Maria, Maria, I Just Met a Scam Named Maria

Posted by at 9:14 am on May 19, 2017
Category: OFAC

Maria Duval by Decce via Wikipedia [Public Domain]

Last September, I wrote about the designation by the Office of Foreign Assets Control (“OFAC”), under the Transnational Criminal Organization (TCO) program, of Paul Davis, Pac-Net and related entities along with a number of officers, directors and employees of those companies.  Prior to these designations, only ten individuals and entities (comprising seven organizations) had ever been designated under the TCO program.  The original post focused on the nightmare that this would cause for the hundreds of thousands of people with the misfortune to be named Paul Davis.

But there was another fascinating aspect to this story.   The reason for the designations involved, at least in part, Pac-Net’s processing of payments by U.S. citizens, principally uneducated, elderly or otherwise vulnerable, in the Maria Duval psychic scam. Although the $180 million dollars this scam obtained from its victims pales in comparison with Bernie Madoff’s $20 billion Ponzi scheme, it still ranks as one history’s biggest swindles.  Victims, found on so-called “sucker lists” compiled by other direct mailers who have sold over-priced junk to people, received letters signed by Maria Duval claiming that she had a personal vision involving the recipient and that she would be glad to share that — for a fee, of course.  The real Maria Duval, a small-time French psychic fraudster, claims that she sold her name some years ago to a mysterious Swiss consortium which was responsible for the larger scam. (Read the fascinating details here.)

Earlier this week OFAC de-listed Raffaella Ferrari, who was the director, administrator, or shareholder for several PacNet-linked companies in Italy and the United Kingdom.  Last month, OFAC removed  two other individuals associated with Pac-Net from the SDN List.  No reason is given for these removals, but the relative rapidity with which they occurred, at least when compared with the normally glacial speed required to be removed from the SDN List, suggests that these individuals were probably victims of a “block-first-ask-questions-later” approach used by OFAC for the original designations.  The large number of individuals designated  certainly suggested the possibility that OFAC targeted anyone that the agency could identify as having any connection to Pac-Net.

In connection with the designations, OFAC put on its website a frankly rather silly, and not very useful, organizational chart complete with pictures of some of the individuals involved with Pac-Net.  Interestingly, not one of the three now-unblocked individuals was important enough to appear in the chart’s photographic rogues gallery.  This may explain the reason for their rapid unblocking better than anything else.


Permalink Comments (0)

Bookmark and Share

Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Send 3 Bitcoins to the Norks or You’ll Never See Your Files Again!

Posted by at 9:42 pm on May 16, 2017
Category: North Korea SanctionsOFAC

Kim Jong Un Wonders What To Do With Tennis Shoes via DPRK Twitter Feed[Fair Use]Security researchers have indicated that they have found Kim Jong Un’s pawprints all over the code used for the WannaCry ransomware, stolen from the CIA vaults by Vladimi Putin’s BFFs at WikiLeaks.  This, of course, raises the question as to whether companies that got locked out of their files by the ransomware violated the U.S. sanctions on North Korea if they paid the Bitcoin ransom to free their files.

The first part of that question that needs to be answered is whether U.S. sanctions are violated just by sending money to someone in North Korea.  You can’t answer that question by looking at OFAC’s Nork sanctions regulations, because they are woefully out of date.  The provisions in the regulations prohibit dealings with blocked parties in North Korea. But Executive Order 13722, issued on March 18, 2016, prohibits the unlicensed export of services by a United States person or from the United States to North Korea.  In OFAC’s view, sending money to North Korea is an export of financial services to that country.

So obviously a Bitcoin ransom payment, if it winds up in Kim Jong Un’s hands, is a problem for U.S. persons.   It looks like most of the ransom payments made so far came from outside the United States.   What about them?  All my readers should know that OFAC takes the position that if payments are made to sanctioned countries in U.S. Dollars, that is an export of financial services from the clearing bank in the United States to the sanctioned country.  But Bitcoin payments  don’t involve any banks.  That’s the whole point.  So no problem, right?

Not so fast.   Think about how Bitcoin and the blockchain works.  Any time a payment is made it will be reflected on the blockchain of all Bitcoin transactions and will be propagated to all computers running Bitcoin software — including a massive number of computers in the United States.

All that being said, there are a few practical roadblocks between a Bitcoin ransom payment to the Norks and an OFAC investigation.  First, the Chiquita case aside, there has been a general hesitance to go after people who pay these ransoms.   To begin with, it looks bad.   What government agency wants to go after a shipping company that pays off Somali pirates to protect their crew and property even if one or more of the pirates turns out to be an SDN?  (The most OFAC has done here has been to say that payments should not be made to SDN pirates but never explained how to figure out whether the pirate is an SDN.   Do you ask him to fax you his passport before the helicopter drops the ransom money on the deck?)

Second, there are difficulties in proving the identity of persons to whom Bitcoin payments are made.  Presumably the Norks would not have been stupid enough to establish the Bitcoin wallet or wallets using traceable IP addresses and were using clean addresses for each ransom transaction.  So the de-anonmyzing of the people receiving the Bitcoin payments would rely on vulnerabilities in TOR and methods to link multiple transactions by analyzing the blockchain itself. The various techniques do not always work but they can in certain circumstances. However, how likely is it that OFAC will engage in these analyses to track down the ultimate recipient of the ransom payments?

Bonus round:  In case you haven’t been reading the Twitter feed of the Nork news service, you will have missed this

Permalink Comments (2)

Bookmark and Share

Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Maybe BIS Should Read This Blog More Often

Posted by at 6:21 pm on May 3, 2017
Category: BISEntity ListOFACRussia Sanctions

Vladimir Putin via [Fair Use]Way back in January of this year, I pointed out a problem that the Bureau of Industry and Security (“BIS”) and the Office of Foreign Assets Control  (“OFAC”) may have unwittingly created for U.S. manufacturers of encryption-enabled products, i.e., virtually anything that touches the Internet or a private network.  Both agencies had imposed sanctions on the FSB, the Kremlin spy agency formerly known as the KGB.  The problem with this otherwise laudable move is that the FSB regulates import of encryption products into Putinstan, er, Russia, and these restrictions could effectively prevent exports of U.S. encryption items into Russia.  This would happen because U.S. exporters were forbidden from filing the necessary paperwork with the FSB by virtue of its addition to OFAC’s SDN List and BIS’s Entity List.

Well, OFAC heard the howls of industry and in just after a little more than a week after the issue had come to light issued General License 1 to permit the filing with the FSB of the necessary paperwork for imports of these products.  BIS, however, slept through those howls and did nothing.   The original post on this problem had noted the difficulties posed by BIS having put FSB on the Entity List.   It was at least possible that the FSB notification and application forms could contain unpublished EAR99 technology regarding the device to be exported to Russia, in which case a BIS license would be necessary before the notification or application could be sent to the FSB.   That would be the case even after the OFAC General License authorized the notification and application forms to be sent

Rip van BIS-winkle has finally roused itself from its slumber on this issue.  On April 17, 2017, BIS amended the Entity List designation for FSB to remove the license requirement for transactions for “items subject to the EAR” that are “related to transactions that are authorized by the Department of the Treasury’s Office of Foreign Assets Control pursuant to General License No. 1 of February 2, 2017.” What do you want to bet that a number of FSB applications were filed with technology “subject to the EAR” without the required license before this amendment to the Entity List? Technology, even technology relating to an EAR99 item, is subject to the EAR unless it has already been published or has arisen during “fundamental research.” Few people would think that unpublished information about a commercial EAR99 item would require a license. Most people probably felt that the OFAC General License got them to the finish line when dealing with the FSB. It now does, but it did not before April 17.

Permalink Comments Off on Maybe BIS Should Read This Blog More Often

Bookmark and Share

Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Cuban Rum, Pennsylvania, OFAC and a Recipe

Posted by at 6:16 pm on May 2, 2017
Category: Cuba SanctionsOFAC

Havana Club on the Road to Havana by Richard Smallbone [CC-BY-SA-2.0 (], via Flickr [cropped and processed]In an earlier post, I expressed some incredulity with respect to an dubious scheme cooked up by some Pennsylvania legislators to import Cuban rum without an OFAC license.  The scheme was based on a questionable reading of Clause 2 of the Twenty-First Amendment. There’s no way to tell whether my derision directed at the legal case for Cuban rum-running by the Pennsylvania legislators was responsible, but it appears that someone in Pennsylvania has thought better of the idea.

According to this article, the Pennsylvania Liquor Control Board which runs the Fine Wine and Good Spirits stores, Pennsylvania’s state-owned monopoly on the sales of wines and hard liquor, is preparing a license to file with OFAC to permit the PLCB to purchase Cuban rum for sales in those stores. The application apparently argues that the “mystique” of Cuban rum would create a boon to the Pennsylvania economy by enticing shoppers into the state-run liquor stores. After all, who needs to fly down to Havana when you can buy Cuban rum in a state store in Erie or drink authentic daiquiris made with Havana Club in Wilkes-Barre?

A Pennsylvania state senator instrumental in the state’s efforts to bring Cuban rum to his state dismissed the notion that this plan posed a threat to national security, telling ABC News “We’re talking about buying a rum.” Good point.

But, of course, with all things Cuba not everyone agrees — here’s an irate letter to the editor of the Express Times in Lehigh Valley criticizing the proposed rum deal.

For those of you now planning a road trip to Pennsylvania to stock up on Cuban rum when (and if) it becomes available there, I commend to you this recipe for the El Presidente Cocktail. This cocktail was named after Cuban president Gerardo Machado (who served between 1925 and 1933) and was a favorite among Americans who sought respite from Prohibition in the night clubs of Havana. And, as the recipe makes clear, use real grenadine that you make yourself, not that pink-colored sugar water that you find on grocery shelves or in the wells of your less estimable drinking establishments. Cheers!

Photo Credit: Havana Club on the Road to Havana by Richard Smallbone [CC-BY-SA-2.0 (], via Flickr [cropped and processed]. Copyright 2013 Richard Smallbone

Permalink Comments (3)

Bookmark and Share

Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



The Gray Lady Seems Pretty Gray About Export Law

Posted by at 5:51 pm on April 27, 2017
Category: BISOFAC

Huawei HQ by Brücke-Osteuropa Ditzel [Public Domain], via New York Times yesterday reported that it had, somehow or other, laid its hands on an administrative subpoena sent last December by the Office of Foreign Assets Control (“OFAC”) to Chinese telecom manufacturer Huawei. The subpoena, according to the newspaper, asks for information on the company’s dealings with “Cuba, Iran, Sudan and Syria over the past five years.”

The article notes that a similar subpoena had been issued earlier last summer by the Department of Commerce, presumably a reference to the Bureau of Industry and Security (“BIS”). This appears to have caused the Times to become perplexed over why OFAC was now sticking its nose into the matter. So they asked someone whom they imagined to be an expert what was going on and he came up with this humdinger:

The most likely thing happening here is that Commerce figured out there was more to this than dual-use commodities, and they decided to notify Treasury.

Nope. Let’s hope for this guy’s sake that he’s been misquoted. Our expert here seems to be unaware that BIS is concerned with more than the export of dual use items. Maybe Part 746 was ripped out of his copy of the Export Administration Regulations or, possibly, his dog ate that part. That part regulates exports of all items “subject to the EAR” to Cuba, Syria, North Korea and Crimea, not just dual-use items.

And, of course, OFAC has rules that prohibit exports of goods to Cuba, North Korea, Sudan, Crimea and Iran and the export of services to Syria as well as the five previously mentioned locations. So the real answer here as to why OFAC is piling on here is because it can, not because there were concerns by BIS about transactions outside its jurisdiction.

Permalink Comments Off on The Gray Lady Seems Pretty Gray About Export Law

Bookmark and Share

Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

« Previous posts |