Monday, December 30, 2019

Lithuanian Man Sentenced To 5 Years In Prison For Theft Of Over $120 Million In Fraudulent Business Email Compromise Scheme

Geoffrey S. Berman, the United States Attorney for the Southern District of New York, announced that EVALDAS RIMASAUSKAS, a Lithuanian citizen, was sentenced today to 60 months in prison for participating in a fraudulent business email compromise scheme that induced two U.S.-based Internet companies (the “Victim Companies”) to wire a total of over $120 million to bank accounts he controlled.  RIMASAUSKAS previously pled guilty to one count of wire fraud before U.S. District Judge George B. Daniels, who imposed today’s sentence.

U.S. Attorney Geoffrey S. Berman said:  “Evaldas Rimasauskas devised an audacious scheme to fleece U.S. companies out of more than $120 million, and then funneled those funds to bank accounts around the globe.  Rimasauskas carried out his high-tech theft from halfway across the globe, but he got sentenced to prison right here in Manhattan federal court.”

According to the allegations in the Indictment to which RIMASAUSKAS pled guilty, court filings, and statements made in public court proceedings:

From at least in or around 2013 through in or about 2015, RIMASAUSKAS orchestrated a fraudulent scheme designed to deceive the Victim Companies, including a multinational technology company and a multinational online social media company, into wiring funds to bank accounts controlled by RIMASAUSKAS.  Specifically, RIMASAUSKAS registered and incorporated a company in Latvia (“Company-2”) that bore the same name as an Asian-based computer hardware manufacturer (“Company-1”), and opened, maintained, and controlled various accounts at banks located in Latvia and Cyprus in the name of Company-2.  Thereafter, fraudulent phishing emails were sent to employees and agents of the Victim Companies, which regularly conducted multimillion-dollar transactions with Company-1, directing that money the Victim Companies owed Company-1 for legitimate goods and services be sent to Company-2’s bank accounts in Latvia and Cyprus, which were controlled by RIMASAUSKAS.  These emails purported to be from employees and agents of Company-1, and were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents of Company-1, but in truth and in fact, were neither sent nor authorized by Company-1.  This scheme succeeded in deceiving the Victim Companies into complying with the fraudulent wiring instructions.

After the Victim Companies wired funds intended for Company-1 to Company-2’s bank accounts in Latvia and Cyprus, RIMASAUSKAS caused the stolen funds to be quickly wired into different bank accounts in various locations throughout the world, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.  RIMASAUSKAS also caused forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the Victim Companies, and which bore false corporate stamps embossed with the Victim Companies’ names, to be submitted to banks in support of the large volume of funds that were fraudulently transmitted via wire transfer.

Through these false and deceptive representations over the course of the scheme, RIMASAUSKAS, the defendant, caused the Victim Companies to transfer a total of over $120,000,000 in U.S. currency from the Victim Companies’ bank accounts to Company-2’s bank accounts.

            RIMASAUSKAS was arrested by Lithuanian authorities in March 2017, pursuant to a provisional arrest warrant, and was extradited to the Southern District of New York in August 2017.

*                *                *

In addition to the prison term, Judge Daniels ordered RIMASAUSKAS to serve two years of supervised release, to forfeit $49,738,559.41, and to pay restitution in the amount of $26,479,079.24.

Mr. Berman praised the outstanding investigative work of the Federal Bureau of Investigation, and thanked the Prosecutor General’s Office of the Republic of Lithuania, the Lithuanian Criminal Police Bureau, the Vilnius District Prosecutor’s Office and the Economic Crime Investigation Board of Vilnius County Police Headquarters, the Prosecutor General’s Office of the Republic of Latvia, and the International Assistance Group at the Department of Justice, Canada, for their assistance in the investigation, arrests, and extradition, as well the Department of Justice’s Office of International Affairs.

The case is being prosecuted by the Office’s Complex Frauds and Cybercrime Unit.  Assistant U.S. Attorneys Eun Young Choi and Olga Zverovich are in charge of the prosecution.

Friday, December 27, 2019

Miami Man Sentenced to More Than 5 Years in Prison for Role as Money Mule and Mule Recruiter in International Cybercrime Money Laundering Network

Yamel Guevara Tamayo, 36, of Miami, was sentenced Friday, December 20, 2019 to 63 months in prison for his role in serving as a money mule, and recruiter of more than 15 additional money mules, in an international money laundering operation for business email compromise (BEC) and other cyber-schemes.

Ariana Fajardo Orshan, United States Attorney for the Southern District of Florida, George L. Piro, Special Agent in Charge, Federal Bureau of Investigation (FBI), Miami Field Office, and Brian Swain, Special Agent in Charge, U.S. Secret Service (USSS), Miami Field Office, made the announcement.

Tamayo previously pled guilty before U.S. District Judge Ursula Ungaro to conspiracy to commit money laundering.  In addition to the prison sentence, U.S. District Judge Ursula Ungaro ordered Tamayo to serve three years of supervised release and pay $700,474.97 in restitution.

According to the court record, from November 2016 through June 2019, Tamayo, together with co-conspirators Roda Taher a/k/a “Rezi,” and others participated in a scheme to help steal more than $1.5 million dollars from individual and corporate victims, which proceeds were later laundered. The scheme involved recruiting “money mules,” including Tamayo, who allowed their respective names and personal identifying information to be used by co-conspirators to incorporate a sham business through the Florida Department of State, Division of Corporations, under such mule’s name.  As part of the scheme, a mule would then open bank accounts at multiple banks in the name of his or her shell company.  Several mules, including Tamayo, later recruited and managed new money mules.  To date, more than 200 money mules and money mule recruiters have been identified as part of this international money laundering network.

A related cyberattack aspect of the scheme involved the creation, by co-conspirators, of email addresses that mimicked, but differed slightly from, legitimate email addresses of supervisory employees at various companies. The conspirators used these deceptive email addresses to send emails that appeared to be requests for payment of legitimate invoices or debts owed by the victims. The victims were deceived into transferring funds by wire into the bank accounts opened by the money mules and controlled by Tamayo and the co-conspirators.  After the victims complied with the fraudulent wiring instructions, Tamayo, under the direction of other conspirators, quickly debited thousands of dollars from the accounts through in-person withdrawals, ATM withdrawals, and debit card purchases. Tamayo and co-conspirators also rapidly transferred victims’ funds to foreign bank accounts that co-conspirators controlled as soon as the funds came in.  Tamayo and other co-conspirators kept a fraction of the proceeds as payment after doing so.

Tamayo’s role expanded over time.  He ultimately recruited more than fifteen individuals to participate as mules in the money laundering scheme, serving as their manager and directing them to open new accounts.  His involvement in the scheme lasted until in or around June 2019.  In total, Tamayo and his mules intended to launder more than $1.4 million dollars, and succeeded in laundering more than $700,000 before banks were able to freeze and claw back some of the funds due to suspected fraud.

U.S. Attorney Fajardo Orshan commended the investigative efforts of the FBI and USSS in this matter.  This case is being prosecuted by Assistant U.S. Attorney Lisa H. Miller.

In related cases in this District, more than thirty members of the money laundering network have been prosecuted and convicted.  See United States v. Roda Taher, et al., 17-cr-60223-UU; United States v. Luis Pujols, et al., 17-cr-20702-JEM; United States v. Cynthia Rodriguez, et al., 17-cr-20748-JEM; United States v. Eliot Pereira, et al., 18-cr-20170-MGC; and United States v. Gustavo Gomez, et al., 18-CR-20415-UU; and United States v. Alfredo Veloso, et al., 18-20759-CR-KMW.  Assistant U.S. Attorneys Dwayne E. Williams and Lisa H. Miller prosecuted those cases.

The Justice Department’s efforts to confront the growing threat of cyber-enabled financial fraud led to the formation of the BEC Counteraction Group (BCG), which assists U.S. Attorney’s Offices and the Department with the coordination of BEC cases and the centralization of related expertise.  The BCG facilitates communication and coordination between federal prosecutors, serves as a bridge between federal prosecutors and federal agents, centralizes and manages institutional knowledge and training, and participates in efforts to educate the public about protecting themselves and their organizations from BEC scams.

The BCG draws upon the expertise of the following sections within the Department’s Criminal Division: the Computer Crime and Intellectual Property Section, which regularly investigates and prosecutes cases involving computer crimes, including network intrusions; the Fraud Section, which manages complex litigation involving sophisticated fraud schemes; the Money Laundering and Asset Recovery Section, which brings experience in seizing assets obtained through criminal activity; the Office of International Affairs, which plays a central role in securing international evidence and extradition; and the Organized Crime and Gang Section, which contributes strategic guidance in prosecuting complex transnational criminal cases.

This case was part of the Department of Justice’s Operation reWired, which followed “Operation Wire Wire,” the first coordinated enforcement action targeting hundreds of BEC scammers.  That effort, announced in June 2018, resulted in the arrest of 74 individuals, the seizure of nearly $2.4 million, and the disruption and recovery of approximately $14 million in fraudulent wire transfers.

Victims are encouraged to file a complaint online with the IC3 at The IC3 staff reviews complaints, looking for patterns or other indicators of significant criminal activity, and refers investigative packages of complaints to the appropriate law enforcement authorities in a particular city or region. The FBI provides a variety of resources relating to BEC through the IC3, which can be reached at For more information on BEC scams, visit:

Related court documents and information may be found on the website of the District Court for the Southern District of Florida at or on

Wednesday, December 25, 2019

Three Members of GozNym Cybercrime Network Sentenced in Parallel Multi-National Prosecutions in Pittsburgh and Tbilisi, Georgia

PITTSBURGH - A resident of Varna, Bulgaria, was sentenced on December 16, 2019, in federal court in Pittsburgh to a period of time served after having served more than 39 months in prison following his conviction on charges of criminal conspiracy, computer fraud, and bank fraud for his role as a member of the GozNym malware cybercrime network, United States Attorney Scott W. Brady announced today.

United States District Judge Nora Barry Fischer imposed the sentence on Krasimir Nikolov, 47, of Bulgaria. Nikolov will be transferred into U.S. Immigration and Customs Enforcement custody and removed from the United States to Bulgaria.

At the request of the United States, Nikolov was arrested in September 2016 by Bulgarian authorities and extradited to Pittsburgh in December 2016 to face prosecution in the Western District of Pennsylvania. According to information presented to the court, Nikolov’s primary role in the conspiracy was that of a "casher" or "account takeover specialist." In that capacity, Nikolov used victims’ stolen online banking credentials captured by GozNym malware to access victims’ online bank accounts and attempt to steal victims’ money through electronic transfers into bank accounts controlled by fellow conspirators.

Nikolov conspired with fellow GozNym members charged in a related Indictment announced in May 2019 in The Hague, Netherlands by U.S. Attorney Brady and international partners from Georgia, Ukraine, Moldova, Bulgaria, Germany, Europol, and Eurojust. The Indictment, returned by a federal grand jury in Pittsburgh, charged 10 additional members of the GozNym criminal network with conspiracy to commit computer fraud, conspiracy to commit wire fraud and bank fraud, and conspiracy to commit money laundering.

According to that Indictment, Alexander Konovolov, aka "NoNe," aka "none_1," of Tbilisi, Georgia, was the primary organizer and leader of the GozNym network who controlled more than 41,000 victim computers infected with GozNym malware. Konovolov assembled the team of elite cybercriminals charged in the Indictment, in part by recruiting them through underground online criminal forums. Marat Kazandjian, aka "phant0m," of Kazakhstan and Tbilisi, Georgia, was Konovolov’s primary assistant and technical administrator. Konovolov and Kazandjian were arrested and prosecuted in Georgia for their respective roles in the GozNym criminal network

In a related announcement today, the Office of the Prosecutor General of Georgia and the Ministry of Internal Affairs of Georgia announced the convictions and imposition of sentences against Konovolov and Kazandjian following a lengthy trial held in Tbilisi, Georgia. In an unprecedented level of cooperation, the Georgian trial included witness testimony from an FBI agent and a computer scientist from the FBI’s Pittsburgh Field Office, as well as evidence obtained by the

FBI and U.S. Attorney’s Office through their parallel investigation. The Georgian prosecution was based on violations of Georgian criminal laws perpetrated by Konovolov and Kazandjian against GozNym victims in the United States, including victims in the Western District of Pennsylvania.

"In announcing the prosecution of the GozNym international cybercrime syndicate with our law enforcement partners at Europol in May, I stated that borderless cybercrime necessitates a borderless response," said U. S. Attorney Brady. "This new paradigm involves unprecedented levels of cooperation with willing and trusted law enforcement partners around the world who share our goals of searching, arresting and prosecuting cyber criminals no matter where they might be. I want to congratulate and personally thank the Office of the Prosecutor General of Georgia and the Ministry of Internal Affairs of Georgia for their dedication and hard work in securing these important convictions, and for their willingness to seek justice on behalf of GozNym victims in the United States and around the world."

"The FBI will not allow cyber criminals from any country to operate with impunity," said FBI Pittsburgh Special Agent in Charge Robert Jones. "For years, these cyber criminals believed they could steal millions from innocent victims. Through international cooperation with multiple agencies, we were able to target, takedown and bring to justice members of this criminal enterprise. We will continue to relentlessly pursue these cyber criminals who think they can conduct illicit activity from behind the perceived anonymity of a computer."

Assistant U.S. Attorney Charles A. Eberle prosecuted this case on behalf of the U.S. government.

In addition to extending his gratitude and appreciation to the Office of the Prosecutor General of Georgia and the Ministry of Internal Affairs of Georgia for their investigation and successful prosecution of Konovolov and Kazandjian, United States Attorney Brady commended the FBI for the investigation leading to the successful prosecutions of Nikolov, Konovolov and Kazandjian.

The Criminal Division’s Office of International Affairs provided significant assistance with the extradition of Nikolov from Bulgaria as well as with the bi-lateral sharing of evidence with Georgia. Bulgaria’s General Directorate for Combatting Organized Crime assisted in the arrest of Nikolov.