
<h2 class="wp-block-heading">I. Introduction: An Inside Job Shakes the Telecom Sector</h2>



<p>In a stark illustration of the vulnerabilities lurking within major corporations, a former employee of a multinational telecommunications company recently admitted to orchestrating a sophisticated, long-running fraud scheme. Richard Forrest Sherman, 46, pleaded guilty in Newark federal court to wire fraud conspiracy, acknowledging his central role in a plot that fraudulently unlocked potentially thousands of mobile phones by exploiting his insider access and manipulating company systems.<sup></sup> Operating for approximately seven years, from 2013 until its discovery in August 2020, the scheme leveraged a legitimate customer&#8217;s special unlocking privileges, creating fake affiliated accounts to bypass standard security checks and reap illicit profits estimated around $500,000.<sup></sup>  ;</p>



<p>This case transcends a simple instance of employee misconduct. It serves as a critical case study illuminating the complex intersection of telecommunications business practices, cybersecurity vulnerabilities, the persistent challenge of insider threats, and the legal frameworks designed to combat sophisticated financial crime. Sherman&#8217;s actions highlight how trusted employees with privileged access can weaponize internal processes, causing significant financial and operational damage. Understanding the mechanics of SIM locking, the specifics of Sherman&#8217;s fraudulent methods, the broader impact of such schemes, the legal repercussions under federal law, the role of investigating agencies like the U.S. Secret Service, and the strategies needed to mitigate insider risks is crucial for the telecom industry and cybersecurity professionals alike. This report delves into these facets, contextualizing the Sherman case within the evolving landscape of telecommunications fraud and offering a comprehensive analysis of the threats and countermeasures involved.</p>



<h2 class="wp-block-heading">II. The Golden Handcuffs: Understanding SIM Locking</h2>



<p>The practice of &#8220;SIM locking&#8221; or &#8220;carrier locking&#8221; is a widespread strategy employed by mobile network operators globally. At its core, a SIM lock is a software restriction built into mobile phones by manufacturers at the behest of carriers.<sup></sup> This software prevents the phone from being used with a SIM card from a different, potentially competing, mobile network, even if those networks are technologically compatible.<sup></sup> This restriction can apply to both physical SIM cards and the newer electronic SIMs (eSIMs).<sup></sup>  ;</p>



<p>The primary motivation behind SIM locking is economic. Carriers often offer mobile devices, particularly high-end smartphones, at a significant discount or through installment plans as an incentive for customers to sign long-term service contracts, typically lasting one to three years.<sup></sup> The SIM lock ensures that the subsidized device remains active on the carrier&#8217;s network for a specified period, allowing the carrier to recoup the device subsidy through monthly service fees.<sup></sup> Without this lock, consumers could potentially acquire a discounted phone, break the service contract, and immediately use the device on a competitor&#8217;s network or resell it for profit, undermining the carrier&#8217;s business model.<sup></sup> Even phones purchased at full price may be locked for a short duration (e.g., 60 days) as a measure to deter theft and certain types of fraud.<sup></sup>  ;</p>



<p>Recognizing the potential for consumer detriment and reduced competition, regulatory bodies and industry associations have established guidelines for unlocking procedures. In the United States, the Federal Communications Commission (FCC) oversees telecommunications, and CTIA – The Wireless Association, representing the wireless communications industry, has developed voluntary commitments that most major carriers adhere to.<sup></sup> Key tenets of these commitments include <sup></sup>:  ;</p>



<ul class="wp-block-list">
<li><strong>Disclosure:</strong> Carriers must clearly post their unlocking policies on their websites.</li>



<li><strong>Postpaid Policy:</strong> Carriers must unlock devices (or provide unlocking information) for eligible customers/former customers in good standing after service contracts or device financing plans are fulfilled.</li>



<li><strong>Prepaid Policy:</strong> Carriers must unlock prepaid devices no later than one year after activation, subject to reasonable requirements.</li>



<li><strong>Notice:</strong> Carriers must notify customers when their devices become eligible for unlocking or unlock them automatically, typically without extra fees for current/former customers.</li>



<li><strong>Response Time:</strong> Carriers generally have two business days to respond to an unlocking request.</li>



<li><strong><a class="wpil_keyword_link" href="https://www.fraudswatch.com/category/military-scammer/" title="Military" data-wpil-keyword-link="linked" data-wpil-monitor-id="1450">Military</a> Personnel:</strong> Special provisions exist for unlocking devices for deployed military personnel.</li>
</ul>



<p>However, unlocking only disables the software lock; it doesn&#8217;t guarantee the phone will work on another network due to differing technologies and frequencies used by carriers.<sup></sup> Despite these guidelines, the desire for greater flexibility—to switch carriers for better deals, use local SIMs while traveling abroad, or resell devices—creates significant consumer demand for unlocked phones.<sup></sup> This demand, coupled with the restrictions and waiting periods imposed by carriers, fosters a market for unlocking services, both legitimate and illicit.<sup></sup> The practice of carrier locking, while serving the carriers&#8217; economic interests, inherently creates friction with consumer choice and competition, potentially impacting low-income communities disproportionately and contributing to e-waste when locked phones cannot be easily resold or repurposed.<sup></sup>  ;</p>



<h2 class="wp-block-heading">III. The Keys to the Kingdom: IMEI Numbers and the Unlocking Process</h2>



<p>Central to the management of mobile devices and the enforcement of SIM locks is the International Mobile Equipment Identity (IMEI) number. Every legitimate mobile phone possesses a unique 15-digit IMEI, serving as its global serial number.<sup></sup> This number identifies the specific physical device, distinct from the user&#8217;s identity or the SIM card (which holds the subscriber information).<sup></sup> The IMEI contains information about the device&#8217;s manufacturer, model, and origin, embedded during production.<sup></sup> It can typically be found printed on the device, under the battery, on the original packaging, or by dialing the universal code *#06# on the phone&#8217;s keypad.<sup></sup>  ;</p>



<p>IMEI numbers play a critical role in network operations and security. They are registered in a central database known as the Equipment Identity Register (EIR), which networks use to validate devices attempting to connect.<sup></sup> A primary security function is blacklisting: if a phone is reported lost or stolen, the owner can provide the IMEI to their carrier, who can then add it to a blacklist within the EIR.<sup></sup> A blacklisted IMEI prevents the device from connecting to any participating network, even with a different SIM card, thus deterring theft.<sup></sup>  ;</p>



<p>The IMEI is also fundamental to the SIM unlocking process. When a customer meets the carrier&#8217;s criteria for unlocking (e.g., contract fulfillment, device payoff), they typically request the unlock, often providing the device&#8217;s IMEI number.<sup></sup> The carrier then uses this IMEI to identify the specific device within its systems and authorize the removal of the software lock.<sup></sup> While the exact technical mechanism varies, it generally involves updating the status associated with that IMEI in a database maintained by the carrier or the original equipment manufacturer (OEM).<sup></sup> For many modern smartphones, this doesn&#8217;t involve entering a code directly into the phone but rather a remote update pushed by the carrier or manufacturer once the unlock is approved in their backend systems.<sup></sup> Some third-party unlocking services claim to access these databases (legitimately or otherwise) or use algorithms based on the IMEI and original carrier to generate unlock codes, though the latter is less common for newer devices where codes might be randomly generated and stored solely in secure databases.<sup></sup>  ;</p>



<p>The reliance on IMEI numbers and associated databases for managing lock status creates the very system that fraudulent actors seek to exploit. The economic incentives are clear: carriers implement locks to protect revenue streams from subsidized devices <sup></sup>, while consumers desire unlocked phones for flexibility, travel, or resale, creating a value differential between locked and unlocked devices.<sup></sup> Legitimate unlocking pathways often involve waiting periods or full payment of device plans.<sup></sup> This gap fuels a black market where individuals seek faster or cheaper unlocking methods, creating the demand that schemes like Richard Sherman&#8217;s aim to satisfy.  ;</p>



<p>The integrity of the entire SIM locking and unlocking ecosystem hinges not just on the security of the IMEI databases themselves, but critically, on the integrity of the <em>processes</em> and <em>authorizations</em> that govern access to and modification of the lock status associated with each IMEI. As the Sherman case demonstrates, compromising the authorization workflow—tricking the system into believing an illegitimate request is valid—can be just as effective, if not more insidious, than attempting a brute-force attack on the database itself. The inherent tension between the carriers&#8217; business model reliant on locking and the consumer demand (and regulatory push) for unlocking flexibility creates fertile ground for such fraudulent exploitation.<sup></sup> The carrier&#8217;s strategy to protect its investment inadvertently generates the economic conditions that insider threats can readily capitalize upon.  ;</p>



<h2 class="wp-block-heading">IV. Executing the Heist: How Sherman Weaponized Insider Access</h2>



<p>Richard Sherman&#8217;s scheme was not a sophisticated external hack but an inside job that meticulously exploited procedural weaknesses and trust within the telecommunications company&#8217;s systems. His position managing customer accounts provided him with both the knowledge of internal processes and the access required to manipulate them.<sup></sup>  ;</p>



<p>The scheme unfolded over several calculated steps:</p>



<ol class="wp-block-list">
<li><strong>Identifying the Vulnerability:</strong> Sherman recognized a powerful loophole: a specific customer, designated &#8220;Company-1&#8221; in court documents, had been granted a special exemption from the standard unlocking requirements (such as fulfilling device payment plans or minimum usage periods). This &#8220;Company-1 Exemption&#8221; allowed bulk unlocking requests for affiliated devices, a privilege Sherman understood could be weaponized. His insider knowledge of this specific exemption and the systems governing it was paramount. </li>



<li><strong>Creating the Fake Front:</strong> Sherman established one or more new customer accounts within the carrier&#8217;s internal systems. One key account mentioned is the &#8220;Entity-1 Account,&#8221; controlled by Sherman and his co-conspirators. </li>



<li><strong>The Crucial Manipulation &#8211; False Affiliation:</strong> This was the linchpin of the fraud. Leveraging his authorized access to the carrier&#8217;s systems, Sherman fraudulently classified the newly created Entity-1 Account as an <em>affiliate</em> of the legitimate Company-1. Court documents suggest this involved manipulating system data, potentially including requesting a specific billing number for the Entity-1 Account designed to mirror the structure of Company-1&#8217;s billing numbers, thereby tricking the system into recognizing a non-existent affiliation. This deceptive classification automatically conferred the potent Company-1 Exemption onto the fake Entity-1 Account, granting it the ability to bypass standard unlocking protocols. </li>



<li><strong>Monetizing the Exploit:</strong> Sherman and his co-conspirators offered their illicit unlocking capability as a service. They received payments from third parties, including an &#8220;Individual-1&#8221; mentioned in court filings, in exchange for unlocking phones. These third parties likely sourced large numbers of locked phones intended for resale on the grey or black market once unlocked. </li>



<li><strong>Bulk Unlocking via Fake Accounts:</strong> Armed with the fraudulent exemption, the conspirators submitted bulk requests to remove the locking software from devices. They used the fake Entity-1 Account to send lists of IMEI numbers (provided by Individual-1 and others paying for the service) to the carrier&#8217;s unlocking system. Crucially, because the Entity-1 Account appeared to possess the legitimate Company-1 Exemption, the carrier&#8217;s automated systems processed these bulk requests without performing the usual checks and balances required for standard unlocking. Thousands of devices were unlocked in this manner over the years. </li>



<li><strong>Cashing In:</strong> The scheme generated substantial illicit income. Sherman personally received payments through entities he controlled, including a documented wire transfer of approximately $52,361 via the Fedwire system into a New Jersey business bank account he managed. Over the course of the conspiracy (roughly 2013-2020), Sherman and his co-conspirators obtained approximately $500,000, which they converted for their personal use. As part of the legal proceedings, the government sought forfeiture of all property derived from these criminal proceeds. </li>
</ol>



<p>The success of this long-running fraud rested heavily on the exploitation of <em>trust</em> embedded within the carrier&#8217;s internal systems, particularly concerning affiliate relationships and special exemptions. The system likely lacked robust secondary validation mechanisms or anomaly detection capabilities to scrutinize changes to high-privilege account attributes like exemption status, especially when initiated by an employee like Sherman who had legitimate authority to manage such accounts. The system essentially trusted the classification input by the authorized user, highlighting a potential gap where zero-trust principles—verifying requests and classifications regardless of the source&#8217;s apparent internal authority—could have provided a critical defense layer, particularly for actions with major financial implications like granting bulk unlocking exemptions.</p>



<p>Furthermore, the very existence of a bulk unlocking process, designed for the convenience of large legitimate customers with exemptions, inadvertently created a significant attack surface. While efficient for its intended purpose, allowing bulk actions based on a single point of authorization (the manipulated affiliate status) dramatically magnified the potential impact of any fraud or error involving that authorization. Sherman&#8217;s ability to unlock thousands of phones through this mechanism underscores the need for exceptionally stringent verification, auditing, and monitoring controls around any internal process that permits bulk actions, especially those designed to bypass standard security checks.</p>



<h2 class="wp-block-heading">V. The Ripple Effect: Assessing the Damage of Unlocking Fraud</h2>



<p>The consequences of large-scale SIM unlocking fraud, as exemplified by the Sherman case, extend far beyond the direct financial gains of the perpetrators. The ripple effects impact carriers, consumers, and the market ecosystem in multiple ways.</p>



<p><strong>Direct Financial Losses:</strong> The most immediate impact is on the telecommunications carrier. When phones are unlocked prematurely and fraudulently, the carrier loses the anticipated revenue stream associated with that device. This includes <sup></sup>:  ;</p>



<ul class="wp-block-list">
<li><strong>Unrecouped Subsidies:</strong> The initial discount provided on the device may not be recovered if the customer defaults or moves the phone off-network before the contract term or payment plan is complete.</li>



<li><strong>Lost Service Revenue:</strong> The carrier loses the future monthly service fees it expected to collect over the life of the contract associated with that device. The Muhammad Fahd case against AT&;T, involving similar unlocking methods (bribery and malware), provides a stark example of the potential scale, with estimated losses pegged at over $200 million, explicitly linked to lost subscriber payments for nearly 2 million unlocked phones. While Sherman&#8217;s direct gain was cited as approximately $500,000 , the actual financial loss incurred by &#8220;Victim-1&#8221; (the carrier) was likely substantially higher, encompassing the value of the thousands of devices improperly unlocked plus the associated lost service revenue streams. Calculating this full economic damage is complex, often far exceeding the fraudster&#8217;s profit. </li>
</ul>



<p>This type of fraud contributes to the staggering overall cost of telecom fraud globally. Industry reports estimated global telecom fraud losses at $39.89 billion in 2021 (around 2.22% of industry revenue) <sup></sup>, with estimates suggesting a rise to nearly $39 billion in 2023 (2.5% of revenue).<sup></sup> Specific schemes like interconnect bypass fraud (SIM box fraud), which exploits call routing rather than device unlocking, cost the industry billions annually ($3.11 billion cited in reports).<sup></sup>  ;</p>



<p><strong>Market Disruption:</strong> Illicit unlocking schemes distort the mobile device market.<sup></sup>  ;</p>



<ul class="wp-block-list">
<li><strong>Secondary Market Impact:</strong> The influx of fraudulently unlocked phones can flood the used or grey market, potentially undercutting legitimate resellers and depressing prices. While legitimate unlocking supports a healthy secondary market and extends device lifecycles , fraudulent channels may deal in stolen or illegitimately acquired devices, focusing on rapid, untraceable resale. This illicit trade might bypass responsible e-waste management practices that legitimate refurbishment channels adhere to, potentially contributing indirectly to environmental concerns. </li>



<li><strong>Undermining Market Structure:</strong> While unlocking, in general, is seen as pro-competitive , fraudulent unlocking undermines the established market structure built around carrier subsidies and service contracts, disrupting the economic model carriers rely on. </li>
</ul>



<p><strong>Erosion of Trust and Reputation:</strong> Fraud incidents significantly damage the carrier&#8217;s standing.<sup></sup>  ;</p>



<ul class="wp-block-list">
<li><strong>Consumer Confidence:</strong> Customers lose faith in a carrier&#8217;s ability to secure its operations and protect data, potentially leading to customer churn.</li>



<li><strong>Brand Damage:</strong> The company&#8217;s reputation suffers, impacting its ability to attract new customers and even retain talent, as professionals may be wary of joining an organization perceived as vulnerable to fraud. </li>
</ul>



<p><strong>Operational and Security Impacts:</strong> Beyond financial and reputational harm, telecom fraud can affect network operations and broader security.</p>



<ul class="wp-block-list">
<li><strong>Service Quality Degradation:</strong> While not directly caused by Sherman&#8217;s <em>unlocking</em> method, related telecom frauds like SIM box operations often use substandard equipment that degrades call quality for legitimate users, reflecting poorly on the carrier. </li>



<li><strong>Network Strain:</strong> Certain fraud types can overload network infrastructure. </li>



<li><strong>Security and Privacy Risks:</strong> Some telecom fraud schemes can compromise user privacy or create avenues for further criminal activity. A closely related threat, SIM <em>swapping</em> (where attackers hijack a user&#8217;s phone number, often via insider collusion or social engineering), directly targets user accounts, enabling theft of funds or sensitive data by intercepting authentication messages. </li>



<li><strong>National Security Concerns:</strong> Certain types of telecom fraud that bypass legal intercept mechanisms can pose risks to national security efforts aimed at tracking criminal communications. </li>
</ul>



<h2 class="wp-block-heading">VI. The Long Arm of the Law: Prosecuting Wire Fraud Conspiracy</h2>



<p>Richard Sherman pleaded guilty to conspiracy to commit wire fraud, a serious federal offense. Understanding the legal framework surrounding this charge is essential to grasping the severity of his actions and the tools available to prosecutors.</p>



<p><strong>The Underlying Offense: Wire Fraud (18 U.S.C. § 1343)</strong> The crime Sherman conspired to commit was wire fraud. The core elements necessary to prove wire fraud under federal statute 18 U.S.C. § 1343 are <sup></sup>:  ;</p>



<ol class="wp-block-list">
<li><strong>Scheme or Artifice to Defraud:</strong> The existence of a plan or scheme intended to deceive and cheat someone out of money or property through false or fraudulent pretenses, representations, or promises. Sherman&#8217;s scheme to use fake affiliate accounts to gain unauthorized unlocking clearly fits this definition.</li>



<li><strong>Intent to Defraud:</strong> The defendant must have acted knowingly and with the specific intent to defraud. Accidental or unintentional misrepresentations are not sufficient. Sherman&#8217;s deliberate creation of fake accounts and manipulation of system classifications demonstrates intent.</li>



<li><strong>Use of Interstate Wire Communications:</strong> The scheme must involve the use of interstate or foreign wire, radio, or television communications (including internet, phone lines, wire transfers) to execute the scheme. The use of such communications must be reasonably foreseeable. In Sherman&#8217;s case, the receipt of payments via the interstate Fedwire Funds Service into a New Jersey bank account satisfied this element. </li>
</ol>



<p><strong>The Conspiracy Charge (18 U.S.C. § 1349)</strong> Sherman was charged under 18 U.S.C. § 1349, a statute specifically addressing <em>attempts</em> and <em>conspiracies</em> to commit the various fraud offenses outlined in Chapter 63 of Title 18 of the U.S. Code, which includes wire fraud (§ 1343).<sup></sup>  ;</p>



<p>To secure a conviction for conspiracy under § 1349, prosecutors generally need to prove <sup></sup>:  ;</p>



<ol class="wp-block-list">
<li><strong>An Agreement:</strong> That two or more persons entered into an agreement to commit the underlying fraud offense (here, wire fraud).</li>



<li><strong>Knowing and Willful Participation:</strong> That the defendant knew the conspiracy&#8217;s objective and voluntarily joined it.</li>
</ol>



<p>A critical feature distinguishes § 1349 from the general federal conspiracy statute (18 U.S.C. § 371). Under the general statute, prosecutors must typically prove not only an agreement but also that at least one conspirator committed an &#8220;overt act&#8221; in furtherance of the conspiracy. However, <strong>18 U.S.C. § 1349 explicitly does <em>not</em> require proof of an overt act</strong>.<sup></sup> For fraud conspiracies covered by § 1349, the agreement itself is sufficient for conviction. This makes § 1349 a particularly potent tool for prosecutors targeting complex financial fraud schemes, as they do not need to isolate and prove a specific subsequent action taken to advance the plot beyond the agreement to commit the fraud itself.  ;</p>



<p>The enactment of § 1349 as part of the Sarbanes-Oxley Act of 2002 <sup></sup> signals a clear legislative intent to treat the mere agreement to commit serious financial and corporate fraud as severely as the completed crime. By removing the overt act requirement specifically for these types of conspiracies, Congress lowered the prosecutorial burden compared to general conspiracies, reflecting a focus on deterring the formation and planning stages of fraudulent enterprises, particularly in the wake of major corporate scandals.  ;</p>



<p><strong>Penalties and Sentencing</strong> The penalties for attempt or conspiracy under § 1349 are explicitly the <em>same</em> as those prescribed for the underlying offense that was the object of the attempt or conspiracy.<sup></sup> In Sherman&#8217;s case, conspiracy to commit wire fraud carries a maximum potential penalty of 20 years in prison and a fine of $250,000, or twice the pecuniary gain to the defendant or loss to the victims, whichever is greatest.<sup></sup> The actual sentence imposed will depend on federal sentencing guidelines, the specific details of the offense (like the duration and amount of loss), the defendant&#8217;s criminal history, and other factors considered by the court. Additionally, conviction triggers forfeiture provisions, allowing the government to seize property constituting or derived from the proceeds of the crime, as sought in Sherman&#8217;s case.<sup></sup>  ;</p>



<p>Sherman&#8217;s guilty plea to a single conspiracy count, despite the scheme&#8217;s seven-year duration and multiple fraudulent acts, might represent a strategic prosecutorial choice or the outcome of plea negotiations. Proving the specific elements of numerous individual wire fraud counts spanning years could be resource-intensive. Charging under § 1349, focusing on the overarching agreement and lacking the overt act requirement, may offer a more streamlined path to conviction, even though the potential penalties remain substantial.</p>



<h2 class="wp-block-heading">VII. The Investigators: U.S. Secret Service Tackling High-Tech Fraud</h2>



<p>The investigation leading to Richard Sherman&#8217;s guilty plea was conducted by the U.S. Secret Service, specifically credited to special agents from the Seattle Field Office.<sup></sup> While often associated with protecting political leaders, the Secret Service has a long-standing and evolving mandate to investigate complex financial crimes, a mission that increasingly involves navigating the complexities of cyberspace.  ;</p>



<p><strong>An Evolving Mandate: From Counterfeiting to Cybercrime</strong> Established in 1865 primarily to combat the widespread counterfeiting of U.S. currency following the Civil War <sup></sup>, the Secret Service&#8217;s investigative responsibilities have expanded significantly over time through legislative and executive action. Its mandate now firmly includes safeguarding the integrity of the nation&#8217;s financial and payment systems.<sup></sup>  ;</p>



<p>Key areas of modern investigative authority relevant to cases like Sherman&#8217;s include:</p>



<ul class="wp-block-list">
<li><strong>Financial Crimes:</strong> The agency holds primary authority for investigating access device fraud (like credit and debit card fraud), identity theft, and financial institution fraud. </li>



<li><strong>Cyber-Enabled Crimes:</strong> Crucially, the Secret Service&#8217;s mandate explicitly extends to investigating computer fraud and computer-based attacks targeting the nation&#8217;s critical infrastructure, including financial, banking, <em>and telecommunications</em> systems. This places schemes that exploit telecom systems for financial gain squarely within their jurisdiction. </li>



<li><strong>Digital Assets:</strong> Recognizing the growing use of cryptocurrencies and other digital assets in illicit activities, the agency is also focused on detecting and investigating crimes involving these technologies. </li>
</ul>



<p>The evolution of the Secret Service&#8217;s mission from physical currency protection to encompassing cyber and telecommunications infrastructure fraud reflects the undeniable convergence of financial systems with digital networks. Crimes like Sherman&#8217;s, involving the manipulation of internal telecom company systems <sup></sup> for direct financial enrichment <sup></sup>, perfectly exemplify this intersection. Such cases demand expertise that bridges traditional financial investigation with deep technical understanding, validating the Secret Service&#8217;s expanded role in combating technologically-facilitated financial crime impacting critical infrastructure sectors.  ;</p>



<p><strong>Specialized Units and Collaborative Methods</strong> To effectively tackle these complex threats, the Secret Service employs specialized units and emphasizes collaboration:</p>



<ul class="wp-block-list">
<li><strong>Cyber Investigative Section (CIS):</strong> Based at headquarters, CIS centralizes expertise and supports major cybercrime investigations globally. </li>



<li><strong>Cyber Fraud Task Forces (CFTFs):</strong> These are the operational hubs for cyber investigations in the field. Located strategically across the country (like the Seattle Field Office involved in the Sherman case), CFTFs operate as partnerships, bringing together Secret Service agents, other law enforcement agencies, prosecutors, private industry experts, and academic researchers to combat cybercrime through investigation, detection, and prevention. </li>



<li><strong>Global Investigative Operations Center (GIOC):</strong> This center coordinates complex domestic and international investigations impacting financial infrastructure and analyzes diverse data sources. </li>



<li><strong>Forensic Capabilities:</strong> The agency utilizes forensic analysis for both digital and physical evidence. </li>



<li><strong>Partnerships:</strong> Collaboration is key. The Secret Service works closely with the Department of Justice (e.g., Computer Crime and Intellectual Property Section &#8211; CCIPS) and actively engages with the private sector through initiatives like the Cyber Investigations Advisory Board (CIAB), which brings external expertise from industry, academia, and non-profits to inform investigative strategies. </li>
</ul>



<p>The strong emphasis on partnerships, particularly through the CFTFs and CIAB, underscores a critical reality: combating sophisticated cyber-enabled financial crime necessitates expertise and information sharing beyond traditional law enforcement structures. Integrating insights from the private sector—often the owners of the targeted infrastructure and primary victims—and academia is vital for understanding emerging threats, industry practices, and cutting-edge technologies. This collaborative model is likely indispensable for agencies like the Secret Service to maintain pace with the rapid evolution of criminal tactics in specialized domains such as telecommunications.</p>



<h2 class="wp-block-heading">VIII. Guarding the Gates: Combating Insider Threats in Telecom</h2>



<p>The Richard Sherman case serves as a potent reminder that significant security risks can originate not from external attackers, but from trusted individuals within an organization. Insider threats are broadly defined as current or former employees, contractors, or business partners who have inside information concerning the organization&#8217;s security practices, data, and computer systems, and who use this information, intentionally or unintentionally, to cause harm or exfiltrate sensitive information.<sup></sup> Sherman represents a classic malicious insider, deliberately abusing his legitimate access for personal gain.  ;</p>



<p>Insiders possess a dangerous advantage: they often operate behind existing perimeter defenses and have authorized access to networks, systems, and sensitive data as part of their job functions.<sup></sup> Sherman didn&#8217;t need to hack into the carrier&#8217;s system from the outside; he used his legitimate credentials and system privileges to manipulate account classifications and exploit the unlocking process.<sup></sup>  ;</p>



<p>Combating such threats requires a multi-layered approach encompassing technology, policies, and human factors. Best practices for detection and prevention include:</p>



<h3 class="wp-block-heading">Detection Strategies:</h3>



<ul class="wp-block-list">
<li><strong>User and Entity Behavior Analytics (UEBA):</strong> These systems establish baseline patterns of normal activity for users and devices. They can then flag anomalous behavior that might indicate a threat, such as an employee accessing systems at unusual times, downloading excessive data, attempting to access resources outside their typical role (like Sherman manipulating affiliate status), or unusual patterns of bulk processing. </li>



<li><strong>Comprehensive Monitoring and Logging:</strong> Continuously monitor user activity, especially actions involving privileged access or sensitive data modification. Detailed logging and regular log analysis are crucial for detecting suspicious actions and for post-incident investigations. </li>



<li><strong>Access Reviews:</strong> Periodically audit user access rights and permissions to ensure they align with current job roles and the principle of least privilege. </li>



<li><strong>Anomaly Detection with Machine Learning:</strong> Employ ML algorithms to identify subtle deviations from normal patterns in data access, network traffic, or system usage that might evade rule-based detection systems. </li>



<li><strong>Behavioral Indicators:</strong> While less definitive, organizations should have processes for addressing concerning employee behaviors like expressed disgruntlement, violations of policy, or sudden changes in work habits, as these can sometimes correlate with increased risk. </li>
</ul>



<h3 class="wp-block-heading">Prevention Strategies:</h3>



<ul class="wp-block-list">
<li><strong>Strong Access Controls:</strong> Implement the <strong>Principle of Least Privilege (PoLP)</strong>, ensuring users have only the minimum necessary permissions to perform their duties. Utilize <strong>Role-Based Access Control (RBAC)</strong> to manage permissions efficiently and consistently based on job functions. Enforce <strong>Multi-Factor Authentication (MFA)</strong> widely, especially for accessing sensitive systems or performing high-risk actions. </li>



<li><strong>Privileged Access Management (PAM):</strong> Deploy dedicated PAM solutions to tightly control, monitor, and audit the use of administrative and other privileged accounts, which are frequent targets or tools for insiders. </li>



<li><strong>Clear Policies and Consistent Enforcement:</strong> Establish and regularly update clear, comprehensive policies covering acceptable use, data handling and classification, remote access, and security incident reporting. Crucially, these policies must be consistently enforced across the organization. </li>



<li><strong>Security Awareness Training:</strong> Conduct regular, role-specific security awareness training for all employees. This should cover recognizing threats (including insider risks and social engineering), understanding policies, and knowing their responsibilities in maintaining security. </li>



<li><strong>Thorough Vetting and Background Checks:</strong> Implement rigorous screening processes for new hires, particularly those in positions with access to sensitive data or systems. </li>



<li><strong>Secure Offboarding Procedures:</strong> Have a formal process to immediately revoke all system access for departing employees, retrieve company assets, and ensure the return or deletion of sensitive data. Sherman reportedly set up the fake accounts <em>before</em> leaving his employer, highlighting that risks can manifest even before an employee&#8217;s departure. </li>



<li><strong>Data Loss Prevention (DLP):</strong> Use DLP tools to monitor and prevent the unauthorized transfer or exfiltration of sensitive data outside the organization&#8217;s control. </li>



<li><strong>Physical Security:</strong> Maintain appropriate physical access controls to secure facilities, data centers, and sensitive documents. </li>



<li><strong>Regular Risk Assessments and Audits:</strong> Periodically conduct enterprise-wide risk assessments specifically addressing insider threats and audit the effectiveness of existing controls. </li>



<li><strong>Cross-Functional Collaboration:</strong> Establish an insider threat program involving stakeholders from IT Security, Human Resources, Legal, Compliance, Risk Management, and Internal Audit to ensure a holistic approach. </li>
</ul>



<p>The following table summarizes key mitigation strategies:</p>



<figure class="wp-block-table"><table class="has-fixed-layout"><tbody><tr><td><strong>Category</strong></td><td><strong>Specific Measure</strong></td><td><strong>Description</strong></td><td><strong>Relevance to Telecom Sector</strong></td></tr><tr><td><strong>Technical Controls</strong></td><td>Privileged Access Management (PAM)</td><td>Tools to strictly control, monitor, and audit access to critical systems and admin accounts.</td><td>Essential for securing access to network infrastructure, billing systems, customer databases, and provisioning tools (like those Sherman manipulated).</td></tr><tr><td></td><td>User &; Entity Behavior Analytics (UEBA)</td><td>Baselines normal activity and flags anomalies in user/system behavior.</td><td>Can detect unusual account modifications, access patterns to sensitive customer data (CPNI), or abnormal use of internal tools.</td></tr><tr><td></td><td>Data Loss Prevention (DLP)</td><td>Monitors and blocks unauthorized movement of sensitive data.</td><td>Critical for preventing exfiltration of customer data, proprietary network information, or confidential business plans.</td></tr><tr><td></td><td>Strong Access Controls (PoLP, RBAC, MFA)</td><td>Ensures minimal necessary access based on roles; requires multiple verification factors.</td><td>Limits potential damage if an account is compromised or abused; vital given the vast amounts of sensitive data and critical systems.</td></tr><tr><td><strong>Organizational Policies</strong></td><td>Clear Security Policies</td><td>Documented rules for acceptable use, data handling, remote access, incident reporting.</td><td>Sets clear expectations for employees handling sensitive telecom data and accessing critical systems.</td></tr><tr><td></td><td>Secure Offboarding</td><td>Immediate revocation of access, asset retrieval, data handling for departing employees.</td><td>Prevents departing employees from retaining access or data that could be misused (as Sherman set up accounts before leaving).</td></tr><tr><td></td><td>Regular Audits &; Risk Assessments</td><td>Periodic reviews of controls, access rights, and potential insider threat vulnerabilities.</td><td>Ensures security measures remain effective and adapt to evolving threats specific to the telecom environment.</td></tr><tr><td><strong>Human Factors</strong></td><td>Security Awareness Training</td><td>Educates employees on threats, policies, and their security responsibilities.</td><td>Reduces accidental risks and helps employees recognize and report suspicious activity, including potential insider threats.</td></tr><tr><td></td><td>Background Checks &; Vetting</td><td>Screening potential hires, especially for sensitive roles.</td><td>Helps identify individuals with histories that may indicate higher risk before granting them access to critical telecom assets.</td></tr><tr><td></td><td>Cross-Functional Program</td><td>Collaboration between HR, Legal, IT Security, Risk, etc., on insider threat management.</td><td>Ensures a comprehensive approach considering legal, ethical, technical, and human resource aspects of insider risk.</td></tr></tbody></table></figure>



<p>Ultimately, truly effective insider threat mitigation extends beyond technology and procedures into organizational culture. Building an environment of trust, ensuring fairness in processes and disciplinary actions, maintaining transparency about monitoring practices, and actively promoting security awareness are crucial.<sup></sup> Disgruntled or neglected employees can pose a heightened risk.<sup></sup> While Sherman&#8217;s actions appear purely malicious, addressing the human element is a vital component of a comprehensive defense strategy.  ;</p>



<p>The telecommunications sector faces particularly acute insider threat challenges due to the nature of its business. Employees often handle vast quantities of sensitive customer data (including call records, location information, and financial details), manage critical national communication infrastructure, and operate complex billing and provisioning systems.<sup></sup> The potential impact of a compromised or malicious insider, as Sherman&#8217;s seven-year scheme demonstrates, is exceptionally high, capable of causing massive financial losses, severe reputational damage, and widespread disruption.<sup></sup> Therefore, the application of insider threat best practices must be particularly rigorous and tailored to the unique, high-stakes environment of this industry.  ;</p>



<h2 class="wp-block-heading">IX. Contextualizing the Threat: The Evolving Landscape of Telecom Fraud</h2>



<p>The Richard Sherman case, while significant, is just one example within a broader and constantly evolving landscape of telecommunications fraud. Understanding other major schemes and emerging tactics provides crucial context for appreciating the persistent nature of these threats.</p>



<h3 class="wp-block-heading">Beyond Sherman: Other Major Cases</h3>



<ul class="wp-block-list">
<li><strong>Muhammad Fahd / AT&;T (Unlocking Fraud):</strong> This case, resulting in a 12-year prison sentence for Fahd, involved a more complex operation than Sherman&#8217;s, though with a similar goal. Fahd, operating internationally, initially bribed AT&;T call center employees in the U.S. to use their credentials for illicit phone unlocking. When AT&;T upgraded its systems, Fahd escalated his tactics by hiring a developer to create custom malware. This malware was installed on AT&;T&#8217;s internal systems by bribed employees, allowing Fahd&#8217;s operation to gain persistent access, gather credentials, and continue unlocking phones on a massive scale—nearly 1.9 million devices, causing an estimated $200 million in losses to AT&;T. Key differences from Sherman include the use of malware as a technical intrusion method alongside insider collusion and the significantly larger scale of financial impact. </li>



<li><strong>&#8220;The Community&#8221; Gang / Garrett Endicott (SIM Swapping):</strong> This case highlights a different but related form of telecom-facilitated fraud: SIM swapping or hijacking. Rather than unlocking devices for resale, this gang focused on taking control of victims&#8217; phone numbers. They achieved this through bribing employees at mobile carriers or using social engineering tactics to trick customer support into transferring the victim&#8217;s number to a SIM card controlled by the attackers. Once in control of the number, they could intercept two-factor authentication codes (often sent via SMS) and gain access to victims&#8217; online accounts, particularly cryptocurrency exchange accounts, leading to millions in losses. Endicott, the final defendant sentenced, received 10 months, while other gang members received sentences ranging from probation to four years. This case underscores how the phone number itself has become a critical, and often vulnerable, key to digital identity and assets, and again highlights the role of compromised insiders (bribed employees). </li>



<li><strong>Prevalence of SIM Swapping:</strong> The threat demonstrated by &#8220;The Community&#8221; is widespread. Numerous lawsuits have been filed against major carriers like AT&;T and T-Mobile by victims of SIM swapping, alleging inadequate security measures failed to prevent attackers from hijacking their numbers and subsequently stealing funds, often cryptocurrency. </li>
</ul>



<h3 class="wp-block-heading">Comparison of Major SIM-Related Fraud Cases</h3>



<figure class="wp-block-table"><table class="has-fixed-layout"><tbody><tr><td><strong>Feature</strong></td><td><strong>Richard Sherman Case</strong></td><td><strong>Muhammad Fahd / AT&;T Case</strong></td><td><strong>&#8220;The Community&#8221; / Endicott Case</strong></td></tr><tr><td><strong>Primary Fraud Type</strong></td><td>Device Unlocking</td><td>Device Unlocking</td><td>SIM Swapping / Account Takeover</td></tr><tr><td><strong>Key Methods</strong></td><td>Insider System Manipulation (Exploiting Exemption, Fake Accounts)</td><td>Bribery of Insiders, Custom Malware Deployment</td><td>Bribery of Insiders, Social Engineering</td></tr><tr><td><strong>Primary Target/Goal</strong></td><td>Profit from Resale of Unlocked Phones</td><td>Profit from Resale of Unlocked Phones</td><td>Theft from Victim Accounts (esp. Crypto)</td></tr><tr><td><strong>Scale / Impact</strong></td><td>~$500k Gain (Defendant); Carrier Loss Likely Higher; Thousands of Phones</td><td>~$200M Loss (Carrier); ~1.9M Phones</td><td>Multi-million $ Crypto Theft; Multiple Victims</td></tr><tr><td><strong>Legal Outcome</strong></td><td>Guilty Plea (Wire Fraud Conspiracy); Sentencing Pending</td><td>12 Years Prison (Wire Fraud Conspiracy)</td><td>Various Sentences (Probation to 4 Years Prison); Endicott: 10 Months</td></tr></tbody></table></figure>



<p></p>



<p>This comparison reveals a diversification of tactics targeting the telecom ecosystem. While unlocking fraud exploits carrier business processes and device subsidies, SIM swapping targets the end-user&#8217;s reliance on the phone number for identity verification and account security. Both methods, however, frequently rely on the &#8220;human element&#8221;—either through the direct malicious actions of an insider like Sherman, or the compromise (via bribery or deception) of carrier employees, as seen in the Fahd and &#8220;The Community&#8221; cases.<sup></sup>  ;</p>



<p><strong>Emerging Trends and Industry Responses</strong> Fraudsters continually adapt their methods. Trends include increasing sophistication in social engineering, attempts to exploit newer technologies like eSIMs (which, despite security features, remain vulnerable to malware and social engineering), and the persistent use of established fraud types like International Revenue Sharing Fraud (IRSF), Wangiri (call-back scams), and Interconnect Bypass (SIM box fraud).<sup></sup>  ;</p>



<p>The telecommunications industry recognizes the severity of the threat. A staggering 92% of carriers identified fraud as a &#8216;top&#8217; or &#8216;strategic&#8217; priority in 2023, up significantly from 77% in 2022.<sup></sup> Responses involve investing in advanced fraud detection systems utilizing AI and machine learning, implementing real-time monitoring, enhancing internal controls, and fostering collaboration within the industry and with law enforcement.<sup></sup> Regulatory bodies are also increasing scrutiny, with the FCC, for example, exploring rules to compel carriers to strengthen defenses against SIM swapping.<sup></sup>  ;</p>



<p>The immense financial losses attributed to telecom fraud—tens of billions annually <sup></sup>—and the high strategic priority assigned to combating it by carriers create a compelling business case for significant investment in prevention. While some operators may have historically absorbed certain fraud costs as a part of doing business <sup></sup>, the escalating scale and sophistication of attacks necessitate proactive measures. The cost of implementing robust defenses, including advanced technological solutions and comprehensive insider threat programs, is increasingly viewed as a necessary investment likely outweighed by the potential savings from mitigating catastrophic fraud events like the Fahd case <sup></sup> or preventing long-running internal schemes like Sherman&#8217;s.  ;</p>



<h2 class="wp-block-heading">X. Conclusion: Lessons from an Inside Job</h2>



<p>The case of Richard Forrest Sherman stands as a sobering testament to the enduring threat posed by malicious insiders within the telecommunications industry. Over seven years, Sherman leveraged his trusted position and intimate knowledge of internal systems to execute a wire fraud conspiracy, manipulating account privileges and exploiting procedural loopholes to facilitate the illicit unlocking of thousands of mobile devices for personal profit.<sup></sup> His guilty plea underscores the significant legal consequences awaiting those who betray corporate trust for financial gain, facing potentially decades in prison under federal statutes like 18 U.S.C. § 1349.<sup></sup>  ;</p>



<p>Several critical lessons emerge from this analysis:</p>



<ul class="wp-block-list">
<li><strong>Insider Threats Remain Paramount:</strong> Even as organizations bolster external defenses, the risk from within persists. Insiders with legitimate access can bypass many security layers, making robust internal controls, vigilant monitoring (like UEBA), and strict adherence to the principle of least privilege essential. </li>



<li><strong>Business Processes Can Be Vulnerabilities:</strong> Sherman exploited not a technical flaw in software, but a weakness in the <em>process</em> surrounding customer exemptions and affiliate account classifications. This highlights the need to secure workflows and authorizations with the same rigor applied to technical systems, especially those granting powerful privileges like bulk unlocking exemptions. Trust must be verified, even internally. </li>



<li><strong>Economic Models Create Fraud Opportunities:</strong> The carrier practice of SIM locking, driven by device subsidies, creates an economic incentive for unlocking. This inherent market tension fuels demand for illicit services, which insiders like Sherman can exploit. </li>



<li><strong>Specialized Law Enforcement is Crucial:</strong> The U.S. Secret Service&#8217;s successful investigation demonstrates the value of specialized units (like CFTFs) possessing expertise in both financial crime and cyber/telecom infrastructure. Their evolving mandate reflects the merging of financial and digital crime landscapes. </li>



<li><strong>Legal Deterrents are Strong but Prevention is Key:</strong> While statutes like 18 U.S.C. § 1349 provide powerful tools for prosecution with severe penalties , the ideal outcome is prevention. The significant financial and reputational damage caused by telecom fraud underscores the necessity of proactive investment in comprehensive security measures. </li>
</ul>



<p>The ongoing battle against sophisticated telecom fraud, whether SIM unlocking schemes, SIM swapping, or other variants, demands constant vigilance and adaptation. This includes deploying advanced technologies like AI/ML for anomaly detection, rigorously enforcing strong access controls and internal policies, cultivating a security-aware workforce through continuous training, and fostering robust collaboration between industry players, law enforcement, and regulatory bodies <sup></sup>-.<sup></sup>  ;</p>



<p>Ultimately, the Richard Sherman conspiracy is a powerful narrative reinforcing a fundamental security principle: the most damaging threats can indeed originate from within, adeptly exploiting the very systems and trust mechanisms designed for legitimate operations. Building resilience against such insider threats requires a holistic strategy that meticulously addresses technology, process, and the human element, recognizing that safeguarding critical telecommunications infrastructure demands vigilance at every level.</p>



<p></p>

Tag Archives: Conspiracy
Atlanta Cousins Sentenced in $2 Million+ COVID-19 Relief Fraud Scheme: Narcisse and Dieujuste Exploited PPP and EIDL Programs

<p><strong>Atlanta, GA</strong> – In a stark reminder of the pervasive fraud that plagued COVID-19 relief programs, two Georgia men, Johnny Narcisse and his cousin Johnson Dieujuste, have been sentenced to federal prison for their roles in a sophisticated scheme that defrauded the Paycheck Protection Program (PPP) and the Economic Injury Disaster Loan (EIDL) program of more than $2 million. The case highlights the vulnerability of emergency relief funds and the ongoing efforts of law enforcement to bring perpetrators of pandemic-related fraud to justice.</p>



<p>This article delves into the details of Narcisse and Dieujuste&#8217;s fraudulent activities, their convictions, and the broader context of COVID-19 relief fraud. It also explores the role of various government agencies in investigating and prosecuting such crimes, and provides information on how the public can report suspected fraud.</p>



<h2 class="wp-block-heading">The Scheme: Exploiting Vulnerabilities in COVID-19 Relief Programs</h2>



<p>The COVID-19 pandemic triggered an unprecedented economic crisis, prompting the U.S. government to launch massive relief programs aimed at mitigating the <a class="wpil_keyword_link" href="https://www.fraudswatch.com/tag/financial-fraud/" title="financial" data-wpil-keyword-link="linked" data-wpil-monitor-id="1133">financial</a> fallout. The PPP and EIDL programs were central to this effort, designed to provide forgivable loans to small businesses struggling to stay afloat and cover essential expenses like payroll, rent, and utilities.</p>



<p>However, the speed and scale at which these programs were rolled out created opportunities for unscrupulous individuals to exploit vulnerabilities in the system. Johnny Narcisse and Johnson Dieujuste were among those who seized this opportunity, devising a scheme that ultimately defrauded taxpayers of over $2 million.</p>



<h2 class="wp-block-heading">How the Fraud Unfolded: A Detailed Look at Narcisse and Dieujuste&#8217;s Tactics</h2>



<p>According to court documents and statements made by Acting U.S. Attorney Richard S. Moultrie, Jr., the investigation into Narcisse began in July 2021 when federal agents, initially investigating a Florida resident for suspected tax crimes, obtained a search warrant for Narcisse&#8217;s Georgia home, computer, and cellular phone. This search yielded a trove of evidence revealing a complex conspiracy between Narcisse and Dieujuste.</p>



<p>The cousins&#8217; scheme involved recruiting small business owners and then filing fraudulent applications for PPP and EIDL loans on their behalf. The process was deceptively simple:</p>



<ol class="wp-block-list">
<li><strong>Recruitment:</strong> Narcisse and Dieujuste would approach small business owners, promising to help them secure COVID-19 relief funds.</li>



<li><strong>Information Gathering:</strong> They would collect the business owners&#8217; names, business names, and Employer Identification Numbers (EINs).</li>



<li><strong>Fabrication:</strong> The rest of the information required for the <a class="wpil_keyword_link" href="https://www.fraudswatch.com/category/loans/" title="loan" data-wpil-keyword-link="linked" data-wpil-monitor-id="1132">loan</a> applications was simply invented. Narcisse and Dieujuste fabricated details about the businesses&#8217; revenue, expenses, and number of employees to make them appear eligible for the loans.</li>



<li><strong>Submission:</strong> The fraudulent applications were then submitted to the Small Business Administration (SBA) and participating lenders.</li>



<li><strong>Kickbacks:</strong> If a loan was approved and disbursed, the borrowers would kick back a percentage of the proceeds to Narcisse and/or Dieujuste as payment for their &#8220;services.&#8221;</li>
</ol>



<p>This scheme was replicated dozens of times, resulting in over $2 million in fraudulent loans being disbursed.</p>



<h2 class="wp-block-heading">Beyond the Conspiracy: Individual Fraudulent Loan Applications</h2>



<p>In addition to their scheme to defraud the PPP and EIDL programs on behalf of others, Narcisse and Dieujuste also filed fraudulent loan applications for themselves. These individual applications, which were uncovered during the investigation, added to the total loss amount and were factored into their sentencing and restitution orders.</p>



<h2 class="wp-block-heading">The Investigation: Unraveling the Fraudulent Web</h2>



<p>The investigation into Narcisse and Dieujuste&#8217;s activities was a collaborative effort led by the U.S. Treasury Inspector General for Tax Administration (TIGTA) and the Small Business Administration&#8217;s Office of Inspector General (SBA-OIG). These agencies played a crucial role in identifying the fraudulent loan applications, tracing the flow of funds, and gathering the evidence necessary to build a strong case against the defendants.</p>



<p>The initial search warrant executed at Narcisse&#8217;s home proved to be a turning point in the investigation. The digital evidence found on his computer and phone provided a detailed record of their communications, the fraudulent loan applications, and the financial transactions associated with the scheme.</p>



<h2 class="wp-block-heading">Legal Proceedings: Guilty Pleas and Sentencing</h2>



<p>Faced with the overwhelming evidence against them, both Narcisse and Dieujuste pleaded guilty to one count each of conspiracy to commit wire fraud. This guilty plea, a federal felony, carry a maximum penalty of 20 years, as well as a fine of not more than the greater of $250,000 or twice the gross gain or loss from the offense.</p>



<h2 class="wp-block-heading">Johnny Narcisse&#8217;s Sentencing:</h2>



<p>On October 21, 2024, U.S. District Judge Eleanor L. Ross sentenced Johnny Narcisse, 46, of Atlanta, Georgia, to two years and four months in prison, followed by three years of supervised release. He was also ordered to pay restitution in the amount of $2,000,332, reflecting the total losses attributed to his involvement in the scheme.</p>



<h2 class="wp-block-heading">Johnson Dieujuste&#8217;s Sentencing:</h2>



<p>Johnson Dieujuste, 37, of Loganville, Georgia, received his sentence on January 8, 2025. Judge Ross sentenced him to two years and eight months in prison, also followed by three years of supervised release. Dieujuste was ordered to pay restitution in the amount of $2,081,559.</p>



<h2 class="wp-block-heading">The Role of the COVID-19 Fraud Enforcement Task Force</h2>



<p>The prosecution of Narcisse and Dieujuste is part of a broader effort to combat pandemic-related fraud. On May 17, 2021, the Attorney General established the COVID-19 Fraud Enforcement Task Force, a multi-agency initiative aimed at marshaling resources and expertise to investigate and prosecute individuals and organizations involved in COVID-19 relief fraud.</p>



<p>The Task Force has been instrumental in:</p>



<ul class="wp-block-list">
<li><strong>Enhancing investigative and prosecutorial efforts:</strong> By bringing together resources and expertise from various agencies, the Task Force has strengthened the government&#8217;s ability to identify and prosecute complex fraud schemes.</li>



<li><strong>Improving coordination:</strong> The Task Force has fostered greater collaboration between federal agencies, state and local law enforcement, and private sector partners.</li>



<li><strong>Sharing information and best practices:</strong> The Task Force facilitates the exchange of information and intelligence, allowing agencies to learn from past enforcement efforts and adapt their strategies accordingly.</li>



<li><strong>Preventing future fraud:</strong> By analyzing patterns and trends in pandemic-related fraud, the Task Force is working to identify vulnerabilities in relief programs and develop strategies to prevent future exploitation.</li>
</ul>



<h2 class="wp-block-heading">The Broader Context: The Scope of COVID-19 Relief Fraud</h2>



<p>The case of Narcisse and Dieujuste is just one example of the widespread fraud that has plagued COVID-19 relief programs. While the vast majority of the trillions of dollars in aid were distributed legitimately, a significant portion was lost to fraud, waste, and abuse.</p>



<h2 class="wp-block-heading">The Scope of the Problem:</h2>



<p>Estimates of the total amount of fraudulent COVID-19 relief funds vary widely, but it is undoubtedly in the billions, if not tens of billions, of dollars. The SBA-OIG, in a 2023 report, estimated that as much as $200 billion may have been lost to fraud in the PPP and EIDL programs alone.</p>



<h2 class="wp-block-heading">Types of Fraud:</h2>



<p>COVID-19 relief fraud has taken many forms, including:</p>



<ul class="wp-block-list">
<li><strong>Identity theft:</strong> Fraudsters used stolen identities to apply for loans in the names of unsuspecting individuals.</li>



<li><strong>Business identity theft:</strong> Similar to identity theft, but involving the use of stolen business information.</li>



<li><strong>Loan stacking:</strong> Applicants applied for multiple loans from different lenders, often using the same fabricated information.</li>



<li><strong>Inflated payroll or revenue:</strong> Businesses exaggerated their payroll or revenue figures to qualify for larger loans.</li>



<li><strong>Shell companies:</strong> Fraudsters created fake businesses with no legitimate operations to apply for loans.</li>



<li><strong>Misuse of funds:</strong> Some businesses received loans but used the funds for purposes other than those allowed under the programs.</li>
</ul>



<h2 class="wp-block-heading">Consequences of Fraud:</h2>



<p>The consequences of COVID-19 relief fraud are far-reaching:</p>



<ul class="wp-block-list">
<li><strong>Financial losses to taxpayers:</strong> Fraudulent loans represent a direct loss to taxpayers, who ultimately bear the cost of these programs.</li>



<li><strong>Undermining public trust:</strong> Fraud erodes public trust in government programs and institutions.</li>



<li><strong>Distorting the economy:</strong> Fraudulent loans can distort the economy by providing an unfair advantage to those who engaged in illicit activities.</li>



<li><strong>Diverting resources from legitimate recipients:</strong> Fraudulent claims can deplete the funds available for legitimate businesses and individuals in need.</li>
</ul>



<h2 class="wp-block-heading">Reporting Suspected COVID-19 Fraud</h2>



<p>The Department of Justice encourages anyone with information about allegations of attempted fraud involving COVID-19 to report it. You can do so by:</p>



<ul class="wp-block-list">
<li><strong>Calling the National Center for Disaster Fraud (NCDF) Hotline:</strong> 866-720-5721</li>



<li><strong>Submitting a complaint online:</strong> <a href="https://www.justice.gov/disaster-fraud/ncdf-disaster-complaint-form" target="_blank" rel="noreferrer noopener">https://www.justice.gov/&#8230;complaint-form</a></li>
</ul>



<p><strong>Conclusion</strong></p>



<h2 class="wp-block-heading">The sentencing of Johnny Narcisse and Johnson Dieujuste serves as a powerful reminder of the ongoing fight against COVID-19 relief fraud. Their case underscores the importance of vigilance, robust investigative efforts, and inter-agency collaboration in protecting taxpayer funds and ensuring the integrity of government programs. As the COVID-19 Fraud Enforcement Task Force continues its work, it is expected that more cases of pandemic-related fraud will be uncovered and prosecuted, sending a clear message that those who seek to exploit public emergencies for personal gain will be held accountable. The public plays a vital role in this effort by reporting suspected fraud and helping to safeguard the integrity of vital relief programs.</h2>

FIFA Officials Indicted for Conspiracy and Corruption Scam
<h2 id="node-title">Sixteen Additional FIFA Officials Indicted for Racketeering Conspiracy and Corruption</h2>
<p><figure id="attachment_15565" aria-describedby="caption-attachment-15565" style="width: 336px" class="wp-caption alignright"><a href="https://www.fraudswatch.com/6502566-3x2-700x467-2/" rel="attachment wp-att-15565"><img class="wp-image-15565" src="https://www.fraudswatch.com/wp-content/uploads/2015/12/6502566-3x2-700x467-1-1.jpg" alt="FIFA Officials Indicted" width="336" height="224" /></a><figcaption id="caption-attachment-15565" class="wp-caption-text"><em><strong>FIFA Officials Indicted</strong></em></figcaption></figure></p>
<p class="rtecenter">The New Defendants Include Five Current or Former FIFA Executive Committee Members and the Current Presidents of CONCACAF and CONMEBOL; Guilty Pleas for Eight Others, Including Jeffrey Webb and the Former Presidents of the Colombian and Chilean Soccer Federations, also Announced</p>
<p>A 92-count superseding indictment was unsealed earlier today in federal court in Brooklyn, New York, charging an additional 16 defendants with racketeering, wire fraud and money laundering conspiracies, among other offenses, in connection with their participation in a 24-year scheme to enrich themselves through the corruption of international soccer. The superseding indictment also includes additional charges for seven of the defendants still pending extradition following the return of the original indictment last May. The guilty pleas of eight defendants – including Jeffrey Webb, Alejandro Burzaco and José Margulies, three of the defendants indicted last May – were also announced today.</p>
<p>The new defendants charged in the superseding indictment include high-ranking officials of FIFA, the organization responsible for the regulation and promotion of soccer worldwide, as well as high-ranking officials of other soccer governing bodies that operate under the FIFA umbrella. The defendants Alfredo Hawit and Juan Ángel Napout – the current presidents of CONCACAF and CONMEBOL, respectively, as well as current FIFA vice presidents and Executive Committee members – are among the 16 additional soccer officials charged with racketeering and bribery offenses. CONCACAF and CONMEBOL are two of FIFA’s six continental confederations. The new defendants also include Marco Polo del Nero and Ricardo Teixeira, the current and former presidents of the Brazilian soccer federation, both of whom are also former members of the FIFA Executive Committee, as well as José Luís Meiszner and Eduardo Deluca, the current and former general secretaries of CONMEBOL. Within UNCAF, the Central American regional soccer union operating within CONCACAF, the charges in the superseding indictment name the current and/or former presidents of nearly every country in the region: Costa Rica, El Salvador, Guatemala, Honduras, Nicaragua and Panama. Taken together, the 27 defendants in the superseding indictment are alleged to have engaged in a number of schemes all designed to solicit and receive well over $200 million in bribes and kickbacks to sell lucrative media and marketing rights to international soccer tournaments and matches, among other valuable rights and properties.</p>
<p>The charges were announced by Attorney General Loretta E. Lynch, FBI Director James B. Comey, U.S. Attorney Robert L. Capers of the Eastern District of New York, Assistant Director in Charge Diego G. Rodriguez of the FBI’s New York Field Office, Chief Richard Weber of Internal Revenue Service-Criminal Investigation (IRS-CI) and Special Agent in Charge Erick Martinez of the IRS-CI Los Angeles Field Office.</p>
<p>Early this morning, Swiss authorities in Zurich arrested two of the defendants charged in the superseding indictment – Hawit and Napout – at the request of the United States. Also this morning, a search warrant was executed at Media World, a sports marketing company based in Miami.</p>
<p>The new charges unsealed today bring the total number of individuals and entities charged to date to 41. Of those, 12 individuals and two sports marketing companies have already been convicted as a result of the ongoing investigation. The convicted defendants have agreed to pay more than $190 million in forfeiture. In addition, more than $100 million has been restrained in the United States and abroad in connection with the alleged criminal activity. The United States has issued mutual legal assistance requests seeking the restraint of assets located in 13 countries around the world.</p>
<p>“The Department of Justice is committed to ending the rampant corruption we have alleged amidst the leadership of international soccer – not only because of the scale of the schemes, or the brazenness and breadth of the operation required to sustain such corruption, but also because of the affront to international principles that this behavior represents,” said Attorney General Lynch. “The message from this announcement should be clear to every culpable individual who remains in the shadows, hoping to evade our investigation: You will not wait us out. You will not escape our focus.” Attorney General Lynch extended her grateful appreciation to the authorities of the government of Switzerland for their continuing outstanding assistance and collaboration in this investigation, and to the authorities in a number of other countries, including Brazil and Colombia, for their assistance as well.</p>
<p>“For decades, these defendants used their power as the leaders of soccer federations throughout the world to create a web of corruption and greed that compromises the integrity of the beautiful game,” said Director Comey. “I want to thank all the agencies for their hard work and for showing the world that we do not tolerate this criminal activity.”</p>
<p>“The charges unsealed today send a clear message to those who corrupted a sport beloved by millions to satisfy their own greed: We are determined to put a stop to bribery and corruption in international soccer and to make room for a new era of integrity and reform,” said U.S. Attorney Capers. “This indictment is the latest step in that effort, but our work is not done. While our investigation continues at home, we also look forward to continuing our collaboration with our international partners, including in particular the Swiss authorities, because there is so much yet to be done.” Mr. Capers extended his thanks to the agents, analysts and other investigative personnel with the FBI New York Eurasian Joint Organized Crime Squad and the IRS-CI Los Angeles Field Office, as well as their colleagues in the United States and abroad, for their continuing tremendous effort in this case. Mr. Capers also thanked the U.S. Marshals Service for its continuing assistance.</p>
<p>“The brazenness with which the individuals indicted today breached the integrity of the U.S. <a class="wpil_keyword_link" href="https://www.fraudswatch.com/tag/financial-fraud/" title="financial" data-wpil-keyword-link="linked" data-wpil-monitor-id="503">financial</a> system to promote and conceal their criminal schemes is quite alarming,” said Chief Weber. “While it is one of the most complex worldwide financial investigations ever conducted, it is also an eye opener to everyone that such greed and corruption could be hiding in plain sight within the world’s most popular sport. By conspiring to enrich themselves through bribery and kickback schemes relating to media and marketing rights, the defendants undermined the process of fair and open competition, corrupting the beautiful game for their own personal gain.”</p>
<p>The charges in the superseding indictment are merely allegations, and the defendants are presumed innocent unless and until proven guilty.</p>
<p><strong><em>Overview of the Superseding Indictment</em></strong></p>
<p>As alleged in the superseding indictment, FIFA and its six continental confederations – including CONCACAF, headquartered in the United States, and CONMEBOL, the confederation headquartered in South America – together with affiliated regional federations, national member associations and sports marketing companies, constitute an enterprise of legal entities associated in fact for purposes of violating the federal racketeering laws. The principal – and entirely legitimate – purpose of the enterprise is to regulate and promote the sport of soccer worldwide.</p>
<p>Like the original indictment, the superseding indictment alleges that between 1991 and the present, the defendants and their co-conspirators corrupted the enterprise by engaging in various criminal activities, including fraud, bribery and money laundering. Two generations of soccer officials abused their positions of trust for personal gain, frequently through an alliance with unscrupulous sports marketing executives who shut out competitors and kept highly lucrative contracts for themselves through the systematic payment of bribes and kickbacks. All told, the soccer officials are charged with conspiring to solicit and receive more than $200 million in bribes and kickbacks in exchange for their official support of the sports marketing executives who agreed to make the unlawful payments.</p>
<p>The schemes alleged in the original indictment related to the solicitation and receipt of bribes and kickbacks by soccer officials from sports marketing executives in connection with the commercialization of the media and marketing rights associated with various soccer matches and tournaments, as well as schemes related to the payment and receipt of bribes and kickbacks in connection with the sponsorship of the Brazilian soccer federation by a major U.S. sportswear company, the selection of the host country for the 2010 World Cup and the 2011 FIFA presidential election.</p>
<p>The new allegations in the superseding indictment relate to a series of bribery schemes in connection with multiple cycles of FIFA World Cup qualifiers and international friendly matches involving six Central American member associations within UNCAF; a bribery scheme implicating many top CONMEBOL officials relating to the sale of broadcasting rights to the CONMEBOL Copa Libertadores over an extended period; and a scheme by an Argentinian sports marketing company to obtain various rights properties from CONCACAF by paying bribes to three Central American soccer officials to cause them to exert their influence in favor of the company.</p>
<p><strong><em>The 16 New Defendants</em></strong></p>
<p>As set forth in the superseding indictment, the 16 newly-indicted defendants are all current or former soccer officials who acted at various times in a fiduciary capacity within FIFA and one or more of its constituent organizations:</p>
<p><u>CONCACAF Region Officials</u></p>
<ul>
<li><u>Alfredo Hawit</u>: Current FIFA vice president and Executive Committee member and CONCACAF president. Former CONCACAF vice president and Honduran soccer federation president.</li>
<li><u>Ariel Alvarado</u>: Current member of the FIFA Disciplinary Committee. Former CONCACAF Executive Committee member and Panamanian soccer federation president.</li>
<li><u>Rafael Callejas</u>: Current member of the FIFA Television and Marketing Committee. Former Honduran soccer federation president and former president of the Republic of Honduras.</li>
<li><u>Brayan Jiménez</u>: Current Guatemalan soccer federation president and member of the FIFA Committee for Fair Play and Social Responsibility.</li>
<li><u>Rafael Salguero</u>: Former FIFA Executive Committee member and Guatemalan soccer federation president.</li>
<li><u>Héctor Trujillo</u>: Current Guatemalan soccer federation general secretary and judge on the Constitutional Court of Guatemala.</li>
<li><u>Reynaldo Vasquez</u>: Former Salvadoran soccer federation president.</li>
</ul>
<p><u>CONMEBOL Region Officials</u></p>
<ul>
<li><u>Juan Ángel Napout</u>: Current FIFA vice president and Executive Committee member and CONMEBOL president. Former Paraguayan soccer federation president.</li>
<li><u>Manuel Burga</u>: Current member of the FIFA Development Committee. Former Peruvian soccer federation president.</li>
<li><u>Carlos Chávez</u>: Current CONMEBOL treasurer. Former Bolivian soccer federation president.</li>
<li><u>Luís Chiriboga</u>: Current Ecuadorian soccer federation president and member of the CONMEBOL Executive Committee.</li>
<li><u>Marco Polo del Nero</u>: Current president of the Brazilian soccer federation. Announced resignation from FIFA Executive Committee on Nov. 26, 2015.</li>
<li><u>Eduardo Deluca</u>: Former CONMEBOL general secretary.</li>
<li><u>José Luis Meiszner</u>: Current CONMEBOL general secretary.</li>
<li><u>Romer Osuna</u>: Current member of the FIFA Audit and Compliance Committee. Former CONMEBOL treasurer.</li>
<li><u>Ricardo Teixeira</u>: Former Brazilian soccer federation president and FIFA Executive Committee member.</li>
</ul>
<p><strong><em>The Convicted Defendants</em></strong></p>
<p>The following defendants previously pleaded guilty under seal and agreed to forfeit more than $40 million:</p>
<p>On May 26, 2015, Zorana Danis, the co-founder and owner of International Soccer Marketing Inc., a New Jersey-based sports marketing company, waived indictment and pleaded guilty to a two-count information charging her with wire fraud conspiracy and filing false tax returns. As part of her plea, Danis agreed to forfeit $2 million.</p>
<p>On Nov. 9, 2015, Fabio Tordin, the former CEO of Traffic Sports USA Inc. and currently an executive with Media World LLC, a Miami-based sports marketing company, waived indictment and pleaded guilty to a four-count information charging him with three counts of wire fraud conspiracy and one count of tax evasion. As part of his plea, Tordin agreed to forfeit more than $600,000.</p>
<p>On Nov. 12, 2015, Luis Bedoya, a member of the FIFA Executive Committee, a CONMEBOL vice president and, until last month, the president of the Federación Colombiana de Fútbol, the Colombian soccer federation, waived indictment and pleaded guilty to a two-count information charging him with racketeering conspiracy and wire fraud conspiracy. As part of his plea, Bedoya agreed to forfeit all funds on deposit in his Swiss bank account, among other funds.</p>
<p>On Nov. 16, 2015, Alejandro Burzaco, the former general manager and chairman of the board of Torneos y Competencias S.A., an Argentinian sports marketing company, pleaded guilty to racketeering conspiracy, wire fraud conspiracy and money laundering conspiracy. As part of his plea, Burzaco agreed to forfeit more than $21.6 million.</p>
<p>On Nov. 17, 2015, Roger Huguet, the CEO of Media World and its parent company, waived indictment and pleaded guilty to a three-count information charging him with two counts of wire fraud conspiracy and one count of money laundering conspiracy. As part of his plea, Huguet agreed to forfeit more than $600,000.</p>
<p>On Nov. 23, 2015, Jeffrey Webb, a former FIFA vice president and Executive Committee member, CONCACAF president, Caribbean Football Union Executive Committee member and Cayman Islands Football Association president, pleaded guilty to racketeering conspiracy, three counts of wire fraud conspiracy and three counts of money laundering conspiracy. As part of his plea, Webb agreed to forfeit more than $6.7 million.</p>
<p>On Nov. 23, 2015, Sergio Jadue, a vice president of CONMEBOL and, until last month, the president of the Asociación Nacional de Fútbol Profesional de Chile, the Chilean soccer federation, waived indictment and pleaded guilty to a two-count information charging him with racketeering conspiracy and wire fraud conspiracy. As part of his plea, Jadue agreed to forfeit all funds on deposit in his U.S. bank account, among other funds.</p>
<p>On Nov. 25, 2015, José Margulies, the controlling principal of Valente Corp. and Somerton Ltd, who served as an intermediary who facilitated illicit payments between sports marketing executives and soccer officials, pleaded guilty to racketeering conspiracy, wire fraud conspiracy, and two counts of money laundering conspiracy. As part of his plea, Margulies agreed to forfeit more than $9.2 million.</p>
<p>As previously announced last May, all money forfeited by the defendants is being held in reserve to ensure its availability to satisfy any order of restitution entered at sentencing for the benefit of any individuals or entities that qualify as victims of the defendants’ crimes under federal law.</p>
<hr />
<p>The indicted and convicted defendants face maximum terms of incarceration of 20 years for the Racketeer Influenced and Corrupt Organizations Act (RICO) conspiracy, wire fraud conspiracy, wire fraud, money laundering conspiracy, money laundering and obstruction of justice charges. In addition, Tordin and Danis face maximum terms of five and three years in prison, respectively, for the tax charges. Each defendant also faces mandatory restitution, forfeiture and a fine.</p>
<p>The superseding indictment and guilty pleas unsealed today are assigned to the U.S. District Judge Raymond J. Dearie of the Eastern District of New York.</p>
<p>The government’s investigation is ongoing.</p>
<p>The charges and guilty pleas announced today are part of an investigation into corruption in international soccer being led by the U.S. Attorney’s Office of the Eastern District of New York, the FBI’s New York Field Office and the IRS-CI Los Angeles Field Office. The work in the U.S. Attorney’s Office involves prosecutors from the National Security and Cybercrime Section, the Organized Crime and Gang Section, the Business and Securities Fraud Section and the Public Integrity Section. The prosecutors in Brooklyn are receiving considerable assistance from attorneys in various parts of the Justice Department’s Criminal Division in Washington, D.C., including the Office of International Affairs, the Organized Crime and Gang Section, the Asset Forfeiture and Money Laundering Section and the Fraud Section, as well as from INTERPOL Washington.</p>
<p>The charges and guilty pleas announced today are being prosecuted by Assistant U.S. Attorneys Evan M. Norris, Amanda Hector, Darren A. LaVerne, Samuel P. Nitze, M. Kristin Mace, Paul Tuchmann, Keith D. Edelman, Tanya Hajjar and Brian D. Morris of the Eastern District of New York.</p>
<p><strong><u>The Newly-Indicted Defendants</u></strong><strong>:</strong></p>
<p>ARIEL ALVARADO</p>
<p>Age: 56</p>
<p>Nationality: Panama</p>
<p>MANUEL BURGA</p>
<p>Age: 58</p>
<p>Nationality: Peru</p>
<p>RAFAEL CALLEJAS</p>
<p>Age: 72</p>
<p>Nationality: Honduras</p>
<p>CARLOS CHÁVEZ</p>
<p>Age: 57</p>
<p>Nationality: Bolivia</p>
<p>LUÍS CHIRIBOGA</p>
<p>Age: 69</p>
<p>Nationality: Ecuador</p>
<p>MARCO POLO DEL NERO</p>
<p>Age: 74</p>
<p>Nationality: Brazil</p>
<p>EDUARDO DELUCA</p>
<p>Age: 75</p>
<p>Nationality: ARGENTINA</p>
<p>ALFREDO HAWIT</p>
<p>Age: 64</p>
<p>Nationality: Honduras</p>
<p>BRAYAN JIMÉNEZ</p>
<p>Age: 61</p>
<p>Nationality: Guatemala</p>
<p>JOSÉ LUÍS MEISZNER</p>
<p>Age: 69</p>
<p>Nationality: Argentina</p>
<p>JUAN ÁNGEL NAPOUT</p>
<p>Age: 57</p>
<p>Nationality: Paraguay</p>
<p>ROMER OSUNA</p>
<p>Age: 72</p>
<p>Nationality: Bolivia</p>
<p>RAFAEL SALGUERO</p>
<p>Age: 70</p>
<p>Nationality: Guatemala</p>
<p>RICARDO TEIXEIRA</p>
<p>Age: 68</p>
<p>Nationality: Brazil</p>
<p>HÉCTOR TRUJILLO</p>
<p>Age: 62</p>
<p>Nationality: Guatemala</p>
<p>REYNALDO VASQUEZ</p>
<p>Age: 59</p>
<p>Nationality: El Salvador</p>
<p><strong><u>The Convicted Defendants</u></strong><strong>:</strong></p>
<p>LUIS BEDOYA</p>
<p>Age: 56</p>
<p>Nationality: Colombia</p>
<p>ALEJANDRO BURZACO</p>
<p>Age: 51</p>
<p>Nationality: Argentina</p>
<p>ZORANA DANIS</p>
<p>Age: 52</p>
<p>Nationality: Belgium</p>
<p>ROGER HUGUET</p>
<p>Age: 52</p>
<p>Nationality: USA, Spain</p>
<p>SERGIO JADUE</p>
<p>Age: 36</p>
<p>Nationality: Chile</p>
<p>JOSÉ MARGULIES</p>
<p>Age: 76</p>
<p>Nationality: Brazil</p>
<p>FABIO TORDIN</p>
<p>Age: 50</p>
<p>Nationality: Brazil</p>
<p>JEFFREY WEBB</p>
<p>Age: 51</p>
<p>Nationality: Cayman Islands</p>
<p> ;</p>
<p>Original Press-releases from <a href="http://www.justice.gov/opa/pr/sixteen-additional-fifa-officials-indicted-racketeering-conspiracy-and-corruption" target="_blank" rel="noopener">justice.gov </a></p>