YOUR USDOT NUMBER IS A WEAPON: How Eight Men Allegedly Cloned Real Carriers to Steal $4.5 Million in Freight

A Manhattan grand jury says a Brooklyn crew impersonated real trucking companies, walked into loading docks across three states, and drove off with lamb, cheese, beef, copper, and cigarettes — never firing a shot. Here is how the scheme allegedly worked, how it unraveled, and why every carrier and broker in the country should be paying attention.

By SafetyLane Editorial Staff

EDITOR'S NOTE: The individuals named in this article have been indicted but not convicted. An indictment is a formal accusation, not a finding of guilt. All defendants are presumed innocent unless and until proven guilty in a court of law. Every description of their alleged conduct is drawn from the indictment, the Statement of Facts, and statements made on the record by the Manhattan District Attorney's Office and partner agencies, and reflects allegations that have not been proven at trial. SafetyLane Magazine reports these allegations for their public-safety and industry-compliance significance and takes no position on the guilt or innocence of any named individual.

The trucks that pulled up to the loading docks looked legitimate. The carrier names lettered on the doors were real companies. The USDOT and motor carrier numbers checked out against the paperwork. That, prosecutors say, was the whole point.

On June 3, Manhattan District Attorney Alvin L. Bragg, Jr., NYPD Commissioner Jessica S. Tisch, and New York City Business Integrity Commission Chair Asim Rehman announced an eight-defendant indictment in a cargo-theft case that says a great deal about where freight crime is heading. According to the charges, a Brooklyn crew spent six months impersonating real trucking companies — not by hijacking trucks at gunpoint, but by stealing the carriers' identities and walking their freight out the front gate.

Between October 2025 and April 2026, the indictment alleges, the group pulled off at least six thefts worth close to $5 million, diverting loads bound for customers around the country into New York City, where the goods were sold on the black market. Bragg called it a brazen, multimillion-dollar interstate conspiracy, and warned that the marriage of computer hacking and large-scale theft is only going to become more common. Prosecutors said the investigation is still open.

THE EIGHT DEFENDANTS

The indictment names Murodullo Khasanov — the alleged ringleader, known as "Murad" — along with Nodir Kobilov, Shavkatbek Mamadjanov, Rakhmiddin Abdullaev, Aleksey Vorobyev, Nizom Ismoilov, Doston Mardoev, and Dilshod Nabiev.

Each is charged with one count of fourth-degree conspiracy and varying counts of second-degree grand larceny, and several face additional counts of first- and second-degree grand larceny and first- and second-degree criminal possession of stolen property. The grand jury returned the indictment on April 23; it was unsealed when the arrests came down. As the DA's office noted in its own announcement, the charges are allegations, and every defendant is presumed innocent unless proven guilty.

Law enforcement sources described the defendants as immigrants from Uzbekistan, some of whom do not speak English. Khasanov, according to those sources, lived in a high-rise on Surf Avenue in Coney Island with a balcony over the boardwalk, and investigators tied members of the group to ocean-view apartments in Brighton Beach. The case pulled in the FBI's New York Eurasian Organized Crime Task Force and the bureau's Philadelphia organized-crime and cyber units — a sign that prosecutors are treating this as the work of an organized network rather than a one-time scam.

A FRONT-DOOR THEFT

What makes the case worth the attention of every dispatcher and compliance manager in the country is how ordinary the mechanics were. Nobody cut a lock. The crew's tools, prosecutors say, were a laptop, a leased tractor, and a set of door decals good enough to fool a dock worker.

Here is the process they allegedly exploited. When a shipper needs to move a large load, it hires a freight broker, who posts the job on a load board. Licensed carriers bid, the broker awards the load to a winner, and then hands that carrier the pickup details — the facility, the appointment, the pickup number. That moment, when the winning-bid information changes hands, is where the ring got in.

The defendants did not do the hacking themselves, according to the indictment. They worked with a separate cyber syndicate — still unnamed and uncharged — that ran phishing operations against brokers and carriers. In at least two of the thefts, prosecutors say, a broker received an email it believed had come from a carrier it worked with regularly and, trusting the familiar name, handed the pickup details straight to the hackers. The hackers passed the information to Khasanov.

From there, prosecutors say, Khasanov ran the operation. He leased a tractor, dressed it in the stolen identity of the carrier that was actually supposed to make the run, and produced counterfeit door decals showing that company's legal name, MC number, and USDOT number — the same markings federal law requires every carrier to display under 49 CFR 390.21. He dispatched one of his drivers to the dock to sign for the load, then escorted the freight through Manhattan and into the Bronx and arranged to sell it. By the time the real carrier showed up for its appointment, the cargo was gone. The industry has a name for this: a fictitious pickup built on carrier identity theft, and it is one of the fastest-growing scams in trucking.

SIX LOADS, THREE STATES

The thefts laid out in the indictment escalate from a single reefer of lamb to a tractor-trailer of cigarettes worth more than the other five loads combined.

It started in November 2025, when Kobilov allegedly drove a truck badged as Z Mile Inc into a logistics center in Oldmans Township, New Jersey, and picked up a load of frozen lamb headed for Minnesota and Wyoming. He met Khasanov, who escorted the shipment into the Bronx. The lamb was worth about $165,000.

December brought two more. Mamadjanov allegedly posed as Altex Logistics Inc to collect 25,395 pounds of parmesan, pecorino, and Manchego — roughly $432,000 worth, the largest of the food loads — from a facility in Elizabeth, New Jersey, bound for Georgia. That one began with the phishing email the broker mistook for a trusted carrier. The same month, Abdullaev allegedly impersonated Masters Trucking to pick up 39,600 pounds of beef in Darby Township, Pennsylvania, intended for Aurora, Colorado, and worth around $295,000. Again, prosecutors say, the broker's pickup details had been routed through the hackers to Khasanov.

In February, the crew went after metal. Mardoev allegedly drove a truck marked as Viking Transport to a Newark logistics center and left with 43,100 pounds of copper rod, more than $266,000 worth. Most of it, the indictment says, was sold to a Brooklyn buyer operating as "Scrap King," with Khasanov, Vorobyev, and Ismoilov helping move it. The choice of copper was no accident; it is the most-stolen metal in the country, and prices have stayed high on demand from the power and energy sectors.

The biggest job came in March. On two separate occasions, prosecutors say, Nabiev, Ismoilov, and two others drove trucks impersonating Preston Deliveries, LLC to CJ Logistics America in Colonial Heights, Virginia, and hauled off more than $3.3 million in cigarettes meant for Tennessee and Florida. Those loads also became the case's biggest break for investigators, who later recovered nearly all of the cigarettes on a search warrant in the Bronx.

THE TAKEDOWN

Cargo theft that crosses four states leaves a trail in all of them, and the investigation reflected that. The Manhattan DA's office built the case with the NYPD, the Port Authority Police, the New Jersey State Police, the Vineland Police Department, the FBI's New York and Philadelphia teams, the Bronx DA's office, and CargoNet, the Verisk-owned theft-intelligence service whose analysts specialize in connecting incidents that look unrelated until someone lines them up.

The evidence, according to court filings and investigators, included WhatsApp messages among the defendants, shipping paperwork from the fraudulent pickups, and photos that appeared to show members of the ring loading stolen goods and collecting cash for the copper. Officers arrested Khasanov in a pre-dawn raid on his Surf Avenue apartment, hauling out boxes of records, a computer, and phones; two other alleged members were picked up in the same operation. Of the eight charged, three were arraigned in Manhattan and two were reported to be in federal immigration custody.

WHAT HAPPENS NOW

The case is being handled by the Manhattan DA's Counter Terrorism Unit and Rackets Bureau — assigning organized-crime and counterterrorism prosecutors to a freight-theft case is itself a statement about how the office views the threat. Assistant District Attorneys David Stuart, who chiefs the Counter Terrorism Unit, and Tyler Keefe are leading the prosecution.

First-degree grand larceny, the top count against the defendants tied to the largest loads, is a class B felony in New York and carries the possibility of serious state prison time. But the line in the announcement that should get the industry's attention is the one about the future, not the past: prosecutors believe there were other incidents, the investigation is ongoing, and the hacking syndicate that fed the ring its data has not been charged. That cyber operation, sitting upstream of the trucks, is where the case is most likely to grow.

NOT AN OUTLIER

For anyone in compliance, dispatch, or brokerage, the uncomfortable part of this case is how routine the method has become. The tactic has a name in the trade — strategic cargo theft, meaning theft by deception rather than force — and the data has been climbing for years.

CargoNet has tracked the surge in fictitious pickups from an average of about 66 a year between 2012 and 2022 to roughly 576 in 2023 alone, the same year identity-fraud complaints to the service jumped 438%. Verisk CargoNet pegged 2025 U.S. cargo-theft losses at around $725 million, up about 60%, on more than 2,600 confirmed thefts, and analysts say the real figure is almost certainly higher because companies are reluctant to report losses. The first quarter of 2026 showed 767 supply-chain crime events; even with incident counts dipping, losses stayed near $131.6 million, because the thieves are hitting fewer but bigger, better-organized targets. About a quarter of those incidents involved cyber-enabled fictitious pickups or fraud. New Jersey, a staging ground in this case, saw cargo theft jump roughly 119% in CargoNet's tracking, and copper — the metal stolen in Newark — now accounts for nearly seven of every ten metal-cargo thefts.

Analysts who follow this say the pattern is a direct response to better defenses: as carriers and brokers tightened up the load-tender stage, criminals moved upstream and got more sophisticated, settling on impersonation as the method of choice. Some have gone past spoofing altogether and simply buy operating authority — purchasing MC numbers in bulk or acquiring whole legitimate carriers online — so the identity they wear is one that passes vetting. The Manhattan indictment is what that trend looks like when it finally reaches a courtroom.

WHAT TO DO ABOUT IT

The ring exploited trust at three points any operation can shore up: the broker's inbox, the carrier's identity, and the dock worker's clipboard.

For brokers and shippers, the broker's email is the front line. Two of these thefts allegedly started with a spoofed message. That means email authentication — SPF, DKIM, and DMARC — and multi-factor authentication on any account that touches a load tender, plus a hard rule that staff verify any change in contact or banking details by calling a known number, never the one in the email. Carrier identity should be re-checked at the moment of tender, not just at onboarding: confirm the USDOT and MC numbers against current FMCSA records, make sure the authority is active and the address matches, and treat recently reactivated or recently transferred authority as a red flag. For high-value freight — electronics, metals, pharma, food, liquor, tobacco — it is worth requiring verifiable drivers and equipment, and carriers with established, longer-tenured drivers.

Carriers need to recognize that their identity is an asset someone can steal. If your company name and numbers turn up on counterfeit door decals, the first clue may be a broker calling about a load you never booked. Watch for it, document it the moment it happens, and report it to CargoNet, the FMCSA, and law enforcement. And guard your operating authority on the way out the door — regulators have warned that selling an MC number or a carrier to the wrong buyer, even unknowingly, can come back on the seller when that authority is later used for fraud.

The dock is still the weakest link, and it is usually staffed by the newest, lowest-paid people in the building. Verify the driver against the appointment, confirm the truck and credentials match the carrier you expect, photograph the tractor, trailer, plate, and license, and give dock staff the authority to stop and call the broker when something feels wrong. A five-minute phone call costs nothing next to a $3.3 million load.

The men charged in Manhattan did not invent any of this. They allegedly ran a method the data has been flagging for three years, and they ran it well enough to move nearly $5 million in freight before it caught up with them. The courts will decide whether they are guilty. For everyone else in the supply chain, the lesson is already on the table: in modern trucking, an identity is worth stealing, and too many of them are still easy to take.

All charges described above are allegations only. The named defendants are presumed innocent unless and until proven guilty. Information is drawn from public filings and official statements by the Manhattan District Attorney's Office and partner agencies.

SafetyLane Magazine | safetylane.online | Sources: Manhattan District Attorney's Office (D.A. Bragg, NYPD & BIC press release, June 3, 2026; Indictment & Statement of Facts); CDLLife; New Jersey State Police; Verisk CargoNet; FBI; NICB; Travelers; WTW; and reporting by ABC7 New York, amNewYork, Brooklyn Eagle, and New York Post.