Source: Fox News
Source: ABC News
FOR IMMEDIATE RELEASE
Contact: DEA Public Affairs
FOR IMMEDIATE RELEASE
Tuesday, March 21, 2017
Lithuanian Man Arrested For Theft Of Over $100 Million In Fraudulent Email Compromise Scheme Against Multinational Internet Companies
Joon H. Kim, the Acting United States Attorney for the Southern District of New York, and William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced criminal charges against EVALDAS RIMASAUSKAS for orchestrating a fraudulent business email compromise scheme that induced two U.S.-based internet companies (the “Victim Companies”) to wire a total of over $100 million to bank accounts controlled by RIMASAUSKAS. RIMASAUSKAS was arrested late last week by authorities in Lithuania on the basis of a provisional arrest warrant. The case has been assigned to U.S. District George B. Daniels.
Acting U.S. Attorney Joon H. Kim said: “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control. This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals. And this arrest should serve as a warning to all cyber criminals that we will work to track them down, wherever they are, to hold them accountable. The charges and arrest in this case were made possible thanks to the terrific work of the FBI and the cooperation of the victim companies and their financial institutions. We thank the companies and their banks for acting quickly, coming forward promptly, and cooperating with law enforcement; it led not only to the charges announced today, but also the recovery of much of the stolen funds.”
FBI Assistant Director William F. Sweeney Jr. said: “As alleged, Evaldas Rimasauskas carried out a business email compromise scheme creatively targeting two very specific victim companies. He was initially successful, acquiring over $100 million in proceeds that he wired to various bank accounts worldwide. But his footprint would eventually lead investigators to the truth, and today we expose his lies. Criminals continue to commit a wide variety of crimes online, and significant cyber data breaches have had a negative impact across a variety of industries. The FBI will continue to work with our domestic and international partners to pursue criminals who engage in this type of activity, wherever they may be hiding.”
According to the allegations contained in the Indictment unsealed today:
From at least in or around 2013 through in or about 2015, RIMASAUSKAS orchestrated a fraudulent scheme designed to deceive the Victim Companies, including a multinational technology company and a multinational online social media company, into wiring funds to bank accounts controlled by RIMASAUSKAS. Specifically, RIMASAUSKAS registered and incorporated a company in Latvia (“Company-2”) which bore the same name as an Asian-based computer hardware manufacturer (“Company-1”), and opened, maintained, and controlled various accounts at banks located in Latvia and Cyprus in the name of Company-2. Thereafter, fraudulent phishing emails were sent to employees and agents of the Victim Companies, which regularly conducted multimillion-dollar transactions with Company-1, directing that money the Victim Companies owed Company-1 for legitimate goods and services be sent to Company-2’s bank accounts in Latvia and Cyprus, which were controlled by RIMASAUSKAS. These emails purported to be from employees and agents of Company-1, and were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents of Company-1, but in truth and in fact, were neither sent nor authorized by Company-1. This scheme succeeded in deceiving the Victim Companies into complying with the fraudulent wiring instructions.
After the Victim Companies wired funds intended for Company-1 to Company-2’s bank accounts in Latvia and Cyprus, RIMASAUSKAS caused the stolen funds to be quickly wired into different bank accounts in various locations throughout the world, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong. RIMASAUSKAS also caused forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the Victim Companies, and which bore false corporate stamps embossed with the Victim Companies’ names, to be submitted to banks in support of the large volume of funds that were fraudulently transmitted via wire transfer.
Through these false and deceptive representations over the course of the scheme, RIMASAUSKAS, the defendant, caused the Victim Companies to transfer a total of over $100,000,000 in U.S. currency from the Victim Companies’ bank accounts to Company-2’s bank accounts.
RIMASAUSKAS, 48, of Vilnius, Lithuania, is charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft, which carries a mandatory minimum sentence of two years in prison.
The maximum potential sentences are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.
Mr. Kim praised the outstanding investigative work of the FBI, and thanked the Prosecutor General’s Office of the Republic of Lithuania, the Lithuanian Criminal Police Bureau, the Vilnius District Prosecutor’s Office and the Economic Crime Investigation Board of Vilnius County Police Headquarters for their assistance in the investigation and arrests, as well as the Department of Justice’s Office of International Affairs.
The case is being prosecuted by the Office’s Complex Frauds and Cybercrime Unit. Assistant U.S. Attorney Eun Young Choi is in charge of the prosecution. Assistant U.S. Attorney Edward Diskant is handling the forfeiture aspects of the prosecution.
The charges contained in the Indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.
 As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.
USAO – New York, Southern
Download U.S. v. Evaldas Rimasauskas Indictment
Updated March 21, 2017
Department of Justice
Office of Public Affairs
FOR IMMEDIATE RELEASE
Wednesday, March 22, 2017
ZTE Corporation Pleads Guilty for Violating U.S. Sanctions by Sending U.S.-Origin Items to Iran
ZTE Corporation pleaded guilty today to conspiring to violate the International Emergency Economic Powers Act (IEEPA) by illegally shipping U.S.-origin items to Iran, obstructing justice and making a material false statement.
Attorney General Jeff Sessions of the U.S. Department of Justice, Acting Assistant Attorney General Mary B. McCord for National Security, U.S. Attorney John R. Parker for the Northern District of Texas and Assistant Director Bill Priestap for the FBI’s Counterintelligence Division made the announcement today. The plea was entered before U.S. District Judge Ed Kinkeade.
Specifically, ZTE pleaded guilty to one count of conspiring to unlawfully export in violation of the IEEPA, one count of obstruction of justice and one count of making a material false statement. ZTE agreed to pay a fine in the amount of $286,992,532 and a criminal forfeiture in the amount of $143,496,266, and submit to a three-year period of corporate probation, during which time an independent corporate compliance monitor will review and report on ZTE’s export compliance program.
As previously announced on March 7, at the time that ZTE agreed to plead guilty, the Corporation simultaneously reached settlement agreements with the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) and the U.S. Department of the Treasury’s Office of Foreign Assets Control. In total ZTE has agreed to pay the U.S. Government $892,360,064. The BIS has suspended an additional $300,000,000, which ZTE will pay if it violates its settlement agreement with the BIS.
According to plea documents filed in the case, between January 2010 and January 2016, ZTE, either directly or indirectly through a third company, shipped approximately $32,000,000 of U.S.-origin items to Iran without obtaining the proper export licenses from the U.S. government. In early 2010, ZTE began bidding on two different Iranian projects. The projects involved installing cellular and landline network infrastructure. Each contract was worth hundreds of millions of U.S. Dollars and required U.S. components for the final products.
In December 2010, ZTE finalized the contracts with Iranian customers. The contracts were signed by four parties: the Iranian customer, ZTE, Beijing 8 Star and ZTE Parsian (ZTE’s subsidiary in Iran). Court documents explain that ZTE identified Beijing 8 Star (8S) as a possible vehicle for hiding its illegal shipments of U.S. items to Iran. It intended to use 8S to export U.S.-origin items from China to ZTE customers in Iran. As part of this plan, ZTE supplied 8S with necessary capital and took over control of the company.
Under the terms of the Iran contracts, ZTE agreed to supply the “self-developed equipment,” collect payments for the projects and manage the whole network. ZTE Parsian was to provide locally purchased materials and all services. 8S was responsible for “relevant third-party equipment,” which primarily meant parts that would be subject to U.S. export laws. ZTE intended for 8S to be an “isolation company,” that is, ZTE intended for 8S (rather than ZTE) to purchase the embargoed equipment from suppliers and provide that equipment under the contract in an effort to distance ZTE from U.S. export-controlled products, and insulate ZTE from U.S. export violations. However, 8S had no purchasing or shipping history and no real business reputation.
Ultimately, although 8S was a party to the contracts, ZTE itself purchased and shipped the embargoed goods under the contract. In its shipping containers, it packaged the U.S. items with its own self-manufactured items to hide the U.S.-origin goods. ZTE did not include the U.S. items on the customs declaration forms, though it did include the U.S.-origin items on the packing lists included inside of the shipments.
In early 2011, when ZTE determined that the use of 8S was insufficient to hide ZTE’s connection to the illegal export of U.S.-origin goods to Iran, senior management of ZTE ordered that a company-level export control project team study, handle and respond to the company’s export control risks. In September 2011, four senior managers signed an Executive Memo, which proposed that the company identify and establish new “isolation companies” that would be responsible for supplying U.S. component parts necessary for projects in embargoed countries. The isolation companies would conceal ZTE’s role in the transshipment scheme and would insulate ZTE from export control risks.
In March 2012, Reuters published an article regarding ZTE’s sale of equipment to Iran. In response, ZTE made a decision to temporarily cease sending new U.S. equipment to Iran. By November 2013, however, ZTE had resumed its business with Iran. Beginning in July 2014, ZTE began shipping U.S.-origin equipment to Iran once again without the necessary licenses.
Instead of using 8S, however, ZTE identified a new isolation company. ZTE signed a contract with the new isolation company, which in turn signed contracts with the two Iranian customers. According to the new scheme, ZTE purchased and manufactured all relevant equipment – both U.S.-origin and ZTE-manufactured – and prepared them for pick-up at its warehouse by the new isolation company. The new isolation company then shipped all items to the Iranian customers. Shipments to Iran continued from January 2014 through January 2016.
Despite its knowledge of an ongoing grand jury investigation into its Iran exports, according to plea documents, ZTE took several steps to conceal relevant information from the U.S. government. It further took affirmative steps to mislead the U.S. government. In the summer of 2012, ZTE asked each of the employees who were involved in the Iran sales to sign nondisclosure agreements in which the employees agreed to keep confidential all information related to the company’s U.S. exports to Iran.
During meetings throughout late 2014, late 2015 and early 2016, outside counsel for ZTE, unaware that the statements ZTE had given to counsel for communication to the U.S. Government were false, represented to the DOJ and federal law enforcement agents that ZTE had stopped doing business with Iran and therefore was no longer violating U.S. export laws. Similarly, on July 8, 2015, in-house counsel for ZTE accompanied outside counsel in a meeting with the DOJ and federal law enforcement agents and reported that ZTE was abiding by U.S. laws. That statement was also false.
ZTE also hid data related to its resumed illegal sales to Iran from a forensic accounting firm hired by defense counsel to conduct an internal investigation into the company’s Iran sales. ZTE knew the forensic accounting firm was reviewing its systems and knew that the analysis was being reported to the DOJ and U.S. law enforcement. To avoid detection of its 2013-2016 resumed illegal sales to Iran, ZTE formed the “contract data induction team” (“CDIT”). The CDIT was comprised of approximately 13 people whose job it was to “sanitize the databases” of all information related to the 2013-2016 Iran business. The team identified and removed from the databases all data related to those sales. ZTE also established an auto-delete function for the email accounts of those 13 individuals on the CDIT, so their emails were deleted every night – a departure from its normal practices – to ensure there were no communications related to the hiding of the data.
The case is being prosecuted by Deputy Chief Elizabeth Cannon of the National Security Division’s Counterintelligence and Export Control Section and Assistant U.S. Attorney Mark Penley of the Northern District of Texas.
National Security Division (NSD)
USAO – Texas, Northern
Counterintelligence and Export Control
Updated March 23, 2017
National Cyber Awareness System:
03/23/2017 04:27 PM EDT
Original release date: March 23, 2017
US-CERT has received reports of email-based phishing campaigns targeting airline consumers. Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information.
National Cyber Awareness System:
The Network Time Foundation’s NTP Project has has released version ntp-4.2.8p10 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.
US-CERT encourages users and administrators to review the NTP Security Notice Page for vulnerability and mitigation details.