Source: United States Department of Justice (National Center for Disaster Fraud)
Greenbelt, Maryland – Today, U.S. District Judge Deborah K. Chasanow sentenced Newton Ofioritse Jemide, 47, a Nigerian national extradited from France, to 41 months in federal prison for his role in a scheme to fraudulently obtain federal benefits. Jemide will also serve three years of supervised release, pay $520,431.83 of restitution, and a forfeiture money judgment was entered against him in the amount of $311,036.64. Jemide executed his part of the criminal scheme from Nigeria where he resided when he committed the offense.
Kelly O. Hayes, U.S. Attorney for the District of Maryland, announced the plea with Joseph V. Cuffari, Inspector General for the Department of Homeland Security (DHS); Acting Special Agent in Charge Colleen Lawlor, Social Security Administration (SSA) Office of Inspector General – Philadelphia Field Division; and Special Agent in Charge William McCool, U.S. Secret Service – Washington Field Office.
As a result of the conspiracy, the Federal Emergency Management Agency (FEMA) provided emergency benefits and compensation for damages to victims affected by declared national emergency disasters, such as hurricanes and wildfires. Among other benefits, an individual in an affected area was immediately eligible for Critical Needs Assistance (CNA) to purchase life-saving or life-sustaining materials. Victims could decide how to receive assistance payments, including deposits on pre-paid debit cards.
According to his guilty plea, in 2016 and 2017, Jemide and others from Nigeria directed co-conspirators living in the United States to purchase hundreds of Green Dot Debit Cards. Co-conspirators living in Nigeria then registered the cards with Green Dot using stolen personal information from identity theft victims around the United States. Jemide and his co-conspirators used an encrypted messaging application and other means to communicate.
In 2017, following Hurricanes Harvey, Irma, and Maria — and the California wildfires — Jemide and other co-conspirators from Nigeria used stolen personal information to apply online for FEMA and CNA benefits. FEMA dispersed $500 per claim on the Green Dot Debit Cards that the co-conspirators purchased for a total of at least $8 million.
In addition to filing false disaster-assistance claims with FEMA, Jemide and co-conspirators also submitted false online claims for Social Security benefits, IRS tax refunds, and other government benefits using stolen identities of multiple individuals, including names, addresses, Social Security Numbers (SSN), and other personal identifiers.
As a result of fraudulent submissions, FEMA and other federal agencies deposited benefits onto the Green Dot Debit Cards. The funds were deposited on the debit cards using multiple stolen identities, including identities different from the identities used to register the cards. Jemide and select co-conspirators informed other co-conspirators when the fraudulent funds became available on the debit cards and gave them information to cash out the funds from the cards in exchange for a commission. Additionally, the co-conspirators took steps to conceal their identities by enlisting others to make purchases and withdrawals; utilizing multiple store and bank locations and methods of withdrawal; and making money orders payable to other individuals and/or corporate entities.
U.S. Attorney Hayes commended DHS OIG, SSA OIG, and the USSS for their work in the investigation and thanked the Justice Department’s Office of International Affairs and the U.S. Marshals Service for their valuable assistance in securing the extradition of Jemide to the United States. Ms. Hayes also thanked Assistant U.S. Attorneys Elizabeth Wright and Darren Gardner who are prosecuting the federal case.
Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)
WASHINGTON – Tyjuan McNeal, 28, of the District of Columbia, was sentenced today in U.S. District Court to 84 months in federal prison for participating in the December 2023 burglary of 34 firearms from a Maryland pawn shop. The sentence was announced by U.S. Attorney Jeanine Ferris Pirro.
McNeal pleaded guilty on March 12, 2025, to one count of conspiracy to commit firearms trafficking. In addition to the 84-month prison term, U.S. District Court Judge Amy Berman Jackson ordered McNeal to serve three years of supervised release.
According to the court documents, on December 13, 2023, McNeal and at least four co-conspirators drove from Washington, D.C. to the A&D Pawn Shop, a Federal Firearms Licensee in Glen Burnie, Maryland. McNeal was wearing an ankle monitor that he had wrapped in aluminum foil.
At the pawn shop, one of the co-conspirators used a portable saw to cut the locks on a pull-down security gate. Another co-conspirator then used a crowbar-type tool to pry open the main door. Once inside, the quintet grabbed an array of rifles, shotguns, and pistols from the shelves and display racks and fled with at least 34 of the firearms. They later used social media to advertise the sale of the stolen guns.
McNeal was arrested on March 22, 2024, with a Glock 29 pistol and has been detained since.
Co-defendant Juwon Markel Anderson, 22, was sentenced to 84 months in prison. Vincent Lee Alston, aka “Vedo,” 23, was sentenced to 84 months. Niquan “Stickz” Odum, 23, was sentenced to 48 months. Sentencing is pending for Cy’juan Hemsley, 20, who pleaded to conspiracy to commit theft from a firearms licensee and to possession of stolen firearms.
This case was investigated by the ATF Washington Division and the Metropolitan Police Department, with assistance from the ATF Baltimore Field Division. It is being prosecuted by Assistant U.S. Attorney Shehzad Akhtar with valuable assistance from former Special Assistant U.S. Attorney Ryan Lipes.
Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)
Louisville, KY – On May 6, 2025, a federal grand jury in Louisville charged a total of 20 defendants from across Kentucky and California in 3 separate indictments involving methamphetamine and fentanyl trafficking offenses and firearms offenses. On May 21, 2025, a federal grand jury charged 4 defendants, 2 of whom were previously charged, in an indictment involving methamphetamine and fentanyl trafficking and money laundering offenses. The indictments charging all 22 defendants were the result of a lengthy investigation conducted by multiple law enforcement agencies.
U.S. Attorney Kyle G. Bumgarner of the Western District of Kentucky, Acting Special Agent in Charge Olivia Olson of the FBI Louisville Field Office, Special Agent in Charge Rana Saoud of the Homeland Security Investigations Nashville, Special Agent in Charge John Nokes of the ATF Louisville Field Division, Special Agent in Charge Jim Scott of the DEA Louisville Field Division, Special Agent in Charge Karen Wingerd of the Internal Revenue Service Criminal Investigations, Cincinnati Field Office, U.S. Postal Inspector in Charge Lesley Allison of the Pittsburgh Division, U.S. Customs and Border Protection Chicago Director of Field Operations Lafonda Sutton-Burke, Commissioner Phillip Burnett, Jr. of the Kentucky State Police, and Chief Paul Humphrey of the Louisville Metro Police Department made the announcement.
The following 9 defendants were charged in the first indictment on May 6, 2025:
James Havlicheck, 34, of California
Rodney Hollie, 38, of California
Joseph Nguyen, 38, of California
Minh Ngo, 40, of California
Kevin Nguyen, 30, of California
Johnathan Nguyen, 35, of California
Ordell Smith, Jr., 38, of Louisville
Vanray O’Neal, 38, of Louisville
Darren Render, 33, of Louisville
According to the first indictment, Havlicheck, Hollie, Joseph Nguyen, Ngo, Kevin Nguyen, and Johnathan Nguyen were charged with conspiracy to possess with the intent to distribute 50 grams or more of a methamphetamine for a conspiracy beginning as early as April 2024 and continuing through July 19, 2024. Havlicheck and Ngo were also charged with one count of distribution of methamphetamine 50 grams or more.
Smith, Jr. was charged with four counts of distribution of methamphetamine 50 grams or more.
O’Neal was charged with three counts of distribution of methamphetamine 50 grams or more and two counts of firearms trafficking.
Render was charged with four counts of firearms trafficking, four counts of possession of a firearm by a prohibited person, three counts of distribution of fentanyl, one count of distribution of heroin, and two counts of possession of a firearm in furtherance of a drug trafficking crime. Render was prohibited from possessing a firearm because he had previously been convicted of the following felony offense.
On April 2, 2020, in the United States District Court for the Western District of Kentucky, Render was convicted of possession of a firearm by a prohibited person.
If convicted, Havlicheck, Hollie, Joseph Nguyen, Ngo, Kevin Nguyen, Johnathan Nguyen, Smith, Jr., and O’Neal face a mandatory minimum sentence of 10 years in prison. Render faces a mandatory minimum sentence of 5 years in prison. All the defendants face a maximum sentence of life in prison. A federal district court judge will determine any sentence after considering the sentencing guidelines and other statutory factors.
The following 9 defendants were charged in the second indictment on May 6, 2025:
Antonio Taylor, 39, of Louisville
Terry Matthews, 44, of Louisville
Dylan Bradley, 21, of Louisville
Demetrius Brown, 42, of Louisville
Dominic McCray, 30, of Louisville
Joshua James, 42, of Louisville
Gregory Jackson, 34, of Louisville
Thai Quoc Tran, 24, of Louisville
Devon Wilson, 43, of Louisville
According to the second indictment, Taylor, Matthews, Bradley, Brown, McCray, James, and Jackson were charged with one count of conspiracy to possess with the intent to distribute 400 grams or more of fentanyl for a conspiracy beginning as early as August 21, 2024, and continuing through October 23, 2024.
Taylor was also charged with one count of distribution of 400 grams or more of a fentanyl mixture, eight counts of distribution of 40 grams or more of a fentanyl mixture, one count of possession of a firearm in furtherance of a drug trafficking crime, and one count of possession of a firearm by a prohibited person. Taylor was prohibited from possessing a firearm because he had previously been convicted of the following felony offenses.
On or about May 21, 2018, in Jefferson Circuit Court, Taylor was convicted of possession of a handgun by a convicted felon and trafficking in a controlled substance first degree unspecified less than ten dosage units (two counts).
Matthews was also charged with one count of distribution of 400 grams or more of a fentanyl mixture, three counts of distribution of 40 grams or more of a fentanyl mixture, two counts of distribution of fentanyl, one count of possession of a firearm in furtherance of a drug trafficking crime, one count firearms trafficking, one count of possession of a firearm by a prohibited person, and one count of distribution of a controlled substance. Matthews was prohibited from possessing a firearm because he had previously been convicted of the following felony offense.
On March 9, 2018, in Jefferson Circuit Court, Matthews was convicted of flagrant non-support.
Bradley was also charged with three counts of distribution of 40 grams or more of a fentanyl mixture, one count of distribution of 50 grams or more of methamphetamine, and one count of possession of a firearm in furtherance of a drug trafficking crime.
Brown was also charged with one count of distribution of 40 grams or more of a fentanyl mixture, one count of distribution of a fentanyl mixture, and one count of possession of a firearm by a prohibited person. Brown was prohibited from possessing a firearm because he had previously been convicted of the following felony offenses.
On or about July 17, 2017, in Jefferson Circuit Court, Brown was convicted of assault in the second degree, criminal mischief in the first degree, receiving stolen firearm, and wanton endangerment in the first degree.
McCray was also charged with one count of possession of an unregistered firearm.
James was also charged with one count of distribution of 40 grams or more of a fentanyl mixture.
Jackson was also charged with one count of distribution of 40 grams or more of a fentanyl mixture.
Tran was also charged with one count of distribution of 50 grams or more of methamphetamine.
Wilson was also charged with one count of possession of a firearm by a prohibited person. Wilson was prohibited from possessing a firearm because he had previously been convicted of the following felony offenses.
On July 16, 2024, in Jefferson Circuit Court, Wilson was convicted of flagrant non-support.
On January 9, 2017, in Jefferson Circuit Court, Wilson was convicted of trafficking in a controlled substance in the first degree, schedule I heroin less than two grams.
If convicted, Taylor, Matthews, Bradley, Brown, James, Jackson, and Tran face a mandatory minimum sentence of 10 years in prison and a maximum sentence of life in prison. McCray faces a maximum sentence of 10 years in prison. Wilson faces a maximum sentence of 15 years in prison. A federal district court judge will determine any sentence after considering the sentencing guidelines and other statutory factors.
Matthews and McCray have not been federally arrested and are not yet before the Court.
The following 2 defendants were charged in the third indictment on May 6, 2025:
Mark Foster, Jr., 33, of Louisville
Devante Rice, 30, of Louisville
Foster was charged with two counts of distribution of controlled substances, nine counts of distribution of fentanyl, ten counts of possession of a firearm by a prohibited person, seven counts of possession of a firearm in furtherance of a drug trafficking crime, one count of illegal possession of a machine gun, and one count of firearms trafficking. Foster was prohibited from possessing a firearm because he had previously been convicted of the following felony offenses.
On or about March 30, 2018, in Jefferson Circuit Court, Foster was convicted of receiving stolen property (firearm) and illegal possession of a controlled substance in the first degree, heroin.
On or about June 15, 2021, in Jefferson Circuit Court, Foster was convicted of complicity to trafficking in a controlled substance in the first degree, opioids, complicity to trafficking in a controlled substance in the first degree, methamphetamine, possession of a handgun by a convicted felon, and tampering with physical evidence.
Rice was charged with eleven counts of possession of a firearm by a prohibited person, one count of firearms trafficking, and two counts of possession of an unregistered firearm. Rice was prohibited from possessing a firearm because he had previously been convicted of the following felony offenses.
On January 10, 2014, in Jefferson Circuit Court, Rice was convicted of burglary in the second degree and receiving stolen property over $500.
On April 30, 2019, in Jefferson Circuit Court, Rice was convicted of possession of a handgun by a convicted felon.
On August 8, 2023, in Jefferson Circuit Court, Rice was convicted of complicity to possession of a handgun by a convicted felon, theft by unlawful taking – firearm (two counts), and theft by unlawful taking over $500 but under $10,000.
If convicted, Foster faces a mandatory minimum sentence of 70 years in prison and a maximum sentence of life in prison. Rice faces a maximum sentence of 15 years in prison on each count of possession of a firearm by a prohibited person and the single count of firearms trafficking and a 10-year maximum sentence for the two counts of possession of an unregistered firearm. A federal district court judge will determine any sentence after considering the sentencing guidelines and other statutory factors.
The following 4 defendants were charged in the fourth indictment on May 21, 2025:
Antonio Taylor
Joshua James
Celotia Evans, 39, of Louisville
Jaremei Hinkle, 24, of Louisville
According to the fourth indictment, Taylor, James, Evans, and Hinkle were charged with one count of conspiracy to possess with the intent to distribute 400 grams or more of fentanyl for a conspiracy beginning as early as June 2024 and continuing through July 11, 2024.
Hinkle was also charged with one count of possession with intent to distribute of 400 grams or more of a fentanyl mixture.
James was also charged with one count of conspiracy to distribute 500 grams or more of a methamphetamine mixture.
Taylor is also charged with engaging in monetary transactions derived from specific unlawful activities and laundering of a money instrument during his purchase of a vehicle.
If convicted, Taylor, James, Evans, and Hinkle face a mandatory minimum sentence of 10 years in prison. All the defendants face a maximum sentence of life in prison. A federal district court judge will determine any sentence after considering the sentencing guidelines and other statutory factors.
There is no parole in the federal system.
Evans and Hinkle have not been federally arrested and are not yet before the Court.
The cases are being investigated by the FBI, HSI, ATF, DEA, IRS-CI, CBP, USPIS, KSP, and LMPD.
These cases were investigated and prosecuted by the Kentucky Homeland Security Task Force (HSTF) as part of Operation Take Back America. HSTFs, which were established by President Trump in Executive Order 14159, Protecting the American People Against Invasion, are joint operations led by the Department of Justice and the Department of Homeland Security. Operation Take Back America is a nationwide federal initiative that marshals the full resources of the Department of Justice to repel the invasion of illegal immigration, achieve the total elimination of cartels and transnational criminal organizations (TCOs), and protect our communities from the perpetrators of violent crime. Operation Take Back America streamlines efforts and resources from the Department’s Organized Crime Drug Enforcement Task Forces (OCDETFs) and Project Safe Neighborhood (PSN).
An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)
PENSACOLA, FLORIDA – Christ’Avian X’Zayvia Rayshon Sheard, 19, of Pensacola, Florida, was sentenced to 30 months in federal prison after previously pleading guilty to possession of a firearm and ammunition by a convicted felon. The sentence was announced by John P. Heekin, United States Attorney for the Northern District of Florida.
According to court records, on April 2, 2024, Sheard was located in a vehicle parked at Sanders Beach. Sheard was in possession of marijuana as well as a loaded Taurus 9 millimeter pistol. Sheard was a convicted felon at the time, with a prior felony conviction for aggravated assault by threat with a firearm and carrying a concealed firearm.
U.S. Attorney Heekin said: “Operation Take Back America is a promise by President Donald J. Trump and Attorney General Pam Bondi that we will do everything in our power to stop those who are victimizing our communities, and keeping a violent felon like this one off the streets is exactly what they meant. I am proud of the work of our brave state and federal law enforcement partners who investigated this case, and my office will continue to aggressively prosecute these offenders to keep our communities safe.”
“Pensacola Police is committed to reducing guns crimes and will continue to work with our federal law enforcement partners to hold everyone accountable that chooses to illegally possess a firearm in our city,” said Chief Randall of the Pensacola Police Department.
The case involved a joint investigation by the Pensacola Police Department and the Bureau of Alcohol, Tobacco, Firearms, and Explosives. The case was prosecuted by Assistant United States Attorney Jessica S. Etherton.
This case is part of Operation Take Back America (https://www.justice.gov/dag/media/1393746/dl?inline) a nationwide initiative that marshals the full resources of the Department of Justice to repel the invasion of illegal immigration, achieve the total elimination of cartels and transnational criminal organizations (TCOs), and protect our communities from the perpetrators of violent crime. Operation Take Back America streamlines efforts and resources from the Department’s Organized Crime Drug Enforcement Task Forces (OCDETFs) and Project Safe Neighborhood (PSN).
The United States Attorney’s Office for the Northern District of Florida is one of 94 offices that serve as the nation’s principal litigators under the direction of the Attorney General. To access public court documents online, please visit the U.S. District Court for the Northern District of Florida website. For more information about the United States Attorney’s Office, Northern District of Florida, visit http://www.justice.gov/usao/fln/index.html.
Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)
The defendant, a felon, also possessed a firearm in connection with the drug offense.
Baltimore, Maryland – Today, Judge Matthew J. Maddox sentenced Freddie Anthony Curry, 54, of Baltimore, Maryland, to 10 years in federal prison for possession with the intent to distribute 400 grams or more of fentanyl and 500 grams or more of cocaine.
Kelly O. Hayes, U.S. Attorney for the District of Maryland, announced the sentence with Acting Special Agent in Charge Amanda M. Koldjeski, Federal Bureau of Investigation (FBI) – Baltimore Field Office, and Special Agent in Charge Ibrar A. Mian, Drug Enforcement Administration (DEA) – Washington Division.
In May 2024, the FBI and DEA began investigating Curry in connection with suspected fentanyl and cocaine trafficking in the Baltimore area. During their investigation, they verified Curry’s vehicle and residence. Authorities then executed federal search warrants on Curry’s residence and vehicle. During the search, investigators recovered approximately 980 grams of fentanyl, 1,040 grams of cocaine, digital scales, drug-packaging materials, and a Glock 19 9-millimeter handgun. Curry is prohibited from possessing a firearm due to prior felony convictions.
This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.
This case is part of a Strike Force Initiative, which provides for the establishment of permanent multi-agency task force teams that work side-by-side in the same location. This co-located model enables agents from different agencies to collaborate on intelligence-driven, multi-jurisdictional operations to disrupt and dismantle the most significant drug traffickers, money launderers, gangs, and transnational criminal organizations. The specific mission of the Baltimore Strike Force is to identify, disrupt, and dismantle violent drug trafficking, money laundering, and transnational criminal organizations to reduce drug-related and/or gang violence in the Baltimore metropolitan and surrounding areas. The Baltimore Strike Force is comprised of agents and officers from the Bureau of Alcohol, Tobacco, Firearms, and Explosives, the Drug Enforcement Administration, the Federal Bureau of Investigation, the Department of Homeland Security, the United States Marshals Service, the United States Secret Service, United States Postal Inspection Service, the Maryland State Police, the Baltimore Police Department, the Baltimore Sheriff’s Office, the Baltimore County Police Department, the Maryland Transportation Authority, and the Maryland Department of Public Safety and Correctional Services. The prosecution is being led by the Office of the United States Attorney for the District of Maryland.
U.S. Attorney Hayes commended the FBI and DEA, for their work in the investigation. Ms. Hayes also thanked Assistant U.S. Attorney Sarah Simpkins who is prosecuting the case.
Source: The Conversation (Au and NZ) – By Jeffrey McNeill, Honorary Research Associate, School of People, Environment and Planning, Te Kunenga ki Pūrehuroa – Massey University
If the headlines are anything to go by, New Zealand’s regional councils are on life support.
Regional Development Minister Shane Jones recently wondered whether “there’s going to be a compelling case for regional government to continue to exist”. And Prime Minister Christopher Luxon is open to exploring the possibility of scrapping the councils.
This has all been driven by the realisation that the government’s proposed resource management reforms would essentially gut local authorities of their basic planning and environmental management functions. Various mayors and other interested parties have agreed. While some are circumspect, there’s broad agreement a review is needed.
At present, each territorial council writes its own city or district plan. Regional councils write a series of thematic plans addressing different environmental issues. All the plans contain the councils’ regulatory “rules” that determine what people can or cannot do.
Under the coming reforms, the territorial and regional councils of each region would have only a single chapter each within a broader regional spatial plan. Their function would, for the main part, involve tweaking all-embracing national policies and standards.
Further, all compliance and monitoring – now a predominantly regional council activity – is to be taken over by a national agency (possibly the Environment Protection Authority). This won’t leave much for regional councils to do, compared with their broad remits now.
How regional government evolved
In truth, regional councils have been targets since they were created as part of the Labour government’s 1989 local government reform. Carried out in lockstep with the drafting of the Resource Management Act (passed in 1991), this established two levels of local government.
City and district councils were to be responsible for infrastructure and the built environment. The new regional councils were more opaque, essentially multi-function, special-purpose authorities, recognising that some government actions are bigger than local but smaller than national.
In the event, they became what in many countries would be thought of as environmental protection agencies. Their boundaries were drawn to capture river catchments, reflecting their catchment board antecedents, which looked after soil erosion and flood management.
Other functions were drawn from other government departments. Air-quality management came from the old Department of Health. Coastal management was partly inherited from the Ministry of Transport, shared with the Department of Conservation.
Public transport and civil defence were tacked on, given their cross-territorial scale and lack of anywhere else to put them.
Parochialism and politics
All their various functions have meant regional councils determine who gets to use the region’s resources – and who misses out. And political decisions are a surefire way to make enemies.
For example, the Resource Management Act applied the presumption that no one could discharge any contaminant into water unless expressly allowed by a rule or a resource consent. Regional councils therefore required their territorial councils to upgrade their rubbish dumps and sewage treatment systems.
Similarly, farmers could no longer simply take water to irrigate or empty cowshed effluent straight into the nearest stream as of right. The necessary infrastructure upgrades were expensive.
Ironically, these attempts to minimise the immediate impacts of such demands on water users saw urban voters and environmental groups criticise the councils and the government for being too soft on “dirty dairying” and other polluters.
Parochialism also plays a part, as does the feeling in some rural communities that they’re forgotten by their regions’ cities, where most voters live. The perceived poor handling of events such as last year’s Hawke’s Bay flooding and the 2018 Wellington bus network failure have not helped.
The government even replaced Environment Canterbury’s elected council with appointed commissioners in 2010 over performance concerns, particularly in water management.
Yet the regional council model has largely survived intact – with two exceptions. The Nelson-Marlborough Regional Council was replaced by the Nelson City and Marlborough and Tasman District unitary councils in 1992, as a token sacrifice to the conservative wing of the National government, which vehemently opposed the new regions.
The genesis of the Auckland Council super-region can be traced to the 1999–2008 Labour government’s frustration at getting a unified position from the city’s seven councils on where to build a stadium for the 2011 Rugby World Cup. Not everyone is happy with the resulting metro-regional solution.
Who will be accountable?
If regional government is indeed put to rest, it will be another phase in this piecemeal evolutionary process. But the new model will still require central government to have a significant regional presence – and commensurate central government funding.
But central government has had a regional-scale presence for a long time. Police, the fire service, economic development and social welfare agencies all have their own regional boundaries. Public health and tertiary training and education are also essentially regional.
All these functions are inherently political. And in many other countries, they are are delivered by regional governments. Maybe, once the implications are looked at more closely, leaving regional councils intact will seem the easier and cheaper option. Indeed, there is a counter argument that we need more regional government, not less.
The current impulse for local government change – including district council amalgamation – continues an ad hoc process going back more than 30 years. As I have argued previously, the form, function and funding of local government need to be considered together.
The regional level of administration will not go away. But the overriding question remains: who should speak for and be accountable to their communities for what are ultimately still political decisions, whoever makes them?
Jeffrey McNeill does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
Good afternoon. Thank you to the Government Finance Officers Association (“GFOA”) for inviting me to speak with you today. In my role as the Securities and Exchange Commission’s (“Commission” or “SEC”) Director of the Office of Municipal Securities (“Office of Municipal Securities” or “OMS”), I get a front row seat to see how government finance professionals strive to advance the continued integrity of the municipal securities market. However, I also get a front row seat to some concerning behaviors that may impact the investor confidence and transparency of the municipal securities market.
As is customary, I must remind you that this speech is provided in my official capacity as the Commission’s Director of the Office of Municipal Securities but does not necessarily reflect the views of the Commission, the Commissioners, or other members of the staff.
I. What’s in a Title?
Before I delve into disclosure practices, I would like to start by offering my views on another area of concern to which OMS is paying careful attention. It’s been fifteen years since Congress created a new class of regulated person required to register with the Commission: municipal advisors.[1] But when I speak with market participants or pick up an official statement or visit an issuer’s website, I am regularly confronted with a title that imprecisely[2] reflects the nature of the relationship between municipal entities and/or obligated persons and their advisors: financial advisor.[3]
While some of you may view using the terms “financial advisor” and “municipal advisor” to be interchangeable when discussing hiring a professional to negotiate terms of a transaction or verify pricing as just a matter of a title, Congress expressly defined those persons who engage in municipal advisory activities[4] as “municipal advisors”.[5]
I’m going to start with why I think it’s helpful to use regulatory terms. Although not required, using regulatory terms such as “municipal advisor” in solicitations and offering documents is helpful because it clearly indicates to investors that those professionals are subject to the rules and regulations designed to protect investors and municipal entities[6] and obligated persons.[7] Additionally, using defined regulatory terms in these documents may be helpful to municipal entities and obligated persons in avoiding including confusing or ambiguous statements in disclosures to investors.
Now, for the what. Let’s start with hiring professionals. Municipal entities and obligated persons often retain various professionals through a competitive request for proposal/qualification (“RFP/Q”) process. Before anyone objects, you’re correct: responses to RFP/Qs do not on their own constitute municipal advisory activity.[8] I have, however, observed instances (most notably in public-private partnerships[9] and charter schools[10]) where the work or services requested in the RFP/Qs would require the selected professional to be registered as a municipal advisor because they would be providing advice with respect to the issuance of municipal securities or the use of municipal financial products. In our review of these RFP/Qs, we have either seen municipal entities be silent on requiring that respondents to an RFP/Q be registered as a municipal advisor with the Commission and Municipal Securities Rulemaking Board (“MSRB”) or, worse, affirmatively say that registration as a municipal advisor is not a requirement.[11]
Given that unregistered entities may be engaging in what appears to be municipal advisory activity, you may want to confirm not only that any professional providing municipal advisory services to you is properly registered[12] but also that you have in your RFP/Qs for services or work constituting municipal advisory activity a requirement that respondents be registered with the Commission and the MSRB as municipal advisors in order to submit a response. At a minimum, I do not believe these RFP/Qs should be soliciting the services of a “financial advisor” or “consultant” which may create the impression that they do not need to be registered with the Commission or the MSRB. If you are seeking the services of a municipal advisor, it would be helpful to use the term municipal advisor in your RFP/Qs.
Another area where I see a concerning use of “financial advisor,” where “municipal advisor” should be used, is in your offering documents. As previously mentioned, municipal advisor is more than just a title: it is a regulatory term. Using “municipal advisor” tells investors that the firm, its associated persons, and its activities are subject to rules and regulations; that the Commission monitors municipal advisors for compliance; and takes necessary action to enforce Congress’s mandate. If you use municipal advisors in your transactions, I think it would be beneficial to use the defined term “municipal advisor” in your offering documents to accurately describe the professionals fulfilling that role. Using a term that is explicitly defined by law may also help avoid including confusing or ambiguous statements in disclosures to investors.
There are also strong benefits to being involved with or retaining persons or firms registered and regulated as municipal advisers, as it demonstrates that these persons or firms recognize that they are engaging in municipal advisory activity. Registering as a municipal advisor may also demonstrate that the advisor understands that it has certain legal obligations, including a requirement to register unless an exclusion or exemption applies. These obligations include, among other things, a requirement to disclose to clients any material conflicts of interest. If you remember nothing else from today, remember this: your municipal advisor is required to always act in your best interest.
II. Observations on Amendments to Continuing Disclosure Undertakings
Now turning to disclosure practices. When the Commission proposed amendments[13] to Rule 15c2-12 (“Rule 15c2-12” or “Rule”)[14] of the Securities Exchange Act of 1934 (“Exchange Act”) in 1994[15] prohibiting underwriters, subject to certain exemptions, from purchasing or selling municipal securities covered by the Rule in a primary offering, unless the underwriter had reasonably determined that the issuer (or obligated person) had undertaken in a written agreement or contract[16] (“continuing disclosure undertaking”) to provide specified annual information and event notices,[17] practitioners expressed concern[18] that the amendments were not sufficiently flexible to address changing conditions to financial and pertinent operating information. The Commission addressed practitioners’ concerns when it adopted the amendments.[19]
a. NABL 1 Letter
The Commission explained in the 1994 Amendments Adopting Release that Rule 15c2-12, as amended, requires that continuing disclosure undertakings specify only the general type of information to be provided[20] and that undertakings should be drafted with sufficient flexibility to accommodate for subsequent developments that may require adjustments in the financial information and operating data contractually agreed upon in the undertaking.[21] Shortly after adoption of the amendments, the National Association of Bond Lawyers (“NABL”) requested[22] staff guidance interpreting an issue that I see continues to be debated thirty-one years later: amending continuing disclosure undertakings.
Let’s take a moment and revisit the statements made by staff on amending continuing disclosure undertakings in response to the NABL 1 Letter.[23] Staff first noted that in meeting the requirement that annual financial information be specified in reasonable detail, staff anticipated that continuing disclosure undertakings would set forth a general description of the type of financial information and operating data that would be provided. Staff further observed that these descriptions would not need to state more than a general category of financial information and operating data. Moreover, staff noted that where a continuing disclosure undertaking calls for information that no longer can be generated because the operations to which it related had been materially changed or discontinued, a statement to that effect would satisfy the continuing disclosure undertaking. In such instances, staff explained that it may be good practice to provide similar operating data with respect to any substitute or replacement operation. Further, staff noted that issuers and obligated persons may provide additional information that is not required by the terms of the undertaking. Accordingly, the staff did not anticipate that it often would be necessary to amend informational undertakings.
In addition to providing guidance on the circumstances under which an undertaking could be amended, the staff also provided several examples[24] of annual financial information descriptions. For example, categories of operating data provided for a college or university facility bond offering might include, among others, information regarding attendance, applications, and tuition and room and board rates charged to students. In a water or sewer financing, categories of information provided might include, among others, customers, rates, use, capacity, and demand.
b. Current State of Continuing Disclosure Undertakings
Now I would like to take the opportunity to reflect on the current state of continuing disclosure undertakings. Since the 1994 amendments promoted flexibility in drafting continuing disclosure undertakings, staff has heard that practitioners have discovered ambiguities and inconsistencies in their continuing disclosure undertakings that have resulted in overlapping, inconsistent, and outdated information in required disclosures. Consequently, practitioners continue to struggle with questions about amending continuing disclosure undertakings and have asked the staff for guidance on this issue.
To start, I want to remind practitioners that Rule 15c2-12, as amended, offers flexibility in the content and scope of disclosed financial information.[25] The Rule specifies only general types of information relating to the financial information and operating data to accommodate for any subsequent developments that would require adjustments to the data.[26] Further, adhering to your continuing disclosure undertakings does not preclude you from providing additional information, particularly where disclosure may be necessary to avoid liability under the antifraud provisions.[27]
The staff recognizes that, despite the staff interpretive guidance in the NABL 1 Letter, which elaborated on statements in the 1994 Amendments Adopting Release, some obligated persons have continued to provide specific and relatively unflexible descriptions of annual financial information or operating data in the continuing disclosure undertakings by, for instance, pointing to specific tables of information in an official statement because they believe it makes it easier for issuers and dissemination agents to comply with the undertaking. Although Rule 15c2-12 does not prohibit such specificity or incorporation by reference,[28] I believe that where obligated persons choose to include references to specific tables or similar specificity, they might consider including language allowing for flexibility, such as describing tables “of the type” or tables “of the kind” provided in the official statement.
The inclusion in continuing disclosure undertakings of clear descriptions of the disclosures to be made by municipal issuers and obligated persons promotes a more transparent and efficient market. However, drafters of continuing disclosure undertakings may want to be mindful when specifying the particular types of information that will be provided for many years into the future, as continuing disclosure undertakings are contractual obligations that cannot be amended based on a unilateral decision by an issuer or any other party. With very limited exceptions, issuers and obligated persons may not later decide unilaterally what types of information an investor would consider necessary or meaningful, especially where such information has previously been agreed upon.[29]
Continuing disclosure undertakings would be meaningless if issuers and obligated persons could unilaterally determine that certain types of information were no longer necessary or meaningful to investors.[30] Despite previous requests from the market for guidance on amending continuing disclosure agreements, I remind you that those agreements are contracts governed by state law[31] from which the Commission does not have the authority to provide exemptions. Failure to comply with continuing disclosure undertakings would be breaches of contract enforceable by private parties.[32] This is why staff statements have focused on using language in continuing disclosure agreements that allow for changing conditions.
III. The Importance of Voluntary Disclosure in the Municipal Securities Market
Sound, timely, and accurate disclosures of the financial condition and operating status of issuers and obligated persons promotes the continued integrity of the municipal securities market.[33] As we all know, Rule 15c2-12 requires that continuing disclosure undertakings set forth certain enumerated requirements. Rule 15c2-12 does not generally impose an obligation to provide ongoing information beyond the contractual continuing disclosure obligations. I am of the view, however, that voluntary disclosures[34] — providing information beyond contractual continuing disclosure obligations — by issuers and obligated persons can provide market participants with updated financial and other disclosures regarding the effects of evolving economic conditions.[35]
a. Improving Transparency and Market Efficiencies
Issuer organizations and other market participants have noted that providing voluntary interim disclosure can serve the interests of municipal issuers and have developed voluntary disclosure best practices designed to improve the quality and quantity of voluntary disclosure in the secondary market.[36] GFOA issued a Best Practices on Voluntary Disclosure in 2021.[37]
I am of the view that if issuers and obligated persons provide voluntary disclosures of their financial condition and operating status on a more frequent basis, the additional information could potentially reduce information asymmetries and help investors and other market participants identify early warning signs of an issuer’s or obligated person’s deteriorating financial condition sooner (such as budget deficits and imbalances, high unfunded pensions liability, and decreases in property value), which could lead to increased market efficiencies.
Some examples of helpful voluntary disclosures that municipal issuers and obligated persons could consider disseminating are[38]
More Timely Financial Information. Municipal issuers routinely prepare periodic reports containing financial information and/or operating data, such as investment positions, interim financial information, or capital improvement plans, for various non-disclosure purposes,[39] which are generally produced in accordance with governance documents, best practices, and generally accepted guidelines. Municipal issuers could consider submitting such reports via the repository designated by the Commission (currently the MSRB’s Electronic Municipal Market Access (“EMMA”) system) and/or through their own designated website.
Reports Prepared for Other Governmental Purposes. Municipal issuers and obligated persons may have prepared reports addressing relevant climate, cybersecurity, litigation, or other risks for other purposes.
Reports and Information Shared with Third Parties. Reports prepared to be shared with rating agencies, bank loan providers or other market participants may also include information material to investors.[40]
Information Regarding Availability of Federal, State and Local Aid. If it materially affects, or is reasonably likely to materially affect, your ability to repay debt service, you could make available a description of available aid that you have sought or are planning on seeking and any other material terms of the aid to investors.
Information Regarding Non-Routine Events that May Impact an Issuer’s Ability to Repay Securities. For instance, a large business relocating to your jurisdiction may have a positive impact, while a natural disaster may have a negative impact. Sharing information with the market on any non-routine events that may impact your ability to repay debt service could be helpful.
In my view, making any voluntary disclosures available in the place or places where they regularly make information available to investors, such as on the EMMA system and/or on their own websites, would be helpful to both issuers and investors.
b. Observations on Liability
I sometimes hear from issuers that they would disclose more information to the market, but that their counsel advises them, as a matter of course, not to provide any information that is not required. I recognize that the issue of liability is often raised in connection with voluntary disclosures.
I believe that accompanying voluntary disclosures that contain projections or forward-looking statements with meaningful cautionary language — including, for example, (1) a description of relevant facts or assumptions affecting the reasonableness of reliance on and the materiality of the information provided, (2) a description of how certain important information may be incomplete or unknown, and (3) the process or methodology (audited versus unaudited) used by the municipal issuer or obligated person to produce the information — could not only improve the quality of the disclosure but also help mitigate associated legal risks.
As I observe the municipal securities market and consider appropriate paths to address behaviors that impact investor confidence and transparency, I believe that it would be beneficial for municipal issuers to disclose, to exercise reasonable care, and to follow best practices in the creation and release of any voluntary disclosure.
It’s always a pleasure to speak with members of the GFOA. Thank you again for the invitation to discuss these important issues with you today.
[1] See Section 975(a)(1)(B) (15 U.S.C. 78o-4(a)(1)(B)) of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank Act” or “Dodd-Frank”).
[3] While state statutes or other governing documents may reference the selection or designation of a “financial advisor” in connection with the issuance of bonds, I am of the view that the term “municipal advisor” should also be used in any RFP/Qs and offering documents issued in these jurisdictions when the requested service may include municipal advisory activity. In the event a state statute or other governing document references “financial advisor” or other term, it may be appropriate to use both terms with appropriate definitions and cross-references.
[4] Pursuant to Exchange Act Rule 15Ba1-1(e) (15 CFR 240.15Ba1-1(e)), “municipal advisory activities” includes, but is not limited to, “[p]roviding advice to or on behalf of a municipal entity or obligated person with respect to municipal financial products or the issuance of municipal securities, including advice with respect to the structure, timing, terms, and other similar matters concerning such financial products or issue.”
[5] See Exchange Act Section 15B(e)(4)(A) (15 U.S.C. 78o-4(e)(4)(A)). The definition of municipal advisor includes financial advisors, guaranteed investment contract brokers, third-party marketers, placement agents, solicitors, finders, and swap advisors that provide municipal advisory services, unless they are statutorily excluded. See 15 U.S.C. 78o-4(e)(4)(B). The statutory definition of municipal advisor excludes a broker, dealer, or municipal securities dealer serving as an underwriter (as defined in section 77b(a)(11) of this title), any investment adviser registered under the Investment Advisers Act of 1940 (15 U.S.C. 80b-1 et seq.), or persons associated with such investment advisers who are providing investment advice, any commodity trading advisor registered under the Commodity Exchange Act or persons associated with a commodity trading advisor who are providing advice related to swaps, attorneys offering legal advice or providing services that are of a traditional legal nature, or engineers providing engineering advice. See 15 U.S.C. 78o-4(e)(4)(C). The Commission exempts the following persons from the definition of municipal advisor to the extent they are engaging in the specified activities: accountants; public officials and employees; banks; responses to requests for proposals or qualifications; swap dealers; participation by an independent registered municipal advisor; persons that provide advice on certain investment strategies; certain solicitations. See Exchange Act Rule 15Ba1-1(d)(3)(i) through (viii) (17 CFR 240.15Ba1-1(d)(3)(i) through (viii)).
[6] See Registration of Municipal Advisors, Exchange Act Release No. 70462 (Sept. 20, 2013), 78 FR 67468, 67509 (Nov. 12, 2013) (“Municipal Advisor Adopting Release”).
[7] The timeline for being required to register as a municipal advisor when advising clients about conduit financing or other financing options is dependent on certain facts and circumstances. See id. at 67485.
[8] Id. at 67475.
[11] While the Dodd-Frank Act is a federal law, the municipal advisor registration requirements apply to advice with respect to the issuance of municipal securities regardless of the proposed source of funds used to repay those securities, which may include local tax revenue, state or federal revenue or grants or funds paid by a private lessee or purchaser. The staff is aware of publicly available documents where a state or local government has stated that municipal advisor registration is only required for municipal securities being repaid with federal funds.
[12] See Speech, Responsibilities of Regulated Entities to Municipal Issuers, supra note 2.
[14] See 17 CFR 240.15c2-12. The Commission adopted Rule 15c2-12 in 1989 to enhance disclosure in the municipal securities market by codifying standards for underwriters to obtain, review, and disseminate disclosure documents. See Exchange Act Release No. 26100 (Sept. 22, 1988), 53 FR 37778 (“1988 Proposing Release”); Exchange Act Release No. 26985 (June 28, 1989), 54 FR 28799 (July 10, 1989) (“1989 Adopting Release”). Rule 15c2-12 requires an underwriter acting in primary offerings of municipal securities with an aggregate principal amount of $1,000,000 or more to obtain and review an official statement “deemed final” by an issuer of the municipal securities, except for the omission of specified information, prior to making a bid, purchase, offer, or sale of municipal securities. See 17 CFR 240.15c2-12(a) and (b)(1).
[15] The Commission has amended Rule 15c2-12 over the years to respond to evolving market practices. See Exchange Act Release No. 34961 (Nov. 10, 1994), 59 FR 59590 (Nov. 17, 1994) (“1994 Amendments Adopting Release”); Exchange Act Release No. 59062 (Dec. 5, 2008), 73 FR 76104 (Dec. 15, 2008) (“2008 Amendments Adopting Release”); Exchange Act Release No. 62184A (May 27, 2010), 75 FR 33100 (June 10, 2010) (“2010 Amendments Adopting Release”); and Exchange Act Release No. 83885 (Aug. 20, 2018), 83 FR 44700 (Aug. 31, 2018) (“2018 Amendments Adopting Release”).
[16] See 17 CFR 240.15c2-12(b)(5).
[17] See 17 CFR 240.15c2-12(b)(5)(C).
[18] See 1994 Amendments Adopting Release, supra note 15, 59 FR at 59599.
[19] Id.
[20] Id.
[21] Id.
[22] NABL raised several questions in its letters. See Letter from Robert L.D. Colby, Deputy Director, Division of Market Regulation, U.S. Securities and Exchange Commission, to John S. Overdorff, Chair, and Gerald J. Laporte, Vice-Chair, Securities Law and Disclosure Committee, National Association of Bond Lawyers, dated June 23, 1995 (‘‘NABL 1 Letter”), available at https://www.sec.gov/info/municipal/nabl-1-interpretive-letter-1995-06-23.pdf; and Letter from Catherine McGuire, Chief Counsel, Division of Market Regulation, U.S. Securities and Exchange Commission, to John S. Overdorff, Chair, Securities Law and Disclosure Committee, National Association of Bond Lawyers, dated Sept. 19, 1995 (“NABL 2 Letter”), available at https://www.sec.gov/info/municipal/nabl-2-interpretive-letter-1995-09-19.pdf. See also Letter from Michael Nicholas, Chief Executive Officer, Bond Dealers of America, Emily Swenson Brock, Director, Federal Liaison Center, Government Finance Officers Association, Kenneth R. Artin, President, National Association of Bond Lawyers, Cornelia Chebinou, Washington Director, National Association of State Auditors, Comptrollers and Treasures, Michael Decker, Managing Director, Securities Industry and Financial Markets Association, to Jessica Kane, Director, Office of Municipal Securities, U.S. Securities and Exchange Commission, dated Aug. 9, 2016 available at https://www.nabl.org/wp-content/uploads/2023/02/20160809-Joint-Letter-on-Amending-CDAs.pdf.
[23] See NABL 1 Letter, Question 2, supra note 22.
[24] Id.
[25] See 1994 Amendments Adopting Release, supra note 15, 59 FR at 59599; Securities and Exchange Commission, Report on the Municipal Securities Market (July 31, 2012) (“Report on the Municipal Securities Market”), at 70, available at https://www.sec.gov/news/studies/2012/munireport073112.pdf.
[26] See 1994 Amendments Adopting Release, supra note 15, 59 FR at 59599 (Commission noting that “the amendments require that the undertaking specify only the general type of information to be supplied . . .”).
[27] Id.
[28] Id.
[29] See 1994 Amendments Adopting Release, supra note 15, 59 FR at 59599. But see NABL 1 Letter, Question 2, supra note 22, outlining scenarios where an undertaking that includes an amendment provisions nevertheless may satisfy the requirements of Rule 15c2-12.
[30] See 1994 Amendments Adopting Release, supra note 15, 59 FR at 59599.
[31] Id. at 59601.
[32] Id. (“remedies for breach of any undertaking under applicable state law are a subject for negotiation between the parties to the Offering.”).
[34] As seen during the Covid-19 Pandemic, variations in voluntary disclosures persisted and the differing approaches to disclosure served as a reminder that required disclosures are not confined to enumerated events. For instance, some issuers included tailored, stand-alone COVID-19-risk sections in their disclosures or uploaded financial informational statements to EMMA identifying impacts on economies and revenues, and expectations regarding associated risk mitigation. See, e.g., MSRB, Municipal Securities Market COVID-19-Related Disclosure Summary (updated Mar. 28, 2021), available at https://www.msrb.org/sites/default/files/2022-09/Municipal-Securities-Market-COVID-19-Related-Disclosure-Summary.pdf; DPC Data COVID Disclosure Trends Charted in New Infographic, A Year of COVID-Tagged Disclosures, Mar. 2020 to Mar. 2021, available at https://www.dpcdata.com/resources/year-covid-tagged-disclosures/.
[35] See, e.g., Report on the Municipal Securities Market, supra note 25, at III.A.1 and III.B (summarizing market participant and investor interest in voluntary disclosure guidelines and best practices to improve the level and quality of disclosure in the primary and secondary markets); Chairman Jay Clayton and Rebecca Olsen, Director, Office of Municipal Securities, U.S. Securities and Exchange Commission, The Importance of Disclosure for our Municipal Markets (May 4, 2020) (the “Municipal Market COVID-19 Statement”), available at https://www.sec.gov/news/public-statement/statement-clayton-olsen-2020-05-04.
[36] See, e.g., Government Finance Officers Association (“GFOA”) Best Practices Voluntary Disclosure (Oct. 1, 2021) (“Best Practices on Voluntary Disclosure”), available at https://www.gfoa.org/materials/voluntary-disclosure (“Enhanced market communication achieved through voluntary disclosure the issuer to improve its investor relations. This enhanced communication and improved relations with investors can become an important factor for access to the capital for markets….”); National Federation of Municipal Analysts (“NFMA”) Position Paper on Voluntary Interim Disclosures by State and Local Governments (Oct. 26, 2004) (“NFMA Voluntary Interim Disclosures Paper”), at 2-4, available at https://www.nfma.org/assets/documents/nfma_position_interim_disclosure.pdf (NFMA “strongly believe(s) that it is in the best interest of state and local government units and political instrumentalities thereof to provide investors on a voluntary basis with timely disclosure reports derived from information maintained in the normal course of operations” and that “[t]o the extent that governmental issuers have relevant financial information on hand, the benefits of providing voluntary interim disclosure vastly outweigh any administrative burden entailed in disseminating this information to the market.”)
[37] See Best Practices on Voluntary Disclosure, supra note 36.
[38] See, e.g., id.; Report on the Municipal Securities Market, supra note 25, at 58 (noting that the “practices of market participants in voluntarily providing [large amounts of information about issuers of municipal securities] to investors are not, however, consistent,” further explaining that “[l]arge repeat issuers generally have more comprehensive disclosure than small, infrequent or conduit issuers, who may voluntarily provide little ongoing information to investors.”).
[39] In many cases, municipal issuers already prepare and disseminate reports or other documents containing financial information and/or operating data to various governmental or institutional bodies, or to the public. See, e.g., Application of Antifraud Provisions to Public Statements of Issuers and Obligated Persons of Municipal Securities in the Secondary Market: Staff Legal Bulletin No. 21 (OMS) (Feb. 7, 2020) (“Staff Legal Bulletin No. 21”), available at https://www.sec.gov/municipal/application-antifraud-provisions-staff-legal-bulletin-21; Report of Investigation in the Matter of the City of Harrisburg, Pa. Concerning the Potential Liability of Public Officials with Regard to Disclosure Obligations in the Secondary Market, Exchange Act Release No. 69516 (May 6, 2013), (“Harrisburg Report”), available at https://www.sec.gov/litigation/investreport/34-69516.htm.
[40] See Report on the Municipal Securities Market, supra note 25, at 106 n.640.
Headline: Governor Stein Announces District Court and District Attorney Appointments
Governor Stein Announces District Court and District Attorney Appointments lsaito
Raleigh, NC
Today Governor Josh Stein announced the following appointments to the District Court:
Caroline F. Quinn to the District Court for Judicial District 8, serving Edgecombe, Nash, and Wilson Counties. Quinn is filling the vacancy created after the Honorable William “Bill” Farris retired.
Quinn currently serves as the Clerk of the Superior Court in the 8th Judicial District and previously served as an Assistant District Attorney in the 8th Prosecutorial District. She received her B.A. from the University of North Carolina at Chapel Hill and her J.D. from Campbell University.
Andrew T. Warren to the District Court for Judicial District 34, serving Alleghany, Ashe, Wilkes, and Yadkin Counties. Warren is filling the vacancy created after the Honorable William Brooks retired.
Warren is currently an Associate at Crumpton Law Firm. He received his B.S. from the University of North Carolina at Wilmington and his J.D. from Charlotte School of Law.
The Governor also made the following District Attorney appointment:
Jason T. Waller as District Attorney in Prosecutorial District 13, serving Johnston County. Waller is filling the vacancy created after the Honorable Susan Doyle retired.
Waller currently serves as a Senior Assistant District Attorney in the Johnston County District Attorney’s Office. He received his B.A. and J.D. from the University of North Carolina at Chapel Hill.
“This group of attorneys is exceptionally talented, and they all come to their new positions with a wealth of experience,” said Governor Josh Stein. “They each have a strong record of service, and I look forward to seeing all that they accomplish in their new roles.”
Source: People’s Republic of China in Russian – People’s Republic of China in Russian –
Source: People’s Republic of China – State Council News
BEIJING, July 1 (Xinhua) — With the support of the motherland, the strong guarantee of the “one country, two systems” policy, the dedication of the Hong Kong Special Administrative Region (SAR) government and the concerted efforts of all walks of life, Hong Kong enjoys broad prospects and a promising future, Chinese Foreign Ministry spokesperson Mao Ning said on Tuesday.
The diplomat made the statement at a regular briefing, noting that over the past five years since the Law of the People’s Republic of China on Safeguarding National Security in the Hong Kong Special Administrative Region was adopted and put into effect, the local legal system has been improved, the stability and cohesion of Hong Kong society has been strengthened, and the rights and freedoms enjoyed by the people of the Hong Kong Special Administrative Region in accordance with the law have been more fully protected.
As Mao Ning pointed out, the groundless and malicious denigration of the “one country, two systems” policy by some Western politicians and anti-China organizations, as well as their slander regarding the implementation of the rule of law in Hong Kong, completely expose their malicious intent to undermine stability in the metropolis.
The spokesperson emphasized that Hong Kong has achieved high-quality development based on its high level of security, with its gross regional product growing for nine consecutive quarters. Hong Kong has entered the top three international financial centers in the world and regained its place in the top three in the global competitiveness ranking.
As the world’s third-largest recipient of foreign direct investment, Hong Kong has led the world in IPO funding since the start of this year, retained its top spot in air cargo volume, ranked fourth in the International Shipping Center Development Index, and is among the top 10 in talent competitiveness. As Mao Ning noted, increasing investment in the SAR has become a priority choice for many foreign chambers of commerce.
The data shows that Hong Kong’s economy is highly resilient and viable, and that the city’s international attractiveness is only growing, she added.
“Today marks the 28th anniversary of Hong Kong’s return to the bosom of the motherland. We believe that with the firm support of the motherland, the reliable guarantees of the ‘one country, two systems’ policy, the dedication of the HKSAR administration and the concerted efforts of all walks of life, Hong Kong will enjoy broad prospects and a promising future,” Mao Ning concluded. –0–
Cedar Rapids, IA – U.S. Marshals in Florida today arrested a man wanted on several sex abuse charges in Iowa.
Tyler Michael Treadaway, 27, is wanted in Iowa County in connection to multiple charges of sexual abuse (second-degree) of multiple children.
On April 21 investigators with the Iowa County Sheriff’s Office contacted the Northern Iowa Fugitive Task Force requesting assistance in the location and apprehension of Treadaway. Task force officers began to follow up on leads throughout the Midwest and developed information indicating Treadaway had fled following the reports of abuse. Officials began coordinating with the U.S. Marshals Florida/Caribbean Regional Fugitive Task Force (FCRFTF).
Officers with the FCRFTF today narrowed their search to an area in the 4900 block of Lofty Pines Circle West in Jacksonville. U.S. Marshals approached the suspect shortly after noon and Treadaway eventually surrendered to the officers. Treadaway was arrested without incident and transported for processing. He will remain in custody until extradition to Iowa.
The U.S. Marshals Service is the federal government’s primary agency for fugitive investigations. Nationwide, 60 local task forces are dedicated to violent crime reduction by locating and apprehending wanted criminals. These task forces also serve as the central point for agencies to share information on fugitive matters. The Northern Iowa Fugitive Task Force is comprised of officers from the U.S. Marshals Service, U.S. Immigration and Customs Enforcement, Cedar Rapids Police Department, Waterloo Police Department, Marion Police Department, the Iowa Division of Criminal Investigation, and the Iowa Department of Corrections.
CHICAGO — A Chicago man was convicted in federal court today of conspiring to provide material support to the Islamic State of Iraq and al-Sham (ISIS) by using social media to encourage attacks on ISIS’s enemies and recruit new ISIS members.
ASHRAF AL SAFOO was a leader of Khattab Media Foundation, a sophisticated online organization that swore allegiance to ISIS and created and disseminated threats and ISIS propaganda on social media and other online platforms. Al Safoo and other members of Khattab created and posted pro-ISIS videos, articles, essays, and infographics at the direction of, and in coordination with, ISIS. Much of Khattab’s propaganda promoted violent jihad on behalf of ISIS, which has been designated by the United States government as a foreign terrorist organization. In one posting, Al Safoo encouraged Khattab members to post pro-ISIS information “to cause confusion and spread terror within the hearts of those who disbelieved.” In another posting, Al Safoo wrote, “Work hard, brothers, edit the issue into short clips, take the pictures out of it and publish the efforts of your brothers in the pages of the apostates. Participate in the war, and spread terror, the [Islamic] State does not want you to watch it only, rather, it incites you, and if you are unable to, use it to incite others.”
Many of Khattab’s postings included images of violence, celebrations of terrorist attacks and mass shootings in the United States, and encouragement for “lone wolf” attacks in western countries.
Al Safoo, 41, was arrested in Chicago in 2018. After a bench trial in U.S. District Court in Chicago in 2025, U.S. District Judge John Robert Blakey today announced his verdicts, finding Al Safoo guilty of one count of conspiracy to provide material support to a foreign terrorist organization, one count of conspiracy to transmit threats in interstate commerce, one count of conspiracy to intentionally access a protected computer without authorization, four counts of intentionally accessing a protected computer without authorization, and four counts of providing material support to a foreign terrorist organization.
The convictions carry a maximum sentence of 130 years in federal prison. Judge Blakey set sentencing for Oct. 9, 2025.
The convictions were announced by Andrew S. Boutros, United States Attorney for the Northern District of Illinois, John A. Eisenberg, Assistant Attorney General for National Security at the Department of Justice, and Douglas S. DePodesta, Special Agent-in-Charge of the Chicago Field Office of the FBI. The government is represented by Assistant U.S. Attorneys Melody Wells, Barry Jonas, and Thomas P. Peabody of the Northern District of Illinois, and Trial Attorney Andrew J. Dixon of the National Security Division’s Counterterrorism Section.
“Today’s conviction demonstrates that the safety and security of the American public is always a top priority for me and my entire Office,” said U.S. Attorney Boutros. “The prosecution of Ashraf Al Safoo is a testament to the vigilance and dedication of our prosecutors and law enforcement partners who stand watch to disrupt and prevent dangerous threats before they materialize. We will vigorously pursue and bring to justice those who provide material support–in whatever form–to terrorist organizations.”
“The conviction of Al Safoo affirms the FBI’s strong commitment to protecting and defending the United States from anyone who seeks to harm our citizens,” said FBI Chicago SAC DePodesta. “Those who willingly associate with terrorist organizations or support violent extremism will be investigated, disrupted, and held accountable. It is thanks to the FBI Chicago Joint Terrorism Task Force and its partner agencies that our community is safe from those who pose a fundamental threat to our nation.”
Philadelphia, PA — Members of the U.S. Marshals Eastern Pennsylvania Violent Crimes Fugitive Task Force and Deportation Officers from Immigration Customs Enforcement in Philadelphia, Monday afternoon arrested a Dominican Republic man wanted for violations of 8 USC 1326, Re-Entry After Deportation, along with five other men, also from Dominican Republic.
Arrests Disrupted Clandestine PRC Ministry of State Security Intelligence Network Operating in the United States
Two nationals of the People’s Republic of China (PRC) made their initial appearances in federal court in Portland, Oregon, and Houston, Texas, yesterday to face charges issued out of the Northern District of California for acting as agents of the Government of the PRC without prior notification to the Attorney General. The defendants, Yuance Chen, 38, a PRC national and legal permanent resident who resides in Happy Valley, Oregon, and Liren “Ryan” Lai, 39, a PRC national who traveled from the PRC to Houston, Texas, on a tourist visa in April 2025, were arrested Friday on a criminal complaint charging them with overseeing and carrying out various clandestine intelligence taskings in the United States on behalf of the PRC Government’s principal foreign intelligence service, the Ministry of State Security (MSS). These activities included facilitating a “dead drop” payment of cash for information relating to the national security of the United States previously provided to the MSS, gathering intelligence about U.S. Navy service members and bases, and assisting with efforts to recruit other individuals from within the U.S. military as potential MSS assets.
Chen and Lai were arrested on June 27, 2025, by the FBI in Happy Valley, Oregon, and Houston Texas, as part of a coordinated counterintelligence and law enforcement operation across multiple states.
“This case underscores the Chinese government’s sustained and aggressive effort to infiltrate our military and undermine our national security from within,” said Attorney General Pamela Bondi. “The Justice Department will not stand by while hostile nations embed spies in our country – we will expose foreign operatives, hold their agents to account, and protect the American people from covert threats to our national security.”
“The FBI arrested two Chinese nationals who were allegedly attempting to recruit U.S. military service members on behalf of the PRC,” said FBI Director Kash Patel. “The Chinese Communist Party thought they were getting away with their scheme to operate on U.S. soil, utilizing spy craft, like dead drops, to pay their sources. This case was a complex, coordinated effort and is an example of outstanding counterintelligence work done by FBI San Francisco, Portland, Houston, San Diego, and the Counterintelligence Division. The FBI will continue to vigilantly defend the homeland from China’s pervasive attempts to infiltrate our borders.”
“Adverse foreign intelligence services like the PRC’s Ministry of State Security dedicate years to recruiting individuals and cultivating them as intelligence assets to do their bidding within the United States,” said Assistant Attorney General for National Security John A. Eisenberg. “Under my leadership, the National Security Division will continue to defend our nation and neutralize our adversaries’ clandestine spy networks.”
“These charges reflect the breadth of the efforts by our foreign adversaries to target the United States — this time by conducting illegal intelligence-gathering operations aimed at our national security information and military service members,” said U.S. Attorney Craig H. Missakian for the Northern District of California. “My office and the FBI remain ever vigilant in guarding against these threats to the United States. We will continue to undertake counterespionage investigations and prosecutions, no matter how complex and sensitive, to disrupt attempts to weaken our national security.”
As alleged in the criminal complaint unsealed yesterday, the PRC Government conducts intelligence activities against the United States through multiple arms, including the MSS. The MSS handles civilian intelligence collection for the PRC and is responsible for counterintelligence and foreign intelligence, as well as political security. The MSS and its bureaus seek to obtain information on political, economic, and security policies that might affect the PRC, along with military, scientific, and technical information of value to the PRC. The MSS and its bureaus are tasked with conducting clandestine and covert human source operations, of which the United States is a principal target.
As alleged in the criminal complaint, Lai recruited Chen to work on behalf of the MSS in or about 2021. While in Guangzhou, China, in January 2022, Lai and Chen worked together to facilitate a dead-drop payment of at least $10,000 on behalf of the MSS, working with other individuals located in the United States to leave a backpack with the cash at a day-use locker at a recreational facility located in Livermore, California.
Following the January 2022 dead drop, Lai and Chen continued to work on behalf of the MSS, including to help identify potential assets for MSS recruitment within the ranks of the U.S. Navy. For example, beginning in 2022, Chen was tasked by Lai and other agents of the MSS to contact a Navy employee over social media, and then later, in 2025, arranged for a tour with the employee of the USS Abraham Lincoln and provided information about the employee to the MSS. In 2022 and 2023, Chen was tasked to visit a U.S. Naval installation in Washington State and a U.S. Navy recruitment center in San Gabriel, California. While in the recruitment center, Chen obtained photographs of a bulletin board containing the names, programs, and hometowns of recent Navy recruits, the majority of whom listed their hometown as “China,” which he appears to have transmitted to an MSS intelligence officer in China. The complaint also alleges that Chen received instruction from the MSS on what to say to potential recruits regarding potential payment that could be made by the MSS, preferred Naval job assignments for potential recruits, and methods for minimizing Chen’s risk of exposure. The complaint alleges that in 2023, Lai flew to the United States from the PRC and provided Chen with a cellphone that Chen then used to communicate with the MSS. The complaint also alleges that Chen traveled to Guangzhou and met with MSS intelligence officers in April 2024 and March 2025 in order to discuss compensation and specific taskings.
The complaint also alleges that Lai traveled to Houston, Texas, in April 2025, claiming that the purpose of his visit was related to his business as an online retail seller, and that he would be staying in the Houston area for two weeks. However, on May 9, 2025 – more than four weeks after his arrival in the United States – Lai traveled by car with a companion from Houston to Southern California, via New Mexico and Tucson, Arizona, before returning to Texas, on May 15, 2025.
Chen and Lai are charged with violating Title 18, United States Code, Section 951, which makes it a crime for a person to operate or agree to operate within the United States as an agent of a foreign government without notification to the Attorney General of the United States. If convicted, the defendants face a fine of up to $250,000 and a term of imprisonment of up to 10 years.
The FBI San Francisco Field Office is leading the investigation, with valuable assistance provided by the FBI Portland, Houston, and San Diego Field Offices. The Naval Criminal Investigative Service (NCIS) also provided valuable assistance during the operation.
The National Security and Special Prosecutions Section of the U.S. Attorney’s Office for the Northern District of California and the National Security Division’s Counterintelligence and Export Control Section are in charge of the prosecution. Significant operational support and assistance is also being provided by the District of Oregon, the Southern District of Texas, and the Southern District of California.
A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)
CHARLESTON, W.Va. – Randy Price, 52, of Wayne, pleaded guilty today to being a felon in possession of a firearm.
According to court documents and statements made in court, on July 16, 2019, a law enforcement officer conducted a traffic stop of a vehicle driven by Price in Charleston. Price attempted to flee on foot but was captured. Law enforcement seized a Raven Arms MP-25 .25-caliber pistol from the vehicle.
Federal law prohibits a person with a prior felony conviction from possessing a firearm or ammunition. Price knew he was prohibited from possessing a firearm because of his prior felony convictions for involuntary manslaughter and aggravated robbery in Cuyahoga County, Ohio, Court of Common Pleas on June 28, 2002.
Price is scheduled to be sentenced on October 2, 2025, and faces a maximum penalty of 15 years in prison, up to three years of supervised release, and a $250,000 fine.
Acting United States Attorney Lisa G. Johnston made the announcement and commended the investigative work of the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) and the Charleston Police Department.
United States District Judge Joseph R. Goodwin presided over the hearing. Assistant United States Attorneys JC MacCallum and Negar M. Kordestani have prosecuted the case.
This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.
A copy of this press release is located on the website of the U.S. Attorney’s Office for the Southern District of West Virginia. Related court documents and information can be found on PACER by searching for Case No. 2:22-cr-97.
Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)
CHARLESTON, W.Va. – Randy Price, 52, of Wayne, pleaded guilty today to being a felon in possession of a firearm.
According to court documents and statements made in court, on July 16, 2019, a law enforcement officer conducted a traffic stop of a vehicle driven by Price in Charleston. Price attempted to flee on foot but was captured. Law enforcement seized a Raven Arms MP-25 .25-caliber pistol from the vehicle.
Federal law prohibits a person with a prior felony conviction from possessing a firearm or ammunition. Price knew he was prohibited from possessing a firearm because of his prior felony convictions for involuntary manslaughter and aggravated robbery in Cuyahoga County, Ohio, Court of Common Pleas on June 28, 2002.
Price is scheduled to be sentenced on October 2, 2025, and faces a maximum penalty of 15 years in prison, up to three years of supervised release, and a $250,000 fine.
Acting United States Attorney Lisa G. Johnston made the announcement and commended the investigative work of the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) and the Charleston Police Department.
United States District Judge Joseph R. Goodwin presided over the hearing. Assistant United States Attorneys JC MacCallum and Negar M. Kordestani have prosecuted the case.
This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.
A copy of this press release is located on the website of the U.S. Attorney’s Office for the Southern District of West Virginia. Related court documents and information can be found on PACER by searching for Case No. 2:22-cr-97.
Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)
ST. LOUIS – Two people have admitted to attempting to kidnap and rob a St. Louis apartment property manager at gunpoint in 2024, as well as other gun crimes.
Emma M. Cunningham, 32, pleaded guilty Monday in U.S. District Court to attempted kidnapping, transfer of a firearm to a convicted felon and making a false statement in connection with the purchase of a firearm.
Jervonz L. Williams, 49, pleaded guilty on June 23 to attempted kidnapping, robbery and possession of a firearm by a felon.
Both admitted that on Feb. 20, 2024, Cunningham bought a handgun for Williams, her boyfriend and a convicted felon who is thus barred from possessing firearms. Cunningham lied on Bureau of Alcohol, Tobacco, Firearms and Explosives Form 4473 when she claimed she was buying the gun for herself and when she denied being an unlawful user of a controlled substance.
Williams admitted using the gun to threaten others, including one of Cunningham’s neighbors. He also admitted using it to rob a drug dealer of $17, a gun and cocaine base in late June of 2024. Williams struck the dealer on the head with the revolver multiple times during the robbery.
Williams and Cunningham used that gun again on Aug. 5, 2024, in a failed bid to kidnap an apartment property manager in St. Louis. The property manager was meeting Cunningham, her tenant, for a final walkthrough. When the victim entered the apartment, Cunningham locked the door and Williams threatened to kill her when she tried to call 911. Williams then demanded cash and the password to her phone so that they could access her financial accounts. They secured her to a chair with duct tape, but she broke free and was able to escape, even though Cunningham and Williams ripped off her shirt and tore out clumps of her hair trying to prevent her from leaving. Two days later, police arrested the couple. Williams had the .38-caliber revolver Cunningham purchased and she had a box of ammunition.
Williams is scheduled to be sentenced on September 24 and Cunningham on September 30. The kidnapping and robbery charges each carry a potential penalty of up to 20 years in prison. The felon in possession and transfer of a firearm charge each carry a penalty of up to 15 years. The false statement charge carries a penalty of up to 10 years in prison.
The Bureau of Alcohol, Tobacco, Firearms and Explosives and the St. Louis Metropolitan Police Department investigated the case. Assistant U.S. Attorney Zachary Bluestone is prosecuting the case.
This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.
Source: United States Bureau of Alcohol Tobacco Firearms and Explosives (ATF)
ST. LOUIS – Two people have admitted to attempting to kidnap and rob a St. Louis apartment property manager at gunpoint in 2024, as well as other gun crimes.
Emma M. Cunningham, 32, pleaded guilty Monday in U.S. District Court to attempted kidnapping, transfer of a firearm to a convicted felon and making a false statement in connection with the purchase of a firearm.
Jervonz L. Williams, 49, pleaded guilty on June 23 to attempted kidnapping, robbery and possession of a firearm by a felon.
Both admitted that on Feb. 20, 2024, Cunningham bought a handgun for Williams, her boyfriend and a convicted felon who is thus barred from possessing firearms. Cunningham lied on Bureau of Alcohol, Tobacco, Firearms and Explosives Form 4473 when she claimed she was buying the gun for herself and when she denied being an unlawful user of a controlled substance.
Williams admitted using the gun to threaten others, including one of Cunningham’s neighbors. He also admitted using it to rob a drug dealer of $17, a gun and cocaine base in late June of 2024. Williams struck the dealer on the head with the revolver multiple times during the robbery.
Williams and Cunningham used that gun again on Aug. 5, 2024, in a failed bid to kidnap an apartment property manager in St. Louis. The property manager was meeting Cunningham, her tenant, for a final walkthrough. When the victim entered the apartment, Cunningham locked the door and Williams threatened to kill her when she tried to call 911. Williams then demanded cash and the password to her phone so that they could access her financial accounts. They secured her to a chair with duct tape, but she broke free and was able to escape, even though Cunningham and Williams ripped off her shirt and tore out clumps of her hair trying to prevent her from leaving. Two days later, police arrested the couple. Williams had the .38-caliber revolver Cunningham purchased and she had a box of ammunition.
Williams is scheduled to be sentenced on September 24 and Cunningham on September 30. The kidnapping and robbery charges each carry a potential penalty of up to 20 years in prison. The felon in possession and transfer of a firearm charge each carry a penalty of up to 15 years. The false statement charge carries a penalty of up to 10 years in prison.
The Bureau of Alcohol, Tobacco, Firearms and Explosives and the St. Louis Metropolitan Police Department investigated the case. Assistant U.S. Attorney Zachary Bluestone is prosecuting the case.
This case is part of Project Safe Neighborhoods (PSN), a program bringing together all levels of law enforcement and the communities they serve to reduce violent crime and gun violence, and to make our neighborhoods safer for everyone. On May 26, 2021, the Department launched a violent crime reduction strategy strengthening PSN based on these core principles: fostering trust and legitimacy in our communities, supporting community-based organizations that help prevent violence from occurring in the first place, setting focused and strategic enforcement priorities, and measuring the results.
The Food and Agriculture Organization of the United Nations (FAO) announced the winners of the 2025 FAO Awards, recognizing organizations from Colombia, Egypt, and the Philippines, whose work has led to outstanding progress in building more efficient, inclusive, resilient and sustainable agrifood systems.
On Monday, FAO Director-General QU Dongyu presented the Champion Award and Partnership Award during the 44th FAO Ministerial Conference held in Rome.
“These Awards are more than an acknowledgment of achievements – they represent FAO’s core values and aspirations. The ceremony is a celebration of possibility and hope of what happens when commitment and innovation meet the urgent call to transform global agrifood systems,” he said.
The FAO Champion Award, the Organization’s highest corporate award, which carries a prize of USD 50,000 and recognizes significant and outstanding contributions towards advancing FAO’s overall goals, was conferred to la Confederación Mesa Nacional de Pesca Artesanal de Colombia (COMENALPAC), for its tangible results across organizational, social, economic and environmental dimensions, including championing social protection measures for fishers and played a key role in drafting laws against illegal fishing, thereby improving the welfare and rights of fishing communities.
Since 2017, COMENALPAC has represented over 800 groups of marine and freshwater fishers across Colombia. Its work has contributed to the design and implementation of key legislation, including Law 2268 of 2022, which guarantees social benefits for commercial and subsistence fishers.
Through an FAO–COMENALPAC partnership, the organization has strengthened fisher communities in Tumaco by eliminating intermediaries, increasing incomes, and promoting inclusive market opportunities. It has also led to the restoration of 83 wetlands, contributing to aquatic biodiversity and more sustainable food systems. The organization was further praised for helping secure the legal recognition of more than 120,000 fishers and for its role in incorporating the concept of “Aquatic Agrifood Ecosystems” into Colombia’s National Development Plan.
In addition, within the same category, a Special Mention was also awarded to Youth Uprising, a Philippine-based non-profit organization recognized for its intense engagement of young people in transforming agrifood systems.
The FAO Partnership Award — valued at USD 10,000 and recognizing outstanding cooperation with FAO in advancing the Organization’s work by its Members — was presented to The Egyptian Food Bank (EFB), the first Egypt NGO focused on addressing food insecurity, providing support to over 24 million people through comprehensive food assistance, nutrition, and empowerment programs.
Among the EFB’s most notable initiatives are the Community Nutrition Programme, the Ramadan Food Loss Initiative, and the Resilience Index Measurement and Analysis (RIMA). EFB’s programs have benefited over 150,000 families and more than 60,000 schoolchildren. Its work also includes capacity-building for small-scale producers and support to 1,200 farmers — particularly women — promoting sustainable agricultural practices and economic inclusion.
The FAO Director-General bestowed the awards to representatives of the organizations who attended the ceremony in person.
Adriana Rocío Cadena Cancino, Director of la Confederación Mesa Nacional de Pesca Artesanal de Colombia (COMENALPAC), received the Champion Award on behalf of the organization.
Mohsen Sarhan Ali Gamal Ali, Chief Executive Officer of The Egyptian Food Bank (EFB), accepted the Partnership Award on behalf of his organization.
The following text contains opinion that is not, or not necessarily, that of MIL-OSI –
Chairwoman McClain Slams Democrats for Failing to Condemn Violent Attacks on Police Officers
Washington, June 27, 2025
WASHINGTON—House Republican Conference Chairwoman Lisa McClain (R-Mich.) released the following statement after the U.S. House passed H. Res. 516 – a resolution that condemns the violent riots in Los Angeles, California, and expresses support for law enforcement officers:
“Burning cars and attacking law enforcement officers should never be considered a ‘peaceful protest’ in America. Democrats just failed to condemn the violent riots in Los Angeles and to express support for our law enforcement officers. Their derangement is on full display,” Chairwoman McClain said. “The contrast is clear: Democrats side with violent criminal illegal aliens, while Republicans will always stand with our heroic law enforcement officers. Shame on them.”
BALTIMORE — An investigation conducted by U.S. Immigration and Customs Enforcement led to the sentencing of Amos Oluremi Nureni, 43, to 10 years in prison followed by four years of supervised release, for conspiracy to distribute 40 grams or more of fentanyl and possession of a firearm in furtherance of a drug trafficking crime.
“This sentence sends a clear message: Those who traffic fentanyl, a deadly drug fueling our nation’s overdose crisis, will be held accountable,” said ICE Homeland Security Investigations Baltimore acting Special Agent in Charge Evan Campanella. “In Maryland, we are seeing the devastating impact of fentanyl on our communities every day. Through our strong partnerships with the DEA and the U.S. attorney’s office, HSI will continue to pursue and dismantle the criminal networks responsible for pushing this poison into our neighborhoods. The sentencing of Amos Oluremi Nureni is a direct result of that commitment.”
In September 2023, HSI and the DEA began investigating Nureni in connection with suspected fentanyl trafficking. During the investigation, law enforcement conducted two controlled purchases in which Nureni sold an undercover officer approximately 400 to 500 pills.
The pills were blue in color and imprinted with “M30” — mimicking the markings on legitimate pills from a manufacturer containing oxycodone hydrochloride. As confirmed by laboratory analysis, the blue “M30” pills contained fentanyl. In total, Nureni sold approximately 866 fentanyl pills — or nearly 100 grams of a mixture and substance containing fentanyl — to the undercover officer.
Law enforcement executed a search warrant on Nureni’s Laurel residence March 27, 2024. During the search, law enforcement found a bag containing approximately 10.48 grams (98 pills) of a mixture and substance containing fentanyl and a silver Taurus pistol with an obliterated number in Nureni’s safe. The pistol was loaded with a 9mm round of ammunition in the chamber and a magazine containing six rounds of 9mm ammunition.
Additionally, law enforcement found a large silver and red hydraulic press; a small silver hydraulic press; a digital scale with white powder residue; and several bags containing approximately 6.44 grams (61 pills) of fentanyl, approximately 6.25 grams of cocaine base, approximately 0.859 grams of cocaine, approximately 3.04 grams of cocaine, approximately 3.02 grams of methamphetamine and approximately 1.478 grams of dipentylone in Nureni’s residence.
Campanella, U.S. Attorney for the District of Maryland Kelly O. Hayes and DEA Washington Special Agent in Charge Ibrar A. Mian announced the sentence.
Members of the public with information about criminal activity should contact the ICE Tip Line at 866-DHS-2-ICE (866-347-2423).
Learn more about HSI Baltimore’s mission to increase public safety in our Maryland communities on X at @HSIBaltimore.
On October 31, 2023, Cindy Rodriguez Singh was charged with capital murder in the District Court of Tarrant County, Fort Worth, Texas. On November 2, 2023, a federal arrest warrant was issued for Rodriguez Singh in the U.S. District Court, Northern District of Texas, Fort Worth, Texas, for Unlawful Flight to Avoid Prosecution. On August 29, 2024, the FBI announced a reward of up to $25,000 for information leading to her arrest and conviction. Today, the FBI is increasing that amount and now offering up to a $250,000 reward.
“The disappearance and suspected death of Noel Alvarez is still fresh in the minds of everyone in Everman as well as throughout North Texas. The addition of Cindy Rodriguez Singh to the FBI’s Ten Most Wanted Fugitives List is an opportunity to bring this case to the eyes and ears of citizens across the country and around the world,” said FBI Dallas Special Agent in Charge R. Joseph Rothrock. “We are confident that this publicity will culminate in her arrest and that she will be returned to the United States to answer for her alleged crimes.”
“The addition of Cindy Rodriguez Singh to the FBI’s Ten Most Wanted Fugitives list marks a powerful moment in our unrelenting pursuit of justice for Noel. This is a promise we made to him and to this community, that we would never stop until those responsible are held accountable,” said Craig Spencer, former chief of police and current city manager and emergency management coordinator for the city of Everman. “This designation amplifies our reach and renews our focus. We urge anyone, anywhere, with information to come forward now. Noel deserves that much. We are so incredibly thankful to the FBI for their continued effort and support on this incredibly important case.”
“I deeply appreciate the unwavering dedication of our law enforcement agencies throughout this investigation,” Tarrant County District Attorney Phil Sorrells said. “We are hopeful that Cindy Rodriguez Singh will be apprehended and returned to Tarrant County. My office is committed to delivering justice for Noel.”
Rodriguez Singh’s last confirmed sighting was on March 22, 2023, as she, her husband, and six juvenile children, boarded an international flight to India. She was born in Dallas, Texas, in 1985, and is 40 years old. The fugitive is 5’1” to 5’3” tall, weighs 120 to 140 pounds, has a medium complexion, and has tattoos on her back, both legs, right arm, right hand, and right calf. She has brown eyes and brown hair.
Rodriguez Singh is believed to have ties to India and Mexico. Additional information and wanted posters in English, Spanish, and Hindi, can be found at this link: https://www.fbi.gov/wanted/topten.
The FBI’s Ten Most Wanted Fugitives list was established in March 1950. Since its inception, 537 fugitives have appeared on the list and 497 have been apprehended or located—many due to tips from citizens. Since its inception, there have been eight fugitives wanted from the North Texas region placed on the list. In addition, five fugitives that have been placed on the list were arrested in the North Texas region.
The FBI is offering a reward of up to $250,000 for information leading to the arrest of Cindy Rodriguez Singh. Anyone with information concerning Rodriguez Singh should immediately contact the nearest FBI office or local law enforcement agency.
Calls can be directed to 1-800-CALL-FBI (1-800-225-5324) or the FBI’s Dallas Field Office at 972-559-5000. Individuals from outside of the United States should contact the nearest U.S. Embassy or Consulate. Tips can also be submitted digitally at tips.fbi.gov. All information can remain anonymous, and confidentiality is guaranteed.
This fugitive investigation is being conducted by the FBI’s Fort Worth Resident Agency, Everman Police Department, Northeast Tarrant County Child Abduction Response Team, Tarrant County District Attorney’s Office, and Texas Rangers.
Media Contact:
Public Affairs Officer, Melinda Urbina Garcia, murbina@fbi.gov
Arrests Disrupted Clandestine PRC Ministry of State Security Intelligence Network Operating in the United States
Two nationals of the People’s Republic of China (PRC) made their initial appearances in federal court in Portland, Oregon, and Houston, Texas, yesterday to face charges issued out of the Northern District of California for acting as agents of the Government of the PRC without prior notification to the Attorney General. The defendants, Yuance Chen, 38, a PRC national and legal permanent resident who resides in Happy Valley, Oregon, and Liren “Ryan” Lai, 39, a PRC national who traveled from the PRC to Houston, Texas, on a tourist visa in April 2025, were arrested Friday on a criminal complaint charging them with overseeing and carrying out various clandestine intelligence taskings in the United States on behalf of the PRC Government’s principal foreign intelligence service, the Ministry of State Security (MSS). These activities included facilitating a “dead drop” payment of cash for information relating to the national security of the United States previously provided to the MSS, gathering intelligence about U.S. Navy service members and bases, and assisting with efforts to recruit other individuals from within the U.S. military as potential MSS assets.
Chen and Lai were arrested on June 27, 2025, by the FBI in Happy Valley, Oregon, and Houston Texas, as part of a coordinated counterintelligence and law enforcement operation across multiple states.
“This case underscores the Chinese government’s sustained and aggressive effort to infiltrate our military and undermine our national security from within,” said Attorney General Pamela Bondi. “The Justice Department will not stand by while hostile nations embed spies in our country – we will expose foreign operatives, hold their agents to account, and protect the American people from covert threats to our national security.”
“The FBI arrested two Chinese nationals who were allegedly attempting to recruit U.S. military service members on behalf of the PRC,” said FBI Director Kash Patel. “The Chinese Communist Party thought they were getting away with their scheme to operate on U.S. soil, utilizing spy craft, like dead drops, to pay their sources. This case was a complex, coordinated effort and is an example of outstanding counterintelligence work done by FBI San Francisco, Portland, Houston, San Diego, and the Counterintelligence Division. The FBI will continue to vigilantly defend the homeland from China’s pervasive attempts to infiltrate our borders.”
“Adverse foreign intelligence services like the PRC’s Ministry of State Security dedicate years to recruiting individuals and cultivating them as intelligence assets to do their bidding within the United States,” said Assistant Attorney General for National Security John A. Eisenberg. “Under my leadership, the National Security Division will continue to defend our nation and neutralize our adversaries’ clandestine spy networks.”
“These charges reflect the breadth of the efforts by our foreign adversaries to target the United States — this time by conducting illegal intelligence-gathering operations aimed at our national security information and military service members,” said U.S. Attorney Craig H. Missakian for the Northern District of California. “My office and the FBI remain ever vigilant in guarding against these threats to the United States. We will continue to undertake counterespionage investigations and prosecutions, no matter how complex and sensitive, to disrupt attempts to weaken our national security.”
As alleged in the criminal complaint unsealed yesterday, the PRC Government conducts intelligence activities against the United States through multiple arms, including the MSS. The MSS handles civilian intelligence collection for the PRC and is responsible for counterintelligence and foreign intelligence, as well as political security. The MSS and its bureaus seek to obtain information on political, economic, and security policies that might affect the PRC, along with military, scientific, and technical information of value to the PRC. The MSS and its bureaus are tasked with conducting clandestine and covert human source operations, of which the United States is a principal target.
As alleged in the criminal complaint, Lai recruited Chen to work on behalf of the MSS in or about 2021. While in Guangzhou, China, in January 2022, Lai and Chen worked together to facilitate a dead-drop payment of at least $10,000 on behalf of the MSS, working with other individuals located in the United States to leave a backpack with the cash at a day-use locker at a recreational facility located in Livermore, California.
Following the January 2022 dead drop, Lai and Chen continued to work on behalf of the MSS, including to help identify potential assets for MSS recruitment within the ranks of the U.S. Navy. For example, beginning in 2022, Chen was tasked by Lai and other agents of the MSS to contact a Navy employee over social media, and then later, in 2025, arranged for a tour with the employee of the USS Abraham Lincoln and provided information about the employee to the MSS. In 2022 and 2023, Chen was tasked to visit a U.S. Naval installation in Washington State and a U.S. Navy recruitment center in San Gabriel, California. While in the recruitment center, Chen obtained photographs of a bulletin board containing the names, programs, and hometowns of recent Navy recruits, the majority of whom listed their hometown as “China,” which he appears to have transmitted to an MSS intelligence officer in China. The complaint also alleges that Chen received instruction from the MSS on what to say to potential recruits regarding potential payment that could be made by the MSS, preferred Naval job assignments for potential recruits, and methods for minimizing Chen’s risk of exposure. The complaint alleges that in 2023, Lai flew to the United States from the PRC and provided Chen with a cellphone that Chen then used to communicate with the MSS. The complaint also alleges that Chen traveled to Guangzhou and met with MSS intelligence officers in April 2024 and March 2025 in order to discuss compensation and specific taskings.
The complaint also alleges that Lai traveled to Houston, Texas, in April 2025, claiming that the purpose of his visit was related to his business as an online retail seller, and that he would be staying in the Houston area for two weeks. However, on May 9, 2025 – more than four weeks after his arrival in the United States – Lai traveled by car with a companion from Houston to Southern California, via New Mexico and Tucson, Arizona, before returning to Texas, on May 15, 2025.
Chen and Lai are charged with violating Title 18, United States Code, Section 951, which makes it a crime for a person to operate or agree to operate within the United States as an agent of a foreign government without notification to the Attorney General of the United States. If convicted, the defendants face a fine of up to $250,000 and a term of imprisonment of up to 10 years.
The FBI San Francisco Field Office is leading the investigation, with valuable assistance provided by the FBI Portland, Houston, and San Diego Field Offices. The Naval Criminal Investigative Service (NCIS) also provided valuable assistance during the operation.
The National Security and Special Prosecutions Section of the U.S. Attorney’s Office for the Northern District of California and the National Security Division’s Counterintelligence and Export Control Section are in charge of the prosecution. Significant operational support and assistance is also being provided by the District of Oregon, the Southern District of Texas, and the Southern District of California.
A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
Source: United States Department of Justice (video statements)
DOJ/FTC Host Listening Sessions on Lowering Americans’ Drug Prices Through Competition: Anticompetitive Conduct by Pharmaceutical Companies Impeding Generic or Biosimilar Competition
BALTIMORE — An investigation conducted by U.S. Immigration and Customs Enforcement led to the sentencing of Mark Rice, 38, to 30 years in prison followed by lifetime supervised release, for producing and distributing child sexual abuse material.
“This sentencing is a powerful reminder that those who exploit and abuse children will be relentlessly pursued and held accountable,” said ICE Homeland Security Investigations Baltimore Special Agent in Charge Michael McCarthy. “There is no place in society for predators who create and distribute child sexual abuse material. These crimes shatter lives, and HSI will never waver in our mission to bring justice to victims by targeting those who commit these horrific acts. We will continue to work with our partners to ensure the strongest possible consequences under the law.”
Rice previously pled guilty to one count of producing child sexual abuse material, one count of distributing child sexual abuse material and one count of possessing child sexual abuse material. These charges stem from Rice sexually abusing two minors in his care while using social media to distribute and solicit child sexual abuse material.
According to his plea agreement, Rice used his position of authority to sexually abuse a minor — beginning when she was less than 3 years old — as he created photographic evidence of the abuse. He also exploited a second minor through surreptitious photography. Rice actively participated in online communities dedicated to trading child sexual abuse material. He used platforms such as Reddit, Telegram and Kik to distribute images of his victims and obtain material depicting other children.
In April 2023, the National Center for Missing and Exploited Children received a CyberTip from Reddit regarding the transmission of child sexual abuse material. Authorities traced the tip to an IP address associated with Rice’s Elkton residence.
During a Maryland State Police interview, Rice denied the accusation but was observed deleting photos from his phone. When Rice showed officers his phone, investigators spotted child sexual abuse material in a thumbnail image. Through a deeper search, authorities uncovered additional material in his recently deleted folder.
Then, HSI Baltimore special agents discovered more than 600 child sexual abuse material images across Rice’s devices. Investigators also found that Rice used a public Reddit community to connect with people that he traded child sexual abuse material with using encrypted messaging platforms.
McCarthy, U.S. Attorney for the District of Maryland Kelly O. Hayes and Maryland State Police Superintendent Roland L. Butler Jr. announced the indictment.
Members of the public with information about criminal activity should contact the ICE Tip Line at 866-DHS-2-ICE (866-347-2423).
Learn more about HSI Baltimore’s mission to increase public safety in our Maryland communities on X at @HSIBaltimore.
Headline: Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations
Since 2024, Microsoft Threat Intelligence has observed remote information technology (IT) workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the Democratic People’s Republic of Korea (DPRK). Among the changes noted in the North Korean remote IT worker tactics, techniques, and procedures (TTPs) include the use of AI tools to replace images in stolen employment and identity documents and enhance North Korean IT worker photos to make them appear more professional. We’ve also observed that they’ve been utilizing voice-changing software.
North Korea has deployed thousands of remote IT workers to assume jobs in software and web development as part of a revenue generation scheme for the North Korean government. These highly skilled workers are most often located in North Korea, China, and Russia, and use tools such as virtual private networks (VPNs) and remote monitoring and management (RMM) tools together with witting accomplices to conceal their locations and identities.
Historically, North Korea’s fraudulent remote worker scheme has focused on targeting United States (US) companies in the technology, critical manufacturing, and transportation sectors. However, we’ve observed North Korean remote workers evolving to broaden their scope to target various industries globally that offer technology-related roles. Since 2020, the US government and cybersecurity community have identified thousands of North Korean workers infiltrating companies across various industries.
Organizations can protect themselves from this threat by implementing stricter pre-employment vetting measures and creating policies to block unapproved IT management tools. For example, when evaluating potential employees, employers and recruiters should ensure that the candidates’ social media and professional accounts are unique and verify their contact information and digital footprint. Organizations should also be particularly cautious with staffing company employees, check for consistency in resumes, and use video calls to confirm a worker’s identity.
Microsoft Threat Intelligence tracks North Korean IT remote worker activity as Jasper Sleet (formerly known as Storm-0287). We also track several other North Korean activity clusters that pursue fraudulent employment using similar techniques and tools, including Storm-1877 and Moonstone Sleet. To disrupt this activity and protect our customers, we’ve suspended 3,000 known Microsoft consumer accounts (Outlook/Hotmail) created by North Korean IT workers. We have also implemented several detections to alert our customers of this activity through Microsoft Entra ID Protection and Microsoft Defender XDR as noted at the end of this blog. As with any observed nation-state threat actor activity, Microsoft has directly notified targeted or compromised customers, providing them with important information needed to secure their environments. As we continue to observe more attempts by threat actors to leverage AI, not only do we report on them, but we also have principles in place to take action against them.
This blog provides additional information on the North Korean remote IT worker operations we published previously, including Jasper Sleet’s usual TTPs to secure employment, such as using fraudulent identities and facilitators. We also provide recent observations regarding their use of AI tools. Finally, we share detailed guidance on how to investigate, monitor, and remediate possible North Korean remote IT worker activity, as well as detections and hunting capabilities to surface this threat.
From North Korea to the world: The remote IT workforce
Since at least early 2020, Microsoft has tracked a global operation conducted by North Korea in which skilled IT workers apply for remote job opportunities to generate revenue and support state interests. These workers present themselves as foreign (non-North Korean) or domestic-based teleworkers and use a variety of fraudulent means to bypass employment verification controls.
North Korea’s fraudulent remote worker scheme has since evolved, establishing itself as a well-developed operation that has allowed North Korean remote workers to infiltrate technology-related roles across various industries. In some cases, victim organizations have even reported that remote IT workers were some of their most talented employees. Historically, this operation has focused on applying for IT, software development, and administrator positions in the technology sector. Such positions provide North Korean threat actors access to highly sensitive information to conduct information theft and extortion, among other operations.
North Korean IT workers are a multifaceted threat because not only do they generate revenue for the North Korean regime, which violates international sanctions, they also use their access to steal sensitive intellectual property, source code, or trade secrets. In some cases, these North Korean workers even extort their employer into paying them in exchange for not publicly disclosing the company’s data.
Between 2020 and 2022, the US government found that over 300 US companies in multiple industries, including several Fortune 500 companies, had unknowingly employed these workers, indicating the magnitude of this threat. The workers also attempted to gain access to information at two government agencies. Since then, the cybersecurity community has continued to detect thousands of North Korean workers. On January 3, 2025, the Justice Department released an indictment identifying two North Korean nationals and three facilitators responsible for conducting fraudulent work between 2018 and 2024. The indicted individuals generated a revenue of at least US$866,255 from only ten of the at least 64 infiltrated US companies.
North Korean threat actors are evolving across the threat landscape to incorporate more sophisticated tactics and tools to conduct malicious employment-related activity, including the use of custom and AI-enabled software.
Tactics and techniques
The tactics and techniques employed by North Korean remote IT workers involve a sophisticated ecosystem of crafting fake personas, performing remote work, and securing payments. North Korean IT workers apply for remote roles, in various sectors, at organizations across the globe.
They create, rent, or procure stolen identities that match the geo-location of their target organizations (for example, they would establish a US-based identity to apply for roles at US-based companies), create email accounts and social media profiles, and establish legitimacy through fake portfolios and profiles on developer platforms like GitHub and LinkedIn. Additionally, they leverage AI tools to enhance their operations, including image creation and voice-changing software. Facilitators play a crucial role in validating fraudulent identities and managing logistics, such as forwarding company hardware and creating accounts on freelance job websites. To evade detection, these workers use VPNs, virtual private servers (VPSs), and proxy services as well as RMM tools to connect to a device housed at a facilitator’s laptop farm located in the country of the job.
Figure 1. The North Korean IT worker ecosystem
Crafting fake personas and profiles
The North Korean remote IT worker fraud scheme begins with the procurement of identities for the workers. These identities, which can be stolen or “rented” from witting individuals, include names, national identification numbers, and dates of birth. The workers might also leverage services that generate fraudulent identities, complete with seemingly legitimate documentation, to fabricate their personas. They then create email accounts and social media pages they use to apply for jobs, often indirectly through staffing or contracting companies. They also apply for freelance opportunities through freelancer sites as an additional avenue for revenue generation. Notably, they often use the same names/profiles repeatedly rather than creating unique personas for each successful infiltration.
Additionally, the North Korean IT workers have used fake profiles on LinkedIn to communicate with recruiters and apply for jobs.
Figure 2. An example of a North Korean IT worker LinkedIn profile that has since been taken down.
The workers tailor their fake resumes and profiles to match the requirements for specific remote IT positions, thus increasing their chances of getting selected. Over time, we’ve observed these fake resumes and employee documents noticeably improving in quality, now appearing more polished and lacking grammatical errors facilitated by AI.
After creating their fake personas, the North Korean IT workers then attempt to establish legitimacy by creating digital footprints for these fake personas. They typically leverage communication, networking, and developer platforms, (for example, GitHub) to showcase their supposed portfolio of previous work samples:
Figure 3. Example profile used by a North Korean IT worker that has since been taken down.
Using AI to improve operations
Microsoft Threat intelligence has observed North Korean remote IT workers leveraging AI to improve the quantity and quality of their operations. For example, in October 2024, we found a public repository containing actual and AI-enhanced images of suspected North Korean IT workers:
Figure 4. Photos of potential North Korean IT workers
The repository also contained the resumes and email accounts used by the said workers, along with the following tools and resources they can use to secure employment and to do their work:
VPS and VPN accounts, along with specific VPS IP addresses
Playbooks on conducting identity theft and creating and bidding jobs on freelancer websites
Wallet information and suspected payments made to facilitators
LinkedIn, GitHub, Upwork, TeamViewer, Telegram, and Skype accounts
Tracking sheet of work performed, and payments received by the IT workers
Image creation
Based on our review of the repository mentioned previously, North Korean IT workers appear to conduct identity theft and then use AI tools like Faceswap to move their pictures over to the stolen employment and identity documents. The attackers also use these AI tools to take pictures of the workers and move them to more professional looking settings. The workers then use these AI-generated pictures on one or more resumes or profiles when applying for jobs.
Figure 5. Use of AI apps to modify photos used for North Korean IT workers’ resumes and profilesFigure 6. Examples of resumes for North Korean IT workers. These two resumes use different versions of the same photo.
Communications
Microsoft Threat Intelligence has observed that North Korean IT workers are also experimenting with other AI technologies such as voice-changing software. While we haven’t observed threat actors using combined AI voice and video products as a tactic first hand, we do recognize that combining these technologies could allow future threat actor campaigns to trick interviewers into thinking they aren’t communicating with a North Korean IT worker. If successful, this tactic could allow the North Korean IT workers to do interviews directly and no longer rely on facilitators standing in for them on interviews or selling them account access.
Facilitators for initial access
North Korean Remote IT workers require assistance from a witting facilitator to help find jobs, pass the employment verification process, and once hired, successfully work remotely. We’ve observed Jasper Sleet advertising job opportunities for facilitator roles under the guise of partnering with a remote job candidate to help secure an IT role in a competitive market:
Figure 7. Example of a job opportunity for a facilitator role
The IT workers may have the facilitators assist in creating accounts on remote and freelance job websites. They might also ask the facilitator to perform the following tasks as their relationship builds:
Create a bank account for the North Korean IT worker, or lend their (the facilitator’s) own account to the worker
Purchase mobile phone numbers or SIM cards
During the employment verification process, the witting accomplice helps the North Korean IT workers validate the latter’s fraudulent identities using online background check service providers. The documents submitted by the workers include fake or stolen drivers’ licenses, social security cards, passports, and permanent resident identification cards. Workers train using interview scripts, which include a justification for why the employee must work remotely.
Once hired, the remote workers direct company laptops and hardware to be sent to the address of the accomplice. The accomplice then either runs a laptop farm that provides the laptops with an internet connection at the geo-location of the role or forwards the items internationally. For hardware that remain in the country of the role, the accomplice signs into the computers and installs software that enables the workers to connect remotely. Remote IT workers might also access devices remotely using IP-based KVM devices, like PiKVM or TinyPilot.
Defense evasion and persistence
To conceal their physical location as well as maintain persistence and blend into the target organization’s environment, the workers typically use VPNs (particularly Astrill VPN), VPSs, proxy services, and RMM tools. Microsoft Threat Intelligence has observed the persistent use of JumpConnect, TinyPilot, Rust Desk, TeamViewer, AnyViewer, and Anydesk. When an in-person presence or face-to-face meeting is required, for example to confirm banking information or attend a meeting, the workers have been known to pay accomplices to stand in for them. When possible, however, the workers eliminate all face-to-face contact, offering fraudulent excuses for why they are not on camera during video teleconferencing calls or speaking.
Attribution
Microsoft Threat Intelligence uses the name Jasper Sleet (formerly known as Storm-0287) to represent activity associated with North Korean’s remote IT worker program. These workers are primarily focused on revenue generation, use remote access tools, and likely fall under a particular leadership structure in North Korea. We also track several other North Korean activity clusters that pursue fraudulent employment using similar techniques and tools, including Storm-1877 and Moonstone Sleet.
How Microsoft disrupts North Korean remote IT worker operations with machine learning
Microsoft has successfully scaled analyst tradecraft to accelerate the identification and disruption of North Korean IT workers in customer environments by developing a custom machine learning solution. This has been achieved by leveraging Microsoft’s existing threat intelligence and weak signals generated by monitoring for many of the red flags listed in this blog, among others. For example, this solution uses impossible time travel risk detections, most commonly between a Western nation and China or Russia. The machine learning workflow uses these features to surface suspect accounts most likely to be North Korean IT workers for assessment by Microsoft Threat Intelligence analysts.
Once Microsoft Threat Intelligence reviews and confirms that an account is indeed associated with a North Korean IT worker, customers are then notified with a Microsoft Entra ID Protection risk detection warning of a risky sign-in based on Microsoft’s threat intelligence. Microsoft Defender XDR customers also receive the alert Sign-in activity by a suspected North Korean entity in the Microsoft Defender portal.
Defending against North Korean remote IT worker infiltration
Defending against the threats from North Korean remote IT workers involves a threefold strategy:
Ensuring a proper vetting approach is in place for freelance workers and vendors
Monitoring for anomalous user activity
Responding to suspected Jasper Sleet signals in close coordination with your insider risk team
Investigate
How can you identify a North Korean remote IT worker in the hiring process?
To protect your organization against a potential North Korean insider threat, it is important for your organization to prioritize a process for verifying employees to identify potential risks. The following can be used to assess potential employees:
Confirm the potential employee has a digital footprint and look for signs of authenticity. This includes a real phone number (not VoIP), a residential address, and social media accounts. Ensure the potential employee’s social media/professional accounts are not highly similar to the accounts of other individuals. In addition, check that the contact phone number listed on the potential employee’s account is unique and not also used by other accounts.
Scrutinize resumes and background checks for consistency of names, addresses, and dates. Consider contacting references by phone or video-teleconference rather than email only.
Exercise greater scrutiny for employees of staffing companies, since this is the easiest avenue for North Korean workers to infiltrate target companies.
Search whether a potential employee is employed at multiple companies using the same persona.
Ensure the potential employee is seen on camera during multiple video telecommunication sessions. If the potential employee reports video and/or microphone issues that prohibit participation, this should be considered a red flag.
During video verification, request individuals to physically hold driver’s licenses, passports, or identity documents up to camera.
Keep records, including recordings of video interviews, of all interactions with potential employees.
Require notarized proof of identity.
Monitor
How can your organization prevent falling victim to the North Korean remote IT worker technique?
To prevent the risks associated with North Korean insider threats, it’s vital to monitor for activity typically associated with this fraudulent scheme.
Monitor for identifiable characteristics of North Korean remote workers
Microsoft has identified the following characteristics of a North Korean remote worker. Note that not all the criteria are necessarily required, and further, a positive identification of a remote worker doesn’t guarantee that the worker is North Korean.
The employee lists a Chinese phone number on social media accounts that is used by other accounts.
The worker’s work-issued laptop authenticates from an IP address of a known North Korean IT worker laptop farm, or from foreign—most commonly Chinese or Russian—IP addresses even though the worker is supposed to have a different work location.
The worker is employed at multiple companies using the same persona. Employees of staffing companies require heightened scrutiny, given this is the easiest way for North Korean workers to infiltrate target companies.
Once a laptop is issued to the worker, RMM software is immediately downloaded onto it and used in combination with a VPN.
The worker has never been seen on camera during a video telecommunication session or is only seen a few times. The worker may also report video and/or microphone issues that prohibit participation from the start.
The worker’s online activity doesn’t align with routine co-worker hours, with limited engagement across approved communication platforms.
Monitor for activity associated with Jasper Sleet access
If RMM tools are used in your environment, enforce security settings where possible, to implement MFA:
If an unapproved installation is discovered, reset passwords for accounts used to install the RMM services. If a system-level account was used to install the software, further investigation may be warranted.
Monitor for impossible travel—for example, a supposedly US-based employee signing in from China or Russia.
Monitor for use of public VPNs such as Astrill. For example, IP addresses associated with VPNs known to be used by Jasper Sleet can be added to Sentinel watchlists. Or, Microsoft Defender for Identity can integrate with your VPN solution to provide more information about user activity, such as extra detection for abnormal VPN connections.
Monitor for signals of insider threats in your environment. Microsoft Purview Insider Risk Management can help identify potentially malicious or inadvertent insider risks.
Monitor for consistent user activity outside of typical working hours.
Remediate
What are the next steps if you positively identify a North Korean remote IT worker employed at your company?
Because Jasper Sleet activity follows legitimate job offers and authorized access, Microsoft recommends approaching confirmed or suspected Jasper Sleet intrusions with an insider risk approach using your organization’s insider risk response plan or incident response provider like Microsoft Incident Response. Some steps might include:
Restrict response efforts to a small, trusted insider risk working group, trained in operational security (OPSEC) to avoid tipping off subjects and potential collaborators.
Rapidly evaluate the subject’s proximity to critical assets, such as:
Leadership or sensitive teams
Direct reports or vendor staff the subject has influence over
Suppliers or vendors
People/non-people accounts, production/pre-production environments, shared accounts, security groups, third-party accounts, security groups, distribution groups, data clusters, and more
Conduct preliminary link analysis to:
Detect relationships with potential collaborators, supporters, or other potential aliases operated by the same actor
Identify shared indicators (for example, shared IP addresses, behavioral overlap)
Avoid premature action that might alert other Jasper Sleet operators
Conduct a risk-based prioritization of efforts, informed by:
Placement and access to critical assets (not necessarily where you identified them)
Stakeholder insight from potentially impacted business units
Business impact considerations of containment (which might support additional collection/analysis) or mitigation (for example, eviction)
Conduct open-source intelligence (OSINT) collection and analysis to:
Determine if the identity associated with the threat actor is associated with a real person. For example, North Korean IT workers have leveraged stolen identities of real US persons to facilitate their fraud. Conduct OSINT on all available personally identifiable information (PII) provided by the actor (name, date of birth, SSN, home of record, phone number, emergency contact, and others) and determine if these items are linked to additional North Korean actors, and/or real persons’ identities.
Gather all known external accounts operated by the alias/persona (for example, LinkedIn, GitHub, freelance working sites, bug bounty programs).
Perform analysis on account images using open-source tools such as FaceForensics++ to determine prevalence of AI-generated content. Detection opportunities within video and imagery include:
Temporal consistency issues: Rapid movements cause noticeable artifacts in video deepfakes as the tracking system struggles to maintain accurate landmark positioning.
Occlusion handling: When objects pass over the AI-generated content such as the face, deepfake systems tend to fail at properly reconstructing the partially obscured face.
Lighting adaptation: Changes in lighting conditions might reveal inconsistencies in the rendering of the face
Audio-visual synchronization: Slight delays between lip movements and speech are detectable under careful observation
Exaggerated facial expressions.
Duplicative or improperly placed appendages.
Pixelation or tearing at edges of face, eyes, ears, and glasses.
Engage counterintelligence or insider risk/threat teams to:
Understand tradecraft and likely next steps
Gain national-level threat context, if applicable
Make incremental, risk-based investigative and response decisions with the support of your insider threat working group and your insider threat stakeholder group; one providing tactical feedback and the other providing risk tolerance feedback.
Preserve evidence and document findings.
Share lessons learned and increase awareness.
Educate employees on the risks associated with insider threats and provide regular security training for employees to recognize and respond to threats, including a section on the unique threat posed by North Korean IT workers.
After an insider risk response to Jasper Sleet, it might be necessary to also conduct a thorough forensic investigation of all systems that the employee had access to for indicators of persistence, such as RMM tools or system/resource modifications.
For additional resources, refer to CISA’s Insider Threat Mitigation Guide. If you suspect your organization is being targeted by nation-state cyber activity, report it to the appropriate national authority. For US-based organizations, the Federal Bureau of Investigation (FBI) recommends reporting North Korean remote IT worker activity to the Internet Crime Complaint Center (IC3).
Microsoft Defender XDR detections
Microsoft Defender XDR customers can refer to the list of applicable detections below. Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, apps to provide integrated protection against attacks like the threat discussed in this blog.
Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.
Microsoft Defender XDR
Alerts with the following titles in the security center can indicate threat activity on your network:
Sign-in activity by a suspected North Korean entity
Microsoft Defender for Endpoint
Alerts with the following titles in the security center can indicate Jasper Sleet RMM activity on your network. These alerts, however, can be triggered by unrelated threat activity.
Suspicious usage of remote management software
Suspicious connection to remote access software
Microsoft Defender for Identity
Alerts with the following titles in the security center can indicate atypical identity access on your network. These alerts, however, can be triggered by unrelated threat activity.
Atypical travel
Suspicious behavior: Impossible travel activity
Microsoft EntraID Protection
Microsoft Entra ID Protection risk detections inform Entra ID user risk events and can indicate associated threat activity, including unusual user activity consistent with known patterns identified by Microsoft Threat Intelligence research. Note, however, that these alerts can be also triggered by unrelated threat activity.
Microsoft Entra threat intelligence (sign-in): (RiskEventType: investigationsThreatIntelligence)
Microsoft Defender for Cloud Apps
Alerts with the following titles in the security center can indicate atypical identity access on your network. These alerts, however, can be triggered by unrelated threat activity.
Impossible travel activity
Microsoft Security Copilot
Security Copilot customers can use the standalone experience to create their own prompts or run the following pre-built promptbooks to automate incident response or investigation tasks related to this threat:
Incident investigation
Microsoft User analysis
Threat actor profile
Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.
Hunting queries
Microsoft Defender XDR
Because organizations might have legitimate and frequent uses for RMM software, we recommend using the Microsoft Defender XDR advanced hunting queries available on GitHub to locate RMM software that hasn’t been endorsed by your organization for further investigation. In some cases, these results might include benign activity from legitimate users. Regardless of use case, all newly installed RMM instances should be scrutinized and investigated.
If any queries have high fidelity for discovering unsanctioned RMM instances in your environment, and don’t detect benign activity, you can create a custom detection rule from the advanced hunting query in the Microsoft Defender portal.
Microsoft Sentinel
The alert Insider Risk Sensitive Data Access Outside Organizational Geo-locationjoins Azure Information Protection logs (InformationProtectionLogs_CL) with Microsoft Entra ID sign-in logs (SigninLogs) to provide a correlation of sensitive data access by geo-location. Results include:
User principal name
Label name
Activity
City
State
Country/Region
Time generated
The recommended configuration is to include (or exclude) sign-in geo-locations (city, state, country and/or region) for trusted organizational locations. There is an option for configuration of correlations against Microsoft Sentinel watchlists. Accessing sensitive data from a new or unauthorized geo-location warrants further review.
References
Acknowledgments
For more information on North Korean remote IT worker operations, we recommend reviewing DTEX’s in-depth analysis in the report Exposing DPRK’s Cyber Syndicate and IT Workforce.
Learn more
Meet the experts behind Microsoft Threat Intelligence, Incident Response, and the Microsoft Security Response Center at our VIP Mixer at Black Hat 2025. Discover how our end-to-end platform can help you strengthen resilience and elevate your security posture.
For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.
To get notified about new publications and to join discussions on social media, follow us on LinkedIn, X (formerly Twitter), and Bluesky.
To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.
Today, the Department of Justice filed a lawsuit against the City of Los Angeles, California, Los Angeles Mayor Karen Bass, and the Los Angeles City Council over policies that Los Angeles enacted shortly after President Donald J. Trump’s reelection to interfere with the federal government’s enforcement of its immigration laws.
Not only are Los Angeles’s “sanctuary city” policies illegal under federal law, but, as alleged in the complaint, Los Angeles’s refusal to cooperate with federal immigration authorities contributed to the recent lawlessness, rioting, looting, and vandalism that was so severe that it required the federal government to deploy the California National Guard and the United States Marines to quell the chaos.
“Sanctuary policies were the driving cause of the violence, chaos, and attacks on law enforcement that Americans recently witnessed in Los Angeles,” said Attorney General Pamela Bondi. “Jurisdictions like Los Angeles that flout federal law by prioritizing illegal aliens over American citizens are undermining law enforcement at every level – it ends under President Trump.”
“Today’s lawsuit holds the City of Los Angeles accountable for deliberately obstructing the enforcement of federal immigration law,” said U.S. Attorney Bill Essayli for the Central District of California. “The United States Constitution’s Supremacy Clause prohibits the City from picking and choosing which federal laws will be enforced and which will not. By assisting removable aliens in evading federal law enforcement, the City’s unlawful and discriminatory ordinance has contributed to a lawless and unsafe environment that this lawsuit will help end.”
On her first day in office, Attorney General Bondi instructed the Department’s Civil Division to identify state and local laws, policies, and practices that facilitate violations of federal immigration laws or impede lawful federal immigration operations, and, where appropriate, to take legal action to challenge such laws, policies, and practices. Today’s lawsuit is the latest in a series of lawsuits brought by the Civil Division targeting illegal sanctuary city policies across the country, including in New York and New Jersey.
Law Enforcement Actions Across 16 States Result in Charges, Arrest, and Seizures of 29 Financial Accounts, 21 Fraudulent Websites, and Approximately 200 Computers
The Justice Department announced today coordinated actions against the Democratic People’s Republic of North Korea (DPRK) government’s schemes to fund its regime through remote information technology (IT) work for U.S. companies. These actions include two indictments, an arrest, searches of 29 known or suspected “laptop farms” across 16 states, and the seizure of 29 financial accounts used to launder illicit funds and 21 fraudulent websites.
According to court documents, the schemes involve North Korean individuals fraudulently obtaining employment with U.S. companies as remote IT workers, using stolen and fake identities. The North Korean actors were assisted by individuals in the United States, China, United Arab Emirates, and Taiwan, and successfully obtained employment with more than 100 U.S. companies.
As alleged in court documents, certain U.S.-based individuals enabled one of the schemes by creating front companies and fraudulent websites to promote the bona fides of the remote IT workers, and hosted laptop farms where the remote North Korean IT workers could remote access into U.S. victim company-provided laptop computers. Once employed, the North Korean IT workers received regular salary payments, and they gained access to, and in some cases stole, sensitive employer information such as export controlled U.S. military technology and virtual currency. In another scheme, North Korean IT workers used false or fraudulently obtained identities to gain employment with an Atlanta, Georgia-based blockchain research and development company and stole virtual currency worth approximately over $900,000.
“These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs,” said Assistant Attorney General John A. Eisenberg of the Department’s National Security Division. “The Justice Department, along with our law enforcement, private sector, and international partners, will persistently pursue and dismantle these cyber-enabled revenue generation networks.”
“North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime,” said Assistant Director Brett Leatherman of FBI’s Cyber Division. “That is why the FBI and our partners continue to work together to disrupt infrastructure, seize revenue, indict overseas IT workers, and arrest their enablers in the United States. Let the actions announced today serve as a warning: if you host laptop farms for the benefit of North Korean actors, law enforcement will be waiting for you.”
“North Korea remains intent on funding its weapons programs by defrauding U.S. companies and exploiting American victims of identity theft, but the FBI is equally intent on disrupting this massive campaign and bringing its perpetrators to justice,” said Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division. “North Korean IT workers posing as U.S. citizens fraudulently obtained employment with American businesses so they could funnel hundreds of millions of dollars to North Korea’s authoritarian regime. The FBI will do everything in our power to defend the homeland and protect Americans from being victimized by the North Korean government, and we ask all U.S. companies that employ remote workers to remain vigilant to this sophisticated threat.”
Zhenxing Wang, et al. Indictment, Seizure Warrants, and Arrest – District of Massachusetts
Today, the United States Attorney’s Office for the District of Massachusetts and the National Security Division announced the arrest of U.S. national Zhenxing “Danny” Wang of New Jersey pursuant to a five-count indictment. The indictment describes a multi-year fraud scheme by Wang and his co-conspirators to obtain remote IT work with U.S. companies that generated more than $5 million in revenue. The indictment also charges Chinese nationals Jing Bin Huang (靖斌 黄), Baoyu Zhou (周宝玉), Tong Yuze (佟雨泽), Yongzhe Xu (徐勇哲 andيونجزهي أكسو), Ziyou Yuan (زيو) and Zhenbang Zhou (周震邦), and Taiwanese nationals Mengting Liu (劉 孟婷) and Enchia Liu (刘恩) for their roles in the scheme.
“The threat posed by DPRK operatives is both real and immediate. Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies,” said U.S. Attorney Leah B. Foley for the District of Massachusetts. “We will continue to work relentlessly to protect U.S. businesses and ensure they are not inadvertently fueling the DPRK’s unlawful and dangerous ambitions.”
According to the indictment, from approximately 2021 until October 2024, the defendants and other co-conspirators compromised the identities of more than 80 U.S. persons to obtain remote jobs at more than 100 U.S. companies, including many Fortune 500 companies, and caused U.S. victim companies to incur legal fees, computer network remediation costs, and other damages and losses of at least $3 million. Overseas IT workers were assisted by Kejia Wang, Zhenxing Wang, and at least four other identified U.S. facilitators. Kejia Wang, for example, communicated with overseas co-conspirators and IT workers, and traveled to Shenyang and Dandong, China, including in 2023, to meet with them about the scheme. To deceive U.S. companies into believing the IT workers were located in the United States, Kejia Wang, Zhenxing Wang, and the other U.S. facilitators received and/or hosted laptops belonging to U.S. companies at their residences, and enabled overseas IT workers to access the laptops remotely by, among other things, connecting the laptops to hardware devices designed to allow for remote access (referred to as keyboard-video-mouse or “KVM” switches).
Kejia Wang and Zhenxing Wang also created shell companies with corresponding websites and financial accounts, including Hopana Tech LLC, Tony WKJ LLC, and Independent Lab LLC, to make it appear as though the overseas IT workers were affiliated with legitimate U.S. businesses. Kejia Wang and Zhenxing Wang established these and other financial accounts to receive money from victimized U.S. companies, much of which was subsequently transferred to overseas co‑conspirators. In exchange for their services, Kejia Wang, Zhenxing Wang, and the four other U.S. facilitators received a total of at least $696,000 from the IT workers.
IT workers employed under this scheme also gained access to sensitive employer data and source code, including International Traffic in Arms Regulations (ITAR) data from a California-based defense contractor that develops artificial intelligence-powered equipment and technologies. Specifically, between on or about Jan. 19, 2024, and on or about April 2, 2024, an overseas co-conspirator remotely accessed without authorization the company’s laptop and computer files containing technical data and other information. The stolen data included information marked as being controlled under the ITAR.
Simultaneously with today’s announcement, the FBI and Defense Criminal Investigative Service (DCIS) seized 17 web domains used in furtherance of the charged scheme and further seized 29 financial accounts, holding tens of thousands of dollars in funds, used to launder revenue for the North Korean regime through the remote IT work scheme.
Previously, in October 2024, as part of this investigation, federal law enforcement executed searches at eight locations across three states that resulted in the recovery of more than 70 laptops and remote access devices, such as KVMs. Simultaneously with that action, the FBI seized four web domains associated with Kejia Wang’s and Zhenxing Wang’s shell companies used to facilitate North Korean IT work.
The FBI Las Vegas Field Office, DCIS San Diego Resident Agency, and Homeland Security Investigations San Diego Field Office are investigating the case.
Assistant U.S. Attorney Jason Casey for the District of Massachusetts and Trial Attorney Gregory J. Nicosia, Jr. of the National Security Division’s National Security Cyber Section are prosecuting the case, with significant assistance from Legal Assistants Daniel Boucher and Margaret Coppes. Valuable assistance was also provided by Mark A. Murphy of the National Security Division’s Counterintelligence and Export Control Section and the U.S. Attorneys’ Offices for the District of New Jersey, Eastern District of New York, and Southern District of California.
Kim Kwang Jin et al. Indictment – Northern District of Georgia
Today, the Northern District of Georgia unsealed a five-count wire fraud and money laundering indictment charging four North Korean nationals, Kim Kwang Jin (김관진), Kang Tae Bok (강태복), Jong Pong Ju (정봉주) and Chang Nam Il (창남일), with a scheme to steal virtual currency from two companies, valued at over $900,000 at the time of the thefts, and to launder proceeds of those thefts. The defendants remain at large and wanted by the FBI.
“The defendants used fake and stolen personal identities to conceal their North Korean nationality, pose as remote IT workers, and exploit their victims’ trust to steal hundreds of thousands of dollars,” said U.S. Attorney Theodore S. Hertzberg for the Northern District of Georgia. “This indictment highlights the unique threat North Korea poses to companies that hire remote IT workers and underscores our resolve to prosecute any actor, in the United States or abroad, who steals from Georgia businesses.”
According to the indictment, the defendants traveled to the United Arab Emirates on North Korean travel documents and worked as a co-located team. In approximately December 2020 and May 2021, respectively, Kim Kwang Jin (using victim P.S.’s stolen identity) and Jong Pong Ju (using the alias “Bryan Cho”) were hired by a blockchain research and development company headquartered in Atlanta, Georgia, and a virtual token company based in Serbia. Both defendants concealed their North Korean identities from their employers by providing false identification documents containing a mix of stolen and fraudulent identity information. Neither company would have hired Kim Kwang Jin and Jong Pong Ju had they known that they were North Korean citizens. Later, on a recommendation from Jong Pong Ju, the Serbian company hired “Peter Xiao,” who in fact was Chang Nam Il.
After gaining their employers’ trust, Kim Kwang Jin and Jong Pong Ju were assigned projects that provided them access to their employers’ virtual currency assets. In February 2022, Jong Pong Ju used that access to steal virtual currency worth approximately $175,000 at the time of the theft, sending it to a virtual currency address he controlled. In March 2022, Kim Kwang Jin stole virtual currency worth approximately $740,000 at the time of theft by modifying the source code of two of his employer’s smart contracts, then sending it to a virtual currency address he controlled.
To launder the funds after the thefts, Kim Kwang Jin and Jong Pong Ju “mixed” the stolen funds using the virtual currency mixer Tornado Cash and then transferred the funds to virtual currency exchange accounts controlled by defendants Kang Tae Bok and Chang Nam Il but held in the name of aliases. These accounts were opened using fraudulent Malaysian identification documents.
The FBI Atlanta Field Office is investigating the case.
Assistant U.S. Attorneys Samir Kaushal and Alex Sistla for the Northern District of Georgia and Trial Attorney Jacques Singer-Emery of the National Security Division’s National Security Cyber Section are prosecuting the case.
21 Searches of Known or Suspected U.S.-based Laptop Farms – Multi-District
Between June 10 and June 17, 2025, the FBI executed searches of 21 premises across 14 states hosting known and suspected laptop farms. These actions, coordinated by the FBI Denver Field Office, related to investigations of North Korean remote IT worker schemes being conducted by the U.S. Attorneys’ Offices of the District of Colorado, Eastern District of Missouri, and Northern District of Texas. In total, the FBI seized approximately 137 laptops.
Valuable assistance was provided by the U.S. Attorney’s Offices for the District of Connecticut, the Eastern District of Michigan, the Eastern District of Wisconsin, the Middle District of Florida, the Northern District of Georgia, the Northern District of Illinois, the Northern District of Indiana, the District of Oregon, the Southern District of Florida, the Southern District of Ohio, the Western District of New York, and the Western District of Pennsylvania.
***
The Department’s actions to combat these schemes are the latest in a series of law enforcement actions under a joint National Security Division and FBI Cyber and Counterintelligence Divisions effort, the DPRK RevGen: Domestic Enabler Initiative. This effort prioritizes targeting and disrupting the DPRK’s illicit revenue generation schemes and its U.S.-based enablers. The Department previously announced other actions pursuant to the initiative, including in January 2025 and prior, as well as the filing of a civil forfeiture complaint in early June 2025 for over $7.74 million tied to an illegal employment scheme.
As the FBI has described in Public Service Announcements published in May 2024 and January 2025, North Korean remote IT workers posing as legitimate remote IT workers have committed data extortion and exfiltrated the proprietary and sensitive data from U.S. companies. DPRK IT worker schemes typically involve the use of stolen identities, alias emails, social media, online cross-border payment platforms, and online job site accounts, as well as false websites, proxy computers, and witting and unwitting third parties located in the U.S. and elsewhere.
Other public advisories about the threats, red flag indicators, and potential mitigation measures for these schemes include a May 2022 advisory released by the FBI, Department of the Treasury, and Department of State; a July 2023 advisory from the Office of the Director of National Intelligence; and guidance issued in October 2023 by the United States and the Republic of Korea (South Korea). As described the May 2022 advisory, North Korean IT workers have been known individually to earn up to $300,000 annually, generating hundreds of millions of dollars collectively each year, on behalf of designated entities, such as the North Korean Ministry of Defense and others directly involved in the DPRK’s weapons programs.
The U.S. Department of State has offered potential rewards for up to $5 million in support of international efforts to disrupt the DPRK’s illicit financial activities, including for cybercrimes, money laundering, and sanctions evasion.
The details in the above-described court documents are merely allegations. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
WASHINGTON – United States Attorney General Pamela Bondi announced today that the Department of Justice is now accepting nominations to Honor the Honorable: The Attorney General’s Award for Distinguished Service in Policing. This award represents the Department of Justice’s reaffirmed commitment to uplifting the valor and exceptional contributions to policing of our great nation’s law enforcement personnel. It is the mission of the Department of Justice to recognize individuals in law enforcement who exhibit remarkable courage, innovation, and outstanding performance in making America safe again.
The Attorney General’s Honor the Honorable Award recognizes individual or teams of rank-and-file officers from state, local, Tribal or territorial law enforcement agencies for exceptional efforts in policing. The awarded officers, deputies and troopers will have demonstrated exceptional service in one of three areas: criminal investigations, field operations or exemplary community involvement. Within each category, an award will be given to law enforcement agencies serving small, medium and large jurisdictions. Those agency sizes are defined as:
Small: agencies serving populations of fewer than 50,000;
Medium: agencies serving populations of 50,000 to 250,000;
Large: agencies serving populations of more than 250,000.
By acknowledging and rewarding these efforts, the Department strives to advance and reaffirm its dedication to policing and to promote proactive law enforcement methods that support public safety within our nation’s communities. Through this Award, the Attorney General recognizes that the nation’s law enforcement agencies, officers, deputies and troopers continue to work tirelessly to make American communities safe places to live and work again.
The deadline for nominations is July 14, 2025, at 8:00 p.m. EDT. More information and the application for nominees can be found at: https://www.justice.gov/ag/policing-award
Wildlife rangers are asking for public assistance to find the owner of a snake and enclosure that was found on a footpath in the Bundaberg suburb of Avenell Heights.
A man walking his dog made the unusual discovery and took snake and enclosure home before calling a local snake catcher.
After retrieving the snake and the enclosure, the snake catcher handed it in to the Department of the Environment, Tourism, Science and Innovation.
Senior Wildlife Ranger Amanda Yates said the snake is an albino Darwin carpet python, and it was most likely captive-bred and raised.
The snake, an albino Darwin carpet python, was found in an enclosure on the footpath.
“We are trying to determine why the snake and the enclosure were on the footpath,” Ms Yates said.
“These snakes are not native to Queensland, but they are popular among the reptile trade due to their striking features.
“The snake appears healthy and we’re appealing for public information so we can find the owner.
“We hoping to return the snake to its owner, and anyone with information is encouraged to contact the
department.”
Anyone with information can call DETSI on 1300 130 372.
In Queensland, people need a permit to keep native animals as pets. Information about wildlife permits can be found here.
A Florida man was sentenced today to 12 years in prison and three years of supervised release for conspiring to defraud Medicare with false reimbursement claims for durable medical equipment (DME). He was also ordered to pay $21,195,540.18 in restitution and forfeiture in the amount of $2,514,040.
According to court documents, Peter Roussonicolos, 64, of Port Saint Lucie, Florida, owned and operated five DME suppliers as a silent partner. Roussonicolos hid his involvement in the companies from Medicare because he had one or more felony convictions, making him ineligible to enroll with the government program. To further conceal his involvement, he recruited and paid co-conspirators to serve as nominee owners of the DME suppliers and caused others to falsify Medicare enrollment forms, bank records, and other documents to conceal the true ownership and control of the DME suppliers. He also knew that a co-conspirator paid kickbacks and bribes to patient recruiters in exchange for beneficiary referrals. As part of the scheme, the DME companies submitted approximately $61.5 million in false and fraudulent claims to Medicare for medically unnecessary DME that was ineligible for reimbursement and were paid approximately $26.7 million of these claims.
“Through lies and deceit, the defendant and his co-conspirators orchestrated a $61 million fraud on Medicare,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “The defendant’s fraud drained critical government resources that could have been used to help vulnerable Americans. Today’s sentencing demonstrates the Department’s steadfast commitment to protecting taxpayer dollars and ensuring accountability for those who seek to defraud our health care programs.”
“Today’s sentence underscores HHS-OIG’s firm commitment to thoroughly investigating individuals who engage in illegal kickback schemes to prescribe medically unnecessary durable medical equipment for their own personal financial gain,” said Deputy Inspector General for Investigations Christian J. Schrank with the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG). “We remain steadfast in our mission to protect the integrity of Medicare and other federal healthcare programs as well as the people served by those programs.”
“This defendant and his co-conspirators orchestrated an elaborate scheme to steal millions from Medicare through kickbacks and sham billing,” said Assistant Director Jose A. Perez of the FBI Criminal Investigative Division. “Today’s sentencing demonstrates that those who exploit our healthcare system for personal gain will be held accountable. The FBI is committed to working with our partners to protect taxpayer dollars and ensure the integrity of healthcare programs.”
In November 2024, Roussonicolos pleaded guilty to conspiracy to commit health care fraud and wire fraud.
The FBI and HHS-OIG investigated the case.
Trial Attorney Jennifer Burns and Assistant Chiefs Jamie de Boer and Emily Gurskis of the Criminal Division’s Fraud Section prosecuted the case. Trial Attorneys Joanna Bowman and Lindita Ciko Torza of the Special Matters Unit assisted in the prosecution.
The Fraud Section leads the Criminal Division’s efforts to combat health care fraud through the Health Care Fraud Strike Force Program. Since March 2007, this program, currently comprised of 9 strike forces operating in 27 federal districts, has charged more than 5,800 defendants who collectively have billed federal health care programs and private insurers more than $30 billion. In addition, the Centers for Medicare & Medicaid Services, working in conjunction with the Office of the Inspector General for the Department of Health and Human Services, are taking steps to hold providers accountable for their involvement in health care fraud schemes. More information can be found at www. justice. gov/criminal-fraud/health-care-fraud-unit.