Crypto Exchange Owner Gets 10 Years for Turning Fake Car Auctions Into Cryptocurrency

 The Department of Justice stands in the early hours of Friday morning, March 22, 2019 in Washington, DC.

The Department of Justice stands in the early hours of Friday morning, March 22, 2019 in Washington, DC.
Photo: Photo by Drew Angerer (Getty Images)

Bulgarian man Rossen G. Iossifov was sentenced to 10 years in U.S. federal prison January 12 for his role in a transnational scheme that stole millions of dollars from hundreds of Americans.

Before his downfall, Iossifov ran RG Coins, a cryptocurrency exchange based out of Sofia, Bulgaria that authorities say frequently acted as a vehicle to launder money for a criminal syndicate known as the Alexandria Online Auction Fraud (AOAF) Network—a 20-person crime ring based in Bucharest that stole from at least 900 Americans via online auction fraud schemes.

Members of the network typically posted advertisements for fake luxury goods (usually cars, apparently) on websites like Craigslist and Ebay. Once unsuspecting buyers had forked over their cash to the AOAF for the nonexistent products, the criminals would engage in “a complicated money laundering scheme wherein” the money would be converted into cryptocurrency and then transferred “to foreign-based money launderers,” of which Iossifov was one. All told, the criminals were said to have stolen approximately $7 million from victims based in the U.S.


The feds claim Iossifov played a big role in these schemes, laundering almost $5 million and making a personal profit of $184,000 in the process. His business practices were “designed to both assist fraudsters” and to “shield himself from criminal liability,” the DOJ says. As a result, Iossifov was convicted of “conspiracy to commit a Racketeer Influenced and Corrupt Organizations Act (RICO) offense and conspiracy to commit money laundering.” A total of 17 members of the AOAF crime ring have so far been convicted for their crimes.

This is definitely not the first (or last!) criminal conviction revolving around cryptocurrency. A report from digital asset intelligence firm CipherTrace released last year showed that the shady side of the digital currency economy is booming—with fraud and other related criminal activities on the rise—and just today the President of the European Central Bank, Christine Lagarde, called for global regulation of Bitcoin, condemning its association with “totally reprehensible money laundering activity.”

Hackers Target Covid-19 Vaccine Distribution ‘Cold Chain,’ Though Motives Remain Unknown

A special freezer manufactured by Binder, seen here in Tuttlingen, Germany in November 2020.

Photo: Thomas Kienzle (Getty Images)

Hackers “assumed to be state agents” have been waging a phishing campaign against pharmaceutical firms and other institutions involved in the forthcoming distribution of a vaccine against the novel coronavirus, IBM announced on Thursday.


In a post on Security Intelligence releasing their findings, IBM Security X-Force researchers wrote that “precision targeting of executives and key global organizations hold the potential hallmarks of a nation-state tradecraft,” adding the unknown hackers likely sought to obtain “advanced insight into the purchase and movement of a vaccine that can impact life and the global economy.” The target, according to IBM, appears to be the “cold chain”—a term for the logistics network that allows vaccines and other drugs to be carried from point of manufacture to distribution in temperature-controlled shipping containers. What the attackers hoped to accomplish is unknown, with possible motives ranging from theft of technology to intel that could be used to undermine trust in the vaccine or disrupt distribution.

IBM researchers wrote that the individuals targeted firms in at least six countries and used tactics such as impersonating a Haier Biomedical executive to send spear-phishing emails and targeting the help and support pages of organizations. Many of the targets were linked to international vaccine alliance Gavi’s cold chain program and included European Union bodies key to vaccine distribution, UNICEF, companies that manufacture solar panels used in cold storage, and IT firms that protect pharmaceutical firms:

The targets included the European Commission’s Directorate-General for Taxation and Customs Union, as well as organizations within the energy, manufacturing, website creation and software and internet security solutions sectors. These are global organizations headquartered in Germany, Italy, South Korea, Czech Republic, greater Europe and Taiwan.


The spear-phishing emails sent included malicious HTML files that prompted recipients to enter their login credentials, which would pass them on to the attackers. Pfizer and Moderna, the two pharma firms manufacturing vaccines expected to begin rollout shortly in the U.S., did not appear to be targeted, according to the New York Times. Nor are any other U.S. firms known to be targeted.

The most likely explanation is a nation-state because there is no clear “cash out” for cyber-criminals, the IBM researchers added in the release, other than the possibility that knowledge of vaccine shipping routes and safe storage requirements could be sold as a “hot black-market commodity.” It’s also possible hackers could be interested in using stolen credentials to launch ransomware attacks on computer-controlled shipping containers. According to the Washington Post, it’s not clear whether the hackers were successful at any of their phishing attempts.

“This activity took place in September, which means that someone’s looking to get ahead, looking to be where they need to be at the critical moment,” IBM Security X-Force senior cyber threat analyst Claire Zaboeva told Wired. “… The door is really open. Once you get the keys to the kingdom, and you’re inside the city walls or on the network, there’s a myriad of objectives that you can attain, whether it’s critical information—like timetables and distribution—or disruptive attacks.”

Per the Times, federal officials said the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) will respond to IBM’s alert by notifying agencies involved in Operation Warp Speed, the U.S. effort to develop and distribute a vaccine. CISA coronavirus strategist Josh Corman told the Times there is a need for stepped-up “cybersecurity diligence at each step in the vaccine supply chain” and for institutions “involved in vaccine storage and transport to harden attack surfaces, particularly in cold storage operation.”


Feds Say Cash App, Venmo, and Other Payment Apps Being Used to Launder Stimulus Money

Illustration for article titled Feds Say Cash App, Venmo, and Other Payment Apps Being Used to Launder Stimulus Money

Photo: Patrick Semansky (AP)

The U.S. Secret Service has some 700 pending investigations centering on Paycheck Protection Program and the Unemployment Insurance Relief fraud, CNBC reported on Wednesday, and a large number of them involve money laundering via Cash App, PayPal, Venmo, Zelle, and other payment apps.


Some 80 defendants have been charged with trying to steal $240 million in funds from the Paycheck Protection Program—a $669 billion program established by Congress in its sprawling, $2.2 trillion CARES Act, much of which went to the rich or bailed out corporations . The PPP is intended to hand out loans to small businesses on the promises they won’t fire workers during the novel coronavirus pandemic. Reports have indicated that the program has been poorly administered and susceptible to both fraud and diversion of funds to large employers rather than the intended recipients, with only limited transparency into the process.

“I’ve never seen, in my 28 years’ experience, the amount of fraud that I’ve seen currently,” Roy Dotson, a Secret Service special agent who specializes in fighting financial crime, told CNBC. “And I think that’s just based sheerly on the amount of money the CARES Act allocated into covid-related fraud and stimulus… Just the amount of money, you’re going to have different criminal organizations and individuals, basic scam artists, that are going to try to take advantage of that money.”


Dotson said that payment apps have become one of the key vehicles for fraudsters to shift cash around, evading closer scrutiny by banks—particularly by using “money mules” (drug mules, but for money) to deposit, transfer, and withdraw funds. This might not seem like the best plan given that use of payment apps, like banking, leaves behind an extensive paper trail. Not that some of the alleged schemes the Secret Service says to have discovered are particularly clever. According to the CNBC, authorities have charged one man with a scheme to file for $1.2 million in fraudulent Pandemic Unemployment Assistance benefits—obtaining loaded debit cards they then used at ATMs, stores, or to transfer funds via Cash App. The defendant in question allegedly bragged about stealing unemployment money in a music video.

Fraudsters have also used the pandemic as an opportunity to bilk people desperate for money with scams like a variant of the classic bitcoin fraud scheme—send me $1, I’ll send back $10—according to CNBC. The pandemic has also sped up the growth of payment apps; according to an October analysis by the New York Times, Apptopia data shows that Venmo daily users grew by 26 percent over the prior year year, while app reviews mentioning the words fraud or scam have grown almost four times that rate. Cash App, which grew by 59% over the prior year, had frauds or scams mentioned in reviews at a 165% higher rate.

The Better Business Bureau told the Times it had received twice as many complaints about Cash App than Venmo over the last year—perhaps because it delayed rolling out features like a phone line for customer support, or held a marketing campaign in 2017 that encouraged users to post their payment addresses:

In 2017, Square began a marketing campaign called “Cash App Fridays,” which gives money to Twitter users who post their so-called $Cashtag or username. The campaign, security experts said, provided fraudsters with a phone book of potential victims.

It also led to copycat campaigns, where people claim to work for Cash App and say they will give away a large sum of money if users first send in a smaller sum. One Twitter account, @CashappG, has been online since 2019 with the tagline: “Hi welcome to Cash App give away! Send money and we will send you double back!”


Cash App also supports Bitcoin, which makes it easier to move funds further from the prying eyes of authorities and into a more anonymous setting.

Spokespeople for Cash App, PayPal/Venmo, and Zelle all told CNBC they take fraud seriously and are working on tools to combat it.


A Cash App spokesperson told the network “We are constantly improving systems and controls to help prevent, detect, and report bad activity on the platform,” such as a forthcoming AI-driven system that flags potential scams and warns users via text message. A spokesperson for PayPal and Venmo said the companies “deploy a range of measures to stay ahead of the anticipated increases in online criminal activity, including enhanced transaction monitoring to detect unusual patterns in payments moving through our platforms. We also harness key word tracking, suspicious matter reporting, sanctions and watch list enforcement, and other sophisticated fraud detection models to protect our customers.”

“… We encourage consumers to contact their bank or credit union immediately if they believe they have been a victim of a fraudster or scammer,” a Zelle spokesperson told CNBC. “After the consumer reports the incident, their bank or credit union will partner with Zelle to put protocols in place to stop and shut down any future activity.”


Dentist Gets Two Months in Jail for Treating Patients During Self-Quarantine in Australia

File photo of dental instruments

File photo of dental instruments
Photo: Sean Gallup (Getty Images)

A dentist in Perth, Australia has received two months in jail for treating 41 patients while she was supposed to be in two weeks of mandatory self-quarantine to prevent the spread of covid-19. The judge’s sentence is the harshest covid-related punishment passed down in Australia since the pandemic began earlier this year, with most people receiving fines for infractions.


The dentist, identified by Australia’s ABC News as Natalia Nairn, flew home to the state of Western Australia from the capital city of Canberra back in June. Nairn reportedly left her home on at least seven occasions to visit her dental clinic and saw 41 patients. At least one of those visits occurred after she’d already been visited by police.

Nairn told the judge that she didn’t think she had to self-quarantine because she was “feeling fine,” but the judge, Matthew Walton, called her excuses, “staggeringly naive or at the very least irrelevant.” Nairn eventually pleaded guilty and was sentenced today to seven months in prison, with five months of her sentence suspended, according to ABC News.


The state of Western Australia was the first to set up what it calls a “hard border” with Australia’s other states, requiring any residents returning to the state to self-quarantine for two weeks. Non-residents of the state have been completely forbidden from traveling to Western Australia without a special exemption, such as the need to take care of a loved one.

Australia’s other states have followed Western Australia’s lead, setting up checks for interstate travel within Australia, though those restrictions have changed over the past six months based on which part of the country is currently experiencing an outbreak. The strategy has paid off for Australia, which reported just six cases of coronavirus on Sunday and no deaths.

Australia has identified 27,658 cases and 907 deaths since the pandemic began, a relatively low figure compared to the U.S. and Europe. The state of Victoria saw a huge surge in cases this past July and August and the Premier (Australia’s version of a state governor), enacted a strict lockdown to crush the case curve. Australia also took extra financial steps to make sure people could stay home, including a boost for unemployment benefits, three months of free childcare, and wages for those who’ve been furloughed.

There were complaints and protests in Victoria over the past few months, but the lockdowns worked and most of Australia is starting to return to normal life. In Western Australia, which hasn’t seen a case of community infection since May, life looks pretty much exactly as it did before the pandemic struck, with restaurants and businesses open at full capacity, and sporting events hosting thousands of spectators.


The U.S., by contrast, saw 102,588 new cases yesterday, the largest ever recorded on a Sunday, which is typically lower than other days of the week because of how states report their statistics. The U.S. also saw 462 deaths yesterday.

The U.S. has the highest case count and the worst death toll in the entire world from covid, with over 9.9 million infections and at least 237,000 deaths, according to Johns Hopkins University’s online coronavirus tracker. And things are only going to get worse in the next two months, according to public health experts, as the colder weather pushes more people indoors and large family gatherings become more common during Thanksgiving and Christmas.


“It’s going to spread, but it doesn’t need to spread at the levels and at the velocity that’s going to start to press the health care system, which is what we’re seeing,” former FDA commissioner Scott Gottlieb said on Face the Nation yesterday.

“We’re seeing that in Wisconsin now. It’s building field hospitals. Utah’s building field hospitals. El Paso built their fourth mobile morgue. We now have… we’re going to have a record number of hospitalizations this week,” Gottlieb continued.


“Now, 56,000 people are hospitalized. 11,000 are in the ICU. These are very big numbers nationally, and it’s accelerating very quickly.”

The DOJ Seized Over a Billion Dollars From Silk Road’s Bitcoin Coffers

Illustration for article titled The DOJ Seized Over a Billion Dollars From Silk Roads Bitcoin Coffers

Photo: Spencer Platt / Staff (Getty Images)

A $1 billion transaction that flowed out of a dormant bitcoin wallet allegedly belonging to Silk Road founder Ross Ulbricht made waves in the crypto world this week, causing some to suspect the founder himself was making moves from prison. No such luck, however: It was the Department of Justice seizing the dark market’s gains in a move akin to repossessing a mobster’s (very expensive) yacht.


The wallet, which was associated with the underground drug and weapons market called the Silk Road, sat quiet since 2013. Accessible only with a private key, the money slowly gained in value and as bitcoin hit a high of $15,000 this week, it looks like the DOJ wants to cash out.

“Silk Road was the most notorious online criminal marketplace of its day,” United States Attorney David L. Anderson said in a statement. “The successful prosecution of Silk Road’s founder in 2015 left open a billion-dollar question. Where did the money go? Today’s forfeiture complaint answers this open question at least in part. $1 billion of these criminal proceeds are now in the United States’ possession.”


When Ulbricht went to jail in 2015, the IRS began analyzing inflows and outflows to wallets associated with the Silk Road. Like web addresses, wallets have unique IDs, and while they can’t be traced to any one person they can be analyzed for connections to known wallets. In this case, the $1 billion came from a hacker—called Individual X in a DOJ press releasewho had broken into the Silk Road’s servers and stolen BTC from the site. Individual X allegedly turned the funds over to the DOJ.

“At the time it was taken down in 2013, Silk Road had nearly 13,000 listings for controlled substances and many more listings offering illegal services, such as computer hacking and murder for hire, which generated sales revenue totaling over 9.5 million Bitcoins and commissions from these sales totaling over 600,000 Bitcoins,” wrote the DOJ.

“Criminal proceeds should not remain in the hands of the thieves. Through CI’s expertise in following the money, we were able to track down the illicit funds,” said IRS-CI Special Agent in Charge Kelly R. Jackson.

The BTC is now U.S. property. Looks like Ulbricht, a bold libertarian, finally paid his taxes.


Microsoft Takes Down Massive Botnet Before 2020 Elections

A building on the Microsoft campus in Redmond, Washington in 2014.

A building on the Microsoft campus in Redmond, Washington in 2014.
Photo: Stephen Brashear (Getty Images)

Microsoft has obtained a court order to seize servers the company says are part of the Trickbot botnet ahead of the 2020 elections, the Washington Post reported on Monday.


Microsoft vice president of customer security and trust Tom Burt told the Post the botnet poses a “theoretical but real” threat to election security, as it is known to be run by Russian-speaking criminals and could be used to launch ransomware attacks. Ransomware is a type of malware that hijacks computer networks, and typically holds the data hostage in exchange for some kind of payment—although attackers could just forego the ransom element and permanently lock users out of their own computers. While a ransomware attack on voting machines, election officials, or political campaigns would be unprecedented, gangs of cybercriminals have targeted municipal and state governments, as well as large institutions like hospitals in recent years.

Microsoft wrote in a blog post that observing computers infected by Trickbot allowed it to determine how the compromised devices talked to each other, and attempted to obfuscate those communications. This analysis also netted the company to identify the IP addresses of the command and control servers which distribute and direct Trickbot. 


On Monday, the company obtained a restraining order against eight U.S. service providers, citing Trickbot infringement of Microsoft trademarks. That in turn allowed it to take those IP addresses offline, rendering the estimated 1 million Trickbot-infected devices useless and irrecoverable to those running the botnet. Per the blog post:

As we observed the infected computers connect to and receive instructions from command and control servers, we were able to identify the precise IP addresses of those servers. With this evidence, the court granted approval for Microsoft and our partners to disable the IP addresses, render the content stored on the command and control servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers.

Trickbot itself isn’t a strain of ransomware—it’s a trojan that hijacks web browsers to steal login credentials, and is often used to target banks— it can be used to deliver ransomware such as Ryuk, which infamously targeted hospital systems in Alabama. Cybersecurity firm Kapersky estimated Ryuk and other ransomware variants were used in at least 174 attacks on municipal institutions in 2019.

Microsoft wasn’t concerned the botnet could be used to modify actual election results but that an attack on voter registration systems, tablets used by poll workers, or result-reporting systems could be used to disrupt the election and fuel efforts to undermine its legitimacy, the Post wrote.


The tech giant has “quietly” racked up support from authorities in numerous countries for its Digital Crimes Unit to spearhead anti-botnet efforts, the New York Times reported earlier this year. As of March 2020, Microsoft had taken down 18 cybercrime operations in the past decade, including simultaneously freezing or seizing control of some six million domains which were used by the Russia-based Necurs group to send fraudulent emails, support stock market scams, and spread ransomware. According to Bloomberg, the Trickbot takeover was “highly coordinated” and required the assistance of telecom providers in several countries. The company was also joined in the suit by the Financial Services Information Sharing and Analysis Center, which represents thousands of banks, some of which have been targeted by Trickbot.

Last week, the Post separately reported that four sources had confirmed U.S. Cyber Command was launching its own operations to take disrupt the Trickbot network at least temporarily. On Sept. 22 and Oct. 1, cybersecurity experts noticed Trickbot’s command and control servers had apparently been hacked to send out termination commands to infected machines, though in both cases the operators of the botnet were able to regain control of the situation.


Brett Callow, a spokesperson for security firm Emsisoft, told Bloomberg the Trickbot network was associated with at least two major Eastern European or Russian groups: the operators of Ryuk (who have earned the moniker Wizard Spider), and those of a newer variant called Conti that may itself be an offshoot or successor to the Ryuk group. Crowdstrike believes Wizard Spider is a criminal gang motivated by money rather than a nation state-backed group.

Microsoft wrote in its blog post that the operators of the Trickbot network remain unknown, but “research suggests they serve both nation-states and criminal networks for a variety of objectives” on a mercenary “malware-as-a-service” basis. Tom Kellermann, chief of cybersecurity strategy at VMWare and a member of an advisory board to the Secret Service, told the Times the Russian government maintains a “pax mafiosa” with cybercrime gangs in which it looks the other way in order to leverage them for its own purposes.


“It’s a highway out there that is used only by criminals,” Amy Hogan-Burney, a former FBI lawyer turned chief manager of Microsoft’s Digital Crimes Unit, told the New York Times. “And the idea that we would allow those to keep existing makes no sense. We have to dismantle the infrastructure… We’ve cut off their arms, for a while.”

QAnon-Obsessed CBP Officer Arrested After Sending ‘Numerous’ Threats to Superior

Illustration for article titled QAnon-Obsessed CBP Officer Arrested After Sending Numerous Threats to Superior

Photo: Chris Hondros (Getty Images)

An agent for Customs and Border Protection in New Jersey, Alberto Almeida, was arrested and is facing charges after he allegedly sent threatening messages accusing a senior CBP official of child trafficking and calling for his extrajudicial execution, the Daily Beast reported on Wednesday.

According to a criminal complaint filed by a special agent with CBP’s misconduct department, Almeida sent “numerous” texts and social media posts threatening Edward Fox, the CBP assistant port director for Newark, New Jersey, including a Facebook status update in which he threatened violence and called him a “treasonous pedophile”:

Attention CBP Assistant Port Director Ed Fox in Newark: The next time I come to Newark Airport I am bringing Donald Trump and the U.S. Military down on your f****** head for your involvement in Hillary/Maxwell/Epstein’s child trafficking ring and 9/11. You f****** treasonous pedophile. Trump takes down Hillary, JFK JR (US MILITARY) takes down the Mossad, and I take you down b****, that’s how this worked. Tick Tock. #WWG1WGA”


While the accusation of involvement in “Hillary/Maxwell/Epstein’s child trafficking ring” is fairly straightforward, the JFK Jr. shoutout refers to a more obscure belief within QAnon circles that John F. Kennedy’s son faked his death in a 1999 plane crash and is now a secret agent and/or a man named Vincent Fusca. It’s not clear just how Almeida thinks Fox was involved in the Sept. 11, 2001 terror attacks, but ambiguity is part and parcel of the QAnon machine. Q’s posts are vague and unfalsifiable, increasing its appeal to a broad variety of conspiratorial groups ranging from the Flat Earth and antivax movements to hardcore anti-Semites and racists.

QAnon is less a specific conspiracy theory than a sprawling, big-tent disinformation effort chipping away at the foundations of social institutions and democracy. At the core is “Q,” an anonymous person or persons who have posted to message boards like 4chan, 8chan, and 8kun claiming to have high-level insider knowledge that a sprawling cabal of child-raping, Satan-worshiping cannibalistic elites in Hollywood, the Democratic Party, and the “deep state” is running a global trafficking ring—and that none other than Donald J. Trump is at the helm of a classified effort to wipe them out in a brutal, fascistic crackdown (“the storm”) that will usher in an era of authoritarian governance. This is held to be a good thing. Numerous QAnon adherents have been arrested for crimes ranging from a standoff at Hoover Dam to the murder of a Mafia boss.


QAnon spread like wildfire on social networks like Facebook in recent years—
it’s even gone international—and though the number of adherents is unknown, affiliated accounts have racked up millions of Facebook and Instagram followers. It’s also the future of the Republican Party. As it implicitly posits the president as a sort of godhead, the White House has tacitly encouraged its growth and Republicans have done virtually nothing to stop it. A September 2020 Pew Research Center survey found that 41 percent of respondents who were Republican or leaning Republican think QAnon is either a “somewhat good” or “very good” thing for the country. Dozens of candidates in elections across the country, including GOP donor-backed Georgia congressional candidate Marjorie Taylor Greene, have expressed their support for QAnon.

Almeida is now out on $50,000 bond, the Daily Beast reported, and faces a single charge of threatening a law enforcement officer that could carry up to a ten year prison sentence; he will next be in court on Oct. 20. His attorney, David Jay Glassman, didn’t respond to the site’s request for comment.


Because the Q phenomenon implicitly centers around , its adoption by authorities who exercise the state’s monopoly on violence is particularly alarming. This is the first time a federal officer has been charged with a crime relating to QAnon, according to the Daily Beast. The Trump administration has treated CBP with particular favor, bolstering its numbers and employing it to increasingly militarize the U.S. border with Mexico. The White House has also dispatched CBP tactical teams to personally beat down protesters against police racism and brutality in cities like Portland. New recruits to CBP reportedly aren’t given psychological evaluations or assessments.

The agency has a long record of lawlessness. Criminal arrests of CBP and Border Patrol officers surged in 2017 and 2018, and CBP has sought to destroy records of misconduct and stonewall accountability reforms.


Open QAnon support seems to be somewhat more visible among local police departments across the country, judging from several officers (as well as the head of the New York Police Department sergeants union) who have publicly indicated they’re part of the movement.

“U.S. Customs and Border Protection takes all allegations of employee misconduct seriously, but none more so than alleged threats to members of the public or other CBP employees,” an agency spokesperson told the Daily Beast in a statement. “As shown in the criminal complaint filed with the U.S. District Court for the District of New Jersey, the allegations against CBP [officer] Almeida are being investigated by the CBP Office of Professional Responsibility. CBP does not comment on ongoing investigations or pending litigation.”