Category: Federal Bureau of Investigation FBI Crime News

Source: Federal Bureau of Investigation FBI Crime News

Good morning. On behalf of all the men and women of the FBI, it’s an honor to be here today to remember Bryan and honor his life.

For those of you who may not know, Bryan joined the Bureau in March of 1992, and he spent his 30 years of dedicated FBI service here in Mobile.

His father, Clay, was also a Bureau employee, working 42 years with the FBI before retiring as FBI Mobile’s photographer.

And Bryan’s mom, Mary, had also been an FBI employee before Bryan was born.

So it’s clear that the FBI was in Bryan’s blood. And it was also clear to me from the conversations I had with Bryan—last fall in Mobile and again recently on the phone—that he loved the Bureau.

He loved our mission. He loved our people.

He loved getting his hands dirty, and he loved the process of investigating and digging, problem solving, and finding facts and evidence in search of the truth.

Bryan started his FBI career on the night shift as a mail and file clerk before working his way to becoming an investigative operations analyst. He would go on to do investigative work supporting the violent crimes squad for many years.

And he continued to work on Mobile’s ERT—our evidence response team—throughout his career.

Because for Bryan, no work was too dirty, and no case was too difficult.

He investigated serial murder cases, including Israel Keyes up north and Jeremy Jones here in Alabama.

In fact, I’m told that quite a few people here worked the Jones case with him.

But he also worked countless cases that many of us have never heard about—and he worked those with the same dedication and commitment to this community, and to his colleagues.

Bryan would find out, for instance, that a woman just north of here had gone missing.

And he’d spend hours and hours trying to find out where she ended up—trying to find her or, if nothing else, to at least bring closure to those she left behind.

Whenever he was given a case like that, he had a relentless drive to find out what happened.

And he loved working on ERT.

He volunteered for every temporary duty assignment that came up.

That might mean digging through a landfill in Vermont, sifting through evidence of mail bombs in Texas, or sorting through rubble and debris from the 9/11 attacks that had been hauled from Manhattan and dumped on Staten Island—looking for human remains, personal effects, or anything that might help us identify those who’d been lost in those terrorist attacks.

No job was too big or too small. No task was too dirty.

Bryan was known for saying—Let’s go. Let’s get in it.

And that passion for discovery never left him.

In fact, when I sat down with him last fall, one of the things on his mind was solving a mystery he’d wondered about for years.

Bryan was immensely proud of his family’s service with the FBI.

We talked about his Dad’s 42 years with the Bureau, and he said he believed his mother had worked for the Bureau, too, but he’d never known in what capacity.

But like any open question in his life, that was not something he could just let go.

So, he’d dug around in records and called around, but he didn’t find any records of his mom’s employment.

Then, he even submitted a Freedom of Information Act request.

You heard me right. Bryan FOIA-ed his own agency.

Now that still did not find answers, but Bryan was tenacious.

So, when we talked in December, he asked me if I could help find out the details of his mom’s employment.

Fortunately, the Bureau has spent the past two decades ingesting and sorting nearly all of our records into a high-tech facility in Virginia.

And, as luck would have it—or perhaps as a credit to Bryan’s unwillingness to give up—our incredible staff in the Information Management Division managed to track down the hard copy of Mary Myers’ final pay card, confirming her service as an FBI file clerk from 1955 to 1961.

I sincerely hope getting a copy of that card brought a smile to Bryan’s face. I’m pretty sure it did. And it certainly did to mine.

That dogged approach to finding his mom’s history with the FBI is precisely the tenacity that Bryan brought to his job, each and every day.

But I don’t want to leave the impression that Bryan was only focused on the job.

For one thing, I’m told that whenever an ERT mission came up, Bryan’s first response was to say, “Yes.” But his second response was to find out what restaurants were around the search site.

He was a foodie, who wanted to try whatever the local cuisine was.

And everyone knew that when they deployed, Bryan was going to be in charge of the schedule—and the schedule always considered when restaurants opened and closed, and what the travel distance was.

He loved good food and was always looking for or planning the next great meal.

He loved working on his tractor and getting out in the woods.

He loved hiking, skiing, and camping.

And I’m told that every fall, he arranged his schedule so that he could take off Friday at 3 p.m. and head to the hunting camp.

He also loved interacting with people, and he saw the goodness in everyone he met.

People in the Mobile Office have said he was easy to talk to, to laugh and joke with—that he made them feel like he was genuinely interested in them.

In many ways, he approached relationships the way he approached working on ERT.

He liked to dig and to discover and bring out the best in everyone.

I’m told a common conversation with Bryan would start with asking him about his weekend or how his hunting was going or how his family was. And five minutes later, you’d realize you weren’t talking about Bryan anymore.

You were talking about yourself and your life and concerns.

And you’d have no idea how he’d managed to turn the conversation around in the meantime.

Every morning, he’d get his coffee and walk around the office to find out what was going on, how everyone was doing.

Fittingly, he had a hunting analogy for this habit. He said he was, “checking his traps.”

I also think it’s no coincidence that Bryan served as the coordinator for Mobile’s Employee Assistance Program. Because he was fixated on helping people with their problems—personal or professional.

And people who needed help described Bryan as “the calming breeze that walked into the room.”

Bryan is said to have always wanted to hear both sides of any issue. And he always met you where you were and never judged you.

I’m told, for instance, that when he heard one agent was having a particularly hard time, he immediately jumped in his car and drove two hours to have lunch with the guy.

I’d bet both the food and the conversation were reassuring.

Because Bryan believed that you could handle any problem as it comes.

And anyone in the Mobile Office who has been through something terrible has talked to Bryan.

Because anyone who came to Bryan looking for help—which was darn near everyone—left that conversation knowing what support they had and with a feeling that everything was going to be okay.

He has been the support system for the majority of people in the office—unassumingly, and without looking for attention.

Serving as the office therapist and support coordinator also led to Bryan being the de facto historian for the Mobile Office.

I am told he knew every story of every person who has ever worked here over the past three decades—and he kept up with them even after they retired and left.

Because he truly cared about everyone here in Mobile. That instantly struck me, both times I spoke with him—what jumped out at me was how laser-focused he was, not on himself, but on helping, looking out for, a whole series of other people in the organization.

For example, I remember Bryan earnestly advocating to me about another colleague, specifically because of how well that person treated everyone else in the office, agents and professional staff alike, regardless of their position or tenure.

The level at which Bryan cared for others speaks volumes about his character.

His seemingly bottomless well of compassion is extraordinary, although from what I’ve heard, I think a lot of that came from the support he found in his own family.

For those who may not know, he lost his first wife, Rhoda, and their unborn daughter, Amanda, back when his son, Nicholas, was still very young.

That’s a tragedy that’s hard to imagine.

But Bryan found Cindi, and she brought joy to his and Nicholas’s lives. In their words, they “rescued each other.” That sounds about right to me.

And that includes the past year, as they continued to find joy, even while he fought cancer, and I know he treasured the trip to Yellowstone and Glacier National Parks last summer.

Before I close, I want to take a moment to illustrate just how much family meant to Bryan.

This is something that might not mean as much for those not from Alabama, but it will resonate with almost everyone here.

Bryan graduated from the University of South Alabama, but as everyone in this state knows, you can’t live here and not declare whether you root for Bama or Auburn.

Well, Bryan pulled for Auburn—the Bama fans here have said he just has a soft spot for the underdog.

But being an Auburn fan didn’t stop him from marrying a Bama grad.

Then, Nicholas decided to attend Bama himself.

And the very next day, if you can believe it, Bryan showed up to work wearing a Crimson Tide sweatshirt.

Now that’s love.

I’ve heard there was a similar act of love that happened this week.

On Tuesday, we called down to Mobile and asked for Bryan’s credentials, so that we could mount them for today.

Well, apparently no one knew where they were, so Nicholas was deployed on a search and rescue mission to go find them.

I can picture Bryan looking down, watching Nicholas on the hunt for those creds and not giving up until he found them.

I think Bryan would be proud.

I have one final note to add, about Bryan’s legacy here at the FBI.

When we spoke, he was very focused on a letter he got from Director Hoover—when Bryan was very young—about what a hero his dad had been.

I was honored to write a similar letter for Nicholas last year.

But far beyond that letter, I want Cindi and Nicholas, and everyone here to know that Bryan will be remembered by the Bureau.

At Headquarters and in every field office across the country, there’s a Wall of Honor where the names of fallen FBI employees are inscribed.

Each one represents the kind of extraordinary people we have in the FBI—people who answer the call of duty, no matter the cost.

And that includes FBI members who lost their lives to 9/11-related illnesses.

In November 2001, Bryan answered the call to deploy with ERT to Staten Island to sort through debris from the attacks.

And we’ve determined exposures from that painstaking work eventually led to his death.

Each May, we hold a ceremony to honor those whose names are on our Wall of Honor. 

We will be putting Bryan’s name on the wall, and everyone in the Bureau will know why it’s there. Because Bryan—without hesitation, without reservation—answered the call to service.

So today, we say goodbye to a beloved member of the FBI family gone too soon.  

But we’ll work to honor him in the way we carry forward the FBI mission, and we’ll remember him, and the ways he touched and changed lives for the better along the way.  

Cindi and Nicholas, we know you’ll remember him—his compassion, caring, and tenacity—better than anyone.  

Thank you for sharing Bryan with us for so many years. Please know that you and Bryan will always be a part of our FBI family.

Source: Federal Bureau of Investigation FBI Crime News

Introduction

It’s good to be back here at BC, particularly since I couldn’t participate in the virtual conference last year. In fact, the last time I was able to participate was in March 2020, right before everything went into lockdown. It’s pretty incredible how quickly our lives—work, school, social events —shifted to being online.

I can’t say I was a fan of shifting from interacting with my staff around a conference table to seeing a fair number of folks show up only on screen, usually from elsewhere in the building.

It worked, sort of. But I’m glad we’ve been able to go back to meeting in person. For the FBI, a lot of our work is hard to accomplish online. We work with a lot of classified information that can’t go home, and we certainly can’t conduct crime scene investigations remotely.

But I recognize that we’re fairly unique, and a lot of businesses have been able to cut costs by keeping employees at home instead of leasing office spaces.

So, it’s clear that our world and our society are not just going back to where we were two-and-a-half years ago. And people are going to continue to take advantage of the connectivity that cyberspace provides.

But, at the same time, the shift of our personal and professional lives even more online has created new vulnerabilities. And malicious cyber actors are going to continue to take advantage of people and networks.

That includes cybercriminals holding data for ransom and nation states like China stealing defense and industrial secrets.

And lately, that’s included Russia trying to influence what happens in the ground war they started—by threatening attacks against the West in cyberspace.

I think, if we’re going to address cyber security properly, we’ve got to talk about how we’re responding to each of those threats.

We’ve got to hold the line on multiple fronts—all at once—to help people and businesses protect themselves, to support victims, and to inflict costs on criminals.

And we can’t let up on China or Iran or criminal syndicates while we’re focused on Russia. So that’s what we’re doing, taking on all these threats and shifting resources quickly to respond.

And I think it’s worth covering some of those threats with you today.

Russia

I do want to start with Russia because we’re laser focused on them right now.

I’m not breaking any new ground or compromising any intelligence sources by saying they’ve been absolutely reckless on the battlefield. They really don’t care who they hurt—civilians, noncombatants, women, children. And their recklessness with human lives carries over into how they act in cyberspace.

Of course, that’s not new. In 2017, the Russian military used the NotPetya malware to hit Ukrainian critical infrastructure. The attack was supposed to look like a criminal heist but was actually designed to destroy any systems it infected.

They targeted Ukraine but ended up also hitting systems throughout Europe, plus the U.S. and Australia, and even some systems within their own borders. They shut down a big chunk of global logistics.

That reckless attack ended up causing more than 10 billion dollars in damages—one of the most damaging cyberattacks in the history of cyberattacks—and spread world-wide before anyone knew to do anything.

Now, in Ukraine, we see them again launching destructive attacks, using tools like wiper malware. And we’re watching for their cyber activities to become more destructive as the war keeps going poorly for them.

At the FBI, we’re on what I’d call combat tempo.

We’ve got a 24/7 cyber command post running, and we’ve been pushing out intelligence products and technical indicators—not just to government partners, but also to private companies and others.

We’ve seen the Russian government taking specific preparatory steps towards potential destructive attacks, here and abroad. We’re racing out to potential targets to warn them about the looming threat, giving them technical indicators they can use to protect themselves. And we’re moving rapidly to disrupt Russian activity.

Russia/WatchGuard

Just this April, the FBI disrupted a botnet that the Russian GRU intelligence service had created and could have used to obfuscate malicious and damaging cyber activity.

This is the same Russian agency behind NotPetya and that attacked the Ukrainian electric grid in 2015, attacked the Winter Olympics and Paralympics in 2018, and conducted attacks against Georgia in 2019.

The GRU’s Sandworm team had implanted Cyclops Blink malware on ASUS home routers and Firebox devices, which are firewall devices produced by WatchGuard Technologies and largely used by small to medium businesses.

By infecting and controlling thousands of these devices worldwide, the GRU could string them together to use their computing power in a way that would hide who was really running the network.

This past November, we alerted WatchGuard about the malware targeting their devices, and we collaborated with CISA and WatchGuard on mitigation.

We collected additional malware samples from U.S. victims, while WatchGuard developed mitigation tools.

We reverse-engineered the malware samples and developed a sophisticated technical operation to sever the GRU’s ability to communicate with the botnet’s command-and-control layer.

And in March, we executed the operation and successfully cut their ability to control the botnet.

We removed malware from the “Firebox” devices—used by small businesses for network security all over the world—and then shut the door the Russians had used to access them.

Clearly, that’s not the only threat coming out of Russia, and we’re certainly not resting on our laurels. But that was a pretty solid hit against Russian intelligence. And it shows that we can do quite a bit to counter threats and help companies hit by threats like that posed by the Russian government.

Reminders and Lessons

As I mentioned earlier, even while we’re at full tilt against Russian cyber threats, we’re also countering other nation-state and criminal cyber actors. So we’re particularly attuned to lessons from the Ukraine conflict that apply more broadly.

We’re not the only ones. We know that China is studying the Ukraine conflict intently. They’re trying to figure out how to improve their own capabilities to deter or hurt us in connection with an assault on Taiwan.

So, take for example the blended threat where we see Russia—like China, Iran, and sometimes other nation states—essentially hiring cyber criminals, in effect cyber mercenaries.

We see Russian cyber criminals explicitly supporting, and taking actions to assist, the Russian government, as well as some just taking advantage of the very permissive operating environment that exists in Russia.

In some instances, we also see Russian intelligence officers, moonlighting, making money on the side, through cybercrime or using cybercriminal tools to conduct state-sponsored attacks because they think it gives them some plausible deniability or will hide who’s behind it.

So one key question for us today is, when do criminal actors become agents of their host nation?

Does money have to change hands, or is publicly pledging support to a foreign government enough?

We are realizing the value of our accumulated investigative work, with our partners, against all manner of Russian cyber threats. That work has established connections, motives, and tactics among Russian hackers before the current crisis.

It gives us a basis for potentially holding the Russian government accountable for the actions of a Russian ransomware gang. Because we’ve been able to show that their government sometimes supports, uses, and protects, cybercriminals.

A second thing we’re thinking about is the speed and scope of attribution. How do we balance the need for speed, to get to an operational level of attribution, supporting actions we or our partners need to take next, against specificity? 

It won’t surprise you to learn that we can figure out which country is responsible for something, or even which specific intel service, faster than we can identify which individual was sitting at the keyboard.

For victims, we’re helping as we respond to malicious cyber activity in this kinetic, destructive context, we’ve found that speed trumps pretty much everything else. It’s more important for us to get to their doorstep in an hour than it is to tell them whether we’re looking at nation-state cyber activity or cyber criminals.

But it’s also important to keep marching toward more-specific attribution even while we hand off defensive information before we build the full picture of who’s responsible. Because for the broader government’s response calculations—for us to meaningfully degrade, disrupt, and deter a cyber adversary—we often need to be a lot more specific about who’s responsible.

A third lesson, or really a reminder, from this conflict with broad application: When it comes to the threat of destructive attack, the adversary’s access is the problem.

This is something we’ve talked about a lot, but that has acquired heightened resonance lately. Russia has, for years and years, been trying to infiltrate companies to steal information.

In the course of doing so, they’ve gained illicit access to probably thousands of U.S. companies, including critical infrastructure. Just look at the scope of their Solar Winds campaign.

They can use the same accesses they gained for collection and intelligence purposes to do something intentionally destructive. It’s often not much more than a question of desire.

That’s why, when it comes to Russia today, we’re focused on acting as early, as far “left of boom,” as we can against the threat.

That is, launching our operations when we see the Russians researching targets, scanning, trying to gain an initial foothold on the network, not when we see them later exhibit behavior that looks potentially destructive.

As broad as Russia’s potential cyber accesses across the country may be, they pale in comparison to China’s.

So the same reminder that this conflict has given the community about the urgency of battling adversaries at the point of access, or earlier, applies in spades when we think about how to defend against the Chinese Communist Party’s potential aggression toward Taiwan.

We need to study what’s going on with Russia and learn from it because we’re clearly not the only ones paying attention.

China

Now, China is clearly a very different threat than Russia. The Chinese government is methodical, hacking in support of long-term economic goals.

And China operates on a scale Russia doesn’t come close to. They’ve got a bigger hacking program than all other major nations combined. They’ve stolen more American personal and corporate data than all nations combined. And they’re showing no sign of tempering their ambition and aggression.

Even their hacks that may seem noisy and reckless actually fit into a long-term, strategic plan to undermine U.S. national and economic security.

China’s economy also gives it leverage and tools, sway over companies, that Russia lacks. For many U.S. and foreign companies doing business in China, or looking to, the cost effectively amounts to a blanket consent to state surveillance in the name of security—at best.

At worst, they’ve got to accept the risk that their sensitive information may be co-opted to serve Beijing’s geopolitical goals.

In 2020, we became aware that some U.S. companies operating in China were being targeted through Chinese government-mandated tax software. The businesses were required to use certain government-sanctioned software to comply with the value-added tax system and other Chinese laws.

A number of U.S. companies then discovered that malware was delivered into their networks through this software. So, by complying with Chinese laws for conducting lawful business in China, they ended up with backdoors into their systems that enabled access into what should be private networks.

That’s just one example of how the Chinese government is pursuing their goal to lie, cheat, and steal their way into global domination of technology sectors. It’s really a whole-of-government operation to steal research and proprietary secrets from U.S. companies and then undercut prices on the global market. So that companies that play by the rules can’t compete.

That effort is not limited to cyber. Heck, we’ve caught Chinese agents out in the heartland of the U.S. targeting our agricultural innovation, sneaking into fields to dig up proprietary, experimental, genetically modified seeds.

But China’s other means of stealing technology—things like human spies, corporate transactions—often run in concert with, and even in service of, its cyber program. Like when the MSS recently used a human agent on the inside to enable hackers in mainland China to penetrate GE Aviation’s joint venture partner and steal proprietary engine technology.

The Chinese government sees cyber as the pathway to cheat and steal on a massive scale. In March 2021, Microsoft and other U.S. tech and cybersecurity companies disclosed some previously unknown vulnerabilities targeting Microsoft Exchange Server software.

The hackers, operating out of China, had compromised more than 10,000 U.S. networks, moving quickly and irresponsibly to do so prior to the public disclosure of the vulnerabilities. Through our private sector partnerships, we identified the vulnerable machines.

And learned the hackers had implanted webshells—malicious code that created a backdoor and gave them continued remote access to the victims’ networks. So, we pushed out a joint advisory with CISA to give network defenders the technical information they needed to disrupt the threat and eliminate those backdoors.

But some system owners weren’t able to remove the webshells themselves, which meant their networks remained vulnerable. So, we executed a surgical, court-authorized operation, copying and removing the harmful code from hundreds of vulnerable computers.

Those backdoors the Chinese government hackers had propped open? 

We slammed them shut, so the cyber actors could no longer use them to access victim networks. So, while that’s another win we can celebrate, it is also a stark reminder that the Chinese government remains a prolific and effective cyber espionage threat.

Iran and Boston Children’s Hospital

And China and Russia aren’t the only nation states exhibiting malicious behavior on the international stage. Iran and North Korea also continue to carry out sophisticated intrusions targeting U.S. victims.

In fact, in the summer of 2021, hackers sponsored by the Iranian government tried to conduct one of the most despicable cyberattacks I’ve seen—right here in Boston—when they decided to go after Boston Children’s Hospital.

Let me repeat that, Boston Children’s Hospital.

We got a report from one of our intelligence partners indicating Boston Children’s was about to be targeted. And, understanding the urgency of the situation, the cyber squad in our Boston Field Office raced to notify the hospital.

Our folks got the hospital’s team the information they needed to stop the danger right away. We were able to help them ID and then mitigate the threat.

And quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depend on it.

It’s a great example of why we deploy in the field the way we do, enabling that kind of immediate, before-catastrophe-strikes response.

Ransomware

Unfortunately, hospitals these days—and many other providers of critical infrastructure—have even more to worry about than Iranian government hackers.

If malicious cyber actors are going to purposefully cause destruction or are going to hold data and systems for ransom, they tend to hit us somewhere that’s going to hurt. That’s why we’ve increasingly seen cybercriminals using ransomware against U.S. critical infrastructure sectors.

In 2021, we saw ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors, including healthcare, but also many of the other things we depend on.

Ransomware gangs love to go after things we can’t do without.

We’ve seen them compromise networks for oil and gas pipelines, grade schools, 9-1-1 call centers. They also go after local governments.

The FBI cyber team here in Boston, for example, last May uncovered important indicators of compromise for the Avaddon ransomware strain.

Avaddon was one of the most prolific ransomware variants in the world at the time. Our folks quickly published what they found to warn the public.

And just two days after that, a local police department in the Southwest told FBI Boston that they’d seen some of those indicators of compromise we published—newly identified malicious IP addresses—connecting to the department’s network.

The police department was able to use our Boston Division’s information to stop Avaddon from infecting their network.

So, that’s our folks here helping out a city on the other side of the country and a lot of other potential victims nationwide, but also a reminder of the kind of damage ransomware groups are able and willing to inflict.

Lessons Learned from Disrupting Hackers

Hopefully, as you listen, you’ve been gleaning a bit about our focus. We aim to stop attacks, and degrade actors, as early as we can.

It’s worth taking a few minutes to think about what we’ve learned from the operations of the past couple of years, as more and more of society has moved online, and as cyberattacks and intrusions have accelerated.

For one, we’ve learned that in cyber, as with other parts of our work countering criminal organizations, we can impose costs on cybercriminals by focusing on three things: the people, their infrastructure, and their money. We make the most durable impact when we disrupt all three together and when we set aside who gets credit and just equip the best athlete with the information they need to take action.

First: To go after the people, we work with like-minded countries to identify who’s responsible for the most damaging ransomware schemes and take them out of the game. That may mean arresting and extraditing them to the U.S. to face justice. Or it may mean prosecution by a foreign partner.

Crucially, we cast a broad net, going after everyone from the ransomware administrators building the malware, to affiliates deploying it, to the hosting providers and money launderers making the criminal enterprise possible.

Second: Simultaneously, taking down cybercriminals’ technical infrastructure disrupts their operations.

For instance, last year, the FBI led an international operation that seized control of a botnet called Emotet, consisting of tens of thousands of infected computers, which had been used in a range of cybercrime schemes including ransomware.

And that Russian botnet we just disrupted in March is another great example of how we can take infrastructure offline before it causes damage.

Third: By going after their money, when we seize virtual wallets and return stolen funds, we hit them where it hurts, taking resources away from the bad guys, helping to prevent future criminal operations.

And we’ve had even bigger successes in disrupting operations by shutting down illicit currency exchanges.

Bottom line: We believe in using every tool we’ve got to impose risk and consequences and to remove bad guys from cyberspace.That includes leveraging every partnership we have.

FBI’s Role and the Virtuous Cycle

So how do we make all that happen. How do we make sure the best athlete has the proverbial ball at the right time and that we’re all making each other stronger?

There’s a symmetry to the way we identify threats and the way we deal with them.

At the FBI, as both a law enforcement and intelligence service, we’re pulling in information about hostile cyber activity from a wide range of sources, from on one end of the spectrum, providers, incident response firms, victims, and others in the private sector, and from our partnerships with CISA, Treasury, and other SRMAs.

From our FISA collection, human sources, our fellow USIC agencies’ signals and human collection, and from intelligence and law enforcement partners around the world, many of whom have overseas FBI cyber agents working alongside them daily.

Then, we analyze what the adversaries are trying to do, and how. We take, for example, information shared by one victim we know they hit and work back to find others either already being hit or about to be.

We dissect their malware to see what it’s capable of and compare what we see in the field to what we know about their strategic intent.

Then—the other side of that symmetry I mentioned—we quickly push the information we’ve developed to wherever it can do the most good, whether that means employing our tools or arming partners to use theirs, or both. Often that means racing information to victims or potential victims.

We’ve developed the ability to get a technically trained agent out to just about any company in America in an hour, and we use it a lot.

Almost every week, we’re rushing cyber agents out to help companies figure out what they’ve got on their systems, how to disrupt it, how to interrupt it, how to mitigate, and how to prevent this from becoming something much worse.

Other times, we work jointly with CISA, and often NSA, to disseminate the information even more broadly, if more companies and public entities can make use of it.

For example, in the last couple of months you’ve seen us publish indicators of compromise for Russian cyber operations targeting U.S. critical infrastructure, helping companies prepare defenses and enabling threat hunting.

And not long ago, you saw us and NSA push out details on malware the GRU was using to help companies defend against it.

But we’re also pushing what we learn to government partners in order to enable joint, sequenced operations that disrupt the harm at its source, at the same time we’re helping companies mitigate on their own networks.

We push targeting information about hostile infrastructure abroad either to foreign law enforcement, to seize or shut down; or to government partners here with a mandate to conduct offensive operations overseas; or to Treasury or Commerce, for sanctions.

And so on.

But it’s important to keep in mind that we aren’t playing a one-move game. What we need to do is kick off a virtuous cycle that feeds on itself.

We use the information one company might give us to develop information about who the adversary is, what they’re doing, where, why, and how, taking pains to protect that company’s identity just as we do our other sources.

Then, when we pass what we develop to partners here and abroad—our fellow U.S. and foreign intel services, foreign law enforcement, CISA and sector risk management agencies, providers like Microsoft.

Crucially, those partners can then in turn leverage what we’ve given to provide us with more information.

Enhancing our Global Investigations

Helping us discover more malicious infrastructure we can target ourselves, or alert private sector partners to more opportunities to arrest or otherwise disrupt the adversaries, which leads us to more useful information to pass back to that first company, to better remediate and protect itself, maybe find more technical info it can share back to us and to our partners, to take further steps. And so on.

It’s why we’re deployed all over this country and in nearly 80 countries around the world.

What these partnerships let us do is hit our adversaries at every point—from the victims’ networks, back all the way to the hackers’ own computers.

Of course, for this virtuous cycle of information to work, we rely on companies to work with us the way WatchGuard and Boston Children’s Hospital did.

So, for companies that conduct any work on the internet, I would encourage you to have an incident response plan and to include contacting your local FBI field office as part of that plan. It’s immensely helpful for any business to have an existing relationship with their local office before an attack occurs.

In fact, that’s one of the reasons we were able to help Boston Children’s Hospital so quickly.

The FBI Boston Field Office had worked with Children’s on a series of attacks in 2014—those stemming from a misguided online protest. We worked closely with Children’s all the way through our investigation, which led to a conviction and sentencing of the hacker in 2019.

So, Children’s and our Boston office already knew each other well before the attack from Iran, and that made a difference.

So, I’d encourage everyone to give us a call and talk with your local FBI cyber team.

But whether you take that proactive step or not, if you suspect a cyber intrusion, please report the compromise by contacting your local field office immediately—the more quickly we get involved, the more we can do to help.

Conclusion

Thank you all for being here and for inviting me to speak.

Our goal at the FBI is to make sure Americans and our partners and families overseas can use cyberspace safely and securely. To do that, we rely on help from everyone in this room—whether you’re a government partner, a service provider, or an online content writer. And I want you to know you can rely on us to help you.

Thank you for your trust and for your ideas on how to do this better.

I’m looking forward to helping the Bureau work with each of you.

Source: Federal Bureau of Investigation FBI Crime News

“This case is one of the highest priorities for the San Francisco Field Office,” said FBI San Francisco Special Agent in Charge Robert K. Tripp. “Law enforcement officers bear a tremendous responsibility to police our communities lawfully in keeping with the Constitution, and we must always be true to that guiding principle…The citizens of our communities deserve law enforcement personnel who practice what they enforce. Any breach to the public’s trust is absolutely unacceptable.” 

Four separate indictments were issued on August 17, 2023. In the first indictment, referred to as the “college degree benefits fraud indictment,” six defendants allegedly engaged in a conspiracy to defraud Antioch and Pittsburg police departments out of taxpayer dollars by claiming they had earned college credits toward degrees when, instead, they paid others to attend classes and take exams for them.

In June of 2019, an officer of the Pittsburg Police Department allegedly used a person identified as “Individual 1” to complete multiple college courses on his behalf that were credited toward the officer’s Bachelor of Science degree in Criminal Justice. Once the officer allegedly received a degree, they applied for and received reimbursements and pay increases from the Pittsburg Police Department. The same officer allegedly promoted the services of Individual 1. Five other members of the police departments ended up paying Individual 1 to complete similar coursework towards their degrees. As with the initial officer, they also applied for reimbursements and pay increases from their law enforcement employer.  

In the second indictment, two officers from the Antioch Police Department allegedly conspired to illegally distribute anabolic steroids to an unnamed customer. One of the officers allegedly possessed the drugs, and the other officer attempted to delete incriminating evidence from their cell phone before handing it over to law enforcement for investigation. 

In the third indictment, a defendant from the Antioch Police Department received three charges, two involving alleged interference with a wiretap investigation, and the third involving the illegal seizure and destruction of a telephone. On March 23, 2021, the defendant was assigned to a wire room where they were supposed to monitor communications between a target and others who contacted the target by telephone. The defendant allegedly used his personal cellphone to call a target, covering up any evidence of the call. On May 6, 2021, the defendant was present when another officer used a deployed a police dog while making an arrest. When the defendant saw a witness recording the aftermath of the incident on a cell phone, they allegedly seized and destroyed it. 

The fourth indictment charges three Antioch police officers with conspiracy against rights and deprivation of rights under color of law. The indictment describes several incidents of excessive force, among others. Allegedly, the defendants deployed excessive force as “punishment” to subjects “beyond any punishment appropriated imposed by the criminal justice system.”   

For example, on August 24, 2021, one of the defendants, along with Antioch police officers, executed a search warrant at a residence, located a subject inside a locked bedroom holding a video game controller with a video game on a television screen. When the defendant and other officers entered the room, the subject raised his hands. The officers surrounded the subject, and while one of the officers held down the subject’s arm to arrest him, the defendant deployed the 40mm less lethal launcher, injuring the subject.  

“Color of law violations strike at the very heart of our justice system. They undermine public confidence in the law and law enforcement and erode the fundamental right of our citizens,” said Tripp.  

The indictment includes several other incidents of excessive force as well as the collection and sharing of pictures and munitions to memorialize the acts of violence. 

Note that an indictment merely alleges that crimes have been committed, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt. 

Source: Federal Bureau of Investigation FBI Crime News

Today, the FBI announces the results of a nationwide effort to combat violent crime during the summer of 2023. Law enforcement efforts were conducted between May 29 to September 4, 2023, and involved numerous FBI field offices and state and local partners. The FBI, alongside its state and local law enforcement partners, executed over 4,000 arrests, over 2,500 drug seizures, over 1,600 weapons seized, and the dismantlement of over 50 violent organizations. 

The FBI’s overall efforts to address violent crime include statistical accomplishments from the following programs: Violent Crime and Gangs, Violent Crime, Transnational Organized Crime, Organized Crime Drug Enforcement Task Forces, and Violent Crimes against Children. Specifically, the data released reflects collective actions against violent criminals, transnational criminal organizations, gang members, and child predators.  

“There’s no greater responsibility in law enforcement than making sure the neighborhoods and communities we serve are safe,” said FBI Director Christopher Wray. “This summer, the FBI worked shoulder to shoulder with our state and local partners to combat violent crime across the nation. But our work is far from done. We will continue to work tirelessly to protect Americans from the scourge of violent crime.” 

In our efforts to combat violent crime, the FBI operates over 300 specialized task forces nationwide that are comprised of over 3,000 state and local law enforcement officers. The dedicated task forces, including Safe Streets Gang Task Forces and our Transnational Organized Crime Task Forces, enhance information sharing and coordination among law enforcement agencies to ensure a unified and effective response to violent crime.  

In tandem with our partners, the FBI’s actions led to over 700 child identifications and over 590 child locations. The FBI recognizes the hard work of our Field Offices, task forces, and partners, who play a crucial role in combatting violent crime. It is the FBI’s shared commitment to address this issue head-on and create a safer environment for all. 

Learn more about the FBI’s violent crime program: https://www.fbi.gov/investigate/violent-crime/news 

While there is no credible threat at this time, the FBI would like to remind the public to remain vigilant and report any suspicious activity to tips.fbi.gov or their local law enforcement agency.   

Source: Federal Bureau of Investigation FBI Crime News

Director Christopher Wray has named Jacqueline Maguire as the assistant director of the Training Division. Ms. Maguire most recently served as special agent in charge of the Philadelphia Field Office.  

Ms. Maguire was assigned to the New York Field Office when she joined the FBI as a special agent in 2000 and was a member of the Joint Terrorism Task Force. She was the lead agent for the investigation of the five hijackers of American Airlines Flight 77 after the 9/11 terror attacks. 

In 2006, Ms. Maguire was promoted to supervisory special agent, and then to unit chief, in the Counterterrorism Division at FBI Headquarters in Washington, D.C. She moved to the Washington Field Office in 2011 as a supervisory special agent. She returned to FBI Headquarters in 2014, when she was named the special assistant to the executive assistant director of the Human Resources Branch. 

Ms. Maguire was promoted in 2016 to assistant special agent in charge of the Birmingham Field Office in Alabama, where she oversaw all criminal and administrative matters. She was named section chief in the Office of Public Affairs at FBI Headquarters in 2017 and promoted to deputy assistant director in 2018. She was promoted in 2019 to special agent in charge of the Criminal Division of the New York Field Office. In 2021, she was promoted to special agent in charge of the Philadelphia Field Office.  

Ms. Maguire has earned several awards during her FBI career, including the Attorney General’s Award for Excellence in Furthering the Interests of U.S. National Security and the Attorney General’s Award for Distinguished Service. 

Prior to joining the FBI, Ms. Maguire worked at the Office of the Medical Examiner in Suffolk County, New York. She earned a bachelor’s degree in comprehensive science from Villanova University, a master’s degree in criminal justice from Long Island University, and a master’s degree in homeland defense and security from the Naval Postgraduate School.

Source: Federal Bureau of Investigation FBI Crime News

On September 22, FBI Director Christopher Wray announced the recipients of the 31st Annual Director’s Awards for Excellence, recognizing FBI employees and partners for extraordinary performance in furtherance of the FBI’s mission to protect the American people and uphold the Constitution. The annual awards recognize distinguished service, operational excellence, and innovation with the FBI. 

“Today, our nation faces threats of unprecedented scope and diversity—and the expectations placed on the FBI have never been greater,” Director Wray said. “Yet the people of the FBI continue to meet—and exceed—those expectations, every day. This year’s award recipients have raised the bar once again; what we honor today is work hat stands out among the many examples of public service we see throughout the Bureau.” 

This year, 222 FBI employees received awards, while 43 non-FBI individuals—including task force officers, assistant U.S. attorneys, and other federal and international partner agency employees—were also honored for their work.  

Among the awardees are FBI employees and law enforcement partners who identified and stopped terrorists and foreign spies; helped identify victims of child sexual exploitation and find and arrest the perpetrators; thwarted malign foreign influence campaigns; confronted violent gangs and transnational criminal organizations; undertook a complex project to ensure the FBI’s information is more centralized and accessible; and brought data insights into the FBI’s diversity recruitment and hiring efforts. 

The awards are given in 27 categories, including:

• Distinguished Service for Assisting Victims of Crime
• Distinguished Service to the Law Enforcement Community
• Excellence in Innovation
• Excellence in Intelligence Analysis
• Excellence in International Operations
• Excellence in Investigation
• Excellence in Investigative Support
• Excellence in Leadership
• Exceptional Public Service
• Excellence in Program Management
• Excellence in Support of the Integrity and Compliance Program
• Excellence in the HUMINT Program
• Excellence in Training and Professional Development
• Outstanding Counterintelligence Investigation
• Outstanding Counterterrorism Investigation
• Outstanding Criminal Investigation
• Outstanding Information Management
• Outstanding Scientific Advancement
• Distinguished Service by a New Employee; Outstanding Service by a Federal Wage Grade System Employee
• Outstanding Service in Diversity and Inclusion
• Outstanding Technical Advancement
• Distinguished Service by a Professional Staff Employee
• Sustained Distinguished Service
• The Manuel J. Gonzalez Ethics Award
• Thomas E. DuHadway Humanitarian Award

Source: Federal Bureau of Investigation FBI Crime News

Good afternoon, everyone. I first want to thank Kevin Mandia for hosting this conference and for inviting me here to speak with all of you today. Any time so many leaders—from the private sector, and the government, and around the world, both managers and front-line defenders—get together in one room, cyberspace becomes a little bit safer.

I firmly believe that the best way to build our collective defense is by having dialogue about the threats we’re seeing and having creative conversations about the ways we can work together to stay ahead of them, which is explicitly the FBI’s vision: to stay “ahead of the threat.”

Now, I understand you’ve already been discussing ways to do just that, hearing from Kevin and a threat intelligence panel earlier today, and with plenty of other events over the next couple days. But I’d like to spend my time with you this afternoon talking about the FBI’s strategy to counter threats in cyberspace, what those threats are that we’re countering, and giving you a couple examples of how we form a virtuous cycle with our partners—both foreign and domestic, across government and the private sector—to use the information we receive to take the fight to our adversaries and to protect each other, because everyone here knows it’s simply not an option to sit back on our heels in today’s environment.

My hope is I can get you to leave here feeling encouraged by what we at the FBI are doing and wanting to be a part of our virtuous cycle.

When the FBI was born 115 years ago, we could’ve never predicted the threats we’re facing today. Back in 1908, we were focused on the first Model Ts hitting the streets and celebrating the Chicago Cubs’ second-straight World Series title—which was sure to be the beginning of a dynasty. But if there’s one thing we at the FBI have excelled at throughout our history, it’s innovation. As the threats have changed, we’ve changed with them.

One of the biggest inflection points in the Bureau’s history, of course, was September 11, 2001. Last week, we commemorated yet another anniversary of that tragedy—a day that dramatically changed the FBI’s work and the way we do it, maybe more than any other. Those attacks showed us how much our nation’s safety depends on partnerships and on information sharing. So, in the aftermath of 9/11, we made innovative changes that started in our counterterrorism program, and since then, have come to inform every type of investigation we conduct in every community we serve, and cyberspace is no exception.

For more than two decades now, we’ve had an entire Cyber Division—with cyber squads spread across the country throughout our 56 field offices—all devoted to identifying and mitigating cyber threats. So, while this topic is not new to us at the FBI, our approach to countering the cyber threat has certainly changed over that time.

Today, our strategy is informed by where we sit at the center of a cybersecurity ecosystem that stretches on the defensive side from, most importantly, the private sector, but also sector risk management agencies and CISA [the Cybersecurity and Infrastructure Security Agency] to the NSA [National Security Agency], CIA [Central Intelligence Agency], CYBERCOM [U.S. Cyber Command], and our foreign partners on the offensive side.

What the FBI does is take in information from partners across that spectrum, investigate, develop leads, and share what we have with whoever can use that information to have the greatest impact on our adversaries. That might be a foreign law enforcement agency or intelligence service joining an operation with us. It might be NSA, it might be CISA, but very often, it’s the private sector. Whether that’s a specific victim that needs a heads-up or a whole industry, we can warn through a bulletin or, increasingly, a provider or other sophisticated partner actually joining one of our operations.

Our goal is to plan and conduct joint, sequenced operations—where we’re all on the same page, and each step is taken strategically and with purpose, where it doesn’t matter who gets the credit as long as the job gets done.

Often, the FBI is the agency in the best position to make an impact because we have a wide and unique combination of both law enforcement and intelligence authorities, and we’re using every one of those authorities and every combination of our tools to impose the greatest possible costs on our enemies. We’re doing that by going after the actors and the services that support them—their finances, their communications, their malware, and their infrastructure.

Like earlier this year, when we announced the culmination of a year-and-a-half-long campaign to disrupt the Hive ransomware group. Hive had been extorting victims all around the globe, but we silently and secretly gained and exploited access to their control panel. In effect, we hacked the hackers, and we used our access to help Hive victims decrypt their networks, saving them about $130 million in ransom payments. Then, working with our European partners, we were able to seize Hive’s servers and websites, shutting down the criminal group’s ability to function.

But we know these operations often don’t completely eradicate the threats we’re facing, so the process continues. When we do get information about the threat from one company, we work hard to develop analysis about who the adversary is; what they’re doing; and where, why, and how they’re doing it—all while taking pains to protect that company’s identity.

And then, we pass what we’ve developed to our partners, and they ball that up with what they know and their reporting and, in return, provide us with even more information and actionable leads, enhancing our global investigations.

Ultimately, that helps us discover malicious infrastructure we can target. It helps us discover victims two, three, four, and five that we can help because of victim 1. It helps us run new operations with new partners against the same adversary.

Then, the process repeats itself. That’s the virtuous cycle I mentioned earlier—and it’s only possible when we work together.

Each piece of data is one part of a larger, longer-term puzzle. And while, by its very nature, work like that is never complete, we’ve had some real successes in recent years.

Take an operation we executed in 2022, for instance, when we remotely disrupted Cyclops Blink, a widespread botnet built by Russia’s GRU—its military intelligence agency—before the botnet could do any harm. We did that by creatively combining a traditional federal search warrant and extraterritorial law enforcement authorities, but we were only as successful as we were because of willing and able private sector participation. In that case, the GRU’s Sandworm team had managed to implant malware on thousands of firewall devices worldwide. Those devices were largely used by small and medium-sized businesses and produced by WatchGuard Technologies.

But, we were able to alert WatchGuard about the malware targeting their devices and collect additional samples from other victims. That allowed us to reverse-engineer the malware, and develop and execute a sophisticated technical operation, severing the GRU’s ability to communicate with the botnet’s command-and-control layer, all while working with CISA and WatchGuard on mitigation efforts. Because of that collaboration, we were ultimately able to cut off the GRU’s ability to control the botnet, remove the malware from the affected devices, and shut the door on our way out so the Russians couldn’t get back in.

That type of collaborative, public-private operation is the present and the future for the FBI, and it will only become more important as the threats continue to evolve, just as they have for the past 115 years. Because the TTPs—the tactics, techniques, and procedures—cybercriminals and nation-states use to attack our networks and our digitally connected way of life are constantly evolving, the intelligence and operational briefings I get from our team every day make it pretty clear—as I’m sure this group can guess—that our cyber program is where we’re facing some of our most complex, most severe, and most rapidly evolving threats. And what our team knows—and what everybody in this room knows, too—is that today’s cyber threats are more pervasive, hit a wider array of victims, and carry the potential for greater damage than ever before.

On top of that, there always seems to be a new danger on the horizon.

Of course, at the front of everyone’s minds today are the artificial intelligence capabilities being developed here in the U.S. and around the world. I’m sure none of you will be shocked to hear that AI is ripe for potential abuses—and that criminals and hostile foreign governments are already exploiting the technology. And while generative AI can certainly save law-abiding citizens time by automating tasks, it also makes it easier for bad guys to do things like generate deepfakes and malicious code and can provide a tool for threat actors to develop increasingly powerful, sophisticated, customizable, and scalable capabilities.

So, to stay ahead of the threat, at the FBI, we’re determining how we can ethically and legally leverage AI to do our jobs, but we’re also identifying and tracking our adversaries’ and criminals’ uses of AI, while protecting American innovation in the AI arena.

Because, as we’ve been telling anyone who will listen, the Chinese government has been stealing American intellectual property and data for years, and you can be sure they’re not going to stop now and sit back and watch while American companies develop technologies that can change the world. China already has a bigger hacking program than every other major nation combined. In fact, if each one of the FBI’s cyber agents and intelligence analysts focused on China exclusively, Chinese hackers would still outnumber our cyber personnel by at least 50:1. Let me say that again: 50:1. With AI, China is now in position to try to close the cycle—to use the fruits of their widespread hacking to power, with AI, even-more-powerful hacking efforts.

And it’s not just China: The Russian, Iranian, and North Korean cyber programs are also relentless.

And it’s becoming increasingly difficult to discern where cybercriminal activity ends and adversarial nation-state activity begins. Like when we see foreign intelligence officers moonlighting—making money on the side through cybercrime—or hackers who are profit-minded criminals by day and state-sponsored by night, or nation-states using cybercriminal tools to conduct state-sponsored attacks because they think it gives them some plausible deniability or will hide who’s behind the attacks. These threats are why we want and need your help, and when we work together, we’re able to strike some serious blows against these actors.

Just last month, we announced the results of a worldwide, FBI-led operation that crippled Qakbot, one of the longest-running botnets ever seen. The botnet compromised everything from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast. It was used by cybercriminals to attack a publishing company two years ago, which then had to pay $4.9 million in ransom. Last year, malicious actors used the botnet to steal gigabytes of private information from a healthcare provider and later leaked that information on the darkweb.

Then the FBI and our partners stepped in, working with five other countries. We neutralized Qakbot’s command-and-control servers, redirected botnet traffic to an FBI-controlled server, quickly notified victims they had been compromised, removed Qakbot malware from infected victims, seized and dismantled the botnet’s support infrastructure, and seized millions of dollars of cryptocurrency. These are the key services I mentioned earlier that we’re targeting.

So even though this botnet was one of the world’s largest, we showed that our own network—and our own capabilities—are more powerful. And we’re going to continue using all lawful methods to put constant, proactive pressure on our adversaries. We’re going to go after all parts of their organizations, all parts of their operations, and we’re going to keep imposing consequences for their illegal action.

So I hope all of this has been informative, but I also hope it’s shown you the benefits of working with the FBI, which is, admittedly, part of why I’m here today: to recruit you to partner with us. One more plug: Just by coming here this week, it’s clear you and your organizations take cybersecurity seriously and share our goal to make cyberspace a safer place for everyone.

So you’ve likely also been planning ahead for when you’re targeted or compromised by a cyberattack. To take that one step further, my request is not just that you make an incident-response plan, but that you make us at the FBI part of that incident-response plan.

We know the private sector hasn’t always been excited about working with federal law enforcement, but when you contact us about an intrusion, we won’t be showing up in raid jackets. Instead, we’ll treat you like the victims you are—just like we treat all victims of all crimes.

To make that even easier, give our folks a call today and build a relationship with your local FBI field office now. If you know who to call, and we know who you are, that will make information sharing easier both ways and will make everything a lot more efficient if and when a crisis comes. Then, once we build these trusted relationships, we can possibly bring you in on close-hold operations and we can more confidently provide you with sensitive leads.

But none of this works if compromises don’t get reported to us in the first place. We just cannot help you if we don’t know there’s an issue, nor can we warn and protect others.

So our approach is victim-centered, because it helps us help you. It helps us help others who may be in danger, and it helps us use the intelligence we receive to take actions and run operations to defeat our adversaries.

Through that process—that virtuous cycle where we share, analyze, repeat—we can protect our nation’s networks.

As an example, many of you probably remember the cyberattack on Colonial Pipeline in 2021, which led to a fuel panic along America’s East Coast.

Once Colonial was compromised, they quickly engaged Mandiant to help with incident response, and as a result of their combined cooperation with the FBI—and the fast, open sharing of timely, relevant, accurate information—we were able to focus on our investigation and quickly make substantial breakthroughs. At the same time, the information shared by Colonial and Mandiant allowed the FBI and our government partners to publish information related to the cybercriminals responsible for the attack—and helped the public better prepare for possible future attacks.

And Colonial benefitted, too. Because Colonial reached out so quickly, we were able to identify and seize the virtual currency wallets belonging to the hackers, giving back most of the ransom to Colonial and depriving the bad guys of their ill-gotten gains. That’s the type of success that’s possible when we all work together toward common goals, even if we may be approaching those goals from different angles.

For those 115 years I mentioned earlier, the Bureau has been charged with protecting the American people and upholding the Constitution. I tell this to every class of new agent graduates I speak to: it’s a simple mission to say, yet profound to actually execute, and the FBI workforce goes to the ends of the earth, literally, every day to achieve that mission.

It’s inspiring to watch and inspiring to be a part of, but we know we can’t accomplish it on our own. We cannot do what we do—we cannot protect the American people—without partners like you. So, I want to thank you again for taking the time out of your busy schedules to come to Washington to listen to my thoughts and my requests of you, and to talk with each other about how we can strengthen our collective defense. And I want you to also know how grateful we are for your commitment to collaboration and cooperation and your willingness to share what you know with us as we work together to keep the country and the world safe. Thank you.

Source: Federal Bureau of Investigation FBI Crime News

ALEXANDRIA, Va. – The U.S. Attorney’s Office announced today that an indictment was unsealed charging 26 defendants of drug trafficking, possessing a firearm during drug trafficking, money laundering, and other charges.

These charges were brought as the result of Operation Lights Out, an FBI-led investigation in partnership with federal, state, and local law enforcement agencies. The defendants have been indicted for the following charges:

Name	Age	Hometown	Charges
Cortez Dayshawn Bumphus, aka “Co”	34	Newport News	Continuing Criminal Enterprise Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Felon in possession of Firearm Distribution of Fentanyl and Marijuana Possession of Firearm During Drug Trafficking Maintaining a Drug Involved Premises Use of a Communication Facility in Furtherance of Drug Trafficking
Dontae Lamont Dozier, aka “2 Chains”	35	Chesapeake	Continuing Criminal Enterprise Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money; Distribution of Fentanyl and Marijuana Possession of Firearm During Drug Trafficking Maintaining Drug Involved Premise Use of a Communications Facility in Furtherance of Drug Trafficking
Zuri Anthony Dre-Oliver Reeves, aka “Zu” or “ZuWaap”	26	Spotsylvania	Continuing Criminal Enterprise Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Possession of Firearm During Drug Trafficking Use of a Communication Facility in Furtherance of Drug Trafficking
Amanda Bell	22	Chesapeake	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Possession of Firearm During Drug Trafficking Use of a Communication Facility in Furtherance of Drug Trafficking
Dilquon Best, aka “Quon” or “DQ”	31	Atlanta, GA	Continuing Criminal Enterprise Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Use of a Communication Facility in Furtherance of Drug Trafficking
Stephon Lamount Bumphus, aka “Fon”	34	Newport News	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Use of a Communication Facility in Furtherance of Drug Trafficking
Damian Deshawn Gay, aka “Hatch”	25	Hampton	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Use of a Communication Facility in Furtherance of Drug Trafficking Possession of Firearm During Drug Trafficking Interstate Travel in Aid of Racketeering
Andrea Hunt	28	Hampton	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Use of a Communication Facility in Furtherance of Drug Trafficking Obstruction of Justice
Ervin Orlando Linares, aka “Ery”	23	Los Angeles, CA	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Interstate Travel in Aid of Racketeering Use of a Communication Facility in Furtherance of Drug Trafficking
Brandon Lamar Martin, aka “Lil B”	37	Hampton	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Use of a Communication Facility in Furtherance of Drug Trafficking Interstate Travel in Aid of Racketeering Possession of Firearm During Drug Trafficking
Carl Eugene Mitchell, Jr., aka “Lil Man”	27	Newport News	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Use of a Communication Facility in Furtherance of Drug Trafficking Interstate Travel in Aid of Racketeering
Earvin Jerome Moore, aka “Gooch”	43	Newport News	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Use of a Communication Facility in Furtherance of Drug Trafficking Maintaining a Drug Involved Premises
Freddie Jamaul Moore, aka “Goons”	37	Portsmouth	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Possession of Firearm During Drug Trafficking Use of a Communication Facility in Furtherance of Drug Trafficking
Dominique McKenzie Osborne	24	Hampton	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Use of a Communication Facility in Furtherance of Drug Trafficking
Rahkim O’Neil Perry, aka “Rahk”	25	Newport News	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Use of a Communication Facility in Furtherance of Drug Trafficking Distribution of Fentanyl and Marijuana Interstate Travel in Aid of Racketeering
Graciela Ruiz-Bernabe, aka “Grace”	33	Los Angeles, CA	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Interstate Travel in Aid of Racketeering
Nathan Caleb Schlosser-Goodson, aka “Nasty”	25	Yorktown	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Use of a Communication Facility in Furtherance of Drug Trafficking Distribution of Fentanyl and Marijuana Possession of Firearm During Drug Trafficking
Camille Lache Smith	30	Los Angeles, CA	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Use of a Communication Facility in Furtherance of Drug Trafficking
Anastasia Suyas	25	Newport News	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Use of a Communication Facility in Furtherance of Drug Trafficking
Nyra Taylor	23	Hampton	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Use of a Communication Facility in Furtherance of Drug Trafficking Interstate Travel in Aid of Racketeering
Christina Michele Thompson	26	Spotsylvania	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Use of a Communication Facility in Furtherance of Drug Trafficking
Terrance Leonard Vick, aka “V”	36	Rio Linda, CA	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Interstate Travel in Aid of Racketeering Use of a Communication Facility in Furtherance of Drug Trafficking
Thaddeus Williams IV, aka “Thad”	31		Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Use of a Communication Facility in Furtherance of Drug Trafficking Interstate Travel in Aid of Racketeering
Korea Woods	26	Irvine, CA	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Use of a Communication Facility in Furtherance of Drug Trafficking Distribution of Fentanyl and Marijuana
Guang Yang, aka “Ryan”	26	Rosemead, CA	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Use of a Communication Facility in Furtherance of Drug Trafficking Distribution of Fentanyl and Marijuana
Alicia Zamora	22	Chesapeake, VA	Conspiracy to Distribute and Possess with Intent to Distribute Marijuana, Cocaine, Fentanyl, Oxycodone and Cocaine Base Conspiracy to Launder Money Distribution of Fentanyl and Marijuana Use of a Communication Facility in Furtherance of Drug Trafficking Interstate Travel in Aid of Racketeering

If convicted, the defendants each face a mandatory minimum of 10 years in prison and a maximum of life in prison. Actual sentences for federal crimes are typically less than the maximum penalties. A federal district court judge will determine any sentence after taking into account the U.S. Sentencing Guidelines and other statutory factors.

Jessica D. Aber, U.S. Attorney for the Eastern District of Virginia; Colonel Gary T. Settle, Superintendent of Virginia State Police; Jimmie Wideman, Chief of Hampton Police; Brian Dugan, Special Agent in Charge of the FBI’s Norfolk Field Office; Steve R. Drew, Chief of Newport News Police; Mark G. Solesky, Chief of Chesapeake Police; Stephen Jenkins, Chief of Portsmouth Police; Craig Kailimai, Special Agent in Charge of the ATF’s Washington Field Division; and Shannon Saylor, U.S. Marshal for the Eastern District of Virginia, made the announcement.

“The unsealing of this indictment reflects months of incredible efforts by law enforcement. We are able to bring these charges because of the effective cooperation and collaborative effort of our local, state and federal partners on this case,” said Jessica D. Aber, U.S. Attorney for the Eastern District of Virginia. “I am grateful to all our attorneys, agents and officers who work diligently every day to take massive amounts of illegal guns and drugs off of our streets.”

“The arrests made in this operation is the culmination of years of investigative work between the FBI and our law enforcement partners,” said Brian Dugan, Special Agent in Charge of the FBI Norfolk Field Office. “Today, I want to sincerely thank those partners for their teamwork and patience as we gathered the evidence needed for this investigation to come to a logical conclusion, as our law enforcement partners have been dealing with some of these offenders for over a decade. I hope that this operation gives them a return on investment for all the officers and resources they dedicated to assisting the investigation. This operation is a testament to the strong partnership the FBI has with local and state police, as well as sheriff’s offices, and how that partnership better protects our communities.”

“These arrests are just one of the many successful operations achieved over the years through the collaborative agency partnerships within the FBI Peninsula Safe Streets Task Force,” said Colonel Gary T. Settle, Virginia State Police Superintendent. “The Virginia State Police Bureau of Criminal Investigation’s Chesapeake Field Office is proud to have played a role in dismantling what had become a very violent, multi-tiered, drug trafficking organization spanning much of the Hampton Roads region.”

“Combating violent crime, illegal firearm possession and narcotics distribution within our communities remains at the forefront of the ATF mission,” said Craig Kailimai, Special Agent in Charge of the ATF’s Washington Field Division. “I am proud that our agents and partner agencies worked to bring some peace of mind back to the affected communities. ATF will continue leveraging its expertise to ensure that illegal firearms and deadly narcotics are removed from our streets.”

“Our community and surrounding jurisdictions are not immune to the violence stemming from illegal drug trafficking,” said Steve R. Drew, Chief of Newport News Police. “It has become a top priority to take illegal drugs and guns off our streets and holding those accountable for endangering our communities. We are proud to have been part of this proactive approach and are honored to have served with the U.S. Attorney’s office, and other federal and local agencies to combat this issue. We believe that together we can make a difference and create a safer environment for our community.”

“Today’s arrest is a clear demonstration of the exceptional cooperative effort among law enforcement in the Hampton Roads area,” said Stephen Jenkins, Chief of Portsmouth Police. “It exemplifies the effectiveness of collaboration between federal, state, and local agencies who have united to combat a suspected violent drug trafficking organization. This operation not only underscores the commitment of both federal and local law enforcement but also highlights their unwavering dedication to ensuring the safety of our community.”

Assistant U.S. Attorney Eric M. Hurt is prosecuting the case.

This effort is part of an Organized Crime Drug Enforcement Task Forces (OCDETF) operation. OCDETF identifies, disrupts, and dismantles the highest-level criminal organizations that threaten the United States using a prosecutor-led, intelligence-driven, multi-agency approach. Additional information about the OCDETF Program can be found at https://www.justice.gov/OCDETF.

A copy of this press release is located on the website of the U.S. Attorney’s Office for the Eastern District of Virginia. Related court documents and information are located on the website of the District Court for the Eastern District of Virginia or on PACER by searching for Case No. 4:23-cr-54.

An indictment is merely an accusation. The defendant is presumed innocent until proven guilty.

Source: Federal Bureau of Investigation FBI Crime News

Source: Federal Bureau of Investigation FBI Crime News

As part of its ongoing investigation into Bureau of Prisons (BOP) officials at Federal Correctional Institution (FCI) Dublin, two more federal prison correctional officers were charged for sexually abusing multiple female inmates.

Nakie Nunley, 48, of Fairfield, California, and Andrew Jones, 35, of Pleasanton, California, were each charged by information with multiple counts of sexually abusing female inmates and then lying about the abuse to federal investigators. Both Nunley and Jones were employed as federal correctional officers at the time of the abuse. Both have agreed to plead guilty in written plea agreements, which were filed concurrently with the charging documents.

“The sexual abuse charges and guilty pleas announced today are the result of the Department of Justice’s sustained commitment to rooting out sexual misconduct at the Bureau of Prisons,” said Deputy Attorney General Lisa O. Monaco. “As these guilty pleas reflect, we will continue to hold accountable correctional officers who abuse their positions of trust and fail to humanely care for those in their custody.”

“The FBI is unrelenting in its protection of the civil rights of all individuals, including those who are incarcerated,” said FBI Deputy Director Paul Abbate. “No matter where these crimes occur, violence of any type destroys the safety and protection that every person deserves. We will continue to pursue investigations into any Bureau of Prisons official who abuses their position and assaults those in their care.”

“This office’s ongoing investigation into the conditions at FCI Dublin has revealed significant wrongdoing by multiple correctional officers at that facility,” said U.S. Attorney Ismail J. Ramsey for the Northern District of California. “The Department of Justice will not tolerate misconduct in the care of incarcerated persons. Correctional officers have an obligation to ensure the safety of incarcerated persons, and all Bureau of Prisons employees should view these latest two prosecutions as confirmation that the Department of Justice will do its part to ensure that those who stray from these obligations are held accountable.”

“Nunley and Jones are the seventh and eighth individuals charged with sexually abusing inmates at FCI Dublin. Five individuals, including the Warden and Chaplain, have been convicted of sexual abuse of inmates,” said Inspector General Michael E. Horowitz. “The Department of Justice Office of the Inspector General  (DOJ-OIG) is continuing to investigate these heinous allegations at FCI Dublin and is aggressively pursuing justice for victims of sexual abuse at the hands of rogue BOP employees.”

“Incarcerated individuals should be able to serve their sentences without fear of being sexually assaulted by correctional institution staff,” said Special Agent in Charge Robert Tripp of FBI San Francisco Field Office. “Nakie Nunley and Andrew Jones abused their positions and will be held accountable. Protecting civil rights stands among the FBI’s highest priorities, and we will continue to investigate such claims as they come to light.”

Nunley was charged with engaging in sexual acts and sexual contacts with five women who were serving prison sentences at FCI Dublin at the time of the abuse. He was also charged with lying to federal investigators about the sexual abuse and writing sexually explicit notes with one of his victims. Jones was charged with engaging in sexual acts with three women who were serving prison sentences at FCI Dublin, as well as lying to federal investigators about sexually abusing one of these victims. 

Nakie Nunley

Nunley was employed as a correctional officer at FCI Dublin where he supervised prisoners who worked in UNICOR, a trade name for the federal prison industries. All of Nunley’s victims worked at the UNICOR call center at the time of his abuse. According to his plea agreement, Nunley admits that between March 2020 and November 2021, he engaged in sexual acts with two prisoners, including having oral and vaginal sex with one victim and digitally penetrating another victim on multiple occasions. He also admitted that he engaged in illegal sexual contacts with three other prisoners and that he lied to federal investigators about sexually abusing his victims and about sending one of his victims sexually explicit notes.

In addition to the five victims, Nunley also admitted in his plea agreement that he sexually abused two other prisoners who worked at UNICOR. Nunley admitted that he digitally penetrated one victim’s vagina and caused her to touch his penis under his pants, resulting in him ejaculating in her hand. Nunley admitted that he caused another victim to perform oral sex on him.

Nunley also admitted that he engaged in other inappropriate behavior. For example, Nunley agreed that he wrote sexual notes to one of his victims and made sexual comments to multiple victims. Moreover, when one of his victims approached him about his conduct towards another victim, Nunley threatened her by raising with her the potential that she could be transferred to another facility and that she could lose her job. Similarly, Nunley admitted that he told another victim that if she wanted to keep her job at UNICOR, she needed to pull down her underwear and bend over. When she complied, Nunley slapped her buttocks several times.

Andrew Jones

Jones was employed as a correctional officer at FCI Dublin where he supervised prisoners who worked in the Food Services Department. According to his plea agreement, between July 2020 and June 2021, Jones admitted that he received oral sex from, or had sexual intercourse with, three female prisoners who worked for him in the FCI Dublin kitchen. Jones admitted that he sexually abused these prisoners in multiple places near the FCI Dublin kitchen, including a staff bathroom, a warehouse, and a room where kitchen utensils were kept. In addition, like Nunley, Jones admitted in his plea agreement that he engaged in improper conduct in addition to the conduct for which he was charged in the Information. Specifically, Jones admitted that he also had sexual intercourse and received oral sex from an additional victim on multiple other occasions between July and December 2020, and that he had sexual intercourse with yet another victim multiple times between March and June 2021.

FCI Dublin Investigation

As part of the Justice Department’s ongoing investigation into FCI Dublin, eight FCI Dublin correctional officers, including the former Warden, have been charged with crimes related to the sexual abuse of the female prisoners at the facility. In December 2022, former Warden Ray J. Garcia was convicted by a jury of sexually abusive conduct against three female victims and was sentenced to 70 months in prison for his crimes. To date, the tally of correctional officers charged with misconduct as part of the Justice Department’s investigation are as follows:

NAME	CASE NUMBER	STATUS
Warden Ray J. Garcia	4:21-cr-00429-YGR	Convicted on all counts by jury on Dec. 8, 2022; sentenced to 70 months in prison
CO John Bellhouse	4:22-cr-00066-YGR	Convicted on all counts by jury on June 5; sentencing scheduled for Oct. 27
Chaplain James Highhouse	4:22-cr-00016-HSG	Pleaded guilty on Feb. 24, 2022; sentenced to 84 months in prison
CO Enrique Chavez	4:22-cr-00104-YGR	Pleaded guilty on Oct. 27, 2022; sentenced to 20 months in prison
CO Ross Klinger	4:22-cr-00031-YGR	Pleaded guilty on Feb. 10, 2022; sentencing scheduled for Dec. 13
CO Darrel Smith (aka “Dirty Dick Smith”)	4:22-cr-00110-YGR	Indicted on April 13; status conference scheduled for Aug. 3
CO Nakie Nunley	4:23-cr-00213-HSG	Information and Plea Agreement filed on July 13
CO Andrew Jones	4:23-cr-00212-HSG	Information and Plea Agreement filed on July 13

DOJ-OIG and the FBI investigated the case.

Assistant U.S. Attorneys Molly K. Priedeman and Andrew Paulson for the Northern District of California, with the assistance of Madeline Wachs, Sara Slattery, Christine Tian, Claudia Hyslop, Leeya Kekona, and Kay Konopaske, are prosecuting the case.