Arrested Osceola County sheriff's co-defendant connected to previous illegal gambling investigations
As of Thursday, Lopez had not posted his $1 million bail and remains in the Lake County Jail while three of his co-defendants were released on bail.
Sheldon Wetherholt, 58, is among the three co-defendants who have bailed out.
According to state records, Wetherholt managed the Kissimmee-based Eclipse Social Club at the center of the investigation.
Channel 9 learned that while Wetherholt doesn't have a criminal history, he was tied to another investigation into illegal casinos in 2022.
State records list Wetherholt as the manager of Game X Arcade LLC.
Investigators with the Palm Beach County Sheriff's office said the LLC operated multiple illegal casinos.
That business eventually shut down in 2023 after court records show the owner, Dhara Bhalodia, was arrested on more than 150 counts related to operating an illegal casino.
An arrest document accuses Bhalodia of committing money laundering while 'operating the gaming businesses in plain sight.'
Wetherholt was named in Bhalodia's arrest affidavit but never faced any charges in the Palm Beach County case.
Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Axios
4 hours ago
- Axios
How North Korea's IT army is hacking the global job market
Nearly every Fortune 500 company is hiding the same uncomfortable secret: they have hired a North Korean IT worker. Why it matters: Despite how widespread the issue is, few companies are willing to talk publicly about it. Experts say reputational risk, legal uncertainty, and embarrassment all contribute to the silence — which in turn makes the problem harder to solve. Dozens of resumes, LinkedIn profiles, and fraudulent identity documents shared with Axios lay bare the scale and sophisticated of the scams. The big picture: For North Korea, this is a precious revenue stream that evades American sanctions — capitalizing on the wealth of high-paying remote worker roles in the U.S. to route cash back to Pyongyang. In the past two years, companies and their security partners have begun to grasp the scale of the problem — and now, they're sounding the alarm about where it's headed next. "They've been stealing intellectual property and then working on the projects themselves," Michael "Barni" Barnhart, principal investigator at DTEX Systems, told Axios. "They're going to use AI to magnify exponentially what they're already doing — and what they're doing now is bad." Between the lines: It sounds easy to simply weed out North Korean job applicants. But some of the world's biggest firms have found it devilishly difficult. That's because the North Korean operation has become as complex as a multi-national corporation. It involves several North Korean government offices, dozens of China-based front companies and Americans willing to facilitate the fraud. And the undercover North Korean IT workers are often exceptional at their jobs — at least until they start stealing sensitive data or extorting companies that try to fire them. Google Threat Intelligence VP Sandra Joyce recalled the response of one employer when told they likely had a North Korean fraudster on staff: "You guys better be right, because that is my best guy." The groups running the show North Korea has invested years into building up its remote IT labor force, providing training not just for remote job fraud but also corporate espionage and IP theft. Workers are selected and trained at elite institutions such as Kim Chaek University of Technology and the University of Sciences in Pyongsong — some with specializations in software development, AI or cryptography. Research from DTEX shows that the most advanced worker scams are often coordinated with units like APT 45, a notorious government hacking group known for infiltrating companies, running scams and laundering money. Other participants in the scheme include the Lazarus Group, which typically leads the regime's cryptocurrency hacks and has positioned insiders within crypto companies, and Research Center 227, a new AI research unit inside North Korea's intelligence agency. The intrigue: Cybersecurity companies have been discovering and naming new groups running these hacks, with names like Jasper Sleet, Moonstone Sleet and Famous Chollima. The scale Driving the news: Nine security officials who spoke with Axios all said they've yet to meet a Fortune 500 company that hasn't inadvertently hired a North Korean IT worker. Google told reporters at the RSA Conference in May that it had seen North Koreans applying to its jobs. SentinelOne and others have said the same. KnowBe4, a cybersecurity training company, admitted last year that it hired a North Korean IT worker. A smaller cryptocurrency startup told the WSJ that they accidentally had North Korean workers on their payroll for almost two years. In one case, Sam Rubin, senior vice president of Palo Alto Networks' Unit 42 consulting and threat intelligence team, told Axios that within 12 hours of a large client posting a new job, more than 90% of the applicants were suspected to be North Korean workers. "If you hire contract IT workers, this has probably happened to you," Rubin said. The intrigue: Even small-to-mid-sized companies that rely on remote IT talent or outsource their IT needs to a consulting firm have encountered this problem, Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, said. CrowdStrike has investigated more than 320 incidents where North Korean operatives landed jobs as remote software developers, according to the company's annual threat hunting report published earlier this month. How it works Getting a job at a U.S. company — and going undetected — is a team effort that involves several North Korean IT workers, China-based companies and even a handful of Americans. Some of the North Korean workers are even stationed in China and other nearby countries to keep suspicions low. First, the workers identify potential identities they can assume. Those are often stolen from a real person, or even from a dead U.S. citizen. To pull off this deception, they create fake passwords, Social Security cards and utility bills. Many of them use the same recognizable tablecloth in the background of fake ID photos, Meyers said. For instance, in a December indictment of 14 North Koreans, the workers were found using stolen identities to apply to dozens of jobs. Second, the workers find open jobs in software development, technical support and DevOps posted on Upwork, Fiverr, LinkedIn, and third-party staffing platforms. Much of this is streamlined through AI tools that help track and manage their job applications. Many of them will use AI tools to help generate passable resumes and LinkedIn profiles, according to Trevor Hilligoss, senior vice president at SpyCloud Labs. "There's a hierarchy: There's a group of people who are the interviewers, and they're the ones with the really good English specialties," Hilligoss told Axios. "When they get hired, that gets turned over to somebody that's a developer." Those developers will often juggle several jobs and multiple different personas. Zoom in: Job interviews would seem like the obvious time to catch a fraudulent application. But the "applicants" — whether they're using their real faces and voices or AI-enabled personas — are practiced interviewers with the skills necessary to complete technical coding assignments. In multiple cases, hiring managers only realized something was wrong weeks later when employees looked or behaved differently than during the interview, Barnhart said. After landing the job, the developers step in and request that their company laptop be shipped to a U.S. address — often citing a last-minute move or family emergency. That address often belongs to an American accomplice, who typically operates what's known as a "laptop farm." These facilitators are told to install specific remote desktop software onto the laptops so the North Korean worker can operate the laptop from abroad. In July, the FBI said it executed searchers of 21 premises across 14 states that were known or suspected laptop farms, seizing 137 laptops. Then there's the challenge of ensuring the salaries actually reach the North Korean regime. That often requires the facilitators forward the paychecks to front companies across China or funnel it through cryptocurrency exchanges. In a report published in May, researchers at Strider Technologies identified 35 China-based companies linked to helping North Korean operations. Challenges Hiring processes are so siloed that it's difficult for managers to see all the signs of fraud until the North Korean workers start their roles, Kern said. Even if a company suspects something is wrong, the forensic signals can be subtle and scattered. Security teams may detect unusual remote access tools or strange browser behavior. HR might notice recycled references or resumes that reuse the same phone number. But unless those insights are pooled together, it rarely raises alarms. "There's not one giant red flag to point to," said Sarah Kern, a leading North Korea analyst at Sophos' Counter Threat Unit. "It is multiple technical forensic aspects and then such a human aspect of small things to pick up on that aren't necessarily going to be in telemetry data from an endpoint detection standpoint." Yes, but: Even when these workers are detected, they're not easy to fire. Many of them are so talented that managers are reluctant to even believe they could actually be in North Korea, Alexandra Rose, director at Sophos' Counter Threat Unit, told Axios. If these workers are caught, employers then face a litany of problems: Some workers will download sensitive internal data and extort the companies for a hefty sum in a last-ditch effort to bleed the company of whatever money they can. Some workers have filed legal complaints, including workers' compensation claims, Barnhart said. In one case, Barnhart said he had a worker try to claim domestic violence protections as they were being fired just to buy time. "There is a lot of focus on companies that cybersecurity shouldn't just be for the CISO," Rose said. "You want a bit of that security feel throughout the company, and this is the kind of case that really demonstrates why that is." The bottom line: Some companies also hesitate to report these incidents, fearing they could be penalized for unknowingly violating U.S. sanctions — even though law enforcement officials have said they're more interested in cooperation than prosecution. What's next Right now, the operations are predominantly focused on making money for North Korea's regime. Threat level: But the hacking groups involved are evolving into something more sophisticated and dangerous — including by potentially building their own AI models and feeding in sensitive U.S. company data. That's a particular concern in the defense sector. Barnhart says his teams have seen North Korean IT workers increasingly studying information about AI technologies, drone manufacturing and other defense contract work. What to watch: As U.S. companies become more alert, North Korean IT workers are shifting their focus abroad as they seek employment at other companies and set up laptop farms throughout Europe — suggesting the operation is only just now ramping up, instead of slowing down.
Yahoo
4 hours ago
- Yahoo
'Whoever raises their hand against Israel will have their hand cut off,' Israel Katz warns Houthis
Defense Minister Israel Katz warned the Houthi terrorists following the launch of a missile, which triggered sirens across central Israel, including Jerusalem and Tel Aviv, on Sunday afternoon. Defense Minister Israel Katz denounced the Houthis firing a missile towards central Israel on Sunday, stating that the Yemen-based terror group will "pay with compound interest for every attempt to fire at Israel," in a post on his personal X/Twitter. "We are imposing an air and sea blockade on them that hurts them greatly, and this morning we struck infrastructure and energy targets. This is just the beginning. The continuation will be strong and painful," he added. "Whoever raises a hand against Israel - their hand will be cut off," he concluded. This came after sirens sounded across central Israel, including Jerusalem and Tel Aviv. The IDF successfully intercepted the missile, the military confirmed, and no injuries were reported, Magen David Adom added. Ben-Gurion Airport temporarily closed air traffic due to the sirens sounding. The missile, in turn, followed the IDF, striking an energy infrastructure site that was used by the Houthis in Yemen, the military confirmed on Sunday morning. According to the IDF, the strikes were conducted in response to repeated attacks by Houthis against Israel and Israeli civilians, including launching surface-to-surface missiles and drones toward Israeli territory. Army Radio reported that the Israel Navy struck in Yemen and targeted the Haziz power station. The report compared the strike to an earlier one this year in the port of Hodeidah. The Houthi-run Beirut-based Al Masirah TV reported earlier that a power plant south of the Yemeni capital Sanaa was hit by an "aggression," knocking some of its generators out of service. The Yemeni channel did not identify the source of the reported "aggression." Were senior Houthi terrorists present during the strike? Senior Houthi leaders were at the power station at the time of the strike, according to a report by UK-based outlet The Telegraph. Solve the daily Crossword
Yahoo
4 hours ago
- Yahoo
DC residents question troops' focus on low-crime areas amid Trump takeover
As Donald Trump's federal takeover of Washington DC's police entered its second week, and six states vowed to send hundreds of additional national guard troops to assist the administration, residents questioned why federal agents seem to be largely patrolling high-profile but low-crime parts of the nation's capital. The Washington Post has tracked where federal forces are patrolling the city, finding that few interactions have been witnessed in the parts of the city with the highest rates of crime. The White House rejected that claim on Tuesday, saying that 'nearly half of non-immigration related arrests have happened in the most crime-hit areas in DC', but before Tuesday, the White House had been releasing data showing many of their arrests were of undocumented immigrants, and few federal agents have been spotted addressing or responding to violent crime. Instead, Washingtonians have seen officers from the FBI, Department of Homeland Security and other offices standing around prominent tourist sites and nightlife corridors, responding to minor disturbances and creating disturbances of their own. Related: Washington DC restaurants suffer sharp drop in diners since Trump crackdown Over the weekend, several military vehicles were seen outside Union Station, positioned next to where passengers find their ride share vehicles. The Department of Defense posted a photo of a tan Humvee outside the train station on X on Saturday and said: 'This We'll Defend.' Federal agents and vehicles have also been spotted across the National Mall, including the Lincoln Memorial, where violent crime is virtually nonexistent. Visible confrontations between federal officers and protesters have also occurred along 14th Street, a popular nightlife destination. Amanda Moore, a Washington-based writer and researcher, wrote on X early on Saturday morning that she witnessed '15 federal agents call an ambulance for a very, very drunk and sick girl' in Dupont Circle, another center of nightlife. Stan Veuger, a senior fellow at the conservative American Enterprise Institute thinktank, joked on X, referring to the 'department of government efficiency': 'I was wrong about Doge. The federal government is efficient now.' In the Mount Pleasant neighborhood, which is home to a large Hispanic population, US Immigration and Customs Enforcement (Ice) shared a video on Sunday of at least seven agents taking down a banner supporting immigrant neighbors from a public park. 'Mount Pleasant melts Ice,' the banner read. After removing it, a masked agent says: 'Mine. We're taking America back baby.' According to a local reporter and a neighbor's surveillance camera footage, the agents left a dildo in its place. The banner was quickly replaced. Trump has tried to depict the nation's capital as a city rife with violent crime, but violent crime is at a 30-year low after a spike in 2023. The president has stated, without evidence, that crime data is manipulated and rates are worse than they appear. Washingtonians have noted how quiet nightlife felt during the first weekend of the federal takeover, although August is typically a slower period in the capital with Congress on recess. On a busy stretch of the heavily Hispanic Columbia Heights neighborhood where street vendors typically sell anything from fruits to clothing, the streets have been empty. Democrats in Congress last week introduced a joint resolution to end what they described as 'egregious attacks on DC home rule' and the city secured a small legal victory late last week when the White House agreed to leave the Metropolitan police department (MPD) under the control of its chief, Pamela Smith. Solve the daily Crossword
