On July 13, 2024, Thomas Matthew Crooks bought 50 rounds of ammunition on his way to Butler, Pennsylvania, drove to former President Donald Trump’s campaign rally at the Butler Farm Show grounds, and climbed onto the roof of the American Glass Research (AGR) building less than 200 yards away from where the former President was speaking, where at 6:11 pm, he fired eight rounds from an AR-15 semiautomatic rifle, killing one person and injuring three others including the former president. That day, he was able to fly a drone 200 yards from the site, use a rangefinder capable of gauging the distance to the former president less than an hour before he began speaking, and bring two explosive devices within proximity of the site of the rally. The United States Secret Service’s (USSS’) planning, communications, intelligence sharing, and related security failures in advance of and during July 13 directly contributed to Crooks’ ability to carry out the assassination attempt and kill and injure people in Butler, PA that day.

On July 30, 2024, Ronald L. Rowe, Jr., the Acting Director of the USSS, testified in a joint hearing before the Senate Homeland Security and Governmental Affairs Committee (HSGAC) and Judiciary Committee that the attempted assassination “was a failure on multiple levels.” Acting Director Rowe testified before the Committees that he has since initiated several reforms to address clear deficiencies in how USSS provides security for its protectees. During the July 30 hearing, Acting Director Rowe acknowledged USSS responsibility for protecting former President Trump. In a series of transcribed interviews conducted by HSGAC and the Permanent Subcommittee on Investigations, key USSS personnel responsible for planning, coordinating, communicating, and securing the Butler, PA rally on July 13, declined to acknowledge individual areas of responsibility for planning or security as having contributed to the failure to prevent the shooting that day, even when as an agency, the USSS has acknowledged ultimate responsibility for the failure to prevent the former president of the United States from being shot.

…

KEY FAILURES

1. USSS failed to clearly define responsibilities for planning and security at the July 13 rally.

USSS personnel responsible for planning in advance of the July 13 rally denied that they were individually responsible for planning or security failures and deflected blame.

USSS Advance Agents told the Committee that planning and security decisions were made jointly, with no specific individual responsible for approval.

2. USSS failed to ensure the AGR Building was effectively covered.

USSS identified the AGR building as a concern due to the line-of-sight from the roof to the stage, but did not take steps to ensure sufficient security measures were in place.

USSS knew that local snipers planned to set up inside the AGR building and USSS did not express objections or concerns about that placement.

USSS personnel, including the USSS Counter Sniper Team Leader, did not enter the AGR building or go on the roof prior to the shooting.

One USSS Counter Sniper team, whose responsibility included scanning the area around the AGR building for threats, had an obstructed view of the AGR roof.

3. USSS failed to effectively coordinate with state and local law enforcement.

USSS did not give state or local partners specific instructions for covering the AGR building, including the positioning of local snipers.

USSS did not adequately consider state and local law enforcement operational plans.

Communications at the July 13 rally were siloed and USSS did not ensure it could share information with local law enforcement partners in real time.

4. USSS failed to provide resources for the July 13 rally that could have enhanced security.

USSS denied specific requests for additional Counter Unmanned Aircraft Systems (C-UAS) capabilities and a Counter Assault Team liaison.

A USSS Counter Surveillance Unit – which could have helped patrol the outer perimeter that included the AGR building – was not requested by USSS Advance Agents.

5. USSS failed to communicate information about the suspicious person to key personnel, and failed to take action to ensure the safety of former President Trump.

At approximately 5:45 pm, USSS personnel were notified that local law enforcement observed a suspicious person with a rangefinder near the AGR building. By 5:52pm, at least eight USSS personnel had been informed.

Approximately two minutes before shots were fired, the USSS Security Room, located on the rally grounds, was told that there was an individual on the roof of the AGR building.

Shortly before shots were fired, a USSS Counter Sniper observed local officers running towards the AGR building with guns drawn.

…

…

…

…

The post U.S. Senate Homeland Security Committee Interim Report on July 13th, 2024 Trump Assassination Attempt first appeared on Public Intelligence.

The Joint Chiefs of Global Tax Enforcement (J5) would like to bring attention to crypto assets risk indicators that may be indicative of money laundering, cybercrime, tax evasion, and other illicit activities.

The J5, a collaborative partnership among tax authorities and law enforcement from five countries, has identified several risk indicators that financial institutions should be aware of. Risk indicators play a pivotal role in enhancing the ability of financial institutions to detect and report money laundering and illicit activities involving crypto assets. To counteract these risks, timely identification allows institutions to intervene and to report to the relevant authorities contributing to the overall integrity of the financial system and ensure compliance with anti-money laundering (AML) regulations.

Detecting signs of money laundering and tax evasion requires the gathering, analysis and reporting of financial data. By disseminating the risk indicators to the financial institutions, valuable insights from law enforcement can be relayed to the financial sector and reporting agencies. This exchange enhances the abilities of reporting entities to detect and report suspicious activity necessary to disrupt illicit financial flows. While risk indicators may vary and not all are covered, the details in this advisory note are commonly observed.

Identifying Crypto Asset Layering

The following risk indicators involve transactions that are designed to conceal the illicit origin of funds, posing a major risk to the financial sector. Financial institutions should prioritize the detection of layering involving crypto assets, the phase in money laundering where transactions are intentionally made intricate to conceal illicit origin of funds, throughout their relationship with their customers. For example, unusually high volumes with rapid movement of funds between digital wallets, especially across multiple jurisdictions can signal potential layering.

To counteract these risks, financial institutions are advised to reference the following risk indicators and behaviors on evolving money laundering techniques.
– Rapid movement of funds between accounts held at crypto exchanges without apparent business rationale.
– The customer is sending or receiving in volumes inconsistent and larger than expected from private wallet addresses.
– Conversion across different crypto assets exploiting the wide range of digital assets to complicate the tracing of funds.
– The customer is sending/receiving in high volumes from peer-to-peer (P2P) platforms which enables a direct transfer between parties but bypasses traditional financial institutions.
– The customer is sending/receiving from crypto mixers.
– The customer is sending/receiving from gambling platforms.
– A disproportionate amount of the customer’s account activity involves the buying and selling of privacy coins or maintains a large portfolio of privacy coins. These crypto assets are designed for enhanced privacy and are commonly employed to conceal transaction details and the identities of the parties involved.
– The customer is sending/receiving cryptocurrency from darknet marketplaces, fraud shops, or high-risk exchanges.
– High volume and frequency of transfers between different types of crypto assets.
– The customer is transacting in round dollar and/or structured amounts to avoid bank reporting requirements.
– The customer’s cryptocurrency transactions flow through several intermediate addresses in a very short period of time prior to being added to a client’s wallet, or just after being withdrawn.
– The customer transfers Bitcoin in large volumes in exchange for privacy coins.

Geographical Risk Indicators

FIUs need to exercise vigilance when dealing with cryptocurrency transactions tied to jurisdictions known for weak regulatory frameworks, inadequate AML controls, or heightened levels of corruption. The following geographical risk indicators may indicate that there is sending and receiving exposure between high-risk exchanges that lack in customer identity verification measures, transactional due diligence, and legal/regulatory compliance measures, or may be in offshore jurisdictions with a history of tax havens and banking secrecy, or foreign countries known for public corruption.
– Transactions involving exchanges operating out of high-risk jurisdictions identified as non-cooperative for AML purposes.
– Changing IP addresses, which also change telephone providers. This could indicate identity concealment through technology.
– Customer accounts being accessed with IP addresses from high risk-jurisdictions. The shared use of an account or access login from devices tracked to IP addresses in high-risk jurisdictions may indicate that the account is part of a larger network of accounts.
– Crypto addresses that match addresses on recognized watch lists such as the list of the Office of Foreign Assets – Control (OFAC) or law enforcement information.

High Risk Counterparties

Customer counterparties and transaction beneficiaries and senders can serve as significant risk indicators for potential money laundering and illicit activities in the realm of crypto assets. Unusual counterparties, particularly if they involve high-risk entities with obscure ownership structures may warrant closer scrutiny. Moreover, transactions where the beneficiary and sender information is obscured or has multiple layers of intermediaries may be indicative of attempts to conceal the true source or destination of funds. Financial institutions and crypto exchanges should closely monitor their customer’s transactions and parties they engage with in the cryptocurrency space.
– The client’s crypto assets originated from an over-the-counter trade broker that advertises its services as privacy-oriented/anonymous.
– Direct sending and receiving from high-risk crypto exchanges which operate in jurisdictions with inadequate AML and regulatory framework.
– Funds or crypto currencies that are added or withdrawn from crypto addresses or wallet with direct and indirect exposure links to known suspicious sources, including darknet marketplaces, mixing/tumbling services, questionable gambling sites, illegal activities (for example, ransomware) and/or theft reports.
– Interaction with financial institutions or individuals subject to sanctions or based in sanctioned states.

New Client Onboarding Risk Indicators

Robust know your customer (KYC) practices enable crypto asset exchanges to identify potential risks associated with crypto asset transactions and ensure compliance with regulatory measures to strengthen the integrity of the financial system. By collecting and maintaining a comprehensive customer profile, financial institutions and crypto exchanges can verify source of crypto assets and transaction history to better establish a baseline understanding of their clients’ crypto exposure and activities.
– Customer attempts to provide as little identity information as possible, including incomplete or insufficient identification information.
– Company beneficial ownership is difficult to establish.
– Customer is difficult to contact, responds only via email or web chat, and at unusual hours.
– The level or volume of transactional activity is inconsistent with the client’s apparent financial profile, their usual pattern of activities, occupational information, or declared business information.
– Clients who register with the exchange within a short period using a shared address, mobile device, phone number, IP addresses and other common identity indicators.
– The customer’s use of an anonymity-oriented email provider.
– A customer’s crypto address appears on public forums related to illegal activities.
– Carrying out transactions with crypto addresses that are connected to public investigations.
– The customer has access to multiple accounts used to purchase crypto. The account set-up access can also be done as an authorized representative or if the customer carries out the transactions himself.
– The client provides an anonymous email address obtained through an encrypted email service.
– Multiple changes to an account’s contact information that could indicate a customer account takeover.
– Account set up where the client has access to multiple bank accounts and/or other people’s accounts may indicate money mule activity.
– The customer’s email address used in the transaction is linked to advertisements for the sale of crypto assets on P2P exchange platforms. These advertisements may suggest that the client is buying and selling crypto assets on a commercial scale through a business as a non-registered money services business.
– An account number in a country other than the customer’s nationality/residential address. This could indicate that the customer is hiding who the true owner of the account is.
– The client is unwilling or unable to provide supporting information about the source of crypto assets or the reasoning behind holding privacy coins.

Ransomware and Cybercriminal Risk Indicators

Crypto exchanges have an important role to detect and report financial flows related to ransomware and stop ransomware payments, because they are a key point where criminals interact with the legitimate financial system. Cybercriminals use many methods to try and conceal the origin and destination of ransomware payments before the digital currency arrives at the final wallet or bank account under their control. Cybercriminals will use sophisticated methods to try and obscure their flow of funds. These risk indicators are to assist financial institutions in identifying potential bad actors or accounts associated with organizations that perpetrate ransomware and cybercrime.
– The customer’s unusual high usage of privacy coins. Privacy coins are digital currencies that provide enhanced anonymity by obscuring the amount, destination, and origin of transactions.
– The customer’s transactions exhibit chain-hopping. This is where one digital currency is exchanged for another. The digital currency is moved from one blockchain to another, hence the term ‘chain-hopping’.
– The account and customer transact with a mixer. Cybercriminals direct ransomware payments through intermediary digital currency addresses, exchanges, and mixers. Mixers increase anonymity by mixing the customer’s digital currency with the transactions of others before being redirected back to the customer.
– Use of mule accounts. A mule account is created using a stolen or fake identity or, a legitimate account held by another party who is complicit in its use.
– Following an initial large digital currency transfer, a customer has little or no further digital currency activity.
– Customer’s digital currency account is linked to or funded by multiple bank accounts at several different institutions.
– A newly on-boarded customer wants to make an immediate and large purchase of digital currency, followed by an immediate withdrawal to an external digital currency address.

The post Joint Chiefs of Global Tax Enforcement Crypto Assets Risk Indicators for Financial Institutions first appeared on Public Intelligence.

The post 2024 Bilderberg Meeting Participant List first appeared on Public Intelligence.

The Committee and Select Subcommittee have obtained documents showing that federal law enforcement’s investigation, predicated on the events that transpired at the U.S. Capitol on January 6, 2021, devolved into a fishing expedition for Americans’ financial data. Federal law enforcement agencies, including FinCEN and the FBI, treated lawful transactions as suspicious and shared information with financial institutions through backdoor channels, often circulating materials exhibiting a clear animus towards conservative viewpoints. In addition, FinCEN and the FBI relied on Zoom discussions, private and online government-run portals, as well as sweeping searches of financial institutions’ records to conduct its investigation. Given the important civil liberties at stake, federal law enforcement’s overreach and political bias is alarming.

A. Federal law enforcement used informal meetings and backchannel discussions with financial institutions to devise the best methods for gathering Americans’ private financial information.

Federal law enforcement officials organized Zoom discussions with financial institutions as part of their investigation into the events of January 6, 2021.78 Participants in these meetings included Barclays, U.S. Bank, Charles Schwab, HSBC, BoA, Paypal, KeyBank, Standard Chartered, Western Union, Wells Fargo, Citibank, Santander, JPMorgan Chase, Union Bank, and MUFG. In one meeting, an FBI official from the Washington Field Office reached out to a number of financial institutions to arrange a meeting with the goal of “identifying the best approach to information sharing, both strategic and operational,” in the wake of the events of January 6. At least five other Zoom meetings were scheduled by FinCEN officials and financial institutions and included the subject “Capitol Riots.” Viewed together, these meetings suggest that federal law enforcement officials were brainstorming informal methods—outside of normal legal processes—for obtaining private customer information from financial institutions.

B. Federal law enforcement circulated politicized materials that evidenced hostility towards conservative viewpoints and weaponized financial institutions’ databases by treating lawful transactions as suspicious.

Federal law enforcement circulated materials to financial instih1tions as part of an information sharing operation that alerted financial institutions to the risk of customers and accounts that may be associated with conservative views. In particular, federal law enforcement attempted to cast swaths of lawful and otherwise hai1nless transactions as potentially suspicious. Given that these materials were distributed to some of the largest financial institutions and companies in the world, their reach could potentially impact the transactions and accounts of hundreds of millions of customers without the customers ever knowing it.

…

The post U.S. House Financial Surveillance Report: How Federal Law Enforcement Commandeered Financial Institutions to Spy on Americans first appeared on Public Intelligence.

(U) Since its inception in 1979, the Islamic Republic of Iran has repeatedly disrupted the stability of the Middle East and fostered terrorist threats throughout the world. Iran exploited the power vacuum which followed the Iraq War in 2003 and Arab Spring in 2011 to significantly extend its regional influence, primarily through the establishment of proxy groups and new relationships with existing regional terrorist groups. International sanctions against Iran, levied in response to Iran’s support for terrorism and nuclear activities, constrained Iran’s actions, but did not end them, nor did they stop Iran from enhancing its conventional military enterprise.

(U) In response to its lack of state allies and the conventional military capabilities of its neighbors, the United States, and other Western powers, Iran adopted a military paradigm in which it would rely on asymmetric responses, often using unconventional tools, to include terrorism. Iran often employs a paramilitary element of its Revolutionary Guards known as the Quds Force to lead or conduct many of these operations.

(U) This power expansion offers new options for Iran to attack potential adversaries as well as the ability to add strategic depth to its regional defense architecture. Despite renewed international and regional pressure, Tehran shows no sign of ceasing this behavior.

(U) U.S. diplomatic and military personnel will be best able to respond to Iranian threats by understanding the tools at its disposal. The following reference guide provides an excellent overview of the equipment, personnel, and practices which play important roles in Iran’s external power projection. Developing an understanding of these capabilities will enable readers to predict Iranian behavior and understand the weaknesses inherent in its operations.

…

1.3 – (U) Executive Summary

(U) Iran’s objectives are to maintain the recently established land bridge that runs between Iran through Iraq and Syria into Lebanon, limit the influence of Sunni states and Israel, and expel US and Western influence from the region.
(U) Iran’s strategic geographic location enables it to threaten vital US interests in the Strait of Hormuz and the greater Gulf region and influence the Bab al-Mandab and Eastern Mediterranean.
(U) Iran is the world’s largest state sponsor of terrorism and is actively destabilizing the Middle East through its proxy operations.
(U) Iran’s military doctrine focuses on Hybrid Warfare operations and asymmetric response options aimed at reducing the will of the United States and its partners to fight in the region.
(U) Iran’s large military enterprise is split into two separate forces: the Iranian Army and the Iranian Revolutionary Guard Corps (IRGC). Iran maintains the largest ballistic missile program in the region.
(U) Iran’s Islamic Revolutionary Guard’s Qods Corps (IRGC), influences or directs the operations of a network of proxy groups and terrorist organizations referred to hereinafter as the Iranian Threat Network (ITN).
(U) Iran’s distributed network of proxies have reduced Iran’s official footprint while allowing Iran considerable influence in Iraq, Syria, Lebanon, Yemen and western Afghanistan.
(U) Iran has a relatively advanced and capable drone program.
(U) Iran has begun to export advanced missile technology to the Houthis and Lebanese Hezbollah.
(U) Iran has developed signature TTPs that are being used by both its forces and Iranian proxies in Syria, Iraq, and Yemen.
(U) Iran is developing a growing cyber warfare capability and maintains a sophisticated information operations capability.
(U) IRGC Qods Force and Lebanese Hezbollah operatives conduct the majority of their activity in the CENTCOM AOR, but maintain at least a support capacity in every COCOM AOR and have the capacity to deploy personnel, if needed.

…

(U) Iran’s military Doctrine focuses heavily on Asymmetric Warfare and is a hybrid of Western military concepts coupled with Shiite revolutionary ideology. The Western influence is a doctrinal remnant of Iran’s pre-revolution relationship with the U.S. military. In the early 1970s, Iran was aligned against the Soviet Union and the largest purchaser of US military equipment, and received commensurate training and assistance from the United States – the Iranian military still uses a great deal of dated US equipment. Western observers should not make the mistake of dismissing the importance of the Islamic revolution in the doctrine of Iran – the role of Islam in the military is enshrined in the Iranian constitution, and officers are groomed and selected for promotion not only on tactical aptitude but on religious credentials.

…

(U) Iranian Hybrid Warfare

(U) Since 2003, and in large part due to operations in Afghanistan and Iraq, U.S. personnel have been increasingly familiar with the concept of asymmetric warfare as the U.S. faced adversaries unable to confront the U.S. conventionally. In its simplest form, asymmetric warfare is may be described as a competition between adversaries who adjust tactics, techniques and procedures to exploit their respective strengths and opponents’ vulnerabilities. Asymmetric Warfare, as Iran practices it, is a holistic strategy designed to overcome Iran’s inability to match U.S. conventional power and resources by using tactics which exploit perceived Western vulnerabilities. The tools employed in this strategy are described as Hybrid Warfare.

(U) Hybrid war is the combination of activities through attributable but deniable operations, proxies and technologies designed to destabilize a target and achieve objectives short of war; importantly, its techniques can leverage conventional and attributable capabilities in threatening ways that reinforce the attributable but deniable efforts. A fait accompli campaign is intended to achieve military and political objectives rapidly, creating irreversible facts on the ground – before an adversary can respond. In addition to the associated psychological defeat, a successful hybrid warfare campaign can be used to reduce, if not deny, adversary response options. Finally, the costs of hybrid warfare are far less than a conventional conflict, an important advantage for resource-constrained Iran.

…

(U) ITN Proxy Group Development

(U) Iran follows a consistent model in its development of proxy groups and partners. Iran has had its greatest success in areas which enjoy four characteristics: a collapse of the state structure, Shi’a threatened by Sunni extremists, a logistics pipeline through which Tehran may maintain operations, and the absence of significant external powers which will block Iran’s actions.

(U) Iran has also been known to exploit grievances among Shia populations, particularly during situations of real or perceived threats to these populations that play into Iran’s “resistance” narrative. Once an opportunity is identified, Iran will offer training and indoctrination to militant candidates in Iran, and then channel money, arms and/or other forms of support in order to build dependency. As the targeted group demonstrates a capability to conducted more advanced operations and its leadership is trusted by Tehran, Iran is able to gradually begin shaping their operations towards Iranian objectives. As a pragmatic facilitator, Iran is likely to go through this cycle numerous times with various groups, but probably works to maintain at least low-level relations with as many ideologically aligned groups as possible in order to maintain flexibility for future contingencies where a group could suddenly become more important in the scope of Iranian strategy. As Iran’s priorities shifts or global events develop, they may increase or decrease funding and support while still working to maintain their influence.

(U) The Iranian Threat Network is comprised of six distinct elements. The IRGC Qods Force exercises control over proxy operations, reporting only to the Supreme Leader. The Qods Force also controls the remaining five elements, which form the taxonomy of the ITN.
(U) Iran Proxy groups over which Iran exerts preponderant influence, e.g., Lebanese Hezbollah and Kata’ib Hezbollah
(U) Independent proxies, or semi-controlled partners, which have an independent decision-making process but are influenced by Iran, e.g., the Houthis and Taliban
(U) Sunni armed groups that are cobelligerent with Iran, e.g., Hamas
(U) Shia armed opposition movements that oppose Sunni or secular governments and are supported but not fully controlled by Iran, e.g., Bahraini Shia
(U) Shia communities worldwide, which are often supported by Iran in the cultural and religious fields and are viewed by Tehran as potential bases of support for its policies

…

The post Asymmetric Warfare Group Iran Quick Reference Guide first appeared on Public Intelligence.

(U) THREAT OVERVIEW

(U//FOUO) Sovereign citizens are US citizens who claim to have special knowledge or heritage that renders them immune from government authority and laws. Although the ideology itself is not illegal, sovereign citizen violent extremists express their anti-government or anti-authority violent extremist beliefs through the use or threat of force or violence, while sovereign citizen criminals use these beliefs to justify non-violent activities, such as fraud and theft. Sovereign citizen violent extremists or sovereign citizen criminals may attempt to frame legal encounters with government officials as negotiable commercial transactions, or claim legal immunity based on “common law rights of man.”

(U) TARGETS and TACTICS

(U//FOUO) Targets: Primary targets of sovereign citizen violent extremists are law enforcement officers, with violence most likely to occur sporadically within the context of law enforcement encounters, including traffic stops.

(U//FOUO) Tactics: Sovereign citizen violent extremist tactics range from threats of violence, including threats to ‘arrest’ officials; physical assaults; and, most significantly, lethal attacks with firearms. Significant sovereign citizen criminal tactics include the fraudulent filings of liens and frivolous lawsuits; financial fraud, including tax and mortgage fraud; and real estate or property theft, including squatting.

(U) INDICATORS

(U//FOUO) Indicators of sovereign citizen violent extremist ideology can include constitutionally protected conduct, and no single indicator should be used as the sole basis for a determination of sovereign citizen violent extremism or criminal activity. The following indicators of sovereign citizen violent extremist ideology might constitute a basis for reporting or law enforcement action when observed in combination with suspicious criminal or potentially violent activity:

(U) Using fraudulent license plates, credentials, driver’s licenses, identification cards, or badges from fictitious republics or indigenous groups
(U) Making claims of sovereignty, often incorporating terms like “freeman,” “traveler,” “natural person,” “flesh and blood,” “artificial person,” “strawman,” or “right to road travel”
(U) Using signatures that are distinguished by odd colons, dashes, brackets, or the copyright symbol ©, or are followed by “under duress,” “without prejudice,” “without recourse,” “Threat, Duress, or Coercion” (TDC), “All Rights Reserved” (ARR), or a red thumb print
(U) Threatening to “arrest” officials or use “common law courts”; making demands for oath of office or “bond”; and making claims of “kidnapping” by officials
(U) Filing fraudulent liens or illegal lawsuits, frequently involving the fraudulent use of government seals or forms, sometimes accompanied by a notary signature

(U) NOTABLE ATTACKS or CRIMINAL ACTS

(U//FOUO) In April 2023, a sovereign citizen violent extremist was convicted on state charges for extortion. The sovereign citizen violent extremist had threatened to place a lien on the residence of a local police officer if his previously impounded vehicle was not returned to him, and he separately made online statements expressing willingness to file liens on individuals if they attempted to foreclose on his home.

(U) In March 2023, a sovereign citizen violent extremist pleaded guilty to five counts of transmitting threats to kidnap government officials and law enforcement. The sovereign citizen violent extremist posted purported “Writs of Execution,” providing instruction on and advocating service of Writs, arrest of public officials, and the need to abolish the government. In August 2023, he was sentenced to 120 months in prison and a 3-year supervised release.

(U//FOUO) In February 2018, a sovereign citizen violent extremist in Locust Grove, Georgia, shot three law enforcement officers while they were attempting to serve an arrest warrant at the extremist’s residence for failure to appear. After killing one police officer and wounding two sheriff’s deputies, the extremist was shot and killed by law enforcement.

(U) KEY TERMS

Accepted for Value (A4V)

Some sovereign citizens annotate bills, traffic tickets, or other official documents with the phrase “Accepted for Value” or “A4V,” meaning the recipient interprets the document as an offer to engage in commerce with a free person who retains his or her rights.

Adhesion Contracts

Official identifications, licenses, or certificates believed to bind individuals unwittingly to the government, in a state of virtual slavery. Individuals might refuse to carry official identity documents and, when asked to present identification, might claim to have none or present documents of their own design, such as badges, credentials, passports, or right-to-travel cards.

Affidavit of Truth

Popular example of a fraudulent sovereign citizen document used for purposes of intimidation or assertions of sovereign citizen beliefs.

Apostille

Legitimate certificate that authenticates documents for use in foreign countries. Sovereign citizen criminals might use apostilles to certify document content fraudulently.

Common Law

Sovereign citizens interpret common law as an alternative legal remedy that can bypass legitimate legal processes, convening false common law “grand juries” or “courts” that can issue fraudulent indictments, arrest warrants, threatening letters or efforts to compel officials to act on their behalf or fulfill oaths of office. All these actions lack legal standing or force of law.

Flesh-and-Blood

Term used to describe free identities whom sovereign citizen adherents believe exist beyond the jurisdiction of the US authority.

14th Amendment

Many sovereign citizens believe passage of the 14th amendment, which granted rights to former slaves following the civil war, resulted in a fictional category of servitude for US citizens, and that the government became a corporation that no longer followed the constitution.

Sheriff’s Posse Comitatus

A militant anti-government, anti-tax movement active in the United States in the 1970s and 1980s, from which many of today’s sovereign citizen beliefs and assertions are derived.

Redemption Theory

Underlies a sovereign citizen criminal fraud scheme to access supposed secret US Treasury accounts worth millions of dollars, which adherents believe the US Government opens for every US citizen upon receipt of a birth certificate. Adherents file fraudulent paperwork with the goal of gaining control of their supposed funds to discharge debts including mortgages, loans, etc.

Sovereign Citizen

The term “sovereign citizen” is used mainly by law enforcement; adherents tend to self-identify as sovereign, freemen, flesh-and-blood persons, living beings, etc. It is not illegal to advocate sovereign citizen beliefs, absent extremist or criminal threats or activities.

Strawman

According to sovereign citizen ideology, the US Government creates a fictitious identity—a “strawman”—in the name of all born or naturalized US citizens. Adherents refer to their supposed secret US Treasury account as a “strawman account.”

Traveling

During traffic stops, sovereign citizen criminals might claim to be “traveling”—versus “driving”—fraudulently claiming to engage in a private, non-commercial activity outside of the authority of officers.

Uniform Commercial Code (UCC)

A legitimate legal code governing commercial transactions. Sovereign citizen criminals use UCC fraudulently as a bridge or remedy for interacting with government agencies and officials, using legitimate UCC forms during illicit financial schemes and fraudulent filings, as part of what they perceive to be transactions with illegitimate government entities.

The post (U//FOUO) FBI Domestic Terrorism Reference Guide: Sovereign Citizen Violent Extremism first appeared on Public Intelligence.

On May 24, 2022, a mass shooting at Robb Elementary School in Uvalde, Texas, shook the nation. With just two days left in the school year, a former student armed with an AR-15 style assault rifle took the lives of 19 students and two teachers, physically injured at least 17 others, and left countless families, friends, and a community grief-stricken for their unimaginable loss. In the aftermath of the tragedy, there was significant public criticism of the law enforcement response to the shooting. At the request of then Uvalde Mayor Don McLaughlin, the U.S. Department of Justice (DOJ) announced on May 29, 2022, that it would conduct a Critical Incident Review (CIR) of the law enforcement response to the mass shooting. Recognizing that “[n]othing can undo the pain that has been inflicted on the loved ones of the victims, the survivors, and the entire community of Uvalde,” the Attorney General stated that the goal of the CIR was to “assess what happened and to provide guidance moving forward.”

A full understanding of the response of local, state, and federal law enforcement agencies and personnel is critical for addressing many unanswered questions, identifying crucial lessons learned, enhancing prevention initiatives, and improving future preparation for and responses to mass shootings in other communities. In providing a detailed accounting and critical assessment of the first responder actions in Uvalde, and the efforts since to ameliorate gaps and deficiencies in that response, the CIR is intended to build on the knowledge base for responding to incidents of mass violence. It also will identify generally accepted practices for an effective law enforcement response to such incidents. Finally, the CIR is intended to help honor the victims and survivors of the Robb Elementary School tragedy.

The CIR was led by the Office of Community Oriented Policing Services (COPS Office) with the support of a team of subject matter experts with a wide variety of relevant experience, including emergency management and active shooter response, incident command, tactical operations, officer safety and wellness, public communications, and victim and family support (see “About the Team“). The CIR team collected and reviewed more than 14,100 pieces of data and documentation, including policies, training logs, body camera and CCTV video footage, audio recordings, photographs, personnel records, manuals and standard operating procedures, interview transcripts and investigative files and data, and other documents. The CIR team visited Uvalde nine times, spending a total of 54 days on site. The team conducted over 260 interviews of individuals from more than 30 organizations and agencies who played a role in or had important knowledge or information about areas related to the review. Those interviews included personnel from the law enforcement agencies involved in the response to the mass shooting, other first responders and medical personnel, victims’ family members, victim services providers, communications professionals and public information officers, school personnel, elected and appointed government officials, survivors and other witnesses, and hospital staff.

…

High-Level Incident Summary

Phase I: 11:21 a.m.–11:39 a.m.

Phase I of the incident begins when the subject shoots his grandmother at her residence at approximately 11:21 a.m., and ends after the first arriving officers’ initial approaches to classrooms 111 and 112, at approximately 11:39 a.m.

After shooting his grandmother, the subject messages an acquaintance about the crime he just committed and his plan to “shoot up an elementary school” next. He steals a vehicle from the residence and crashes it just a few blocks away, into a ditch near Robb Elementary. Multiple 911 calls are placed in response to the crash. Meanwhile, the subject exits the vehicle and begins shooting a high-powered, AR-15-style rifle at workers from a nearby funeral home before entering the school grounds and heading toward the West Building of Robb Elementary.

UCISD Staff 1, who is still on the phone with 911 about the crash, witnesses the gunfire and notifies the 911 operator. The UCISD Staff 1 then reenters the West Building and begins lockdown procedures. They completely close the exterior door through which they entered. The door is not propped open but, unbeknownst to them, it is not locked as it should be. 911 dispatch alerts all units to respond. Multiple Uvalde Consolidated Independent School District (UCISD) employees use the school’s emergency alert system, Raptor, to send an alert as the subject reaches the West Building.

As the subject reaches the West Building, he initiates multiple barrages of gunfire along the exterior west wall. Children and teachers are outside on the playground at the time, as the subject then approaches the building. At 11:33 a.m., the subject enters through the northwest door of the West Building via the closed, unpropped, and unlocked exterior door. The subject enters the building approximately five minutes after he crashes into the ravine and 11 minutes after shooting his grandmother. The subject walks directly to adjoining rooms 111 and 112 and begins shooting toward their recessed doors. The subject walks into the vestibule while shooting and appears to try to access and may enter room 112. Approximately 10 seconds later, the subject steps back into the hallway, continuing to shoot, and then appears to enter room 111. The subject then accesses both rooms 111 and 112 through the connecting doors between them.

Within three minutes of the subject entering the building, first responding officers enter from both the south and northwest side entrances while the subject is actively shooting inside rooms 111 and 112. In addition to hearing gunfire, the officers experience smoke from recent gun fire and dust from sheetrock and see shell casings on the floor. Officers quickly identify where the shooting is occurring and run toward rooms 111 and 112.

Responding officers are hit with shrapnel from the shooter’s gunfire from inside the classrooms. After initial approaches toward the doors, the officers retreat, not approaching the doors again until entry is made more than an hour later.

Upon arrival, responding officers also learn of intermittent radio difficulties when inside the hallway. Some officers go outside of the hallway and request a special weapons and tactics (SWAT) team and additional resources over the radio, including shields, flashbangs, and for all units to respond starting at 11:37 a.m. An active school shooting is called out over the radio early on during the incident, but then the terms “contained” and “barricade” are used multiple times to describe the conditions of the incident during Phase I of the event, including over the radio to dispatchers and officers en route (starting at 11:37 a.m.). Also, at 11:37 a.m., Uvalde Consolidated Independent School District Police Department (UCISD PD) Ofc. 1 identifies the room the shooter is in as his wife’s classroom.

Phase II: 11:40 a.m.–12:21 p.m.

Phase II of the incident begins at 11:40 a.m., after the initial response has ended, defined as the last time the first officers on scene retreat from the doorway of classrooms 111/112. Phase II ends when multiple shots are fired again from inside the classrooms at 12:21 p.m. and officers move down the hallway and toward the classrooms.

During this 41-minute period of time, many more officers from a multitude of agencies arrive on scene. There is a great deal of confusion, miscommunication, a lack of urgency, and a lack of incident command. Analysis of how the lack of an incident command structure impedes the overall response is in “Chapter 3. Leadership, Incident Command, and Coordination.”

At 11:40 a.m., UCISD PD Chief Pete Arredondo, who tossed his radios because he stated that he wanted his hands to be free and indicated there were reception and transmission issues inside the building, calls the emergency communications center from inside the West Building and says that he is inside the building with the subject, who is armed with an AR-15. Chief Arredondo says he “needs a lot of firepower” and that he wants “the building surrounded.” As he is on the phone with dispatch, he learns about a call occurring at the same time from a teacher in the building, who states they believe another teacher has been shot. Chief Arredondo asks whether the teacher is with the shooter, but dispatch does not know. He shares the room number of the shooter’s location with dispatch, then asks for SWAT to set up by the funeral home (which is across the street). He states that he needs more firepower because “all we have” in the hallway at that time are handguns.

The scene continues to be largely a bifurcated response on the north and south ends of the hallway. There is some effort to communicate across each side of the hallway, primarily by phone calls between Chief Arredondo and Uvalde County Precinct 1 Constable Johnny Field. Chief Arredondo and Constable Field coordinate the evacuation of rooms in the West Building; however, at no point is there a common operating plan among officers on scene. Inside the building, intermittent radio issues continue, with radios sometimes working and sometimes not. Chief Arredondo is on the south side of the hallway, and many—but not all—officers on both sides of the hallway view him as the incident commander.

As more officers respond to the scene, families and local community members also begin to gather near the school and funeral home, many of whom express concern and fear for their children. As time passes, bystanders grow increasingly upset and even angry about the tragedy unfolding at the school and the lack of information available to them.

There is ongoing discussion among officers on scene about negotiating with the subject in classrooms 111/112. The discussion is often marked by confusion, including the incorrect information that Chief Arredondo is in the room with the subject. This is broadcast over the radio and conveyed in person among officers on scene. Although the misinformation is corrected by some officers, it persists and continues to spread inside and outside the hallway. This misinformation is first stated at 11:50 a.m. and repeated over the radio. At 12:10 p.m., 20 minutes later, the misinformation is still being shared when a TXDPS trooper on scene misinforms TXDPS dispatch. Attempts to begin a dialogue with the shooter by phone and from outside of the room in the hallway are unsuccessful in both English and Spanish.

At approximately 11:56 a.m., UCISD PD Ofc. 1 informs Constable Field, in the presence of several other officers at the T-intersection of the West Building hallway (see figure 1-1 on page 8), that his wife, a teacher in classroom 112, says she has been shot. Uvalde Police Department (UPD) Acting Chief Mariano Pargas guides UCISD PD Ofc. 1 out of the hallway via the northwest door.

Classroom 110 has already been cleared by Chief Arredondo at the onset of the response. Rooms 127 and 126 in the northeast hallway of the building are cleared and evacuated beginning at approximately 11:54 a.m. The classrooms on the west side of the building are cleared and evacuated between 11:58 a.m. and 12:07p.m., and each evacuation is completed in approximately two minutes or less. Officers on scene break the exterior windows to rooms 102, 103, 104, 105, and 106 to evacuate children and teachers.

Students and a teacher in room 108 are evacuated directly out into the hallway and south doorway. One teacher is evacuated from room 116 directly through the hallway and out the west entry door. Room 129 is also found to have one teacher inside, who is evacuated out the east entry door. One child is found inside the boy’s restroom and evacuated out the east entry door. One adult is evacuated from room 132. One adult is evacuated from the library sometime around 12:00 p.m.; however, the exact time is unknown. Evacuated children and staff run to the funeral home, where families also begin to converge. Other rooms in the West Building are cleared and found to be vacant. Some doors are locked, and some are not.

As children and teachers are evacuated from classrooms, there is growing realization that, in addition to the teacher inside classrooms 111/112 with the subject, there are likely children present in these rooms. Chief Arredondo, in attempts to negotiate with the subject, states “these are innocent children.”
10 Uvalde Police Department Body-Worn Camera Footage. A TXDPS sergeant comments to another TXDPS agent on scene that the subject “shot kids.” While assisting with evacuations, UPD Sgt. 1 comments that “there has to be kids everywhere.”

By approximately 12:09 p.m., all classrooms in the hallways have been evacuated and/or cleared except rooms 111/112, where the subject is, and room 109. Room 109 is found to be locked and believed to have children inside.

At the south end of the hallway, the focus on evacuating room 109 sets off a search for master keys and calls for any entry team from the north end of the hallway to wait until that room is evacuated. Uvalde County Precinct 6 Constable Zamora goes to the north side of the hallway and obtains a set of keys from a UCISD PD lieutenant. Concerned about crossfire into room 109, Chief Arredondo says that the team presumed to be entering classrooms 111/112 from the other side of the hallway needs to wait until they are able to evacuate room 109. He says, “Time is on our side right now. I know we got kids in there, but we gotta save the lives of the other ones.” At approximately 12:10 p.m. a child calls 911 from inside classroom 112, stating they are in a room full of victims. The call lasts approximately 16 minutes, through the shots that are fired at 12:21. Dispatch broadcasts over the radio information about the call at approximately 12:12 p.m., and this information is received and disseminated through both sides of the hallway.

Around this time, the CBP Border Patrol Tactical Unit (BORTAC) commander arrives on scene. The BORTAC commander speaks on the phone with a TXDPS sergeant, who relays Chief Arredondo’s direction to wait for entry. Soon after the call started from the child inside classroom 112, word continues to spread to the law enforcement group at the T-intersection that there are victims in room 112. A law enforcement officer states that “an officer heard from his wife who is in the room dying.”

At 12:21, while Constable Zamora is re-trying keys on room 109, the subject fires four shots inside classrooms 111/112. Officers on both sides of the hallway quickly take cover. Some in the T-intersection immediately move into formation without a word. A Zavala County deputy and a CBP agent advance down the hallway toward the shots fired, followed by the CBP BORTAC commander, another CBP agent, a TXDPS special agent, and others trailing behind. The other law enforcement personnel remain at the T-intersection without advancing. At this point, there is an understanding on both sides of the hallway that an entry team has been formed and they are about to make entry into rooms 111/112.

Phase III: 12:22 p.m.–12:49:58 p.m.

Phase III of the timeline begins at 12:22 p.m., immediately following four shots fired inside classrooms 111 and 112, and continues through the entry and ensuing gunfight at 12:49 p.m. During this time frame, officers on the north side of the hallway approach the classroom doors and stop short, presuming the doors are locked and that master keys are necessary. Also during this time, UCISD PD Chief Pete Arredondo calls off the directive to evacuate room 109 through the door using master keys and instead orders that the evacuation be conducted through the windows. When classroom 109 is evacuated, it is discovered that the room has in fact been occupied by numerous students, including a teacher who has been shot in the abdomen and a child who has been hit in the face by shrapnel. They have been inside room 109 bleeding and muffling their cries to avoid detection by the subject.

Chief Arredondo, who is on the phone with another responding officer on the north side of the hallway, gives the go-ahead to make entry into classrooms 111/112. Chief Arredondo states, “What team? Got a team ready to go? Have at it.” He then begins explaining aspects of the building and classroom, stating that the door is probably locked and that he is going to try to find some keys to test.

Law enforcement medics arrive and begin establishing a triage area outside of the restrooms on the north side of the hallway.

The CBP BORTAC commander tries one set of presumed master keys that do not work. After waiting for approximately nine minutes, the BORTAC commander goes to retrieve breaching tools. Shortly after he returns, working master keys arrive at approximately 12:36 p.m. With working keys in hand, officers in the hallway wait to find out whether a sniper can obtain a visual and eliminate the subject through the window. This is unsuccessful.

At around 12:48 p.m., the entry team enters the room. Though the entry team puts the key in the door, turns the key, and opens it, pulling the door toward them, the CIR Team concludes that the door is likely already unlocked, as the shooter gained entry through the door and it is unlikely that he locked it thereafter. The entry team is composed of three BORTAC members, a CBP Border Patrol Search, Trauma, and Rescue Unit (BORSTAR) member, and deputies from two local sheriffs’ departments— Uvalde and Zavala counties. There is one shield in the stack, which had been provided by the U.S. Marshals Service (USMS) and is rifle-rated. As the entry team prepares to move in, the door begins to swing closed. One team member attempts to move a chair against the door to prop it open, but the door is too heavy, and eventually another member of the entry team simply holds it open as the team makes entry.

After a brief pause in action, gunfire erupts from inside the classrooms. The subject is killed by the entry team at approximately 12:49:58. A BORTAC member receives a graze to their head and leg.

The post Department of Justice Critical Incident Review Active Shooter at Robb Elementary School first appeared on Public Intelligence.

January 9, 2024

VIA ECF

The Honorable Loretta A. Preska
District Court Judge
United States District Court
Southern District of New York
500 Pearl Street
New York, NY 10007

Re: Giuffre v. Maxwell, Case No. 15-cv-7433-LAP

Dear Judge Preska,

Pursuant to the Court’s December 18, 2023, unsealing order, and following conferral with Defendant, Plaintiff files this set of documents ordered unsealed. This filing also excludes documents pertaining to Does 105 (see December 28, 2023, Email Correspondence with Chambers), 107, and 110 (see ECF No. 1319), while the Court’s review of those documents is ongoing. This is the last set of documents to be filed pursuant to the Court’s December 18, 2023, order.

Respectfully,
/s/ Sigrid S. McCawley
Sigrid S. McCawley
cc: Counsel of Record (via ECF)

The post Virginia Guiffre v. Ghislaine Maxwell Unsealed Jeffrey Epstein Documents Batch 8 January 9, 2024 first appeared on Public Intelligence.

January 8, 2024

VIA ECF

The Honorable Loretta A. Preska
District Court Judge
United States District Court
Southern District of New York
500 Pearl Street
New York, NY 10007

Re: Giuffre v. Maxwell, Case No. 15-cv-7433-LAP

Dear Judge Preska,

Pursuant to the Court’s December 18, 2023, unsealing order, and following conferral with Defendant, Plaintiff files this set of documents ordered unsealed. The filing of these documents ordered unsealed will be done on a rolling basis until completed. This filing also excludes documents pertaining to Does 105 (see December 28, 2023, Email Correspondence with Chambers), 107, and 110 (see ECF No. 1319), while the Court’s review of those documents is ongoing.

Respectfully,

/s/ Sigrid S. McCawley
Sigrid S. McCawley
cc: Counsel of Record (via ECF)

The post Virginia Guiffre v. Ghislaine Maxwell Unsealed Jeffrey Epstein Documents Batch 7 January 8, 2024 first appeared on Public Intelligence.

January 5, 2024

VIA ECF

The Honorable Loretta A. Preska
District Court Judge
United States District Court
Southern District of New York
500 Pearl Street
New York, NY 10007

Re: Giuffre v. Maxwell, Case No. 15-cv-7433-LAP

Dear Judge Preska,

Pursuant to the Court’s December 18, 2023, unsealing order, and following conferral with Defendant, Plaintiff files this set of documents ordered unsealed. The filing of these documents ordered unsealed will be done on a rolling basis until completed. This filing also excludes documents pertaining to Does 105 (see December 28, 2023, Email Correspondence with Chambers), 107, and 110 (see ECF No. 1319), while the Court’s review of those documents is ongoing.

Respectfully,
/s/ Sigrid S. McCawley
Sigrid S. McCawley
cc: Counsel of Record (via ECF)

The post Virginia Guiffre v. Ghislaine Maxwell Unsealed Jeffrey Epstein Documents Batch 6 January 5, 2024 first appeared on Public Intelligence.

January 5, 2024

VIA ECF

The Honorable Loretta A. Preska
District Court Judge
United States District Court
Southern District of New York
500 Pearl Street
New York, NY 10007

Re: Giuffre v. Maxwell, Case No. 15-cv-7433-LAP

Dear Judge Preska,

Pursuant to the Court’s December 18, 2023, unsealing order, and following conferral with Defendant, Plaintiff files this set of documents ordered unsealed. The filing of these documents ordered unsealed will be done on a rolling basis until completed. This filing also excludes documents pertaining to Does 105 (see December 28, 2023, Email Correspondence with Chambers), 107, and 110 (see ECF No. 1319), while the Court’s review of those documents is ongoing.

Respectfully,
/s/ Sigrid S. McCawley
Sigrid S. McCawley
cc: Counsel of Record (via ECF)

The post Virginia Guiffre v. Ghislaine Maxwell Unsealed Jeffrey Epstein Documents Batch 5 January 5, 2024 first appeared on Public Intelligence.

January 5, 2024

VIA ECF

The Honorable Loretta A. Preska
District Court Judge
United States District Court
Southern District of New York
500 Pearl Street
New York, NY 10007

Re: Giuffre v. Maxwell, Case No. 15-cv-7433-LAP

Dear Judge Preska,

Pursuant to the Court’s December 18, 2023, unsealing order, and following conferral with Defendant, Plaintiff files this set of documents ordered unsealed. The filing of these documents ordered unsealed will be done on a rolling basis until completed. This filing also excludes documents pertaining to Does 105 (see December 28, 2023, Email Correspondence with Chambers), 107, and 110 (see ECF No. 1319), while the Court’s review of those documents is ongoing.

Respectfully,
/s/ Sigrid S. McCawley
Sigrid S. McCawley
cc: Counsel of Record (via ECF)

The post Virginia Guiffre v. Ghislaine Maxwell Unsealed Jeffrey Epstein Documents Batch 4 January 5, 2024 first appeared on Public Intelligence.

January 5, 2024

VIA ECF

The Honorable Loretta A. Preska
District Court Judge
United States District Court
Southern District of New York
500 Pearl Street
New York, NY 10007

Re: Giuffre v. Maxwell, Case No. 15-cv-7433-LAP

Dear Judge Preska,

Pursuant to the Court’s December 18, 2023, unsealing order, and following conferral with Defendant, Plaintiff files this set of documents ordered unsealed. The filing of these documents ordered unsealed will be done on a rolling basis until completed. This filing also excludes documents pertaining to Does 105 (see December 28, 2023, Email Correspondence with Chambers), 107, and 110 (see ECF No. 1319), while the Court’s review of those documents is ongoing.

Respectfully,
/s/ Sigrid S. McCawley
Sigrid S. McCawley
cc: Counsel of Record (via ECF)

The post Virginia Guiffre v. Ghislaine Maxwell Unsealed Jeffrey Epstein Documents Batch 3 January 5, 2024 first appeared on Public Intelligence.

January 4, 2024

VIA ECF

The Honorable Loretta A. Preska
District Court Judge
United States District Court
Southern District of New York
500 Pearl Street
New York, NY 10007

Re: Giuffre v. Maxwell, Case No. 15-cv-7433-LAP

Dear Judge Preska,

Pursuant to the Court’s December 18, 2023, unsealing order, and following conferral with Defendant, Plaintiff files this set of documents ordered unsealed. The filing of these documents ordered unsealed will be done on a rolling basis until completed. This filing also excludes documents pertaining to Does 105 (see December 28, 2023, Email Correspondence with Chambers), 107, and 110 (see ECF No. 1319), while the Court’s review of those documents is ongoing.

Respectfully,
/s/ Sigrid S. McCawley
Sigrid S. McCawley
cc: Counsel of Record (via ECF)

The post Virginia Guiffre v. Ghislaine Maxwell Unsealed Jeffrey Epstein Documents Batch 2 January 4, 2024 first appeared on Public Intelligence.

January 3, 2024

VIA ECF

The Honorable Loretta A. Preska
District Court Judge
United States District Court
Southern District of New York
500 Pearl Street
New York, NY 10007

Re: Giuffre v. Maxwell, Case No. 15-cv-7433-LAP

Dear Judge Preska,

Pursuant to the Court’s December 18, 2023, unsealing order, and following conferral with Defendant, Plaintiff files this set of documents ordered unsealed. The filing of these documents ordered unsealed will be done on a rolling basis until completed. This filing also excludes documents pertaining to Does 105 (see December 28, 2023, Email Correspondence with Chambers), 107, and 110 (see ECF No. 1319), while the Court’s review of those documents is ongoing.

Respectfully,
/s/ Sigrid S. McCawley
Sigrid S. McCawley
cc: Counsel of Record (via ECF)

The post Virginia Guiffre v. Ghislaine Maxwell Unsealed Jeffrey Epstein Documents Batch 1 January 3, 2024 first appeared on Public Intelligence.

(U//FOUO) Due to indications of an increase in extremist activity by former and current military personnel, evidenced by a spike in open source reporting, the ARTIC has produced this report examining 22 cases of current and former DoD members expressing support for and or allegedly affiliated with extremist groups while serving in or having recently separated from the military from 2017 – 2019. For the purposes of this report, the ARTIC considered an organization to be “extremist” if its core ideology espouses racially motivated hatred, such as Neo-Nazism, white supremacism, or black separatism, and or religious hatred, such as espoused by al-Qa’ida or the Islamic State of Iraq and Syria. The majority of the information within this report was obtained via open sources. Due to the nature of open source reporting, and the possibility of ongoing investigations involving DoD personnel within this report, some of the allegations presented may prove to be unfounded.

…

(U//FOUO) Twenty out of the 22 reports examined by the ARTIC from 2017 to 2019 involved military members allegedly demonstrating support for white supremacist or neo-Nazi ideology and or associating with explicitly white supremacist or neo-Nazi organizations. Two reports involved alleged support for ideology in support of foreign terrorist organizations, namely ISIS. In all 22 reports the suspects were male.

(U//FOUO) Of the 22 cases examined, 13 involved Soldiers, six involved Marines, two involved Airmen, and one involved a member of the Coast Guard. Seven out of the 22 members engaged in, or discussed engaging in, violent acts involving explosives and or firearms.

(U//FOUO) Nine of the cases involved members of “Identity Evropa”, which re-branded as the American Identity Movement (AIM), an alt right white supremacist group; three cases involved members of “Atomwaffen Division” (AWD), a violent anarchist neo-Nazi group that became active in 2016; two cases involved individuals fighting with far-right paramilitary groups in Ukraine; two cases involved supporters of the Islamic State of Iraq and Syria (ISIS); two cases involved individuals belonging to an alleged white supremacist affiliated group called “Ravensblood Kindredone; one case involved a member of the “Patriot Front (PF), a pro-white nationalist, anti-multicultural and anti-immigrant organization; and three were unspecified.

(U//FOUO) It is likely that most if not all service members who embrace extremism were exposed to extremist ideology via the internet or social media applications. While the ARTIC found no evidence of extremist organizations specifically targeting DoD members through social media or other means, according to open source research, social media platforms play an important role in the likely self-radicalization processes of US extremists. According to the National Consortium for the Study of Terrorism and Responses to Terrorism (START), in 2016 alone, social media contributed to the radicalization processes of nearly 90% of extremists contained within their database. Right-wing extremist networks in particular use Twitter, post videos on YouTube, establish Facebook pages, create Instagram accounts, and communicate on social media sites with minimal moderation such as Gab and 8chan.

(U//FOUO) The ARTIC notes that based on investigations conducted by the Army Criminal Investigative Command (CID), CID does not assess a danger of white supremacy or any other form of racially motivated violent extremism becoming a pervasive issue across the Army. According to CID, focused collection on extremist activity within the past year revealed a common thread for the Soldiers identified as participating in extremist groups being that they are commonly isolated in units, failing to fully integrate into Army life, rather than emerging as influential among their Soldier peers. Although the ARTIC has not coordinated with investigative agencies from other military branches, based upon the reporting reviewed, we judge the findings by CID are likely applicable across the military.

…

(U) Atomwaffen Division (AWD)

(U) According to the Anti-Defamation League (ADL), the AWD is a small neo-Nazi group that became active in 2016. The group is believed to have originated online from a now-defunct Neo-Nazi forum called Iron March, which was known for its extreme content and calls for violence. According to the AWD website, they are “a revolutionary national socialist organization centered around political activism and the practice of an autonomous fascist lifestyle.” They promote the idea that societal and governmental “systems” are collapsing and that democracy and capitalism have “given way to Jewish oligarchies and globalist bankers resulting in the cultural and racial displacement of the white race.”

(U) Members train in preparation for an impending race war and promote the use of violence to reach their goal of “uncompromising victory.” In a promotional video published on 21 JAN 18, members, dressed in military-styled camouflaged fatigues, shout “gas the Kikes” and “race war now” as they fire weapons and practice tactical maneuvers.

(U) In December 2017, one of AWD’s leaders, John Cameron Denton (AKA Vincent Snyder), laid out the group’s plans on their Siege Culture website: “Our responsibility right now is resistance, anything that happens after that we’ll simply adapt to it and work with what we have.” Denton, who lives in Texas, has attended white supremacist rallies and events in Houston and Austin alongside members of the White Lives Matter movement and the Aryan Renaissance Society. (ADL, 2019; Open Source, 01 FEB 18)

(U) American Identity Movement (AIM)

(U) According to the ADL, the AIM is an alt right white supremacist group that began in 2019 as a rebranding of Identity Evropa, one of the largest groups within the alt right segment of the white supremacist movement.

(U) On 08 MAR 19, during Identity Evropa’s annual conference, the group’s leader, Patrick Casey, announced the dissolution of Identity Evropa and the creation of AIM. During the conference, all Identity Evropa members in good standing were invited to join AIM. (ADL, 2020)

(U) Azov Regiment (AR)

(U) The Azov Regiment is a combined arms special task unit of the Ukrainian National Guard comprised of contract solders to include foreign fighter volunteers. It was formed in May 2014 as a volunteer military battalion to counter Russian-backed proxy forces fighting in the Azov sea coastal region of Mariupol. In November 2014 it was incorporated into the National Guard and updated to a Regiment in January 2015. The regiment, considered ultra-national, includes elite units trained in Reconnaissance and EOD specialties by former Ukrainian Army Special Forces. According to open source, Azov is rooted in neo-Nazism based on ideologies expressed by leadership and embalms associated with the group. In 2018, US Congress pass legislation blocking military aid to Azov due to suspected white-supremacy goals.

(U) Patriot Front (PF)

(U) The Patriot Front is considered a pro-white nationalist, anti-multicultural, anti-immigrant, and anti-Semitic organization. The Patriot Front broke from the white-nationalist group Vanguard America in August 2017 following the August 2017 Unite the Right rally in Charlottesville, Virginia. The Patriot Front believes the United States’ unique cultural identify was forged by pan-European pioneers, explorers, visionaries, and is being compromised by a dysfunctional and tyrannical government. The Patriot Front claims to seek a return to the traditions and values (political, social, and religious) defined by America’s forefathers. The group embraces imagery depicting American patriotic and traditional fascist themes. The Patriot Front is known to distribute propaganda through fliers and stickers, often at universities and synagogues. During public demonstrations, the Patriot Front has called for the deportation or marginalization of non-whites. Reporting indicates the Patriot Front has not directly engaged in violent activity.

(U) The Base

(U) The Base is identified as a white nationalist survivalist group that proclaims to defend the European race while establishing a network of supporters willing to use violence to overthrow the current social and political order and hasten in a perceived impending race war. The Base was formed in 2018 and operates primarily in the US although reporting indicates some low level activity in Europe. The Base reportedly draws inspiration from the neo-Nazi hate group Atomwaffen Division (AWD) and writings by prominent Neo-Nazi Authors The Base reportedly includes members from the AWD and the far-right environmental groups such as the Eco-Fascist Order. (Open Source, 25 JAN 20; Open Source, 16 NOV 19; Open Source, 2020)

The post (U//FOUO) U.S. Army Threat Integration Center (ARTIC) Report: Indications of Extremism in the Military 2017-2019 first appeared on Public Intelligence.

Private and public sector professionals and subject matter experts working in the cyber financial landscape gathered to examine the use of financial technologies and cryptocurrencies by illicit actors. Phase 1 of this research focused on a general overview of the emerging illicit activity pertaining to digital assets and the peer-to-peer payment space. This included discovering the most common illicit finance activities, the most exploited elements of financial technologies, the legal vulnerabilities that allow exploitation, pseudo-anonymity in online transactions, weaknesses in Know-Your-Customer laws, and the risks of other emerging blockchain applications (i.e. NFTs).

Phase 2 of the research serves to build upon the foundation laid in Phase 1. The Phase 2 research further explores: the criminal groups utilizing digital assets in illegal activities; how these criminal groups are conducting illicit activity and recruiting members; cryptocurrency ATMs and Point-of-Sales illicit uses; generative AI applications in cybercrime; darknet market use of digital assets; the evolving use of cryptocurrencies (especially the year to date change); criminal activity’s impact on government and private sector; and additional policy recommendations. Although illicit use can never be completely eliminated, it can be mitigated by increased consumer knowledge, proactive law enforcement investigations, and better practices and regulations issued by key stakeholders.

…

Russian Intelligence Services Leveraging Cryptocurrency for Operational Purposes

Due to the ability to facilitate clandestine payments through a variety of different tradecraft methods, cryptocurrency has been leveraged by not only Russian-based non-state actors and criminal groups, but also by state-sponsored Russian Government entities and intelligence services. On 9 June 2023, the US Department of Justice (DOJ), released a public statement detailing a variety of unsealed charges related to cryptocurrency exchange hacks, money laundering, and illicit activity conducted by multiple Russian threat actors, with direct ties to Russian intelligence services.

Russian nationals Alexey Bilyuchenko and Aleksandr Verner, were charged with conspiring to launder approximately 647,000 bitcoins over the course of a three-year period, following their hack of major cryptocurrency exchange, Mt. Gox, dating back to 2011. Per the recently unsealed indictment, it was revealed that in 2011, both Bilyuchenko and Verner gained access to Mt. Gox users’ data, transactional database, and the private keys, which were necessary to facilitate all trading movement on the exchange. Between 2011 and 2014, approximately 647,000 bitcoin was moved out of Mt. Gox hosted wallets to other cryptocurrency exchanges, which included BTC-e and TradeHill. Additional assets were also moved to Bilyuchenko’s and Verner’s own Mt. Gox accounts. Notably, the exchange BTC-e was administratively run by Bilyuchenko up until it’s shut down in 2017 by the FBI for illicit activity and money laundering on behalf of Russian-based ransomware gangs. Additional investigative reports unsealed by the Department of Homeland Security (DHS), reveal that Bilyuchenko and Verner moved the bitcoin from Mt. Gox to the exchange BTC-e at the time it was operational, after which it was further transitioned to two now-defunct bitcoin companies, Bitlnstant and Memory Dealers. Bitlnstant was a cryptocurrency exchange that was founded by Charlie Shrem, who in 2014, was sentenced to two years in prison for money laundering.

..

Cartel Finance

Mexican-based drug cartels have historically generated significant amounts of illicit proceeds through their global presence and narcotics distribution rings. A recently released report from the International Narcotics Control Board estimates that Mexican drug cartels are believed to launder approximately $25 billion per year in Mexico. Subsequently, their need to conceal these proceeds and launder their funds is necessary to maintain the success of their operations. In April 2023, the FBI and DEA indicted twelve people associated with the Sinaloa cartel, a transnational criminal organization that allegedly laundered over $16.5 million, a majority of which was moved via large bulk cash drops in hotel rooms and parking lots of various US cities to include Chicago, Boston, New York City, Baltimore, Philadelphia, among many others. The funds would then be laundered through multiple shell companies, after which they were ultimately transferred to bank accounts in Mexico. In a recent investigation led by the US Drug Enforcement Agency (DEA), it was determined that an illicit drug cartel was moving methamphetamine and cocaine across the US, Mexico, Europe, and Australia by leveraging the world’s largest cryptocurrency exchange, Binance. The group allegedly laundered over $40 million in illicit proceeds via this exchange.

…

Terrorist Financing

Terrorist organizations rely on a consistent influx of funds in order to carry out and plan their operations. Historically, they have leveraged donations and the religious obligation of tithe in order to raise money. Other forms of revenue generation include illegal drug and arms dealing, with a combined need to finance their own members and associates. In recent years, this tradecraft has shifted to a reliance on cryptocurrency for fundraising, financing attacks, purchasing equipment, supporting fighters and their families, among other purposes. Jihadi blogs alone, have become the source of millions of dollars in bitcoin in the form of donations to ISIS, Al-Qaeda, Hamas, and the Muslim Brotherhood. In conjunction with all the aforementioned threat actors, these groups also significantly leverage social media platforms for the purpose of soliciting donations from their followers. They will utilize communication platforms such as the messaging app Telegram, which allows for encrypted and clandestine messaging. They will utilize Facebook and Twitter for the purposes of posting their wallet addresses to receive donations, as well as provide their supporting base with PDF and video guides for how to obtain, and donate cryptocurrency. Bitcoin is the most frequently used due to liquidity, alongside AEC’s such as Monero, Z-Cash and Dash, among others.

The post DHS Public-Private Analytic Exchange Program Report: Combatting Illicit Activity Utilizing Financial Technologies and Cryptocurrencies Phase II first appeared on Public Intelligence.

Private and public sector analysts and subject matter experts working in the cyber financial landscape gathered through a series of meetings to examine the use of financial technologies and cryptocurrencies by illicit actors. The key research points investigated include discovering the most common illicit finance activities, the most exploited elements of financial technologies, the legal vulnerabilities that allow exploitation, pseudo-anonymity in online transactions, weaknesses in Know-Your-Customer laws, and the risks of use associated with other emerging blockchain applications (i.e. NFTs). The research gathered from investigating these areas led to the development of suggested, effective changes to reduce illicit activity in this space and identifying the key stakeholders to implement these changes. This paper seeks to provide guidance in navigating cryptocurrencies, emerging digital payment solutions, and other blockchain applications to both consumers and stakeholders to minimize the illicit use of these platforms. While illicit use cannot be eliminated altogether, it can certainly be reduced with better consumer knowledge and better practices/regulations issued by key stakeholders.

…

Money Laundering

Money laundering traditionally begins with ill-gained fiat currency that criminals wish to make usable. One strategy is to have money mules transfer these funds into bank accounts for later transfer/withdrawal. Cryptocurrency has opened new avenues for money launderers utilizing bank deposits by mules who then purchase cryptocurrency. Bitcoin ATMs are another popular method for money mules to convert fiat currency into cryptocurrency. Bitcoin ATMs are physical machines where people can buy cryptocurrency with cash, requiring varying amounts of personal information to use. Once the fiat currency is converted into cryptocurrency, there are multiple ways it can be laundered, making it difficult for law enforcement to track.

Cryptocurrency mixers, for example, aid in obfuscating the origins of the processed cryptocurrency. This happens by rapidly pooling currency streams into many small transactions across many wallets. Mixers allow illicit actors to launder high amounts very conveniently and are not inherently illegal. The co-founder of Tornado Cash, a popular cryptocurrency mixer, told Bloomberg in March 2022 that their service can be defined as an “anonymizing software provider” which does not subject them to money transmitter regulations in the U.S. Our group examined some of the most popular and common mixers/tumblers used today and our findings are reviewed in the chart below.

…

Pseudo-Anonymity and Weaknesses in KYC

Pseudo-anonymity is a key factor in propelling the use of cryptocurrencies and other emerging digital assets for illicit purposes. Bitcoin is the original catalyst for this element due to its pseudo-anonymous nature. A person’s identity is tied to a fake name or pseudonym in using bitcoin which serves as their public key and bitcoin address. Bitcoin has never been truly anonymous because all transactions are available on the public network leaving anyone easily being able to see records of all transactions a bitcoin address has conducted. It is up to the bitcoin address holder to prevent their actual identity from being linked to their pseudonym in bitcoin. As other cryptocurrencies have emerged the same principles have applied in that they provide pseudo-anonymity and a means for people to make transactions that aren’t under their true identity. As we’re entering a new phase of digital assets, they are taking it a step further by providing complete anonymity or near complete anonymity which is discussed with Monero and NFTs in a later section. However it has largely been a misconception that cryptocurrencies are completely anonymous and even with their pseudo-anonymous nature, illicit actors have not been able to hide from authorities.

…

NFTs and Other Blockchain Applications Risk of Illicit Use

Other, emerging blockchain applications such as NFTs and digital payment services such as gaming currency and P2P services present a great risk of illicit use. While these forms are just starting to emerge in criminal cases, they have the potential for large-scale mis-use by illicit actors. The first U.S. federal criminal case involving NFTs occurred in March 2022 and provides a great case study into how this class of digital assets can be misused.

Case Study – NFT “Rug Pull Scheme”

Ethan Vinh Nguyen and Andre Marcus Quiddaeon were both arrested in Los Angeles in March 2022 after they were charged with conning buyers of NFTs worth 1.1 million. They were charged with both wire fraud and conspiracy to commit money laundering after issuing a set of NFTs known as “Frosties”. The purchasers of “Frosties” were supposed to be eligible for exclusive hodler rewards including early access to a meta verse game and giveaways. These types of NFTs which offer special bonuses are specifically known as utility NFTs. Nguyen and Quiddaeon subsequently ditched the project after selling out just hours after launching and transferred the money earned from the sales of the NFTs to multiple cryptocurrency wallets under their control. They started their project under pseudonyms which further demonstrates the pseudo-anonymity involved in online blockchain applications. Criminals can hide behind online identities while promoting their NFTs and ultimately perform a “rug pull” leaving any investors defrauded.

The post DHS Public-Private Analytic Exchange Program Report: Combatting Illicit Activity Utilizing Financial Technologies and Cryptocurrencies Phase I first appeared on Public Intelligence.

(U//FOUO) The threat from the production, use, and trafficking of illegal drugs throughout the State of Michigan continues to be of great concern. In 2022, the demand and availability of some commonly used drugs increased while others slightly decreased compared to 2021. Also, several drugs showed an increase in use, while others showed a slight decrease throughout the state during the 2022 reporting period. According to drug teams’ survey responses on the most significant threat in their area of responsibility (AOR), as well as contributing factors such as availability and seizures, the drug threat ranking has remained the same from the previous reporting period. The current threat ranking is as follows:

Fentanyl/Heroin

• Crystal Methamphetamine/Methamphetamine
• Cocaine/Crack Cocaine
• Prescription Drugs
• Marijuana

(U//FOUO) Therefore, based on 2022 reporting, the Michigan HIDTA has identified the following key findings:

Fentanyl/Heroin

• (U//FOUO) According to the drug teams surveyed, 55% indicated fentanyl is their most significant threat in 2022 compared to 53% in 2021. Additionally, 21% of drug teams surveyed reported heroin as their second most significant threat, which is a decrease from 44% in 2021.
• (U//FOUO) Fentanyl is identified as the most lethal threat within the State of Michigan.
• (U//FOUO) Michigan HIDTA task forces seized roughly 123 kilograms of fentanyl in 2022, compared to 211 kilograms in 2021, which is roughly a 42% decrease.
• (U//FOUO) Michigan State Police forensic laboratory data, identifying the predominant drug type in tested samples, showed roughly a 14% decrease in the presence of fentanyl from 2021 to 2022.

Crystal Methamphetamine/Methamphetamine

• (U//FOUO) According to the drug teams surveyed, 39.5% indicated crystal methamphetamine, also known as ICE, is their most significant threat in 2022, with 97% reporting it is available within their AOR.
• (U//FOUO) Michigan HIDTA task forces seized 288 kilograms of methamphetamine powder/ICE in 2022, compared to 597 kilograms in 2021, which is a 51% decrease in seizures.
  • (U//FOUO) A reason for this decrease is due to two HIDTA initiative’s investigative efforts, resulting in the seizure of 260 kilograms of crystal methamphetamine in 2021.
• (U//FOUO) According to the Michigan State Police Michigan Incident Crime Reporting (MICR), methamphetamine incidents were the highest among drug-related arrests in 2022 and accounted for roughly 34% of total narcotic arrests.
• (U//FOUO) Michigan State Police forensic laboratory data, identifying the predominant drug type in tested samples, showed roughly a 7% decrease in the presence of methamphetamine from 2021 to 2022.

Cocaine/Crack Cocaine

• (U//FOUO) Michigan HIDTA task forces seized 5,727 kilograms of cocaine/crack in 2022, compared to 272 kilograms in 2021, which is a 2,005% increase.
  • (U//FOUO) A reason for this increase is due to one HIDTA initiative’s investigative efforts, resulting in the seizure of 4,930 kilograms of cocaine in 2022.
• (U//FOUO) The availability of cocaine increased with 97% of drug teams reporting the drug is readily available compared to 91% in 2021.

Prescription Drugs

• (U//FOUO) Michigan is a source state for diverted prescription drugs in Indiana, Kentucky, North Dakota, Ohio, Pennsylvania, Tennessee, and West Virginia.
• (U//FOUO) Michigan HIDTA task forces seized 559 kilograms of prescription drugs in 2022, compared to 117 kilograms in 2021, which is a 378% increase.
  • This increase is likely due to the spike in counterfeit pharmaceutical tablets in Michigan as there is no separate reporting category for counterfeit pills.

Marijuana

• (U//FOUO) Michigan HIDTA task forces seized 3,878 kilograms of processed marijuana/plants in 2022, compared to 6,406 kilograms in 2021, which is a 65% decrease.
• (U//FOUO) Marijuana continues to be the most readily available drug in the State of Michigan due to the legalization of recreational and medical marijuana. However, black market marijuana is still being trafficked.
• (U) According to the Cannabis Regulatory Agency (CRA), Michigan’s cannabis market has grown to a powerhouse status with nearly $2.3 billion in sales for 2022.

Emerging Trends

• (U//FOUO) According to Michigan State Police forensic laboratory data; aside from heroin and fentanyl, the most common drug mixture in 2022 was fentanyl and fluorofentanyl (215 identifications).
• (U//FOUO) According to drug teams surveyed, 76% reported counterfeit pills are available within their AOR compared to 62% in 2021.

Drug Trafficking Organizations

• (U//FOUO) In 2022, Michigan HIDTA task forces investigated 264 Drug Trafficking Organizations (DTOs) and Money Laundering Organizations (MLOs) compared to 270 DTOs/MLOs in 2021, which is a 2% decrease. Of the 264 investigated, 108 DTOs/MLOs were dismantled or disrupted, which is indicative of the strong DTO/MLO presence in the region and a strong, organized law enforcement response.
• (U//FOUO) The most notable sources of narcotics supply for Michigan are Mexican drug cartels, specifically the Sinaloa Cartel and Jalisco New Generation Cartel (CJNG).

…

…

The post (U//FOUO) Michigan High Intensity Drug Trafficking Area Threat Assessment 2023 first appeared on Public Intelligence.