The FBI and Interpol announce Operation Endgame, the "largest ever operation against botnets". And they made some animated videos to go with it!

The TrickBot botnet and other malware droppers have been targeted by international law enforcement in Operation Endgame.

The post TrickBot and Other Malware Droppers Disrupted by Law Enforcement appeared first on SecurityWeek.

The US announced that the 911 S5 (Cloud Router) botnet, likely the world’s largest, has been dismantled and its administrator arrested.

The post Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested appeared first on SecurityWeek.

In a joint international law enforcement action dubbed “Operation Endgame,” the agencies and judicial authorities dismantled major botnet infrastructure, targeting notorious malware droppers like IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and TrickBot. In a Thursday announcement Europol said that between May 27 and 29, Operation Endgame led to four arrests and the takedown of over 100 servers worldwide.

“This is the largest ever operation against botnets, which play a major role in the deployment of ransomware,” Europol said.

Botnets are used for different types of cybercrime including ransomware, identity theft, credit card scams, and several other financial crimes. “The dismantled botnets consisted of millions of infected computer systems,” a joint press statement from the Operation Endgame team said. Led by France, Germany, and the Netherlands, and supported by Eurojust, the operation involved countries including Denmark, the United Kingdom, the United States, Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland, and Ukraine. Operation Endgame resulted in:

• 4 arrests - 1 in Armenia and 3 in Ukraine.
• 16 location searches - 1 in Armenia, 1 in the Netherlands, 3 in Portugal, and 11 in Ukraine.
• Over 100 servers dismantled or disrupted in countries such as Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the UK, the US, and Ukraine.
• Over 2,000 domains seized and brought under law enforcement control.
• 8 summons were also served against other suspects.

Targeting the Cybercrime Infrastructure

Operation Endgame focused on high-value targets, their criminal infrastructure behind various malware and the freezing of illicit proceeds. “The malware, whose infrastructure was taken down during the action days, facilitated attacks with ransomware and other malicious software,” according to Europol. One primary suspect, the Europol said, earned at least €69 million in cryptocurrency by renting out sites for ransomware deployment. Authorities are closely monitoring these transactions and have secured permissions to seize the assets. The infrastructure and financial seizures had a global impact on the dropper ecosystem, the authorities believe.

Key Dropper Malware Dismantled in Operation Endgame

- SystemBC: Facilitated anonymous communication between infected systems and command-and-control servers. - Bumblebee: Delivered via phishing campaigns or compromised websites, enabling further payload execution. - Smokeloader: Used primarily to download and install additional malicious software. - IcedID (BokBot): Evolved from a banking trojan to a multi-purpose tool for various cybercrimes. - Pikabot: Enabled ransomware deployment, remote takeovers, and data theft through initial system access.

“All of them are now being used to deploy ransomware and are seen as the main threat in the infection chain,” Europol said.

[caption id="attachment_72953" align="aligncenter" width="1920"] Operation Endgame seizure notice (Credit: Europol)[/caption]

The Role of Dropper Malware in Cyberattacks

Droppers are essential tools in cyberattacks, acting as the initial vector to bypass security and install harmful software such as ransomware and spyware. They facilitate further malicious activities by enabling the deployment of additional malware on compromised systems.

How Droppers Operate

1. Infiltration: Enter systems through email attachments, compromised websites, or bundled with legitimate software.
2. Execution: Install additional malware on the victim's computer without the user's knowledge.
3. Evasion: Avoid detection by security software through methods like code obfuscation and running in memory.
4. Payload Delivery: Deploy additional malware, potentially becoming inactive or removing itself to evade detection.

The success of the operation was bolstered by private partners such as Bitdefender, Sekoia, Shadowserver, Proofpoint, and Fox-IT, among others. Their support was crucial in disrupting the criminal networks and infrastructure, the authorities said.

Wait for Operation Endgame Season 2

Operation Endgame signifies a major victory, but this is not really the end of it. Taking cue from the Marvel cinematic movie ‘Avengers – Endgame,’ the law enforcement is set to to release a part two of this operation in a few hours from now as they said their efforts continue.

“This is Season 1 of operation Endgame. Stay tuned. It sure will be exciting. Maybe not for everyone though. Some results can be found here, others will come to you in different and unexpected ways,” the authorities said.

“Feel free to get in touch, you might need us. Surely, we could both benefit from an openhearted dialogue. You would not be the first one, nor will you be the last. Think about (y)our next move.” Future actions will be announced on the Operation Endgame website, possibly targeting suspects and users, and ensuring accountability. The news of this massive botnet takedown operation comes a day after the announcement of the dismantling of “likely the world’s largest botnet ever” – the 911 S5 botnet. The botnet’s alleged administrator Yunhe Wang, was arrested last week and a subsequent seizure of infrastructure and assets was announced by the FBI. The recent law enforcement actions represent a historic milestone in combating cybercrime, dealing a significant blow to the dropper malware ecosystem that supports ransomware and other malicious activities. The operation's success underscores the importance of international cooperation and the need for robust cybersecurity measures to tackle evolving threats.

The US government has announced sanctions against three Chinese nationals accused of creating and operating the 911 S5 proxy botnet.

The post US Sanctions Three Chinese Men for Operating 911 S5 Botnet appeared first on SecurityWeek.

The U.S. law enforcement has arrested an alleged operator of "Incognito Market," a major online dark web narcotics marketplace that facilitated more than $100 million in illegal narcotics sales globally. Rui-Siang Lin, a 23-year-old from Taiwan, was arrested at John F. Kennedy Airport on May 18 for allegedly operating the Incognito Market using the pseudonym "Pharoah." Lin oversaw all aspects of the site, including managing employees, vendors and customers, revealed an unsealed indictment filed with the federal court at the U.S. Southern District of New York. Since its inception in October 2020 until its closure in March, Incognito Market sold vast quantities of illegal narcotics, including hundreds of kilograms of cocaine and methamphetamines, globally via the dark web site that could be reached through Tor web browser. The underground marketplace facilitated an overall sale of more than $100 million of narcotics in its 41 months of operation. The popularity of this marketplace can be gauged from the fact that by June 2023 it was generating sales of $5 million per month. [caption id="attachment_69369" align="aligncenter" width="2560"] Credit: Justice Department[/caption]

Features and Transactions of Incognito Market

Incognito Market mimicked legitimate e-commerce sites with features like branding, advertising and customer service. Users could search listings for various narcotics after logging in with unique credentials. [caption id="attachment_69367" align="aligncenter" width="624"] Credit: Justice Department[/caption] The site offered illegal narcotics and misbranded prescription drugs, including heroin, cocaine, LSD, MDMA, oxycodone, methamphetamines, ketamine, and alprazolam. [caption id="attachment_69368" align="aligncenter" width="624"] Credit: Justice Department[/caption] “For example, in November 2023, an undercover law enforcement agent received several tablets that purported to be oxycodone, which were purchased on Incognito Market. Testing on those tablets revealed that they were not authentic oxycodone at all and were, in fact, fentanyl pills,” the Justice Department said. Vendors paid a non-refundable admission fee of $750 and a 5% commission on each sale to Incognito Market, according to the indictment. This fee funded market operations, including salaries and server costs. Incognito Market also operated its own “bank,” to facilitate the illicit transactions. This bank allowed users to deposit cryptocurrency, which facilitated anonymous transactions between buyers and sellers while deducting the site’s commission, again of 5%. [caption id="attachment_69376" align="aligncenter" width="398"] Credit: Justice Department[/caption] This banking service obscured the locations and identities of vendors and customers from each other and from law enforcement. It kept the financial information of vendors and buyers separate, making it more difficult for any one actor on the marketplace to learn any other actor’s true identity, a complaint filed against Lin said. The bank also offered an “escrow” service enabling both buyers and customers to have additional security concerning their narcotics transactions. The escrow service was set in such a way that a buyer’s money would be released to a seller only after specified actions, for example, the shipment of narcotics is made. “With the escrow service, sellers know they will be paid for their illegal narcotics and buyers know their payments will be released to sellers after specified events occur,” the complaint said.

The Exit Scam

As Lin suddenly shuttered the Incognito Market in March 2024, he tried pulling an exit scam stealing the users’ funds stored in its escrow system and also tried to ransom the market’s drug vendors. Lin demanded ransom in the range of $100 to $2,000 from them in exchange of not turning their data over to the law enforcement.

Lin’s Technical Prowess

Lin seems like a knowledgeable person in the field of security and cryptocurrency, as per social media accounts listed in the complaint against him. Lin’s GitHub account describes him as a “Backend and Blockchain Engineer, Monero Enthusiast.” This GitHub account has approximately 35 publicly available software coding projects. “Collectively, these coding projects indicate that LIN has significant technical computing knowledge, including knowledge necessary to administer a site like (“Incognito Marketplace”),” the complaint said. The coding projects include operation of cryptocurrency servers and web applications like PoW Shield, a tool to mitigate DDoS attacks; Monero Merchant, a software tool that allows online merchants to accept XMR for payment; and Koa-typescript-framework, a webframe software program used as a foundation for web applications. Lin also did a YouTube interview explaining how his anti-DDoS tool “PoW Shield” worked for Pentester Academy TV in October 2021, displaying his technical prowess. The final evidence that law enforcement found linking Lin to the administrator “Pharoah” of Incognito Market was a “simple” hand-drawn workflow diagram of a darknet marketplace that was mailed from Lin’s personal email address. [caption id="attachment_69380" align="aligncenter" width="1690"] Workflow of Darknet Marketplace sent from Lin's personal email account. Credit: Justice Department[/caption] “This diagram appears to be a plan for a darknet market. Notably, the diagram indicated “vendor,” “listing,” “pgp key,” and “admin review,” all of which are features of (Incognito Market),” the complaint said.

Charges and Potential Sentences

Lin faces the following potential sentencing, if convicted:

• Continuing Criminal Enterprise: Mandatory minimum penalty of life in prison.
• Narcotics Conspiracy: Maximum penalty of life in prison.
• Money Laundering: Maximum penalty of 20 years in prison.
• Conspiracy to Sell Adulterated and Misbranded Medication: Maximum penalty of five years in prison.

A federal district court judge will determine Lin's sentence after reviewing the U.S. Sentencing Guidelines and other statutory factors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme that generates revenue for North Korea.

The post Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms appeared first on SecurityWeek.

The hacking forum BreachForums is displaying a notice claiming that the website is under the control of the FBI.

The post BreachForums Shut Down in Apparent Law Enforcement Operation appeared first on SecurityWeek.

The notorious BreachForums seized for the second time in a year. The U.S. law enforcement today seized the clear web domain of the second version of BreachForums - popularly known as a Breached hacking forum in the underground market - that helped sell stolen data and credentials. Hosted at BreachForums[.]st, the domain now shows a seizure banner saying the website was taken down by the FBI and the U.S. Department of Justice with assistance from international partners. Other law enforcement authorities worldwide were also part of this action, including the Australian Federal Police, the U.K. National Crime Agency, New Zealand Police, police department of the canton of Zürich in Switzerland and Icelandic Police, among others. As is common with domain seizure messages, law enforcement displayed the logo for the site. It however took an unconventional approach by also featuring two avatar's - likely of BreachForums' administrators "Baphomet" and "ShinyHunters" - behind bars in the seizure banner.

BreachForums Seized

The message on the banner reads: "We are reviewing this site's backend data. If you have information to report about cybercriminal activity on BreachForums, please contact us." The law enforcement has also shared a link to a form hosted on the Internet Crime Complaint Center. The FBI has put out a questionnaire for victims or individuals that have information to assist in any of the investigations against BreachForums v2, BreachForums v1, or Raidforums. A summary of the takedown of BreachForums on this portal says, "The Federal Bureau of Investigation (FBI) is investigating the criminal hacking forums known as BreachForums and Raidforums. "From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services." Earlier a separate version of BreachForums hosted at breached.vc/.to/.co and run by pompompurin between March 2022 to 2023 was seized by the U.S. law enforcement in June 2023. Raidforums, hosted at raidforums.com and run by an admin under the moniker "Omnipotent" was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022. *The Telegram channel of "Baphomet," one of the administrators behind the BreachForums, has also been seized, according to a pinned message from the law enforcement on his channel. [caption id="attachment_68571" align="aligncenter" width="446"] Credit: Dark Web Intelligence[/caption]

ShinyHunters Confirms Baphomets Arrest

*Shiny Hunters, one of the administrators of the BreachForums, allegedly confirmed on a Telegram channel called "BF Announcements" the arrest of Baphomet and said that the law enforcement did not get to anyone from the ShinyHunters gang. [caption id="attachment_68843" align="aligncenter" width="300"] Message on BF Announcements Telegram channel[/caption] Later in the same channel the administrator claimed that the domain was recovered back from the law enforcement's control, as was the case during the BreachForums v1 takedown where the cat and mouse game went on for a while between the two. The Cyber Express tried to verify this claim and saw that the domain is now redirecting to a Telegram chat group called "Jacuzzi 2.0" The FBI and Justice Department spokespersons were not immediately available for comment when contacted by The Cyber Express for details on the latest claims. This is a developing story. The article will be updated with the latest information as it becomes available. Update 1*: Added Telegram account seizure details along with screenshot. Update 2* May 16 - 9:40 AM (UTC) : Added details from Shiny Hunters' BF Announcements Telegram channel that allegedly confirmed details of one of the administrators of BreachForums - Baphomets - arrest. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Apple and Google have rolled out a new mobile feature that warns users of unwanted trackers moving with them.

The post Unwanted Tracking Alerts Rolling Out to iOS, Android appeared first on SecurityWeek.

Thomas Jefferson University apologizes after commencement presenter flubs names. Unfortunately for the hapless presenter, the name cards used the International Phonetic Alphabet, a technical rendering used mainly by linguists. kænt rid ðɪs? Don't let it happen to you! Learn how to pronounce IPA spelling today, test your skills, or just entertain yourself with the world's most unintentionally hilarious soundboards.

The recent crackdown on the crypto mixer money laundering, Samourai, has unveiled a sophisticated operation allegedly involved in facilitating illegal transactions and laundering criminal proceeds. The cryptocurrency community was shocked by the sudden Samourai Wallet shutdown. The U.S Department of Justice (DoJ) revealed the arrest of two co-founders, shedding light on the intricacies of their […]

The post Crypto Mixer Money Laundering: Samourai Founders Arrested appeared first on TuxCare.

The post Crypto Mixer Money Laundering: Samourai Founders Arrested appeared first on Security Boulevard.

A coordinated multi-nation law enforcement action has led to a takedown of an Austria-based crypto scam where half a dozen suspects were arrested and assets worth hundreds of thousands of Euros were seized. This followed a separate investigation in the United Kingdom, which led to the sentencing of two Brits involved in an international crypto scam worth millions.

Takedown of Austria-based Crypto Scam

The law enforcement agencies from Austria, Cyprus and Czechia have arrested six Austrians responsible for an online cryptocurrency scam that was launched in December 2017. Between 2017 and February 2018, the scammers assured and convinced its victims of having set up a legitimate online trading company that had launched a new cryptocurrency coin. The scammers offered an initial coin offering of 10 million tokens or respective rights to the new currency for sale. Considering the returns on investment from Bitcoin at the time, which was up nearly 39% in Dec. 2017, investors likely saw the opportunity in the new crypto coin and paid them in regular crypto values such as Bitcoin and Ethereum. To gain investors’ confidence and credibility, the Austrian fraudsters also claimed of having developed their own software and algorithm for the sale of the tokens.

“Traditionally, an ICO will build upon transparency and communicate clearly about each team member responsible for it. In this instance, there was a lack of transparency regarding both the team members involved and the algorithm underpinning the cryptocurrency,” said Europol, who coordinated the multi-nation operation.

Two months into the scheme, the perpetrators in February 2018 shuttered all their social media accounts and took offline the fake company’s homepage. Following this, it became obvious to the investors that they were defrauded in an exit scam. Not all victims of this crypto scam have been identified yet, but it is estimated that they lost around EUR 6 million, in totality. The law enforcement agencies raided six houses and seized over EUR 500,000 (approximately $537,120) in cryptocurrencies, EUR 250,000 (approximately $268,560) in fiat currency and froze dozens of bank accounts linked to the perpetrators and their fraudulent crypto scams. Two cars and a luxury property worth EUR 1.4 million was also seized.

Two Brits Jailed for International Crypto Scam

Law enforcement in Europe is further tightening screws against crypto scammers as is evident in another instance where two men who stole more than 5.7 million pounds (approximately $7.1 million) worth of cryptocurrency from victims worldwide were sentenced following an investigation of the South West Regional Organized Crime Unit (SWROCU). [caption id="attachment_67275" align="aligncenter" width="243"] James Heppel (credit: SWROCU)[/caption]   Jake Lee, aged 38, and James Heppel, aged 42, admitted guilt to three counts of conspiracy to commit fraud. Bristol Crown Court sentenced Lee to four years and Heppel to 15 months on May 3. [caption id="attachment_67274" align="aligncenter" width="227"] Jake Lee (Credit: SWROCU)[/caption]   The duo conducted the fraud by spoofing the domain of the online cryptocurrency exchange Blockchain[.]com to pilfer victims’ Bitcoin wallets, stealing their money and login credentials. They together targeted 55 victims across 26 countries, amassing £835,000 in cash, including £551,000 handed over by Lee in January, along with £64,000 in cryptocurrency, a Banksy print valued at £60,000 and three vehicles. [caption id="attachment_67271" align="aligncenter" width="1024"] £551k in cash voluntarily handed over by Lee (Credit: SWROCU)[/caption] A confiscation order of nearly £1 million was issued against Lee to compensate the victims. DS Matt Brain from SWROCU’s Regional Cyber Crime Unit stated, “Our investigation started back in 2018 after colleagues at Avon and Somerset Police arrested Lee on suspicion of money laundering.” “Officers from the force seized digital devices and three laminated Bitcoin wallet recovery seeds. At the same time, our unit had started an investigation into a cryptocurrency scam reported by a Wiltshire victim who had £11k worth of Bitcoin from his Blockchain wallet.”

“We took on the investigation into Lee and when we analyzed his devices, we established he was a central figure involved in a sophisticated domain spoofing fraud and worked to identify numerous victims.”

Brain added that the fact they both pleaded guilty to all counts also showed the strength of evidence that the police secured against them.” Pamela Jain, a prosecutor with the Crown Prosecution Service, noted, “Jake Lee and James Heppel defrauded people in 26 countries, including 11 victims in the UK, by diverting Bitcoin into wallets over which they had control. This was a complex and time-consuming prosecution which involved enquiries with numerous victims and prosecuting authorities all over the world.” Lee has already been served a confiscation order but “confiscation proceedings against James Heppel are ongoing,” Jain said. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Charges and sanctions announced against Dimitry Yuryevich Khoroshev, the alleged developer and operator of LockBit ransomware.

The post LockBit Ransomware Mastermind Unmasked, Charged appeared first on SecurityWeek.

In February 2023, French police arrested well-known Finnish hacker Aleksanteri Kivimäki, who was living under a false identity near Paris. He was deported to Finland. His trial ended last month.

The post Finnish Hacker Gets Prison for Accessing Thousands of Psychotherapy Records and Demanding Ransoms appeared first on SecurityWeek.

pSeeking lives of safety and opportunity, people coming to the United States as migrants and asylum-seekers may carry only their most essential and beloved possessions. When they arrive in the U.S. and are taken into Border Patrol custody, many migrants endure the devastating loss of their property: Border Patrol agents routinely confiscate, trash, or force them to throw away their precious belongings./p div class=mp-md wp-link div class=wp-link__img-wrapper a href=https://www.aclu.org/publications/from-hope-to-heartbreak-the-disturbing-reality-of-border-patrols-confiscation-of-migrants-belongings target=_blank tabindex=-1 img width=1216 height=680 src=https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.02.10-PM.png class=attachment-4x3_full size-4x3_full alt=An individual holding a small bag of important belongings and documents. decoding=async loading=lazy srcset=https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.02.10-PM.png 1216w, https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.02.10-PM-768x429.png 768w, https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.02.10-PM-400x224.png 400w, https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.02.10-PM-600x336.png 600w, https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.02.10-PM-800x447.png 800w, https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.02.10-PM-1000x559.png 1000w, https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.02.10-PM-1200x671.png 1200w sizes=(max-width: 1216px) 100vw, 1216px / /a /div div class=wp-link__title a href=https://www.aclu.org/publications/from-hope-to-heartbreak-the-disturbing-reality-of-border-patrols-confiscation-of-migrants-belongings target=_blank From Hope to Heartbreak: The Disturbing Reality of Border Patrol's Confiscation of Migrants' Belongings /a /div div class=wp-link__source p-4 px-6-tablet a href=https://www.aclu.org/publications/from-hope-to-heartbreak-the-disturbing-reality-of-border-patrols-confiscation-of-migrants-belongings target=_blank tabindex=-1 p class=is-size-7Source: American Civil Liberties Union/p /a /div /div pIn a new report published in partnership with organizations working on the southern border, From Hope to Heartbreak, we document routine cases of this abusive treatment focusing on confiscation of medication and medical devices, legal and identity documents, religious items, and items of financial, practical, or sentimental value./p pThe report relies heavily on hundreds of intakes conducted by the Kino Border Initiative (KBI), which runs a migrant aid center along Mexico’s border with Arizona, and ProtectAZ Health, which offers free medical screenings and care to migrants in Phoenix./p div class=wp-heading mb-8 h2 id= class=wp-heading-h2 with-standardMedications and Medical Devices/h2 /div figure class=wp-image mb-8 img width=1280 height=960 src=https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Medications-Near-Yuma-Arizona-December-2023.jpeg class=attachment-original size-original alt=A pile of various medical materials. decoding=async loading=lazy srcset=https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Medications-Near-Yuma-Arizona-December-2023.jpeg 1280w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Medications-Near-Yuma-Arizona-December-2023-768x576.jpeg 768w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Medications-Near-Yuma-Arizona-December-2023-400x300.jpeg 400w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Medications-Near-Yuma-Arizona-December-2023-600x450.jpeg 600w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Medications-Near-Yuma-Arizona-December-2023-800x600.jpeg 800w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Medications-Near-Yuma-Arizona-December-2023-1000x750.jpeg 1000w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Medications-Near-Yuma-Arizona-December-2023-1200x900.jpeg 1200w sizes=(max-width: 1280px) 100vw, 1280px / /figure pBorder Patrol and its parent agency, Customs and Border Protection (CBP), have routinely confiscated life-saving medications and medical devices from adults and children who have illnesses such as seizure disorders, high blood pressure, diabetes, asthma, and genetic conditions./p pCBP agents took a 5-year-old girl’s epilepsy medications away from her mother. When the little girl, whom we are calling Rosa, experienced convulsions, she was taken to the hospital. When she was discharged from the hospital and returned to CBP custody with new medications and special dietary supplements, CBP agents confiscated those. Not until the family was released to a shelter in Las Cruces, New Mexico, did Rosa receive the medical care she needed./p pDepriving people of their necessary medication obviously risks their health and safety. It also adds stress to local hospital systems, as people need to visit the emergency room or be hospitalized because their health deteriorates from missing their medication./p pProtectAZ received a 13-year-old boy, whom we are calling Leonel, at their shelter. Leonel has a genetic condition in which he lacks a necessary amino acid that prevents the build up of ammonia in his body. The condition can have serious consequences if untreated, including seizures, coma and death. Leonel needed to take daily supplements, but they were confiscated by Border Patrol in Casa Grande, Arizona. At the ProtectAZ shelter, Leonel’s health deteriorated, and he had to be admitted to the hospital for a week to stabilize his condition./p pIn a separate occurrence, a 7-year-old boy with moderate-persistent asthma was detained for two days. His inhaler was taken away, and he wasn#8217;t given a replacement. After being released, he developed respiratory symptoms, and his condition worsened quickly. His family took him to the emergency department, and he was transferred to a pediatric intensive care unit./p div class=wp-heading mb-8 h2 id= class=wp-heading-h2 with-standardLegal and Identity Documents/h2 /div figure class=wp-image mb-8 img width=3000 height=2335 src=https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-scaled.jpeg class=attachment-original size-original alt=A honduran passport. decoding=async loading=lazy srcset=https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-scaled.jpeg 3000w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-768x598.jpeg 768w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-1536x1196.jpeg 1536w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-2048x1594.jpeg 2048w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-400x311.jpeg 400w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-600x467.jpeg 600w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-800x623.jpeg 800w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-1000x778.jpeg 1000w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-1200x934.jpeg 1200w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-1400x1090.jpeg 1400w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Honduran-passport-and-birth-certificate-Near-border-wall-in-South-Texas-September-2021-Photo-credit_-Scott-Nicol-1600x1246.jpeg 1600w sizes=(max-width: 3000px) 100vw, 3000px / /figure pConfiscating or destroying legal and identity documents, such as birth certificates, passports, medical records, and documents to substantiate asylum claims, has been a hallmark of Border Patrol’s operations./p pOne man told KBI that Border Patrol agents tore his birth certificate up in front of him. He managed to save his Mexican identity card because he had hidden it in his shoe. Advocates in the Rio Grande Valley Sector in Texas report finding discarded documents that could be important in substantiating asylum claims, such as police reports and medical records. Volunteers with the Borderlands Collective in San Diego say document confiscation is especially concerning for parents of minor children, who may not be able to prove that they are family without their children’s birth records./p p“Passports are very important here,” one person had shared. “To open an account, to identify yourself, and I don’t have that document. I don’t have the children’s birth records because they took them from me. That makes me feel terrible.”/p pMigrants who are deported, expelled or returned to Mexico cannot withdraw or receive money without identity documents. Confiscated or destroyed documents pose a significant barrier to asylum-seekers’ ability to substantiate their claims. The Children’s Legal Center sued Immigration and Customs Enforcement (ICE) on behalf of 68 asylum-seekers whose documents the agency had confiscated. The lawsuit argues the confiscation violates the plaintiffs’ due process rights to seek work authorization and to support their asylum cases./p div class=wp-heading mb-8 h2 id= class=wp-heading-h2 with-standardReligious Items/h2 /div figure class=wp-image mb-8 img width=1280 height=960 src=https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Religious-items-Near-Yuma-Arizona-April-2023.jpeg class=attachment-original size-original alt=A pile of religious items, including a small Buddha statue and an image of the Virgin Mary. decoding=async loading=lazy srcset=https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Religious-items-Near-Yuma-Arizona-April-2023.jpeg 1280w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Religious-items-Near-Yuma-Arizona-April-2023-768x576.jpeg 768w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Religious-items-Near-Yuma-Arizona-April-2023-400x300.jpeg 400w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Religious-items-Near-Yuma-Arizona-April-2023-600x450.jpeg 600w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Religious-items-Near-Yuma-Arizona-April-2023-800x600.jpeg 800w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Religious-items-Near-Yuma-Arizona-April-2023-1000x750.jpeg 1000w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Religious-items-Near-Yuma-Arizona-April-2023-1200x900.jpeg 1200w sizes=(max-width: 1280px) 100vw, 1280px / /figure pOver the summer of 2022, there was a spike in reports of Border Patrol taking away Sikh asylum-seekers’ turbans. Forcing a Sikh person to remove their turban is a serious violation of their faith. #8220;They told me to take off my turban. I know a little English, and I said, ‘It’s my religion.#8217; But they insisted.#8221; The man pleaded with the officers, but they forced him to remove his turban and toss it in a pile of trash. He asked if he could at least keep his turban for when he was released from custody, but they told him no./p pWhile Border Patrol has since taken positive steps forward on how it handles turbans and other Sikh articles of faith, the agency’s religious freedom violations aren’t limited to people of the Sikh faith. A person told KBI that Border Patrol agents took his Bible, which he told them had significant spiritual meaning to him, and trashed it in front of him. Border Patrol agents in Yuma told several Muslim migrants they had to throw away their prayer mats. One of the men said his prayer mat had been in his family for more than 100 years./p div class=mp-md wp-link div class=wp-link__img-wrapper a href=https://action.aclu.org/petition/border-patrol-must-stop-trashing-migrant%E2%80%99s-cherished-belongings target=_blank tabindex=-1 img width=1000 height=655 src=https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.21.07-PM.png class=attachment-4x3_full size-4x3_full alt=An illustration of a young woman walking nervously with a backpack. decoding=async loading=lazy srcset=https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.21.07-PM.png 1000w, https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.21.07-PM-768x503.png 768w, https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.21.07-PM-400x262.png 400w, https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.21.07-PM-600x393.png 600w, https://www.aclu.org/wp-content/uploads/2024/02/Screen-Shot-2024-02-13-at-1.21.07-PM-800x524.png 800w sizes=(max-width: 1000px) 100vw, 1000px / /a /div div class=wp-link__title a href=https://action.aclu.org/petition/border-patrol-must-stop-trashing-migrant%E2%80%99s-cherished-belongings target=_blank BORDER PATROL MUST STOP TRASHING MIGRANT’S CHERISHED BELONGINGS /a /div div class=wp-link__description a href=https://action.aclu.org/petition/border-patrol-must-stop-trashing-migrant%E2%80%99s-cherished-belongings target=_blank tabindex=-1 p class=is-size-7-mobile is-size-6-tabletIf you believe that people seeking refuge in our country deserve to be welcomed with dignity, join us by advocating for change./p /a /div div class=wp-link__source p-4 px-6-tablet a href=https://action.aclu.org/petition/border-patrol-must-stop-trashing-migrant%E2%80%99s-cherished-belongings target=_blank tabindex=-1 p class=is-size-7Source: American Civil Liberties Union/p /a /div /div pMigrants’ religious freedom is protected both by the First Amendment and the federal Religious Freedom Restoration Act, which provides additional protection for the free exercise of religion. Some asylum-seekers are fleeing religious persecution in their home countries, and the experience of CBP violating their religious faith can be a retraumatizing experience. CBP has been made aware of their violations for years, suggesting a failure of CBP policy and practice to fully respect the religious freedom rights of migrants and asylum-seekers./p div class=wp-heading mb-8 h2 id= class=wp-heading-h2 with-standardItems of Practical, Financial, or Sentimental Value/h2 /div figure class=wp-image mb-8 img width=1200 height=980 src=https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Personal-documents-including-vaccination-records-money-and-a-cellphone-Near-Lukeville-AZ-May-2023.jpeg class=attachment-original size-original alt=A collection of documents, money, and a damaged smartphone. decoding=async loading=lazy srcset=https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Personal-documents-including-vaccination-records-money-and-a-cellphone-Near-Lukeville-AZ-May-2023.jpeg 1200w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Personal-documents-including-vaccination-records-money-and-a-cellphone-Near-Lukeville-AZ-May-2023-768x627.jpeg 768w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Personal-documents-including-vaccination-records-money-and-a-cellphone-Near-Lukeville-AZ-May-2023-400x327.jpeg 400w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Personal-documents-including-vaccination-records-money-and-a-cellphone-Near-Lukeville-AZ-May-2023-600x490.jpeg 600w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Personal-documents-including-vaccination-records-money-and-a-cellphone-Near-Lukeville-AZ-May-2023-800x653.jpeg 800w, https://www.aclu.org/wp-content/uploads/2024/02/CAPTION_-Personal-documents-including-vaccination-records-money-and-a-cellphone-Near-Lukeville-AZ-May-2023-1000x817.jpeg 1000w sizes=(max-width: 1200px) 100vw, 1200px / /figure pMigrants have regularly reported Border Patrol agents confiscate their money and cellphones. These items are of clear value and represent a devastating loss: impoverishment and loss of contact with loved ones. Several migrants told KBI they lost the equivalent of hundreds of dollars to Border Patrol. One man described seeing a Border Patrol agent take 3,000 pesos from another man and rip it up in his face. Other migrants described the loss of family photos on their confiscated cellphones./p pConfiscation of clothing appears to be widespread in Border Patrol custody, leaving migrants with only a single layer of clothing. “The official asked me how many shirts I had, and I responded that I had two shirts plus a sweater. The official started laughing and told me I had to take everything off but one shirt,” one person recounted./p pVolunteers and shelters supporting migrants are critical of this practice, especially during the winter and if migrants are traveling north. One shelter in Las Cruces, New Mexico, said it spent $100,000 every month to provide clothes to migrants. Once the Border Patrol sectors in New Mexico reduced their confiscation of people’s clothes, the shelter reported reducing costs for clothing people by half./p pFinally, migrants report having their cherished belongings confiscated or trashed – children’s toys, heirloom jewelry, and even a loved one’s ashes. One man said Border Patrol agents forced him to throw away his father’s ashes – his father had died while journeying to the U.S. from Nicaragua./p div class=wp-heading mb-8 h2 id= class=wp-heading-h2 with-standardThe Systematic Confiscation of Migrants' Belongings at the U.S. Southern Border, Despite the Vast Resources Available to Border Patrol, is Indefensible/h2 /div pCBP’s practice of property confiscation and destruction isn’t only cruel, unnecessary, and, in some cases, life-threatening, in many cases, it likely violates federal law and policy. We outline achievable policy changes that CBP can adopt to protect the dignity, safety, and rights of people arriving in the U.S./p pBorder Patrol must ensure migrants in its custody and those released from custody have continuous access to their medications and medical devices. Migrants should be allowed to keep as many of their personal belongings as possible in custody and after they are released. CBP must change its policies to comply with federal safeguards of religious freedom in its treatment of people’s religious garb and religious items./p pThe bottom line is that CBP can and must do better to live up to our nation’s values and commitments to people seeking safety within our borders. People seeking refuge in the U.S. deserve to be welcomed with dignity./p div class=rss-ctadiv class=rss-cta__subtitleWhat you can do:/divdiv class=rss-cta__titleTell Congress: Protect families seeking asylum/diva href=https://action.aclu.org/send-message/tell-congress-protect-families-seeking-asylum class=rss-cta__buttonSend your message/a/div