The Anatomy of Public Corruption

EDD Fraud Convictions - USAO - California, Central


One-Time EDD Employee Agrees to Plead Guilty for Fraudulently Obtaining More Than $1.6 Million in COVID-Related Jobless Benefits

EDD Fraud Convictions

Department of Justice
U.S. Attorney’s Office
Central District of California

FOR IMMEDIATE RELEASE
Wednesday, September 8, 2021

One-Time EDD Employee Agrees to Plead Guilty for Fraudulently Obtaining More Than $1.6 Million in COVID-Related Jobless Benefits

          LOS ANGELES – A former California Employment Development Department (EDD) employee has agreed to plead guilty to a federal criminal charge for causing nearly 200 fraudulent COVID-related unemployment relief claims to be filed in other people’s names, resulting in more than $1.6 million in ill-gotten gains, the Justice Department announced today.

          Gabriela Llerenas, a.k.a. “Maria G. Sandoval,” 49, of Perris, signed a plea agreement that was filed today in which she has agreed to plead guilty to a single-count information charging her with mail fraud.

          Court records show that Llerenas previously worked at EDD as a disability insurance program representative. She resigned in March 2002 after admitting to fraudulently authorizing and paying disability benefits administered by EDD. She was sentenced to 37 months in federal prison in connection with that scheme.

          The new scheme that Llerenas has admitted running took advantage of the expanded eligibility for unemployment insurance (UI) benefits made possible by the Coronavirus Aid, Relief, and Economic Security (CARES) Act passed by Congress and signed into law in March 2020. The CARES Act provided additional UI benefits to qualified individuals and helped provide UI benefits during the COVID-19 pandemic to people who did not otherwise qualify, including business owners, self-employed workers, independent contractors, and those with a limited work history.

          From April to October 2020, Llerenas filed and caused the filing with EDD of fraudulent unemployment insurance benefits that falsely asserted the named claimants were self-employed independent contractors – often identifying them as cake decorators or event attendants – who were negatively affected by the COVID-19 pandemic. Llerenas obtained some of the names, Social Security numbers and other identifying information she used to submit the fraudulent claims through her prior work as a tax preparer.

          In her plea agreement, Llerenas also admitted to falsely stating on some of the applications that the claimants were residents of California entitled to unemployment insurance benefits administered by EDD when in fact they lived elsewhere. She also admitted that, on some applications, she inflated the amounts of income she reported for the claimant to maximize the benefit amount. She also admitted to sometimes filing a dozen or more fraudulent EDD claims in a day.

          As a result of the fraudulent unemployment benefits applications that Llerenas filed and caused to be filed, EDD authorized Bank of America to mail debit cards in the names of the claimants to addresses she provided, including her residence, her husband’s business location, her mother’s apartment and the addresses of friends and other family members.

          Llerenas admitted that she charged the named claimants a fee for filling the applications, which was often paid out of the fraudulently obtained benefits. In at least one case, she told the named claimant that she was still employed at EDD and could control the distribution of the unemployment insurance benefits, and then demanded an additional payment for “releasing” the benefits.

          In total, 197 debit cards were fraudulently issued because of this scheme, resulting in losses to EDD and the United States Treasury that Llerenas has admitted were at least $1,633,487.

          Llerenas is scheduled to make her initial appearance on September 22. The criminal offense to which Llerenas has agreed to plead guilty carries a statutory maximum sentence of 20 years in federal prison.

          The Department of Labor-Office of Inspector General, EDD-Investigations Division, Homeland Security Investigations, United States Postal Inspection Service, Federal Bureau of Investigation and Social Security Administration-Office of Inspector General investigated this matter.

          Assistant United States Attorney Ranee A. Katzenstein, Chief of the Major Frauds Section, is prosecuting this case.

          On May 17, 2021, the Attorney General established the COVID-19 Fraud Enforcement Task Force to marshal the resources of the Department of Justice in partnership with agencies across government to enhance efforts to combat and prevent pandemic-related fraud.

          The Task Force bolsters efforts to investigate and prosecute the most culpable domestic and international criminal actors and assists agencies tasked with administering relief programs to prevent fraud by, among other methods, augmenting and incorporating existing coordination mechanisms, identifying resources and techniques to uncover fraudulent actors and their schemes, and sharing and harnessing information and insights gained from prior enforcement efforts. For more information on the Department’s response to the pandemic, please visit https://www.justice.gov/coronavirus.

          Anyone with information about allegations of attempted fraud involving COVID-19 can report it by calling the Department of Justice’s National Center for Disaster Fraud Hotline at (866) 720-5721 or via the NCDF Web Complaint Form at: https://www.justice.gov/disaster-fraud/ncdf-disaster-complaint-form.

Topic(s): 
Coronavirus
Component(s): 
Contact: 
Ciaran McEvoy Public Information Officer United States Attorney’s Office Central District of California (Los Angeles) ciaran.mcevoy@usdoj.gov (213) 894-4465
Press Release Number: 
21-181
Share:

Three Former U.S. Intelligence Community and Military Personnel Agree to Pay More Than $1.68 Million to Resolve Criminal Charges Arising from Their Provision of Hacking-Related Services to a Foreign Government

Move the Truth

The current CEO and Chairman plus their billionaire owners should be charged with racketeering, obstruction of Justice
Kill the witness in Bennett vs. Southern Pacific

 

Three Former U.S. Intelligence Community and Military Personnel Agree to Pay More Than $1.68 Million to Resolve Criminal Charges Arising from Their Provision of Hacking-Related Services to a Foreign Government

Services, Including a Sophisticated ‘Zero Click’ Exploit, Violated U.S. Export Control and Computer Fraud and Abuse Laws

On Sept. 7, U.S. citizens, Marc Baier, 49, and Ryan Adams, 34, and a former U.S. citizen, Daniel Gericke, 40, all former employees of the U.S. Intelligence Community (USIC) or the U.S. military, entered into a deferred prosecution agreement (DPA) that restricts their future activities and employment and requires the payment of $1,685,000 in penalties to resolve a Department of Justice investigation regarding violations of U.S. export control, computer fraud and access device fraud laws. The Department filed the DPA today, along with a criminal information alleging that the defendants conspired to violate such laws.

According to court documents, the defendants worked as senior managers at a United Arab Emirates (U.A.E.)-based company (U.A.E. CO) that supported and carried out computer network exploitation (CNE) operations (i.e., “hacking”) for the benefit of the U.A.E government between 2016 and 2019. Despite being informed on several occasions that their work for U.A.E. CO, under the International Traffic in Arms Regulations (ITAR), constituted a “defense service” requiring a license from the State Department’s Directorate of Defense Trade Controls (DDTC), the defendants proceeded to provide such services without a license.

These services included the provision of support, direction and supervision in the creation of sophisticated “zero-click” computer hacking and intelligence gathering systems – i.e., one that could compromise a device without any action by the target. U.A.E. CO employees whose activities were supervised by and known to the defendants thereafter leveraged these zero-click exploits to illegally obtain and use access credentials for online accounts issued by U.S. companies, and to obtain unauthorized access to computers, like mobile phones, around the world, including in the United States.

“This agreement is the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States,” said Acting Assistant Attorney General Mark J. Lesko for the Justice Department’s National Security Division. “Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct.”

“Left unregulated, the proliferation of offensive cyber capabilities undermines privacy and security worldwide. Under our International Traffic in Arms Regulations, the United States will ensure that U.S. persons only provide defense services in support of such capabilities pursuant to proper licenses and oversight,” said Acting U.S. Attorney Channing D. Phillips of the District of Columbia. “A U.S. person’s status as a former U.S. government employee certainly does not provide them with a free pass in that regard.”

“The FBI will fully investigate individuals and companies that profit from illegal criminal cyber activity,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “This is a clear message to anybody, including former U.S. government employees, who had considered using cyberspace to leverage export-controlled information for the benefit of a foreign government or a foreign commercial company – there is risk, and there will be consequences.”

“Today’s announcement shines a light on the unlawful activity of three former members of the U.S. Intelligence Community and military,” said Assistant Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office. “These individuals chose to ignore warnings and to leverage their years of experience to support and enhance a foreign government’s offensive cyber operations. These charges and the associated penalties make clear that the FBI will continue to investigate such violations.”

The Defendants’ Applicable Conduct

After leaving U.S. government employment, Baier, Adams and Gericke worked for a U.S. Company (U.S. Company One) that provided cyber services to a U.A.E. government agency in compliance with the ITAR pursuant to a DDTC-issued Technical Assistance Agreement (TAA) signed by U.S. Company One, the U.A.E. government, and its relevant intelligence agency. U.S. Company One’s TAA specifically required the parties to abide by U.S. export control laws; obtain preapproval from a U.S. government agency prior to releasing information regarding “cryptographic analysis and/or computer network exploitation or attack,” and; not “target or exploit U.S. Persons (i.e., U.S. citizens, permanent resident aliens, or U.S. companies or entities, or other persons in the United States) . . .” While employed by U.S. Company One, the defendants received periodic ITAR and TAA training.

In January 2016, after receiving an offer for higher compensation and an expanded budget, the defendants joined U.A.E. CO as senior managers of a team known as Cyber Intelligence-Operations (CIO). Prior to their departure, U.S. Company One repeatedly informed its employees, including the defendants, that the services they were providing constituted “defense services” under the ITAR, and that U.S. persons could not lawfully provide such services to U.A.E. CO without obtaining a separate TAA. After joining U.A.E. CO, the defendants sought continued access to U.S. Company One’s ITAR-controlled information, including from U.S. Company One employees, in violation of the TAA and the ITAR.

Between January 2016 and November 2019, the defendants and other U.A.E. CO CIO employees expanded the breadth and increased the sophistication of the CNE operations that CIO was providing to the U.A.E. government. For example, over an 18-month period, CIO employees, with defendants’ support, direction and supervision, created two similar “zero-click” computer hacking and intelligence gathering systems that leveraged servers in the United States belonging to a U.S. technology company (U.S. Company Two) to obtain remote, unauthorized access to any of the tens of millions of smartphones and mobile devices utilizing a U.S. Company Two-provided operating system. The defendants and other CIO employees colloquially referred to these two systems as “KARMA” and “KARMA 2.”

CIO employees whose activities were supervised by and/or known to the defendants used the KARMA systems to obtain, without authorization, targeted individuals’ login credentials and other authentication tokens (i.e., unique digital codes issued to authorized users) issued by U.S. companies, including email providers, cloud storage providers, and social media companies. CIO employees then used these access devices to, again without authorization, log into the target’s accounts to steal data, including from servers within the United States.

U.S. Company Two updated the operating system for its smartphones and other mobile devices in September 2016, undercutting the usefulness of KARMA. Accordingly, CIO created KARMA 2, which relied on a different exploit.  In the summer of 2017, the FBI informed U.S. Company Two that its devices were vulnerable to the exploit used by KARMA 2. In August 2017, U.S. Company Two updated the operating system for its smartphones and other mobile devices, limiting KARMA 2’s functionality. However, both KARMA and KARMA 2 remained effective against U.S. Company Two devices that used older versions of its operating system.

The DPA’s Terms

Under the terms of the DPA, Baier, Adams and Gericke agreed to pay $750,000, $600,000, and $335,000 respectively, over a three-year term, which they may not be reimbursed for without the express approval of the U.S. government. In addition to the financial penalties, as part of the DPA, the defendants agreed to full cooperation with the relevant Department and FBI components; the immediate relinquishment of any foreign or U.S. security clearances; a lifetime ban on future U.S. security clearances; and certain future employment restrictions, including a prohibition on employment that involves CNE activity or exporting defense articles or providing defense services under the ITAR (e.g., CNE techniques), and restrictions on employment for certain U.A.E. organizations.

The investigation was conducted jointly by the U.S. Attorney’s Office for the District of Columbia, the Justice Department’s National Security Division (NSD), and the FBI’s Washington Field Office.

Assistant U.S. Attorneys Demian Ahn and Tejpal Chawla of the U.S. Attorney’s Office for the District of Columbia and Counsel for Cyber Investigations Ali Ahmad and Trial Attorney Scott Claffee of NSD’s Counterintelligence and Export Control Section led the investigation for the government.

Share:

Anchor links for post titles

Popular Posts

Blog Archive

Labels

Recent Posts

Popular Posts

Labels

Recent Posts

Pages

Labels

Blog Archive

Recent Posts