Category Archives: Money laundering

Get Rich Quick Scams Use Teens Social Media Accounts to Launder Money

Sky News recently launched an investigation into criminals who are targeting teens on social media such as Snapchat and Instagram. These

Get Rich Quick Scams Use Teens Social Media Accounts to Launder Money on Latest Hacking News.

Historical OSINT – Able Express Courier Service Re-Shipping Mule Recruitment Scam Spotted in the Wild

I've recently intercepted a currently circulating malicious and fraudulent spam campaign successfully impersonating "Able Express Courier Service" to utilize a re-shipping mule recruitment scam potentially targeting tens of thousands of unsuspecting users globally. Sample malicious URL known to have participated in the campaign: hxxp://ablecs.biz - 104.31.82.184 - Email: phyllisjhurst@grr.la

Historical OSINT – Global Postal Express Re-Shipping Mule Recruitment Scam Spotted in the Wild

Continuing the series of post detailing the activities of currently circulating malicious and fraudulent spam campaigns successfully targeting potential money mule recruiters I've recently came across to Global Postal Express which basically: "We Provide best in service global logistics through our people by building lasting relationships with the commitment to prioritize our customer needs to

Historical OSINT – Re-Shipping Money Mule Recruitment “Your Shipping Panel LLC” Scam Domain Portfolio Spotted in the Wild

The time has come to profile a recently intercepted and currently active malicious and fraudulent re-shipping money mule recruitment fraudulent campaign successfully enticing users into interacting with the rogue and bogus content potentially risk-forwarding the risk of the fraudulent transaction to the unsuspecting user. Sample malicious URL: hxxp://yourshippingpanel.com Sample Mailing

Thieves stole $1.7 billion in cryptocurrency in 2018 as mining gives way to stealing in crypto space

Bitcoin’s legendary ascension to the $20,000 mark a little more than a year ago inspired legions of fast-buck makers to hop on the bandwagon and invest in this intriguing yet volatile asset.

Mining cryptocurrency worked for a while, but it is no longer feasible because of the increasing complexity behind the algorithms, especially in the case of Bitcoin. So players in the cryptocurrency market are now (loosely) divided into two categories: those who trade it and those who steal it.

And the line between the ICOs and exchanges in the former group and the thieves, scammers and hackers of the second group is blurring by the day. Some exchanges and initial coin offerings are now entirely set up to perform an exit scam.

Playing with digital currency today is like playing with fire, as the risks now outweigh the benefits. New research reveals that thieves and scammers stole $1.7 billion in cryptocurrency in 2018. Theft from cryptocurrency exchanges accounted for most of the criminal activity: more than $950 million was stolen by hackers in 2018 – 3.6 times more than in 2017. Investors and exchange users lost at least $725 million in cryptocurrency in 2018 to exit scams, phony exchange hacks, and Ponzi schemes, according to CipherTrace.

Criminals now need to launder all these funds to cash out before a wave of crypto-centric regulations go into effect this year.


3.6x More Cryptocurrency Stolen in 2018 Versus 2017 According to CipherTrace (Graphic: Business Wire)

CipherTrace has also identified the top 10 trending crypto threats (below) in an effort to provide “actionable threat intelligence for anyone dealing with cryptocurrency.” From the report:

  • SIM swapping: An identity theft technique that takes over a victim’s mobile device to steal credentials and break into wallets or exchange accounts to steal cryptocurrency.
  • Crypto dusting: A new form of blockchain spam that erodes the recipient’s reputation by sending cryptocurrency from known money mixers.
  • Sanction evasion: Nation states that use cryptocurrencies promoted by the Iranian and Venezuelan governments to circumvent sanctions.
  • Next-generation crypto mixers: Money laundering services that promise to exchange tainted tokens for freshly mined crypto, but in reality cleanse cryptocurrency through exchanges.
  • Shadow money service businesses (MSBs): Unlicensed MSBs that bank cryptocurrency without the knowledge of host financial institutions, exposing banks to unknown risk.
  • Datacenter-scale cryptojacking: Takeover attacks that mine for cryptocurrency at a massive scale and that have been discovered in datacenters, including AWS.
  • Lightning Network transactions: Enabling anonymous bitcoin transactions by going “off-chain” and now scaling to $2,150,000.
  • Decentralized stable coins: Stabilized tokens that can be designed for use as hard-to-trace private coins.
  • Email extortion and bomb threats: Mass-customized phishing email campaigns by cyber-extortionists using old passwords and spouse names to demand bitcoin. Bomb threat extortion scams spiked in December.
  • Crypto-robbing ransomware: New malware distributed by cyber-extortionists that empties cryptocurrency wallets and steals private keys while holding user data hostage.

In the wake of numerous such incidents, countries around the world are accelerating the adoption of anti-money-laundering regulations and cryptocurrency forensics. However, as in the classical monetary system, some countries are lagging behind in regulating cryptocurrency, serving as potential havens for money laundering, fraud, and tax evasion.

CyberCrime & Doing Time: Money Laundering and Counter-Terrorist Financing: What is FATF?

Many cybercrime investigators seem narrowly focused on the bits and bytes of the crimes they investigate while not truly understanding or interacting with those who focus on where the money goes.  As we've been expanding our horizons, I've learned quite a bit and wanted to share some resources for others who may have been similarly limited in their focus.

The Financial Action Task Force (FATF) was established in 1989. It built a list of Forty Recommendations for countries to address Money Laundering, which were first issued in 1990, and revised in 1996, 2001, 2003, and 2012.  Their latest FATF Annual Report (2017-2018) addresses Terrorist financing as well as new methods and trends and announces a research project on financing of recruitment for terrorism.  Many of these Recommendations meet our lives in the form of regulations on financial institutions and interactions between international law enforcement agencies.
"Regardless of their size and complexity, the financial activities and channels of terrorists are an essential source of intelligence.  Financial investigation can identify terrorist cells, their associates and facilitators, and reveal the structure of terrorist groups, and their logistics and facilitation networks." -- FATF President Santiago Otamendi, 14DEC2017, NYC.
FATF also released an important report "Financing of Recruitment for Terrorist Purposes" in January 2018, and a second report "Concealment of Beneficial Ownership" in July 2018.
Beneficial Ownership (July 2018)
Terrorist Recruitment (January 2018)
FATF is composed of 38 member states, covering most of the major financial centers of the world. Each of these member states has pledged to come into compliance with the Forty Recommendations, and to measure its progress.

The FATF Forty Recommendations on Money Laundering and Counter Terrorism Finance

International Standards on Combating Money Launderingand the Financing of Terrorism& Proliferation (Oct 2018)
The Recommendations fall into seven major categories:

A - AML/CFT Policies and Coordination
  • R1. Asessing risks & applying a risk-based approach
  • R2. National cooperation and coordination


B - Money Laundering and Confiscation

  • R3. Money laundering offense 
  • R4. Confiscation and provisional measures


C - Terrorist Financing and Financing of Proliferation

  • R5. Terrorist financing offense
  • R6. Targeted financial sanctions related to terrorism and terrorist financing
  • R7. Targeted financial sanctions related to proliferation 
  • R8. Non-profit organizations


D - Preventative Measures

  • R9. Financial institution secrecy laws
  • R10. Customer due diligence 
  • R11. Record keeping 
  • R12. Politically exposed persons
  • R13. Correspondent banking
  • R14. Money or Value transfer services
  • R15. New technologies
  • R16. Wire transfers 
  • R17. Reliance on third parties 
  • R18. Internal controls and foreign branches and subsidiaries
  • R19. Higher-risk countries
  • R20. Reporting of suspicious transactions
  • R21. Tipping-off and confidentiality 
  • R22. Designated non-Financial Businesses and Professions: Customer due diligence
  • R23. Designated non-Financial Businesses and Professions: Other measures 


E - Transparency and Beneficial Ownership of Legal Persons and Arrangements

  • R24. Transparency and beneficial ownership of legal persons
  • R25. Transparency and beneficial ownership of legal arrangements 


F - Powers and Responsibilities of Competent Authorities and Other Institutional Measures

  • R26. Regulation and supervision of financial institutions
  • R27. Powers of supervisors
  • R28. Regulation and supervision of Designated non-Financial Businesses and Professions
  • R29. Financial intelligence units
  • R30. Responsibilities of law enforcement and investigative authorities 
  • R31. Powers of law enforcement and investigative authorities 
  • R32. Cash couriers 
  • R33. Statistics
  • R34. Guidance and feedback 
  • R35. Sanctions 


G - International Cooperation

  • R36. International instruments 
  • R37. Mutual legal assistance 
  • R38. Mutual legal assistance: freezing and confiscation
  • R39. Extradition 
  • R40. Other forms of international cooperation 


Mutual Evalution and Ranking of Members  

4th Round Ratings
In this chart, each member state, including the Associate members, is ranked on how well they comply with each of the 11 "Immediate Outcomes" and 40 Recommendations.  For example, the United States is currently not compliant with recommendations 22, 23, and 24 -- so, we don't do well in non-financial institutions, and our shell company games are impossible to monitor as of now, but we do generally do well in most others.  Clicking the "4th Round Ratings" label will take you to the full chart.  If you do international business, it may be a form of risk doing businesses in countries with poor ratings across the board here.

FATF Associate Members

FATF also has 9 Regional Bodies, considered "FATF Associate Members" each of which put out specialized information for their portion of the world.  For those who are interested in that Region, following up on those specific regions reports from their representative task forces and groups will be worthwhile.

A Special Focus on Terrorist Financing Risks 

FATF issued their first special report offering guidance on Terrorist Financing in 2008:


Several more recent reports would be especially interesting regarding terrorist financing, stemming from an emergency meeting of 55 states, the United Nations, the Egmont Group of Financial Intelligence Units, the International Monetary Fund, the World Bank, and others specifically to address curbing the financing of ISIS/ISIL.



In the Paris meeting of 19OCT2018, FATF encouraged members to expand their focus from looking specifically at ISIL to more broadly include Al Qaeda and its Affiliates, issuing this guidance:



Regional Terrorist Financing Focuses

There have also been significant regional reports issued by sub-groups and associate members.

The Counter-Terrorism Financing Summit, hosted by Australia's Financial Intelligence Agency (AUSTRAC) and the Indonesian counterpart, Pusat Pelaporan dan Analisis Transaksi Keuangan (PPATK), issued the Regional Risk Assessment on Terrorism Financing 2016.  The following year, the event was repeated, adding Bank Negara Malaysia as a partner.  These events issued two small statements, and one more substantial report, addressing events in Philippines, Thailand, Malaysia, Singapore, Indonesia, and Australia, and how those events were funded.

A risk methodology for their region (p.22)

The Nusa Dua Statement - August 2016 
Kuala Lumpur Communique - November 2017 


West and Central Africa have very different concerns, and held a summit to discuss these differences, resulting in this excellent joint publication: 

"Terrorist Financing in West and Central Africa", October 2016
50 page joint report from FATF, GIABA, and GABAC


Particular Funding Methods for Terrorism Finance

Many other special reports have been issued, related to the trade in:

Virtual Currencies of Growing Concern

In the Paris meeting 19OCT2018, a special issue that was raised was the Regulation of Virtual Currencies.  This was deemed to be a matter of strategic interest that will be further evaluated, especially with regard to Initial Coin Offerings and their role in Money Laundering.  FATF has committed to work with the G20 to come up with new guidelines to update their previous report "Virtual Currencies: Key Definitions and Potential AML/CFT Risks" as well as their report "Guidance for a Risk-based Approach to Virtual Currencies" (June 2015 - 46 page PDF).  

The work so far is in the form of a report to the G20, which addresses many topics in addition to Virutal Currencies:


In part the report shares:

"Noting that virtual currencies/crypto-assets raise issues with respect to money laundering and terrorist financing, they committed to implement the FATF Standards as they apply to virtual currencies/crypto-assets.  They looked forward to the FATF review of those Standards, called on the FATF to advance global implementation, and asked the FATF to provide an update on this work in July 2018.  The FATF will take this work forward under the US presidency from 1 July 2018 to 30 June 2019."

This work begins with first reviewing laws and regulations regarding crypto-assets and virtual currencies in each of the G20 states.

More on this topic will certainly be forth-coming from FATF.






CyberCrime & Doing Time

Money Laundering and Counter-Terrorist Financing: What is FATF?

Many cybercrime investigators seem narrowly focused on the bits and bytes of the crimes they investigate while not truly understanding or interacting with those who focus on where the money goes.  As we've been expanding our horizons, I've learned quite a bit and wanted to share some resources for others who may have been similarly limited in their focus.

The Financial Action Task Force (FATF) was established in 1989. It built a list of Forty Recommendations for countries to address Money Laundering, which were first issued in 1990, and revised in 1996, 2001, 2003, and 2012.  Their latest FATF Annual Report (2017-2018) addresses Terrorist financing as well as new methods and trends and announces a research project on financing of recruitment for terrorism.  Many of these Recommendations meet our lives in the form of regulations on financial institutions and interactions between international law enforcement agencies.
"Regardless of their size and complexity, the financial activities and channels of terrorists are an essential source of intelligence.  Financial investigation can identify terrorist cells, their associates and facilitators, and reveal the structure of terrorist groups, and their logistics and facilitation networks." -- FATF President Santiago Otamendi, 14DEC2017, NYC.
FATF also released an important report "Financing of Recruitment for Terrorist Purposes" in January 2018, and a second report "Concealment of Beneficial Ownership" in July 2018.
Beneficial Ownership (July 2018)
Terrorist Recruitment (January 2018)
FATF is composed of 38 member states, covering most of the major financial centers of the world. Each of these member states has pledged to come into compliance with the Forty Recommendations, and to measure its progress.

The FATF Forty Recommendations on Money Laundering and Counter Terrorism Finance

International Standards on Combating Money Launderingand the Financing of Terrorism& Proliferation (Oct 2018)
The Recommendations fall into seven major categories:

A - AML/CFT Policies and Coordination
  • R1. Asessing risks & applying a risk-based approach
  • R2. National cooperation and coordination


B - Money Laundering and Confiscation

  • R3. Money laundering offense 
  • R4. Confiscation and provisional measures


C - Terrorist Financing and Financing of Proliferation

  • R5. Terrorist financing offense
  • R6. Targeted financial sanctions related to terrorism and terrorist financing
  • R7. Targeted financial sanctions related to proliferation 
  • R8. Non-profit organizations


D - Preventative Measures

  • R9. Financial institution secrecy laws
  • R10. Customer due diligence 
  • R11. Record keeping 
  • R12. Politically exposed persons
  • R13. Correspondent banking
  • R14. Money or Value transfer services
  • R15. New technologies
  • R16. Wire transfers 
  • R17. Reliance on third parties 
  • R18. Internal controls and foreign branches and subsidiaries
  • R19. Higher-risk countries
  • R20. Reporting of suspicious transactions
  • R21. Tipping-off and confidentiality 
  • R22. Designated non-Financial Businesses and Professions: Customer due diligence
  • R23. Designated non-Financial Businesses and Professions: Other measures 


E - Transparency and Beneficial Ownership of Legal Persons and Arrangements

  • R24. Transparency and beneficial ownership of legal persons
  • R25. Transparency and beneficial ownership of legal arrangements 


F - Powers and Responsibilities of Competent Authorities and Other Institutional Measures

  • R26. Regulation and supervision of financial institutions
  • R27. Powers of supervisors
  • R28. Regulation and supervision of Designated non-Financial Businesses and Professions
  • R29. Financial intelligence units
  • R30. Responsibilities of law enforcement and investigative authorities 
  • R31. Powers of law enforcement and investigative authorities 
  • R32. Cash couriers 
  • R33. Statistics
  • R34. Guidance and feedback 
  • R35. Sanctions 


G - International Cooperation

  • R36. International instruments 
  • R37. Mutual legal assistance 
  • R38. Mutual legal assistance: freezing and confiscation
  • R39. Extradition 
  • R40. Other forms of international cooperation 


Mutual Evalution and Ranking of Members  

4th Round Ratings
In this chart, each member state, including the Associate members, is ranked on how well they comply with each of the 11 "Immediate Outcomes" and 40 Recommendations.  For example, the United States is currently not compliant with recommendations 22, 23, and 24 -- so, we don't do well in non-financial institutions, and our shell company games are impossible to monitor as of now, but we do generally do well in most others.  Clicking the "4th Round Ratings" label will take you to the full chart.  If you do international business, it may be a form of risk doing businesses in countries with poor ratings across the board here.

FATF Member Assessments

Each member is encouraged to perform regular assessments to measure themselves on how they are complying with the Forty Recommendations.  Here are example reports from the United States, but these reports are available for every country that participates in FATF or one of the Associate Members.  In the United States, these assessments are published by the Department of the Treasury.  These reports were issued in 2015 by the Treasury Undersecretary for Terrorism and Financial Intelligence, Adam Szubin.

2015 Money Laundering Risk Assessment

2015 Terrorist Financing Risk Assessment

The goal of sharing these examples is to serve as a reminder that from the FATF site, ALL such reports for all member states are available, by looking for the "Mutual Evalutions Publications." As of this writing the four newest ones are from Tunisia, Nicaragua, Panama, and Tajikistan.

FATF Associate Members

FATF also has 9 Regional Bodies, considered "FATF Associate Members" each of which put out specialized information for their portion of the world.  For those who are interested in that Region, following up on those specific regions reports from their representative task forces and groups will be worthwhile.

A Special Focus on Terrorist Financing Risks 

FATF issued their first special report offering guidance on Terrorist Financing in 2008:


Several more recent reports would be especially interesting regarding terrorist financing, stemming from an emergency meeting of 55 states, the United Nations, the Egmont Group of Financial Intelligence Units, the International Monetary Fund, the World Bank, and others specifically to address curbing the financing of ISIS/ISIL.



In the Paris meeting of 19OCT2018, FATF encouraged members to expand their focus from looking specifically at ISIL to more broadly include Al Qaeda and its Affiliates, issuing this guidance:



Regional Terrorist Financing Focuses

There have also been significant regional reports issued by sub-groups and associate members.

The Counter-Terrorism Financing Summit, hosted by Australia's Financial Intelligence Agency (AUSTRAC) and the Indonesian counterpart, Pusat Pelaporan dan Analisis Transaksi Keuangan (PPATK), issued the Regional Risk Assessment on Terrorism Financing 2016.  The following year, the event was repeated, adding Bank Negara Malaysia as a partner.  These events issued two small statements, and one more substantial report, addressing events in Philippines, Thailand, Malaysia, Singapore, Indonesia, and Australia, and how those events were funded.

A risk methodology for their region (p.22)

The Nusa Dua Statement - August 2016 
Kuala Lumpur Communique - November 2017 


West and Central Africa have very different concerns, and held a summit to discuss these differences, resulting in this excellent joint publication: 

"Terrorist Financing in West and Central Africa", October 2016
50 page joint report from FATF, GIABA, and GABAC


Particular Funding Methods for Terrorism Finance

Many other special reports have been issued, related to the trade in:

Virtual Currencies of Growing Concern

In the Paris meeting 19OCT2018, a special issue that was raised was the Regulation of Virtual Currencies.  This was deemed to be a matter of strategic interest that will be further evaluated, especially with regard to Initial Coin Offerings and their role in Money Laundering.  FATF has committed to work with the G20 to come up with new guidelines to update their previous report "Virtual Currencies: Key Definitions and Potential AML/CFT Risks" as well as their report "Guidance for a Risk-based Approach to Virtual Currencies" (June 2015 - 46 page PDF).  

The work so far is in the form of a report to the G20, which addresses many topics in addition to Virutal Currencies:


In part the report shares:

"Noting that virtual currencies/crypto-assets raise issues with respect to money laundering and terrorist financing, they committed to implement the FATF Standards as they apply to virtual currencies/crypto-assets.  They looked forward to the FATF review of those Standards, called on the FATF to advance global implementation, and asked the FATF to provide an update on this work in July 2018.  The FATF will take this work forward under the US presidency from 1 July 2018 to 30 June 2019."

This work begins with first reviewing laws and regulations regarding crypto-assets and virtual currencies in each of the G20 states.

More on this topic will certainly be forth-coming from FATF.




Memphis BEC Scammers Arrested and At Large

The FBI announced another round of Business Email Compromise arrests this past week.  This time, a focus was in Memphis, Tennessee.  According to the Western District of Tennessee Press Release, "Eight Arrested in Africa-Based Cybercrime and Business Email Compromise Conspiracy", the individuals involved stole more than $15 Million!

The main indictment, originally filed in August 2017, charges 11 individuals with a variety of offenses related to their Business Email Compromise [BEC] crimes.


Count 1: 18 USC §1349.F - Attempt and Conspiracy to Commit Mail Fraud - penalties of up 20 years in prison and fines of up to $250,000, plus supervised release for up to 3 years.

Counts 2-8: 18 USC §1343.F - Fraud by Wire, Radio, or Television - penalties of up to 20 years in prison and fines of up to $250,000, plus supervised release for up to 3 years.

Count 9: 18 USC §§1956-4390.F - Money Laundering - Embezzlement, Other - penalties of up to 20 years in prison and fines of up to $500,000, plus supervised release for up to 3 years.

Count 10: 18 USC §371.F - Conspiracy to Defraud the United States - penalties of up to 5 years in prison and fines of up to $250,000, plus supervised release for up to 1 year.

Count 11-14: 18 USC §10288.A.F - Fraud with Identification Documents + Aggravated Identity Theft - 2 years incarceration consecutive to any other sentence imposed, plus fines of not more than $250,000.

1. Babatunde Martins (Counts 1,9,10,11)
2. Victor Daniel Fortune Okorhi (Counts 1,9,10)
3. Benard Emurhowhoariogho Okorkhi (Counts 1, 2, 3, 9, 10)
4. Maxwell Peter (Counts 1, 4, 6, 7, 8, 9, 10, 11, 14)
5. Dennis Miah - (Counts 1,9,10,11,13)
6. Sumaila Hardi Wumpini - (Counts 1,9,10)
7. Olufolajimi Abegunde (USM # 71343-019), (Counts 1,9,12)
8. Ayodeji Olumide Ojo (Counts 1,9,12)
9. Dana Brady (Counts 1,9)
10. James Dean (USM # 52637-076)  (Counts 1,9)
11. Javier Luis Ramos Alonso, 28,  (USM #24513-111) (Counts 1, 5, 9, 12)

In a separate indictment, Rashid Abdulai, was charged for much of the same, but with his key role being controlling five TD Bank accounts that were used to launder funds.

The primary victim in this case seems to be "Company A", a real estate company in Memphis, who is foolishly identified in the indictment through the carelessness of the author.  I've chosen to redact myself on that, but DAMN!  When you describe the company in such a way that there is exactly one such company on planet earth, you are failing to keep the faith of your victim companies.  Shame!

Fortunately, the indictment also shares a lot of details on the defendants:

RASHID ABDULAI, age 24
a citizen of Ghana, residing in Bronx, New York
controlled at least five TD Bank accounts

BABATUNDE MARTINS, age 62
email: papamart2000@yahoo.com
Company: Afriocean LTD
Nigerian citizen living in Ghana

VICTOR DANIEL FORTUNE OKORHI, age 35 -  *** STILL AT LARGE AND WANTED***
emails:  vicfoko@yahoo.com, VicdarycorriLTD@gmail.com, vicdarycomltd@icloud.com
Company: Vicdary Company LTD
Nigerian citizen living in Ghana

BENARD EMURHOWWHOARIOGHO OKORHI, age 39
emails: Marc.Richards@aol.com, benardokorhi@yahoo.com
Company: Coolben Royal Links LTD
Nigerian citizen living in Ghana

MAXWELL ATUGBA ABAYETA (AKA Peter Maxwell, AKA Maxwell Peter ), age 26
emails: petermaxwell200@gmail.com, sandarlin200@yahoo.com
social accounts: Facebook.com/maxwell.peter.5688
citizen of Ghana

DENNIS MIAH (aka Dennis Brown, AKA Dr. Den Brown), age 34 -  *** STILL AT LARGE AND WANTED***
 emails: JimRoyAirSeal1@yahoo.com, drdenbrown@yahoo.com
social accounts: Facebook.com/Oga.Bossson, Twitter.com/Oga.Bossson
citizen of Ghana

SUMAILA HARDI WUMPINI, age 29 - *** STILL AT LARGE AND WANTED***
email: hardi765_new@hotmail.com
social accounts: Facebook.com/Wumpini.Hardy
resident of Ghana

OLUFOLAJIMI ABEGUNDE, age 31
Nigerian citizen residing in Atlanta, Georgia

AYODEJI OLUMIDE OJO, age 35 -  *** STILL AT LARGE AND WANTED***
Nigerian citizen, lives with ABEGUNDE in Atlanta when in United States

DANA BRADY, aged 61
emails: bradydana50@gmail.com
US Citizen residing in Auburn, Washington

JAMES DEAN, aged 65
US Citizen, residing in Plainfield, Indiana

JAVIER LUIS RAMOS ALONSO, aged 28
Mexican citizen, residing in Seaside, California

D. G. -
emails: d2t2green696@gmail.com, d2t2green696@yahoo.com
US Citizen residing in Mississippi

J.R.
emails: LRIGNWM@yahoo.com
US Citizen residing in New Jersey

M.Z.
emails: CMIMIGO@aol.com
US Citizen residing in Utah

T.W. - US Citizen residing in Tennessee
J.B. - US Citizen residing in Alabama
C.M. - US Citizen residing in Tennessee (Western District)
C.W. - US Citizen residing in Tennessee
A.K. - US Citizen residing in Tennessee (Western District)
V.M. - US Citizen residing in Georgia

How It Worked

Martins, Maxwell, Bernard Okorhi, Victor Okorhi, and/or Miah would get the IP addresses of potentially vulnerable email servers and target them for intrusion.  Using US based IP addresses offered through VPN services, they would access a variety of websites, including credit card transaction processors and dating websites.  Their role in the conspiracy also included originating the spoofed emails that will be explained later.

Martins, both Okorhis, Maxwell, Miah, Wumpini, Brady, Dean, Ojo, and others would open bank accounts for receiving fraudulently-obtained funds and sending them to other accounts controlled by their co-conspirators.  

Because they had control of email accounts at Crye-Leike, they could tell when fund transfers related to real estate sales were scheduled to take place.  They would then spoof the email addresses of those involved in the transactions and send instructions causing the financial transfers to be redirected to accounts controlled by members of the conspiracy.

The funds were then laundered in a variety of ways, including using the funds to purchase goods, including construction materials, cell phones, and other electronics, and having those goods shipped to Ghana for use or resale to benefit the members of the conspiracy.

Maxwell, Miah, and both Okorhis created false identities and created dating profiles with false emails to correspond to their false dating profiles.  Through these, they lured victims into online romance scams, gold-buying scams, and a variety of advanced fee fraud scams.  These romance scam victims would carry out acts on behalf of the conspiracy, including forwarding counterfeit checks, receiving and shipping merchandice, and transferring proceeds via wire, US Mail, ocean freight, and express package delivery services.

Martins, Maxwell, Miah, and both Okorhis also purchased stolen PII, including credit card information, banking information, and IP addresses from underground forums specializing in the sale of such information.

By purchasing cell phones in the United State and activating Voice-over-IP (VOIP) accounts, the US telephone numbers could then be used by the conspirators in Africa, allowing them to appear to be making their calls in the United States.

Some of the activity in this case dates back to 2012, when MIAH was already using fraudulently purchased credit cards and remote desktop protocol (RDP) to make online purchases that appeared to be in the United States.  (Hackers compromise US computers and set them up to use RDP so that foreign criminals can use them to originate credit card purchases in places where the credit card was issued.  By having, say, a Memphis Tennessee IP address, purchases made by a Memphis Tennessee credit card do not seem as suspicious.)

Specific Acts

Some of their crimes were extremely bold.  For example:

"On or about December 13, 2016, MIAH caused construction materials to be purchased with fraudulently obtained funds, and caused a freight container of construction supplies to be sent to him in Ghana."  WHAT?!?!  That's bold!

The compromise of the email accounts at Company A was in play by June 30, 2016, when $33,495 was wired to the wrong location after a tip received from stolen emails.

In August 2016, OJO opened a new Wells Fargo bank account, after his previous account at Bank of America was shut down due to fraud.  He used ABEGUNDE's new address (presumably in Atlanta, Georgia) as the address for the new account.

He also opened a Wells Fargo account in the same address in October of 2016.

Benard Okorhi sent emails as "Marc.Richards@aol.com" directing C.M. to obtain cash advances from credit cards and send the proceeds to recipients in Ghana.  He also ordered C.M. to purchase five iPhones and ship them to Ghana.

Miah used the "DrDenBrown@yahoo.com" email to tell Okorhi (as Marc.Richards) to smooth things out on the phone with a romance scam victim, because Okorhi had a better American accent.

Some of the other interesting "acts" in the conspiracy included:

25JUL2016 - Javier Luis Ramos Alonso accepts a $154,371 wire from Company A into his Wells Fargo account ending in 7688 and then sends the funds to accounts controlled by OJO in Atlanta.

26MAY2017 - Maxwell Peters sends a WhatsApp message directing an undercover Memphis FBI agent to receive a $15,000 check on his behalf.  Ooops!

30MAY2017 - Maxwell Peters directs the FBI agent to send $5,000 of the proceeds to himself in Ghana.

02JUN2017 - Maxwell Peters directs the FBI agent to send a $15,000 check to himself in Ghana.

Although the indictment doesn't lay out more of the particular acts, the Press Release says that this group stole more than $15 Million altogether!

Some interesting images

"M.Z." has an interesting Amazon Wish List for a romance scammer involved in shipping electronics:

On December 8, 2017, Abdulai says is asked in one of his WhatsApp chats:  "Hope Maxwell case didn't put you into any problem."  He responded "FBI came to my house asking me stuff about those transactions that was coming into my account so I'm tryna stay out f this whatapp n stuff for a while cuz I feel like they tracking me."

You got that right, Abdulai!



Operation Wire Wire: the South Florida Cases Part 3

In the main DOJ Operation Wire Wire press release, the South Florida cases are described like this:

  • Following an investigation by the FBI and the U.S. Secret Service, 23 individuals were charged in the Southern District of Florida with laundering at least $10 million from proceeds of BEC scams, including eight people charged in an indictment unsealed last week in Miami. These eight defendants are alleged to have conspired to launder proceeds from numerous BEC scams, totaling at least approximately $5 million, including approximately $1.4 million from a victim corporation in Seattle, as well as various title companies and a law firm.
In Part 1 we reviewed 17-CR-20748, the case against Destiny Asjee Rowland, Lourdes Washington, and Cynthia Rodriguez.  (See Operation Wire Wire: The South Florida Cases, Part 1 )

In Part 2 we reviewed 18-CR-20170, the case against Eliot Pereira, Natalie Armona, Melissa Rios, Bryant Ortega, Angelo Santa Cruz, Alexis Fernandez Cruz, Roberto Carlos Gracia, Jose E. Rivera, Angeles De Jesus Angulo, Jennifer Ruiz, Yirielkys Pacheco Fernandez, and Sebastian Loayz.  (See Operation Wire Wire: The South Florida Cases, Part 2

Part 3 in our blog series focuses on those "eight people charged in an indictment unsealed last week in Miami", which refers to case 18-CR-20415, the case against Gustavo Gomez, Selene Joya, Jaremy Lucia Mena, Jose Brito Garcia, Jessica Hyde, Hillary Lee Williams, Juan Frias, and Ariel Champaign Edwards.

What links all of these cases together is that in each case, the ring leaders were recruited into their scam by the same individual: Roda Taher, who will be the focus of our next blog post "Operation Wire Wire: Who is Roda Taher?" 

The indictment begins with the statement:

"Roda Taher, aka Ressi, aka Rezi, hereinafter Taher, was the manager and supervisor of a criminal organization that engaged in money laundering by utilizing money mules and recruiters in the Southern District of Floirda, in other place in the United States, and in foreign commerce."

It then introduces our cast of characters.  As in South Florida case 1 and case 2, each of the players is recruited and instructed to set up a shell company, incorporating it in Florida, and establishing corresponding bank accounts with which to receive the proceeds of various Business Email Compromise and Spear Phishing attacks which fool company employees into wiring funds or transferring them via ACH, into the shell company accounts.

Defendant #1: Gustavo Gomez, b.1985, incorporated AG Universal Links in Hollywood, Florida.
Defendant #2: Selene Joya, b. 1990, incorporated Joya Star Life, Inc. in Miami Gardens, Florida.
Defendant #3: Jaremy Lucia Mena, b. 1992, incorporated Jaremy International, Inc. in North Miami, Florida.
Defendant #4: Jose Brito Garcia, b. 1981, incorporated Brito Commercial Products, Inc. in Hollywood, Florida.
Defendant #5: Jessica "Chuchi" Hyde, b.1987, incorporated Hyde Quality Inc. in Cutler Bay, Florida.
Defendant #6: Hillary Lee Williams, b. 1992, incorporated H Lee W Trade Group Inc. in Miami, Florida.
Defendant #7: Juan Frias, b. 1985, incorporated Ocean Surplus, Inc. in Miami, Florida.
Defendant #8: Ariel Champaign Edwards, b. 1991, incorporated Ariel Prime Trades Inc. in Miami, Florida.

Gustao Gomez worked closely with Roda Taher and other recruiters to recruit money mules and coach them in the manner in which they should set up their bank accounts.  According to the indictment:

"The recruiters would instruct money mules to open bank accounts in the name of their shell companies at various banks in the Southern District of Florida and elsewhere, and to falsely tell bank representatives that their shell company was a legitimate business engaged in the sale, import, or export of goods.  Taher and his recruiters gave different money mules a variety of false and fraudulent explanations regarding the nature of their businesses, including the sale, export, or import of textiles, furniture, electronics, or other goods.  However, the shell companies would not conduct any legitimate business."

"Once a money mule had opened a shell bank account in his or her shell company's name, those accounts would receive wire transfers of the proceeds of various fraudulent schemes.  The fraudulent schemes included, primarily, but were not limited to, email hacking or spoofing, also known as business email compromise and spearphishing scams.  Co-conspirators would hack into a victim's email account or otherwise take over that account without permission.  In a variation of this scheme, co-conspirators would "spoof" or create a fraudulent email account that was made to look like a victim's real email account.  The co-conspirators would then send email messages via the hacked or spoofed email accounts to individuals or corporations, instructing them to wire large sums of money to the money mules' shell bank accounts."

Roda Taher and the other recruiters would notify the mules when funds would be arriving into their accounts. These communications were primarily via the mobile phone encrypted messaging service WhatsApp.  They would be given instructions on what amounts would be received, where to wire the funds, and what commissions they were allowed to withdraw.  The commissions would be split with their recruiter, while the wires often sent the bulk of the money to China, Poland, and other destinations.

When banks closed the accounts, Taher would instruct the mules to open additional accounts at other banks.  Top performing mules were invited to become recruiters by inviting others to join the scheme as mules.  Recruiters received a percentage of the proceeds from the work of each mule they recruited.

The transactions particularly mentioned in the indictment are listed here. 

CountDateDefendantTransaction
202JUL2014Gustavo Gomez$48,500 from AG Universal Links' Wells Fargo Bank account to Sonish Enterprises FZE in Dubai, UAE
318JUL2014Gustavo Gomez$192,000 from AG Universal Links' Wells Fargo Bank account to Sonish Enterprises FZE in Dubai, UAE
419JUL2014Gustavo Gomez$4,500 from AG Universal Links' Wells Fargo Bank account to Zion Luxury Car Rental Inc.
501AUG2016Selene Joya$8,600 from Joya Star Life Inc's Bank of America Account
601AUG2016Selene Joya$5,500 from Joya Star Life Inc's Bank of America Account
701AUG2016Selene Joya$4,000 from Joya Star Life Inc's Bank of America Account
826JAN2017Jaremy Lucia Mena$78,902 from Jaremy International Inc's TD Bank account to Bella Tyre Co Ltd in China
926JAN2017Jaremy Lucia Mena$9,400 from Jaremy International Inc's TD Bank account
1013FEB2017Jose Brito Garcia$37,904 from Brito Commercial Products Inc's TD Bank account to Huge Elite Limited in Shanghai, China(*)
1117MAY2017Hillary Lee Williams$79,980 from H Lee W Trade Group's SunTrust Bank account to Redington Gulf FZE in Dubai, UAE
1206SEP2017Juan Frias$59,700 from Ocean Surplus Inc's TD Bank account to Zhejiang Oudi Machine Co. Ltd. in Zhejiang, China
1302NOV2017Ariel Champaign Edwards$8,200 from Ariel Prime Trade Inc's Wells Fargo account
1421NOV2017Ariel Champaign Edwards$700 from Ariel Prime Trade's Bank of America account

* - Worth noting that "Huge Elite Limited" in Shanghai, China was also the recipient of ill-gotten gains from Bryant Ortega in "Part 2."

This case is much "fresher" than some of the others.  The first arraignment in the case being Gustavo Gomez's appearance on May 31, 2018.  Gustavo just bonded out on June 11, 2018, for $50,000 posted by his girlfriend's brother.

Operation Wire Wire: the South Florida Cases Part 2

The Second South Florida case is linked to the first because this entire conspiracy also is part of the work of Roda Taher, AKA Ressi, AKA Rezi, the top recruiter in the first case.  However, in this 30 count indictment, the only one NOT named is Roda Taher.

Rezi recruited Eliot Pereira and Melissa Rios, below, who each in turn recruited others.




Defendant #1:  Eliot Pereira, b.1993 - opened "Eliot Products & Arts, Inc." and recruited and managed mules.
Defendant #2: Natalie Armona - opened "Armona Furniture Design Concept & Textile" and recruited and managed multiple mules and recruiters, including defendants #5, #8, #9, #10, and #12.
Defendant #3: Melissa Rios, b. 1996 - opened "Taihan Fiberoptics, Inc." and recruited #2
Defendant #4: Bryant Ortega, b. 1996 - opened "Bryant Tech Deals" and recruited and managed multiple mules, including Defendant #7. (4631 West 9th Court, Hialeah, FL 33012)
Defendant #5: Angelo Santa Cruz, b. 1994 - opened "ASC Worldwide, Inc" and recruited and managed multiple mules, including Defendants #6 & #11.
Defendant #6: Alexis Fernandez Cruz, b. 1992 - opened "Alexis Universal, Inc."
Defendant #7: Roberto Carlos Gracia, b. 1994 - opened RCG Deals, Inc.
Defendant #8: Jose E. Rivera, b. 1989 - opened Rivera Worldwide, Inc.
Defendant #9: Angeles De Jesus Angulo, b. 1996 - opened Angeles Premier Trades, Inc.
Defendant #10: Jennifer Ruiz, b. 1994 - opened Josette Quality, Inc.
Defendant #11: Yirielkys Pacheco Fernandez, b. 1984 - opened YF Nationwide, Inc.
Defendant #12: Sebastian Loayza, b. 1994 - opened Sure Trades, Inc.

This case starts off with a criminal complaint from the Miami office of the United States Secret Service.

It begins with his overview of the case, which is worth quoting here:

"Federal law enforcement agents have been investigating numerous business email compromise and spear phishing scams wherein various fraudsters targeted employees with access to company finances and tricked them into making wire transfers to bank accounts thought to belong to trusted partners -- except in fact, the accounts were shell companies controlled by the fraudsters.

Different people played different roles in the scheme.  Some of the co-conspirators hacked into and took control over certain victim companies' business email accounts without the knowledge or consent of the true email account holders, or created email accounts similar to, but slightly different from, real business email accounts.  Using the sham or compromised email accounts, the fraudsters then sent emails soliciting payments, claiming that funds were owed, and representing that payments for services rendered by the victim companies should be redirected to different accounts.

Other co-conspirators, known as money mules, opened shell companies and bank accounts into which the funds were fraudulently transferred, and then withdrew the fraud proceeds in cash, or wired the fraud proceeds into their foreign and domestic bank accounts.  Several money mules progressed to recruiting and managing other mules."

Natalie Armona may have been a good choice for Melissa to recruit based on her work.  Here's a Facebook post of hers from last year!  But by the dates, she had been in the money mule business quite a while before landing this job as a Junior Processor at a lending firm.


Armona's TD Bank account 

The complaint begins by telling the story of Natalie ARMONA, who opened a business, Armona Furniture Design Concept & Textile Inc., incorporating the business in Florida using her home address and opening a business checking account at TD Bank.  She was the sole signatory, and used her true social security number on the account.  The account was opened on December 9, 2106 and received its first wire December 14, 2016, from a scammed medical center (Victim Company A).  After taking out her commission in cash ($5,500) using her true Florida drivers license number as identity confirmation, Armona wired the rest of the money to "Flame Land International Limited" in Hong Kong.

On December 21, 2016, Armona's TD Bank account received an ACH for $724,395. Armona again paid herself first, withdrawing $10,508 in person.  Three wires went out.  $288,301 to "Caplan Sp Zoo" in Warszawa, Poland.  $194,110 to the same.  $94,218 to "Baolifeng Intl Trading Limited" in Shenzhen, China.  Armona paid herself twice more, once for $5,500 and once for $9400.  On December 27, 2016, she dipped three more times, for $800, $3800, and $9900.

Armona's SunTrust Bank account 

On December 9, 2016, Armona Furniture opened a SunTrust Bank account.  On December 30th she got an inbound ACH of $35,170 from a Pennsylvania sign company.  Also on December 30th, she got an incoming wire from Kukutula Development Company LLC in Koloa, Hawaii in the amount of $59,850.  On January 3, 2017, Armona withdrew $35,170.  On January 13, 2017, SunTrust closed the account for fraud with a balance of $59,850.

ASC WorldWide

A collaborating witness told the Miami Electronic Crimes Task Force that he had been recruited by Armona and had opened a shell company in the name ASC WorldWide, with accounts at TD Bank and Suntrust Bank.  Among other activities, he used email-based scams to cause $80,000 to be wired.

After a few successful jobs, the suspect said that Armona told him he could earn extra money by recruiting others into the scam.  He agreed to allow the USSS to record his emails, phone calls, and any text or WhatsApp communications involving others in the scheme.

The Ortega Case 

Although Bryant is not credited with recruiting Natalie Armona, the two are Facebook friends.  Bryant's profile also suggests that he may have had access to Personal Information, as an agent at a Health Insurance organization.  His cover photo indicates he's a fan of money!


The same USSS agent who did Armona's case also swore out the affidavit of criminal complaint against Bryant Ortega.  Ortega opened a TD Bank account for his new corporation, Bryant Tech Deals, which matched his home address of 2160 NW 111 Avenue, Sunrise, Florida 33322.  Bryant Tech Deals also opened a SunTrust account.  Both accounts were opened on February 13, 2017 and on March 6, 2017 the SunTrust account received an inbound wire of $283,750.50.  On March 7th, three withdrawals were made.  $500 from an ATM, $5600 over-the-counter, and $8400, also over-the-counter.  Ortega's true Florida drivers license was shown as proof of identify for the in-person withdrawals. Also on March 7, 2017, $94,110 was wired to "Huge Elite Limited" in Shanghai, China. After paying himself three more times the following day ($400 ATM, $800 at the counter, and $6200 at the counter), another wire of $128,705 went to Huge Elite Limited.  On March 9, 2017, an additional  $33,000 was wired out to "Lofty Ease Limited" in Shanghai, China.
(Ortega was arrested Jan 25, 2018)

The Pereira Case 

The third case, Feb 23, 2018, has an affidavit from Miami's FBI office from an agent who previously served as a Computer Scientist in the Philadelphia office! Pereira ran several schemes against companies by impersonating their officers, including Fakhoury Law Group (Troy, Michigan), High Tech Lending (San Diego, California), Gaumer Company (Houston, Texas), Park Corporation (Cleveland, Ohio), and Zija International (Lehi, Utah.)  Each of those companies received fraudulent emails, claiming to be from an executive of their own company, ordering that wires be sent to accounts controlled by "OS Fly Tech Incorporated."   Pereira hired an unnamed middle man to set up additional corporate accounts at Bank of America, Wells Fargo, SunTrust Bank, and Regions Bank.  The Middleman says that Pereira was working with an unknown male who he called "Rezi."  This would be the same person that Cynthia Rodriguez was working for (see Operation Wire Wire: The South Florida Cases, Part 1) Roda Taher.  Pereira and Rezi gave one of their mules an email os20technologies@gmail.com to use.


As shown above, nearly $1M in wires were sent to company accounts at Bank of America, SunTrust Bank,  TD Bank, and Wells Fargo Bank in September and October of 2016.  Pereira and his middleman communicated through WhatsApp and Email.  (954.554.5501 / bossmanweston@gmail.com / osflytechnologies@gmail.com )

The Big Picture 

Roda Taher, AKA Ressi, AKA Rezi, was the manager and supervisor of a criminal organization in the Southern District of Florida and elsewhere.  He recruited all of the defendants in this case, encouraged them to open shell accounts and receive illegally transferred funds, some of which they directly wired to China, Poland, and elsewhere.

The case involves 30 distinct financial transactions:
CountDateDefendantTransaction
202SEP2016Eliot Pereira$89,630 from OS Fly Tech's Wells Fargo account to China
330NOV2016Melissa Rios$13,844 from Tiahan Fiberoptics Inc's TD Bank account to Huzhou Nanmei Textile
423DEC2016Natalie Armona$288,301 from Armona Furniture's TD Bank account to Caplan Sp Zoo in Warszawa Poland
423DEC2016Natalie Armona$194,110 from Armona Furniture's TD Bank account to Caplan Sp Zoo in Warszawa Poland
523DEC2016Natalie Armona$288,301 from Armona Furniture's TD Bank account to Caplan Sp Zoo in Warszawa Poland
623DEC2016Natalie Armona$94,218 from Armona Furniture's TD Bank account to Baolifeng Intl. Trading Limited in Shenzhen China
712JAN2017Natalie Armona$44,618 from Armona Furniture's TD Bank account to Hangzhou Jieenda Textile Co Ltd in China
807MAR2017Bryant Ortega$94,110 from Bryant Tech Deal's SunTrust account to Huge Elite Limited in Shanghai, China
908MAR2017Bryant Ortega$128,705 from Bryant Tech Deal's SunTrust account to Huge Elite Limited in Shanghai, China
1008MAR2017Bryant Ortega$6,200 from Bryant Tech Deal's SunTrust account
1128MAR2017Bryant Ortega$179,302 from Bryant Tech Deal's SunTrust account to Lofty Ease Limited in Shanghai, China
1214APR2017Roberto Carlos Garcia$3,500 from RCG Deals Inc's Bank of America account
1317APR2017Roberto Carlos Garcia$112,000 from RCG Deals Inc's Bank of America account to KT and G Corp
1417APR2017Roberto Carlos Garcia$7,000 from RCG Deals Inc's Bank of America account
1517APR2017Roberto Carlos Garcia$3,000 from RCG Deals Inc's Bank of America account
1628APR2017Jennifer Ruiz$39,841 from Josette Quality Inc's TD Bank account to Huzhou Nanmei Textile Co. Ltd.
1728APR2017Jennifer Ruiz$3,400 from Josette Quality Inc's TD Bank account
1804MAY2017Roberto Carlos Garcia$100 from RCG Deals Inc's Bank of America account
1926OCT2017Angelo Santa Cruz$88,950 from ASC Worldwide's Chase Bank account to Niche Holding Ltd.
2026OCT2017Angelo Santa Cruz$7,000 from ASC Worldwide's Chase Bank account
2101NOV2017Alexis Fernandez Cruz$8,600 from Alexis Universal Inc's TD Bank account
2207NOV2017Angelo Santa Cruz$96,500 from ASC Worldwide's TD Bank account to Zhejiang Oudi Machine Co. Ltd.
2307NOV2017Angelo Santa Cruz$8,500 from ASC Worldwide's TD Bank account
2409NOV2017Alexis Fernandez Cruz$8,500 from Alexis Universal Inc's SunTrust Bank account
2521NOV2017Yirielkys Pacheco Fernandez$34,810 from YF Nationwide Inc's Chase Bank account to Nantong Gomaa International Co. Ltd.
2606DEC2017Yirielkys Pacheco Fernandez$88,528 from YF Nationwide Inc's Chase Bank account
2730NOV2017Jose E. Rivera$54,210 from Rivera Worldwide Inc's Bank of America account to Zhejiang Senhuang Trading in Zhejiang, China
2830NOV2017Jose E. Rivera$6,100 from Rivera Worldwide Inc's Bank of America account
2903JAN2018Angeles De Jesus Angulo$79,400 from Angeles Premier Trades Inc's Wells Fargo Bank account to Farstar International Ltd
3003JAN2018Angeles De Jesus Angulo$8,600 from Angeles Premier Trades Inc's Wells Fargo Bank account

Altogether, this group is charged with laundering more than $5,000,000.

The case is scheduled to be heard in Jury Trial beginning on June 25, 2018 before Judge Marcia G. Cooke in Miami, Florida.

Tomorrow (June 13, 2018) two of the defendants are meeting to change their plea.  Jennifer Ruiz and Yirielkys Pacheco Fernandez have decided they may not want the 20 year sentence that all of them are facing as part of a conspiracy to commit money laundering at this level!

Operation Wire Wire: The South Florida Cases, Part 1

Yesterday we started a series of posts about Operation Wire Wire, where the Department of Justice announced charges against 74 people for Business Email Compromise and related scams.

The South Florida cases are so huge, we're actually going to break them into three parts as well.  In part one, we'll look at the case against Cynthia Rodriguez, Destiny Asjee Rowland, and Lourdes Washington.


Defendant #1: Cynthia Rodriguez:
18:1349.F Conspiracy to Commit Wire Fraud
18:1956-3300.F Conspiracy to Commit Money Laundering
18:1956-3300.F Money Laundering and Forfeiture Count

Defendant #2: Destiny Asjee Rowland
18:1343 Wire Fraud
18:1349 Conspiracy to Commit Wire Fraud
18:1956(h) Conspiracy to Commit Money Laundering
18:1956 Money Laundering
18:1956(a)(1)(B)(i) Money Laundering

Defendant #3: Lourdes Washington
18:1349 Conspiracy to Commit Wire Fraud
18:1956(h) Conspiracy to Commit Money Laundering
18:1956(a)(1)(B)(i) Money Laundering

According to the indictment against Destiny Asjee Rowland, Rowland incorporated "Asjee Luxury Inc" in July 2017 and claimed to be a furniture merchant wholesaler at 3688 NW 83rd Lane in Sunrise, Florida.  The victim companies in her case were a company in Eau Claire, Wisconsin, a lumber company in Illinois, and an escrow company in Roseville, California that was selling property for two people called "KW" and "TW" in the indictment.

Asjee Luxury opened accounts at TD Bank and SunTrust Bank.  Using other people's names and email addresses, she convinced companies to transfer money to her account, including by falsely claiming to be the lumber company, where she sent "urgent audit" notices to the Wisconsin company demanding immediate wire transfers of payments owed to the lumber company.  That email came from an IP address in Nigeria on July 27, 2017.  By July 28th, a Bank of America account in Wisconsin had sent $1,651,699 to her TD Bank account in Florida.

 She also caused the escrow company to redirect payments intended for their clients KW and TW to accounts she controlled, receiving $451,759 from a City National Bank account in California into her SunTrust Bank account in Florida on July 31, 2017.

Cynthia Rodriguez and Loudes Washington have a ten page criminal complaint written by a US Secret Service agent to describe their case.  Washington created a new business, LW Nationwide Inc, at 9561 Fountainebleau Blvd, Apartment 402, Miami, Florida 33172, which coincidentally is also his driver's license address.  Then he opened a Bank of America account in that name.

A Real Estate attorney, BD, was handling the closing on several pieces of property.  On Feb 14, 2017, he receives an email from ***@themarstongroup.com informing him that he would receive a check for $37,225 via registered mail, along with a 1099 tax form.  The next day, an email from the same name ***@gmx.us said that he was leaving town unexpectedly and needed the funds sent via wire transfer instead.  Those funds were then directed to the BofA account of LW Nationwide.  Those funds were immediately RE-wired to a bank account in Zhejiang, China.  The same day, Washington withdrew funds from an ATM in Hialeah, Florida.  Three minutes later, at the same ATM machine, Cynthia Rodriguez withdrew funds from the LW Nationwide account, using the same debit card as Washington.   Bank of America's logs reveal that an IP address, 50.143.68.4 was used to access the account.  That IP address was Rodriguez's home Comcast Cable account at 2914 Funston Street, in Hollywood, Florida.  Rodriguez made additional withdrawals from the account, including from a drivethrough ATM whose cameras captured the license plate of her Nissan Quest, 520-TML, registered to Rodriguez.

Washington was later arrested (December 2017) as a result of an open warrant in Kentucky, and testified to opening the accounts, making the wire transfers, and doing the cash withdrawals "at the behest of her recruiter/manager" who she did not identify.

Meanwhile, the Eu Claire, Wisconsin business contacted the US Secret Service about the scam involving the fake invoices from the lumber company.   Records from the state of Florida revealed that Asjee Luxury only had one officer, and one signatory on their bank accounts. What seems to be a cooperating witness (Individual 1) in that case revealed that Rodriguez had recruited them to open several sham business accounts, including the TD Bank account belonging to Asjee Luxury!  Shortly after the California real estate company wired money into that account, ATM video footage showed Individual 1 withdrawing $8,000 cash from the account.  Individual 1 would then give half of the money to Rodriguez and keep the other half.  Individual 1 also opened a shell company called Wide Assure Trades Inc and a corresponding Bank of America account.

On October 27, 2017, Rodriguez notified Individual 1 that Wide Assure Trades was going to receive some money.  That account was logged into the same day from 76.18.27.6, the IP address that Comcast listed for Rodriguez's home address at 2914 Funston Street, Hollywood Florida at that time.  (DHCP addresses change from time to time.)

Later an additional document, not an indictment, but rather "Superseding Information" was filed



The Superseding Information reveals that Cynthia Rodriguez had incorporated "CR Elegant Trades" in September 2014 from her home address in Hialeah, Florida.  We already spoke of Washington's company, LW Nationwide, and Rowland's company, Asjee Luxury.  The superseding information speaks of (but does not give many details) an ongoing conspiracy from 2014 until 2018 that involved the creation of many shell companies and many fraudulent wire transfers. 

"It was the purpose of the conspiracy for the defendants and their co-conspirators to unlawfully enrich themselves by obtaining and misappropriating money from victims, by making materially false and fraudulent representations, and by the concealment of material facts, concerning, among other things, the true identify of the defendants and their co-conspirators and the purported need for victims to make payments to the defendants and their co-conspirators."

Lourdes Washington entered a plea agreement that included the fact that she may face 20 years in prison, 3 years supervised release, and a fine of $250,000 or double the pecuniary gain, as well as restitution, and acknowledging that they may be "denaturalized and removed" as a result of their crimes.  In other words, Washington had a public defender, as the only funds they tie to her are $37,225.  (It will be interesting to see what actually happens at sentencing on July 9, 2018.)

Cynthia Rodriguez also plead guilty, but in her case, she named her recruiter.  In the plea agreement, she agrees that she and her co-conspirators opened shell corporations and bank accounts for the purpose of receiving proceeds of wire fraud scams in exchange for a percentage of profits.  But then she says she was recruited to the scam by Roda TAHER.  Taher, AKA Res, AKA Rezi, AKA Ressi, recruited Rodriguez initially as a money mule, but advanced her to being a sub-recruiter, working to hire and manage additional money mules in the South Florida area. Rodriguez was responsible for providing corporate documents for her mules' shell companies, driving the money mules to banks, or ordering them to open certain accounts at certain banks, and accompanying them to withdraw funds.  She also provided directions to money mules on how to hide their schemes from banks, law enforcement and other individuals.

Rodriguez's plea agreement states that she knew the money was coming from wire fraud, and that she knew that business email compromise and spear phishing scams were used, including email account takeovers and "spoofed" email accounts making the victims believe they were making wire transfers to trusted partners, but instead depositing the funds into the accounts of the fraudsters.  Rodriguez says that she used the phone application "WhatsApp" to exchange encrypted messages with co-conspirators, including Taher, in order to evade detection by law enforcement.  Her plea confesses to laundering at least $4,760,669.80 between herself and the mules she recruited.

Like Washington, Rodriguez's plea states that she may do 20 years plus 3 supervised, and pay a fine of $250,000 or double the pecuniary gain, plus restitution, and that she may face denaturalization and removal.

Base Offense level for Washington was 8.  Increased by 18 levls due to the amount of laundered funds being between $3.5M and $9.5M.  +3 because she was a manager or supervisor in a scheme involving 5 of more participants.  +2 because of 18USC1956, and +2 because of the "sophisticated nature" of the laundering.  So, a level 33 offense.  They only decreased her 3 levels for "demonstrating acceptance of responsibility and assisting authorities in the investigation".  So she is still facing a level 30 offense.

"Furthermore, the Defendant stipulates that she owes restitution in the amount of $4,760,669.80!"

The plea agreement was signed May 23, 2018.  Rodriguez will be sentenced on July 11, 2018.

In Operation Wire Wire: The South Florida Cases Part 2, we'll look at 18-CR-20170, with defendants Eliot Pereira, Natalie Armona, Bryant Ortega, Melissa Rios, Angelo Santa Cruz, Alexis Fernandez Cruz, Roberto Carlos Gracia, Jose E. Rivera, Angeles De Jesus Angulo, Jennifer Ruiz, Yirielkys Pacheco Fernandez, and Sebastian Loyaza.

Tiberium/Consuella USPS money laundering service


Consuella was a 'USPS drop service' run by one of the Lampeduza administrator.
This type of service is used to help credit card thieves to "cash out" by sending carded labels service overseas (or not) via USPS.
They was also constantly recruiting mules in United states to keep addresses in rotation.


Here is what look like the service from an admin point of view:


Add a payement:

Users:
Supports:

News:

Settings:

Although Consuella was incredibly simple compared to others drop-shipping service such as addtrack.biz and pac-man.co who had fake website for mules on the panel.