International law enforcement operation targeting opioid traffickers on the Darknet results in over 170 arrests worldwide and the seizure of weapons, drugs and over $6.5 million


Darknet narcotics vendors selling to tens of thousands of U.S. residents charged

On September 22, 2020, the Department of Justice, through the Joint Criminal Opioid and Darknet Enforcement team, joined Europol to announce the results of Operation DisrupTor, a coordinated international effort to disrupt opioid trafficking on the Darknet.

The operation, which was conducted across the United States and Europe, demonstrates the continued partnership between JCODE and Europol against the illegal sale of drugs and other illicit goods and services. Operation DisrupTor builds on the success of last year’s and the coordinated law enforcement ,one of the largest illegal online markets on the dark web..

Following the Wall Street Market takedown in May 2019, U.S. and international law enforcement agencies obtained intelligence to identify Darknet drug traffickers, resulting in a series of complementary, but separate, law enforcement investigations. Operation DisrupTor actions have resulted in the arrest of 179 Darknet drug traffickers and fraudulent criminals who engaged in tens of thousands of sales of illicit goods and services across the United States and Europe.

This operation resulted in the seizure of over $6.5 million in both cash and virtual currencies; approximately 500 kilograms of drugs worldwide; 274 kilograms of drugs, including fentanyl, oxycodone, hydrocodone, methamphetamine, heroin, cocaine, ecstasy, MDMA, and medicine containing addictive substances in the United States; and 63 firearms. 

Darknet vendor accounts were identified and attributed to real individuals selling illicit goods on Darknet market sites such as AlphaBay, Dream, WallStreet, Nightmare, Empire, White House, DeepSea, Dark Market and others. By leveraging complementary partnerships and surging resources across the U.S. government and Europol, Operation DisrupTor was used to significantly disrupt the online opioid trade and send a strong message that criminals operating on the Darknet are not beyond the reach of law enforcement. 

Operation DisrupTor led to 121 arrests in the United States including two in Canada at the request of the United States, 42 in Germany, eight in the Netherlands, four in the United Kingdom, three in Austria, and one in Sweden. A number of investigations are still ongoing to identify the individuals behind dark web accounts.

“Criminals selling fentanyl on the Darknet should pay attention to Operation DisrupTor,” said Deputy Attorney General Jeffrey Rosen. “The arrest of 179 of them in seven countries—with the seizure of their drug supplies and their money as well—shows that there will be no safe haven for drug dealing in cyberspace.”

“The 21st century has ushered in a tidal wave of technological advances that have changed the way we live,” said DEA Acting Administrator Timothy J. Shea. “But as technology has evolved, so too have the tactics of drug traffickers. Riding the wave of technological advances, criminals attempt to further hide their activities within the dark web through virtual private networks and tails, presenting new challenges to law enforcement in the enduring battle against illegal drugs. Operation DisrupTor demonstrates the ability of DEA and our partners to outpace these digital criminals in this ever-changing domain, by implementing innovative ways to identify traffickers attempting to operate anonymously and disrupt these criminal enterprises.”

“With the spike in opioid-related overdose deaths during the COVID-19 pandemic, we recognize that today’s announcement is important and timely,” said FBI Director Christopher Wray. “The FBI wants to assure the American public, and the world, that we are committed to identifying Darknet drug dealers and bringing them to justice. But our work does not end with today’s announcement. The FBI, through JCODE and our partnership with Europol, continues to be actively engaged in a combined effort to disrupt the borderless, worldwide trade of illicit drugs. The FBI will continue to use all investigative techniques and tools to identify and prosecute Darknet opioid dealers, wherever they may be located.”

“U.S. Immigration and Custom’s Enforcement’s Homeland Security Investigations has played an integral role in Operation DisrupTor which has effectively removed opioids from our communities,” said ICE Acting Deputy Director Derek Benner. “It has been an honor to work alongside our domestic and international law enforcement partners and pursue bad actors hiding on the Darknet. Our trained cyber analysts and investigators have conducted undercover efforts that target dark website operators, vendors and prolific buyers of these dangerous drugs. HSI special agents employ unique investigative capabilities to trace and identify the proceeds stemming from the distribution and online sales of fentanyl and other illicit opioids. These efforts will continue to thwart a significant amount of criminal drug sale activity and deter criminals believing they can operate with anonymity on the Darknet.”

“The U.S. Postal Inspection Service has worked diligently for years to rid the mail of illicit drug trafficking and preserve the integrity of the mail,” said Chief Postal Inspector Gary Barksdale. “Most importantly, these efforts provide a safe environment for postal employees and the American public. Today’s announcement serves as an outstanding example of the worldwide impact Postal Inspectors can make through our ever-growing partnerships with federal and international law enforcement agencies. On behalf of the U.S. Postal Service, we offer our sincere appreciation to all of our partners in this operation who helped protect the nation’s mail, and we pledge to never relent in our pursuit of criminals seeking to exploit the U.S. mail.”

“Law enforcement is most effective when working together, and today’s announcement sends a strong message to criminals selling or buying illicit goods on the dark web: the hidden internet is no longer hidden, and your anonymous activity is not anonymous,” said Edvardas Šileris, the Head of Europol’s European Cybercrime Centre. “Law enforcement is committed to tracking down criminals, no matter where they operate – be it on the streets or behind a computer screen.”

The extensive operation, which lasted nine months, resulted in over dozens of federal prosecutions including:

  • The Los Angeles JCODE Task Force, in conjunction with the U.S. Attorney’s Office for the Central District of California, successfully dismantled a drug trafficking organization that used online monikers such as “Stealthgod” to sell methamphetamine and MDMA on multiple Darknet marketplaces. Investigators have linked the crew to more than 18,000 illicit drug sales to customers in at least 35 states and numerous countries around the world. During law enforcement actions in Southern California earlier this year, members of JCODE arrested five defendants and seized approximately 120 pounds of methamphetamine, seven kilograms of MDMA and five firearms. Two of the five – Teresa McGrath, 34, of Sunland-Tujunga, and Mark Chavez, 41, of downtown Los Angeles – have since pleaded guilty to narcotics-trafficking and other offenses, and each faces a 15-year mandatory minimum sentence. As the investigation continued, the Los Angeles JCODE Task Force made additional seizures, including $1.6 million in cryptocurrency, 11 pounds of methamphetamine and 14 pounds of pills pressed with methamphetamine. Andres Bermudez, 37, of Palmdale, California, who allegedly was a main supplier of methamphetamine to the “Stealthgod” crew, was charged last week with a narcotics-trafficking offense that carry a 10-year mandatory minimum sentence. He is considered a fugitive.
  • Arden McCann, 32, of Quebec, Canada, was charged with conspiring to import drugs into the United States and money laundering conspiracy, in a four-count indictment returned by a grand jury in Atlanta. According to court documents, the defendant is alleged to have imported alprazolam, fentanyl, U-47700, and fentanyl analogues such as carfentanil, furanyl fentanyl, 4-fluoroisobutyryl fentanyl, acryl fentanyl, and methoxyacetyl fentanyl into the United States from Canada and China. The superseding indictment alleges that fentanyl analogues the defendant imported into the United States resulted in a non-fatal overdose in April 2016, and fentanyl the defendant imported into the United States resulted in an overdose death in December 2016.
  • Khlari Sirotkin, 36, of Colorado; Kelly Stephens, 32, of Colorado; Sean Deaver, 36, of Nevada; Abby Jones, 37, of Nevada; and Sasha Sirotkin, 32, of California, were charged with drug trafficking and money laundering conspiracy, in a 21-count indictment returned by a grand jury in Cincinnati, Ohio. According to court documents, the defendants are alleged to be members of one of the most prolific online drug trafficking organizations in the United States and allegedly specialized in the manufacturing and distribution of more than one million fentanyl-laced counterfeit pills and laundered approximately $2.8 million over the course of the conspiracy. The pressed fentanyl pills, along with heroin, methamphetamine and cocaine, were shipped to the Southern District of Ohio and throughout the country. DEA, FBI, FDA, HSI and USPIS agents seized 2.5 kilograms of fentanyl; 5,095 pressed xanax; 50 suboxone; 16.5 grams of cocaine; 37 grams of crystal meth; 12 grams of black tar heroin; an industrial pill press; 5,908 pounds of dried marijuana with an estimated street value of $9 million; $80,191 in cash, 10 firearms and one pound of fentanyl.
  • The FBI Washington Field Office’s Hi-Tech Opioid Task Force, in conjunction with the U.S. Attorney’s Office for the Eastern District of Virginia, successfully thwarted a firebomb attack plot involving explosives, firearms, the Darknet, prescription opioid trafficking, cryptocurrency, and sophisticated money laundering. William Anderson Burgamy, 33, of Hanover, Maryland, and Hyrum T. Wilson, 41, of Auburn, Nebraska, pleaded guilty in the Eastern District of Virginia to charges related to a conspiracy to use explosives to firebomb and destroy a competitor pharmacy in Nebraska. Burgamy, who is not a pharmacist, operated as the Darknet vendor NeverPressedRX since at least August 2019. Wilson, who was a licensed pharmacist, illegally mailed to Burgamy over 19,000 dosage units of prescription medications, including opioids, from his pharmacy in Nebraska. Burgamy illegally sold prescription drugs through his Darknet vendor account to customers nationwide, and claimed at one point that he made nearly $1 million total. Burgamy and Wilson agreed that Burgamy and another individual would carry multiple firearms during the attack operation and use explosives, specifically Molotov cocktails enhanced with Styrofoam as a thickening agent, to burn the victim pharmacy down in furtherance of their drug trafficking scheme. Law enforcement agents seized thousands of opioid pills, eight unsecured firearms, including two loaded AR-15 assault rifles with high capacity magazines, and over $19,000 cash. Prior to Burgamy’s arrest in April 2020, which uncovered and thwarted the firebombing plot, Burgamy and Wilson fully intended on the attack occurring after COVID-19 restrictions were lifted.
  • Aaron Brewer, 39, of Corsicana, Texas, was charged with conspiracy to possess with intent to distribute a controlled substance and distribution of a controlled substance in a two-count indictment returned by a grand jury in the Northern District of Texas. According to court documents, the defendant allegedly sold cocaine, heroin, and other drugs via the dark web. He allegedly accepted payment in cryptocurrency, primarily bitcoin, and then shipped the drugs to customers’ addresses through the U.S. mail and other shipping services. Following Brewer’s arrest on July 2, agents with the U.S. Postal Inspection Service and FBI Dallas Field Office seized roughly 650 grams of black tar heroin, cocaine, and OxyContin, two computers, and more than $870 in postage stamps, as well as a ledger outlining 757 drug shipments sent to 609 unique addresses between December 2019 and March 2020.

An indictment and criminal complaint merely alleges that crimes have been committed. The defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Operation DisrupTor was a collaborative initiative across JCODE members, including the Department of Justice; Federal Bureau of Investigation; U.S. Drug Enforcement Administration; U.S. Postal Inspection Service; U.S. Immigration and Customs Enforcement’s Homeland Security Investigations; U.S. Customs and Border Protection; Financial Crimes Enforcement Network; Bureau of Alcohol, Tobacco, and Firearms; Naval Criminal Investigative Service, and Department of Defense. Local, state and other federal agencies also contributed to Operation DisrupTor investigations. 

The investigations leading to Operation DisrupTor were significantly aided by essential support and coordination by the Department of Justice’s multi-agency Special Operations Division, the Criminal Division’s Computer Crime and Intellectual Property Section, Narcotic and Dangerous Drug Section, and Organized Crime and Gang Section, the Justice Department’s Office of International Affairs, the National Cyber Joint Investigative Task Force, Europol and its Dark Web team and international partners Eurojust, Austrian Federal Investigation Bureau, Cyprus Police, German Federal Criminal Police Office, Canada’s Royal Canadian Mounted Police, Portuguese Judicial Police, Dutch Police, Swedish Police, the British National Crime Agency, Australia’s Western Australia Police Force, and Australian Criminal Intelligence Commission.

Federal prosecutions are being conducted in more than 20 Federal districts, including: the Central District of California, the Eastern District of California, the Northern District of California, the Southern District of California, the District of Colorado, the District of Columbia, the District of Connecticut, the Middle District of Florida, the Southern District of Florida, the Northern District of Georgia, the District of Hawaii, the Western District of Missouri, the District of New Jersey, the Western District of North Carolina, the Northern District of Ohio, the Southern District of Ohio, District of Oregon, the Western District of Pennsylvania, the Northern District of Texas, the Eastern District of Virginia, the District of the Virgin Islands and the Western District of Washington.

JCODE is an FBI-led Department of Justice initiative, which works closely with the DEA-led, multi-agency, Special Operations Division to support, coordinate and de-conflict investigations targeting for disruption and dismantlement of the online sale of illegal drugs, especially fentanyl and other opioids. Additionally, JCODE targets the trafficking of weapons and other illicit goods and services on the internet. Operation DisrupTor illustrates the investigative power of federal and international partnerships to combat the borderless nature of online criminal activity.

Blogs to Follow:

DEA.gov (September 2020)  International law enforcement operation targeting opioid traffickers on the Darknet results in over 170 arrests worldwide and the seizure of weapons, drugs and over $6.5 million

Twelve charged in multi-year mortgage fraud scheme


Twelve defendants in Georgia have been charged in a mortgage fraud scheme allegedly spanning more than four years and resulting in the approval of more than 100 mortgages based on fabricated documents and false information. 

Many of the loans are insured by the Federal Housing Administration (FHA) resulting in claims being paid for mortgages that have gone through loan modification.

“These defendants allegedly used their knowledge of the real estate lending process to manipulate the system for their own benefit,” said U.S. Attorney Byung J. “BJay” Pak.  “Mortgage fraudsters threaten the soundness of the real estate market in our community.  We will investigate and charge anyone who takes advantage of our mortgage lending system for their own personal gain.”

“These charges represent the government’s commitment toward combating such alleged criminal activity,” said Chris Hacker, Special Agent in Charge of FBI Atlanta. “We will steadfastly protect American citizens and the real estate market from predators who drag down our economy by deceit to line their own pockets.”

“What we have here is a group of mortgage industry professionals that have allegedly perpetrated a sophisticated mortgage fraud for profit scheme that was designed to enrich themselves at the expense of a federal housing program,” said Wyatt Achord, Special Agent in Charge, Office of the Inspector General, U.S. Department of Housing and Urban Development. “The efforts that brought forward these charges demonstrate that when law enforcement is made aware of such schemes, we will commit the necessary resources to make sure that fraudsters are brought to justice.”  

“As charged, the defendants engaged in a multiyear scheme to defraud Fannie Mae and Freddie Mac.  The Federal Housing Finance Agency Office of Inspector General (FHFA-OIG) will investigate and hold accountable those who seek to victimize these Government Sponsored Entities supervised and regulated by FHFA”, said FHFA-OIG Special Agent in-Charge Edwin Bonano.

According to U.S. Attorney Pak, the indictment, and other information presented in court: The defendants participated in a scheme in which homebuyers and real estate agents submitted fraudulent loan applications to induce mortgage lenders to fund mortgages. 

Listing agents Eric Hill and Robert Kelske represented a major nationwide homebuilder, and helped more than 100 homebuyers who were looking to buy a home, but who were unqualified to obtain a mortgage, commit fraud.  The agents instructed the homebuyers as to what type of assets they needed to claim to have in the bank, and what type of employment and income they needed to submit in their mortgage applications.

Hill and Kelske then coordinated with multiple document fabricators, including defendants Fawziyyah Connor and Stephanie Hogan, who altered the homebuyers’ bank statements to inflate the their assets and to create bank entries reflecting false direct deposits from an employer selected by the real estate agent.  The document fabricators also generated fake earnings statements that matched the direct deposit entries to make it appear that the homebuyer was employed, and earning income, from a fake employer.  Other participants in the scheme then acted as employment verifiers and responded to phone calls or emails from lenders to falsely verify the homebuyers’ employment.  Defendants Jerod Little, Renee Little, Maurice Lawson, Todd Taylor, Paige McDaniel and Donald Fontenot acted as employment verifiers.  Hill and Kelske coordinated the creation and submission of the false information so that the lies to the lenders were consistent. 

In another aspect of the scheme, real estate agents Anthony Richard and Cephus Chapman falsely claimed to represent homebuyers as their selling agents in order to receive commissions from the home sales. 

In reality, these real estate agents had never even met the homebuyers they claimed to represent. 

To avoid detection, the agents often notified closing attorneys that they would not be available for the home closing, and sent wire instructions for the receipt of their commissions.  When these purported selling agents received their unearned commissions, they kicked back the majority of the commissions to Hill or Kelske for enabling them to be added to the deal, keeping a small share for their role in the scheme.

The following defendants have been charged as part of these conspiracies:

•         Eric Hill, 50, of Tyrone, Georgia (charged by Information)

•         Robert Kelske, 52, of Smyrna, Georgia

•         Fawziyyah Connor, 41, of Tyrone, Georgia

•         Stephanie Hogan, 57, of Norcross, Georgia

•         Jerod Little, 42, of McDonough, Georgia

•         Renee Little, 33, of McDonough, Georgia

•         Maurice Lawson, 36, of Powder Springs, Georgia

•         Todd Taylor, 54, of Fairburn, Georgia

•         Paige McDaniel, 49, of Stockbridge, Georgia

•         Donald Fontenot, 52, of Locust Grove, Georgia (charged by Information)

•         Anthony Richard, 44, of Locust Grove, Georgia

•         Cephus Chapman, 49, of Warner Robins, Georgia

Members of the public are reminded that the indictment and informations only contain charges.  The defendants are presumed innocent of the charges and it will be the government’s burden to prove the defendants’ guilt beyond a reasonable doubt at trial.

This case is being investigated by the Federal Bureau of Investigation, Department of Housing and Urban Development Office of Inspector General, and Federal Housing Finance Agency Office of Inspector General.

Assistant U.S. Attorney Alison Prout is prosecuting the case.

Blogs to Follow:

Justice.gov (September 2020)  Twelve charged in multi-year mortgage fraud scheme

Georgia Air Guardsman earns Purple Heart for Heroic Actions in Afghanistan


U.S. Air Force Tech. Sgt. Franklin Wetmore, a radio frequency transmission systems craftsman with the 202d Engineering Installation Squadron, 116th Air Control Wing, Georgia Air National Guard, was awarded the Purple Heart medal on Sep. 13, 2020, during a ceremony at the Museum of Aviation outside Robins Air Force Base.

On Dec. 11, 2019, while Wetmore and his team were awaiting airlift to conduct a quality assurance inspection for the Defense Information Systems Agency, a nearby explosion shook a terminal at Bagram Air Base, Afghanistan, where they were deployed during Operation Freedom’s Sentinel.

Although Wetmore sustained an injury during the explosion, he jumped into action and provided security as the base came under attack. He guided unarmed comrades between bunkers and another terminal, some of whom were civilian contractors and some who were just leaving the shower area. Prior to Army personnel arriving to take charge of security, Wetmore guarded more than 500 personnel who were hunkered down in the terminal. During the course of the attack, he held his position for approximately two hours with shots firing in the distance before medical personnel could be notified and attend to his injuries.

With Christmas around the corner, Wetmore shared how he was thinking about the holidays coming up during the days leading up to the explosion.

“I was thinking about family, food, and looking forward to the helicopter ride to a forward operating base in Afghanistan,” Wetmore said. “I am proud to serve and always wanted to be deployed to the tip of the spear. But this time, the enemy’s spear got me.”

For his actions and ensuing injury, Wetmore earned the Purple Heart, our nation’s oldest military medal. It is a combat decoration awarded to members of the armed forces of the U.S. who are wounded or killed by an instrument of war in the hands of the enemy.

“I’m very honored to receive the medal, and I’m proud, but I wish I was never hurt,” Wetmore said. “I love America, and I go to deployed locations knowing I may never see my family again. America and freedom are that important. I am always ready and will always say ‘yes.’”

Wetmore’s actions downrange reflect his consistent service and dedication. Since November 2012, he has served in numerous capacities in the Georgia Air National Guard — primarily in the 202d EIS — inspecting, installing, and trouble-shooting radio and antenna installations for fixed and mobile radio communications. His work is key to establishing and maintaining communication systems and network connectivity in austere environments for U.S. and friendly forces.

“It’s an incredible honor to serve with Sgt. Wetmore,” said Col. Amy Holbeck, commander of the 116th Air Control Wing. “I’m proud of his selfless service and sacrifice on this specific occasion, but also of his continued commitment to serve this great nation.”

Blogs to Follow:

DVIDShub.net (September 2020)  Georgia Air Guardsman earns Purple Heart for actions in Afghanistan; Photo By Master Sgt. Nancy Goldberger

Technology Proliferation, Influence Ops May Be as Disruptive as COVID-19


The COVID-19 pandemic has been globally disruptive in nearly every facet of life. But other things may prove as disruptive in the future, said leaders of the military intelligence community.

One advancement that may possibly be as disruptive as COVID-19 is the revolution in information technology that’s available to everybody — not just the U.S. and its allies, Navy Vice Adm. Robert Sharp, director of the National Geospatial-Intelligence Agency, said during an online forum today with the Armed Forces Communications and Electronics Association and the Intelligence and National Security Alliance.

“It’s this revolution in remotely-sensed and geo-located data, which is available to everyone,” he said. “It’s available to us, but it’s also available to our competitors. [Also] the revolution in smart machines and artificial intelligence — once again, [it’s a] great opportunity for us, but it’s not only our opportunity. That’s the competition space.”

Another area of concern is something Sharp called “GEOINT assurance.” With the growth of open-source geospatial intelligence coming from multiple sources, it becomes less certain that the information can be trusted, he said.

“How do you have confidence in the ones and zeros that you’re using for making decisions based off of,” he asked.

Army Gen. Paul Nakasone, director of the National Security Agency and commander of U.S. Cyber Command, cited influence operations as the next possible great disruptor. Influence operations, he said, have a very low barrier to entry, enabling just about anybody to engage in them.

“We’ve seen it now in our democratic processes,” Nakasone said. “I think we’re going to see it in our diplomatic processes, we’re going to see it in warfare, and we’re going to see it in sowing civil distrust in different countries.”

Influence operations, he said, are all enabled by the proliferation of inexpensive technology that allows anybody with an agenda to get online.

“The great technology that’s enabling so much of what we’re doing is also that dual-edged sword that malicious cyber actors and others are being able to use to create doubt, or to be able to question authority, or to be able to … to spread messages that are far from true,” he said. “I think influence operations, just in general, will be for us one of the things that we’ll be dealing with not just every two or four years, but this is the competitive space that we’re going to be in as intelligence agencies and as our nation”.

Blogs to Follow:

Defense.gov (September 2020)  Technology Proliferation, Influence Ops May Be as Disruptive as COVID-19

VA Notifies Veterans of Compromised Personal Information


Hackers attempted to reroute medical payments from the VA, exposing information of 46,000 Veterans

The U.S. Department of Veterans Affairs (VA) Office of Management today announced a data breach involving the personal information of approximately 46,000 Veterans and actions taken by the department to prevent and mitigate any potential harm to those individuals. 

The Financial Services Center (FSC) determined one of its online applications was accessed by unauthorized users to divert payments to community health care providers for the­ medical treatment of Veterans.

The FSC took the application offline and reported the breach to VA’s Privacy Office.

A preliminary review indicates these unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols.

To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology. 

To protect these Veterans, the FSC is alerting the affected individuals, including the next-of-kin of those who are deceased, of the potential risk to their personal information.

The department is also offering access to credit monitoring services, at no cost, to those whose social security numbers may have been compromised. 

Veterans whose information was involved are advised to follow the instructions in the letter to protect their data.

There is no action needed from Veterans if they did not receive an alert by mail, as their personal information was not involved in the incident. 

Veterans or Veteran next-of-kin that receive notification their information is potentially at risk from this incident can direct specific questions to the FSC Customer Help Desk to VAFSCVeteransSupport@va.gov or writing to VA FSC Help Desk, Attn: Customer Engagement Center, .P.O. Box 149971, Austin, TX 78714-9971. 

Blogs to Follow:

VA.gov (September 2020)  VA notifies Veterans of compromised personal information