View the indictment here.





An indictment was unsealed today charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.

The defendants are Ni Gaobin (倪高彬), 38; Weng Ming (翁明), 37; Cheng Feng (程锋), 34; Peng Yaowen (彭耀文), 38; Sun Xiaohui (孙小辉), 38; Xiong Wang (熊旺), 35; and Zhao Guangzong (赵光宗), 38. All are believed to reside in the PRC.

“The Justice Department will not tolerate efforts by the Chinese government to intimidate Americans who serve the public, silence the dissidents who are protected by American laws, or steal from American businesses,” said Attorney General Merrick B. Garland. “This case serves as a reminder of the ends to which the Chinese government is willing to go to target and intimidate its critics, including launching malicious cyber operations aimed at threatening the national security of the United States and our allies.”

“Over 10,000 malicious emails, impacting thousands of victims, across multiple continents. As alleged in today’s indictment, this prolific global hacking operation – backed by the PRC government – targeted journalists, political officials, and companies to repress critics of the Chinese regime, compromise government institutions, and steal trade secrets,” said Deputy Attorney General Lisa Monaco. “The Department of Justice will relentlessly pursue, expose, and hold accountable cyber criminals who would undermine democracies and threaten our national security.” 

"Today's announcement exposes China's continuous and brash efforts to undermine our nation's cybersecurity and target Americans and our innovation,” said FBI Director Christopher Wray. "As long as China continues to target the US and our partners, the FBI will continue to send a clear message that cyber espionage will not be tolerated, and we will tirelessly pursue those who threaten our nation’s security and prosperity. This indictment underscores our unwavering commitment to disrupt and deter malicious cyber activity, and safeguard our citizens, businesses, and critical infrastructure from threats in cyberspace."

“The indictment unsealed today, together with statements from our foreign partners regarding related activity, shed further light on the PRC Ministry of State Security’s aggressive cyber espionage and transnational repression activities worldwide,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “Today’s announcements underscore the need to remain vigilant to cybersecurity threats and the potential for cyber-enabled foreign malign influence efforts, especially as we approach the 2024 election cycle. The Department of Justice will continue to leverage all tools to disrupt malicious cyber actors who threaten our national security and aim to repress fundamental freedoms worldwide.”

“These allegations pull back the curtain on China’s vast illegal hacking operation that targeted sensitive data from U.S. elected and government officials, journalists, and academics; valuable information from American companies; and political dissidents in America and abroad. Their sinister scheme victimized thousands of people and entities across the world, and lasted for well over a decade,” said U.S. Attorney Breon Peace for the Eastern District of New York. “America’s sovereignty extends to its cyberspace. Today’s charges demonstrate my office’s commitment to upholding and protecting that jurisdiction, and to putting an end to malicious nation state cyber activity.”

“The recent indictments against the Chinese actors reaffirm the FBI’s relentless dedication to combating cyber threats,” said Assistant Director Bryan Vorndran of the FBI Cyber Division. “They serve as a reminder that cyber adversaries who seek to compromise our nation’s systems and target US officials cannot rely on the cloak of anonymity and will face consequences for their actions.”

“APT31 Group’s practices further demonstrate the size and scope of the PRC’s state-sponsored hacking apparatus,” said Special Agent in Charge Robert W. “Wes” Wheeler Jr. of the FBI Chicago Field Office. “FBI Chicago worked tirelessly to uncover this complex web of alleged foreign intelligence and economic espionage crimes. Thanks to these efforts, as well as our partnerships with the U.S. Attorneys’ Offices and fellow Field Offices, the FBI continues to be successful in holding groups accountable and protecting national security.”

Overview

As alleged in the indictment and court filings, the defendants, along with dozens of identified PRC Ministry of State Security (MSS) intelligence officers, contractor hackers, and support personnel, were members of a hacking group operating in the PRC and known within the cybersecurity community as Advanced Persistent Threat 31 (the APT31 Group). The APT31 Group was part of a cyberespionage program run by the MSS’s Hubei State Security Department, located in the city of Wuhan. Through their involvement with the APT31 Group, since at least 2010, the defendants conducted global campaigns of computer hacking targeting political dissidents and perceived supporters located inside and outside of China, government and political officials, candidates, and campaign personnel in the United States and elsewhere and American companies.

The defendants and others in the APT31 Group targeted thousands of U.S. and foreign individuals and companies. Some of this activity resulted in successful compromises of the targets’ networks, email accounts, cloud storage accounts, and telephone call records, with some surveillance of compromised email accounts lasting many years.

Hacking Scheme

The more than 10,000 malicious emails that the defendants and others in the APT31 Group sent to these targets often appeared to be from prominent news outlets or journalists and appeared to contain legitimate news articles. The malicious emails contained hidden tracking links, such that if the recipient simply opened the email, information about the recipient, including the recipient’s location, internet protocol (IP) addresses, network schematics, and specific devices used to access the pertinent email accounts, was transmitted to a server controlled by the defendants and those working with them. The defendants and others in the APT31 Group then used this information to enable more direct and sophisticated targeted hacking, such as compromising the recipients’ home routers and other electronic devices.

The defendants and others in the APT31 Group also sent malicious tracking-link emails to government officials across the world who expressed criticism of the PRC government. For example, in or about 2021, the conspirators targeted the email accounts of various foreign government individuals who were part of the Inter-Parliamentary Alliance on China (IPAC), a group founded in 2020 on the anniversary of the 1989 Tiananmen Square protests whose stated purpose was to counter the threats posed by the Chinese Communist Party to the international order and democratic principles. The targets included every European Union member of IPAC, and 43 United Kingdom parliamentary accounts, most of whom were members of IPAC or had been outspoken on topics relating to the PRC government.

To gain and maintain access to the victim computer networks, the defendants and others in the APT31 Group employed sophisticated hacking techniques including zero-day exploits, which are exploits that the hackers became aware of before the manufacturer, or the victim were able to patch or fix the vulnerability. These activities resulted in the confirmed and potential compromise of economic plans, intellectual property, and trade secrets belonging to American businesses, and contributed to the estimated billions of dollars lost every year as a result of the PRC’s state-sponsored apparatus to transfer U.S. technology to the PRC.

Targeting of U.S. Government Officials and U.S. and Foreign Politicians and Campaigns

The targeted U.S. government officials included individuals working in the White House, at the Departments of Justice, Commerce, Treasury, and State, and U.S. Senators and Representatives of both political parties. The defendants and others in the APT31 Group targeted these individuals at both professional and personal email addresses. Additionally in some cases, the defendants also targeted victims’ spouses, including the spouses of a high-ranking Department of Justice official, high-ranking White House officials, and multiple U.S. Senators. Targets also included election campaign staff from both major U.S. political parties in advance of the 2020 election.

The allegations in the indictment regarding the malicious cyber activity targeting political officials, candidates, and campaign personnel are consistent with the March 2021 Joint Report of the Department of Justice and the Department of Homeland Security on Foreign Interference Targeting Election Infrastructure or Political Organization, Campaign, or Candidate Infrastructure Related to the 2020 US Federal Elections. That report cited incidents when Chinese government-affiliated actors “materially impacted the security of networks associated with or pertaining to U.S. political organizations, candidates, and campaigns during the 2020 federal elections.” That report also concluded that “such actors gathered at least some information they could have released in influence operations,” but which the Chinese actors did not ultimately deploy in such a manner. Consistent with that conclusion, the indictment does not allege that the hacking furthered any Chinese government influence operations against the United States. The indictment’s allegations nonetheless serve to underscore the need for U.S. (and allied) political organizations, candidates, and campaigns to remain vigilant in their cybersecurity posture and in otherwise protecting their sensitive information from foreign intelligence services, particularly in light of the U.S. Intelligence Community’s recent assessment that “[t]he PRC may attempt to influence the U.S. elections in 2024 at some level because of its desire to sideline critics of China and magnify U.S. societal divisions.”

Targeting of U.S. Companies

The defendants and others in the APT31 Group also targeted individuals and dozens of companies operating in areas of national economic importance, including the defense, information technology, telecommunications, manufacturing and trade, finance, consulting, legal, and research industries. The defendants and others in the APT31 Group hacked and attempted to hack dozens of companies or entities operating in these industries, including multiple cleared defense contractors who provide products and services to the U.S. military, multiple managed service providers who managed the computer networks and security for other companies, a leading provider of 5G network equipment, and a leading global provider of wireless technology, among many others.

Targeting for Transnational Repression of Dissidents

The defendants and the APT31 Group also targeted individual dissidents around the world and other individuals who were perceived as supporting such dissidents. For example, in 2018, after several activists who spearheaded Hong Kong’s Umbrella Movement were nominated for the Nobel Peace Prize, the defendants and the APT31 Group targeted Norwegian government officials and a Norwegian managed service provider. The conspirators also successfully compromised Hong Kong pro-democracy activists and their associates located in Hong Kong, the United States, and other foreign locations with identical malware.

The charged defendants’ roles in the conspiracy consisted of testing and exploiting the malware used to conduct these intrusions, managing infrastructure associated with these intrusions, and conducting surveillance and intrusions against specific U.S. entities. For example:

Cheng Feng, Sun Xiaohui, Weng Ming, Xiong Wang, and Zhao Guangzong were involved in testing and exploiting malware, including malware used in some of these intrusions.

Cheng and Ni Gaobin managed infrastructure associated with some of these intrusions, including the domain name for a command-and-control server that accessed at least 59 unique victim computers, including a telecommunications company that was a leading provider of 5G network equipment in the United States, an Alabama-based research corporation in the aerospace and defense industries, and a Maryland-based professional support services company.

Sun and Weng operated the infrastructure used in an intrusion into a U.S. company known for its public opinion polls. Sun and Peng Yaowen conducted research and reconnaissance on several additional U.S. entities that were later the victims of the APT31 Group’s intrusion campaigns.

Ni and Zhao sent emails with links to files containing malware to PRC dissidents, specifically Hong Kong legislators and democracy advocates, as well as targeting U.S. entities focusing on PRC-related issues.

Assistant U.S. Attorneys Douglas M. Pravda, Saritha Komatireddy, and Jessica Weigel for the Eastern District of New York are prosecuting the case, with valuable assistance from Matthew Anzaldi and Matthew Chang of the National Security Division’s National Security Cyber Section.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

DETROIT – United States Attorney Matthew Schneider announced today that law enforcement in the United States has worked jointly in support of an international takedown of a virtual private network (VPN), dubbed “Operation Nova.”  Domain names offered by an organization engaged in “bulletproof hosting” that provided assistance to cyber-criminals were seized, and related servers were shut down. U.S.-based servers used in the scheme were taken offline by U.S. authorities, while International partners did the same.

Schneider was joined in the announcement by Special Agent in Charge Timothy Waters of the Federal Bureau of Investigation (FBI) in Detroit.

The coordinated effort was led by the German Reutlingen Police Headquarters together with Europol, the FBI and other law enforcement agencies from around the world.  Today, law enforcement from around the world conducted a coordinated takedown of servers in at least five different countries, in addition to the domain seizures.

The investigation revealed that three domains— INSORG.ORG; SAFE-INET.COM; SAFE-INET.NET.—offered “bulletproof hosting services” to website visitors.  A “bulletproof hosting service” is an online service provided by an individual or an organization that is intentionally designed to provide web hosting or VPN services for criminal activity.  These services are designed to facilitate uninterrupted online criminal activities and to allow customers to operate while evading detections by law enforcement.  Many of these services are advertised on online forums dedicated to discussing criminal activity.  A bulletproof hoster’s activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer’s victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs (so that none are available for review by law enforcement).  By providing these services, the bulletproof hosts knowingly support the criminal activities of their clients and become coconspirators in criminal schemes.

Much of the criminal activity occurring on the network involved cyber actors responsible for ransomware, E-skimming breaches, spearphishing, and account takeovers.  The service’s website offered support in Russian and English languages, at a high price to the criminal underworld.  This infrastructure preferred by cybercriminals was used to compromise networks all around the world.

The seized domains are in the custody of the federal government. Visitors to the sites will now find a seizure banner that notifies them that the domain name has been seized by federal authorities facilitating computer intrusions is a federal crime.

The Justice Department’s Office of International Affairs provided investigative assistance.  The Justice Department thanks Germany’s Reutlingen Police Headquarters (Polizeipräsidium Reutlingen),  The Netherlands’ National Police (Politie), Switzerland’s Cantonal Police of Argovia (Kantonspolizei Aargau), France’s Judicial Police (Direction Centrale de la Police Judiciaire) and Europol’s European Cybercrime Centre (EC3) for their assistance and collaboration in this matter.

###

DETROIT – A regional hospital system and two physicians have paid over $69 million in three related civil settlements to resolve possible False Claims Act violations, United States Attorney Dawn N. Ison announced today.

Ison was joined in the announcement by Special Agent in Charge Mario M. Pinto of the U.S. Department of Health & Human Services, Office of Inspector General (HHS-OIG), Chicago Regional Office, Special Agent in Charge Scott Pierce, United States Postal Service Office of Inspector General, Central Area Field Office and Special Agent in Charge Patrick J. Hegarty, Department of Defense Office of Inspector General, Defense Criminal Investigative Service (DCIS), Northeast Field Office.  

Covenant Healthcare System, a regional hospital system based in the Saginaw, Michigan area, paid $69 million to resolve allegations under the False Claims Act of improper financial relationships with eight referring physicians and a physician-owned investment group, resulting in the submission of false claims to the Medicare, Medicaid, TRICARE, and FECA programs.  Two of these physicians, neurosurgeon Dr. Mark Adams and electrophysiologist Dr. Asim Yunus will pay the United States $406,551.15 and $345,987.54, respectively, to resolve allegations related to their relationships with Covenant.

The Anti-Kickback Statute (“AKS”) prohibits offering, paying, soliciting, or receiving remuneration to induce referrals of items or services covered by Medicare, Medicaid, and other federally-funded programs.  The Physician Self-Referral Law, commonly known as the Stark Law, prohibits a hospital from billing Medicare for certain services referred by physicians with whom the hospital has an improper financial arrangement, including the payment of compensation that exceeds the fair market value of the services actually provided by the physician and the provision of free or below-market rent.  Both the Anti-Kickback Statute and the Stark Law are intended to ensure that physicians’ medical judgments are not compromised by improper financial incentives and instead are based on the best interests of their patients.

The settlement with Covenant resolves the following allegations:

At various points between 2006 to 2016, Covenant had contracts with Asim Yunus, M.D., Kimiko Sugimoto, M.D., Sujal Patel, M.D., Sussan Bays, M.D., Guy Boike, M.D., and Thomas Damuth, M.D. to serve as medical directors, and none of these arrangements satisfied any exceptions to the Stark Law or the AKS, such that referrals these physicians made to Covenant violated the False Claims Act.

 

From June 1, 2006, to December 14, 2009, Covenant employed Mark Adams, M.D., and this financial relationship did not satisfy any exception to the Stark Law, such that referrals for designated healthcare services by Adams to Covenant were prohibited and violated the False Claims Act.

 

From January 21, 2009, through July 31, 2013, Covenant rented office space to Ernie Balcueva, M.D.  Covenant forgave Balcueva’s rent payments, constituting remuneration that Covenant paid in exchange for referrals from Balcueva in violation of the AKS and the False Claims Act, and creating a financial relationship that did not meet any exception to the Stark Law, also violating the False Claims Act.

 

Covenant permitted Covenant Physician Investment Group (“CPIG”), a group owned by Covenant-employed physicians for the purpose of purchasing large medical equipment that CPIG would lease to Covenant, to secure an equipment lease through non-arm’s-length negotiations, in order to induce referrals of patients from these physicians, in violation of the AKS and the False Claims Act.

 

As a result of this settlement, which was finalized in 2021, Covenant paid the United States $67,191,436.39 and the State of Michigan $1,808,563.61.  This settlement remained under seal while the United States continued its investigation into Adams and Yunus, which led to the settlements with Adams and Yunus.  Consistent with the terms of their respective settlement agreements with the United States, Adams paid the United States $406,551.15, and Yunus will pay the United States $345,987.54.

“Improper financial relationships and kickbacks undermine the integrity of federally-funded healthcare programs by influencing physician decision making,” said U.S. Attorney Ison.  “This outcome emphasizes our Office’s commitment to pursuing justice against parties on both sides of those relationships—the hospital seeking to influence the physician via certain compensation schemes and the physician accepting the compensation.”  U.S. Attorney Ison added, “I would like to commend the new leadership at Covenant for making things right once its past wrongdoing was brought to its attention by federal investigators.”

“Financial relationships that are based solely on monetary gain undermine the trust that we place in our nation’s medical providers and can result in costly reductions to our Federal health care programs,” said Special Agent in Charge Mario M. Pinto of the U.S. Department of Health and Human Services Office of Inspector General. “We will continue to work together with our law enforcement partners to ensure the appropriate use of taxpayer dollars.

“These settlements send a clear message to healthcare providers that the government is vigilantly protecting federal benefit programs,” said Special Agent in Charge Scott Pierce of United States Postal Service Office of Inspector General, Central Area Field Office. “The USPS OIG appreciates our law enforcement partners for their commitment and efforts in this investigation. The USPS OIG will continue to vigorously investigate those who engage in activities that harm federal benefit programs and the U.S. Postal Service.”

"Protecting TRICARE, the healthcare system for military members and their dependents, is a top priority for the Defense Criminal Investigative Service (DCIS), the law enforcement arm of the Department of Defense Office of Inspector General," stated Special Agent in Charge Patrick J. Hegarty, DCIS Northeast Field Office.  "The settlements announced today demonstrate our ongoing commitment to work with the Department of Justice and our law enforcement partners to investigate allegations of improper financial relationships that place unnecessary financial pressure on the TRICARE system."

The civil settlements resolve the claims brought by Stacy Goldsholl, M.D., under the qui tam or whistleblower provisions of the False Claims Act.  Under these provisions, a private party may file an action on behalf of the United States and receive a portion of any recovery.  The qui tam case is captioned United States ex rel. Goldsholl v. Covenant Healthcare System, et al., No. 12-15422 (E.D. Mich.).  The whistleblower will receive a combined $12,384,927.36 from the three settlements.  The claims resolved by the settlements are allegations only; there has been no determination or admission of liability.

The matter was investigated by Assistant U.S. Attorney Jonny Zajac of the U.S. Attorney’s Office for the Eastern District of Michigan, with assistance from HHS-OIG, the Defense Criminal Investigative Service, and the United States Postal Service-OIG.

ST. LOUIS – A former St. Louis alderman pleaded guilty Tuesday to all charges against him and admitted taking bribes in the form of a series of cash payments, a car, a phone and campaign contributions to help a local business owner get a property tax abatement.

John Collins-Muhammad pleaded guilty in front of U.S. District Judge Stephen R. Clark to two bribery-related charges and one charge of honest services bribery/wire fraud. As part of his plea, he admitted assisting a business owner obtain a multi-year property tax abatement. The business owner, referred to in court documents as “John Doe,” was developing a property in Collins-Muhammad’s 21st ward.

Beginning in January 2020, Collins-Muhammad accepted a total of $13,500 in cash, $3,000 in campaign contributions, a Volkswagen CC sedan and an Apple iPhone 11 from Doe in exchange for his continued agreement, assistance and use of his official position to provide the property tax abatement for Doe’s property.

After Doe’s development in Collins-Muhammad’s ward received opposition from residents of his ward, Collins-Muhammad falsely represented to the residents that he would not put forward the development for tax incentives.  Nonetheless, Collins-Muhammad continued to take legislative action to provide the tax abatement for the development and continued to accept cash and other things of value from Doe.

While the legislative actions were pending, Collins-Muhammad told Doe not to start construction so Doe wouldn’t jeopardize the promised tax break.

His co-defendant, former Board of Aldermen President Lewis Reed, joined Collins-Muhammad’s efforts to obtain the promised tax incentive for Doe during August 2021.  Thereafter, Doe made cash payments to Reed and continued the cash payments to Collins-Muhammad, the plea agreement says. Reed even promised to override a mayoral veto to pass the tax abatement legislation, the plea says.

Ultimately, in 2022, the efforts of Collins-Muhammad and Reed paid off, and the Board of Aldermen passed legislation providing the promised tax abatement for John Doe’s property development.

Collins-Muhammad did not report the campaign contributions to the Missouri Ethics Commission or deposit any of the cash payments into a bank account.

Collins-Muhammad also introduced Doe to other public officials and suggested he pay cash for their official assistance for other projects. After a June 18, 2020 meeting arranged by Collins-Muhammad with a public official who could purportedly help Doe win government contracts for his trucking company, Doe gave the official $10,000. Collins-Muhammad got $3,000 for setting up the meeting.

The official returned the cash that day and told Collins-Muhammad to instead have Doe write two $5,000 checks to the official’s campaign account. The checks were never cashed or deposited and Doe never received any contracts. Collins-Muhammad then told Doe that the official wanted $2,500 in cash, but Collins-Muhammad used the money to buy a 2008 Chevrolet Trailblazer for his own use.

Collins-Muhammad also introduced Doe to co-defendant Jeffrey Boyd, the alderman of a ward in which Doe wished to purchase city-owned property for a development, and told Doe to give Boyd $2,500 cash. Doe gave Collins-Muhammad $1,000 for setting up the meeting, and began providing cash payments to Boyd, the plea agreement says. Boyd ultimately helped Doe purchase the property and also passed legislation in the Board of Aldermen to provide a tax abatement for Doe’s proposed development, the plea agreement says.

Collins-Muhammad is scheduled to be sentenced Dec. 6. The honest services bribery/wire fraud charge carries a maximum penalty of 20 years in prison and a $250,000 fine. One of his bribery charges carries a 10-year maximum and the other has a five-year maximum.

The FBI investigated the case. Assistant U.S. Attorney Hal Goldsmith is prosecuting the case.

 John Collins-Muhammad plea agreement

DETROIT – William A. Smith, 52, the former Chief Financial Officer for the Detroit Riverfront Conservancy, pleaded guilty today to federal charges from a years-long scheme to embezzle over $40 million from the Conservancy, United States Attorney Dawn N. Ison announced.  Ison was joined in the announcement by Cheyvoryea Gibson, Special Agent in Charge of the FBI’s Detroit Field Office and Charles Miller, Special Agent in Charge of the IRS-Criminal Investigations (IRS-CI) Detroit Field Office.Smith pleaded guilty to one count of wire fraud and one count of money laundering. Both counts carry a statutory maximum term of twenty years imprisonment.According to court documents, William A. Smith, of Northville, was employed as the Chief Financial Officer for the Detroit Riverfront Conservancy, Inc. (the Conservancy) from 2011 through May 2024.  The Conservancy is a 501(c)(3) organization formed with the mission of developing access to the Detroit riverfront. The Conservancy envisions creation of a continuous Riverwalk from the Ambassador Bridge in the west to Gabriel Richard Park in the east, along with plazas, pavilions, and green spaces. Funding for the Conservancy is provided by both private donors and public grants. In his position as Chief Financial Officer of the Conservancy, Smith enjoyed substantial discretion in overseeing and managing the Conservancy’s financial affairs.According to the plea agreement, beginning no later than November 2012 and continuing until May 2024, Smith orchestrated a scheme to embezzle millions of dollars in funds belonging to the DRFC.  The embezzlement scheme took three principal forms:First, Smith diverted Conservancy funds from the organization’s bank accounts to a bank account in the name of “The Joseph Group, Inc.,” an entity owned and controlled by Smith. The Joseph Group was not an approved vendor for the Conservancy and provided no goods or services of any kind to the organization. However, between February 2013 and May 2024, Smith transferred approximately $24.4 million from the Conservancy’s bank accounts to an account in the name of the Joseph Group.Second, Smith maintained an American Express account in the name of another of the many entities he owned and controlled, this one called “William Smith & Associates LLC.”  There were four American Express credit cards issued on this account. Between November 2012 and May 2024, Smith used approximately $14.9 million in Conservancy funds to pay off purchases made on this account. None of these expenditures were authorized by the Conservancy, which maintained other credit card accounts for Conservancy purchases. Smith used the American Express account to purchase furniture, designer clothing, handbags, lawn care services, airline tickets, and other consumer goods and services for himself and his family.Third, Smith used Conservancy funds to purchase cashier’s checks from various financial institutions. These cashier check purchases were unauthorized, and Smith used the cashier’s checks for his own purposes without the knowledge or approval of the Conservancy’s Board of Directors.Smith engaged in various practices to cover up and sustain this massive fraud scheme. In some instances, Smith falsified bank statements that he provided to the Conservancy’s bookkeeper, altering or deleting unauthorized transfers on the statements in order to keep them off of the Conservancy’s books. In at least one other instance, he took out a line of credit with a financial institution (Citizen’s Bank) on behalf of the Conservancy. Smith claimed to be acting with the authorization of the Conservancy’s Board of Directors in taking out this line of credit. In fact, Smith had no such authority, and the documents he provided Citizen’s Bank purporting to show that he had such authorization were forgeries.  Smith used the funds from this line of credit (which eventually totaled $5 million) to infuse monies into the Conservancy’s bank accounts to help cover up his substantial embezzlement from those accounts.According to plea documents, Smith also took complex steps to disguise the origin of the funds he embezzled from the Conservancy.  He routinely transferred the stolen Conservancy monies through elaborate chains of intermediate entities, all with the intent of concealing the source and nature of those funds.The plea agreement states that the financial losses from Smith’s scheme are difficult to quantify with precision. However, Smith agreed to pay no less than $44.3 million in restitution as a result of his conduct. “William Smith admitted today to perpetrating a financial crime that is astonishing in its scope and impact,” stated United States Attorney Ison. “Smith stole over $40 million dollars from the Detroit Riverfront Conservancy – a non-profit organization dedicated to creating beautiful public spaces that Detroit’s residents and visitors can use and enjoy. Smith not only betrayed the Conservancy’s trust, but he betrayed the trust of the whole community, all so that he could enjoy the trappings of wealth and comfort. I remain shocked at the scale of the fraud and the harm it has caused, and today’s guilty plea is an important step towards holding Mr. Smith accountable for his outrageous conduct.”"Mr. Smith’s deceitful actions, which spanned for more than a decade, not only broke the trust of his employer, but the entire community,” said Cheyvoryea Gibson, Special Agent in Charge of the FBI in Michigan. “William Smith used his position of authority to financially profit at the expense of his employer. Today’s guilty plea is a direct result of a tireless work of members from the FBI in Detroit. The FBI remains committed to working with our partners to combat these serious white-collar crimes."“William Smith held a position of trust and authority in the Detroit Riverfront Conservancy, an organization created to help revitalize outdoor spaces for all of the Detroit community. Such an extreme breach of that trust, millions of dollars stolen that would have benefitted the city for years to come, is almost unfathomable,” said Charles Miller, Special Agent in Charge, IRS-CI, Detroit Field Office. “IRS-CI’s role in this kind of investigation becomes even more important due to the complex financial transactions that can take time to unravel. With the guilty plea that was announced today, we know our work to hold Mr. Smith accountable for the outright lies and theft from the conservancy will lead to an appropriate consequence.”The case is being prosecuted by Assistant U.S. Attorneys John K. Neal and Robert A. Moran.  The case is being investigated by the FBI and IRS-Criminal Investigations.

DETROIT - On April 25th, the FBI’s Detroit Field Office, with assistance from the Virtual Currency Response Team (VCRT), the Cyber Police Department and Main Investigation Departments of the National Police of Ukraine, and the Prosecutor General’s Office of Ukraine conducted coordinated, court authorized activity involving nine virtual currency exchange services.  

Domain names offered by organizations which were engaged in cryptocurrency conversions and provided assistance to cyber-criminals were seized, and related servers were shut down. U.S. based servers used in the scheme were taken offline by U.S. authorities. These nine seized domains, 24xbtc.com, 100btc.pro, pridechange.com, 101crypta.com, uxbtc.com, trust-exchange.org, bitcoin24.exchange, paybtc.pro, and owl.gold offered anonymous cryptocurrency exchange services to website visitors. 

Noncompliant virtual currency exchanges, which have a lax anti-money laundering program or collect minimal Know Your Customer information or none at all, serve as important hubs in the cybercrime ecosystem and are operating in violation of Title 18 United States Code, Sections 1960 and 1956.  Many of these services are advertised on online forums dedicated to discussing criminal activity. By providing these services, the virtual currency exchanges knowingly support the criminal activities of their clients and become co-conspirators in criminal schemes.

Much of the criminal activity occurring at the affected exchanges involved cyber actors responsible for ransomware, but also other scammers, and cybercriminals.  The service’s website offered support in both Russian and English.

The investigation is ongoing. Visitors to the sites will now find a seizure banner that notifies them that the domain name has been seized by federal authorities and operating an unlicensed money service business and facilitating money laundering is a federal crime.