Dark Overlord hacks into US law firm systems and obtains 9/11 files

By Christine Duhaime | January 6th, 2019

According to news media, the hacking group Dark Overlord has hacked the systems of a large law firm in the US and obtained privileged and confidential records that were published online at Pastebin. The files are allegedly encrypted and the group is seeking payment in Bitcoin, failing which they will make all the documents available. Some documents were published in a preview on Twitter on an account since deactivated. Dark Overlord is the group that hacked over 50 targets, including Netflix and the computer systems of a plastic surgeon in London where they obtained ‘before and after’ photos of celebrities.

Dark Overlord allegedly sent a ransom note to professional firms involved in 9/11 litigation to “pay the fuck up” in Bitcoin. They are allegedly seeking compensation from banks, law firms, insurance companies and law enforcement agencies that were involved in 9/11 settlements.

In a podcast on Motherboard, a reporter who communicated with Dark Overlord, explains that they go where other hackers won’t go, but interestingly, says that all they actually care about is the acquisition of Bitcoin. The Motherboard reporter published a voice message of a sample demand for payment from Dark Overlord in which the person asks for Bitcoin with a UK accent.

So far, the affected US law firm has not sought a Court Order to prevent the disclosure of privileged and confidential documents and surprisingly, neither have their clients apparently demanded that they do so.

In addition to being media savvy, Dark Overlord allegedly asks victims to sign releases when payments of Bitcoin are made, although such releases are not legally enforceable.

The Bitcoin address to pay ransom in Bitcoin for the law firm hack is 192ZobzfZxAkacLGmg9oY4M9y8MVTPxh7U. Dark Overload is seeking 3.27 BTC as an initial payment. You can have a look and see if payments have come through on the Explorer. So far, one wallet address paid $11,830.09 in Bitcoin to Dark Overlord at 1 am on January 4, 2019.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Former DEA Agent says they were caught off guard on “deep infiltration” of Mexican cartel drug trafficking operation in Canada

By Christine Duhaime | January 1st, 2019

Notorious Sinaloa cartel

Andrew Hogan, a former agent of the Drug Enforcement Agency (DEA), who, as part of a multi-agency task force that included Homeland Security Investigations, successfully hunted and located the most wanted cartel leader in the world, El Chapo Guzman, says that when monitoring the Sinaloa’s activities, they [the DEA] were most surprised by the extent of El Chapo’s operations in Canada.

El Chapo was the head of the Sinaloa cartel in Mexico and the Sinaloa cartel was the most powerful drug cartel under his tenure.

Hunting El Chapo

In his bookHunting El Chapo“, Hogan describes how he and his colleagues monitored and traced cell phone records to locate El Chapo, and during that process, they learned how the Sinaloa was expanding to the Philippines, the UK, and the Netherlands, searching for commercial properties with refrigeration capabilities for drug trafficking purposes.

[Transnational criminal organizations seek refrigeration services because drugs are often trafficked internationally in bulk food shipments - steaks, vegetables. For example, the Montreal mafia are allegedly known to send drugs from the Dominican Republic to Canada hidden in refrigerated food products such as eggplants or green peppers.]

El Chapo’s “deep infiltration of Canada”

But Hogan writes: “We were caught off guard by his [El Chapo's] deep infiltration of Canada.” Keep in mind, this was late 2015 – not that long ago.

He writes: “In terms of profit, Chapo was doing more cocaine business in Canada than in the United States [... because retail cocaine in the United States is less profitable than in Canada].”

“His key cartel  lieutenants could exploit weaknesses in the Canadian system – the top heavy structure of the Royal Canadian Mounted Police hampered law enforcement efforts for even the most routine drug arrest and prosecution. It was a perfect match for Chapo – hindered law enforcement and an insatiable Canadian appetite for high grade coke,” writes Hogan.

Not surprising, most of what Hogan writes about Mexican drug cartel activities in Canada are connected only to Vancouver.

Mexican cartel helped by Iranians in Vancouver to traffic drugs

He describes how Iranians in Vancouver are in bed with the Sinaloa cartel and El Chapo, and work on the importation of drugs into Canada for the cartel.

He writes: “The Sinaloa cartel had built a formidable distribution structure, smuggling loads of cocaine across the Arizona border and hauling them to stash pads and warehouses in Tucson and Phoenix before they were driven by car to the Washington border where the loads would be thrown into private helicopters. The helicopters would jump the border and drop the coke out among the tall lodge pole pines of British Columbia. Chapo’s men had connections with Iranians in Canada.”

He describes how Canadian Iranians working for the cartel buy airplanes and smart phones for the cartel. Once the drugs are in Vancouver, it appears that the Iranians pass the drugs to the Hells Angels who are in charge of moving the drugs across Canada.

Fake Bananas Filled with Cocaine Shipped to Vancouver

In his book, Hogan describes how as they got deep into Sinaloa and cartel land in Mexico, nearing in on the capture of El Chapo, they came across a warehouse of green bananas and remnants of cocaine-cutting agents. The green bananas were plastic, used for international shipments. A single fake banana holds half a kilo of cocaine and Hogan writes: “Immediately I remembered how Hondo in British Columbia was constantly looking for a warehouse large enough to store fruit deliveries for the ‘Boss’. These fake bananas were most likely going directly to Vancouver to be unloaded then shipped out to cities all across Canada.”

Sinaloa cartel sends Mexican cartel member to live in Vancouver and launder their drug money

In “Hunting El Chapo,” Andrew Hogan also describes how the Sinaloa cartel sent one of their people to Vancouver, 22-year-old Jesus Esperanza, to run the money laundering and drug distribution operation for the cartel.

Esperanza’s front was to register as a student at a school called Columbia College in Vancouver. In actuality his job was to collect the proceeds of crime across Canada for El Chapo and arrange to launder it back to Mexico. Hogan describes how Esperanza sent reports to El Chapo providing a daily status report about the cartel’s business in Canada, which the DEA would read, such as:

  • Vancouver – Day X – Collected $560,000 [in proceeds of crime] and sold 95 kilos of cocaine in Vancouver;
  • Winnipeg – Day X – Collected $275,000 [in proceeds of crime] and sold 48 kilos of cocaine in Winnipeg; and
  • Toronto – Day X – Collected $2,000,000[ in proceeds of crime] and sold 150 kilos of cocaine in Toronto.

Over $1 billion annually from Canada in Mexican cartel proceeds of crime

As you can see, El Chapo pulled in $2,835,000 in cocaine sales on one day’s report in just three cities in Canada. Since drugs sales are 24/7, the annual take for El Chapo in Canada on an annual basis can probably be estimated to be $1,040,250,000, or slightly over $1 billion, which would have to be laundered back to Mexico from his lieutenants in Vancouver through financial intermediaries. You can read here how El Chapo and Sinaloa cartel members sent cocaine and fentanyl to Buffalo disguised as, or hidden in, food imports using private companies, and laundered the proceeds of crime through US banks.

El Chapo was captured on January 8, 2016, in Mexico, extradited to the US and is now on trial in New York for drug trafficking, money laundering and organized criminal activities.

In “Hunting El Chapo”, Hogan describes how officials at the Canadian phone manufacturer, Blackberry, provided intelligence related to the cellular phone use of El Chapo and other cartel members to the DEA and in the book, says that such information was provided quickly due to relationships forged with Blackberry. It is the intelligence from the use of Blackberry phones by El Chapo and the Sinaloa cartel, and the interception of Blackberry PIN messages and the pinging of Blackberry phones that led to the location and capture of El Chapo.

Columbian cartel in the mix in Canada

Hogan also makes passing reference to a Blackberry user named “Panchito”, who he believes was Hildebrando Alex Cifuentes-Villa, a member of the Columbia drug trafficking cartel Cifuentes-Villa, who worked with the Sinaloa cartel in Mexico. According to the cellular records analyzed by Hogan, members of the Sinaloa cartel sent “command and control messages” to Panchito “mostly about El Chapo’s Canada operations”, which seems to suggest that the Cifuentes-Villa family in Medellin, Columbia, was also involved in drug trafficking in Canada for El Chapo. The brother of Panchito is testifying in the trial of El Chapo in New York.

Well-known cartel leader obtains Canadian passport

Since El Chapo’s arrest, it is believed that the Cartel Jalisco Nueva Generacion (CJNG) led by former police officer El Mencho, whose real name is Nemesio Oseguera-Cervantes, is now Mexico’s most powerful cartel. The US government is offering a $10 million reward for the arrest of El Mencho.

The brother in law of El Mencho, Abigael Gonzalez Valencia, despite being a well-known cartel leader and international drug kingpin and on the US OFAC list [which prohibits anyone from providing financial or other services to him], was somehow able to obtain a Canadian passport (passport no. JX755855), which if not a fake passport, means that he acquired Canadian citizenship. He was indicted in the US in 2014 and is in jail. He has several other aliases on identity products including aliases Paul Jonathan Tak Toledo, Luis Angel Gomez Flores and Luis Angel Gonzalez Valencia and several dates of birth on his identity products ranging from October 1972 to 1979.

Abigael Gonzalez Valencia is also the brother of El Mencho’s wife, Rosalinda González Valencia. She is believed to be in charge of laundering all the proceeds of crime for the global operations of the CJNG. She was just released from jail on bail in Mexico. It is not known if El Mencho’s wife, the sister of the drug kingpin with the Canadian passport, Abigael Gonzalez Valencia, also obtained a Canadian passport or if El Mencho was able to obtain a Canadian passport as well.

The US Department of Justice considers the CJNG to be one of the five most dangerous transnational criminal organizations in the world.

One more Vancouver connection? Guiseppe Bugge, the Vancouver man who operated a digital currency exchange selling Bitcoin, and who police say was associated with organized crime, was gunned down at a shopping mall in CJNG-controlled territory in August 2018 in a cartel-style hit with over 140 bullets from machine guns.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Two US lawmakers introduce bills to prevent Iran from developing an ICO

By Christine Duhaime | December 27th, 2018

Two US lawmakers introduced bills to prevent Iran from being able to grow its planned government issued sovereign initial coin offering, or its own digital currency. Both bills add criminal liability to persons, financial institutions, correspondent banks and digital currency exchanges that facilitate transactions involving an Iranian digital currency. That criminal liability is in addition to existing liability for sanctions avoidance.

The US has expressed concern because the Iranian government has suddenly realized that digital currencies are ideal for sanctions avoidance and two Iranian government agencies recently made public statements for advancing the development of a sovereign ICO for several purposes, including sanctions avoidance.

The first, Bill HR 7321, introduced by Michael Gallagher in the House of Representatives, called the Blocking Iran Illicit Finance Act:

  • Would prohibit all transactions, financial and digital, related to Iran’s sovereign ICO in or through (e.g., correspondent banks) the US;
  • Would require the Secretary of the Treasury to report to Congress on the status of Iran’s ICO, and the involvement of the Central Bank of Iran, and in that report, to describe the technical assistance that China, Venezuela and Turkey are providing to develop the sovereign ICO, as well as how an ICO by Iran could be used for sanctions avoidance;
  • Would permit the US government to impose sanctions against persons or companies that assist Iran develop its sovereign ICO, including Blockchain development, or that list or re-sell the ICO or allow financial transactions to occur through a digital currency exchange or financial institution;
  • And with respect to foreign persons, companies and digital currency exchanges assisting Iran to list or re-sell its sovereign ICO, would include provisions prohibiting correspondent banks from opening, using or transferring digital currency assets associated with Iran’s sovereign ICO; blocking the transfer of sanctions digital currency assets from entering the US; and visa banning foreign persons who assist Iran with respect to its sovereign ICO, from entering the US;

The Bill describes a digital currency exchange expansively to include persons who sell or purchase, or facilitate the sale or purchase of digital currencies, even if not incorporated and as such would include employees of digital currency exchanges conducting, or approving trades.

The second, Bill S.3758, introduced by Ted Cruz, of the same name, is the same as HR 7321.

Iran has lax money laundering and terrorist financial laws and more relaxed implementation of what little law there is. For example, in this interview, the owner of an Iranian digital currency exchange that provided services to Iranians wanted for SamSam computer intrusions and Bitcoin ransoms, describes his compliance with AML and CTF law as follows for on-boarding customers –> they obtain a selfie with a bank card and the national ID card plus a telephone number of the customer. That’s it – no verification of ID, no third party confirmation, no verification of whether the photo is fake. And he goes on to explain that in Iran, once you “KYC” a person, “there’s no reason to be suspicious.”

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Iranian hacking group targets financial crime government organizations over sanctions

By Christine Duhaime | December 17th, 2018

The Charming Kitten hacking group from Iran (see original report here) has launched a new phishing attack to collect information from public officials connected with the imposition or enforcement of sanctions against Iran. The phishing program relies on untrained security experts at organizations who use 2 factor authentication (2FA) of GMail accounts by SMS, which is not secure. The hackers, believed to be tied to the IRGC, started  hacking US banks in connection with sanctions and have since moved on to journalists, think tank executives and political figures who are viewed as being against the Iranian regime.

According to this report, Charming Kitten has spent the last month trying to hack into the private emails 13 US Treasury officials and also targeted Honeywell International Inc., and Science Applications International Corp. to access information on tech break throughs. The campaign also targeted FinCEN.

Cybersecurity experts tied the hackers to sympathizers of the Iranian regime including nuclear officials in Pakistan, Jordan and Syria.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Q & A on the arrest of Huawei’s Meng Wanzhou in Canada

By Christine Duhaime | December 7th, 2018

Who is Meng Wanzhou?

Meng Wanzhou is the daughter of the founder of Huawei Technologies Co., one of the largest technology companies in the world based in China. Huawei is one of the largest companies in the world in artificial intelligence (“AI“). Wanzhou leads its AI development and she is the most powerful woman in the world in AI, bar none. She is also the most powerful woman in the world in tech. That’s because Huawei is the major 5G player in the world at the moment, even though Huawei has been effectively shut out of the US market over security concerns that the government of China would have a back door to access user data. On the AML side, she is a significant politically exposed person. She is believed to own expensive real estate in Vancouver, and may therefore be a permanent resident of Canada.

Where was she arrested? 

She was arrested at the Vancouver International Airport entering Canada.

Who arrested her? 

She was arrested by Canada, specifically Canadian law enforcement officials who acted on instructions from their Canadian superiors. Likely, officers from the FBI or other US law enforcement were on hand because this is their file.

Why was she arrested? 

She was arrested allegedly pursuant to an indictment obtained by the US Attorney from the Eastern District of New York (“EDNY“). According to US news reports, the indictment alleges that Huawei violated US sanctions laws involving Iran, Syria and Sudan. She is a senior officer of Huawei and was arrested in that capacity.

Was she incarcerated? 


Were her cell phones and laptop seized? 

Yes – its standard procedure.

Is she charged with an offence in Canada?


How was her arrest authorized? 

The US government would have to have sought the advance permission and assistance from the Canadian government for her arrest. That is because it occurred on Canadian soil and the use of Canadian law enforcement officials was needed for the arrest. It would also have involved officials from the US consulate office in Vancouver, who has jurisdiction over the file for the EDNY for the Canadian proceedings.

What level of approval was sought from Canadian officials for her arrest?

Its hard to say but one can speculate that a combination of facts suggests the highest levels must have approved the arrest – those facts are that: it involved the arrest of the most powerful woman in AI; it involved the largest technology company in the world; it happened at the time Montreal was hosting a G7 conference on AI; it would make international news for years to come; it would cause Canada to enter a deep freeze with China’s President Xi; it would impair Canada’s prospects for trade with China; and it would leave unanswered questions for China as to how come Canada will not return Chinese foreign nationals in Vancouver wanted for financial crimes in China but it will arrest, at the request of a foreign government, a globally high profile woman for similarly alleged financial crimes. In addition, the Extradition Act requires political approval for extradition arrests (see below).

How did they know she was flying to Canada?

International flight records are shared with law enforcement so they knew immediately when she booked a flight that she was landing in Canada and therefore, the wheels were put in motion for her arrest by the US government and the permission and assistance from Canada was then sought and obtained. They may have worked on it for weeks, or mere days depending upon how much in advance she booked her flight.

Is the arrest a surprise?

In some ways, no it is not unexpected. For two years, Huawei was aware that the US government was investigating it for sanctions avoidance involving Iran, Syria and the Sudan.  In April 2017, the US media reported that Huawei was subpoenaed two years ago from the US Treasury Department allegedly in respect of US sanctions law. Since it was widely reported in the international press, Huawei was aware of its potential exposure. The Company had US counsel in New York and Wanzhou, as the most visible person in the Company, would have been advised by US counsel of the risks of international travel to Canada when a sanctions investigation was in the works.

What are the allegations?

It is not known what the allegations are but they are believed to involve sanctions avoidance involving Iran. What that means is that the EDNY alleges that Huawei violated US sanctions law against Iran by either conducting financial transactions with Iran or Iranian foreign nationals, or supplying prohibited technology to Iran or Iranian foreign nationals. Sanctions avoidance is a financial crime. Wanzhou, as a senior officer of Huawei, would be one of several officers potentially exposed if there were sanctions violations.

What are sanctions? 

You can read more about US sanctions here. Sanctions avoidance involves several crimes, including usually deceptive practices so that correspondent banks in the US are not aware of Iranian transactions and unwittingly process wires, laundering the proceeds of crime from sanctions avoidance and other serious predicate offences.

Does Canada have sanctions? 

Yes, but they are not the same sanctions. Each country has its own sanctions program. Canada has more relaxed sanctions as against Iran, but in practice that does not matter because Canadian banks and financial institutions must make use of what are called correspondent banks, which are a handful of large US banks that provide US banking services to all of the banks in the world, and as a result of correspondent banking law, every Canadian bank is subject to US sanctions law when they process wires, domestic or foreign.

The US wants Wanzhou extradited – how does Canada’s extradition process work?

The Extradition Act authorizes the extradition of foreign nationals and Canadians from Canada.  In order to successfully extradite a person from Canada, several conditions must be met as follows:

  • the requesting country must have an extradition agreement with Canada;
  • the request must be for prosecuting or sentencing the person;
  • the alleged offence must carry a term of imprisonment of at least two years in the requesting country; and
  • the alleged conduct must be an offence in Canada (referred to as “dual criminality”) punishable in Canada by a term of imprisonment of at least two years.

The first step in extradition is the receipt of a request by the US. (completed)

Upon receipt of the request, the Minister of Justice issues an authority to proceed to the Attorney General for the committal of the person if the Minister is satisfied that extradition is permitted under the Extradition Act. (completed)

The Attorney General then arranges for the arrest of the person if the person is not already in custody.  (completed)

Once a person is arrested (completed), an extradition hearing is held to determine whether the person can be extradited.

There may be a bail hearing first to determine the flight risks of permitting the person to be released from prison. (in progress today).

At the extradition hearing, the judge must be satisfied that there is sufficient evidence to establish a prima facie case that an extraditable crime has been committed.  Subsequent to an extradition hearing, the person is either discharged, or committed to the Minister for physical removal.

As you can see from the above, the arrest of Wanzhou had to be authorized by two Canadian political ministries pursuant to the Extradition Act before she ever boarded an airplane and left China. Politically speaking, that will cause a deep freeze between Canada and China because that decision is a political one under the Extradition Act and Canada could have elected to decline to arrest Meng Wenzhou for political, judicial or other reasons.

What will be determinative at the extradition hearing?

The issue of dual criminality may be the determinative issue, as will financial crime. Wanzhou will likely argue that Huawei did not engage in financial transactions involving Iran and ergo did not commit sanctions avoidance and launder the proceeds of that crime through the international banking system. She may also argue in the alternative, that if the US can prove that financial transactions with Iran occurred in violation of US sanctions, the alleged criminal conduct is not an offence in Canada and will focus on Iranian sanctions law in Canada, assuming that the allegations involve Iranian sanctions. Whether the hearing involves money laundering allegations remains to be seen. Sanctions avoidance is a money laundering offence, and it is often pleaded because extradition is facilitated for financial crimes. On the other hand, Canadian courts and lawyers are not used to money laundering cases, or sanctions law, and it means that the outcome Wanzhou’s extradition case, either way, is hard to predict and will likely result in a significant settlement with the EDNY.

What sort of evidence does the US have?

Long before Wanzhou was arrested, the FBI and likely DHS would have obtained substantial financial records of wires from banks, as well as email records to build a case. They would have prepared affidavits of that evidence for an indictment.

Why is there a publication ban in Canada? 

It is not known why there is a publication ban on the litigation in British Columbia. There are no obvious legal reasons why a publication ban would have been granted and it is not constitutional – no one is at risk of harm in this case and in any event, the public interest in an open Court proceeding and the public’s right to know, outweigh any potential harm that could arise.

Will it cost Canada with China? 

Canadian government officials know that Wanzhou is the leading woman in AI in the world, and is important to China. Arresting her is like arresting Mark Zuckerberg – Canadian officials would have weighed the advantages and disadvantages of arresting her and decided that there were more advantages to Canada with arresting her. No question, it will seriously harm Canada’s relationship with China but Canada must have determined it was worth it for reasons that no doubt make sense to experienced people in politics.

Why is Wanzhou so important in the world?

Wanzhou is important because Huawei is the global leader in 5G technology, which we need if AI, big data and machine learning are to progress. While Huawei is the world’s no. 2 smartphone marker, it is the leader in telecommunications equipment, such as the hardware goes into cellular towers, Internet networks and infrastructure that enables modern communication. For self-driving cars and the Internet of Things to progress to power our cars, our appliances, our pace makers, our hospitals, our airplanes, our farm equipment, our crops and everything else, we need 5G.  We also need it to collect big data for machine learning. In essence, Huawei controls the data and information that runs through the 5G networks and whoever control the data, can access it, use it or manipulate it, which is the concern of US intelligence officials. Most importantly, whoever controls the data and the networks, essentially controls the world. And that person, until this week, was going to be the heir to the Huawei dynasty – Meng Wanzhou.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Iran ~ concerns mount over Bitcoin use for sanctions avoidance

By Christine Duhaime | December 1st, 2018

4 Iranians implicated in Bitcoin ransom extortions involving Canada

There was interesting news this week involving Iran and digital currencies that are concerning from a financial crime perspective for financial institutions.

On November 26, 2018, two Iranian foreign nationals were indicted in the US and charged with hacking and Bitcoin extortions that affected over 200 US companies and one Canadian university. According to the indictment, Iranians Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri earned over $6 million in Bitcoin from online Bitcoin ransom extortions from what is called the SamSam ransom extortions.

At the same time, OFAC blacklisted the Bitcoin wallet addresses of two other Iranian foreign nationals for facilitating the exchange of Bitcoin into fiat for, among others, the two indicted Iranians named above.

According to US Department of Treasury,  Ali Khorashadizadeh and Mohammad Ghorbaniyan, both from Iran, acted as a digital currency exchange and facilitated the trading of over 7,000 transactions in Bitcoin that were proceeds of crime from Bitcoin ransom payments. Khorashadizadeh and Ghorbaniyan are alleged to have used 40 different digital currency exchanges around the world and the banks of those exchanges, to trade in Bitcoin derived from proceeds of crime. OFAC has designated their Bitcoin wallet addresses as listed and therefore OFAC obligations are triggered in respect of those wallets for digital currency exchanges and financial institutions.

Bitcoin wallets listed

The two Bitcoin wallet address that are listed by OFAC are 149w62rY42aZBox8fGcmqNsXUzSStKeq8C and 1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V.

However, since the listing, one can see doing tracing that there may have been a sanctions violation in respect of both of them because Bitcoin has been transferred to them since they were listed. There are other SamSam ransom wallets that  that appear in extortion demands including 1MddNhqRCJe825ywjdbjbAQpstWBpKHmFR which received over 30 BTC when Bitcoin was at its highest point.

According to the US Department of Treasury, SamSam ransom demands are associated with the Iranian digital currency exchange  www.enexchanger.com and the following email addresses:

  • EnExchanger@gmail.com
  • Ensaniyat1365@gmail.com
  • iranvisacart@yahoo.com;
  • mastercartaria@yahoo.com
  • alikhorashadi@yahoo.com
  • toppglasses@gmail.com
  • iranian_boy5@yahoo.com.

According to its website, EnExchanger is managed by Ghorbaniyan in Tehran and its website says in Farsi that ID is required to buy, sell or trade digital currencies on the exchange (این مجموعه بدون تایید هویت افراد هیچ گونه خدماتی ارائه نخواهد داد.), which would mean that it has records of who is moving money out of Iran and to what wallets (ergo, what pooled wallets, which would tell you to what exchanges and in what country).

The OFAC listing of the two Bitcoin wallets does not clarify whether the two wallets are the pooled wallets of the Iranian digital currency exchange holding customer coins in trust or whether they are, as suggested, the personal wallets of the two Iranian foreign nationals who moved money for the Iranian Bitcoin ransom extortionists.

Iranians confirm using foreign exchanges and mining to move money from Iran

The next day, Iranian foreign nationals informed CoinDesk that they are customers of, and conducted financial transactions on the Denver-based digital currency exchange called Shapeshift, apparently operates in part from Toronto with several Canadian officers. Shapeshift is known for conducting financial transactions from and to anywhere in the world without opening customer accounts and without undertaking client identification and verification pursuant to what they called a “no passport” policy.

CoinDesk also learned from Iranian foreign nationals that they were engaged in mining digital currencies, which is of concern because the resulting digital currencies can be sent anywhere in the world without detection and one miner of Bitcoin in Iran indicated that he does precisely that — mines for digital currencies and sends the digital currencies abroad, irrespective of sanctions.

While several countries do not have the same level of economic sanctions prohibiting all financial transactions from Iran, they all use correspondent banks and therefore all banks around the world are subject to US sanctions laws in respect of their correspondent banking relationships.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

In Canada, people associated with the Mafia and drug dealers are issued cannabis licences according to CBC News Report

By Christine Duhaime | November 4th, 2018

According to a news story in French on CBC News, the government of Canada has issued licences to a cannabis company that has ties to the Mafia, and to major drug traffickers and Canada has also issued another licence to a cannabis company whose shareholders include major drug traffickers.

The journalist in the story notes that the Canadian government vetted and approved criminal elements when issuing licences when the documentation submitted was transparent (meaning the ties to a TCO were available for discovery on a routine due diligence). According to the story, all that the government does in terms of an investigation and due diligence to issue a licence to a cannabis company in Canada is conduct a litigation search and a criminal record search of a company applying.

According to the news story, the investigation work undertaken by the Government of Canada does not include a review of corporate entities (e.g., shareholders, offices, directors) or beneficial ownership. It does not include a search as against sanctions lists or terrorists lists either.

According to the story, the reason a proper due diligence on cannabis licence holders is not completed is because it involves ‘too much investment, too much time, too much money.’

Bottom line? Unfortunately, it may mean that in Canada, if you are a bank, you will not be able to place any weight on the fact that a cannabis company was granted a licence from Canada given that associates of the Mafia can obtain a licence and that means that all cannabis license holders pose a reputational, criminal and money laundering risk to a financial institution.

The CBC report declined to name those cannabis licence holders associated with TCOs.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Digital currency exchange CEO who spent customers’ Bitcoin settling with SEC and awaiting criminal sentencing

By Christine Duhaime | October 23rd, 2018

Exchange CEO Indicted

The CEO of a digital currency exchange who pleaded guilty after being indicted in New York for, inter alia, selling Bitcoin to US residents illegally and then stealing it from them by removing it from the exchange’s pooled wallet, is awaiting sentencing for the criminal proceeding against him, and is also negotiating a settlement with the SEC.

Opened Accounts for American Residents

Jon Montroll operated an Australian company that provided digital currency exchange services online to US residents which allowed them to deposit US dollars and to deposit and withdraw Bitcoin. Montroll also operated another platform and co-mingled customers Bitcoin from both platforms in one pooled Bitcoin wallet that he had complete control over.

Bitcoin removed from Exchange by its Officers

For  close to a year, Montroll took Bitcoin from the exchange’s pooled wallet that belonged to customers and cashed out the customers’ Bitcoin and spent it. Digital currency exchanges are deposit-taking, and hold funds in trust for customers, and as a result are not permitted to spend Bitcoin held in trust.

Publicly Represented Company was Successful, When it was Not

Montroll’s platforms allegedly also suffered a hack which depleted the Bitcoin reserves of the exchange. When the Bitcoin was depleted from the pooled wallet, the CEO failed to disclose to customers that there was insufficient Bitcoin liquidity left and instead continued to promote the exchange services, “falsely representing to the public that the exchange was commercially successful” and viable when he knew it was not and there was insufficient liquidity to pay back any customers who may have wanted to cash out Bitcoin.

According to the indictment, the misrepresentations of the CEO led to the exchange acquiring an additional 978 Bitcoin from unsuspecting customers. In essence it was a Ponzi scheme where new customers with fresh Bitcoin were induced onto the platform to replenish the Bitcoin the CEO had taken and spent, while the CEO knew all the while that there would never be enough Bitcoin to pay back previous or new customers.

Montroll was indicted on a number of offences including wilfully, manipulatively and deceptively selling illegal securities; engaging in fraud; and making untrue and false statements to defraud the public. In addition, he was indicted for misappropriating customer funds, aka Bitcoin, and spending it without permission from the customers. He was also indicted for obstruction of justice for lying about the liquidity and number of Bitcoin in the pooled corporate digital currency wallet. In order to deflect law enforcement, he provided a screen shot purportedly showing the balance of the company pooled Bitcoin wallet but it was a fake document in that it was a screen shot of manual adjustments and balances, not of the actual balance in the pooled wallet.

Montroll faces a sentence of incarceration of up to 20 years in US federal prison and will be sentenced in January 2019.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

FinCEN Employee Arrested for Illegally Disclosing SARs

By Christine Duhaime | October 19th, 2018

Arrest of FinCEN employee for SARs disclosure

The US government has arrested an employee of FinCEN for providing copies of suspicious activity reports (“SAR”)  to the media.

SARs disclosure is illegal 

SARs are required to be filed and submitted by certain reporting entities, such as banks, to FinCEN when the bank or its employees, have reasonable grounds to suspect that a financial transaction is associated with money laundering.

SARs contain invasively personal and private information of a person or a company and because they involve a subjective determination, can cause harm to a person or a business if filed without justification. As a result, the legislation protects the filer of the information and also protects the filing itself.

It is a criminal offence to disclose the filing of a SAR, or the contents of such to anyone other than FinCEN (or in Canada, FINTRAC). Reporting entities such as banks and casinos, that file SARs (STRs in Canada), are protected from law suits over wrongful filings provided they themselves do not violate the disclosure laws. The reason for the protection in respect of reporting entities such as banks is that they would not provide full disclosure if there was a possibility, however remote, that the public or the media would see a filed SAR. Reporting entities that give copies of STRs to other government agencies or to law enforcement in violation of federal law are not protected and such unauthorized disclosures can be compelled by anyone under privacy legislation because the disclosure thereof to unauthorized parties render them a non-protected document.

Endangers lives of AML & bank officers

The disclosure of a SAR could endanger the lives of bank employees and AML officers. That is because AML officers report cases of serious criminality often involving organized crime and if not organized crime, then certainly criminal elements who may not hesitate to harm an AML officer in connection with a SAR. In this case, the FinCEN employee went so far as to disclose to the media that SARs were filed by Citibank’s AML officers over their client, the Embassy of Russia, which is the confidential business information of Citibank and of the Embassy of Russia, and places a risk on the AML officers of Citibank.

Disclosure of terrorist financing reports

According to the criminal complaint, over the course of a year, the FinCEN employee, Natalie Edwards, allegedly provided SARs to a reporter and described the contents of several other SARs over Telegram. At first, she allegedly lied to the FBI and denied having supplied federal records to a reporter and then subsequently allegedly admitted it.

She is alleged to have saved 24,000 FinCEN files on a flash drive, including many SARs and records of a highly sensitive nature involving financial transactions of Iranian foreign nationals and terrorist financing of ISIS, the disclosure of which may adversely impact international security.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

FinCEN issues money laundering advisory for Iran’s use of Bitcoin and digital currencies

By Christine Duhaime | October 14th, 2018

FinCEN has issued an advisory for Iran that specifically is targeted for digital currency exchanges, banks and foreign banks so that the latter can understand their obligations under the correspondent banking system. The advisory is interesting because it is one of first instances of an attempt to provide guidance to foreign banks in respect of the reach of US financial crime law arising from the correspondent banking system. Often foreign banks, and in particular, digital currency exchanges, are not aware of the correspondent banking system and how US AML / CTF / sanctions law is applicable to them.

The practice in Iran is to move money out to Dubai and from there, banks and money services businesses sanctions-strip the money and move it to the US, Germany, UK or Canada. Sanctions-stripping is a way of providing originating information for banks that strips the origin of the money from being associated with Iran, an Iranian foreign national, or a person who holds an Iranian passport.

The FinCEN Advisory directs US correspondents to go back to foreign banks they provide services to (including Canadian banks) and seek additional information to ascertain that they are not being used for sanctions avoidance from Iran. In other words, to determine if sanctions-stripping of data occurred.

Here is a common example in Canada –  an Iranian foreign national, almost always an undisclosed politically exposed person (“PEP“) immigrating to Canada opens a bank account in Dubai and wires money to that bank. The bank then wires it to a bank located in Quebec as part of a paid investor immigration program and strips out the originating information that the funds originated from Iran or an Iranian foreign national. The Dubai bank and the bank in Quebec know the funds involve an Iranian foreign national (the latter because they administer investor immigration funds) but that information is stripped. The money moves through a US correspondent bank in New York as originating from Dubai. The US correspondent bank is unaware that it handled Iranian funds from a PEP that may be subject to US sanctions. The US correspondent bank is then exposed to potential criminal liability in the US for unknowingly dealing in funds from Iran. Often, a money services business in Dubai acts as the facilitator whereby they are the party wiring funds to Canada secretly for an Iranian foreign national.

According to the Advisory, officials tied to the Central Bank of Iran, in particular, are being deployed to move money internationally to finance terrorism through Dubai and other cities in the United Arab Emirates. The Advisory provides examples including of an Iranian airline that moved money to Canada through Germany to finance terrorism. All Iranian foreign nationals use third parties and third party countries to move money – they have to because it is near impossible to export money in any form from Iran directly to another foreign financial institution except to Dubai and a handful of other countries whose banks deal with Iranian funds.

Enter Bitcoin – Bitcoin and other digital currencies allow for the movement of funds from Iran to anywhere in the world because they are decentralized and are outside of the formal financial system. The Advisory estimates that at least $3.8 million is exiting Iran through Bitcoin annually using digital currency exchanges.

And that brings us to so-called sovereign initial coin offerings (“SOV“); they are ICOs issued by a government. A SOV is a new digital currency issued off an existing or a new Blockchain by a government agency. Venezuela is an example of a country that issued a SOV called the Petro coin for sanctions avoidance on the NEM Blockchain, that can be bought with NEM coins. Here, you can read how millions of dollars of stolen NEM coin were allegedly traced and traded at a Vancouver digital currency exchange. That means that the Petro coin from Venezuela apparently issued for US sanctions avoidance, can be bought with NEM at a Vancouver digital currency exchange without visibility because that exchange trades NEM. If you can buy the Petro coin in Vancouver with NEM for sanctions avoidance, you will likely be able to buy an Iranian SOV.

Last month, Iran issued a notice that it was working on a SOV and the concern is that it will be used, like Venezuela, for sanctions avoidance.

The Advisory suggests that banks and foreign digital currency exchanges monitor IP addresses and engage in Blockchain tracing to ascertain the origin of digital currency trades from Iran, although the latter is harder to do than the Advisory suggests. No Blockchain identifies the origination of a transaction – only IP tracing can do that and with Iran’s heavy use of VPNs countrywide, such tracing is difficult.

You can, however, trace to Iranian wallets and that is where the focus should be on, in addition to utilizing competent AML, CTF and sanctions compliance methods. And in addition, banks and digital currency exchanges should know the typologies in respect of Iran — for example, the trades of digital currencies involving Iran in Canada typically take place involving former Iranians in Canada with a Canadian passport. The movement of money to and from Iran is closely transacted among persons of Iranian origin and specifically those with a Canadian passport (meaning those with undisclosed dual passports – one they use to travel from Dubai to Canada which they then switch out and hide and the second one they use to travel from Tehran to Dubai, and vice versa).

Iranian foreign nationals can only move money to Canada if they use banks, which means a US correspondent bank is being used unwittingly and unknowingly, or if they use digital currencies. They can use cash but it is bulky and they use credit card credits (e.g., pre-paying a Visa card so that the money can be spent in another country by another person. Leaving a large credit balance on an American Express or Visa credit card is a red flag for money laundering and sanctions avoidance).

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email