IELR Blog

Official Blog of the International Enforcement Law Reporter

Cryptocurrency Creates Potential Opportunity for both Ransomware Attacks and Agency Seizures

by Leave a Comment

By Austin Max Scherer[1]

On June 7, the Justice Department seized much of the ransom that a major U.S. pipeline operator had paid last month to a Russian hacking collective.[2]  This resulted from investigators tracing more than 75 Bitcoins worth as the money moved through a “maze” of at least 23 different electronic accounts belonging to DarkSide, the hacking group.[3]  DarkSide operated by providing ransomware to affiliates.  Iin exchange, DarkSide reaped a cut of the affiliates’ profits.[4]  DarkSide began as an affiliate for another Russian hacking group called REvil, the group that recently used ransomware to try to extort money from JBS, one of the world’s largest meat processors.[5]  Law enforcers viewed this seizure as a warning to cybercriminals that the United States would go after the hackers’ profits, which typically derive from cryptocurrencies.[6]  In addition, law enforcement now hope this recent action will encourage victims of ransomware attacks to notify the authorities to help recover ransoms.[7]  The Federal Bureau of Investigation (FBI) actively discourages ransom payments; however, ransom payments are still legal and they are even tax deductible![8]

Seizure of Ransom Payments

Law enforcement  has found a breakthrough due to the fact that, “bitcoin transactions are available on a publicly distributed ledger, in many cases law enforcement can trace bitcoin payments and track stolen funds.”[9]  Furthermore, the FBI was able to obtain the private key for the hackers’ accounts, the key essentially serves as a password which enabled the FBI to move bitcoin out of the wallet.[10]  The seizure itself yielded $2.3 million worth of bitcoin.[11]  The Special Prosecutions Section and Asset Forfeiture Unit of the U.S. Attorney’s Office for the Northern District of California  is handling the seizure, with significant assistance from the Department of Justice Criminal Division’s Money Laundering and Asset Recovery Section and Computer Crime and Intellectual Property Section.[12]  The task force stated they would prioritize the disruption, investigation, and prosecution of ransomware and digital extortion.[13]  Conversely, the ransomware attacks are generally unsophisticated.[14]  “Hackers often use phishing and send employees emails containing suspicious links or attachments.”[15]

This coincided with President Biden’s first foreign trip, as he is expected to discuss the issue with Russian President Vladimir Putin.[16]  Senior Biden administration officials deemed ransomware, as a national threat.  Secretary of State, Antony Blinken stated the following, “states cannot be in the business of harboring those who are engaged in these kinds of attacks.”[17]  FBI Director Christopher Wray further emphasized this complaint by stating, “if the Russian government wants to show that it’s serious about the issue, there’s a lot of room for them to demonstrate some real progress that we’re not seeing.”[18] Antony Blinken and Christopher Wray’s concerns are supported by the fact that, according to Chainalysis, a firm that tracks cryptocurrency payments, victims paid at least $412 million in cyber ransom attacks last year.[19]

Biden Administration Responses

In response to the series of ransomware incidents, the Biden administration, “announced that it would require pipeline companies to report significant cyberattacks that the government would create 24 hour emergency centers to handle serious hackings.”[20]  However, even these efforts may not be enough as the FBI emphasized that all government agencies, private sectors, and, “even the average American.”[21]  It would be quite the optimistic approach for the government to believe that all players in the cryptocurrency world will partake in dismantling these ransomware attacks, so a wait and see approach is best suited for now.

Several government officials have called for action against the ransomware attackers and the foreign states that harbor these attackers.  Senator Mark Warner stated the following, “We must make clear to Russia-and any other adversaries-that they will face consequences for this and any other malicious cyberactivity.”[22]  In addition, Microsoft reported, “the goal of the hackers was not to go after the aid agency itself, instead, its motivation appeared to be to use emails purporting to be from the U.S. government to get inside groups that have revealed Russian disinformation campaigns, anti-corruption groups and those who have protested the poisoning, conviction and jailing of Russia’s best-known opposition leader, Alexie A. Navalny.”[23]  Furthermore,  government officials have taken the position that the U.S. response to SolarWinds, a software supply, should have been harsher.   The question then becomes, how does the U.S. implement a harsher response, and with sanctions applied to Russia already substantial, how much of a role can sanction play?  One answer is that to be effective, sanctions must be multilateral and well-coordinated.  The last four years the U.S. has not coordinated its sanctions. President Biden’s trip to Europe should provide some insight to these inquiries.  Another response to ransomware attacks and cybercrimes has been prosecution of the perpetrators.

The current issue of the IELR will have a more comprehensive discussion of the ransomware attacks, the seizure, and implications.

 

 

[1] Rising third year law student, Washington College of Law, American University; M.S., Finance, American Univ; B.A., George Washington Univ.

[2] Katie Benner and Nicole Perlroth, Seizing Money, U.S. Retaliates For Cybercrime, N.Y. Times, Jun. 8, 2021, at A1.

[3] Id.

[4] Id.

[5] Id.

[6] Id.

[7] Id.

[8] Id.

[9] Sadie Gurman, David Uberti, and Dustin Volz, Pipeline Ransom Money Seized By U.S., Wall St. J., Jun. 6, 2021, at A1.

[10] Ellen Nakashima, Authorities recover about $2 million paid in ransom to pipeline hackers, Wash. Post, Jun. 8, 2021, at A18.

[11] Id.

[12] For Immediate Release: Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside, Dept. of Justice, Jun. 7, 2021, https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside (last visited Jun. 10, 2021).

[13] Id.

[14] Rachel Lerman, Meat supplier JBS paid $11 million in ransom after hackers targeted plants, Wash. Post, Jun. 10, 2021, at A22.

[15] Id.

[16] Nakashima, supra note 10.

[17] Benner and Perlroth, supra note 2.

[18] Id.

[19] Nakashima, supra note 10.

[20] Benner and Perlroth, supra note 2.

[21] Id.

[22] Nicole Perlroth and David E. Sanger, Calls for Action Against Russia for Cyberattack, N.Y. Times, May. 29, 2021, at A1.

[23] Id.

ANOM: A global covert investigation conducted through an encrypted app trap

by Leave a Comment

Sara Kaufman[1]

On June 8, 2021, the Federal Bureau of Investigation (FBI) and Australia’s Federal Police (AFP) publicly announced the arrests of more than 800 individuals utilizing a FBI-controlled encrypted platform to facilitate their criminal activities.[2]  ANOM, a highly popular encryption platform amongst criminals worldwide, was secretly used as a surveillance tool in an investigation known as “Operation Trojan Shield” in order to discreetly observe and curtail the criminal activities in Australia and beyond.[3]

As technology has grown over the years, criminals have utilized hardened encrypted devices as a tool to obstruct any federal investigations against them.  Encrypted devices are tools that both send and retrieve encrypted electronic communications, allowing criminals to openly discuss their activities with confidence that their contents will remain secure.[4]  For many years, contents in encrypted devices did in fact remain secure; communication was often limited to a self-selected group of individuals using the same encryption platform.  Law enforcement agents therefore would be unable to collect evidence regarding the conversations that criminals were having on their encrypted devices.

Companies that provided these encrypted devices were generally aware that their target audience is utilizing their products for criminal activity; in March 2018, the CEO of Phantom Secure, Vincent Ramos, and four other principals of the company were indicted for aiding and abetting the distribution of cocaine.  During his plea hearing in October 2018, Ramos admitted that Phantom Secure laundered drug trafficking proceeds, as well as aided and abetted the importation, exportation, and distribution of illegal substances across international borders.[5]  Phantom Secure was not the first, nor would it be the last, of the many encrypted devices to appear on the black market to plan and executive criminal activity.

 

Operation Trojan Shield

While the FBI previously dismantled hardened encryption companies utilized amongst criminals to communicate – such as Phantom Secure – new platforms would emerge as substitutes for their predecessors.  In “Operation Trojan Shield,” various European law enforcement agencies, the FBI and AFP collaborated with a confidential source to construct, market, and upkeep the next encrypted communication platform to arise on the black market.[6]

The devices themselves were encrypted but the FBI, AFP, and the confidential source collaborated to build a master key into the existing encryption system.[7]  This allowed law enforcement to decrypt and store messages as they were transmitted.  For devices located outside of the U.S., an encrypted “BCC” of each sent message is routed to an “iBot” server located outside of the U.S.  The message is then decrypted with the master key and then immediately re-encrypted with the FBI encryption code.  The newly encrypted message is then passed to a second FBI-owned iBot server to be decrypted for viewing within the U.S.[8]  Given the high level of technical care and expertise needed to set up this master key process, the collaboration between the FBI, AFP, confidant, and other European law enforcement agencies was needed to ensure that ANOM could be launched effectively and discreetly within criminal networks.

ANOM could only be used on devices sold within the black market and were stripped of the ability to make calls or send emails.  In order to get a hold of an ANOM-encrypted device, each criminal had to be green-lighted by another criminal who was already using the software.[9]  Each ANOM user was identified by a Jabber Identification – similar to a smartphone PIN – was chosen by each user to identify themselves as opposed to using their real names.[10]  The high level of exclusivity and security behind ANOM increased the confidence that users that their communications would remain private.

Results of the investigation

As high-profile criminals such as Hakan Ayik praised ANOM and encouraged its use to their associates, thousands of criminals worldwide began utilizing ANOM devices to openly discuss their activities.  Between October 2019 and May 2021, a total of 11,800 ANOM devices were registered in over 90 countries, with the highest number of users based in Germany, the Netherlands, Spain, Australia, and Serbia.[11]

Considering the strong reputation that ANOM had amongst criminals, plans to import, export, or distribute drugs were sent between encrypted devices without the use of coded language.[12]  Text messages shown in a search warrant affidavit filed May 18, 2021, display open conversation regarding cocaine hidden in French diplomatic packages or underneath layers of bananas in shipping trucks.[13]

Through the surveillance of ANOM users, law enforcement agencies from the U.S., Australia, and the European Union were able to seize numerous tons of drugs and millions of dollars in cash.[14]  Australian police officers also claim to have acted on 20 “threats to kill,” thereby protecting many innocent civilians who may have otherwise lost their lives.[15]

Although the criminals that utilized ANOM encrypted devices strongly advocated for their high level of security, this could not be further from the truth.  The review of messages sent on ANOM devices has opened numerous high-level public corruption cases internationally, as well as investigations of distributors for money laundering, international drug trafficking, and obstruction of justice.[16]

While new encrypted platforms used to emerge once their predecessors were taken down by the FBI, Operation Trojan Shield severely damages the trusted foundation of encrypted devices for communications amongst criminal actors.  Though the use of new technology such as encryption devices has allowed discreet criminal activity to go undetected, law enforcement across the globe has proven that, with joint efforts, they can utilize the same tools for their benefit.

The current issue of the IELR will have a more comprehensive discussion of the law enforcement initiative and its implications.

[1] Legal assistant, Berliner Corcoran & Rowe LLP; B.A., Amherst College.

[2] Rachel Pannett and Michael Birnbaum, FBI-controlled ANOM app ensnares scores of alleged criminals in global police sting, The Washington Post, June 7, 2021, https://www.washingtonpost.com/world/2021/06/08/fbi-app-arrests-australia-crime.

[3] Cheviron Aff. ¶ 14, May 18, 2021. https://www.justice.gov/usao-sdca/press-release/file/1402426/download.

[4] Cheviron Aff. ¶ 9, supra.

[5] Cheviron Aff. ¶ 10, supra.

[6] Ben Westcott, For years, the underworld thought its phones were safe. They fell for an encrypted app trap, CNN, June 9, 2021, https://www.cnn.com/2021/06/08/australia/afp-fbi-ANOM-app-operation-ironside/index.html.

[7] Cheviron Aff. ¶ 13, supra.

[8] Id.

[9] Ben Westcott, supra.

[10] Cheviron Aff. ¶ 14, supra.

[11] Cheviron Aff. ¶ 19, supra.

[12] Cheviron Aff. ¶ 29, supra.

[13] Cheviron Aff. ¶ 14, supra.

[14] Ben Westcott, supra.

[15] ANOM: Hundreds arrested in massive global crime sting using messaging app, BBC.COM, June 8, 2021, https://www.bbc.com/news/world-57394831.

[16] Cheviron Aff. ¶ 20, supra.

Italian Police Arrest Suspected Black Axe Members

by Leave a Comment

On April 26, 2021, Italian police targeted the Nigerian Black Axe mafia and arrested 30  suspected members for operating the mafia syndicate. The members have been charged with people and drug trafficking, mafia association, prostitution, and cyber fraud and face about 100 other charges.

Police alleged that most of their crimes occurred online. The suspects allegedly used Bitcoin cryptocurrency on the dark web to duplicate credit cards and used them to make purchases.

According to Reuters’ reporting, the police arrested the suspected leader of the mafia, a 35-year-old man living in the central Abruzzo region. The police did not release his name.

The police targeted these individuals because evidence shows that the members “had a direct connection with the Nigerian gang, drawing on the same vocabulary, symbols and affiliation rituals,” police said.

The arrests come as a part of an anti-corruption operation in southern Italy to target mafia members and organized crime families.

The Black Axe is a secret society that emerged in 1970 to liberate the black race and create a new Black Movement. Over time, the Black Axe diverted from their political ideology to being accused of carrying out violent attacks. They have been dubbed “mafia” due to their organizational structure, use of code words, establishment of a weapon of choice, and having a representative color. Members are offered protection from potential violent attacks from other gangs.

The Nigerian government has banned these secret societies and has continued to arrest members; nevertheless, they continue to operate.

The current issue of the IELR will have a more comprehensive discussion of the arrest and the developments concerning the Black Axe.

 

 

FinCEN Starts Beneficial Ownership Regulation Comment Period and Announces Staff Changes

by Leave a Comment

On April 1, 2021, the Financial Crimes Enforcement Network (FinCEN) issued an Advance Notice of Proposed Rulemaking (ANPRM) to request public comment on a wide range of questions related to the implementation of the beneficial ownership information reporting provisions of the Corporate Transparency Act (CTA).

Advance Notice of Proposed Rulemaking

This ANPRM is the first in a series of regulatory actions that FinCEN will undertake to implement the CTA, which is included within the Anti-Money Laundering Act of 2020 (AML Act).  The AML Act is part of the FY 2021 National Defense Authorization Act, which became law on January 1, 2021.

The CTA amended the Bank Secrecy Act.  The CTA requires corporations, limited liability companies, and similar entities to report certain information about their beneficial owners (the individual natural persons who ultimately own or control the companies).  This new reporting requirement will enhance the national security of the United States by making it more difficult for malign actors to exploit opaque legal structures to launder money, finance terrorism, proliferate weapons of mass destruction, traffic humans and drugs, and commit serious tax fraud and other crimes that harm the American people.

Pursuant to the CTA, FinCEN  must  maintain the reported beneficial ownership information in a confidential, secure, and non-public database.  In addition, the CTA authorizes FinCEN to disclose beneficial ownership information subject to appropriate protocols and for specific purposes to several categories of recipients, such as federal law enforcement. Under the CTA, FinCEN must revise existing financial institution customer due diligence regulations concerning beneficial ownership to take into account the new direct reporting of beneficial ownership information.

FinCEN encourages all interested parties, particularly those that would be affected by the beneficial ownership information reporting provisions or would seek access to reported beneficial ownership information, to submit written comments.  The comments can come from interested persons outside the U.S.   Such written comments will help inform FinCEN’s implementation of all aspects of the beneficial ownership reporting rulemaking.

Comments should be submitted by May 5, 2021.

This ANPRM seeks comment on FinCEN’s implementation of certain provisions in Section 6403 of the CTA. Section 6403 requires reporting companies (corporations, limited liability companies (LLCs), and similar entities, subject to certain statutory exemptions) to submit to FinCEN specified information on their beneficial owners—the individual natural persons who own or control them—as well as specified information about the persons who form or register those reporting companies. Section 6403 further requires FinCEN to maintain this information in a confidential, secure, and non-public database, and it authorizes FinCEN to disclose the information to certain government agencies for certain purposes specified in the CTA, and to financial institutions to assist in meeting their customer due diligence obligations. In both cases, these disclosures are subject to appropriate protocols to protect confidentiality. This ANPRM seeks comment on numerous questions as FinCEN begins to develop proposed regulations implementing these provisions.

While only the regulations implementing the reporting requirements must be promulgated by January 1, 2022, with an effective date to be determined. FinCEN also requests comment on its implementation of the related database maintenance use and disclosure provisions. Section 6403 requires that the final rule on customer due diligence requirements for financial institutions be revised will be the subject of a separate rulemaking, about which the public will receive notice and opportunity to comment.

Staff Changes

Today, FinCEN announced a change in staff. Director Kenneth A. Blanco announced he will depart FinCEN on April 9, after serving as the organization’s director since December 2017. Michael Mosier, former FinCEN Deputy Director and current Counselor to the Deputy Secretary of the Treasury, will return to FinCEN as Acting Director. AnnaLou Tirol, former Associate Director of FinCEN’s Strategic Operations Division, is serving as FinCEN Deputy Director.

Mr. Mosier most recently served as Counselor to the Deputy Secretary of the Treasury, a role he assumed last month after serving as FinCEN’s Deputy Director and first Digital Innovation Officer. Mr. Mosier previously worked at the cryptocurrency analytics, compliance, and investigations firm Chainalysis, where he was Chief Technical Counsel. Prior to FinCEN and Chainalysis, Mr. Mosier was an Associate Director at Treasury’s Office of Foreign Assets Control. Mr. Mosier has also served as a Deputy Chief in the Department of Justice’s (DOJ’s) Money Laundering & Asset Recovery Section. He also served a tour at the White House National Security Council as Director for Transnational Organized Crime. Mr. Mosier began his public service as a prosecutor with the Manhattan District Attorney’s Office, and has served as an Adjunct Professor of Law at Georgetown University Law Center. He previously worked at a law firm representing technology, media, and financial services clients.

Ms. Tirol is now serving as Deputy Director. In this capacity, she assists in overseeing FinCEN’s wide-ranging work to enhance the national security of the United States. Ms. Tirol joined FinCEN in September 2019, serving as Associate Director of the Strategic Operations Division, where she worked extensively to promote FinCEN’s strategic partnerships with government and private industry stakeholders, both domestically and internationally. Ms. Tirol came to FinCEN after overseeing DOJ’s Public Integrity Section prosecuting public corruption matters. She began her public service as an Assistant U.S. Attorney in San Diego, and has served overseas tours for DOJ in Belgrade, Serbia, focusing on anti-corruption issues, and in Panama City, Panama, focusing on anti-money laundering and countering the financing of terrorism. Ms. Tirol is an Adjunct Professor of Law at Georgetown University Law Center.

Director Ken Blanco will depart on April 9th to Citi to lead Financial Crimes Compliance

 

 

FATF Starts New Project to Study and Mitigate the Unintended Consequences from Incorrect Implementation of Standards and Announces More Jurisdictions on its Black and Grey Lists

by Leave a Comment

On March 17, 2021, the Financial Action Task Force announced the start of a new project “to study and mitigate the unintended consequences resulting from the incorrect implementation of the FATF Standards.

Mitigation Project

The project started in February 2021 and will examine the following four areas

  • “De-risking, or the loss or limitation of access to financial services. This practice has affected non-profit organizations (NPOs), money value transfer service providers, and correspondent banking relationships, in particular;
  • Financial exclusion, a phenomenon whereby individuals are excluded from the formal financial system and denied access to basic financial services;
  • Suppression of NPOs or the NPO sector as a wholethrough non-implementation of the FATF’s risk-based approach;
  • Threats to fundamental human rightsstemming from the misuse of the FATF Standards or AML/CFT assessment processes to enact, justify, or implement laws, which may violate rights such as due process or the right to a fair trial.”

The FATF will conduct the project in two phases:

Phase One: research and engagement. The project will analyze these unintended consequences resulting from the misuse of the FATF’s Standards on preventing and combating money laundering and the financing of terrorism. This work will rely on the knowledge and experiences of members of the FATF’s Global Network of 205 jurisdictions, its observers, and outside stakeholders.

Phase Two: solutions. The second phase will develop options the FATF could consider to prevent and mitigate these unintended consequences.

According the announcement, the FATF welcomes input to inform this project, including scholarly research; industry and civil society perspectives; and documented instances of unintended consequences. Information may be sent to pscf@fatf-gafi.org.

The announcement states the project is an opportunity to study trends and propose solutions. Any information provided to the FATF Secretariat will be shared with the project team and the source will be identified.

New Lists of High-Risk Jurisdictions and Jurisdictions in Need of Increased Monitoring

On February 25, 2021, the FATF announced its list of High-Risk Jurisdictions (also commonly referred to as its “blacklist”) subject to a Call for Action (Iran and North Korea) and jurisdictions in need of increased monitoring (commonly referred to as its “grey list”).  The list has the following jurisdictions: Albania, Barbados, Botswana, Burkina Faso, Cambodia, Cayman Islands, Ghana, Jamaica, Mauritius, Morocco, Myanmar, Nicaragua, Pakistan, Panama, Senegal, Syria, Uganda, Yemen, and Zimbabwe.

One of the problems with the list of high-risk jurisdictions is that they’ve been on the list now for many years and they are also on international and national sanctions list.  As a result, many banks and financial institutions will not process transactions, even ones that are for genuine humanitarian purposes due to the risk of large penalties.

Another practical problem is that jurisdictions on either list tend to also land on the European Union list of high-risk jurisdictions for money laundering (commonly referred to as its AML/CFT blacklist).

Although the FATF does not mandate the application of enhanced due diligence measures for jurisdictions under increased monitoring, it encourages member jurisdictions to take the listing into account when undertake their risk analysis. The measures to be applied will vary, but may result in: (a) a requirement to perform more comprehensive due diligence on the customer’s source of funds and source of wealth and/ or (b) increased internal controls on business acceptance and ongoing monitoring.

Practically speaking, regulators around the world take into account the listing as do the electronic databases used by financial institutions and intermediaries when they are on-boarding and reviewing clients for customer due diligence.  As a result, banks and financial institutions from the metropole tend to limit or terminate correspondent bank relationships (de-risking) and withdraw from having branches or subsidiaries in the jurisdictions, especially because the listed jurisdictions tend to be small jurisdictions.  The result is that persons and businesses in these jurisdictions increase higher costs to bank, especially internationally.  Ultimately, the listings lead to financial exclusion of the small jurisdictions and their inhabitants, even though many already experience a high degree of lack of access to formal financial markets.

The current issue of the IELR will have a more comprehensive discussion of the issues raised in this post.

ABA CJS Int’l Crim. Law Comite Speakers Will Discuss Developments in Int’l Law Enforcement, Esp. the Impact of COVID and US Sanctions on the ICC

by Leave a Comment

International Committee Mid-Year Double Header: (1) The Impact of COVID-19 on International Law Enforcement and (2) American Sanctions Relating to the International Criminal Court

At the CJS Committee on International Criminal Law Mid-Year meeting on Saturday, Feb. 20, 2021 from 3:45-515, there will be two short presentations.

Judith Friedman, a Senior Trial Attorney with the Criminal Division’s Office of International Affairs and winner of Norm Maleng Minister of Justice Award in 2020, will discuss Developments in International Law Enforcement, especially the impact of the Coronavirus”.

Kristin Smith, Esq., director of the Atrocity Crimes Initiative and Staff Attorney with ABA CJS, will discuss the US sanctions on the ICC and summarize the litigation (two cases: the OSJI v. Trump and the just filed Sadat v. Trump), as well as relevant ABA/ ICC Project activities and statements.

Below please find the ZOOM LINK for the International committee meeting: Saturday, February 20th  at 3:45 PM-5:15 PM Eastern Time.

Topic: International Committee Meeting (Please see attached for agenda)

Time: Feb 20, 2021 3:45 PM Eastern Time (US and Canada)

https://americanbar.zoom.us/j/98072937375?pwd=c2dTR2JudDF1OXNkS3FoV1NsUmF0UT09

Meeting ID: 980 7293 7375

Passcode: 422275

Also on the agenda are the following:

  1. Prior meeting – substantive presentation
  2. Committee Newsletter
  3. past issue
  4. new issue – call for contributions of articles and news
  5. Potential issues for programs
  6. international aspects of the Anti-Money Laundering Act of 2020
  7. decision of SDNY of Jan. 4 of US Dist. Court Judge Katherine Polk Failla, enjoining US sanctions against persons associated with the ICC
  8. Annual ABA Convention: potential program on extradition
  9. Other substantive developments and policy issues

The meeting is open to non-Committee members.

 

 

French Donor Contributes More than $500k to U.S. Alt-Right before Capitol Assault

by Leave a Comment

In December 2020, approximately one month before the assault on the U.S. capitol, Laurent B., a French national, transferred the equivalent of € 400,000 to alt-right groups in the United States, illustrating the transnational component of U.S. domestic terrorism.[1]

The Financing

On December 8, 2020, Laurent B, a French computer scientist, transferred € 260,000 from his Bitcoin account to far-right activist and Internet personality Nick Fuentes, who was photographed on January 6, on the steps leading to the U.S. Senate, where he claims not to enter.  Fuentes is a homophobic, anti-Semitic, white supremacist.[2]

Chainalysis has also traced transfers by Laurent B of € 20,000 to Patrick Casey, a leader of the U.S. supremacist movement Identity Evropa.  On November 2020, it was dissolved. [3]

At the start of December 2020, Laurent B. transferred € 410,000 to about fifteen groups and activists of the alt-right, as well as a few online services, including the ultra-right social network Gab.[4]

Laurent B. financed his donation wallet with cryptocurrency from a French exchange, which he moved to the donation wallet through “Extremist Legacy Wallet.”[5]

On December 9, 2020, Laurent B. committed suicide, shortly after making the transfers.  Before his death he posted on his personal blog, explaining his donations.  He talked of the suffering of an illness and the “decadence of Western civilization.”

Analysis

The reports of the donations show that in a global world domestic extremism necessarily has links to international networks and financing.  The reports also indicate that the January 6 attack was well organized and funded.

The reports indicate the apparent use of cryptocurrency to make transnational funding of terrorist groups.  In the last month the Financial Crimes Enforcement Network of the U.S. Treasury (FinCEN) has increased regulations on transferring cryptocurrency and reporting cryptocurrency on Foreign Bank Reports.[6]

The reports of the transnational funding of U.S. domestic terrorist groups require the U.S. to quickly develop the counter-terrorism financial enforcement developed after the 9/11 attacks, targeting foreign terrorist groups.  U.S. law enforcement will need to redeploy some of these same mechanisms.  They include designated terrorist groups and individuals, freezing assets, putting domestic terrorists on the “no fly” list, increasing public-private cooperation, and increasing terrorist financing intelligence.[7]

The current issue of the IELR will have a more comprehensive discussion of these developments.

[1]    Damien Leloup, The mysterious gifts of a French computer scientist to American neo-Nazis (Les mystérieux dons d’un informaticien français à des néonazis américains), Le Monde, Jan. 15, 2021.

[2]    Id.

[3]    Id.  For the Chainalysis account, see Chainalysis Team, Alt-Right Groups and Personalities Involved In Last Week’s Capitol Riot Received Over $500K In Bitcoin From French Donor One Month Prior, Jan. 14, 2021 https://blog.chainalysis.com/reports/capitol-riot-bitcoin-donation-alt-right-domestic-extremism.

[4]    Leloup, supra.

[5]    Chainalysis Team, supra.

[6]    Bruce Zagaris, FinCEN Will Require Persons to Report Virtual Currency as Part of Foreign Bank and Financial Accounts and Will Require Recordkeeping for Transfers into Crypto Wallets, 37 Int’l Enforcement L. Rep. __ (Jan. 2021).

[7]    For background on the actions taken by the George W. Bush Administration on terrorist financing regulation and enforcement, see Jimmy Gurule, Unfunding Terror: The Legal Response to the Financing of Global Terrorism (2008).  Gurule was the former Undersecretary (Enforcement) in the U.S. Department of the Treasury  (2001-2003).

FinCEN Will Require Persons to Report Virtual Currency as Part of Foreign Bank and Financial Accounts and Will Require Recordkeeping for Transfers into Crypto Wallets

by Leave a Comment

FinCEN is moving rapidly for reporting crypto currency and assets.

Reporting Virtual Currency on FBARs

On December 31, 2020, the Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) in a notice stated it intends to propose to amend the regulations implementing the Bank Secrecy Act (BSA) regarding reports of foreign financial accounts (FBAR)  on IRS FinCEN Form 114 to include virtual currency as a type of reportable account under 31 C.F.R. § 1010.350.

At present, FBAR regulations do not define a foreign account holding virtual currency as a type of reportable account.[1]  As a result, a person with a foreign account holding virtual currency need not report such as holding on the FBAR unless it is a reportable account under 31 C.F.R. § 1010.350 because it holds reportable assets in addition to virtual  currency.

It remains to be seen how virtual currency will be reported on the FBAR.  Because FBAR penalties may be as high as 50 percent of an account’s highest balance per violation, the stakes are high.

Meanwhile, the Internal Revenue Service 2019 Form 1040 Schedule 1 added a question, inquiring whether taxpayers received, sold, sent, exchanged, or acquired a financial interest in virtual currency.  The recordkeeping for tax purposes alone on virtual currency is very challenging.

On December 31, 2020, the IRS issued draft instructions  on what constitutes reportable virtual currency transactions.  The instructions provide more guidance than did the previous version released October 23, 2020.  However, many tax attorneys have criticized the new guidance.[2]

Recordkeeping on Crypto Wallets

FinCEN will propose to amend the regulations implementing the Bank Secrecy Act (BSA) concerning reports of  foreign financial accounts (FBAR) to include virtual currency as a type of reportable account under 31 CFR 1010.350.

On December 23, 2020,  FinCEN issued a notice of proposed rulemaking requesting public comments on a proposal to require banks and money service businesses (“MSBs”) to submit reports, keep records, and verify the identity of customers in relation to transactions involving convertible virtual currency (“CVC”) or digital assets with legal tender status (“legal tender digital assets” or “LTDA”) held in unhosted wallets  or held in wallets hosted in a jurisdiction identified by FinCEN. FinCEN is proposing to adopt these requirements pursuant to the Bank Secrecy Act (“BSA”).

FinCEN proposes to prescribe by regulation that CVC and LTDA are “monetary instruments” for purposes of the BSA. However, FinCEN does not propose  to change  the regulatory definition of “monetary instruments” or otherwise alter existing BSA regulatory requirements applicable to “monetary instruments” in FinCEN’s regulations, including the existing currency transaction reporting (“CTR”) requirement and the existing transportation of currency or monetary instruments reporting requirement.

FinCEN is providing a 15-day period for public comments with respect to this proposed rule.

Analysis

Although there are many important technical and procedural issues, including whether Treasury is affording sufficient time for comments on the new regulations, the bottom line is that Treasury and other law enforcement agencies believe significant amount of crime is occurring due to the lack of transparency surrounding virtual currencies and digital assets, especially in international transactions.

The current issue of the IELR will have a more comprehensive discussion of these two regulatory initiatives.

[1]    See 31 CFR 1010.350(c).

[2]    Kirstin Parillo, New Draft 1040 Instructions Add More Crypto Details, Tax Notes Today  Int’l 2021 TNTI 5-3, Jan. 8, 2020.

British Court Denies U.S. Extradition Request for Assange Based on Mental Health Concerns Arising Out of Potential U.S. Incarceration

by Leave a Comment

On January 4, 2020, Judge Vanessa Baraitser of Westminster Magistrates’ Court denied the extradition request of the United States for WikiLeaks founder Julian Assange, 49, because of Assange’s mental condition.   Her 132-page ruling  (“extradition decision”) is a victory for Assange, but the U.S. Government will undoubtedly appeal.[1]

Background

The decision covers the following issues: a. the UK-US Extradition Treaty prohibits extradition for a political offense and hence the court lacks jurisdiction to hear this case; b. the allegations do not meet the statutory “dual criminality” requirements; c. extradition would be unjust and oppressive by reason of the lapse of time; d.  extradition is barred by reason of extraneous considerations; e.  extradition is in breach of the European Convention on Human Rights (“the ECHR”); f. extradition should be refused because it would be unjust and oppressive by reason of Mr. Assange’s mental condition and the high risk of suicide; and g. extradition would be an abuse of process.

There have been four indictments, including the superseding indictments.  Essentially, the U.S. charges Assange with computer intrusion and conspiracy to commit computer intrusion, espionage (e.g., obtaining, receiving and disclosure of “National Defense Information”).

In particular, the superseding indictment charges Assange conspired with former U.S. military and intelligence officer Bradley Manning (now known as Chelsea Manning) to obtain, inter alia:                                                                                                                                                                                                                                                                                                                                                                                          briefs, the diplomatic cables and the Iraq rules of engagement files to the extent that they contained the names of individuals in Afghanistan, Iraq and elsewhere in the world who risked their safety and freedom by providing information to the US and its allies, from those with lawful possession to those not entitled to receive them.

The extradition decision provides the history, starting on December 2, 2010, when the Swedish Government issued a European Arrest Warrant for Assange on rape charges.  On June 19, 2012, after the court granted extradition, from which Assange appealed, Assange took refuge in the Ecuadorian Embassy.  On May 19, 2017, the Swedish prosecutor announced she was discontinuing the case                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              On December 21, 2017, the Ecuadorean Government granted Assange diplomatic status. On December 22, 2017, the U.S. requested extradition.

The court held evidentiary hearings in February 2020 and September-October 2020.

The Decision with Respect to Mr. Assange’s Medical Condition and the Risk of Suicide

With respect to whether extradition should be refused because it would be unjust and oppressive by reason of Mr. Assange’s mental condition and the high risk of suicide, Assange’s counsel submitted a report of the Centre for Constitutional Rights in conjunction with the Allard K. Lowenstein International Human Rights Clinic (“the Darkest Corner”) 2017 concerning likely conditions of pre- and post-trial confinement if Assange was extradited, tried and convicted.  In particular, persons convicted of espionage and terrorism crimes are often subject to special administrative measures (SAM).

After reviewing the psychiatric experts for Assange and the U.S. Government, Judge Baraitser found  “that the risk that Mr. Assange will commit suicide is a substantial one.”[2]

Judge Baraister continued that “Mr. Assange faces the bleak prospect of severely restrictive detention conditions designed to remove physical contact and reduce social interaction and contact with the outside world to a bare minimum. He faces these prospects as someone with a diagnosis of clinical depression and persistent thoughts of suicide.”[3]  According to her decision, the judge deems “Mr. Assange’s risk of committing suicide, if an extradition order were to be made, to be substantial.”[4]  Judge Baraister explained “I am satisfied that, if he is subjected to the extreme conditions of SAMs, Mr. Assange’s mental health will deteriorate to the point where he will commit suicide.”[5]

The judge explained “I accept that oppression as a bar to extradition requires a high threshold. I also accept that there is a strong public interest in giving effect to treaty obligations and that this is an important factor to have in mind. However, I am satisfied that, in these harsh conditions,  Mr. Assange’s mental health would deteriorate causing him to commit suicide with the “single minded determination” of his autism spectrum disorder.”[6]  She cited as precedent the cases of Wolkowicz and Lauri Love.

Marc Raimondi, acting director of Public Affairs for the U.S. Department of Justice, said the DOJ was extremely disappointed but noted that “the court rejected all of Mr. Assange’s arguments regarding political motivation, political offense, fair trial, and freedom of speech.”  The U.S. promised to appeal the decision and asked for Assange to be remanded in custody pending the appeal.[7]

Analysis

The decision is a blow to efforts of the U.S. Government to extradite persons accused of espionage and terrorism crimes, because it essentially opines that persons who are suicidal and subject to SAM may suffer from unduly oppressive conditions, tantamount to cruel and unusual punishment.    The importance of the case bears monitoring as it goes through the appeal process.

The current issue of the IELR will have a more comprehensive discussion of the decision and its implications.

[1]    Government of the United States of America v. Julian Paul Assange, District Judge (Magistrates’ Court) Vanessa Baraitser In the Westminster Magistrates’ Court, Decision, Jan. 4, 2020 https://www.judiciary.uk/wp-content/uploads/2021/01/USA-v-Assange-judgment-040121.pdf.

 

[2]    Extradition decision, paragr. 337  at p. 109.

[3]    Id., paragr. 344 at p. 111.

[4]    Id., paragr. 346, at p. 112.

[5]    Id., paragr. 355, at p. 116.

[6]    Id., paragr. 362, at p. 118.

[7]    Claudia Rebaza, Kara Fox and Vasco Cotovio, UK judge denies US request to extradite Julian Assange, CNN, Jan. 4, 2021.

U.S. Brings Criminal Complaint and Imposes Sanctions against Russians for Election Interference

by Leave a Comment

On September 10, 2020, the U.S. Attorney for the Eastern District Virginia brought a criminal complaint against a Russian national for his alleged role in a conspiracy to use the stolen identities of real U.S. persons to open fraudulent accounts at banking and cryptocurrency exchanges.  Also on September 10, 2020, the U.S. Treasury Department imposed sanctions against Andriy Derkach.  He is a member of the Ukrainian Parliament.  Treasury says he has been “an active Russian agent for over a decade.”  Treasury accuses him of disseminating “edited audiotapes” and “substantiated allegations against U.S. and international political figures.”  The Treasury Department also imposed sanctions against three employees of the Internet Research Agency (IRA).   IRA is a troll farm in Russia that disseminates disinformation on social media as part of the Russian election interference campaign in 2016.

Complaint against Russian Project Lakhta Member

The 111-page criminal complaint and affidavit allege Artem Mikhaylovich Lifshits, 27, of St. Petersburg, Russia, operates as a manager in “Project Lakhta.”   The latter is based in Russia and engages in political and electoral interference activities.  Since  at least May 2014, Project Lakhta has tried to hide its conduct by acting through a number of entities, including IRA.  Lifshits served as manager since approximately 2017 for the Translator Department, which is allegedly responsible for much of the Project’s ongoing influence operations.

Lifshits allegedly conspired with Project Lakhta members to secure means of identification of real U.S. persons.  The conspirators then used these identities to open fraudulent accounts at banking and cryptocurrency exchanges in the victims’ names.  Lifshits and the conspirators allegedly employed these fraudulently opened accounts to promote Project Lakhta’s influence operations and personal enrichment.

Treasury Sanctions

Treasury designated Andrii Derkach (Derkach) pursuant to Executive Order (E.O.) 13848 for his efforts to influence the 2020 U.S. presidential election.  According to Treasury, “Derkach has directly or indirectly engaged in, sponsored, concealed, or otherwise been complicit in foreign interference in an attempt to undermine the upcoming 2020 U.S. presidential election.”

From at least late 2019 through mid-2020, Derkach conducted a covert influence campaign focused  on creating false and unsubstantiated narratives concerning U.S. officials in the upcoming 2020 Presidential Election, spurring corruption investigations in both Ukraine and the U.S. designed to influence the U.S. Presidential election day. The Western media covered Derkach’s unsubstantiated narratives through coverage of press conferences and other news events, including interviews and statements.

Between May and July 2020, Derkach disseminated  edited audio tapes and other unsupported information with the intent to discredit U.S. officials.  He made unsubstantiated allegations against U.S. and international political figures. Derkach almost certainly targeted the U.S. voters, prominent U.S. persons, and members of the U.S. government, based on his reliance on U.S. platforms, English-language documents and videos, and pro-Russian lobbyists in the United States used to propagate his claims.

The Treasury sanction does not mention that Rudolph W. Giulani, President Trump’s personal attorney, met twice with Derkach since late last year and publicized Derkach’s claims on his podcast and elsewhere.  Since late last year, Derkach has operated a campaign against Democratic Presidential candidate Joe Biden and former Ukrainian president Petro Poroshenko from Kyiv.  The campaign has included an English-language website and YouTube channel, and a conspiratorial flowchart showing Biden and financier George Soros at the center. fn1

Treasury also designated three IRA actors pursuant to E.O. 13694, as amended by E.O. 13757, and E.O. 13848 for having acted or purported to act for or on behalf of, directly or indirectly, the IRA, an entity designated pursuant to E.O. 13694, as amended, and E.O. 13848. Russian nationals Artem Lifshits, Anton Andreyev, and Darya Aslanova, as employees of the IRA, supported the IRA’s cryptocurrency accounts.

Department of Homeland Security Whistleblower Complaint about Intelligence re Russian Election Interference

On September 9, 2020, Rep. Adam Schiff (D-CA), the Chairman of the House Permanent Select Committee on Intelligence, announced that, as part of its ongoing investigation into the Department of Homeland Security (DHS) and the Office of Intelligence and Analysis (I&A), the Committee received a whistleblower reprisal complaint alleging serious wrongdoing by officials at the Department and reprisal against former I&A Acting Under Secretary Brian Murphy for making protected disclosures. Mr. Murphy filed the whistleblower reprisal complaint on September 8, 2020 with the DHS Office of Inspector General.

Rep. Schiff released a statement that “Murphy’s allegations are serious — from senior officials suppressing intelligence reports on Russia’s election interference and making false statements to Congress about terrorism threats at our southern border, to modifying intelligence assessments to match the President’s rhetoric on Antifa and minimizing the threat posed by white supremacists. We have requested Mr. Murphy’s testimony before the Committee, pursuant to subpoena if necessary, alongside other already scheduled interviews with other DHS officials.”

Analysis

The criminal complaint, sanctions, and whistleblower complaint show that Russian interference in U.S. elections is continuing.  The extent of the interference and the cooperation, if any, by members of the Republic National Committee and the Trump Administration are controverted.  Depending on the results of the U.S. election, the U.S. sanctions against Russia are likely to deepen.  The alleged interference is likely to  generate additional sanctions by Europe and other countries.  For European sanctions the case of Aleksei A. Navalny, the Russian opposition leader who is recovering from being poisoned, is important.  He has spoken to a German prosecutor about the attempt on his life and says he plans to return to Russia as soon as he has recovered.  The alleged poisoning of Navalny also potentially trigger sanctions under the the U.S. Global Magnitsky Act, which a number of countries have emulated. The current issue of the IELR will have more discussion on these matters in this blogpost.

FN 1     Paul Sonne, Josh Dawsey and Karoun Demirjian, Treasury penalizes Ukrainian it calls a ‘Russian agent’, Wash. Post, Sept. 11, 2020, at A10, col. 1.

 

Disclaimer

Nothing in this blog constitutes or is intended to constitute legal advice. Neither transmission nor receipt of such materials creates an attorney-client relationship. Blog readers and subscribers should consult with an attorney. This blog may be considered attorney advertising under the rules of some states. The hiring of an attorney is an important decision that should not be based solely upon advertisements. Prior results do not guarantee similar outcomes.

Pages

Categories

Sign up for our mailing list!
Get the latest blog posts, and an exclusive discount offer for one year's subscription to the International Enforcement Law Reporter.
We respect your privacy.