NewzIntel.com

Category: Security Intelligence

  • MIL-OSI Security: U.S. Marshals Arrest Violent Felon

    Source: US Marshals Service

    Gallatin, TN – A U.S. Marshals task force in Tennessee, working a collateral lead from the USMS in Georgia, arrested a man wanted in Cobb County, Georgia for a slew of felony charges.

    Darzell Thaddeus Wester, 27, was charged with armed robbery, aggravated assault (deadly weapon), aggravated battery, exploitation/ intimidation of elder person, and possession of a firearm during commission of a crime, and a warrant for his arrest was issued in the Superior Court of Cobb County on Jun. 14, 2024.

    On Nov. 15, 2024, the Cobb County Sheriff’s Office requested the assistance of the U. S.  Marshals Service Southeast Regional Fugitive Task Force with locating and apprehending Wester.

    Upon developing information that Wester was residing in the Gallatin area, the Southeast Regional Fugitive Task Force requested the assistance of the U.S. Marshals Service Middle Tennessee Fugitive Task Force.

    The Middle Tennessee Task Force located Wester at a residence on Turner Way in Gallatin. Wester was arrested without incident and taken to the Sumner County Sheriff’s Office jail where he was booked as a fugitive from justice and will await extradition to Georgia.

    Additionally, Wester has three outstanding warrants from Coffee, Robertson, and Dickson Counties in Tennessee. These warrants are for driving under the influence of alcohol, larceny, and fraud, respectively.

    The U.S. Marshals Service is committed to protecting communities by apprehending dangerous fugitives.

    The U.S. Marshals Middle Tennessee Task Force is a multi-agency task force that serves the Middle District of Tennessee. Its membership is comprised of Deputy U.S. Marshals, Putnam, Rutherford, and Sumner County Sheriff’s Deputies, Metro Nashville Police Officers, Tennessee Bureau of Investigation and Tennessee Department of Correction Special Agents, and the Tennessee Highway Patrol.

    MIL Security OSI

  • MIL-OSI Security: New Orleans Woman Guilty Of Violating Federal Controlled Substances Act

    Source: Office of United States Attorneys

    NEW ORLEANS, LOUISIANA – TodayActing U.S. Attorney Michael M. Simpson announced that KIANNA SCOTT (“SCOTT”), age 24, a resident of New Orleans, pled guilty on February 18, 2025, before United States District Judge Darrel James Papillion to use of a communication facility in causing and facilitating the commission of the distribution, and possession with intent to distribute, of fentanyl, heroin, and cocaine , in violation of Title 21, United States Code, Sections 843(b).

    According to court documents, SCOTT used a telephone to assist another known individual in the distribution, and possession with intent to distribute, narcotics within the Eastern District of Louisiana.

    SCOTT faces a maximum term of imprisonment of (4) four years, a fine of up to $250,000.00, up to one year of supervised release, and a mandatory special assessment fee of $100.

    This investigation was led by the Drug Enforcement Administration – New Orleans Field Division Office, and assisted by the Jefferson Parish Sheriff’s Office, the Saint Charles Parish Sheriff’s Office, the Saint John the Baptist Parish Sheriff’s Office, the Lafourche Parish Sheriff’s Office, and the Harahan Police Department.  The prosecution is being handled by Assistant United States Attorney Lynn E. Schiffman of the Narcotics Unit.

    MIL Security OSI

  • MIL-OSI Security: Federal Grand Jury in Louisville Indicts 3 Illegal Aliens

    Source: Office of United States Attorneys

    Louisville, KY – A federal grand jury in Louisville, Kentucky, returned indictments on February 19, 2025, charging 3 illegal aliens with federal criminal offenses.   

    U.S. Attorney Michael A. Bennett of the Western District of Kentucky, Special Agent in Charge Michael E. Stansbury of the FBI Louisville Field Office, Special Agent in Charge Rana Saoud of Homeland Security Investigations, Nashville, Police Chief Mike Canon of the Calvert City Police Department, and Sam Olson, Field Office Director for Enforcement and Removal Operations (ERO) Chicago, U.S. Immigration Customs Enforcement made the announcement.

    According to the indictments:

    Juan Baltazar Felipe-Pedro, age 26, a citizen of Guatemala, was charged with reentry after deportation or removal. On or about January 23, 2025, Felipe-Pedro was an alien found in the United States after having been denied admission, excluded, deported, and removed from the United States on or about April 25, 2019. If convicted he faces a maximum sentence of 2 years in prison. This case is being investigated by HSI and ICE/ERO.

    Jhoandiris Jimenez-Barrio, age 26, and Yirvel Yonaker Rios-Castro, age 20, citizens of Venezuela, were indicted for conspiracy to commit bank larceny and attempted bank larceny. On or about January 31, 2025, they conspired with each other and others to break into and steal money from an automated teller machine (ATM). They traveled to a bank in Calvert City, Kentucky and attempted to open an ATM to steal money. Homeland Security Investigations verified that Jimenez-Barrio and Rios-Castro are Venezuelan and entered the United States illegally. If convicted, the men face a maximum sentence of 50 years in prison. The case is being investigated by the FBI, Calvert City Police Department, and HSI.

    A federal district court judge will determine any sentence after considering the sentencing guidelines and other statutory factors.

    There is no parole in the federal system.

    Assistant U.S. Attorneys A. Spencer McKiness, Seth Hancock, and Raymond McGee are prosecuting the cases.

    An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

    ###

    MIL Security OSI

  • MIL-OSI Security: Thibodaux Man Sentenced for Social Security Theft

    Source: Office of United States Attorneys

    NEW ORLEANS – Acting U.S. Attorney Michael M. Simpson announced that NATHANIEL HOPKINS, JR. (“HOPKINS”), age 48, of Thibodaux, Louisiana, was sentenced on February 18, 2025 to 3 years of probation by United States District Judge Jay Zainey after previously pleading guilty to Theft of Government Funds, in violation of Title 18, United States Code, Section 641.

    According to court documents, HOPKINS’s wife, was authorized to receive Social Security Administration (“SSA”) Title II – Retirement Survivor Insurance Benefits from 2003 until her death in April, 2014.  From April, 2014 to January, 2024, HOPKINS illegally received benefits designated for his wife totaling approximately $144,176.43, after failing to notify SSA of his wife’s death.  He also accessed $3,200.00 in COVID-19/CARES Act stimulus funds from his deceased wife’s bank account.

    In addition to probation, HOPKINS was ordered to pay restitution in the amount of $144,176.43 to the U.S. Social Security Administration and $3,200.00 to the U.S. Treasury along with a $100 mandatory special assessment fee.

    Acting U.S. Attorney Simpson praised the work of the Social Security Administration, Office of the Inspector General.  The prosecution of this case is being handled by Assistant U.S. Attorney Edward J. Rivera of the Financial Crimes Unit.

    MIL Security OSI

  • MIL-OSI Security: New Orleans Man Guilty of Commodity Exchange Act Violation

    Source: Office of United States Attorneys

    NEW ORLEANS, LA – Acting U.S. Attorney Michael M. Simpson announced today that MICHAEL BRIAN DEPETRILLO, (“DEPETRILLO”), age 43, from New Orleans, pled guilty on February 18, 2025 to violating the Commodity Exchange Act, in violation of Title 7, United States Code, Section 13(a). DEPETRILLO faces up to ten (10) years imprisonment, up to three (3) years of supervised release, up to a $1,000,000.00 fine, plus the amount of any proceeds, and a mandatory $100 special assessment fee.

    According to court documents, DEPETRILLO was not properly registered as a Commodity Pool Operator (“CPO”) or an Associated Person (“AP”) of a CPO with the United States Commodity Futures Trading Commission (“CFTC”). DEPETRILLO, through various companies including, Meteor, LLC; NOLA FX Capital Management, LLC; ELC Enterprise Solutions, LLC; and Argosapolis, LLC, acted as a CPO and AP of a CPO and embezzled client funds in violation of federal law.     DEPETRILLO, while acting as an AP of unregistered CPOs, represented to victim investors that their funds would be pooled and invested in the NOLA FX FUND, that, in turn, would be used to trade foreign currency pairs on a leveraged, margined, or financed basis (“retail forex”).

    DEPETRILLO told investors that pooling their funds would be beneficial to them.  DEPETRILLO further represented, to certain investors, that either METEOR or NOLA FX CAPITAL managed the NOLA FX FUND.  In at least one representation, however, DEPETRILLO identified “NOLA FX Capital,” not the NOLA FX FUND, as the pooled investment vehicle.  DEPETRILLO lured investors by claiming he was investing their funds by trading in the foreign currency exchange, gold futures options, stocks, and cryptocurrency.  Instead of trading as promised, DEPETRILLO misappropriated pool funds.  DEPETRILLO then used these misappropriated pool funds to pay approximately $3,700,000 in “returns” to prior investors; approximately $575,000 on his own personal investments; approximately $425,000 on rent; approximately $200,000 on private air travel; and approximately $300,000 on online gambling, among other personal expenses.  To conceal DEPETRILLO’s misappropriation, he created and issued fictitious account statements in the names NOLA FX FUND and NOLA FX CAPITAL.  The fictitious account statements purported to show that: (1) DEPETRILLO had traded forex using pool participant funds, and (2) the NOLA FX FUND and NOLA FX CAPITAL had achieved significant trading returns for pool participants because of his profitable forex trading.  In fact, DEPETRILLO never deposited pool participant funds into trading accounts belonging to NOLA FX FUND or NOLA FX CAPITAL, and he never achieved the trading returns represented on the false account statements.  DEPETRILLO also did not set up the forex pool in the manner required by the regulations, did not receive pool participant funds in the name of the forex pool, and commingled pool participant funds with his own funds.  DEPETRILLO took in approximately $9.2 million in investor funds from approximately 55 victim investors during a seven-year period.

    Sentencing in this matter is scheduled for May 25, 2025, before United States District Judge Jay C. Zainey.

    The case is being investigated by the Federal Bureau of Investigation (“FBI”).  The FBI is seeking information that may help identify potential victims of DEPETRILLO’s fraudulent scheme.  FBI encourages the public to report any information to http://fbi.gov/depetrillovictims.

    The prosecution of this case is being handled by Assistant United States Attorneys Kathryn McHugh of the Financial Crimes Unit and Brian M. Klebba, Chief of the Financial Crimes Unit.

    MIL Security OSI

  • MIL-OSI Security: Lake Station Man Sentenced to 360 Months in Prison

    Source: Office of United States Attorneys

    HAMMOND – Matthew A. Bugielski, 26 years old, of Lake Station, Indiana, was sentenced by United States District Court Judge Gretchen S. Lund after pleading guilty to Sexual Exploitation of Children, announced Acting United States Attorney Tina L. Nommay.

    Bugielski was sentenced to 360 months in prison, followed by 15 years of supervised release, and ordered to pay restitution to the victim of the offense.

    According to documents in the case, on or about June 19, 2023, Bugielski produced a sexually explicit image of a minor by employing, using, and inducing the minor to engage in sexually explicit conduct for the purpose of producing a visual depiction of such conduct. Further, Bugielski distributed that sexually explicit image to others over the internet. On occasions separate from June 19, 2023, Bugielski distributed other images and videos of child sexual abuse materials over the internet to others.

    This case was investigated by Homeland Security Investigations, with assistance from the Indiana Internet Crimes Against Children Task Force, the Indiana State Police, the Indiana State Police Digital Forensics Unit, the Roanoke Police Department, the Huntington County Sheriff’s Office, the Indianapolis Metropolitan Police Department, the Lake Station Police Department, and the New Chicago Police Department. The case was prosecuted by Assistant United States Attorney Emily Morgan.

    The case was brought as part of Project Safe Childhood. In 2006, the Department of Justice created Project Safe Childhood, a nationwide initiative designed to protect children from exploitation and abuse. Led by the U.S. Attorneys’ Offices and the DOJ’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who exploit children, as well as identify and rescue victims. For more information about Project Safe Childhood, please visit www.projectsafechildhood.gov.

    MIL Security OSI

  • MIL-OSI Security: 14 members of Bandidos motorcycle gang indicted for offenses including racketeering, assault and murder

    Source: Office of United States Attorneys

    HOUSTON – A 22-count indictment has been unsealed in the Southern District of Texas (SDTX) following an operation targeting multiple members of an allegedly violent, transnational motorcycle gang in the Houston metropolitan area.

    Current and former members of the Bandidos Outlaw Motorcycle Gang and Mascareros Motorcycle Club are charged for their alleged roles in a criminal enterprise engaged in violent criminal activity in and around Houston. The Mascareros is a support club of the Bandidos.

    Several of those are expected to make their initial appearance before U.S. Magistrate Judge Dena Hanovice Palermo at 2 p.m. Feb. 20.

    A federal grand jury returned an indictment Feb. 11 against 14 members and associates of the Bandidos outlaw motorcycle gang accusing them of various crimes, to include engaging in a conspiracy to commit racketeering activity and committing violent crimes in furtherance of the gang such as murder, attempted murder and assault. The indictment alleges the Bandidos are a self-identified “outlaw” motorcycle organization with a membership of approximately 1,500 to 2,000 in the United States and an additional 1,000 to 1,500 members internationally, including in Mexico.

    “Ensuring the safety of the public is SDTX’s paramount concern,” said U.S. Attorney Nicholas J. Ganjei. “The indictment here not only alleges shocking crimes of violence, but also alleges that these offenses were committed openly and wantonly, where any innocent member of the public could have been hurt or killed.” 

    “Today’s indictment is an important step in eliminating the Bandidos Outlaw Motorcycle Gang,” said Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division. “The Bandidos declare war on rivals—and they wage that war on our streets. Criminal behavior like this has no place in America, and the Department of Justice is fully committed to bringing peace back to our communities.”

    The indictment alleges that beginning in 2019, a violent turf war erupted between the Bandidos and B*EAST, a rival outlaw motorcycle gang in the Houston area. As part of this turf war, Bandidos national leadership allegedly put out a “smash on site” order to commit physical assaults, including murder, against B*EAST members. The turf war has resulted in gunfire exchanged on public roadways and in public establishments with innocent civilians present, according to the charges.

    John M. Pfeffer aka Big John, 32, Darvi Hinojosa aka 10 Round, 35, Bradley Rickenbacker aka Dolla Bill, 37, all of Katy; Michael H. Dunphy aka Money Mike, 57, Cleveland; Christopher Sanchez aka Monster, 40, Tomball; and Brandon K. Hantz aka Loco and Gun Drop, 33, Crosby; are charged with conspiracy to commit racketeering activity. Pfeffer, Dunphy, Hinojosa, Rickenbacker and Sanchez are further charged with multiple counts of assault in aid of racketeering. Pfeffer, Hinojosa, Rickenbacker and Sanchez are also charged with using a firearm during and in relation to a crime of violence, while Sanchez faces charges of being a felon in possession of a firearm. Hantz is also charged with arson.

    Pfeffer, Hinojosa, Rickenbacker and Sanchez each face up to life in prison if convicted, while Dunphy and Hantz each face up to 20 years on each of their counts upon conviction.

    The indictment also charges David Vargas aka Brake Check and First Time, 33, Houston, with murder in aid of racketeering; using a firearm during and in relation to a crime of violence resulting in death; attempted murder in aid of racketeering; and using, carrying, brandishing, discharging and possessing a firearm during and in relation to the attempted murders. All those charges relate to the killing of a rival and the shooting of two others. Murder in aid of racketeering carries a mandatory life sentence or the death penalty, if convicted.

    Further, Pfeffer and Rickenbacker are also charged with assault in aid of racketeering and using a firearm during and in relation to a crime of violence  along with Marky Baker aka Pinche Guero and Guero, 40, Ronnie McCabe aka Meathead, 56, and Jeremy Cox aka JD, 37, all of Houston; Roy Gomez aka Repo, 50, Richmond; and Marcel Lett, 56, Pearland. These charges are in relation to an alleged assault and robbery that resulted in the death of a rival. If convicted, they face up to life in prison.

    Hinojosa is also charged along with John Sblendorio aka Tech9, 54, Houston, with conspiracy to commit murder in aid of racketeering, attempted murder in aid of racketeering, assault in aid of racketeering and using a firearm during and in relation to a crime of violence in connection with the shooting of a rival gang member. Hinojosa is also charged with conspiracy to distribute cocaine and three counts of possession with intent to distribute cocaine. Sblendorio and Hinojosa each face up to life in prison, if convicted.

    In addition, Sean G. Christison, aka Skinman, 30, Katy, is charged with possession with intent to distribute cocaine and possession of a firearm in furtherance of a drug trafficking crime. He faces a maximum penalty of life imprisonment. 

    The FBI, Texas Board of Criminal Justice – Office of Inspector General, Texas Department of Public Safety and Montgomery County Sheriff’s Office conducted the Organized Crime Drug Enforcement Task Forces (OCDETF) investigation with the assistance of Harris County Sheriff’s Office; Houston and Pasadena Police Departments; Texas Alcoholic Beverage Commission; LaMarque and Katy Police Departments; U.S. Marshals Service; Bureau of Alcohol, Tobacco, Firearms and Explosives; and the Cypress-Fairbanks Independent School District Police Department. 

    OCDETF identifies, disrupts and dismantles the highest-level drug traffickers, money launderers, gangs and transnational criminal organizations that threaten the United States by using a prosecutor-led, intelligence-driven, multi-agency approach that leverages the strengths of federal, state and local law enforcement agencies against criminal networks. Additional information about the OCDETF Program can be found on the Department of Justice’s OCDETF webpage.

    This case is being prosecuted as part of the joint federal, state and local Project Safe Neighborhoods (PSN) Program, the centerpiece of the Department of Justice’s violent crime reduction efforts. PSN is an evidence-based program proven to be effective at reducing violent crime. Through PSN, a broad spectrum of stakeholders work together to identify the most pressing violent crime problems in the community and develop comprehensive solutions to address them. As part of this strategy, PSN focuses enforcement efforts on the most violent offenders and partners with locally based prevention and reentry programs for lasting reductions in crime.

    Assistant U.S. Attorneys Byron H. Black and Kelly Zenón-Matos of the Southern District of Texas are prosecuting the case in partnership with Trial Attorneys Grace H. Bowen and Christopher Taylor of the Department of Justice’s Criminal Division – Violent Crime and Racketeering Section.

    An indictment is a formal accusation of criminal conduct, not evidence. A defendant is presumed innocent unless convicted through due process of law.

    MIL Security OSI

  • MIL-OSI Security: Ariton, Alabama Man Sentenced to Prison for Gun Crime Committed While on Federal Probation

    Source: Office of United States Attorneys

               Montgomery, Ala. – Today, Acting United States Attorney Kevin Davidson announced that 48-year-old Bobby Wayne Williams, from Ariton, Alabama, received a 51-month prison sentence for being a felon in possession of a firearm and for violating the terms of his federal probation. During the sentencing hearing on February 18, 2025, the judge also ordered that Williams serve an additional three years of supervised release following his prison sentence.            

               According to Williams’ plea agreement and other court records, during the summer of 2024, Williams was on federal supervised release and residing in Dale County after completing a 63-month prison sentence from a previous federal gun conviction. In June of 2024, law enforcement obtained an arrest warrant for Williams stemming from allegations that Williams pointed a firearm at his ex-girlfriend and her current boyfriend, then threatened to shoot them both. On August 14, 2024, a United States Probation Officer and deputies from the Dale County Sheriff’s Office conducted a home visit at Williams’ residence to execute the arrest warrant. Officers found Williams in possession of a handgun. Williams’ previous felony conviction prohibits him from possessing a firearm or ammunition. Possessing the firearm and committing a new crime also violated the terms of his supervised release. 

               The Dale County Sheriff’s Office and the United States Probation Office investigated the case, with assistance from the Bureau of Alcohol, Tobacco, Firearms and Explosives. Assistant United States Attorney Russell T. Duraski prosecuted this case.

    MIL Security OSI

  • MIL-OSI Security: Detroit Man Sentenced To Over Four Years in Federal Prison For Participating In Multi-State Pandemic Unemployment Insurance Fraud Scheme

    Source: Office of United States Attorneys

    DETROIT – A man from Detroit, Michigan was sentenced today for his role in a multi-state, million-dollar unemployment insurance fraud scheme aimed at defrauding the U.S. government and the states of Michigan, Pennsylvania, and Maryland, of funds earmarked for unemployment assistance during the COVID-19 pandemic, announced Acting United States Attorney Julie A. Beck.

    Joining in the announcement were Special Agent in Charge Cheyvoryea Gibson, Federal Bureau of Investigation, Special Agent in Charge Charles Miller, Internal Revenue Service-Criminal Investigation, and Megan Howell, Acting Special Agent in Charge, Chicago Region, U.S. Department of Labor Office of Inspector General.

    Tracey Dotson, 49, was sentenced to 51 months in prison and ordered to pay more than $900,000 in restitution in the sentence handed down by United States District Judge Matthew F. Leitman.

    According to court records, Dotson and a co-defendant conspired to, and did, defraud the federal government and the states of Michigan, Pennsylvania, and Maryland of roughly $1 million in funds intended to support individuals who had lost their jobs during the COVID-19 pandemic. The pair committed their crimes through the use of interstate wires and the unauthorized possession and use of social security numbers and other means of identification belonging to other individuals.

    Dotson pleaded guilty to wire fraud and conspiracy to commit wire fraud in April 2024. Dotson and his co-defendant, using stolen personal identification, filed hundreds of false unemployment claims with state unemployment insurance agencies in Michigan, Pennsylvania, and Maryland in the names of other individuals without their knowledge or consent.   The defendants then received hundreds of Bank of America prepaid debit cards in the names of those individuals loaded with roughly $1 million in Pandemic Unemployment Assistance funds at addresses in Michigan and Pennsylvania. Dotson, his co-defendant, and their accomplices then successfully unloaded more than $930,000 from the cards via cash withdrawals and purchases that included high-end jewelry, designer fashion accessories by Gucci and Louis Vuitton, drugs, at least one vehicle, and at least one firearm.

    “Taxpayer unemployment assistance funds diverted to the pockets of criminals during the pandemic resulted in fewer resources that were available for those genuinely in need at that challenging time,” said Acting U.S. Attorney Julie Beck. “Our office is steadfast in its commitment to bringing those to justice who used a global health crisis as a means to illegally line their own pockets at the expense of taxpayers. “

    “This sentence underscores the FBI’s commitment to investigating complex financial crimes,” said Cheyvoryea Gibson, Special Agent in Charge of the FBI in Michigan. “We will not tolerate the greed and selfish conduct demonstrated by those who chose to defraud the unemployment insurance system, especially when we faced an unprecedented global pandemic. The FBI and our federal partners remain steadfast in holding criminals accountable and protecting government assistance programs. The pandemic may be in our rearview mirrors, but our investigations continue to move forward in the name of justice.”

    “Individuals who commit such blatant unemployment insurance fraud and identity theft of this magnitude deserve to be punished to the fullest extent of the law,” said Charles Miller, Special Agent in Charge, Detroit Field Office, IRS Criminal Investigation.  “Tracey Dotson and his co-conspirator took advantage of a program intended to help those in need get through a devastating global pandemic, exposed personal identity information of many, and caused immeasurable hardship to innocent victims. IRS Criminal Investigation remains committed to the pursuit of pandemic fraud and identity theft, together with our partners at the U.S. Attorney’s Office, we will hold those who engage in similar conduct accountable.”

    “Tracey Dotson and his co-conspirator defrauded multiple state workforce agencies by using stolen identities to obtain unemployment insurance (UI) benefits. As a result, he stole vital taxpayer resources intended for unemployed American workers in dire need of UI benefits. Today’s sentencing affirms the Office of Inspector General’s commitment to work with our law enforcement partners to investigate and bring to justice those who exploit this critical benefit program,” said Megan Howell, Acting Special Agent-in-Charge, Great Lakes Region, U.S. Department of Labor, Office of Inspector General.

    This case was prosecuted by Assistant United States Attorneys Carl D. Gilmer-Hill and Jessica A. Nathan. The investigation was conducted jointly by the Federal Bureau of Investigation, Internal Revenue Service – Criminal Investigation, and Department of Labor, Office of Inspector General.

    MIL Security OSI

  • MIL-OSI Security: 14 Members & Associates of Violent Transnational Motorcycle Gang Indicted on RICO & Murder Charges

    Source: United States Attorneys General 7

    Today, an indictment was unsealed in the Southern District of Texas charging 14 members and associates of the Bandidos Outlaw Motorcycle Gang for their alleged roles in a criminal enterprise engaged in murder, robbery, arson, narcotics distribution, and witness intimidation in and around Houston.

    MIL Security OSI

  • MIL-OSI Security: Financial TV News Analyst-Turned-Fugitive Agrees to Plead Guilty to Federal Charge for Conning Investors Out of Millions of Dollars

    Source: Office of United States Attorneys

    LOS ANGELES – A former San Gabriel Valley resident – who was a frequent guest on financial television news programs then became a fugitive from justice after being accused of scamming investors – has agreed to plead guilty to defrauding his victims out of at least $2.7 million, the Justice Department announced today.

    James Arthur McDonald Jr., 53, formerly of Arcadia, has agreed to plead guilty to one count of securities fraud, a felony that carries a statutory maximum sentence of 20 years in federal prison.

    McDonald has been in federal custody since June 2024, when he was arrested in a residence in Port Orchard, Washington, after being a fugitive since November 2021, when he failed to appear before the United States Securities and Exchange Commission (SEC) to testify after allegations arose that he had defrauded investors. 

    According to his plea agreement, at McDonald’s Washington state hideout, law enforcement found, among other things, a fake Washington, D.C., driver’s license bearing McDonald’s photograph and the name “Brian Thomas.”

    McDonald was the CEO and chief investment officer of two companies headquartered in Los Angeles: Hercules Investments LLC and Index Strategy Advisors Inc. (ISA). He frequently appeared as an analyst on the CNBC financial television news network.

    In late 2020, McDonald lost tens of millions of dollars of Hercules client money after adopting a risky short position that effectively bet against the health of the United States economy in the aftermath of the U.S. presidential election. McDonald projected that the COVID-19 pandemic and the election would result in major selloffs that would cause the stock market to drop. When the market decline didn’t occur, Hercules clients lost between $30 million and $40 million. By December 2020, Hercules clients were complaining to company employees about the losses in their accounts, according to court documents.

    In early 2021, McDonald solicited millions of dollars’ worth of funds from investors in the form of a purported capital raise for Hercules but misrepresented how the funds would be used and failed to disclose the massive losses Hercules previously sustained. As part of the capital raise, McDonald obtained $675,000 in investment funds from one victim group on March 9, 2021. He misappropriated most of those funds in various ways, including spending $174,610 at a Porsche dealership and transferring $109,512 to the landlord of a home McDonald was renting in Arcadia.

    McDonald also defrauded clients of ISA, his other firm, using less than half of the approximately $3.6 million he raised for trading purposes. Instead, McDonald frequently commingled ISA client funds with funds from his personal bank account, which he used to purchase luxury cars and to pay rent on his home, personal credit card charges, and Hercules operating expenses and to make Ponzi-like payments to ISA clients — that is, paying some ISA clients using funds from other clients. 

    In total, McDonald caused losses of between approximately $2,745,892 and approximately $3,025,892, according to his plea agreement.

    The FBI and IRS Criminal Investigation are investigating this matter.

    In September 2022, the SEC filed a civil complaint charging McDonald and Hercules with violations of federal securities law. In April 2024, United States District Judge Percy Anderson found McDonald and Hercules liable and ordered that they pay several million dollars in disgorgement and civil penalties.

    Assistant United States Attorneys Alexander B. Schwab and Nisha Chandran of the Corporate and Securities Fraud Strike Force are prosecuting this case.

    MIL Security OSI

  • MIL-OSI Security: Fourteen Members and Associates of Violent Transnational Motorcycle Gang Indicted on RICO and Murder Charges

    Source: United States Attorneys General

    An indictment was unsealed today in the Southern District of Texas charging 14 members and associates of the Bandidos Outlaw Motorcycle Gang for their alleged roles in a criminal enterprise engaged in murder, robbery, arson, narcotics distribution, and witness intimidation in and around Houston.

    The indictment accuses the defendants of various crimes, including engaging in a conspiracy to commit racketeering (RICO) activity and committing violent crimes in furtherance of the gang such as murder, attempted murder, and assault. The indictment alleges that the Bandidos are a self-identified “outlaw” motorcycle organization with a membership of approximately 1,500 to 2,000 in the United States and an additional 1,000 to 1,500 members internationally, including in Mexico.

    “Today’s indictment is an important step in eliminating the Bandidos Outlaw Motorcycle Gang,” said Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division. “The Bandidos declare war on rivals — and they wage that war on our streets. Criminal behavior like this has no place in America, and the Department of Justice is fully committed to bringing peace back to our communities.”

    “Ensuring the safety of the public is Southern District of Texas’ paramount concern,” said U.S. Attorney Nicholas J. Ganjei for the Southern District of Texas. “The indictment here not only alleges shocking crimes of violence, but also alleges that these offenses were committed openly and wantonly, where any innocent member of the public could have been hurt or killed.”

    According to court documents and statements in court, beginning in 2019, a violent turf war erupted between the Bandidos and B*EAST, a rival outlaw motorcycle gang in the Houston area. As part of this turf war, Bandidos national leadership allegedly put out a “smash on site” order to commit physical assaults, including murder, against B*EAST members. The turf war has resulted in gunfire exchanged on public roadways and in public establishments with innocent civilians present, according to the charges.

    John M. Pfeffer, also known as Big John, 32, Darvi Hinojosa, also known as 10 Round, 35, and Bradley Rickenbacker, also known as Dolla Bill, 37, all of Katy, Texas; Michael H. Dunphy, also known as Money Mike, 57, of Cleveland, Texas; Christopher Sanchez, also known as Monster, 40, of Tomball, Texas; and Brandon K. Hantz, also known as Loco and Gun Drop, 33, of Crosby, Texas, are charged with conspiracy to commit racketeering activity. Pfeffer, Dunphy, Hinojosa, Rickenbacker, and Sanchez are further charged with multiple counts of assault in aid of racketeering. Pfeffer, Hinojosa, Rickenbacker, and Sanchez are also charged with using a firearm during and in relation to a crime of violence, while Sanchez faces charges of being a felon in possession of a firearm. Hantz is also charged with arson.

    If convicted, Pfeffer, Hinojosa, Rickenbacker, and Sanchez each face a maximum penalty of life in prison, while Dunphy and Hantz each face a maximum penalty of 20 years in prison on each of their counts.

    The indictment also charges David Vargas, also known as Brake Check and First Time, 33, of Houston, with murder in aid of racketeering; using a firearm during and in relation to a crime of violence resulting in death; attempted murder in aid of racketeering; and using a firearm during and in relation to the attempted murders. All those charges relate to the killing of a rival and the shooting of two others. If convicted, Vargas faces a mandatory penalty of life in prison or the death penalty.

    Further, Marky Baker, also known as Pinche Guero and Guero, 40; Ronnie McCabe, also known as Meathead, 56; and Jeremy Cox, also known as JD, 37, all of Houston; Roy Gomez, also known as Repo, 50, of Richmond, Texas; and Marcel Lett, 56, of Pearland, Texas, are charged along with Pfeffer and Rickenbacker with assault in aid of racketeering and using a firearm during and in relation to a crime of violence. These charges are in relation to an alleged assault and robbery that resulted in the death of a rival. If convicted, they each face a maximum penalty of life in prison.

    Hinojosa is also charged along with John Sblendorio, also known as Tech9, 54, of Houston, with conspiracy to commit murder in aid of racketeering, attempted murder in aid of racketeering, assault in aid of racketeering, and using a firearm during and in relation to a crime of violence in connection with the shooting of a rival gang member. Hinojosa is also charged with conspiracy to distribute cocaine and three counts of possession with intent to distribute cocaine. If convicted, Sblendorio and Hinojosa each face a maximum penalty of life in prison.

    In addition, Sean G. Christison, also known as Skinman, 30, of Katy, is charged with possession with intent to distribute cocaine and possession of a firearm in furtherance of a drug trafficking crime. He faces a maximum penalty of life in prison.

    For all defendants, a federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

    The FBI, Texas Board of Criminal Justice — Office of Inspector General, Texas Department of Public Safety, and Montgomery County Sheriff’s Office conducted the investigation, with assistance from the Harris County Sheriff’s Office; Houston and Pasadena Police Departments; Texas Alcoholic Beverage Commission; LaMarque and Katy Police Departments; U.S. Marshals Service; Bureau of Alcohol, Tobacco, Firearms and Explosives; and Cypress-Fairbanks Independent School District Police Department.

    Trial Attorneys Grace H. Bowen and Christopher Taylor of the Criminal Division’s Violent Crime and Racketeering Section and Assistant U.S. Attorneys Byron H. Black and Kelly Zenón-Matos for the Southern District of Texas are prosecuting the case.

    This investigation was part of an Organized Crime Drug Enforcement Task Forces (OCDETF) operation. OCDETF identifies, disrupts and dismantles the highest-level drug traffickers, money launderers, gangs and transnational criminal organizations that threaten the United States by using a prosecutor-led, intelligence-driven, multi-agency approach that leverages the strengths of federal, state and local law enforcement agencies against criminal networks. Additional information about the OCDETF Program can be found on the Justice Department’s OCDETF webpage.

    This case is being prosecuted as part of the joint federal, state and local Project Safe Neighborhoods (PSN) Program, the centerpiece of the Justice Department’s violent crime reduction efforts. PSN is an evidence-based program proven to be effective at reducing violent crime. Through PSN, a broad spectrum of stakeholders work together to identify the most pressing violent crime problems in the community and develop comprehensive solutions to address them. As part of this strategy, PSN focuses enforcement efforts on the most violent offenders and partners with locally based prevention and reentry programs for lasting reductions in crime. For more information about PSN, please visit www.justice.gov/psn.

    An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

    MIL Security OSI

  • MIL-OSI Security: Sacramento County Man Sentenced to 33 Months in Prison for Fraud in Connection with Medical Device Sales

    Source: Office of United States Attorneys

    SACRAMENTO, Calif. — Michael Andrew Scott, 38, of Fair Oaks, was sentenced Tuesday by Senior U.S. District Judge Kimberly J. Mueller to 33 months in prison for fraud in connection with a medical device sales scheme, Acting U.S. Attorney Michele Beckwith announced. In addition, Scott was ordered to pay $376,044 in restitution to his victims.

    According to court documents, between June 2018 and June 2022, Scott devised a scheme to defraud investors in his company, Trusted Medical Partnership. Scott told investors that either he or Trusted Medical Partnership received purchase orders from health care providers for medical devices but lacked the capital to fulfill the orders. Scott solicited and obtained loans from these investors, and, in exchange, promised them substantial returns in a relatively short time with zero risk.

    In reality, Scott’s representations to these prospective investors were false because Scott did not have purchase orders from health care providers. To some of his victims, Scott sent purchase orders that he had doctored or fabricated in order to convince them to lend money. The health care providers listed on these purported purchase orders confirmed that the orders were fake altogether or altered to reflect inflated amounts or other false information. Trusted Medical Partnership was not a legitimate business — while incorporated in the State of California, it conducted no legitimate business transactions, paid no taxes, submitted no wage or employment-related records, and was suspended in December 2021 before Scott solicited investments on its behalf from some of his victims.

    Scott’s victims lent him money on the basis of his false statements, including the fraudulent purchase orders, but received little to no returns on their investments. Instead, Scott spent the money on gambling at several local casinos (sometimes the same day he received the victims’ money), personal expenses, or payments to other, prior investors in order to keep the scheme running. Collectively, Scott defrauded at least 16 victims of almost $470,000.

    This case was the product of an investigation by the Federal Bureau of Investigation. Assistant U.S. Attorney Dhruv M. Sharma prosecuted the case.

    MIL Security OSI

  • MIL-OSI Security: Floridian Sentenced for Role in Money Laundering Operation

    Source: Office of United States Attorneys

    PITTSBURGH, Pa. – A resident of Ocala, Florida, has been sentenced to time served, to be followed by three years of supervised release, on his conviction for money laundering conspiracy, Acting United States Attorney Troy Rivetti announced today.

    Senior United States District Judge Nora Barry Fischer imposed the sentence on Charles Wilson Stout, 66, who had served approximately six months of imprisonment for his crime.

    According to information presented to the Court, Stout engaged in a money laundering conspiracy from in and around April 2022 until in and around June 2022. The Court was advised that a Washington, D.C.-based university was the victim of a business email compromise that resulted in the fraudulent transfer of more than $603,000 from a bank account located in the Western District of Pennsylvania into a separate bank account owned by Stout.

    To obfuscate the source of the fraudulent funds, Stout and his co-defendant, David Kakra Mensah, created a shell company and transferred portions of the fraudulently obtained proceeds into a cryptocurrency account that Mensah owned. In addition to participating in the business e-mail compromise, Mensah was also involved in a romance fraud scheme in which he obtained and moved money through individual victims living in Pennsylvania, Oregon, and elsewhere. Mensah previously pleaded guilty and was sentenced to 24 months of imprisonment.

    Assistant United States Attorneys Mark V. Gurzo and Kelly M. Locher prosecuted this case on behalf of the government.

    Acting United States Attorney Rivetti commended the Federal Bureau of Investigation for the investigation leading to the successful prosecution of Stout.

    MIL Security OSI

  • MIL-OSI Security: Mexican National Who Supervised a Drug Trafficking Organization Operating in Orville, Washington, Sentenced to 15 Years in Federal Prison

    Source: Office of United States Attorneys

    The investigation resulted in the seizure of more than 100 pounds of illegal drugs

    Spokane, Washington – Acting United States Attorney Richard R. Barker announced that on February 19, 2025, United States District Judge Thomas O. Rice sentenced Erubey Arciga Medrano, age 35, of Michoacan, Mexico, to 180 months in federal prison on drug trafficking charges. Judge Rice also imposed 5 years of supervised release. When he imposed the sentence, Judge Rice noted the large amount of drugs and firearms involved in this case.

    According to court documents and information presented at the sentencing hearing, in January 2023, the Bureau of Indian Affairs (BIA) identified Medrano as the leader of a drug trafficking organization flooding portions of the Eastern District of Washington, including the Oroville area and the Colville Indian Reservation, with methamphetamine and fentanyl.

    Between January 2023 and March 2023, BIA, the Drug Enforcement Administration (DEA), Washington State law enforcement and Colville Tribal law enforcement conducted a series of controlled drug buys from Medrano and others selling drugs on his behalf.

    On April 19, 2023, BIA, DEA, the North Central Washington Narcotics Task Force, and other Federal, State, Local, and Tribal law enforcement, executed a series of federal search warrants at a number of homes in rural Okanogan County, near Oroville, Washington. In total, investigators seized approximately 161,000 fentanyl-laced pills (to include Mexi-blues and rainbow-colored pills), approximately 80 pounds of methamphetamine, approximately 6 pounds of heroin, and more than 2 pounds of cocaine. The BIA, DEA, and their partners also seized approximately 12 firearms.

    “The volume of drugs and firearms seized during this operation is staggering. I am so grateful for the incredible law enforcement team, which came together to conduct this operation and remove these drugs from Eastern Washington communities,” stated Acting United States Attorney Richard Barker. “Because of the joint efforts of federal state, local, and Tribal law enforcement – which were led in this case by the BIA’s Division of Drug Enforcement – Eastern Washington is safer today.  Many of these drugs were destined for Native American communities, including in Eastern Washington and Montana. I am confident that lives were saved as a result of the incredible work that was done in this case.”   

    “The impact of this individual and his drug trafficking organization on numerous tribal members, their communities, and surrounding areas – between the Colville Indian Reservation in Washington to the Crow Indian Reservation in Montana – cannot be quantified. The Bureau of Indian Affairs (BIA) expresses its gratitude for the robust partnerships with various law enforcement agencies that contributed to the successful conclusion of this investigation,” Deputy Associate Director of the BIA Division of Drug Enforcement, Tom Atkinson, stated. “This achievement exemplifies the BIA’s unwavering commitment to dismantling organizations that exploit Indian Country and to safeguarding all residents of our native lands.”

    “Drug traffickers like Mr. Medrano profit from the pain they cause selling poison to our neighbors,” said David F. Reames, Special Agent in Charge, DEA Seattle Division. “We at the Drug Enforcement Administration, and our partners, work tirelessly to protect our community and this case highlights the lengths we will go to ensure people trafficking fentanyl and methamphetamine are held accountable for the suffering they cause.”

    This case was investigated by the Bureau of Indian Affairs Division of Drug Enforcement, the Drug Enforcement Administration, and the North Central Washington Narcotics Task Force.  The investigation team was assisted by the U.S. Marshals Service, U.S. Customs and Border Protection, the Okanogan County Sheriff, Colville Tribal Police Department, and the Kalispel Tribal Police Department. The case was prosecuted by Acting United States Attorney Richard R. Barker and Assistant United States Attorney Nowles H. Heinrich.

    2:23-cr-00047-TOR

    MIL Security OSI

  • MIL-OSI Security: Federal Indictment Charges Suburban Chicago Man With Trafficking Firearms and Drugs

    Source: Office of United States Attorneys

    CHICAGO — A federal grand jury has indicted a suburban Chicago man for allegedly trafficking firearms and drugs.

    An indictment returned Thursday in U.S. District Court in Chicago charges EFRAIN JACOBO, 42, of Prospect Heights, Ill., with federal firearm and drug offenses.  He pleaded not guilty to the charges during his arraignment this morning in federal court.  Jacobo is currently detained in federal custody.

    According to the indictment and a criminal complaint previously filed in the case, Jacobo dealt six handguns, a rifle, ammunition, and narcotics in a series of transactions last fall in Joliet, Ill.  The drugs in the deals included methamphetamines and cocaine. Unbeknownst to Jacobo, the individual to whom he sold the guns and drugs was an undercover law enforcement officer, the charges allege.

    During the investigation, law enforcement seized approximately 150 kilograms of methamphetamines from a truck that had traveled from Texas to Bolingbrook, Ill.  Law enforcement also seized fentanyl and cocaine from a storage facility used by Jacobo in Wheeling, Ill., and additional cocaine from Jacobo’s vehicle, the charges allege.

    The indictment was announced by Morris Pasqual, Acting United States Attorney for the Northern District of Illinois, Christopher Amon, Special Agent-in-Charge of the Chicago Field Division of the U.S. Bureau of Alcohol, Tobacco, Firearms & Explosives, Sheila G. Lyons, Special Agent-in-Charge of the Chicago Field Division of the U.S. Drug Enforcement Administration, and Mike Rompa, Chief of the Bolingbrook, Ill. Police Department.  The government is represented by Assistant U.S. Attorney Margaret A. Steindorf.

    The public is reminded that an indictment is not evidence of guilt.  The defendant is presumed innocent and entitled to a fair trial at which the government has the burden of proving guilt beyond a reasonable doubt. 

    MIL Security OSI

  • MIL-OSI Security: U.S. Attorney Announces Guilty Plea in Unregistered Firearm Case

    Source: Office of United States Attorneys

    ALBUQUERQUE – An Alamogordo man pleaded guilty pleaded guilty to possessing a modified shotgun that was used in the fatal shooting of Alamogordo Police Officer Anthony Ferguson on July 15, 2023.

    According to court documents, on July 15, 2023, Dominic De La O, 28, possessed a modified 12-gauge shotgun with a barrel length of less than 16 inches and an overall length of less than 26 inches, making it subject to registration under federal law. De La O admitted that the modified shotgun was operable and not registered to him in the National Firearms Registration and Transfer Record. He also acknowledged that the firearm lacked the new serial number required by law for modified weapons.

    On that date, De La O used the shotgun to shoot and kill Alamogordo Police Officer Anthony Ferguson during a traffic stop.

    Jonah Apodaca was subsequently charged with being a felon in possession of a firearm after the ATF determined that he had provided the modified shotgun to De La O. Apodaca pled guilty to the charges on June 18, 2024, and was sentenced to 72 months in federal prison.

    De La O will remain in custody pending sentencing, which has not been scheduled. At sentencing, De La O faces up to 10 years in prison followed by three years of supervised release. In November 2024, a jury in New Mexico’s Twelfth Judicial District convicted De La O of murdering Officer Ferguson and a judge sentenced him to life in prison without the possibility of parole.

    Acting U.S. Attorney Holland S. Kastrin, and Brendan Iber, Special Agent in Charge of the Phoenix Field Division of the Bureau of Alcohol, Tobacco, Firearms and Explosives, made the announcement today.

    The Bureau of Alcohol, Tobacco, Firearms and Explosives investigated this case with assistance from the Alamogordo Police Department, New Mexico State Police, and the Otero County Sheriff’s Office. Assistant U.S. Attorneys Maria Y. Armijo and Ry Ellison are prosecuting the case.

    MIL Security OSI

  • MIL-OSI Security: Felon in Possession of Handgun and AR-15 Rifle in Nash County Sentenced to 10 Years

    Source: Office of United States Attorneys

    NEW BERN, N.C. – A Benson man was sentenced to 120 months in prison for possession with intent to distribute a quantity of a mixture and substance containing a detectable amount of fentanyl.  On October 7, 2025, Keith Antonio Mcdougald, age 34, pled guilty to the offense.

    According to court documents and other information presented in court, Mcdougald was found in Nash County by the Nash County Sherriff’s deputies in a disabled vehicle on I-95 blocking all traffic. Mcdouglad initially gave a false name to law enforcement and admitted to smoking marijuana in the vehicle. Inside of the vehicle, deputies located an AR-15 rifle loaded with a large capacity magazine containing 41 rounds of ammunition, a 10mm pistol and a loaded 10mm magazine, six grams of marijuana, a glass pipe, 22.87 grams of a mixture containing heroin, fentanyl, ANPP, and flourofentanyl (a fentanyl analogue) and 7.57 grams of a mixture containing methamphetamine, fentanyl, heroin and ANPP. Mcdougald admitted to traveling to Virginia to purchase tires from someone through Facebook Marketplace and that he needed to take “something” with him in case the seller tried to rob him for the money.

    Mcdougald was sentenced as a career offender and has four prior felony convictions including two counts of felony assault by strangulation, intimidation of a witness, and attempted obtaining Property by false pretenses. 

    Daniel P. Bubar, Acting U.S. Attorney for the Eastern District of North Carolina made the announcement after sentencing by U.S. District Judge Louise W. Flanagan. The Bureau of Alcohol, Tobacco, Firearms, and Explosives investigated the case. Assistant U.S. Attorney Kelly Sandling and Special Assistant U.S. Attorney Aria Q. Merle prosecuted the case.

    Related court documents and information can be found on the website of the U.S. District Court for the Eastern District of North Carolina or on PACER by searching for Case No. 5:23-CR-00203-FL.

    ###

    MIL Security OSI

  • MIL-OSI Security: Union, Missouri Woman Accused of Embezzling from Her Employer

    Source: Office of United States Attorneys

    ST. LOUIS – A woman from Washington, Missouri has been indicted and accused of embezzling more than $100,000 from her former employer.

    Victoria Isgriggs, formerly known as Victoria Denise Missey, was indicted on February 13 with two counts of bank fraud and four counts of wire fraud. She was arrested Wednesday and is scheduled to appear in U.S. District Court in St. Louis the same day to plead not guilty.

    The indictment says Isgriggs, 44, worked at a Franklin County nursery and florist as an office manager and accountant from approximately Nov. 26, 2023, through April 29, 2024.  The indictment accuses Isgriggs of using a company bank account and company credit cards to pay personal expenses, including credit card debt, cell phone expenses, utility bills, and rent. The indictment also accuses Isgriggs of using company credit cards to make personal purchases that included luxury items and airfare.  

    The indictment seeks the forfeiture of jewelry, Christian Louboutin footwear and Louis Vuitton bags and accessories.

    Charges set forth in an indictment are merely accusations and do not constitute proof of guilt.  Every defendant is presumed to be innocent unless and until proven guilty.

    The U.S. Secret Service and the Washington (Missouri) Police Department investigated the case. Assistant U.S. Attorney Jennifer Roy prosecuted the case.

    MIL Security OSI

  • MIL-OSI Security: Baie Verte — Afternoon impaired driver arrested by Baie Verte RCMP

    Source: Royal Canadian Mounted Police

    Following a report of a suspected impaired driver yesterday, February 19, 2025, a 76-year-old man was arrested for impaired operation by Baie Verte RCMP.

    At approximately 3:00 p.m. on Tuesday, police received a report of a suspected impaired driver in Baie Verte. Police located the described vehicle a short time after the report and conducted a traffic stop. The driver showed signs of alcohol impairment and failed a roadside breath test. At the detachment, the man provided further breath samples that were above the legal limit.

    The driver was released from custody and is set to appear in court at a later date to answer to charges of impaired operation. The man’s licence was suspended and the vehicle was seized and impounded.

    Road safety is everyone’s responsibility. RCMP NL thanks those who continue to report suspected impaired drivers.

    MIL Security OSI

  • MIL-OSI Security: Milton — RCMP to hold a press conference following arrests linked to a complex and international cybercrime investigation

    Source: Royal Canadian Mounted Police

    The Officer in Charge of the Integrated Cybercrime Investigations Unit of the Central Region RCMP, Inspector Lina Dabit, will hold a press conference to provide results of a complex and international cybercrime investigation.

    Following a statement of facts, representatives from the RCMP will be available for questions.

    For media wanting to attend in person, please register by sending your name and media credentials to: media.relations.rcmp-Ontario-relations.medias.grc@rcmp-grc.gc.ca

    A live link to the conference will be provided upon registration for media only.

    When: February 20, 2025

    Time: 10:00 AM – Media is invited to start arriving in person at 9:15 AM

    Location: 2755 High Point Drive, Milton RCMP Detachment

    MIL Security OSI

  • MIL-OSI Security: #StopRansomware: Ghost (Cring) Ransomware

    Source: US Department of Homeland Security

    Summary

    Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

    The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Ghost (Cring)—(“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025.

    Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware. This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.

    Ghost actors rotate their ransomware executable payloads, switch file extensions for encrypted files, modify ransom note text, and use numerous ransom email addresses, which has led to variable attribution of this group over time. Names associated with this group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture. Samples of ransomware files Ghost used during attacks are: Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.

    Ghost actors use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) and gain access to internet facing servers. Ghost actors exploit well known vulnerabilities and target networks where available patches have not been applied.

    The FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Ghost ransomware incidents.

    Download the PDF version of this report:

    For a downloadable copy of IOCs, see:

    Technical Details

    Note: This advisory uses the MITRE ATT&CK® Matrix for Enterprise framework, version 16.1. See the MITRE ATT&CK Tactics and Techniques section of this advisory for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques.

    Initial Access

    The FBI has observed Ghost actors obtaining initial access to networks by exploiting public facing applications that are associated with multiple CVEs [T1190]. Their methodology includes leveraging vulnerabilities in Fortinet FortiOS appliances (CVE-2018-13379), servers running Adobe ColdFusion (CVE-2010-2861 and CVE-2009-3960), Microsoft SharePoint (CVE-2019-0604), and Microsoft Exchange (CVE-2021-34473CVE-2021-34523, and CVE-2021-31207— commonly referred to as the ProxyShell attack chain).

    Execution

    Ghost actors have been observed uploading a web shell [T1505.003] to a compromised server and leveraging Windows Command Prompt [T1059.003] and/or PowerShell [T1059.001] to download and execute Cobalt Strike Beacon malware [T1105] that is then implanted on victim systems. Despite Ghost actors’ malicious implementation, Cobalt Strike is a commercially available adversary simulation tool often used for the purposes of testing an organization’s security controls.

    Persistence

    Persistence is not a major focus for Ghost actors, as they typically only spend a few days on victim networks. In multiple instances, they have been observed proceeding from initial compromise to the deployment of ransomware within the same day. However, Ghost actors sporadically create new local [T1136.001] and domain accounts [T1136.002] and change passwords for existing accounts [T1098]. In 2024, Ghost actors were observed deploying web shells [T1505.003] on victim web servers.

    Privilege Escalation

    Ghost actors often rely on built in Cobalt Strike functions to steal process tokens running under the SYSTEM user context to impersonate the SYSTEM user, often for the purpose of running Beacon a second time with elevated privileges [T1134.001].

    Ghost actors have been observed using multiple open-source tools in an attempt at privilege escalation through exploitation [T1068] such as “SharpZeroLogon,” “SharpGPPPass,” “BadPotato,” and “GodPotato.” These privilege escalation tools would not generally be used by individuals with legitimate access and credentials. 

    See Table 1 for a descriptive listing of tools.

    Credential Access

    Ghost actors use the built in Cobalt Strike function “hashdump” or Mimikatz [T1003] to collect passwords and/or password hashes to aid them with unauthorized logins and privilege escalation or to pivot to other victim devices.

    Defense Evasion

    Ghost actors used their access through Cobalt Strike to display a list of running processes [T1057] to determine which antivirus software [T1518.001] is running so that it can be disabled [T1562.001]. Ghost frequently runs a command to disable Windows Defender on network connected devices. Options used in this command are: Set-MpPreference -DisableRealtimeMonitoring 1 -DisableIntrusionPreventionSystem 1 -DisableBehaviorMonitoring 1 -DisableScriptScanning 1 -DisableIOAVProtection 1 -EnableControlledFolderAccess Disabled -MAPSReporting Disabled -SubmitSamplesConsent NeverSend.

    Discovery

    Ghost actors have been observed using other built-in Cobalt Strike commands for domain account discovery [T1087.002], open-source tools such as “SharpShares” for network share discovery [T1135], and “Ladon 911” and “SharpNBTScan” for remote systems discovery [T1018]. Network administrators would be unlikely to use these tools for network share or remote systems discovery.

    Lateral Movement

    Ghost actors used elevated access and Windows Management Instrumentation Command-Line (WMIC) [T1047] to run PowerShell commands on additional systems on the victim network— often for the purpose of initiating additional Cobalt Strike Beacon infections. The associated encoded string is a base 64 PowerShell command that always begins with: powershell -nop -w hidden -encodedcommand JABzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgALABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACIA… [T1132.001][T1564.003].

    This string decodes to “$s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(“” and is involved with the execution of Cobalt Strike in memory on the target machine.

    In cases where lateral movement attempts are unsuccessful, Ghost actors have been observed abandoning an attack on a victim.

    Exfiltration

    Ghost ransom notes often claim exfiltrated data will be sold if a ransom is not paid. However, Ghost actors do not frequently exfiltrate a significant amount of information or files, such as intellectual property or personally identifiable information (PII), that would cause significant harm to victims if leaked. The FBI has observed limited downloading of data to Cobalt Strike Team Servers [T1041]. Victims and other trusted third parties have reported limited uses of Mega.nz [T1567.002] and installed web shells for similar limited data exfiltration. Note: The typical data exfiltration is less than hundreds of gigabytes of data.

    Command and Control

    Ghost actors rely heavily on Cobalt Strike Beacon malware and Cobalt Strike Team Servers for command and control (C2) operations, which function using hypertext transfer protocol (HTTP) and hypertext transfer protocol secure (HTTPS) [T1071.001]. Ghost rarely registers domains associated with their C2 servers. Instead, connections made to a uniform resource identifier (URI) of a C2 server, for the purpose of downloading and executing Beacon malware, directly reference the C2 server’s IP address. For example, http://xxx.xxx.xxx.xxx:80/Google.com where xxx.xxx.xxx.xxx represents the C2 server’s IP address.

    For email communication with victims, Ghost actors use legitimate email services that include traffic encryption features. [T1573] Some examples of emails services that Ghost actors have been observed using are Tutanota, Skiff, ProtonMail, Onionmail, and Mailfence.

    Note: Table 2 contains a list of Ghost ransom email addresses.

    Impact and Encryption

    Ghost actors use Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe, which are all ransomware executables that share similar functionality. Ghost variants can be used to encrypt specific directories or the entire system’s storage [T1486]. The nature of executables’ operability is based on command line arguments used when executing the ransomware file. Various file extensions and system folders are excluded during the encryption process to avoid encrypting files that would render targeted devices inoperable.

    These ransomware payloads clear Windows Event Logs [T1070.001], disable the Volume Shadow Copy Service, and delete shadow copies to inhibit system recovery attempts [T1490]. Data encrypted with Ghost ransomware variants cannot be recovered without the decryption key. Ghost actors hold the encrypted data for ransom and typically demand anywhere from tens to hundreds of thousands of dollars in cryptocurrency in exchange for decryption software [T1486].

    The impact of Ghost ransomware activity varies widely on a victim-to-victim basis. Ghost actors tend to move to other targets when confronted with hardened systems, such as those where proper network segmentation prevents lateral moment to other devices.

    Indicators of Compromise (IOC)

    Table 1 lists several tools and applications Ghost actors have used for their operations. The use of these tools and applications on a network should be investigated further.

    Note: Authors of these tools generally state that they should not be used in illegal activity.

    Table 1: Tools Leveraged by Ghost Actors
    Name Description Source
    Cobalt Strike Cobalt Strike is penetration testing software. Ghost actors  use an unauthorized version of Cobalt Strike. N/A
    IOX Open-source proxy, used to establish a reverse proxy to a Ghost C2 server from an internal victim device. github[.]com/EddieIvan01/iox
    SharpShares.exe SharpShares.exe is used to enumerate accessible network shares in a domain. Ghost actors use this primarily for host discovery. github[.]com/mitchmoser/SharpShares
    SharpZeroLogon.exe SharpZeroLogon.exe attempts to exploit CVE-2020-1472 and is run against a target Domain Controller. github[.]com/leitosama/SharpZeroLogon
    SharpGPPPass.exe SharpGPPPass.exe attempts to exploit CVE-2014-1812 and targets XML files created through Group Policy Preferences that may contain passwords. N/A
    SpnDump.exe SpnDump.exe is used to list service principal name identifiers, which Ghost actors use for service and hostname enumeration. N/A
    NBT.exe A compiled version of SharpNBTScan, a NetBIOS scanner. Ghost actors use this tool for hostname and IP address enumeration. github[.]com/BronzeTicket/SharpNBTScan
    BadPotato.exe BadPotato.exe is an exploitation tool used for privilege escalation. github[.]com/BeichenDream/BadPotato
    God.exe God.exe is a compiled version of GodPotato and is used for privilege escalation. github[.]com/BeichenDream/GodPotato
    HFS (HTTP File Server) A portable web server program that Ghost actors use to host files for remote access and exfiltration. rejitto[.]com/hfs
    Ladon 911 A multifunctional scanning and exploitation tool, often used by Ghost actors with the MS17010 option to scan for SMB vulnerabilities associated with CVE-2017-0143 and CVE-2017-0144. github[.]com/k8gege/Ladon
    Web Shell A backdoor installed on a web server that allows for the execution of commands and facilitates persistent access. Slight variation of github[.]com/BeichenDream/Chunk-Proxy/blob/main/proxy.aspx
    Table 2: MD5 File Hashes Associated with Ghost Ransomware Activity
    File name MD5 File Hash
    Cring.exe c5d712f82d5d37bb284acd4468ab3533
    Ghost.exe

    34b3009590ec2d361f07cac320671410

    d9c019182d88290e5489cdf3b607f982
    ElysiumO.exe

    29e44e8994197bdb0c2be6fc5dfc15c2

    c9e35b5c1dc8856da25965b385a26ec4

    d1c5e7b8e937625891707f8b4b594314
    Locker.exe ef6a213f59f3fbee2894bd6734bbaed2
    iex.txt, pro.txt (IOX) ac58a214ce7deb3a578c10b97f93d9c3
    x86.log (IOX)

    c3b8f6d102393b4542e9f951c9435255

    0a5c4ad3ec240fbfd00bdc1d36bd54eb
    sp.txt (IOX) ff52fdf84448277b1bc121f592f753c5
    main.txt (IOX) a2fd181f57548c215ac6891d000ec6b9
    isx.txt (IOX) 625bd7275e1892eac50a22f8b4a6355d
    sock.txt (IOX) db38ef2e3d4d8cb785df48f458b35090

    Ransom Email Addresses

    Table 3 is a subset of ransom email addresses that have been included in Ghost ransom notes.

    Table 3: Ransom Email Addresses
    Email Addresses
    asauribe@tutanota.com ghostbackup@skiff.com rainbowforever@tutanota.com
    cringghost@skiff.com ghosts1337@skiff.com retryit1998@mailfence.com
    crptbackup@skiff.com ghosts1337@tuta.io retryit1998@tutamail.com
    d3crypt@onionmail.org ghostsbackup@skiff.com rsacrpthelp@skiff.com
    d3svc@tuta.io hsharada@skiff.com rsahelp@protonmail.com
    eternalnightmare@tutanota.com just4money@tutanota.com sdghost@onionmail.org
    evilcorp@skiff.com kellyreiff@tutanota.com shadowghost@skiff.com
    fileunlock@onionmail.org kev1npt@tuta.io shadowghosts@tutanota.com
    fortihooks@protonmail.com lockhelp1998@skiff.com summerkiller@mailfence.com
    genesis1337@tutanota.com r.heisler@skiff.com summerkiller@tutanota.com
    ghost1998@tutamail.com rainbowforever@skiff.com webroothooks@tutanota.com

    Ransom Notes

    Starting approximately in August 2024, Ghost actors began using TOX IDs in ransom notes as an alternative method for communicating with victims. For example: EFE31926F41889DBF6588F27A2EC3A2D7DEF7D2E9E0A1DEFD39B976A49C11F0E19E03998DBDA and E83CD54EAAB0F31040D855E1ED993E2AC92652FF8E8742D3901580339D135C6EBCD71002885B.

    MITRE ATT&CK Tactics and Techniques

    See Table 4 to Table 13 for all referenced threat actor tactics and techniques in this advisory. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, version 16.1, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.

    Table 4: Initial Access
    Technique Title  ID Use
    Exploit Public-Facing Application T1190 Ghost actors exploit multiple vulnerabilities in public-facing systems to gain initial access to servers.
    Table 5: Execution
    Technique Title  ID Use
    Windows Management Instrumentation T1047 Ghost actors abuse WMI to run PowerShell scripts on other devices, resulting in their infection with Cobalt Strike Beacon malware.
    PowerShell T1059.001 Ghost actors use PowerShell for various functions including to deploy Cobalt Strike.
    Windows Command Shell T1059.003 Ghost actors use the Windows Command Shell to download malicious content on to victim servers.
    Table 6: Persistence
    Technique Title  ID Use
    Account Manipulation T1098 Ghost actors change passwords for already established accounts.
    Local Account T1136.001 Ghost actors create new accounts or makes modifications to local accounts.
    Domain Account T1136.002 Ghost actors create new accounts or makes modifications to domain accounts.
    Web Shell T1505.003 Ghost actors upload web shells to victim servers to gain access and for persistence.
    Table 7: Privilege Escalation
    Technique Title  ID Use
    Exploitation for Privilege Escalation T1068 Ghost actors use a suite of open source tools in an attempt to gain elevated privileges through exploitation of vulnerabilities.
    Token Impersonation/Theft T1134.001 Ghost actors use Cobalt Strike to steal process tokens of processes running at a higher privilege.
    Table 8: Defense Evasion
    Technique Title  ID Use
    Application Layer Protocol: Web Protocols T1071.001 Ghost actors use HTTP and HTTPS protocols while conducting C2 operations. 
    Impair Defenses: Disable or Modify Tools T1562.001 Ghost actors disable antivirus products.
    Hidden Window T1564.003 Ghost actors use PowerShell to conceal malicious content within legitimate appearing command windows.
    Table 9: Credential Access
    Technique Title  ID Use
    OS Credential Dumping T1003 Ghost actors use Mimikatz and the Cobalt Strike “hashdump” command to collect passwords and password hashes.
    Table 10: Discovery
    Technique Title  ID Use
    Remote System Discovery T1018 Ghost actors use tools like Ladon 911 and ShapNBTScan for remote systems discovery.
    Process Discovery T1057 Ghost actors run a ps command to list running processes on an infected device.
    Domain Account Discovery T1087.002 Ghost actors run commands such as net group “Domain Admins” /domain to discover a list of domain administrator accounts.
    Network Share Discovery T1135 Ghost actors use various tools for network share discovery for the purpose of host enumeration.
    Software Discovery T1518 Ghost actors use their access to determine which antivirus software is running.
    Security Software Discovery T1518.001 Ghost actors run Cobalt Strike to enumerate running antivirus software.
    Table 11: Exfiltration
    Technique Title  ID Use
    Exfiltration Over C2 Channel T1041 Ghost actors use both web shells and Cobalt Strike to exfiltrate limited data.
    Exfiltration to Cloud Storage T1567.002 Ghost actors sometimes use legitimate cloud storage providers such as Mega.nz for malicious exfiltration operations.
    Table 12: Command and Control
    Technique Title  ID Use
    Web Protocols T1071.001 Ghost actors use Cobalt Strike Beacon malware and Cobalt Strike Team Servers which communicate over HTTP and HTTPS.
    Ingress Tool Transfer T1105 Ghost actors use Cobalt Strike Beacon malware to deliver ransomware payloads to victim servers.
    Standard Encoding T1132.001 Ghost actors use PowerShell commands to encode network traffic which reduces their likelihood of being detected during lateral movement.
    Encrypted Channel T1573 Ghost actors use encrypted email platforms to facilitate communications. 
    Table 13: Impact
    Technique Title  ID Use
    Data Encrypted for Impact T1486 Ghost actors use ransomware variants Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe to encrypt victim files for ransom.
    Inhibit System Recovery T1490 Ghost actors delete volume shadow copies.

    Mitigations

    The FBI, CISA, and MS-ISAC recommend organizations reference their #StopRansomware Guide and implement the mitigations below to improve cybersecurity posture on the basis of the Ghost ransomware activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s CPGs webpage for more information on the CPGs, including additional recommended baseline protections.

    • Maintain regular system backups that are known-good and stored offline or are segmented from source systems [CPG 2.R]. Ghost ransomware victims whose backups were unaffected by the ransomware attack were often able to restore operations without needing to contact Ghost actors or pay a ransom.
    • Patch known vulnerabilities by applying timely security updates to operating systems, software, and firmware within a risk-informed timeframe [CPG 1.E].
    • Segment networks to restrict lateral movement from initial infected devices and other devices in the same organization [CPG 2.F].
    • Require Phishing-Resistant MFA for access to all privileged accounts and email services accounts.
    • Train users to recognize phishing attempts.
    • Monitor for unauthorized use of PowerShell. Ghost actors leverage PowerShell for malicious purposes, although it is often a helpful tool that is used by administrators and defenders to manage system resources. For more information, visit NSA and CISA’s joint guidance on PowerShell best practices.
      • Implement the principle of least privilege when granting permissions so that employees who require access to PowerShell are aligned with organizational business requirements.
    • Implement allowlisting for applications, scripts, and network traffic to prevent unauthorized execution and access [CPG 3.A].
    • Identify, alert on, and investigate abnormal network activity. Ransomware activity generates unusual network traffic across all phases of the attack chain. This includes running scans to discover other network connected devices, running commands to list, add, or alter administrator accounts, using PowerShell to download and execute remote programs, and running scripts not usually seen on a network. Organizations that can successfully identify and investigate this activity are better able to interrupt malicious activity before ransomware is executed [CPG 3.A].
      • Ghost actors run a significant number of commands, scripts, and programs that IT administrators would have no legitimate reason for running. Victims who have identified and responded to this unusual behavior have successfully prevented Ghost ransomware attacks.
    • Limit exposure of services by disabling unused ports such as, RDP 3398, FTP 21, and SMB 445, and restricting access to essential services through securely configured VPNs or firewalls.
    • Enhance email security by implementing advanced filtering, blocking malicious attachments, and enabling DMARC, DKIM, and SPF to prevent spoofing [CPG 2.M].

    Validate Security Controls

    In addition to applying mitigations, the FBI, CISA, and MS-ISAC recommend exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory.

    To get started:

    1. Select an ATT&CK technique described in this advisory (see Table 3 to Table 13).
    2. Align your security technologies against the technique.
    3. Test your technologies against the technique.
    4. Analyze your detection and prevention technologies’ performance.
    5. Repeat the process for all security technologies to obtain a set of comprehensive performance data.
    6. Tune your security program, including people, processes, and technologies, based on the data generated by this process.

    Reporting

    Your organization has no obligation to respond or provide information back to the FBI in response to this joint advisory. If, after reviewing the information provided, your organization decides to provide information to the FBI, reporting must be consistent with applicable state and federal laws.

    The FBI is interested in any information that can be shared, to include logs showing communication to and from foreign IP addresses, a sample ransom note, communications with threat actors, Bitcoin wallet information, and/or decryptor files.

    Additional details of interest include a targeted company point of contact, status and scope of infection, estimated loss, operational impact, date of infection, date detected, initial attack vector, and host and network-based indicators.

    The FBI, CISA, and MS-ISAC do not encourage paying ransom as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Regardless of whether you or your organization have decided to pay the ransom, the FBI and CISA urge you to promptly report ransomware incidents to FBI’s Internet Crime Complain Center (IC3), a local FBI Field Office, or CISA via the agency’s Incident Reporting System or its 24/7 Operations Center (report@cisa.gov) or by calling 1-844-Say-CISA (1-844-729-2472).

    Disclaimer

    The information in this report is being provided “as is” for informational purposes only. The FBI, CISA, and MS-ISAC do not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the FBI, CISA, and the MS-ISAC.

    Version History

    February 19, 2025: Initial version.

    MIL Security OSI

  • MIL-OSI Security: Anchorage Man Sentenced to Over 11 Years for Attempting to Coerce a Minor

    Source: Federal Bureau of Investigation (FBI) State Crime Alerts (b)

    ANCHORAGE, Alaska – An Anchorage man was sentenced today to over 11 years in prison and will serve the rest of his life on supervised release for attempting to coerce and entice a minor in 2023.

    According to court documents, in early July 2023, Benjamin Roundy, aka “Aleks” or “Alekzander Marko,” 43, responded to a public group chat post on an internet-based app by an individual who identified herself as a 13-year-old living in Anchorage. The group chat post was actually made by an undercover agent.

    Court documents explain that Roundy communicated with the undercover agent for nearly a month, first on the app and then via text message, and he initiated sexual conversations. Roundy discussed sexual acts he wanted to perform on the individual, who be believed to be a child, and made repeated requests for explicit photos of her.

    On Aug. 4, 2023, Roundy asked the undercover agent to meet in person at the parking lot of a grocery store in Anchorage. The undercover agent told Roundy she was going to walk home from a friend’s house, and Roundy asked what street the friend lived on. Shortly after learning the fictional address of the friend, the defendant left his home to meet the undercover agent, who he thought was a minor.

    Court documents further explain that Roundy texted the undercover agent instructions on where to meet him. When he received no response to his instructions, Roundy drove to a parking lot where he could see the street of the fictitious friend. Law enforcement arrested Roundy in the parking lot shortly thereafter and discovered a new bottle of personal lubricant and condoms in his vehicle.

    The investigation revealed thousands of images and videos depicting child sexual abuse on Roundy’s electronic devices and data detailing his online presence, which included searches for child sexual abuse materials (CSAM) and related terms.

    On April 25, 2024, Roundy pleaded guilty to one count of attempted coercion and enticement of a minor.

    “Mr. Roundy’s conduct was heinous, as he tried to meet with who he believed was an underage girl in Anchorage to engage in sex, sought explicit images of the child, and obtained graphic images and videos depicting the sexual abuse of other minors for years,” said First Assistant U.S Attorney Kathryn R. Vogel for the District of Alaska. “Our office’s commitment to safeguarding Alaska’s children from those who seek to exploit their innocence is unwavering. We will relentlessly pursue justice by working with law enforcement to identify, investigate and hold accountable anyone who targets children.”

    “The defendant posed a significant threat to children in Alaska and abroad, as demonstrated by his disturbing pattern of conduct involving child exploitation,” said Special Agent in Charge Rebecca Day of the FBI Anchorage Field Office. “Even in the darkest corners of the Internet, the FBI’s Child Exploitation and Human Trafficking Task Force will find a way to seek justice for our most vulnerable.”

    The FBI and Anchorage Police Department investigated this case as part of the FBI’s Child Exploitation and Human Trafficking Task Force.

    Assistant U.S. Attorney Adam Alexander of the District of Alaska and Trial Attorney Rachel L. Rothberg of the Criminal Division’s Child Exploitation and Obscenity Section (CEOS) prosecuted the case.

    This case was brought as part of Project Safe Childhood, a nationwide initiative to combat the growing epidemic of child sexual exploitation and abuse launched in May 2006 by the Department of Justice. Led by U.S. Attorneys’ Offices and CEOS, Project Safe Childhood marshals federal, state, and local resources to better locate, apprehend and prosecute individuals who exploit children via the Internet, as well as to identify and rescue victims. For more information about Project Safe Childhood, please visit https://www.justice.gov/psc.

    ###

    MIL Security OSI

  • MIL-OSI Security: St. John’s — RCMP NL thanks snow plow operators for successful rescue of stranded motorists on TCH during recent winter storm

    Source: Royal Canadian Mounted Police

    Snow plow operators went above and beyond to rescue two motorists who recently found themselves stuck on the Trans-Canada Highway in severe weather on February 17, 2025.

    On Monday morning, the Wreckhouse area, north of Port aux Basques, experienced extremely poor winter driving conditions with snow and high winds with gusts of up to 150 km/h. During this time, Channel-Port aux Basques RCMP received separate reports of two motorists who were stranded on the highway, due to these adverse weather conditions.

    After becoming stuck, one motorist opened the door of the vehicle which blew off with the wind. The vehicle, with three occupants inside, was at risk of blowing over an embankment. Another motorist founds themselves stuck partially off of the highway in white out conditions.

    With severely poor road conditions, police and other first responders were unable to travel on the TCH. Snow plow operators with the provincial department of Transportation and Infrastructure, based out of Doyles and Port aux Basques, located the stranded motorists and brought them to safety.

    RCMP NL thanks the involved snow plow operators for going above and beyond to potentially save the lives of those stranded.

    Those heading out on the highways at this time of year are encouraged to follow RCMP NL’s social media accounts, including Facebook and X, for updates on road closures or condition. Additionally, prior to travel, motorists are encouraged to familiarize themselves with alerts and forecasts issued by various meteorologists or agencies, including Environment Canada. Motorists who choose to drive during poor road conditions may find themselves stuck for a number of hours, as emergency personnel may be unable to respond.

    MIL Security OSI

  • MIL-OSI Security: Twenty Years Later, FBI Continues to Pursue Information on the Disappearance of Danielle Imbo and Richard Petrone, Jr.

    Source: Federal Bureau of Investigation FBI Crime News (b)

    The FBI continues to seek the public’s assistance as we investigate the disappearance of Danielle (Ottobre) Imbo and Richard Petrone, Jr., 20 years ago today.

    Imbo and Petrone were last seen in the late evening hours of Saturday, February 19, 2005, leaving a bar on Philadelphia’s South Street for Petrone’s black 2001 Dodge Dakota pickup truck with the license plate YFH 2319.

    An extensive investigation to date has generated some promising leads; however, neither they nor the vehicle have ever been located.

    Danielle was last seen wearing a dark colored jacket, cream colored sweater, and blue jeans and carrying a two-handle black purse at the time of her disappearance. She has worked as a loan mortgage processor.

    Richard was last seen wearing a gray Polo brand sweatshirt and blue jeans. He has a tattoo of the word “Angela” on his left arm and a tattoo of clowns on his right arm.

    “Today marks a somber 20 years since this tragic disappearance and their case exemplifies that the passage of time does not diminish our pursuit of justice,” said Wayne A. Jacobs, Special Agent in Charge of FBI Philadelphia. “Our office remains unwavering in seeking justice for Danielle and Richard, their loved ones, and our city.”

    The FBI is offering a reward of up to $15,000 for information leading to the arrest and conviction of anyone involved in the disappearance of Richard Petrone and Danielle Imbo.

    If you have any information concerning this person, please contact your local FBI office or the nearest American Embassy or Consulate.

    FBI Philadelphia can be reached at (215) 418-4000.

    MIL Security OSI

  • MIL-OSI Security: Defense News: Reserve Cyber Warfare Technicians and Maritime Cyber Warfare Officers Elevate Navy Cyber Operations

    Source: United States Navy

    Just as adversaries seek exploitable vulnerabilities in traditional warfare, they also leverage cyber-operations in an effort to gain operational advantage. Cyber capabilities function both as a non-kinetic offensive weapon and force multiplier supporting other domains—such as anti-missile defense at sea or the protection of space-based assets.

    Prior to the creation of the MCWO community, the Navy relied on Information Warfare (IW) officers, including Cryptologic Warfare (CW) and Information Professional (IP) specialists, to fill cyber-related billets within the cyber operations forces. With the establishment of the Reserve MCWO specialty, Reserve officers can build focused expertise, deepening the Navy’s bench of cyber talent.

    “Reserve Maritime Cyber Warfare Officers bolster U.S. Navy Reserve Information Warfare Community (IWC) cyber capabilities, ensuring the Navy maintains a decisive edge in modern warfare,” said Rear Adm. Gregory Emery, Commander, Naval Information Force Reserve. “Their specialized skill sets enable us to confront emerging threats and strengthen our strategic advantage.”

    To meet the growing complexity of the cyber domain, the Navy Reserve’s MCWO and CWT communities continue to refine their training pipelines and development programs. CWTs and MCWOs, working alongside other IW professionals, are advancing in proficiency and readiness. The Reserve component aligns closely with supported commands, predominantly contributing to cyberspace planning and defense activities—ensuring cyber warfare is a core element of warfare planning and execution.

    “The seamless integration of Reserve Sailors into active-duty missions is critical to our success,” said Capt. Daniel Krowe, Reserve Maritime Cyber Warfare Community Lead. “Readiness is essential to operationalizing our Reserve IW Sailors and amplifying their effectiveness.”

    Cyber operations play an indispensable role at the OLW. Sailors within the IWC must be both technically skilled and strategically minded, recognizing that cyberspace is a domain where state and non-state actors pose significant threats to U.S. interests. Effective cyber operations require both technical expertise and a comprehensive understanding of the operational environment and implications of each action.

    “Repeated and intentional application of OLW concepts during exercises and training will strengthen Reserve Component MCWO and CWT expertise,” Capt. Krowe continued. “This iterative approach ensures our Sailors maintain a decisive warfighting edge.”

    Training exercises, particularly those simulating realistic cyber threats, play a pivotal role in readying Sailors for complex, contested environments. Through events like the MAKO Exercise series—annual Reserve OLW Maritime Operation Center (MOC) exercises—CWT and MCWO personnel refine their skills on simulated watch floors. These scenarios mirror real-world challenges, enabling Reserve Sailors to improve coordination, decision-making, and the delivery of cyber capabilities alongside their active-duty counterparts.

    The Navy’s investment in cyber operations reflects a broader acknowledgment of cyberspace as a decisive warfare domain. By cultivating and deploying highly trained CWTs and MCWOs, the Navy ensures it can project influence, defend critical infrastructure, and maintain forward presence in both traditional and digital arenas.

    “As we focus on current and future security landscapes, our ability to operate effectively in cyberspace will be a decisive factor in future maritime operations and conflicts,” said Rear Adm. Emery. “Our commitment to mastering cyber operations at the OLW is both a tactical necessity and a strategic imperative.”

    In an era where digital networks underpin combat systems, communications, and logistics, the Navy’s integration of cyber capabilities into OLW activities is essential for mission success. Through the dedication and readiness of its Reserve cyber professionals, the Navy will sustain operational superiority in every domain.

    As global tensions escalate and adversaries sharpen their cyber tactics, the Navy’s emphasis on cultivating a robust cyber security Reserve Force underscores its resolve. By strengthening the training, expertise, and operational readiness of CWTs and MCWOs, the Navy Reserve is poised to maintain its formidable presence and protect U.S. interests across the physical and digital battlespaces.

    MIL Security OSI

  • MIL-OSI Security: Fifty-Two-Month Prison Sentence for a D.C. Convicted Felon Who Traveled to the Jersey Shore to Rob an Overnight Pharmacy

    Source: Federal Bureau of Investigation (FBI) State Crime News

               WASHINGTON – Ashawntea Henderson, 32, of Washington, D.C., was sentenced today in U.S. District Court in Washington D.C. to 52 months in federal prison for participating in an early morning robbery of a drug store at the Jersey Shore. During the May 2020 robbery, he and his co-conspirators jumped the counter, overpowered the night pharmacist, stole thousands of prescription narcotics, and then – as they attempted to flee to the District – crashed into a responding police cruiser.

               The sentencing was announced U.S. Attorney Edward R. Martin, FBI Special Agent in Charge Sean Ryan of the Washington Field Office Criminal and Cyber Division, and FBI Special Agent in Charge Terence Reilly of the Newark Field Office.

                Henderson pleaded guilty on October 30, 2024, to interference of commerce by robbery (Hobbs Act robbery). In addition to the 52-month prison sentence, Judge Amy Berman Jackson ordered Henderson to serve three years of supervised release.

    According to court documents, Henderson and his co-conspirators researched potential targets including Walgreens and CVS pharmacies which were open all night. On May 9, 2020, Henderson and others drove more than 200 miles from Washington, D.C. to a Walgreens Pharmacy on State Road 33, in Neptune, New Jersey.

    At 3:09 a.m., Henderson and two others dressed in masks and gloves entered the Walgreens. All three jumped over the pharmacy counter and demanded codeine, Adderall, and Percocet. One of the co-conspirators grabbed the night pharmacist, demanded that he open the locked cabinets containing additional pills, and forced the pharmacist to assist them. After grabbing thousands of prescription medicines – including Oxycodone, morphine, amphetamine, and Nucynta – Henderson and the two co-conspirators fled in a black Nissan Altima operated by a fourth co-conspirator. At one point, the Nissan collided with a responding police officer’s patrol car but continued at high speed back to Washington D.C.

    After returning to the District, as they celebrated at a hotel, one of the co-conspirators received a text from a known drug distributor asking the price for a drug of the same type stolen from Neptune, New Jersey. The co-conspirator and the drug distributor continued to exchange texts about the sale of drugs for the following weeks.

               Henderson is currently serving a five-year prison sentence in Maryland in connection with his 2022 possession of a firearm. 

               The case was investigated by the FBI Washington Field Office’s Violent Crimes Task Force and the Neptune Township Police Department. The matter is being prosecuted by AUSAs Justin Song, Sarah Martin and Cameron Tepfer.

    23cr190

    MIL Security OSI

  • MIL-OSI Security: UPDATE: Detectives name man killed in Hackney stabbing

    Source: United Kingdom London Metropolitan Police

    The victim of a fatal stabbing in Hackney has been named as 20-year-old Jason Junior Romeo.

    Police were called to reports of an altercation in Bodney Road, E5 at 17:59hrs on Tuesday, 18 February. Officers and the London Ambulance Service worked to treat Jason at the scene but he sadly died as a result of a stab wound.

    Two men in their 20s have been arrested and remain in police custody.

    Detective Superintendent Kelly Allen, leading the investigation in Hackney, said: “Jason had his whole life ahead of him but this senseless attack has taken that from both him and his loved ones. Our continued thoughts go out to his family, who are being supported by specialist officers.

    “If anyone saw this incident, or was nearby, please do share that information with officers. We are especially interested in any footage from the surrounding area.”

    The public can contact the police via 101 or contact Crimestoppers anonymously on 0800 555 111 with any information, reference CAD 5635/18Feb.

    A crime scene will remain in place until the forensic investigation has concluded.

    Detective Chief Superintendent James Conway, who leads policing in Hackney and Tower Hamlets, said: “It is absolutely devastating for Jason’s family and extremely distressing for our communities that another young life has been taken away as a consequence of knife crime. We continue to work closely with our local community partners and Hackney Council to tackle the causes and effects of knife crime.

    “I repeat an appeal I have sadly had to make too frequently. If any young person feels they need to carry a knife please speak to a parent, carer, teacher, youth leader or adult you trust and we can get you the support to step back from that decision safely.

    “I will have additional uniformed and plain clothed officers working in the area as a consequence of this tragic event. While the investigation continues to work to understand the motive for this attack, we will work tirelessly to reduce the risk of any further violence.”

    MIL Security OSI

  • MIL-OSI Security: Subsidiary of Chinese State-Owned Entity to Pay $14.2M to Resolve False Claims Act Allegations Relating to Paycheck Protection Program Loan

    Source: United States Attorneys General

    YAPP USA Automotive Systems Inc., a corporation with its principal place of business in Michigan, has agreed to pay $14,208,496 to resolve allegations that it violated the False Claims Act by submitting false claims to obtain a Paycheck Protection Program (PPP) loan for which it was not eligible.

    Congress created the PPP in March 2020 to provide emergency financial assistance to Americans suffering from the economic effects of the COVID-19 pandemic. Under the PPP, eligible businesses could receive forgivable loans guaranteed by the Small Business Administration (SBA). Regulations provide various eligibility requirements for the PPP, including limitations on the number of employees and exclusions for certain types of businesses, like those that are owned by government entities. In their loan applications, borrowers were required to certify that they were eligible for the PPP and that the information they provided was accurate.

    YAPP USA’s ultimate parent company is State Development and Investment Corp. Ltd, a company owned and controlled by the People’s Republic of China. Through common ownership and management, YAPP USA is affiliated with dozens of other companies worldwide. In applying for a first-draw PPP loan, YAPP USA represented that it was eligible for the PPP, and it received a first-draw PPP loan in the amount of $9,598,462, which the SBA later forgave. The United States alleged that YAPP USA was not eligible under the SBA rules for a PPP loan because YAPP USA, singly and together with its affiliates, employed more individuals than permitted by SBA’s size standard for its industry. The United States also contended that YAPP USA was not eligible because it is owned by a government entity. YAPP USA will pay $14,208,496 to the United States to resolve these allegations.

    YAPP USA cooperated with the United States’ investigation by identifying individuals involved in or responsible for the conduct and disclosing facts and documents gathered during YAPP USA’s own investigation. As a result, YAPP USA received credit under the department’s guidelines for taking disclosure, cooperation and remediation into account in False Claims Act cases.

    “PPP loans were intended to help small businesses in the United States,” said Deputy Assistant Attorney General Michael D. Granston of the Justice Department’s Civil Division. “The Department remains committed to pursuing those who violated the requirements of this taxpayer funded program.”

    “Congress and the SBA designed the PPP to help small businesses and their employees during the pandemic, not large companies owned by foreign governments,” said Acting U.S. Attorney Richard G. Frohling for the Eastern District of Wisconsin. “This settlement demonstrates that our office will continue to hold accountable those businesses and individuals who abused this vital program.”

    “The favorable settlement in this case is the product of enhanced efforts by federal agencies such as the SBA working with the Department of Justice, SBA’s Office of Inspector General, and other Federal law enforcement agencies, as well as private individuals who uncover fraudulent conduct to recover the product of this fraud as well as penalties,” said SBA General Counsel Wendell Davis.

    The civil settlement includes the resolution of claims brought under the qui tam or whistleblower provisions of the False Claims Act, which permit private parties to file an action on behalf of the United States and receive a portion of any recovery. The qui tam lawsuit was filed by GNGH2 Inc; GNGH2 Inc. will receive $1,420,849 in connection with this settlement.

    The resolution obtained in this matter was the result of a coordinated effort between the Justice Department’s Civil Division, Commercial Litigation Branch, Fraud Section, and the U.S. Attorney’s Office for the Eastern District of Wisconsin, with assistance from the SBA’s Office of General Counsel and Office of the Inspector General.

    Trial Attorney Lindsey Roberts of the Justice Department’s Civil Division and Assistant U.S. Attorney Michael Carter for the Eastern District of Wisconsin handled the matter, with assistance from Christopher J. McClintock of the SBA.

    The claims resolved by the settlement are allegations only. There has been no determination of liability.

    MIL Security OSI

  • MIL-OSI Security: Convicted Drug Trafficker Found Guilty Of Distributing Fentanyl That Resulted In The Deaths Of Two Hillsborough County Men

    Source: Office of United States Attorneys

    Tampa, Florida – Acting United States Attorney Sara C. Sweeney announces that a federal jury has found Marquis Lamar McCullough (39, Tampa) guilty of two counts of distribution of fentanyl and one count of possession with intent to distribute fentanyl. For both counts of distribution of fentanyl, the jury also found that the death of a person resulted from the use of the fentanyl that McCullough had distributed. McCullough, who was previously convicted of trafficking in cocaine, faces mandatory sentences of life imprisonment. 

    According to testimony and evidence presented at trial, on April 22, 2021, deputies from the Hillsborough County Sheriff’s Office (HCSO) responded to the residence of K.K. to conduct a wellness check. They found K.K. dead when they entered his apartment, standing with his feet on the floor and his head and torso on top of the bathroom counter. Deputies found two baggies with small quantities of a substance, suspected to be heroin or fentanyl, in K.K.’s residence. Detectives reviewed K.K.’s cellphone and found communications with a woman who appeared to help K.K. purchase fentanyl the previous evening. The woman—who was a heroin user and not a dealer—was arrested on an unrelated charge and interviewed by detectives. She told them that K.K. could not get heroin from his usual source, so he asked her to buy heroin for him from her source, and she agreed to do it if she got to keep a bag for herself. The woman arranged a meeting with her supplier, “Slim,” and K.K. took her to meet Slim. With money provided by K.K., the woman bought several bags from Slim, provided most of them to K.K., and kept a couple of bags for herself.

    On April 28, 2021, HCSO detectives conducted a controlled purchase during which detectives observed “Slim” deliver fentanyl and identified him as Marquis Lamar McCullough.

    On May 6, 2021, the son of N.M. found his father dead, lying in his bed, and called 911 to report the death. HCSO deputies and detectives responded to the residence, and inside N.M.’s wallet they found a baggie with a small amount of a substance suspected to be heroin or fentanyl. While reviewing calls and texts on N.M.’s phone, a detective who had participated in the surveillance operation eight days earlier recognized that the last three calls placed by N.M. were to McCullough’s phone number, and the call and text history indicated that McCullough was N.M.’s supplier. Later that day, HCSO detectives planned for another purchase of heroin or fentanyl from McCullough, using N.M.’s cellphone to set up the meeting. When McCullough arrived at the meeting location, he tried to call N.M., but when his calls went unanswered, McCullough fled the area. An arrest team pursued his vehicle and took McCullough into custody.

    The Drug Enforcement Administration laboratory determined that the substances found at the residences of K.K. and N.M., and the substances purchased from McCullough on April 28, 2021, all contained fentanyl. The Hillsborough County Medical Examiner’s Office investigated both deaths and determined that the use of fentanyl caused the deaths of K.K. and N.M. 

    This case was investigated by the Federal Bureau of Investigation, the Drug Enforcement Administration, the Hillsborough County Sheriff’s Office, and the Hillsborough County Medical Examiner’s Office. It is being prosecuted by Assistant United States Attorneys Michael Sinacore and Ross Roberts.

    This case was part of an Organized Crime Drug Enforcement Task Force (OCDETF) investigation. OCDETF identifies, disrupts, and dismantles the highest-level criminal organizations that threaten the United States using a prosecutor-led, intelligence-driven, multi-agency approach. Additional information about the OCDETF Program can be found at www.justice.gov/OCDETF.

    MIL Security OSI