ports such as, RDP 3398, FTP 21, and SMB 445, and restricting access to essential services through securely configured VPNs or firewalls.
Enhance email security by implementing advanced filtering, blocking malicious attachments, and enabling DMARC, DKIM, and SPF to prevent spoofing [CPG 2.M].

Validate Security Controls

In addition to applying mitigations, the FBI, CISA, and MS-ISAC recommend exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory.

To get started:

Select an ATT&CK technique described in this advisory (see Table 3 to Table 13).
Align your security technologies against the technique.
Test your technologies against the technique.
Analyze your detection and prevention technologies’ performance.
Repeat the process for all security technologies to obtain a set of comprehensive performance data.
Tune your security program, including people, processes, and technologies, based on the data generated by this process.

Reporting

Your organization has no obligation to respond or provide information back to the FBI in response to this joint advisory. If, after reviewing the information provided, your organization decides to provide information to the FBI, reporting must be consistent with applicable state and federal laws.

The FBI is interested in any information that can be shared, to include logs showing communication to and from foreign IP addresses, a sample ransom note, communications with threat actors, Bitcoin wallet information, and/or decryptor files.

Additional details of interest include a targeted company point of contact, status and scope of infection, estimated loss, operational impact, date of infection, date detected, initial attack vector, and host and network-based indicators.

The FBI, CISA, and MS-ISAC do not encourage paying ransom as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Regardless of whether you or your organization have decided to pay the ransom, the FBI and CISA urge you to promptly report ransomware incidents to FBI’s Internet Crime Complain Center (IC3), a local FBI Field Office, or CISA via the agency’s Incident Reporting System or its 24/7 Operations Center (report@cisa.gov) or by calling 1-844-Say-CISA (1-844-729-2472).

Disclaimer

The information in this report is being provided “as is” for informational purposes only. The FBI, CISA, and MS-ISAC do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the FBI, CISA, and the MS-ISAC.

Version History

February 19, 2025: Initial version.

MIL OSI USA News –

February 20, 2025

Media relations	Investor relations
Richard Mackillican	Yves Cormier
+31(0) 6 27411546	+31(0) 70 344 8028
richard.mackillican@aegon.com	yves.cormier@aegon.com

Category: Intelligence Agencies

What are the threats?

Are our laws ready to deal with this?

Room for improvement

The Rupantar project

Diversification pathways

Climate-smart innovation

Participant perspectives

Improved water management

Summary

Technical Details

Initial Access

Execution

Persistence

Privilege Escalation

Credential Access

Defense Evasion

Discovery

Lateral Movement

Exfiltration

Command and Control

Impact and Encryption

Indicators of Compromise (IOC)

Ransom Email Addresses

Ransom Notes

MITRE ATT&CK Tactics and Techniques

Mitigations

Validate Security Controls

Reporting

Disclaimer

Version History