NewzIntel.com

Category: Security Intelligence

  • MIL-OSI Security: Search for missing swimmer ends after response authorities recover his body off Flamenco Beach in Culebra, Puerto Rico

    Source: United States Coast Guard

     

    12/21/2024 12:27 AM EST

    Coast Guard and local emergency response authorities ended the search for a missing swimmer after local responders located and recovered his body off Flamenco Beach in Culebra, Puerto Rico, Friday. Recovered deceased is Brandon Smith, a U.S. citizen in his sixties, from Connecticut residing in Culebra, after local emergency responders using a drone located the swimmer’s body, approximately one nautical mile offshore from Flamenco Beach.

    For more breaking news follow us on Twitter and Facebook.

    MIL Security OSI

  • MIL-OSI Security: Man charged with murder in Carshalton

    Source: United Kingdom London Metropolitan Police

    A man has been charged with the murder of 42-year-old Gemma Devonish in Carshalton.

    The 38-year-old man, who was known to Gemma, was arrested in the early hours of Friday, 20 December. On Saturday, 21 December, he was charged with her murder.

    The man is James Madden, 38, (25/03/1986) of Railton Road, SE24. He will appear in custody at Croydon Magistrates’ Court on Monday, 23 December.

    Officers await the conclusion of a post-mortem examination.

    Detectives are not looking for anyone else in connection with the murder.

    MIL Security OSI

  • MIL-OSI Security: Dragon Hill Lodge Hosts Annual Holiday Tree Lighting Ceremony for Soldiers and Families

    Source: United States INDO PACIFIC COMMAND

    YONGSAN, South Korea  –  

    The holiday season came alive at the Dragon Hill Lodge on Yongsan Garrison, where the entire community gathered to celebrate with a tree lighting ceremony, Seoul, South Korea, Dec. 17. U.S. Army Col. Edward Cho, the U.S. Army Garrison Yongsan-Casey commander, welcomed military service members, families, and local residents in the area to a night of family-friendly fun, free food, caroling, an ugly sweater contest and pictures with Santa.

    “To our incredible Soldiers, their families, and our devoted Korean allies, I thank you for your continued commitment, resilience, and the sacrifices you make every day. Your dedication strengthens the bonds that we have between nations,” said Cho during his opening remarks. “It’s because of you that we can stand strong together, ready to face any challenge that comes our way. During this season of joy and reflection, I’m humbled to serve alongside such remarkable individuals.”

    The tree, standing tall, in front of the Dragon Hill Lodge was adorned with a multitude of sparkling lights and colorful ornaments, symbolizing the spirit of the holiday season. The lighting ceremony typically marks the beginning of a month-long series of holiday-themed events, accompanied by musical performances, gift-giving, and festive culinary delights.

    Santa Claus made a grand entrance on an installation fire truck, later taking pictures with several families and children just inside, in the Dragon Hill Lodge’s main lobby area. Local dignitaries and leaders from both U.S. and South Korean communities attended the event, reinforcing the strong ties between the two nations.

    The ceremony was a chance for service members and their families to take a break from their normal duties and enjoy the warmth of the holiday season together. For many, the annual celebration on Yongsan Garrison has become a beloved family tradition.

    The event serves as a welcome reminder of the importance of community during the holiday season, as well as a testament the enduring friendship between friends, allies, and colleagues who serve abroad together.

    MIL Security OSI

  • MIL-OSI Security: JASDF hosts annual mochi-pounding ceremony

    Source: United States INDO PACIFIC COMMAND

    YOKOTA AIR BASE, Japan,  –  

    The Japan Air Self-Defense Force’s Operation Support Wing hosted its annual mochi-pounding ceremony, bringing together U.S. and JASDF personnel to celebrate cultural exchange and teamwork at Yokota Air Base, Japan, Dec. 13.

    The centuries-old tradition involved steaming glutinous rice before rhythmically pounding it with large wooden mallets in a mortar to create a sticky dough. Symbolizing unity and prosperity, mochi-pounding marks the arrival of the New Year in Japan. Once prepared, the mochi was shaped into small round cakes and served as part of the traditional celebratory meal.

    The ceremony not only celebrates Japanese culture but also provides a unique opportunity for U.S. and JASDF personnel to collaborate and strengthen their bonds through shared customs. This year’s event saw both JASDF and U.S. military personnel working together to prepare the mochi, fostering teamwork and cultural understanding.

    “At Yokota, the mochi-pounding ceremonies are a bit unique,” said Keisuke Kitano, JASDF Operational Support Wing liaison. “This event allows us an opportunity to welcome U.S. members and share Japanese culture, promoting exchange and teamwork.”

    The annual mochi-pounding ceremony highlights the strength of the partnership between U.S. and Japanese forces. It not only fosters cultural understanding and mutual respect but also strengthens community bonds, offering both forces a unique opportunity to work together and build lasting friendships.

    MIL Security OSI

  • MIL-OSI Security: DeWitt Post Office Station Manager Indicted for Stealing Stamps

    Source: Office of United States Attorneys

    SYRACUSE, NEW YORK – Emilio Chirico, age 56, the Station Manager for the DeWitt, New York Post Office, has been charged by indictment with wire fraud, misappropriation of postal funds, and false entries and reports, announced United States Attorney Carla B. Freedman and Matthew Modafferi of the United States Postal Service, Office of Inspector General (USPS-OIG). 

    The indictment alleges that between January 2021 and March 2023, Chirico stole $81,553.94 in stamps from the DeWitt Post Office and falsified postal records to conceal the theft of the stamps.  Chirico has been the station manager at the DeWitt Post Office since March 2012.

    The charges filed against Chirico carry a maximum sentence of 30 years in federal prison, a fine of up to $1,000,000.00, and a term of supervised release of up to 5 years. A defendant’s sentence is imposed by a judge based on the statute the defendant is charged with violating, the U.S. Sentencing Guidelines, and other factors.

    The charges in the indictment are merely accusations. The defendant is presumed innocent unless and until proven guilty.

    The United States Postal Service, Office of Inspector General (USPS-OIG) is investigating the case, which is being prosecuted by Assistant U.S. Attorneys Tamara B. Thomson and Michael F. Perry.

    MIL Security OSI

  • MIL-OSI Security: CENTCOM Conducts Airstrikes Against Iran-Backed Houthi Missile Storage and Command/Control Facilities in Yemen

    Source: United States Central Command (CENTCOM)

    Dec. 21, 2024
    Release Number 20241221-01
    FOR IMMEDIATE RELEASE

    TAMPA, Fla. – U.S. Central Command (CENTCOM) forces conducted precision airstrikes against a missile storage facility and a command-and-control facility operated by Iran-backed Houthis within Houthi-controlled territory in Sana’a, Yemen, on Dec. 21 Yemen time.

    CENTCOM forces conducted the deliberate strikes to disrupt and degrade Houthi operations, such as attacks against U.S. Navy warships and merchant vessels in the Southern Red Sea, Bab al-Mandeb, and Gulf of Aden.

    During the operation, CENTCOM forces also shot down multiple Houthi one way attack uncrewed aerial vehicles (OWA UAV) and an anti-ship cruise missile (ASCM) over the Red Sea. 

    The operation involved U.S. Air Force and U.S. Navy assets, including F/A-18s.

    The strike reflects CENTCOM’s ongoing commitment to protect U.S. and coalition personnel, regional partners, and international shipping.

    MIL Security OSI

  • MIL-OSI Security: Dearborn, Michigan Man, Who Used Fake Refund Scheme to Defraud Retailers of More Than $4 Million, Sentenced to Three Years in Prison

    Source: Federal Bureau of Investigation (FBI) State Crime Alerts (c)

    Lead defendant obtained more than $1.7 million in fraud proceeds on goods he falsely claimed he returned or never received

    Seattle – A 27-year-old Dearborn, Michigan, man was sentenced today in U.S. District Court in Seattle to three years in prison and three years of supervised release for a fraud scheme damaging retailers across the country, announced First Assistant U.S. Attorney Teal L. Miller. Sajed Al-Maarej operated “Simple Refunds” through the messaging service Telegram, where coconspirators were encouraged to purchase items from retailers Al-Maarej claimed he could defraud. Al-Maarej and his staff of “professional refunders” impersonated the purchaser and lied to the retailer about the status of the item to secure a refund for the purchaser, while permitting the purchaser to keep the ordered item. The scheme caused more than $4 million in losses for retailers and induced young adults nationwide to join a criminal scheme. At sentencing U.S. District Judge Robert S. Lasnik noted that the fraud “was a difficult and expensive proposition” for the victim companies. “We need to send a message that this behavior is criminal,” Judge Lasnik said.

    “This defendant enticed many young and naïve online contacts to his illegal refunding scheme – some perhaps believed Al-Maarej’s spiel that this conduct was not illegal. They were badly misled,” said First Assistant U.S. Attorney Teal L. Miller. “This fraudulent refund scheme hurts retailers and ultimately raises prices for all of us. Al-Maarej got his expensive toys by convincing others to become complicit in his crimes.”

    According to records in the case, between September 2020 and December 2022, Al-Maarej represented to prospective purchasers that they could buy high value goods and keep them, while falsely claiming to the merchant company that a refund was due. Purchasers provided Al-Maarej information about their purchase (order number, name, address, value) and for a cut of the refund, Al-Maarej and his coconspirators would seek a refund by making false representations. For example, Simple Refunds would claim the item had not been delivered; was irretrievably damaged; or would have the purchaser mail a box of garbage or junk back to the company – once the package was scanned at the shipping point the refund was often issued before the box arrived back and the fraud was discovered. Al-Maarej recruited “insiders” at UPS and the US Postal Service who would input false scans into the order tracking history to make it appear items had been lost in shipping, stolen from the mail, or returned to the company.

    The end goal was for the purchaser to keep the product and get their money back. The purchaser then paid Al-Maarej 15-25% of the purchase price as his fee.

    Al-Maarej engaged in fraudulent refunding activity as well, on his own purchases. That conduct lasted until at least August 2023. In one instance, Al-Maarej obtained a refund for bulky tools, but he returned to the retailer an envelope filled with plastic toy frogs. One retailer identified more than $500,000 in items shipped to Al-Maarej’s home for which Al-Maarej obtained fraudulent refunds. In total, Al-Maarej made (and retailers lost) more than $1.4 million to his personal refunding activities. 

    The Simple Refunds channel on Telegram amassed a following of more than 1,000 subscribers. Al-Maarej used a second channel to post information on successful refunds. Al Maarej represented to some of those he recruited that the scheme was not illegal. He targeted young men in their teens and twenties and embroiled them in criminal conduct.

    The indictment details how two Snohomish County residents ordered thousands of dollars of merchandise and conspired with Al-Maarej to get the payments refunded. Al-Maarej or others at his direction, impersonated the buyers, claimed the items had been “delivered not received” and got the purchase price refunded. The customers kept the items.

    In May 2022, Al-Maarej deepened his fraud by offering a “mentorship” program where he would teach others to create their own refunding scams – he charged $6,000 for admission to the program. He boasted that students would “learn from the best in the game, from everything fraud related, to legit businesses and cleaning your money.”

    Last summer, Al-Maarej pleaded guilty to wire fraud and mail fraud. As part of his sentence Al-Maarej was ordered to pay $4,353,819.

    The case is being investigated by the FBI and the United States Postal Inspection Service (USPIS). Amazon, Costco, and Microsoft assisted in the investigation. The case is being prosecuted by Assistant United States Attorney Lauren Watts Staniar.

    MIL Security OSI

  • MIL-OSI Security: Whitehorse — Ongoing police incident occurring in the Porter Creek subdivision area

    Source: Royal Canadian Mounted Police

    Please be advised there is an ongoing incident occurring in the Porter Creek subdivision area. Police are asking that Tamarack Street residents to stay inside and shelter in place. Do not travel in the area of Hickory and Tamarack Streets. Updates will be provided as available.

    MIL Security OSI

  • MIL-OSI Security: Sharing Holiday Cheer: USAG Okinawa Connects with Local Community

    Source: United States INDO PACIFIC COMMAND

    OKINAWA, Japan  –  

    U.S. Army Garrison Okinawa volunteers brought the holiday spirit to Yomitan Village, Okinawa, Japan, on Dec. 19, 2024, with a special visit to a local daycare center.

    The day’s festivities began with Santa’s grand arrival in a fire truck, courtesy of USAG Okinawa’s Fire and Emergency Services. Children from the Takenoko and Pono-Pono daycare centers greeted Santa, posed for photos with him and the fire truck, and enjoyed sweet treats shared by his helpers.

    More than 100 children and teachers participated in the event, which was filled with laughter, questions for Santa, and plenty of holiday cheer.

    “In Japan, Christmas is seen as a joyful celebration and an opportunity to spend time with family and friends,” said Yumiko Uchima, USAG Okinawa Community Relations Specialist. “It’s heartwarming to see the children’s excitement and happiness during this special occasion.”

    The event underscored the value of community and shared traditions. It allowed the Army to share the spirit of Christmas while learning about how their host nation embraces the holiday season.

    “These events mean a lot because we get to share our traditions and learn about the local community’s celebrations,” said USAG Okinawa Command Sgt. Maj. TaJuana Nixon. “It’s about the joy of bringing our two communities together.”

    Through shared smiles, laughter, and the joy of giving, the day served as a reminder of the season’s true meaning: unity, joy, and community.

    MIL Security OSI

  • MIL-OSI Security: Lower Post, B.C. — Watson Lake RCMP and BC Coroners Service investigating a death

    Source: Royal Canadian Mounted Police

    The Watson Lake RCMP is investigating the death of a man in Lower Post, British Columbia.

    On October 28, 2024, at approximately 10:30 am Watson lake RCMP were notified that a body had been located on the bank of the Liard River in Lower Post. Initial investigation suggests the man may have been there for some time.

    RCMP are working with the BC Coroners Service to determine the identity of the deceased.

    Police ask that if anyone has information in the community, to please contact Watson Lake RCMP Detachment at 867-536-5555.

    Any media questions regarding the investigation can be directed to the BC Coroners Service.

    MIL Security OSI

  • MIL-OSI Security: USINDOPACOM Commander Travels to Republic of Korea, Attends USFK Change of Command

    Source: United States INDO PACIFIC COMMAND

    USAG HUMPHREYS, Republic of Korea  –   Adm. Samuel J. Paparo, commander of U.S. Indo-Pacific Command, travels to the Republic of Korea during a trip to the USINDOPACOM area of responsibility, Dec. 20.

    Paparo met with ROK Acting Minister of National Defense Kim, Seon ho to discuss commitments to peace and security on the Korean Peninsula and the ironclad U.S.-ROK Alliance. They ensured one another the U.S.-ROK combined defense posture remains strong and ready to respond to any external provocations or threats.

    During the visit, he also officiated the United States Forces Korea change of command ceremony, where Army Gen. Xavier T. Brunson relieved Army Gen. Paul LaCamera, who retired upon the completion of the ceremony with 40 years of honorable service to the United States.

    USINDOPACOM is committed to enhancing stability in the Indo-Pacific region by promoting security cooperation, encouraging peaceful development, responding to contingencies, deterring aggression and, when necessary, fighting to win.

    MIL Security OSI

  • MIL-OSI Security: Renewed appeal in connection with murder of Fiona Holm

    Source: United Kingdom London Metropolitan Police

    The Met is renewing its reward of up to £20,000 for help finding the remains of a murdered woman, as her family face their second Christmas without her.

    The reward is on offer for information leading to the recovery of the remains of 48-year-old Fiona Holm.

    Fiona was last seen alive leaving a residential address in Verdant Lane, Catford, on 20 June, 2023. She was reported missing nine days later.

    Her partner, Carl Cooper, was jailed for life in July for her murder which took place in the living room of his flat in Broadfield Road, Catford. Cooper lied to Fiona’s family and police, and took extensive steps to cover up the killing. Fiona’s body has never been recovered.

    Cooper was also convicted of murdering another girlfriend, 41-year-old Naomi Hunte, who was found dead at her home in Woolwich in 2022.

    Detective Chief Inspector Kate Blackburn, who leads the investigation, said: “My team has carried out a huge amount of work to try to find Fiona, using specialist teams to search areas she was known to frequent, open spaces, bodies of water, houses, cars and lockups. Thousands of hours of CCTV has been seized and viewed, substantial mobile phone enquiries have been reviewed and hundreds of witness statements have been taken, including interviews with Fiona’s family and friends. Those efforts have continued since Cooper’s conviction.

    “This Christmas, our thoughts are with Fiona’s family, who are still waiting for answers almost two years after her tragic murder. Our thoughts are also with Naomi’s family at this difficult time.

    “I am appealing to anybody who may be able to assist the ongoing search for Fiona’s remains to come forward, no matter how insignificant you think your information could be. Perhaps now Cooper has been convicted, you feel able to come forward and tell us what you know or have heard.”

    Fiona’s family have described her as a kind and loving person, and say they are tormented by the lack of closure.

    Fiona’s daughter Savannah said: “This year is the second Christmas without my beloved mother. As the heartache still continues, the restless nights go on knowing that she has been out there this long, and no-one has come forward with any information, which I find disturbing.

    “The thought of us finding her remains is sickening to think about, but this would also bring my whole family peace.

    “My Nan has not been the same since. The only thing she worries about is where her daughter is, as she wants her to be found. Nan misses her daughter’s big heart and kind ways the most.”

    If you have any information, please contact the incident room on 020 8721 4005, or 999 if you need urgent police attendance. If you want to give your information anonymously, you can contact Crimestoppers on 0800 555 111.

    MIL Security OSI

  • MIL-OSI Security: Met release photo after serious assault near Covent Garden

    Source: United Kingdom London Metropolitan Police

    Officers investigating the assault of two men in Westminster – leaving one with life-changing injuries – have issued an image of a suspect they are keen to trace.

    Police were called at 22.33hrs on Saturday, 12 October, by an off-duty officer, who reported being punched in the back of the head in Covent Garden, close to the Royal Opera House.

    The suspect then approached another man in nearby King Street and asked him for directions, before assaulting him. This man – aged in his 70s – was pushed to the ground, and suffered a bleed on his brain. He temporarily lost consciousness, and required 15 stitches to the back of the head.

    The officer, attached to the Central East Command Unit, was not injured.

    The suspect is described as white, around 5ft 9in tall, of medium build, and wearing a black jacket. He was last seen fleeing towards Bedford Street.

    The two victims are not known to each other, and, at this stage, there is no clear motive.

    Detective Sergeant Glenn Smith – attached to the Central West Command Unit – said: “This was a serious incident which left a man in his 70s with life-altering injuries.

    “The attacks were apparently random. We are appealing for witness accounts, or for any information that may assist the investigation.

    “In addition, we are releasing a CCTV image of a man police wish to speak to in light of the incident. Do you recognise him?”

    Anyone with information about either of the assaults should call 101, quoting CAD reference 7846/12OCT.

    To make an anonymous report, contact the independent charity Crimestoppers on 0800 555 111.

    MIL Security OSI

  • MIL-OSI Security: Elmsdale — Crash leads to arrest in connection to stolen vehicle

    Source: Royal Canadian Mounted Police

    December 20, 2024, Elmsdale PEI – A single-vehicle crash in Elmsdale yesterday afternoon led to the arrest of a 22-year-old man in connection to a stolen vehicle.

    Yesterday at 1:00 p.m., West Prince RCMP responded to a report of a single-vehicle crash involving a car and a telephone pole in Elmsdale. Police learned that the vehicle had been stolen, and the lone occupant fled on foot. Police located him a short distance away. He was treated for minor injuries and arrested. He was released on conditions and will appear in Summerside Provincial Court on February 5th at 9:30 to answer to charges in connection to this incident.

    MIL Security OSI

  • MIL-OSI Security: United States Charges Dual Russian and Israeli National as Developer of LockBit Ransomware Group

    Source: United States Attorneys General

    Defendant Rostislav Panev in Custody Pending Extradition from Israel to the United States

    Note: A copy of the superseding criminal complaint can be found here.

    A superseding criminal complaint filed in the District of New Jersey was unsealed today charging a dual Russian and Israeli national for being a developer of the LockBit ransomware group.

    In August, Rostislav Panev, 51, a dual Russian and Israeli national, was arrested in Israel pursuant to a U.S. provisional arrest request with a view towards extradition to the United States. Panev is currently in custody in Israel pending extradition on the charges in the superseding complaint.

    “The Justice Department’s work going after the world’s most dangerous ransomware schemes includes not only dismantling networks, but also finding and bringing to justice the individuals responsible for building and running them,” said Attorney General Merrick B. Garland. “Three of the individuals who we allege are responsible for LockBit’s cyberattacks against thousands of victims are now in custody, and we will continue to work alongside our partners to hold accountable all those who lead and enable ransomware attacks.”

    “The arrest of Mr. Panev reflects the Department’s commitment to using all its tools to combat the ransomware threat,” said Deputy Attorney General Lisa Monaco. “We started this year with a coordinated international disruption of LockBit — the most damaging ransomware group in the world. Fast forward to today and three LockBit actors are in custody thanks to the diligence of our investigators and our strong partnerships around the world. This case is a model for ransomware investigations in the years to come.”

    “The arrest of alleged developer Ratislav Panev is part of the FBI’s ongoing efforts to disrupt and dismantle the LockBit ransomware group, one of the most prolific ransomware variants across the globe,” said FBI Director Christopher Wray. “The LockBit group has targeted both public and private sector victims around the world, including schools, hospitals, and critical infrastructure, as well as small businesses and multi-national corporations.  No matter how hidden or advanced the threat, the FBI remains committed to working with our interagency partners to safeguard the cyber ecosystem and hold accountable those who are responsible for these criminal activities.” 

    “The criminal complaint alleges that Rotislav Panev developed malware and maintained the infrastructure for LockBit, which was once the world’s most destructive ransomware group and attacked thousands of victims, causing billions of dollars in damage,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “Along with our domestic and international law enforcement partner actions to dismantle LockBit’s infrastructure, the Criminal Division has disrupted LockBit’s operations by charging seven of its key members (including affiliates, developers, and its administrator) and arresting three of these defendants — including Panev. We are especially grateful for our partnerships with authorities in Europol, the United Kingdom, France, and Israel, which show that, when likeminded countries work together, cybercriminals will find it harder to escape justice.”

    “As alleged by the complaint, Rostislav Panev for years built and maintained the digital weapons that enabled his LockBit coconspirators to wreak havoc and cause billions of dollars in damage around the world,” said U.S. Attorney Philip R. Sellinger for the District of New Jersey. “But just like the six other LockBit members previously identified and charged by this office and our FBI and Criminal Division partners, Panev could not remain anonymous and avoid justice indefinitely. He must now answer for his crimes. Today’s announcement represents another blow struck by the United States and our international partners against the LockBit organization, and our efforts will continue relentlessly until the group is fully dismantled and its members brought to justice.”

    According to the superseding complaint, documents filed in this and related cases, and statements made in court, Panev acted as a developer of the LockBit ransomware group from its inception in or around 2019 through at least February 2024. During that time, Panev and his LockBit coconspirators grew LockBit into what was, at times, the most active and destructive ransomware group in the world. The LockBit group attacked more than 2,500 victims in at least 120 countries around the world, including 1,800 in the United States. Their victims ranged from individuals and small businesses to multinational corporations, including hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies. LockBit’s members extracted at least $500 million in ransom payments from their victims and caused billions of dollars in other losses, including lost revenue and costs from incident response and recovery.

    LockBit’s members comprised “developers,” like Panev, who designed the LockBit malware code and maintained the infrastructure on which LockBit operated. LockBit’s other members, called “affiliates,” carried out LockBit attacks and extorted ransom payments from LockBit victims. LockBit’s developers and affiliates would then split ransom payments extorted from victims.

    As alleged in the superseding complaint, at the time of Panev’s arrest in Israel in August, law enforcement discovered on Panev’s computer administrator credentials for an online repository that was hosted on the dark web and stored source code for multiple versions of the LockBit builder, which allowed LockBit’s affiliates to generate custom builds of the LockBit ransomware malware for particular victims. On that repository, law enforcement also discovered source code for LockBit’s StealBit tool, which helped LockBit affiliates exfiltrate data stolen through LockBit attacks. Law enforcement also discovered access credentials for the LockBit control panel, an online dashboard maintained by LockBit developers for LockBit’s affiliates and hosted by those developers on the dark web.

    The superseding complaint also alleges that Panev exchanged direct messages through a cybercriminal forum with LockBit’s primary administrator, who, in an indictment unsealed in the District of New Jersey in May, the United States alleged to be Dimitry Yuryevich Khoroshev (Дмитрий Юрьевич Хорошев), also known as LockBitSupp, LockBit, and putinkrab. In those messages, Panev and the LockBit primary administrator discussed work that needed to be done on the LockBit builder and control panel.

    Court documents further indicate that, between June 2022 and February 2024, the primary LockBit administrator made a series of transfers of cryptocurrency, laundered through one or more illicit cryptocurrency mixing services, of approximately $10,000 per month to a cryptocurrency wallet owned by Panev. Those transfers amounted to over $230,000 during that period.

    In interviews with Israeli authorities following his arrest in August, Panev admitted to having performed coding, development, and consulting work for the LockBit group and to having received regular payments in cryptocurrency for that work, consistent with the transfers identified by U.S. authorities. Among the work that Panev admitted to having completed for the LockBit group was the development of code to disable antivirus software; to deploy malware to multiple computers connected to a victim network; and to print the LockBit ransom note to all printers connected to a victim network. Panev also admitted to having written and maintained LockBit malware code and to having provided technical guidance to the LockBit group.

    The LockBit Investigation

    The superseding complaint against, and apprehension of, Panev follows a disruption of LockBit ransomware in February by the United Kingdom (U.K.)’s National Crime Agency (NCA)’s Cyber Division, which worked in cooperation with the Justice Department, FBI, and other international law enforcement partners. As previously announced by the Department, authorities disrupted LockBit by seizing numerous public-facing websites used by LockBit to connect to the organization’s infrastructure and by seizing control of servers used by LockBit administrators, thereby disrupting the ability of LockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data. That disruption succeeded in greatly diminishing LockBit’s reputation and its ability to attack further victims, as alleged by documents filed in this case.

    The superseding complaint against Panev also follows charges brought in the District of New Jersey against other LockBit members, including its alleged primary creator, developer, and administrator, Dmitry Yuryevich Khoroshev. An indictment against Khoroshev unsealed in May alleges that Khoroshev began developing LockBit as early as September 2019, continued acting as the group’s administrator through 2024, a role in which Khoroshev recruited new affiliate members, spoke for the group publicly under the alias “LockBitSupp,” and developed and maintained the infrastructure used by affiliates to deploy LockBit attacks. Khoroshev is currently the subject of a reward of up to $10 million through the U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program, with information accepted through the FBI tip website at www.tips.fbi.gov/.

    A total of seven LockBit members have now been charged in the District of New Jersey. Beyond Panev and Khoroshev, other previously charged LockBit defendants include:

    • In July, two LockBit affiliate members, Mikhail Vasiliev, also known as Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99, and Newwave110, and Ruslan Astamirov, also known as BETTERPAY, offtitan, and Eastfarmer, pleaded guilty in the District of New Jersey for their participation in the LockBit ransomware group and admitted deploying multiple LockBit attacks against U.S. and foreign victims. Vasiliev and Astamirov are presently in custody awaiting sentencing.
    • In February, in parallel with the disruption operation described above, an indictment was unsealed in the District of New Jersey charging Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against numerous victims throughout the United States, including businesses nationwide in the manufacturing and other industries, as well as victims around the world in the semiconductor and other industries. Sungatov and Kondratyev remain at large.
    • In May 2023, two indictments were unsealed in Washington, D.C., and the District of New Jersey charging Mikhail Matveev, also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, with using different ransomware variants, including LockBit, to attack numerous victims throughout the United States, including the Washington, D.C., Metropolitan Police Department. Matveev remains at large and is currently the subject of a reward of up to $10 million through the U.S. Department of State’s TOC Rewards Program, with information accepted through the FBI tip website at www.tips.fbi.gov/.

    The U.S. Department of State’s TOC Rewards Program is offering rewards of:

    Information is accepted through the FBI tip website at tips.fbi.gov.

    Khoroshev, Matveev, Sungatov, and Kondratyev have also been designated for sanctions by the Department of the Treasury’s Office of Foreign Assets Control for their roles in launching cyberattacks.

    Victim Assistance

    LockBit victims are encouraged to contact the FBI and submit information at www.ic3.gov/. As announced by the Department in February, law enforcement, through its disruption efforts, has developed decryption capabilities that may enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant. Submitting information at the IC3 site will enable law enforcement to determine whether affected systems can be successfully decrypted.

    LockBit victims are also encouraged to visit www.justice.gov/usao-nj/lockbit for case updates and information regarding their rights under U.S. law, including the right to submit victim impact statements and request restitution, in the criminal litigation against Panev, Astamirov, and Vasiliev.

    The FBI Newark Field Office, under the supervision of Acting Special Agent in Charge Nelson I. Delgado, is investigating the LockBit ransomware variant. Israel’s Office of the State Attorney, Department of International Affairs, and Israel National Police; France’s Gendarmerie Nationale Cyberspace Command, Paris Prosecution Office — Cyber Division, and judicial authorities at the Tribunal Judiciare of Paris; Europol; Eurojust; the U.K.’s NCA; Germany’s Landeskriminalamt Schleswig-Holstein, Bundeskriminalamt, and the Central Cybercrime Department North Rhine-Westphalia; Switzerland’s Federal Office of Justice, Public Prosecutor’s Office of the Canton of Zurich, and Zurich Cantonal Police; Spain’s Policia Nacional and Guardia Civil; Japan’s National Police Agency; Australian Federal Police; Sweden’s Polismyndighetens; Canada’s Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant of the Netherlands; and Finland’s National Bureau of Investigation have provided significant assistance and coordination in these matters and in the LockBit investigation generally.

    Trial Attorneys Debra Ireland and Jorge Gonzalez of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorneys Andrew M. Trombly, David E. Malagold, and Vinay Limbachia for the District of New Jersey are prosecuting the charges against Panev and the other previously charged LockBit defendants in the District of New Jersey.

    The Justice Department’s Cybercrime Liaison Prosecutor to Eurojust, Office of International Affairs, and National Security Division also provided significant assistance.

    Additional details on protecting networks against LockBit ransomware are available at StopRansomware.gov. These include Cybersecurity and Infrastructure Security Agency Advisories AA23-325A, AA23-165A, and AA23-075A. 

    A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

    MIL Security OSI

  • MIL-OSI Security: Defense News: USS Spruance returns home after five-month deployment to 5th and 7th Fleet

    Source: United States Navy

    Spruance departed San Diego with the ABECSG and deployed to the 7th and 5th fleet area of operations, July 17, 2024.

    “The Spruance crew continues to impress – there is no other team that I would rather be a part of. I am immensely proud of all that the team has accomplished and will continue to accomplish. This deployment was a test of our readiness, and our Sailors exceeded every expectation,” said Cmdr. Thomas “Matt” Adams, commanding officer, Spruance. “Facing advanced missile threats and attack drones in a high-stakes environment, they demonstrated exceptional tactical precision and a war fighter mindset. From identifying incoming threats to controlling aircraft to executing flawless missile engagements, our crew neutralized every danger with unwavering focus and discipline.”

    ABECSG initially deployed to the Indo-Pacific region to support regional security and stability, and to reassure our allies and partners of the U.S. Navy’s unwavering commitment, highlighted by the first-ever U.S.-Italy multi-large deck event (MLDE) with the Italian Navy’s ITS Cavour Carrier Strike Group held in the Indo-Pacific on Aug. 9, 2024.

    The strike group was ordered to the U.S. Central Command area of responsibility to bolster U.S. military force posture in the Middle East, deter regional escalation, degrade Houthi capabilities, defend U.S. forces, and again sailed alongside our Italian allies and other partners to promote security, stability and prosperity. Assigned destroyers of the ABECSG, to include Spruance, were essential to providing a layer of defense to U.S. forces and ensuring the safe passage of commercial vessels and partner nations transiting in international waterways like the Red Sea, Bab el-Mandeb Strait and the Gulf of Aden.

    The destroyers worked alongside U.S. Central Command forces in successfully repelling multiple Iranian-backed Houthi attacks during transits of the Bab el-Mandeb strait. During the transits, the destroyers were attacked by one-way attack uncrewed Aerial systems, anti-ship ballistic missiles and anti-ship cruise missiles which were successfully engaged and defeated. The vessels were not damaged and no personnel were hurt. The ships were well prepared, supported, and the well-trained Sailors successfully defended the ship.

    “I am so proud of our team. Our Sailors met every challenge on this deployment with professional excellence. Sailors displayed the highest levels of teamwork, adaptability, and courage—qualities that make our Navy the finest in the world,” said Cmdr. Leigh R. Tate, executive officer, Spruance. “There is no other group of Sailors who have more grit and tenacity for mission success, and they proved it.”

    Throughout deployment, Spruance traveled 37,200 nautical miles, conducted 12 replenishments-at-sea, 28 sea and anchor details, Anti-Submarine Tactical Air Controller (ASTAC) controlled over 800 hours of rotary air wing control and the Air Intercept Controllers (AIC) controlled 50 live runs with Carrier Air Wing (CVW) 9 and U.S. Air Force assets. Spruance also achieved 36 re-enlistments, 37 advancements and seven officer promotions. Spruance Sailors were awarded the Global War on Terrorism (GWOT) Expeditionary Medal and Combat Action Ribbon (CAR) for their actions in the Bab el-Mandeb.

    Spruance was led by their commanding officer, Cmdr. Thomas “Matt” Adams, executive officer, Cmdr. Leigh R. Tate, and Command Master Chief Kurtiss Vervynckt.

    The ABECSG is the most capable CSG comprised of the air wing of the future, the most advance Arleigh Burke-class guided-missile destroyer USS Frank E. Peterson Jr. (DDG 121) as Integrated Air and Missile Defense Commander, and the Arleigh Burke destroyers assigned to Destroyer Squadron (DESRON) 21, representing more than 6,000 Sailors, deployed from their homeports of San Diego and Pearl Harbor since July 2024.

    Deploying units of the strike group include the flagship USS Abraham Lincoln (CVN 72), DESRON 21, Carrier Air Wing (CVW) 9, and Frank E. Petersen Jr. While the Arleigh Burke-class guided-missile destroyer, assigned to DESRON 21, USS Michael Murphy (DDG 112) returned to its homeport, Arleigh Burke-class guided-missile destroyers USS O’Kane (DDG 77) and USS Stockdale (DDG 106) remain deployed in the 5th Fleet area of operations supporting global maritime security operations.

    As an integral part of U.S. Pacific Fleet, Commander, U.S. 3rd Fleet operates naval forces in the Indo-Pacific and provides the realistic and relevant training necessary to execute the U.S. Navy’s timeless role across the full spectrum of military operations—from combat missions to humanitarian assistance and disaster relief. U.S. 3rd Fleet works together with our allies and partners to advance freedom of navigation, the rule of law, and other principles that underpin security for the Indo-Pacific region.

    MIL Security OSI

  • MIL-OSI Security: Defense News: NAVAIR issues V-22 bulletin and interim flight clearance

    Source: United States Navy

    Aircraft with PRGBs that currently meets or exceeds a predetermined flight-hour threshold will resume flights in accordance with controls instituted in the March 2024 interim flight clearance (IFC).

    A new IFC, containing additional risk mitigation controls, has been issued to address aircraft with PRGBs below the flight-hour threshold. These controls will remain in place until the aircraft’s PRGBs are upgraded, or the predetermined threshold is exceeded.

    NAVAIR collaborated with the Navy, Air Force Special Operations Command and the Marine Corps to implement the bulletin and IFC.

    Due to operational security concerns, the specifics of the V-22 flight-hour threshold, number of aircraft affected and additional flight controls will not be released.

    NAVAIR remains committed to transparency and safety regarding all V-22 operations. The V-22 plays an integral role in supporting our nation’s defense. Returning these vital assets to flight is critical to supporting our nation’s interests.

    NAVAIR continuously monitors data and trends from all aircraft platforms to provide service members the safest, most reliable aircraft possible.

    MIL Security OSI

  • MIL-OSI Security: Defense News: USS Beloit (LCS 29) makes it home to Mayport

    Source: United States Navy

    After 15 locks, four Great Lakes, three port visits, and over 2,500 nautical miles traveled, USS Beloit (LCS 29) and her mighty crew at last arrived in the Atlantic Ocean, continuing her transit to its future homeport, Naval Station Mayport, Florida. 

    The road to make it to the Atlantic Ocean included months of preparation from the crew. In less than two months after moving onboard in August, the crew certified in several mission areas required to safely operate and get underway including: Search and Rescue, Navigation, Damage Control, Communications and Engineering.

    “The Beloit Badger crew are some of the best Sailors I have served with. They are resilient, strong, flexible and dedicated, and I am blessed to be their Commanding Officer. Almost everything we have done in the past five months has been ‘high risk’ and ‘first time’, but that’s what makes us so unique,” said Cmdr. LeAndra Kissinger, Beloit’s commanding officer. We work hard, pray hard, and lean on each other as a team. We truly are a family, and when a family wants to accomplish a mission, it’s hard to stop them.”

    Each evolution, although involving different departments on the ship, required careful coordination and support from each division and Sailor onboard and was necessary for the crew to be able to set sail from Marinette, Wisconsin, towards the site of its commissioning ceremony in Milwaukee, Wisconsin. 

    On November 23, the crew took the order to “man the ship and bring her to life.” Amongst thousands of onlookers, the ship made its much anticipated transition from pre-commissioned unit to United States Ship and began her sail around home. 

    Her commissioning festivities included a crew visit to their namesake town of Beloit, a Chairman’s dinner hosted by the Commandant, and a commissioning ceremony who’s audience was filled with veterans from many significant battles. Along the way, she stopped in Cleveland, Ohio, Quebec City, Quebec and Halifax, Nova Scotia, and Norfolk for refueling, stores replenishment and liberty for the crew.  

    “This crew has shown tremendous resilience in overcoming the last 4 months. Completing difficult consecutive certifications while learning a new ship and being away from family. This team made it look easy and brought a whole new meaning to the term “Beloit Proud,” said Senior Chief David Chisholm, Beloit’s Senior Enlisted Leader. “Watching them perform under pressure and overcoming every obstacle with grace shows just how awesome our team is and their readiness to face the challenges ahead after some much needed and well-deserved family time. It is an honor to be sailing with them and representing the city of Beloit.”

    Capt. James Lawrence said it best, “Don’t give up the ship.” And that’s exactly what this crew did to get us home on time!” said Operation Specialist first class petty officer Ernesto Sanchez, USS Beloit’s Sailor of the Year!

    With the last port fading in the rear only a few hundred nautical miles remain before Jacksonville is within view, the crew is eagerly awaiting returning to their families and friends, and ready to take on the next mission that will come their way as the Navy’s newest warship join the fleet!  

    LCS is a fast, agile, mission-focused platform designed for operation in near-shore environments yet capable of open-ocean operation. It is designed to defeat asymmetric “anti-access” threats and is capable of supporting forward presence, maritime security, sea control, and deterrence. 

    For more news from Commander, Littoral Combat Ship Squadron Two, visit https://www.surflant.usff.navy.mil/lcsron2/ or follow on Facebook at https://www.facebook.com/comlcsron2/

    MIL Security OSI

  • MIL-OSI Security: Berwick — Valley Integrated Street Crime Enforcement Unit charges four people with firearm and drug offences

    Source: Royal Canadian Mounted Police

    The Valley Integrated Street Crime Enforcement Unit (VISCEU) has charged four people with drug offences after a search warrant was executed at a home in South Berwick.

    On December 6, VISCEU with the assistance of Kings District RCMP, Kentville Police and the Criminal Intelligence Service Nova Scotia (CISNS) executed a search warrant at a home on Buchanan Rd., as part of an ongoing drug trafficking investigation.

    At the home, police safely arrested four people then located and seized a quantity of cocaine, methamphetamine, scales, cellphones, firearms, cash and stolen property.

    Scott Graham, 51, of Berwick; Jessie Jones, 35, of Waterville; and Theresa Atwell, 59, and Josh Jackson, 33, both from Cambridge, have been charged with:

    • Unauthorized Possession of Firearm (2 counts)
    • Possession of Firearm Knowing its Possession is Unauthorized (2 counts)
    • Careless Use of Firearm (2 counts)
    • Possession of Property Obtained by Crime (over $5,000)
    • Possession for Purpose of Trafficking (3 counts)

    Atwell was also charged with Possession Contrary to Order, and Jackson was also charged with Failure to Comply with Probation Order.

    All four were released by the Court on conditions and are scheduled to appear in Kentville Provincial Court on February 11 at 9:30 a.m.

    Nova Scotians are encouraged to contact their nearest RCMP detachment or local police to report crime, including the illegal sale of drugs, in their communities. Anonymous tips can be made by calling Nova Scotia Crime Stoppers, toll-free, at 1-800-222-TIPS (8477), submitting a secure web tip at www.crimestoppers.ns.ca, or using the P3 Tips app.

    Note: The Valley Integrated Street Crime Enforcement Unit is comprised of members of the Kings District RCMP and the Kentville Police Service.

    File # 2024-1779565

    MIL Security OSI

  • MIL-OSI Security: Wake County Man Responsible for Trafficking Methamphetamine Sentenced to 10 Years

    Source: Office of United States Attorneys

    RALEIGH, N.C. – Michael Lynn Russell, a 62-year-old resident of Fuquay-Varina, has been sentenced to 120 months in prison after being arrested twice for trafficking methamphetamine.  Russell pled guilty on October 8, 2024.

    “This sentencing reflects the commitment of the Fuquay-Varina Police Department to protecting our community from the devastating impact of methamphetamine trafficking. We are grateful for the collaboration with the United States Attorney’s Office, the DEA, the North Carolina State Highway Patrol, and our dedicated officers who worked tirelessly to bring this case to justice. Let this serve as a clear message: we will not tolerate illegal drug activity in Fuquay-Varina,” said Fuquay-Varina Police Chief Tim Smith.

    According to the court documents and other information review by the court, in August and September 2022, officers with the Fuquay-Varina Police Department (FVPD) received information from a confidential source (CS1) that Russell was sourcing drug sales occurring at the Marquee Station Apartments in Fuquay-Varina.  Law enforcement conducted surveillance on Russell between September 2022 and December 2022.  On December 2, 2022, officers with the North Carolina State Highway Patrol (NCSHP), the FVPD, and the Drug Enforcement Administration (DEA) conducted a traffic stop on Russell’s vehicle after he left a hotel. A K-9 officer then conducted an open-air sniff search of the car, which resulted in a positive alert for controlled substances.  

    A search of Russell resulted in the seizure of two large bundles of cash folded in half and rubber banded. A search of the vehicle revealed two scales, a meth pipe, torches, baggies, methamphetamine, Suboxone, hydrocodone and Adderall pills, cocaine, and a locked box containing U.S. currency. A total of $10,779.00 in cash was seized during the traffic stop.  Russell was arrested following the traffic stop and released on a state bond.

    From August 2022 through May 15, 2024, Russell was arrested twice each while possessing additional drugs. At sentencing Russell was found to be responsible for 44 kilograms of methamphetamine, 10 milligrams of hydrocodone, 11 dosage units of Suboxone, 150 milligrams of pure methamphetamine, 5 grams of cocaine, and 26 dosage units of Alprazolam.  After each of his arrests, Russell admitted to his criminal activities to law enforcement.

    Michael F. Easley, Jr., U.S. Attorney for the Eastern District of North Carolina, made the announcement after sentencing by Chief Judge Richard Myers. The Drug Enforcement Administration, Fuquay-Varina Police Department, and the North Carolina State Highway Patrol investigated the case. Assistant U.S. Attorney Jennifer C. Nucci prosecuted the case.

    Related court documents and information can be found on the website of the U.S. District Court for the Eastern District of North Carolina or on PACER by searching for case number 5:24-cr-00142-M-BM.

    MIL Security OSI

  • MIL-OSI Security: Lawson Sex Offender Sentenced to 17 Years for Child Pornography

    Source: Office of United States Attorneys

    KANSAS CITY, Mo. – A Lawson, Mo., man who is a registered sex offender has been sentenced in federal court for distributing child pornography over the internet.

    Lance M. Berry, 37, was sentenced by U.S. District Judge Howard F. Sachs on Thursday, Dec. 19, to 17 years in federal prison without parole. The court also sentenced Berry to 10 years of supervised release following incarceration and ordered him to pay $33,000 in restitution to his victims.

    On Aug. 7, 2024, Berry pleaded guilty to one count of distributing child pornography over the internet.

    Berry has a prior Ray County, Mo., conviction for the deviate sexual assault of a child under the age of 13, which requires him to register as a sex offender.

    Berry admitted that he utilized a peer-to-peer file-sharing program on June 1, 2022, to make images and videos of child pornography available to other users over the internet. On that day, an undercover officer with the Missouri State Highway Patrol was able to directly connect to Berry’s cell phone and download 14 videos of child pornography.

    According to court documents, Berry’s cell phone contained 944 unique images of child pornography, including 19 images of sadistic or masochistic violence against a minor, and 168 images featuring infants or toddlers. There were an additional 40 videos of child pornography, which also included depictions of sadistic or masochistic violence and/or infants and toddlers.

    This case was prosecuted by Assistant U.S. Attorney Kenneth W. Borgnino. It was investigated by the Missouri State Highway Patrol and the FBI.

    Project Safe Childhood

    This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, please visit www.usdoj.gov/psc . For more information about Internet safety education, please visit www.usdoj.gov/psc and click on the tab “resources.”

    MIL Security OSI

  • MIL-OSI Security: U.S. Charges Dual Russian And Israeli National As Developer Of Lockbit Ransomware Group

    Source: Office of United States Attorneys

    Defendant Rostislav Panev in Custody Pending Extradition from Israel to the United States

    NEWARK, N.J. – A superseding criminal complaint filed in the District of New Jersey was unsealed today charging a dual Russian and Israeli national for being a developer of the LockBit ransomware group, U.S. Attorney Philip R. Sellinger announced.

    In August, Rostislav Panev, 51, a dual Russian and Israeli national, was arrested in Israel pursuant to a U.S. provisional arrest request with a view towards extradition to the United States. Panev is currently in custody in Israel pending extradition on the charges lodged in the superseding complaint.

    “As alleged by the complaint, Rostislav Panev for years built and maintained the digital weapons that enabled his LockBit coconspirators to wreak havoc and cause billions of dollars in damage around the world. But just like the six other LockBit members previously identified and charged by this office and our FBI and Criminal Division partners, Panev could not remain anonymous and avoid justice indefinitely. He must now answer for his crimes. Today’s announcement represents another blow struck by the United States and our international partners against the LockBit organization, and our efforts will continue relentlessly until the group is fully dismantled and its members brought to justice.”

    U.S. Attorney Philip R. Sellinger

    “The Justice Department’s work going after the world’s most dangerous ransomware schemes includes not only dismantling networks, but also finding and bringing to justice the individuals responsible for building and running them,” said Attorney General Merrick B. Garland. “Three of the individuals who we allege are responsible for LockBit’s cyberattacks against thousands of victims are now in custody, and we will continue to work alongside our partners to hold accountable all those who lead and enable ransomware attacks.”

    “The arrest of Mr. Panev reflects the Department’s commitment to using all its tools to combat the ransomware threat,” said Deputy Attorney General Lisa Monaco. “We started this year with a coordinated international disruption of LockBit — the most damaging ransomware group in the world. Fast forward to today and three LockBit actors are in custody thanks to the diligence of our investigators and our strong partnerships around the world. This case is a model for ransomware investigations in the years to come.”

    “The arrest of alleged developer Rostislav Panev is part of the FBI’s ongoing efforts to disrupt and dismantle the LockBit ransomware group, one of the most prolific ransomware variants across the globe,” said FBI Director Christopher Wray. “The LockBit group has targeted both public and private sector victims around the world, including schools, hospitals, and critical infrastructure, as well as small businesses and multi-national corporations. No matter how hidden or advanced the threat, the FBI remains committed to working with our interagency partners to safeguard the cyber ecosystem and hold accountable those who are responsible for these criminal activities.”

    “The criminal complaint alleges that Rotislav Panev developed malware and maintained the infrastructure for LockBit, which was once the world’s most destructive ransomware group and attacked thousands of victims, causing billions of dollars in damage,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division. “Along with our domestic and international law enforcement partner actions to dismantle LockBit’s infrastructure, the Criminal Division has disrupted LockBit’s operations by charging seven of its key members (including affiliates, developers, and its administrator) and arresting three of these defendants — including Panev. We are especially grateful for our partnerships with authorities in Europol, the United Kingdom, France, and Israel, which show that, when likeminded countries work together, cybercriminals will find it harder to escape justice.”

    “For five years, Panev helped to grow LockBit into a ransomware machine of deception and extortion,” said Acting Special Agent in Charge Nelson I. Delgado of the FBI Newark Field Office.  “His reach was far and wide but FBI Newark and our international law enforcement partners were able to disrupt his reign. Panev’s arrest marks a victory against these conspirators, and is a step towards upholding justice and neutralizing these criminals.”

    According to the superseding complaint, documents filed in this and related cases, and statements made in court, Panev acted as a developer of the LockBit ransomware group from its inception in or around 2019 through at least February 2024. During that time, Panev and his LockBit coconspirators grew LockBit into what was, at times, the most active and destructive ransomware group in the world. The LockBit group attacked more than 2,500 victims in at least 120 countries around the world, including 1,800 in the United States. Their victims ranged from individuals and small businesses to multinational corporations, including hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies. LockBit’s members extracted at least $500 million in ransom payments from their victims and caused billions of dollars in other losses, including lost revenue and costs from incident response and recovery.

    LockBit’s members comprised “developers,” like Panev, who designed the LockBit malware code and maintained the infrastructure on which LockBit operated. LockBit’s other members, called “affiliates,” carried out LockBit attacks and extorted ransom payments from LockBit victims. LockBit’s developers and affiliates would then split ransom payments extorted from victims.

    As alleged in the superseding complaint, at the time of Panev’s arrest in Israel in August, law enforcement discovered on Panev’s computer administrator credentials for an online repository that was hosted on the dark web and stored source code for multiple versions of the LockBit builder, which allowed LockBit’s affiliates to generate custom builds of the LockBit ransomware malware for particular victims. On that repository, law enforcement also discovered source code for LockBit’s StealBit tool, which helped LockBit affiliates exfiltrate data stolen through LockBit attacks. Law enforcement also discovered access credentials for the LockBit control panel, an online dashboard maintained by LockBit developers for LockBit’s affiliates and hosted by those developers on the dark web.

    The superseding complaint also alleges that Panev exchanged direct messages through a cybercriminal forum with LockBit’s primary administrator, who, in an indictment unsealed in the District of New Jersey in May, the United States alleged to be Dimitry Yuryevich Khoroshev (Дмитрий Юрьевич Хорошев), also known as LockBitSupp, LockBit, and putinkrab. In those messages, Panev and the LockBit primary administrator discussed work that needed to be done on the LockBit builder and control panel.

    Court documents further indicate that, between June 2022 and February 2024, the primary LockBit administrator made a series of transfers of cryptocurrency, laundered through one or more illicit cryptocurrency mixing services, of approximately $10,000 per month to a cryptocurrency wallet owned by Panev. Those transfers amounted to over $230,000 during that period.

    In interviews with Israeli authorities following his arrest in August, Panev admitted to having performed coding, development, and consulting work for the LockBit group and to having received regular payments in cryptocurrency for that work, consistent with the transfers identified by U.S. authorities. Among the work that Panev admitted to having completed for the LockBit group was the development of code to disable antivirus software; to deploy malware to multiple computers connected to a victim network; and to print the LockBit ransom note to all printers connected to a victim network. Panev also admitted to having written and maintained LockBit malware code and to having provided technical guidance to the LockBit group.

    The LockBit Investigation

    The superseding complaint against, and apprehension of, Panev follows a disruption of LockBit ransomware in February by the U.K. National Crime Agency (NCA)’s Cyber Division, which worked in cooperation with the Justice Department, FBI, and other international law enforcement partners. As previously announced by the Department, authorities disrupted LockBit by seizing numerous public-facing websites used by LockBit to connect to the organization’s infrastructure and by seizing control of servers used by LockBit administrators, thereby disrupting the ability of LockBit actors to attack and encrypt networks and extort victims by threatening to publish stolen data. That disruption succeeded in greatly diminishing LockBit’s reputation and its ability to attack further victims, as alleged by documents filed in this case.

    The superseding complaint against Panev also follows charges brought in the District of New Jersey against other LockBit members, including its alleged primary creator, developer, and administrator, Dmitry Yuryevich Khoroshev. An indictment against Khoroshev unsealed in May alleges that Khoroshev began developing LockBit as early as September 2019, continued acting as the group’s administrator through 2024, a role in which Khoroshev recruited new affiliate members, spoke for the group publicly under the alias “LockBitSupp,” and developed and maintained the infrastructure used by affiliates to deploy LockBit attacks. Khoroshev is currently the subject of a reward of up to $10 million through the U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program, with information accepted through the FBI tip website at www.tips.fbi.gov/.

    A total of seven LockBit members have now been charged in the District of New Jersey. Beyond Panev and Khoroshev, other previously charged LockBit defendants include:

    • In July, two LockBit affiliate members, Mikhail Vasiliev, also known as Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99, and Newwave110, and Ruslan Astamirov, also known as BETTERPAY, offtitan, and Eastfarmer, pleaded guilty in the District of New Jersey for their participation in the LockBit ransomware group and admitted deploying multiple LockBit attacks against U.S. and foreign victims. Vasiliev and Astamirov are presently in custody awaiting sentencing.
    • In February, in parallel with the disruption operation described above, an indictment was unsealed in the District of New Jersey charging Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, with deploying LockBit against numerous victims throughout the United States, including businesses nationwide in the manufacturing and other industries, as well as victims around the world in the semiconductor and other industries. Sungatov and Kondratyev remain at large.
    • In May 2023, two indictments were unsealed in Washington, D.C., and the District of New Jersey charging Mikhail Matveev, also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, with using different ransomware variants, including LockBit, to attack numerous victims throughout the United States, including the Washington, D.C., Metropolitan Police Department. Matveev remains at large and is currently the subject of a reward of up to $10 million through the U.S. Department of State’s TOC Rewards Program, with information accepted through the FBI tip website at www.tips.fbi.gov/.

    The U.S. Department of State’s Transnational Organized Crime (TOC) Rewards Program is offering rewards of:

    Information is accepted through the FBI tip website at tips.fbi.gov.

    Khoroshev, Matveev, Sungatov, and Kondratyev have also been designated for sanctions by the Department of the Treasury’s Office of Foreign Assets Control for their roles in launching cyberattacks.

    Victim Assistance

    LockBit victims are encouraged to contact the FBI and submit information at www.ic3.gov. As announced by the Department in February, law enforcement, through its disruption efforts, has developed decryption capabilities that may enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant. Submitting information at the IC3 site will enable law enforcement to determine whether affected systems can be successfully decrypted.

    LockBit victims are also encouraged to visit www.justice.gov/usao-nj/lockbit for case updates and information regarding their rights under U.S. law, including the right to submit victim impact statements and request restitution, in the criminal litigation against Panev, Astamirov, and Vasiliev.

    The FBI Newark Field Office, under the supervision of Acting Special Agent in Charge Nelson I. Delgado, is investigating the LockBit ransomware variant. Israel’s Office of the State Attorney, Department of International Affairs, and Israel National Police; France’s Gendarmerie Nationale Cyberspace Command, Paris Prosecution Office — Cyber Division, and judicial authorities at the Tribunal Judiciare of Paris; Europol; Eurojust; the United Kingdom’s National Crime Agency; Germany’s Landeskriminalamt Schleswig-Holstein, Bundeskriminalamt, and the Central Cybercrime Department North Rhine-Westphalia; Switzerland’s Federal Office of Justice, Public Prosecutor’s Office of the Canton of Zurich, and Zurich Cantonal Police; Spain’s Policia Nacional and Guardia Civil; Japan’s National Police Agency; Australian Federal Police; Sweden’s Polismyndighetens; Canada’s Royal Canadian Mounted Police; Politie Dienst Regionale Recherche Oost-Brabant of the Netherlands; and Finland’s National Bureau of Investigation have provided significant assistance and coordination in these matters and in the LockBit investigation generally.

    Assistant U.S. Attorneys Andrew M. Trombly, David E. Malagold, and Vinay Limbachia for the District of New Jersey and Trial Attorneys Debra Ireland and Jorge Gonzalez of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) are prosecuting the charges against Panev and the other previously charged LockBit defendants in the District of New Jersey.

    The Justice Department’s Cybercrime Liaison Prosecutor to Eurojust, Office of International Affairs, and National Security Division also provided significant assistance.

    Additional details on protecting networks against LockBit ransomware are available at StopRansomware.gov. These include Cybersecurity and Infrastructure Security Agency Advisories AA23-325A, AA23-165A, and AA23-075A. 

    The charges and allegations contained in the superseding complaint are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

    Defense counsel: Frank Arleo, Esq.

    MIL Security OSI

  • MIL-OSI Security: Dr. Donald J. Dinello, D.M.D. Agrees to Pay $120,000 in Civil Penalties for Violations of the Controlled Substances Act

    Source: Office of United States Attorneys

    HARRISBURG, PA —The United States Attorney’s Office for the Middle District of Pennsylvania announced that Dr. Donald J. Dinello, D.M.D., with practice locations in Harrisburg and Hershey, has agreed to pay the United States $120,000 in civil penalties for allegedly failing to comply with recordkeeping and other requirements of the Controlled Substances Act.

    The Controlled Substances Act, 21 U.S.C. sections 801 et seq. (CSA), was passed to combat illegal distribution and abuse of controlled substances, including prescription medications.  The CSA’s recordkeeping and prescribing requirements are to prevent the diversion of controlled substances for illegal purposes. The CSA is enforced by the Drug Enforcement Administration’s Diversion Control Division, whose mission is to prevent, detect, and investigate the diversion of controlled pharmaceuticals and listed chemicals from legitimate sources while ensuring adequate and uninterrupted supply for legitimate medical, commercial, and scientific needs. Under the CSA, entities registered with the DEA who purchase, distribute, dispense, transfer, or sell controlled substances must comply with prescription, inventory, and other documentation requirements.  Regulations promulgated under the CSA require that each DEA registrant, including registered practitioners, maintain complete and accurate records of each substance manufactured, received, sold, delivered, dispensed, or otherwise disposed of by the registrant.  These requirements play a vital role in ensuring the appropriate handling, accounting, and distribution of controlled substances.  Violations of the record-keeping and prescription requirements subject DEA registrants to civil monetary penalties.

    According to the allegations, between January of 2023 and August of 2024, Dr. Dinello failed to use the required DEA form 222 for each distribution of a Schedule II Controlled Substance, failed to maintain complete and accurate records of controlled substances dispensed by him at both his registered locations, failed to maintain biennial inventory at both his registered locations, and in one instance, failed to issue a prescription for a Schedule IV controlled substance  in the usual course of his professional practice.  Dr. Dinello acknowledges he is required to operate in accordance with the statutory and regulatory provisions of the CSA and its implementing regulations.

    “Practitioners who register with DEA in order to prescribe and dispense medications that fall under the Controlled Substances Act have an obligation to prescribe appropriately and keep careful records and inventories,” said U.S. Attorney Gerard M. Karam. “Not fulfilling those obligations makes it difficult or even impossible to be sure those potentially dangerous medications are being dispensed and handled appropriately and are not being diverted. The pursuit of this matter illustrates the continued dedication of our office to protecting the public in MDPA.” 

    “The goal of DEA’s closed system of distribution is to ensure accountability for controlled substances and physicians who fail to maintain proper records of controlled substances create conditions ripe for diversion” said Thomas Hodnett, Special Agent in Charge of the DEA’s Philadelphia Field Division. “The government’s pursuit of this matter illustrates its emphasis on combating diversion of controlled substances.  The record keeping and other regulations applicable to DEA registrants, including physicians, are the tools by which the DEA deters drug diversion.” 

    The Settlement Agreement is neither an admission of liability by Dr. Dinello nor a concession by the United States that its claims are not well founded.

    The case was investigated by Drug Enforcement Administration’s Diversion Control Division. The investigation was handled by Assistant United States Attorney, Tamara J. Haken and the Affirmative Civil Enforcement (ACE) Unit within the U.S. Attorney’s Office for the Middle District of Pennsylvania.

    # # #

    MIL Security OSI

  • MIL-OSI Security: United States Attorney Christopher R. Kavanaugh Steps Down

    Source: Office of United States Attorneys

    CHARLOTTESVILLE, Va. – Christopher R. Kavanaugh announced today that he will step down as the United States Attorney for the Western District of Virginia, resigning from the Department of Justice, effective Friday, December 20, 2024 at 11:59 p.m. after serving more than three years in office.

    “Four years ago, Chris Kavanaugh was one of the first people I brought in to join the Office of the Deputy Attorney General because of his experience within the Department and his leadership on national security issues,” said Deputy Attorney General Lisa Monaco. “Throughout his distinguished career – at Main Justice, as an Assistant U.S. Attorney in the District of Columbia and the Western District of Virginia, and as United States Attorney – Chris has served the Department and his fellow Virginians with integrity and tenacity. I am grateful for his service.”

    Mr. Kavanaugh was sworn in by Deputy Attorney General Monaco on October 7, 2021, after having been unanimously confirmed by the United States Senate.  Mr. Kavanaugh was later appointed to be a member of the Attorney General’s Advisory Committee, a group that advises the Attorney General and Deputy Attorney General on emerging policy issues facing the Department and the United States Attorney community.  Mr. Kavanaugh also chaired the AGAC’s National Security Subcommittee, which supported the Department’s enhanced focus on investigations and prosecutions of malign foreign influence and nation state threats.   

    “Chris Kavanaugh has been an incredible partner for ATF and a national leader in the fight against violent crime.  He has worked side-by-side with law enforcement to bring impactful cases, prosecute dangerous criminals, and lead in the innovative use of Crime Gun Intelligence to make Virginia, and this Nation, safer,” said Steven M. Dettelbach, Director of the Bureau of Alcohol, Tobacco, Firearms and Explosives.

    During his tenure, Mr. Kavanaugh led the U.S. Attorney’s Office through a transitional period, expanding its footprint, hiring a record number of federal prosecutors and staff, and spearheading ground-breaking criminal and affirmative civil enforcements.

    “Every day, the public servants of United States Attorney’s Office for the Western District of Virginia work to make the District – and our Nation – a safer and better place for us all,” United States Attorney Kavanaugh said today.  “It has been the honor of my life to lead this team of selfless individuals who are so dedicated to fairness, the rule of law, and doing what is right.  I know that WDVA will continue to make an outsized impact as citizens of the Justice Department, and I look forward to its future.

    I thank President Biden for nominating me, Senators Mark Warner and Tim Kaine for their recommendation, and Attorney General Garland and Deputy Attorney General Monaco for leading the Department and supporting the United States Attorney community during my tenure.  It has been an honor to serve the American people.”

    Under Mr. Kavanaugh’s leadership, the Western District of Virginia has achieved notable successes in numerous complex criminal and civil cases. For example:

    United States v. McKinsey & Company

    For the first time ever, a management consulting firm was held criminally responsible for advice resulting in the commission of a crime by a client, Purdue Pharma, the makers of OxyContin. McKinsey & Company agreed to pay $650 million to resolve criminal and civil investigations into the firm’s consulting work, including a 2013 engagement with Purdue Pharma which McKinsey advised on steps to ‘turbocharge’ sales of OxyContin.  A former senior partner at McKinsey & Company also agreed to plead guilty to one felony count of obstruction of justice for deleting Purdue related documents in an attempt to obstruct future investigations.

    United States v. Envigo

    In 2024, the Western District of Virginia obtained criminal convictions of Envigo, a biotechnology company dedicated to breeding animals for medical research with locations throughout North America.  WDVA’s investigation revealed that Envigo was mistreating animals in violation of the Animal Welfare Act and polluting waterways in violation of the Clean Water Act.  After a federal search warrant was executed, the Justice Department secured the surrender of over 4,000 beagles from an Envigo facility in Cumberland, Virginia. Envigo pled guilty to violating the Animal Welfare Act and the Clean Water Act, agreeing to pay more than $35 million in criminal penalties and fines – a record for any prosecution under the Animal Welfare Act.

    The Killing of Big Stone Gap Police Officer Michael Chandler

    Tragedy struck the small town of Big Stone Gap, Virginia in the early morning hours of November 13, 2021, when Big Stone Gap Police Officer Michael Chandler was murdered while responding to a disturbance call.  The United States Attorney’s Office for WDVA brought federal charges against not only the person who shot and killed Chandler, Michael Donivan White, but also 18 other defendants who were a part of a methamphetamine trafficking conspiracy.  Over the last few years, every single defendant has been convicted. White is scheduled to be sentenced in February 2025 and faces between 40- and 100-years’ incarceration.

    The Bribery Trial of Sheriff Scott Jenkins

    This week, a federal jury in the Charlottesville Division of WDVA returned guilty verdicts on all counts against former Culpeper County Sheriff Scott Jenkins.  Jenkins had accepted numerous cash bribes and bribes in the form of campaign contributions from at least eight different people – one of whom he believed to be a felon – in exchange for appointing them as Auxiliary Deputy Sheriffs.  A jury found Jenkins guilty of bribery, honest services fraud, and conspiracy after a trial and he will be sentenced in March 2025.

    District Transformation

    In addition to the case work victories, under Mr. Kavanaugh’s leadership, the U.S Attorney’s Office itself has transformed. Offices in Abingdon and Charlottesville have expanded, and the Office was awarded a nearly 20% increase in Assistant United States Attorneys, expanding the level of federal prosecutors to their highest levels in history.  In a challenging budget climate, Mr. Kavanaugh has also made strides to modernize the Office’s capabilities to process voluminous amounts of documents for its more sophisticated prosecutions.

    “On behalf of FBI Richmond, I sincerely thank Chris Kavanaugh for his service as U.S. Attorney. His unwavering commitment to justice and his exceptional partnership have been instrumental in advancing our shared mission of keeping Virginia safe. Chris’ leadership and collaboration have made a profound impact, and we deeply appreciate his dedication to ensuring the rule of law prevails,” said Stanley M. Meador, Special Agent in Charge of the FBI Richmond Division.

    “U.S. Attorney Kavanaugh’s leadership and vision have been instrumental in our initiatives to safeguard the health and safety of the citizens of Western Virginia. His determination in developing effective judicial strategies have contributed to the dismantling of many drug-trafficking networks and significantly mitigating this threat to our communities. We extend our best wishes to him in his future endeavors,” said Jarod Forget, Special Agent in Charge of the Drug Enforcement Administration’s Washington Division.

    Prior to his time as United States Attorney, Mr. Kavanaugh was an Assistant United States Attorney for 14 years, having served in United States Attorney’s Offices for both the Western District of Virginia and the District of Columbia.  During his career, Mr. Kavanaugh directed numerous multi-agency investigations and prosecutions, with a focus on national security, white-collar crime, civil rights, and violent crimes involving racketeering and homicides. In WDVA, he served as the District’s chief national security prosecutor and Senior Litigation Counsel.  Among other matters, he led the Department’s investigations and prosecutions into the Unite the Right riots of August 2017 in Charlottesville, Virginia. Just prior to his confirmation, Mr. Kavanaugh was Senior Counsel to Deputy Attorney General Lisa O. Monaco at the U.S. Department of Justice in Washington, D.C.

    MIL Security OSI

  • MIL-OSI Security: Dutch National Sentenced to 33 Months in Prison for Money Laundering

    Source: Office of United States Attorneys

    ALBANY, NEW YORK – Xiomara Christian, age 37, of Amsterdam, The Netherlands, was sentenced yesterday to 33 months of incarceration following her guilty plea to conspiracy to commit money laundering. 

    United States Attorney Carla B. Freedman and Frank A. Tarentino III, Special Agent in Charge of the U.S. Drug Enforcement Administration (DEA), New York Division, made the announcement.

    As part of her guilty plea on October 10, 2024, Christian admitted that from May 2017 to November 2018, she and a co-conspirator laundered drug proceeds from Europe and Australia through bank accounts in the Northern District of New York, intending to conceal the true source of the proceeds, and to make it appear as though the money was legally obtained through legitimate business transactions.

    On October 4, 2018, Christian delivered €101,950 ($114,816.09) in drug proceeds to an undercover agent with the National Police of The Netherlands in The Netherlands. On October 5, 2018, an undercover agent with the Australian Criminal Intelligence Commission picked up $85,000 AUD ($57,843 USD) in drug proceeds from another co-conspirator in Melbourne, Australia. Christian then had the money wired through a bank account in Latham, New York, and sent to bank accounts in Panama.

    In addition to the term of imprisonment, Senior United States District Judge Lawrence E. Kahn also ordered the entry of a money judgment against Christian in the amount of $172,659. Christian faces removal from the United States following service of her term of imprisonment.

    The DEA investigated this case and Assistant U.S. Attorney Douglas Collyer prosecuted the case.

    MIL Security OSI

  • MIL-OSI Security: Louisville Man Sentenced to Over 11 Years in Federal Prison for Child Pornography Offenses

    Source: Office of United States Attorneys

    Louisville, KY – A Louisville man was sentenced today to 11 years and 7 months in federal prison for distributing and possessing child pornography.     

    U.S. Attorney Michael A. Bennett of the Western District of Kentucky, Kentucky Attorney General Russell Coleman, and Special Agent in Charge Robert Holman of the United States Secret Service made the announcement.

    “I commend the Secret Service and the Kentucky Attorney General’s Office for their continuing work and partnership in combatting child exploitation throughout the Commonwealth,” said U.S. Attorney Bennett. Federal and state cooperation is crucial to the successful prosecution of those who harm our most vulnerable citizens.”   

    “Kentucky’s kids will be safer with this predator behind bars,” said Kentucky Attorney General Russell Coleman. “I’m grateful for the zealous collaboration with our partners at the U.S. Secret Service and the U.S. Attorney’s Office to demonstrate once again the serious consequences for the exploitation of our children.”

    Douglas Huelsman, 45, was sentenced to 11 years and 7 months in federal prison, followed by 15 years of supervised release, for one count of distribution and one count of possession of child pornography. According to court documents, Huelsman used an online messaging application to distribute and receive images and videos of child sexual abuse material.

    Huelsman was also ordered to pay $36,000 in restitution to multiple victims in the case.

    There is no parole in the federal system.

    This case was investigated by the Kentucky Office of the Attorney General’s Department of Criminal Investigations and the United States Secret Service.

    Assistant U.S. Attorney Stephanie M. Zimdahl prosecuted the case.

    This case was brought as part of Project Safe Childhood, a nationwide initiative launched in May 2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and abuse. Led by the United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate, apprehend, and prosecute individuals who sexually exploit children, and to identify and rescue victims. For more information about Project Safe Childhood, please visit www.usdoj.gov/psc. For more information about internet safety education, please visit www.usdoj.gov/psc and click on the tab “resources.”

    ###

    MIL Security OSI

  • MIL-OSI Security: Death of General Thomas R. Morgan, 21st Assistant Commandant of the Marine Corps

    Source: United States Marine Corps

    WASHINGTON, D.C. —

    The Marine Corps announces the passing of the 21st Assistant Commandant of the Marine Corps, General Thomas R. Morgan on December 6, 2024.

    General Morgan passed away peacefully in Fairfax Station, Virginia, after a distinguished career in the Marine Corps and a life dedicated to service.

    “General Morgan was a steadfast leader and a true embodiment of the Marine Corps ethos,” said Gen. Eric Smith, the 39th Commandant of the Marine Corps. “His legacy will live on through his impact on our Corps. We offer our condolences to his loved ones and will be forever appreciative of his service to our nation.”

    General Morgan was born on January 6, 1930, in Allentown, Pennsylvania. After graduating from Colgate University in 1952, he was commissioned a second lieutenant in the Marine Corps and embarked on a distinguished military career that spanned over 36 years. General Morgan served in various key leadership positions, culminating in his role as the Assistant Commandant of the Marine Corps from June 1986 until his retirement on July 1, 1988.

    Throughout his career, General Morgan made lasting contributions to the Marine Corps, including his leadership in multiple overseas assignments, his influence on aviation operations, and his strategic foresight in military planning. His service took him to locations around the world, including the Western Pacific, Vietnam, Europe, and Korea, and he was integral in shaping Marine Corps operations and doctrine.

    Upon retirement, General Morgan remained deeply involved with the military community and his family, with a strong commitment to supporting veterans and military organizations. His personal decorations include the Defense Superior Service Medal, Legion of Merit, and Bronze Star Medal, among others.

    His full biography is located here: Gen. Thomas R. Morgan. His full obituary can be found at Dignity Memorial.

    Media seeking additional information should contact the U.S. Marine Corps Communication Directorate at OnTheRecord@usmc.mil.

    -30-

    MIL Security OSI

  • MIL-OSI Security: Captain in the Islamic Revolutionary Guard Corps (IRGC) Charged with Murder and Terrorism Offenses

    Source: United States Attorneys General 6

    Defendant Allegedly Orchestrated the Nov. 7, 2022, Murder of Stephen Troell, a U.S. Citizen Living in Iraq, in Retaliation for the January 2020 Death of Qasem Soleimani

    Note: View the unsealed complaint here.

    A complaint was unsealed today charging Mohammad Reza Nouri, 36, of Iran, also known as Muhammad Rida Husayn, Ali Asghar Nuri, and Abu Abbas, an Iranian national and officer in the IRGC, in connection with Nouri’s alleged role in orchestrating the Nov. 7, 2022, murder of American Stephen Troell in Baghdad, Iraq. Nouri was arrested in Iraq in March 2023.

    “The Department of Justice will not tolerate terrorists and authoritarian regimes targeting and murdering Americans anywhere in the world,” said Attorney General Merrick B. Garland. “We allege that Mohammad Reza Nouri, an officer in the Islamic Revolutionary Guard Corps, orchestrated the murder of Stephen Troell, an American citizen living in Iraq, carrying out the Iranian Regime’s efforts to take vengeance for the death of Qasim Soleimani. Stephen should still be alive today, and the Justice Department will work relentlessly to ensure accountability for his murder.”

    “The Islamic Revolutionary Guard Corps remains determined to target U.S. citizens, and orchestrated a cold-blooded plot to brutally murder Stephen Troell, a Tennessee native working at an English language institute in Iraq,” said FBI Director Christopher Wray. “According to the allegations, Mohammad Reza Nouri, an IRGC captain, played a key role in planning the attack in which Troell was ambushed as he drove home from work with his wife. Today’s announcement makes clear that the FBI and our partners will not tolerate the IRGC’s ruthless attacks on Americans, here in the United States or overseas, and will hold accountable any who seek to harm our citizens.”

    “As alleged, Mohammad Reza Nouri, a Captain in Iran’s Islamic Revolutionary Guard Corps, orchestrated the murder of American Steven Troell in Iraq,” said Acting U.S. Attorney Edward Kim for the Southern District of New York. “Nouri is alleged to have gathered intelligence on Troell’s daily routine and whereabouts, procured weapons and vehicles, and provided safe harbor to the operatives who carried out the sinister plot to brutally attack Troell in front of his wife. As alleged, the Iranian regime is actively targeting U.S. citizens, such as Troell, living in countries around the world for kidnapping and execution both to repress and silence dissidents critical of the regime and to take vengeance for the death of Qasem Soleimani. This office will not stand by when an American is attacked and murdered in cold blood, and we will continue working with our law enforcement partners to bring Nouri to justice.”

    “As alleged in the complaint, Nouri facilitated Troell’s murder. He gathered information and coordinated with a co-conspirator to procure supplies that operatives relied on during their attack on Troell,” said Assistant Director in Charge David Sundberg of the FBI Washington Field Office. “The FBI will continue to work with our law enforcement partners to bring IRGC operatives, including Nouri’s co-conspirator, to justice for harming Americans.”

    According to court documents, the Government of the Islamic Republic of Iran (Iran) is actively targeting nationals of the United States and its allies living in countries around the world for kidnapping and/or execution both to repress and silence dissidents critical of the Iranian regime and to take vengeance for the January 2020 death of then-Commander of the IRGC-Qods Force (IRGC-QF), Qasem Soleimani, who was killed by a U.S. drone strike in Baghdad. The IRGC is an Iranian military and counterintelligence agency under the authority of Iran’s Supreme Leader, comprised of components including an external operations force, the IRGC-QF, and has been designated as a foreign terrorist organization by the U.S. Secretary of State since April 15, 2019. The IRGC has publicly stated its desire to avenge the death of Soleimani, and, among its activities, the IRGC plots and conducts attack operations outside Iran targeting U.S. citizens residing in the United States and abroad. In November 2022, the Iranian regime struck in Iraq: a group of operatives working on behalf of the IRGC brutally murdered Stephen Troell, a 45-year-old American living in Baghdad, where he worked at an English language institute, as Troell was driving home with his wife after work.

    Nouri is an IRGC Captain who works for the IRGC in Iraq and is involved in the IRGC’s external attack plotting against U.S. citizens and others. Nouri played a key role in the IRGC’s targeting and ultimate murder of Troell, whom Nouri appears to have believed was working as an American or Israeli intelligence officer. Nouri, on behalf of the IRGC, collected critical, highly personal information about Troell to facilitate stalking, attacking, and ultimately killing Troell. Nouri, with the assistance of co-conspirators, developed a source with access to details of Troell’s life and daily routine. With this information, Nouri created intelligence documents for his IRGC associates and a group of operatives recruited to execute the attack, which included Troell’s date of birth, coordinates of his residence, occupation, work schedule, telephone number, wife’s name, and children’s names, among other information. In the weeks leading up to the murder, Nouri coordinated with one of his co-conspirators (CC-1) in the plot targeting Troell to procure some of the means for attacking Troell, including firearms as well as a vehicle for use in the lethal attack on Troell. On the evening of Nov. 7, 2022, the group of recruited operatives carried out the attack. Troell was driving home from work with his wife when heavily armed gunmen in two cars forced the Troells to stop shortly before they reached their residence, blocked any possible escape route, approached Troell on the driver’s side, and, using an assault weapon, shot and killed Troell as his wife witnessed the attack in the passenger seat.   

    On the day of the murder, Nouri coordinated with CC-1 shortly before and immediately after the attack. Nouri and CC-1 spoke repeatedly in the hours leading up to the attack. Less than a half hour after the attack, Nouri sent CC-1 encrypted messages inquiring about the wellbeing of the operatives tasked with carrying out the hit on Troell, asking, “The guys are fine?” and “They are doing well?” to which CC-1 responded, “One is injured.”  As the night went on, CC-1 continued to update Nouri, noting that “two so far” of the operatives on the hit squad — whom Nouri referred to as “our guys” — had gathered safely since the murder, that “the rest are on the way,” and that the injury sustained by one of their confederates was “slight.”  In the course of these encrypted messages, Nouri and CC-1 celebrated the events of the day and their success. That night, after the murder, Nouri left Iraq for Iran. Shortly before departing Baghdad, Nouri visited a religious site associated with mourning for Soleimani’s death.

    Following the murder, approximately nine of the operatives on the hit squad also left Iraq and entered Iran, where they joined Nouri. In Iran, Nouri arranged housing for the operatives, providing them safe harbor in the aftermath of the murder. Nouri and another IRGC official addressed the operatives during their stay in Iran, offered their blessings to the hit squad, and told them that Troell was purportedly a spy on behalf of America and Israel, that Troell threatened Islam by attracting Iraqi youths to the Jewish religion and spreading it in Iraq, and that Troell therefore deserved to be murdered.

    In March 2023, Iraqi authorities arrested Nouri, and he was subsequently convicted by an Iraqi court for his role in Troell’s murder. Nouri remains in custody in Iraq.

    Nouri has been charged with conspiring to provide material support to a foreign terrorist organization resulting in death, and faces a maximum penalty of life in prison; providing material support to a foreign terrorist organization resulting in death, and faces a maximum penalty of life in prison; conspiring to provide material support for acts of terrorism resulting in death, and faces a maximum penalty of life in prison; providing material support for acts of terrorism resulting in death, and faces a maximum penalty of life in prison; conspiring to take hostages, and faces a maximum penalty of life in prison; conspiring to murder U.S. nationals outside the United States, and faces a maximum penalty of life in prison; murdering a U.S. national outside the United States, and faces a maximum penalty of death or life in prison; and  causing death through the use of a firearm, and faces a maximum penalty of death or life in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

    The FBI Washington Field Office’s Counterterrorism Division is investigating the case. The Justice Department’s Office of International Affairs; Justice Department’s Attaché in Iraq; FBI Legal Attaché office in Iraq; Iraqi authorities; and U.S. Attorney’s Office for the District of Columbia provided valuable assistance.

    Assistant U.S. Attorneys Jacob H. Gutwillig, Matthew J.C. Hellman, and Kyle A. Wirshba for the Southern District of New York and Trial Attorneys Joshua Champagne and Timothy J. Reardon III of the National Security Division’s Counterterrorism Section are prosecuting the case.

    A complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

    MIL Security OSI

  • MIL-OSI Security: Port St. Lucie Firearms Dealer Pleads Guilty to Failing to Keep Proper Records of Sales

    Source: Office of United States Attorneys

    MIAMI – On Dec. 18, Michael John Pellicione, 76, the owner of a Port St. Lucie, Fla., gun shop, who operated out of his residence, pleaded guilty to the five-count indictment for selling several firearms “off the books” in violation of 18 U.S.C. § 922(b)(5), which penalizes the failure of a firearms dealer to keep a proper record of sales.

    Pellicione, a federal firearms licensee (FFL), failed to enter the sale of five firearms into his acquisition and disposition (A&D) record. Federal law requires an FFL to record, in the A&D book, all of the firearms that the FFL receives or makes, and then indicate where each of those firearms are – whether they are still in the FFL’s inventory or where they went if they were sold or transferred. Additionally, the A&D book must include the type of firearm, the make, model, caliber, and serial number, the date and from whom the firearm was received and that person’s address, as well as the name, date, and address of the person to whom the firearm was sold or transferred.

    A sentencing date has not yet been scheduled in this matter. At sentencing, Pellicione faces up to five years’ imprisonment. A federal district court judge will determine the sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

    Markenzy Lapointe, U. S. Attorney for the Southern District of Florida, Special Agent in Charge Anthony Salisbury of Homeland Security Investigations (HSI), Miami, and Special Agent in Charge Christopher A. Robinson of the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF), Miami Field Division, made the announcement.

    HSI Fort Pierce and ATF Fort Pierce investigated this case. Managing Assistant U.S. Attorney Carmen Lineberger is prosecuting this matter.

    Related court documents and information may be found on the website of the District Court for the Southern District of Florida at http://www.flsd.uscourts.gov or on http://pacer.flsd.uscourts.gov, under case number 24-cr-14055.

    ###

    MIL Security OSI

  • MIL-OSI Security: UPDATE: Appeal to trace witnesses following fatal shooting in Brent

    Source: United Kingdom London Metropolitan Police

    Detectives investigating the murder of Michelle Sadio have issued an image of individuals they are keen to speak to.

    Detectives from the Met’s Specialist Crime Command are leading the investigation into Michelle’s murder and have today released an image of people they believe may have information about the occupants of a car linked to the shooting.

    The car, a black Kia Niro with distinctive alloys, with the number plate LA23 XRE was being driven by the suspects who then fired a number of shots in Gifford Road, NW10 on Saturday, 14 December.

    Michelle was one of three people injured and she sadly died at the scene.

    Following the shooting, the car was driven from Gifford Road to Barnhill Road where it was then abandoned and set alight.

    Detective Chief Inspector Phil Clarke, who is leading the investigation, said: “Our investigation has progressed at pace but we are still keen to hear from anyone who can help piece together the series of events which led to Michelle’s murder.

    “We have an image of a number of people who were seen speaking to the occupants of a black Kia Niro of interest on Church Road, NW10 at 20:50hrs on Saturday, 14 December.

    “Are you one of the people pictured in the white Mercedes or on the pavement nearby, or do you recognise anyone? Did you hear or see something either before or after the shooting that may help with the investigation?

    “I would like to stress that none of those pictured have done anything wrong. They may not live in the area but they could hold information that is important to the investigation and I urge them to contact us.”

    At approximately 21:15hrs on Saturday, police were called to reports of the shooting, which happened as Michelle and others were standing outside the church following a wake. Officers and London Ambulance Service paramedics attended the scene.

    Michelle, aged 44, was found suffering serious injuries – despite the efforts of the emergency services she was pronounced dead at the scene.

    Michelle’s family have been informed and continue to be supported by specialist officers. They have requested that media respect their privacy during this difficult time.

    Two men, both aged in their 30s, also suffered injuries. One remains in hospital in a critical condition; the other man’s injuries are not life threatening.

    There have been no arrests at this stage and enquiries into the circumstances continue.

    Anyone with information that could assist police is asked to call 101 or message @MetCC on X giving the reference CAD 7137/14DEC.

    You can also provide information, or upload images and footage, through the online portal here or by scanning the attached QR code.

    Information can also be provided anonymously to the independent charity Crimestoppers on 0800 555 111.

    MIL Security OSI