French authorities seized an estimated $75 million worth of French Riviera real estate and luxury cars as part of an investigation into alleged money laundering linked to two Russian businessmen with Cypriot citizenship: Ruslan Goryukhin and Mikhail Opengeym.
Opengeym appeared in ICIJ’s 2021 Pandora Papers, while Goryukhin formerly headed Stroygazmontazh, a construction company founded by Arkady Rotenberg, a Russian oligarch and close associate of Russian President Vladimir Putin, according to ICIJ media partner Le Monde.
The French investigation, launched in March, was conducted by the country’s anti-organized crime unit, the Paris public prosecutor’s office confirmed in a statement to ICIJ.
“The investigation is focused on the method of acquiring real estate through the use of loans granted by private companies domiciled in Cyprus or the British Virgin Islands,” a spokesperson said.
The office did not name the subjects of the investigation, but Le Monde identified the properties and traced their purchase histories through data leaks and open-source property records. The investigation centered on a series of real estate transactions between 2012 and 2014 financed by loans from offshore companies. Le Monde then linked the suspicious lenders to Goryukhin and Opengeym. Part of Goryukhin’s estate in Grasse, Le Monde found, was financed through several companies in three separate territories (British Virgin Islands, Cyprus and Monaco).
Do you have a story about corruption, fraud, or abuse of power?
ICIJ accepts information about wrongdoing by corporate, government or public services around the world. We do our utmost to guarantee the confidentiality of our sources.
Last month, authorities seized eight properties, including the estate in Grasse and luxury villas in the towns of Saint-Raphael and Grimaud in southeastern France. Two luxury vehicles, and company shares worth nearly 2.7 million euros, or $2.9 million, were also seized, the public prosecutor’s office said.
Under a 2013 anti-money laundering law, French courts require beneficiaries to prove the legitimate source of funds, reversing the burden of proof to simplify previously complex judicial investigations. The courts authorized the seizures due to the large sums of money involved and the opaque origin of the funds, which authorities told Le Monde were “symptomatic of suspected money-laundering operations.”
The National Gendarmerie, a French law enforcement agency, also examined the role of intermediaries that allegedly aided the suspicious transactions, including a notary and two Monaco-based firms specializing in wealth and tax engineering, Le Monde reported.
Through their lawyers, both Goryukhin and Opengeym declined to comment to Le Monde, though Opengeym’s lawyer said his client is not a party to the criminal proceedings. Goryukin’s lawyer said he was “reserving his statements” for the courts.
Oct. 23, 2024: This story was updated to incorporate comments from the Paris public prosecutor’s office.
In early 2023, Google’s Bard made headlines for a pretty big mistake, which we now call an AI hallucination. During a demo, the chatbot was asked, “What new discoveries from the James Webb Space Telescope can I tell my 9-year-old about?” Bard answered that JWST, which launched in December 2021, took the “very first pictures” of an exoplanet outside our solar system. However, the European Southern Observatory’s Very Large Telescope took the first picture of an exoplanet in 2004.
What is an AI hallucination?
Simply put, an AI hallucination is when a large language model (LLM), such as a generative AI tool, provides an answer that is incorrect. Sometimes, this means that the answer is totally fabricated, such as making up a research paper that doesn’t exist. Other times, it’s the wrong answer, such as with the Bard debacle.
Reasons for hallucination are varied, but the biggest one is that the data the model uses for training is incorrect — AI is only as accurate as the information it ingests. Input bias is also a top cause. If the data used for training contains biases, then the LLM will find patterns that are actually not there, which leads to incorrect results.
With businesses and consumers increasingly turning to AI for automation and decision-making, especially in key areas like healthcare and finance, the potential for errors poses a big risk. According to Gartner, AI hallucination compromises both decision-making and brand reputation. Additionally, AI hallucinations lead to the spreading of misinformation. Even more so, each AI hallucination leads to people not trusting AI results, which has widespread consequences, and businesses are increasingly turning to this technology.
While it’s tempting to have blind trust in AI, it’s important to use a balanced approach when using AI. By taking precautions to reduce AI hallucinations, organizations can weigh the benefits of AI with the potential complications, which include AI hallucinations.
Organizations increasingly using generative AI for cybersecurity
While the discussion about generative AI often focuses on software development, the issue increasingly affects cybersecurity. The reason is that organizations are starting to use generative AI for cybersecurity purposes.
Many cybersecurity professionals turn to generative AI for threat hunting. While AI-powered security information and event management (SIEM) improves response management, generative AI can use natural language searches for faster threat hunting. Analysts can use natural language chatbots to spot threats. Once a threat is detected, cybersecurity professionals can turn to generative AI to create a playbook based on the specific threat. Because generative AI uses training data to create the output, analysts have access to the latest information to respond to a specific threat with the best action.
Training is another common use for generative AI in cybersecurity. By using generative AI, cybersecurity professionals can use real-time data and current threats to create realistic scenarios. Through the simulation, cybersecurity teams get real-world experience and practice that was previously challenging to find. Because they can practice on similar threats to those they may encounter that day or week, professionals can train on current threats, not ones in the past.
How AI hallucinations affect cybersecurity
One of the biggest issues with AI hallucinations in cybersecurity is that the error can cause an organization to overlook a potential threat. For example, the AI tool may miss a potential threat that ends up causing a cyberattack. Often, this is due to bias in the model that happens through biased training data, which causes the tool to overlook a pattern that ends up affecting the results.
On the flip side, an AI hallucination may create a false alarm. If the generative AI tool fabricates a threat or falsely identifies a vulnerability, then employees will begin to trust the tool less in the future. Additionally, the organization focuses its resources on addressing the false threat, which means that a real attack may be overlooked. Each time that the AI tool produces inaccurate results, employee’s confidence in the tool becomes lower, making it less likely that they will turn to AI or trust the results in the future.
Similarly, a hallucination can provide inaccurate recommendations that prolong detection or recovery. For example, a generative AI tool may accurately spot suspicious activity but provide inaccurate information on the next step or system recommendations. Because the IT team takes the wrong steps, the cyberattack is not stopped and the threat actors gain access.
Reducing the impact of AI hallucinations on cybersecurity
By understanding and anticipating AI hallucinations, organizations can take proactive steps to both reduce the occurrence and the impact.
Here are three tips:
Train employees on prompt engineering. With generative AI, the quality of the results depends greatly on the specific prompts used for the requests. However, many employees create the prompts without formal training or knowledge on how to provide the right information to the model. Organizations that train their IT team on using specific and clear prompts can improve the results and possibly reduce AI hallucinations.
Focus on data cleanliness. AI hallucinations often happen when using poisoned data, meaning there are errors or inaccuracies in the training data. For example, a model that is trained on data that includes cybersecurity threats that were later found to be false reports may identify a threat that is not accurate. By ensuring, as much as possible, that the model uses clean data then your organization can eliminate some AI hallucinations.
Incorporate fact-checking into your process. With today’s current maturity level of generative AI tools, AI hallucinations are likely part of the process. Organizations should assume that errors or inaccurate information may be returned at this stage. By designing a fact-checking process to make sure that all information returned is accurate before employees take action, organizations can reduce the impact of the hallucinations on the business.
Leveling the cyber playing field
Many ransomware gangs and cyber criminals are using generative AI to find vulnerabilities and create attacks. Organizations that use these same tools to fight cyber crime can put themselves on a more level playing field. By also taking proactive measures to prevent and reduce the impact of AI hallucinations, businesses can more successfully use generative AI to help their cybersecurity team better protect data and infrastructure.
The circumstances surrounding the destruction of a military transport aircraft in North Darfur may point to the existence of supply channels funneling Russian weapons into Sudan. On October 22, an Il-76T was shot down in the Al Mahla region of North Darfur.
The cargo plane that was shot down in Sudan owned by a Kyrgyzstan-registered company, New Way Cargo Airlines. Bishkek’s Manas Airport stated on October 22 that the aircraft, tail number EX 76 011, had been sold to the airline earlier in 2024.
The downed aircraft, flight number: EX 76 011, belonged to the Emirati company, then in 2024 this aircraft was sold to the Egyptian company New Way Cargo Airlines and has no connection with Airline Transport Incorporation FZC in Osh. It is a part of the Air Transport Corporation. The New Way Cargo Airlines is also registered in Kyrgyzstan.
As later reported in the Foreign Ministry of the Kyrgyz Republic with reference to the State Agency for Civil Aviation, the aircraft IL-76TD with registration number EX-76011 was deleted from the registry of civilian aircraft of Kyrgyzstan on January 12, 2024 and entered the registration of Sudan.Kyrgyzstan’s Civil Aviation Agency stated that the plane had been removed from the registry of Kyrgyzstan on January 12 of this year and registered in Sudan.
The downed aircraft had Russian nationals on board, according to videos from the crash site showing documents belonging to Viktor Granov, whose death was reported by the Russian Telegram channel Mash. Sudanese media have also published images of a flight manual, indicating that the plane was operated by Kyrgyz airline New Way Cargo Airlines. The Il-76 was flying from Ras Al Khaimah International Airport in the UAE to Amjarass, a town in neighboring Chad.
We are convinced that the plane was part of an airlift sponsored by the UAE in support of the Rapid Support Forces (RSF), which mistakenly shot it down, believing it to be a bomber from Sudanese government forces. Back in June, Sudan’s government accused the UAE of fueling the conflict by supplying weapons to paramilitary groups. Khartoum claimed the UAE was shipping arms to the RSF multiple times a week from Chad. However, we believe these arms deliveries are facilitated with the involvement of Russian military intelligence, whose objective is to support RSF leader Mohamed Hamdan Dagalo, commonly known as Hemedti, in his bid for power in Sudan, and to secure access to Sudan’s Red Sea coast for use as a Russian military base. Russian Foreign Minister Sergei Lavrov has stated that Russia supplies Chad with military equipment to combat terrorism, and that cooperation between the two countries will continue.
Several media outlets, citing U.S. intelligence, have reported that the Russian private military company Wagner offered heavy weapons to RSF commander Hemedti, including man-portable air-defense systems (MANPADS), which were reportedly stored at Wagner’s operational base in the Central African Republic. According to a Pentagon source, Hemedti was “actively considering” the offer while awaiting a final decision. The delivery of MANPADS could enable the RSF to counter aerial attacks by Sudanese Armed Forces under General Abdel Fattah al-Burhan, who have been conducting airstrikes across the country since April 15. The downing of the Il-76 may indicate that the RSF has already acquired these systems. The details surrounding this flight also suggest that Russia may have reverted to old arms supply schemes, using front companies linked to military intelligence—similar to the operations once run by Viktor Bout.
Evidence suggests that Viktor Granov, who is believed to have died in the crash of the aforementioned aircraft, owned an airline in Africa. In the early 2000s, Granov lived in South Africa and operated CJSC “Pilot Airlines,” which closed after a few years. He also owned Aircargo Services International Limited and Gran Propeller in Africa, as well as, possibly, Victoria Air. Reports indicate that in 2009, one of Granov’s planes, an An-12, crashed on the border with Rwanda, allegedly near Bunyakiri, where it was involved in arms deliveries to government forces.
Footage captured by militants at the crash site shows an ID card from Kyrgyzstan’s Manas International Airport. According to the document, Viktor Granov was employed by Airline Transport Incorporation FZC, a company based in the UAE. The director of its Kyrgyz branch is listed as Kubanychbek Mamakeev.
Several Kyrgyz Il-76 aircraft were involved in transporting cargo from the UAE to Amjarass (Chad), including two operated by New Way Cargo Airlines (tail numbers EX-76010 and EX-76015), with planes stationed at Ras Al Khaimah (UAE).
These aircraft completed seven known cargo flights and another 35 unidentified flights to Amjarass Airport between June 2023 and May 2024. Given the frequency of these flights, it is highly likely that military equipment was being transported.
While the UAE claims these airlifts were for humanitarian purposes, the evidence strongly suggests the cargo planes were carrying military supplies.
Documents of the JSC Manas International Airport (MIA) found on the board of the IL-76 cargo plane, which was shot down in Sudan, did not belong to an employee of the Manas airport, but to the employee of the Airline Transport Incorporation FZC company Viktor Granov.
The Embassy of Kyrgyzstan in Saudi Arabia requested information about the incident through diplomatic channels. According to preliminary reports, no citizens of the Kyrgyz Republic were on the board of the crashed plane, the Foreign Ministry reports.
The death of Anton Selivanets, a Russian aircraft engineer, has been confirmed following the downing of a cargo plane in war-torn Sudan. Selivanets was on board the Il-76 transport plane, which was shot down by participants in the civil conflict, his family confirmed on October 22.
Granov was the chief engineer of the United Arab Emirates-registered Airline Transport Incorporation FZC. Manas Airport confirmed on October 22 that Granov worked for Airline Transport Incorporation FZC, stressing that the man was not the airport’s employee.
Mash Telegram channel claims that the Russians were flying to Sudan from the United Arab Emirates to repair the plane.
AIRLINE TRANSPORT INCORPORATION (FZC), a company registered in the United Arab Emirates and located within the Sharjah Airport International Free Zone (SAIF), is officially listed as a legitimate business. However, we believe the company is a front, established to facilitate arms smuggling operations on behalf of Russia’s GRU (Main Intelligence Directorate).
This suspicion arises from the company’s involvement in flights with cargo to conflict zones, including Sudan and Chad, under questionable circumstances. The pattern of operations, alongside its use of front companies and connections to individuals linked to past illicit arms deliveries, strongly suggests that the firm’s true purpose is covert arms trafficking rather than legitimate commercial or humanitarian activity.
Western diplomats have voiced concerns that Russia’s growing footprint in Africa could destabilize the region further. Chad, a key ally of France, is seen as a potential target for Russian influence, with Wagner operatives reportedly supporting Chadian rebel groups responsible for the assassination of Chad’s former president, Idriss Déby, in 2021. Moscow’s backing of these forces could have wide-reaching consequences for the region’s fragile political landscape.
Data security is the cornerstone of every business operation. Today, the security of sensitive data and communication depends on traditional cryptography methods, such as the RSA algorithm. While such algorithms secure against today’s threats, organizations must continue to look forward and begin to prepare against upcoming risk factors.
The National Institute of Standards and Technology (NIST) published its first set of post-quantum cryptography (PQC) standards. This landmark announcement is an important marker in the modern cybersecurity landscape, cementing the indeterminate future of post-quantum cryptography as an important cybersecurity priority for enterprises, government agencies and supply chain vendors.
NIST has finalized the three following PQC standards to strengthen cryptography infrastructure for the quantum era:
ML-KEM (derived from CRYSTALS-Kyber) — a key encapsulation mechanism selected for general encryption, such as for accessing secured websites
ML-DSA (derived from CRYSTALS-Dilithium) — a lattice-based algorithm chosen for general-purpose digital signature protocols
SLH-DSA (derived from SPHINCS+) — a stateless hash-based digital signature scheme
Since as early as 2021, NIST has been encouraging organizations to begin planning and preparing for the transition toward quantum-safe. The finalization and release of these three PQC standards is the assurance and guidance many organizations need to embrace and begin the process of transforming to crypto-agility.
How are organizations preparing today to withstand attacks from quantum computers in the future?
IBM has engaged with many large organizations over the past 18 months. These leaders have established, or are establishing, quantum-safe transformational initiatives as a strategic imperative, approaching it with a people, processes and technology perspective. Reaching “quantum safety” requires increasing crypto maturity, and transforming their cryptography program in the process. The objective is a strong cryptographic posture, including resilience against quantum-powered risks.
The journey toward quantum-safe often starts with discovering and classifying data to gain visibility into cryptographic inventory across the enterprise, including being able to analyze risk and prioritize remediation. Beyond discovery and classification is the transformation toward crypto-agility, the ability for platforms, systems and applications to:
Update cryptography when it is broken
Change cryptography when regulations and new threats require it
The International Consortium of Investigative Journalists is welcoming 10 new members to its global network, expanding the consortium to three new countries as the journalism nonprofit continues its mission to bring together journalists to tell stories that rock the world.
The new members hail from nine countries, including for the first time reporters from Kazakhstan, Kyrgyzstan and Equatorial Guinea. All 10 journalists have previously partnered with ICIJ and its network on global investigations, from the Pandora Papers to Deforestation Inc., and bring a wealth of knowledge and years of experience to the consortium.
“ICIJ prides itself on working with the best investigators from all over the world, and our newest members are a testament to that philosophy,” said Executive Director Gerard Ryle.
“These are proven reporters who understand the power of investigative journalism to make real change in the world around us, and we’re looking forward to working with them on our future projects,” Ryle said.
The new members earned their invitations through their journalistic integrity, collaborative spirit and track records of exposing corruption, injustice and inequality through powerful storytelling. Journalists are selected by ICIJ’s Network Committee, which is run by members from around the world who are elected by their peers.
“We reviewed the profiles of dozens of very good candidates, so we are very proud to introduce these new members, who have already shown that they are excellent reporters and — just as important — wonderful collaborators who will uphold the high standards of the ICIJ network,” said Francisca Skoknic, chair of the committee. “They’re joining a group of dedicated journalists who strive to make the world better with every story, and we’re excited to welcome them into our fold.”
ICIJ welcomes pitches and proposals for collaborations from proven investigative journalists. Please contact us by email. Story ideas are treated confidentially.
ICIJ also encourages tips and leaks from industry insiders and concerned members of the public. Tips and documents can be shared via one of these platforms.
GIVE TO HELP US INVESTIGATE!
Help us fight corruption, injustice and inequality with just $25/month.
The U.S. arm of Canada-based TD Bank has agreed to pay a penalty to settle allegations that it failed to stop drug traffickers and money launderers from pushing hundreds of millions of dollars of illicit funds through the U.S. financial system.
The bank agreed to plead guilty to charges that it violated the Bank Secrecy Act in federal court in New Jersey last week. TD also settled a number of civil investigations by the U.S. Treasury’s Financial Crimes Enforcement Network, the Federal Reserve and the Office of the Comptroller of the Currency.
Between the criminal charges and the civil suits, the bank has agreed to pay a total of more than $3 billion to the U.S. authorities, including $1.3 billion to FinCEN — which Treasury described as “historic.”
“TD Bank created an environment that allowed financial crime to flourish. By making its services convenient for criminals, it became one.” – Attorney General Merrick B. Garland pic.twitter.com/DfDE0ylGwK
According to prosecutors, TD Bank’s U.S. unit failed to uphold proper anti-money laundering controls for almost a decade, from 2014 to 2023, during which time prosecutors said numerous criminal enterprises were able to transact through the bank. This included a Chinese drug trafficking group that bribed bank employees and was ultimately able to launder more than $470 million in cash linked to the sale of fentanyl and other illegal drugs, as well as another money laundering scheme that sent tens of millions of dollars to Colombia.
Announcing the penalties, U.S. Attorney General Merrick Garland said in a press conference that TD Bank was “the largest bank in U.S. history to plead guilty to Bank Secrecy Act program failures and the first U.S. bank in history to plead guilty to conspiracy to commit money laundering.”
“TD Bank created an environment that allowed financial crime to flourish,” Garland said. “By making its services convenient for criminals, it became one.”
In addition to the penalties, TD has also agreed to enter into a three-year monitorship and five-year probation, and will be subject to limits on the growth of its U.S. retail business.
“The fact that this conduct went to that depth and gravity is absolutely remarkable and the fact that the Treasury and the DOJ required that TD Bank plead to that level of culpability is really remarkable,” Scott Greytak, director of advocacy at Transparency International US, told ICIJ.
He added that TD Bank’s admission of conspiracy to commit money laundering in the settlement was “a new level” and the resulting penalties against should be a deterrent for other financial institutions.
“[This] isn’t chump change,” Greytak said. “I don’t think anybody can write this off as the cost of doing business.”
TD joins a long line of international banks accused of moving illicit cash through the U.S. financial system for criminal clients and shadowy characters. In 2020, ICIJ and BuzzFeed News’ FinCEN Files investigation uncovered more than $2 trillion in suspicious transactions processed by banks in the U.S. over eight years.
Based on a leak of more than 2,000 suspicious activity reports filed to the U.S. Treasury, the investigation found that five global banks — JPMorgan Chase, HSBC, Standard Chartered Bank, Deutsche Bank and Bank of New York Mellon — continued to move illicit cash even after U.S. authorities fined these financial institutions for earlier failures to stem flows of dirty money. In half of the FinCEN Files reports, banks didn’t have information about one or more entities behind the transactions.
Providing further details about the TD Bank case, Garland gave examples where bank employees “openly joked about the bank’s enabling of criminal activity.”
“Employees consistently joked on the bank’s instant messaging platform about the bank’s motto, ‘America’s Most Convenient Bank,’” Garland said, highlighting exchanges where bank workers acknowledged that lax controls at the bank made them an “easy target” for “the bad guys.”
Garland also said the Justice Department was currently investigating “individual employees at every level of TD Bank” and warned that “no one involved in TD Bank’s illegal conduct will be off limits.”
Leaked Panama Papers documents reveal a new connection between an accused money launderer and a sprawling financial network that police claim is linked to one of Brazil’s largest criminal organizations.
As part of an ongoing operation against the suspect network, authorities have seized and frozen millions of dollars of what they say are illicit profits from the country’s largest criminal organization, Primero Comando da Capital, known as PCC, according to media reports.
São Paulo police allege proceeds of drug trafficking were moved through a syndicate of companies to mask their illicit origin. A 446-page report on the police investigation obtained by Agência Pública, a Brazilian investigative news outlet and an ICIJ partner, named one of those companies as Farlow Development SA, registered in the British Virgin Islands by Panamanian law firm Mossack Fonseca. In 2016, the now-shuttered law firm became synonymous with the shady world of offshore finance following ICIJ’s Panama Papers exposé, based on a cache of 11.5 million leaked Mossack Fonseca records. More than 214,000 offshore entities appeared in the leak.
The report obtained by Agência Pública stated that police found information on Farlow Development via ICIJ’s Offshore Leaks database during their investigation. An ICIJ review of Panama Papers documents found Farlow Development was created in early 2012 a few months before Dalton Baptista Neman, a Brazilian national became its largest shareholder. His romantic partner Cristiane Cheruti and his son Caio Alonso Neman are also named as shareholders. All three were arrested in 2021 on charges of using a family-run company called Banco Neman to launder money for the PCC and were later released. An online search led police to the Offshore Leaks database, which named Baptista Neman, Cheruti and Caio Alonso Neman as Banco Neman’s founders.
São Paulo authorities said they had frozen 150 million reais (some $26 million) linked to the criminal group in August, while courts blocked 41 bank accounts, according to media reports. After executing 31 search and seizure warrants, police seized an additional $14 million in late September in an operation targeting drug trafficking in an area colloquially known as “Cracolandia” near the border with Uruguay, several media outlets reported. Police have dubbed the actions and ongoing investigation “Operation Downtown.”
Do you have a story about corruption, fraud, or abuse of power?
ICIJ accepts information about wrongdoing by corporate, government or public services around the world. We do our utmost to guarantee the confidentiality of our sources.
Alice Maciel, a reporter at Agência Pública, spoke to Baptista Neman on Aug. 26. In the interview, he confirmed he had opened Farlow Development in the BVI, but said that he did not use it to move money. “We never had any money from outside. We opened the company, but not a single real was ever deposited into the account,” Baptista Neman said.
A Panama Papers document showed that Dalton Baptista Neman’s mother, then-82-year-old Irene Baptista Neman, was granted power of attorney over Farlow Development shortly after her son became the company’s largest shareholder. The police report said that five weeks later, the woman’s name was used to incorporate a new financial company in Brazil which moved more than 50 million reais (around $21.7 million at the time) in just six months.
Budanov identified North Korea as Russia’s most dangerous military ally for Ukraine, as its weapons and ammunition supplies significantly impact the intensity of hostilities.
Ahead of Tuesday’s candidates’ debate I offered the US vice-president some advice: distance yourself from Joe Biden and denounce Trump’s treasonous relationship with Putin towards the war in Ukraine.
