Latest news with #NationalSecurityDivision
09-07-2025
- Politics
DHS investigated over 5,000 student protesters listed on doxxing website: Official
A division of the Department of Homeland Security created a team that was instructed to look into more than 5,000 people who were named on a doxxing website that lists purported critics of Israel on U.S. college campuses, a government official testified in federal court Wednesday. This is the first time a government official has detailed how far the government has gone in its efforts to crack down on pro-Palestinian protesters. In March, Secretary of State Marco Rubio said that the administration may have revoked more than 300 student visas since the start of the second Trump administration. As the result of a March 2025 meeting of senior officials with Homeland Security Investigations -- a division of U.S. Immigration and Customs Enforcement -- the "Tiger Team" was created to look into student protesters on U.S. college campuses, Peter Hatch, the assistant director for the Office of Investigations within DHS, testified in Massachusetts federal court. Hatch said he was given the direction to look at the Canary Mission website, which had over 5,000 names, and analysts were tasked with looking into the individuals named on the website and on Betar, another Zionist website that lists the names and information of critics of Israel. The testimony came during Day 3 of a bench trial over the Trump administration's efforts to deport international students and scholars who express pro-Palestinian views, including Columbia University's Mahmoud Khalil and Mohsen Mahdawi, who were both detained by the government but have since been released. The lawsuit was filed by the American Association of University Professors and the Middle East Studies Association, which represents hundreds of professors and students across the country. Under questioning from plaintiffs' attorneys, Hatch testified that he moved analysts from the counterintelligence counterterrorism unit, cyber intelligence unit, global trade intelligence unit and others to work on the Tiger Team because of the large workload. Taking "months" to review the names on Canary Mission's list would not be acceptable, Hatch testified. "I was not given a deadline but I knew ... that we need to work through this expeditiously," Hatch said. Judge William Young remarked that this was a huge workload, to which Hatch responded that this was why the Tiger Team was created. Hatch described the three-step process the team used to investigate student protesters. First, the Office of Intelligence would give reports of analysis complied on students to the National Security Division. Second, the National Security Division would summarize the findings in a letter to the State Department. Third, the State Department would make its determination and could then take action -- including detaining or arresting individuals. Asked about the process, Hatch said, "Since 2019, I have never seen this process used. For me, it was new." Hatch testified that "Canary Mission wasn't the only list of students ... [but] it was the most inclusive," saying HSI also examined Betar. "Canary Mission is not part of the U.S. government and it is not information that we would take as an authoritative source," Hatch testified. "I did not know the Canary Mission website existed until March of this year." Hatch testified that HSI also received names of protesters from other sources, like individual referrals or lists from police departments of protesters who had been arrested. "We can be asked to look into any individual," as long as it goes through HSI leadership, Hatch said, which includes getting tips and leads from inside and outside the government. The Tiger Team received updates on whether the State Department acted on its referrals, and also had discussions with the State Department about protesters, Hatch testified. Asked about standard practices, he testified that HSI is often not informed about action taken by the government after it produces referrals. Hatch testified about the HSI senior leadership meeting in March, where he said they discussed protest activity and student protesters who may be in violation of U.S. law. Asked by the judge what decisions were taken as a result of the meeting, Hatch said, "To look at the protesters, to develop reports of analysis on the protesters specifically looking for violations of U.S. laws ... Anything that we relate to national security or public safety." Among other things, HSI was to look into whether any of the protesters were violent or incited violence, or if any of them supported terrorist organizations, he said. "We would use the normal report of analysis process and our normal trade craft for this," Hatch testified. Hatch said that HSI has produced between 100 to 200 reports of analysis on student protesters since it began looking into them. He had personally reviewed a couple dozen reports, maybe 20, "as part of this particular effort," he testified. In an average year, Hatch said he personally reviews about 1,000 of the 35,000 reports produced by HSI. But he testified that he could not recall any instance when he was asked to review protesters prior to 2025. Hatch, who has yet to be questioned by government attorneys, was scheduled to return to the stand on Thursday.
The Mainichi
01-07-2025
- The Mainichi
US brings charges in North Korean remote worker scheme that officials say funds weapons program
WASHINGTON (AP) -- The Justice Department announced criminal charges Monday in a scheme by North Korea to fund its weapons program through the salaries of remote information technology workers employed unwittingly by U.S. companies. The charges arose from what law enforcement officials described as a nationwide operation that also resulted in the seizure of financial accounts, websites and laptops that were used to carry out the fraud. Separate cases in Georgia and Massachusetts represent the latest Justice Department effort to confront a persistent threat that officials say generates enormous revenue for the North Korean government and in some cases affords workers access to sensitive and proprietary data from the American corporations that hire them. The scheme involved thousands of workers who, armed with stolen or fake identities, were dispatched by the North Korean government to find work as remote IT employees at American companies, including Fortune 500 corporations. The companies were duped into believing that the workers they hired were based in the U.S. when many were actually stationed in North Korea or China, and the wages the victimized companies paid were transferred into accounts controlled by co-conspirators affiliated with North Korea, prosecutors say. "These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs," Assistant Attorney General John Eisenberg, the head of the Justice Department's National Security Division, said in a statement. In one case exposed on Monday in federal court in Massachusetts, the Justice Department said it had arrested one U.S. national and charged more than a half dozen Chinese and Taiwanese citizens for their alleged roles in an elaborate fraud that prosecutors say produced several millions of dollars in revenue and affected scores of companies. The conspiracy, court papers say, involved the registration of financial accounts to receive the proceeds and the creation of shell companies and fake websites to make it look like the remote workers were associated with legitimate businesses. Enablers inside the United States facilitated the workers' remote computer access, tricking companies into believing the workers were logging in from U.S. locations. The Justice Department did not identify the companies that were duped, but said that some of the fraudulent workers were able to gain access to and steal information related to sensitive military technology. The case filed in Georgia charges four North Korean IT workers with stealing virtual currency worth hundreds of thousands of dollars from their employers. The defendants remain at large. The Justice Department has filed similar prosecutions in recent years, as well as created an initiative aimed at disrupting the threat.
Business Insider
01-07-2025
- Business
- Business Insider
Over 100 US companies hiring remote workers ended up funding Kim Jong Un's weapons programs, DOJ says
The Justice Department said on Monday that it had seized hundreds of computers and accused 13 people of tricking US companies into paying salaries to North Korea. In a new indictment filed in Massachusetts federal court, prosecutors alleged that conspirators fooled over 100 American firms in Washington, D.C., and 27 states. These firms weren't named, but authorities said they include Fortune 500 companies and a defense contractor in California with access to sensitive military technology files. Investigators detailed an elaborate scheme where at least two US citizens worked with North Korean state actors from 2021 to 2024 to steal identities, use them to get people hired in American industries, and then siphon their salaries to Pyongyang. "These schemes target and steal from US companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs," John Eisenberg, assistant attorney general in the National Security Division, said in a Monday statement. First, the conspirators used online background check services to obtain the personal data of over 80 Americans, the Justice Department said. Using that data, they created fake identities for a network of Chinese and Taiwanese people who lived outside America but posed as US-based IT workers or software engineers looking for remote jobs. Authorities said that once hired, the scammers would ask their employers to send work laptops to homes in New Jersey, New York, and California. But these homes were actually "laptop farms," where the computers were plugged into hard drives that gave user access to IT workers in North Korea, per the Justice Department. At least 29 suspected laptop farms in 16 states were raided by US law enforcement, the department said in its statement. Prosecutors alleged that Wang Zhengxing, one of the US citizens named in the indictment, hosted one of such laptop farm and created shell companies, such as a fake "VC-backed startup" called Tony WKJ, to receive the fake workers' salaries. The money was then sent to North Korea-controlled accounts. Wang has been arrested and faces charges in the five-count indictment, alongside eight other Chinese and Taiwanese citizens. The other US citizen named in court documents, Kejia Wang, is at large. The Justice Department said both men and four other unnamed partners working in the US received at least $696,000 in total from North Korea for their services. Four North Koreans were named in a separate criminal indictment filed in the Northern District Court of Georgia, which accused them of posing as US-based workers and laundering their salaries. They're also accused of stealing data and cryptocurrency from their employers, then lying about the theft. "How many times do I need to tell you??? I didn't do it!!! It's not me!!!" one of the fake workers wrote in a Telegram message to one of these companies in 2022, per the Justice Department. The US has been trying to crack down on what it warns is a wide-scale, concerted effort by North Korea to dupe American firms into hiring its IT workers to fund Pyongyang's government. For years, the FBI and the Justice Department have said the fraud could involve thousands of North Korean workers farming millions of dollars for weapons and missile programs. Other major indictments include the charging of an Arizona woman who was accused in May 2024 of helping North Koreans find work with over 300 companies in the US.
San Francisco Chronicle
30-06-2025
- Business
- San Francisco Chronicle
US brings charges in North Korean remote worker scheme that officials say funds weapons program
WASHINGTON (AP) — The Justice Department announced criminal charges Monday in connection with a scheme by North Korea to fund its weapons program through the salaries of remote information technology workers employed unwittingly by U.S. companies. The charges are part of what law enforcement officials described as a nationwide operation that also resulted in the seizure of financial accounts, websites and laptops that were used to carry out the fraud. Two separate cases — one filed in Georgia, the other in Massachusetts — represent the latest Justice Department effort to confront a persistent threat that officials say generates enormous revenue for the North Korean government and in some cases affords workers access to sensitive and proprietary data from the corporations that hire them. The scheme involves thousands of workers who, armed with stolen or fake identifies of U.S. citizens, are dispatched by the North Korean government to find work as remote IT employees at American companies, including Fortune 500 corporations. Though the companies are duped into believing the workers they had hired were based in the U.S., many are actually stationed in North Korea or in China and the wages they receive are transferred into accounts controlled by co-conspirators affiliated with North Korea, prosecutors say. "These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs,' Assistant Attorney General John Eisenberg, the head of the Justice Department's National Security Division, said in a statement. In one case exposed on Monday in federal court in Massachusetts, the Justice Department said it had arrested one U.S. national and charged more than a half dozen Chinese and Taiwanese citizens for their alleged roles in an elaborate fraud that prosecutors say produced at least $5 million in revenue and affected more than 100 companies. The defendants are accused of registering financial accounts to receive the proceeds and creating shell companies with fake websites to make it appear that the workers were connected to legitimate businesses. They also benefited from the help of unidentified enablers inside the United States who facilitated the workers' remote computer access, tricking companies into believing the employees were logging in from U.S. locations. The Justice Department did not identify the companies that were duped, but said that some of the fraudulent workers were able to gain access to and steal information related to sensitive military technology. The case filed in Georgia charges four North Korean nationals with using fake identities to gain access to am Atlanta-based blockchain research and development company and stealing hundreds of thousands of dollars in virtual currency. The Justice Department has filed similar prosecutions in recent years, as well as created an initiative aimed at disrupting the threat.
Winnipeg Free Press
30-06-2025
- Business
- Winnipeg Free Press
US brings charges in North Korean remote worker scheme that officials say funds weapons program
WASHINGTON (AP) — The Justice Department announced criminal charges Monday in connection with a scheme by North Korea to fund its weapons program through the salaries of remote information technology workers employed unwittingly by U.S. companies. The charges are part of what law enforcement officials described as a nationwide operation that also resulted in the seizure of financial accounts, websites and laptops that were used to carry out the fraud. Two separate cases — one filed in Georgia, the other in Massachusetts — represent the latest Justice Department effort to confront a persistent threat that officials say generates enormous revenue for the North Korean government and in some cases affords workers access to sensitive and proprietary data from the corporations that hire them. The scheme involves thousands of workers who, armed with stolen or fake identifies of U.S. citizens, are dispatched by the North Korean government to find work as remote IT employees at American companies, including Fortune 500 corporations. Though the companies are duped into believing the workers they had hired were based in the U.S., many are actually stationed in North Korea or in China and the wages they receive are transferred into accounts controlled by co-conspirators affiliated with North Korea, prosecutors say. 'These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs,' Assistant Attorney General John Eisenberg, the head of the Justice Department's National Security Division, said in a statement. In one case exposed on Monday in federal court in Massachusetts, the Justice Department said it had arrested one U.S. national and charged more than a half dozen Chinese and Taiwanese citizens for their alleged roles in an elaborate fraud that prosecutors say produced at least $5 million in revenue and affected more than 100 companies. The defendants are accused of registering financial accounts to receive the proceeds and creating shell companies with fake websites to make it appear that the workers were connected to legitimate businesses. They also benefited from the help of unidentified enablers inside the United States who facilitated the workers' remote computer access, tricking companies into believing the employees were logging in from U.S. locations. The Justice Department did not identify the companies that were duped, but said that some of the fraudulent workers were able to gain access to and steal information related to sensitive military technology. The case filed in Georgia charges four North Korean nationals with using fake identities to gain access to am Atlanta-based blockchain research and development company and stealing hundreds of thousands of dollars in virtual currency. The Justice Department has filed similar prosecutions in recent years, as well as created an initiative aimed at disrupting the threat.
