Month: May 2023

Source: United States Department of Justice News

MADISON, WIS. – Timothy M. O’Shea, United States Attorney for the Western District of Wisconsin, announced that Anthony James, 39, La Crosse, Wisconsin, was sentenced today by Chief U.S. District Judge James D. Peterson to 29 months in federal prison for possessing a firearm after previously being convicted of a felony.  James pleaded guilty to this charge on February 10, 2023.

On April 3, 2022, a Wisconsin State Patrol trooper stopped a vehicle driven by James in La Crosse County for suspended registration and illegal window tint.  The trooper noticed an odor of marijuana coming from the car and conducted a search of the vehicle.  During the search, the trooper recovered a .22 caliber Sterling handgun from a lockbox that was opened using a key from James’ keyring that was in the ignition of the car.

James’s prior felony convictions include a 2018 conviction in Sheboygan County for felony strangulation/suffocation and Illinois felony convictions for forgery and retail theft.  James also was under state supervision for prior convictions in Kenosha and Ozaukee Counties at the time of his arrest. 

At sentencing, Judge Peterson acknowledged that aggravating factors in determining a sentence were James’s voluminous criminal history and, specifically, his domestic abuse related strangulation conviction in 2018, which raised special concern about his unlawful possession of a firearm.  However, the judge considered that the gun was not loaded, in a locked container, and was not used or possessed in connection with any other offense. 

The charge against James was the result of an investigation conducted by the Wisconsin State Patrol and the Bureau of Alcohol, Tobacco, Firearms and Explosives.  Assistant U.S. Attorney Robert A. Anderson prosecuted this case. 

Source: United States Department of Justice News

            WASHINGTON – Anthony Duncan, 42, of Washington, D.C., was sentenced to 18 months’ imprisonment and 3 years of supervised release today for assaulting a pedestrian in May 2022, announced U.S. Attorney Matthew M. Graves and Robert J. Contee III, Chief of the Metropolitan Police Department (MPD).

            On February 27, 2023, Duncan was found guilty of Assault with Significant Bodily Injury at a trial in the Superior Court of the District of Columbia. The Honorable Lynn Leibovitz presided over the trial.

            According to the government’s evidence presented at trial, on May 21, 2022, the victim was walking home on 15^th Street in Northwest, Washington, D.C. from a Bocce Ball game when he was confronted by Duncan. Duncan, who was a stranger to the victim, accused the victim of directing a sexually suggestive act towards him and took offense. The victim vehemently denied making any such advance. As Duncan confronted the victim for this perceived advanced, he pulled out his cell phone, and recorded himself physically attacking the victim. Duncan broke the victim’s nose and teeth, and the victim required numerous stitches to stop the bleeding. Duncan called the victim a derogatory gay slur numerous times as he attacked the victim.

            In announcing the sentence, U.S. Attorney Graves and Chief Contee commended the work of those who investigated the case from the Metropolitan Police Department. They also expressed appreciation for the work of those who handled the cases at the U.S. Attorney’s Office, including Assistant U.S. Attorneys Jared English and Randle Wilson, who investigated and prosecuted the case.

Source: United States Department of Justice News

Damian Williams, the United States Attorney for the Southern District of New York, announced that CHRISTIAN VARELA, a former owner of a construction firm, was sentenced yesterday by U.S. District Judge Philip M. Halpern to two years in prison for failing to pay to the Internal Revenue Service (“IRS”) more than $4.4 million of payroll taxes he collected from his employees.  VARELA pled guilty to one count of failure to pay payroll taxes in September 2022.

According to the Information to which VARELA pled guilty and statements made in court:

VARELA owned and operated Gibraltar Contracting, Inc. (“Gibraltar”), a contracting firm with more than 55 employees that handled federal and state government construction contracts.  VARELA was responsible under federal law for collecting, truthfully accounting for, and paying to the IRS federal income tax and contributions to Social Security and Medicare withheld from Gibraltar’s employees’ pay.  In 10 different quarters from 2015 through 2018, VARELA failed to pay to the IRS a total of more than $4.4 million of these payroll taxes.   

*                *                *

In addition to his prison term, VARELA, 48, of Staten Island, New York, was sentenced to three years of supervised release and 12 months of home confinement.  The Court also imposed restitution to the IRS of $4,404,564.60.

Mr. Williams praised the outstanding investigative work of the IRS-Criminal Investigation in this case.

The case is being prosecuted by the Office’s White Plains Division.  Assistant U.S. Attorneys Jeffrey C. Coffman and James McMahon are in charge of the prosecution.

Source: United States Department of Justice News

The Justice Department today announced the completion of a court-authorized operation, code-named MEDUSA, to disrupt a global peer-to-peer network of computers compromised by sophisticated malware, called “Snake”, that the U.S. Government attributes to a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB). For nearly 20 years, this unit, referred to in court documents as “Turla,” has used versions of the Snake malware to steal sensitive documents from hundreds of computer systems in at least 50 countries, which have belonged to North Atlantic Treaty Organization (NATO) member governments, journalists, and other targets of interest to the Russian Federation. After stealing these documents, Turla exfiltrated them through a covert network of unwitting Snake-compromised computers in the United States and around the world.

Operation MEDUSA disabled Turla’s Snake malware on compromised computers through the use of an FBI-created tool named PERSEUS, which issued commands that caused the Snake malware to overwrite its own vital components. Within the United States, the operation was executed by the FBI pursuant to a search warrant issued by U.S. Magistrate Judge Cheryl L. Pollak for the Eastern District of New York, which authorized remote access to the compromised computers. This morning, the court unsealed redacted versions of the affidavit submitted in support of the application for the search warrant, and of the search warrant issued by the court. For victims outside the United States, the FBI is engaging with local authorities to provide both notice of Snake infections within those authorities’ countries and remediation guidance.

“The Justice Department, together with our international partners, has dismantled a global network of malware-infected computers that the Russian government has used for nearly two decades to conduct cyber-espionage, including against our NATO allies,” said Attorney General Merrick B. Garland. “We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies.”

“Through a high-tech operation that turned Russian malware against itself, U.S. law enforcement has neutralized one of Russia’s most sophisticated cyber-espionage tools, used for two decades to advance Russia’s authoritarian objectives,” said Deputy Attorney General Lisa O. Monaco. “By combining this action with the release of the information victims need to protect themselves, the Justice Department continues to put victims at the center of our cybercrime work and take the fight to malicious cyber actors.”

“For 20 years, the FSB has relied on the Snake malware to conduct cyberespionage against the United States and our allies – that ends today,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “The Justice Department will use every weapon in our arsenal to combat Russia’s malicious cyber activity, including neutralizing malware through high-tech operations, making innovate use of legal authorities, and working with international allies and private sector partners to amplify our collective impact.”

“Russia used sophisticated malware to steal sensitive information from our allies, laundering it through a network of infected computers in the United States in a cynical attempt to conceal their crimes. Meeting the challenge of cyberespionage requires creativity and a willingness to use all lawful means to protect our nation and our allies,” said U.S. Attorney Breon Peace for the Eastern District of New York. “The court-authorized remote search and remediation announced today demonstrates my office and our partners’ commitment to using all of the tools at our disposal to protect the American people.”

“Today’s announcement demonstrates the FBI’s willingness and ability to pair our authorities and technical capabilities with those of our global partners to disrupt malicious cyber actors,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “When it comes to combating Russia’s attempts to target the United States and our allies using complex cyber tools, we will not waver in our work to dismantle those efforts. When it comes to any nation state engaged in cyber intrusions which put our national security at risk, the FBI will leverage all tools available to impose cost on those actors and to protect the American people.”

As detailed in court documents, the U.S. Government has been investigating Snake and Snake-related malware tools for nearly 20 years. The U.S. government has monitored FSB officers assigned to Turla conducting daily operations using Snake from a known FSB facility in Ryazan, Russia.

Although Snake has been the subject to several cybersecurity industry reports throughout its existence, Turla has applied numerous upgrades and revisions, and selectively deployed it, all to ensure that Snake remains Turla’s most sophisticated long-term cyberespionage malware implant. Unless disrupted, the Snake implant persists on a compromised computer’s system indefinitely, typically undetected by the machine’s owner or authorized users. The FBI has observed Snake persist on particular computers despite a victim’s efforts to remediate the compromise.

Snake provides its Turla operators the ability to remotely deploy selected malware tools to extend Snake’s functionality to identify and steal sensitive information and documents stored on a particular machine. Most importantly, the worldwide collection of Snake-compromised computers acts as a covert peer-to-peer network, which utilizes customized communication protocols designed to hamper detection, monitoring, and collection efforts by Western and other signals intelligence services.

Turla uses the Snake network to route data exfiltrated from target systems through numerous relay nodes scattered around the world back to Turla operators in Russia. For example, the FBI, its partners in the U.S. Intelligence Community, together with allied foreign governments, have monitored the FSB’s use of the Snake network to exfiltrate data from sensitive computer systems, including those operated by NATO member governments, by routing the transmission of these stolen data through unwitting Snake-compromised computers in the United States.

As described in court documents, through analysis of the Snake malware and the Snake network, the FBI developed the capability to decrypt and decode Snake communications. With information gleaned from monitoring the Snake network and analyzing Snake malware, the FBI developed a tool named PERSEUS which establishes communication sessions with the Snake malware implant on a particular computer, and issues commands that causes the Snake implant to disable itself without affecting the host computer or legitimate applications on the computer.

Today, to empower network defenders worldwide, the FBI, the National Security Agency, the Cybersecurity and Infrastructure Security Agency, the U.S. Cyber Command Cyber National Mission Force, and six other intelligence and cybersecurity agencies from each of the Five Eyes member nations issued a joint cybersecurity advisory (the Joint Advisory) with detailed technical information about the Snake malware that will allow cybersecurity professionals to detect and remediate Snake malware infections on their networks. The FBI and U.S. Department of State are also providing additional information to local authorities in countries where computers that have been targeted by the Snake malware have been located.

Although Operation MEDUSA disabled the Snake malware on compromised computers, victims should take additional steps to protect themselves from further harm. The operation to disable Snake did not patch any vulnerabilities or search for or remove any additional malware or hacking tools that hacking groups may have placed on victim. The Department of Justice strongly encourages network defenders to review the Joint Advisory for further guidance on detection and patching. Moreover, as noted in court documents, Turla frequently deploys a “keylogger” with Snake that Turla can use to steal account authentication credentials, such as usernames and passwords, from legitimate users. Victims should be aware that Turla could use these stolen credentials to fraudulently re-access compromised computers and other accounts.

The FBI has provided notice of the court-authorized operation to all owners or operators of the computers remotely accessed pursuant to the search warrant.

Assistant U.S. Attorney Ian C. Richardson for the Eastern District of New York is prosecuting the case, with valuable assistance provided by the National Security Division’s Counterintelligence and Export Control Section.

The efforts to disrupt the Snake malware network were led by the FBI New York Field Office, FBI’s Cyber Division, the U.S. Attorney’s Office for the Eastern District of New York, and the National Security Division’s Counterintelligence and Export Control Section. The Criminal Division’s Computer Crime and Intellectual Property Section provided valuable assistance. Those efforts would not have been successful without the partnership of numerous private-sector entities, including those victims who allowed the FBI to monitor Snake communications on their systems.

Source: United States Department of Justice Criminal Division

A Pennsylvania man was sentenced today to 35 years in prison for traveling to the Philippines to engage in sex with children as young as 12 years old.

According to court documents, between 2016 and 2019, Craig Alex Levin, 67, of King of Prussia, was a retired special education teacher who traveled to the Philippines nine times, each time for the purpose of engaging in sex with disadvantaged minors who, by Levin’s own words, were hungry or needed money for medicine for family members. In May 2019, the Philippine National Police arrested Levin as he was about to enter the elevator at his hotel with a 15-year-old girl. Upon search of his hotel room, police located several notebooks containing the names and ages of hundreds of girls, whom he rated based on several categories, including age. Only girls under the age of 18 received a top score of 10. There were multiple children as young as 12 listed in the notebooks.

In June 2022, Levin pleaded guilty to six counts charging him with foreign travel to engage in sex with a minor, attempted sex trafficking of a minor, and distribution and transportation of child pornography. 

Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division, U.S. Attorney Jacqueline C. Romero for the Eastern District of Pennsylvania, and Assistant Director Luis Quesada of the FBI’s Criminal Investigative Division made the announcement.

The FBI and Philippine National Police investigated the case.

Trial Attorney Austin M. Berry of the Criminal Division’s Child Exploitation and Obscenity Section (CEOS) and Assistant U.S. Attorney Michelle Rotella for the Eastern District of Pennsylvania prosecuted the case. The Justice Department’s Office of International Affairs assisted with securing evidence from the Philippines, including through mutual legal assistance requests.

This case is brought as part of Project Safe Childhood, a nationwide initiative to combat the growing epidemic of child sexual exploitation and abuse, launched in May 2006 by the Department of Justice. Led by U.S. Attorneys’ Offices and CEOS, Project Safe Childhood marshals federal, state, and local resources to better locate, apprehend, and prosecute individuals who exploit children via the internet, as well as to identify and rescue victims. For more information about Project Safe Childhood, please visit www.justice.gov/psc.