Cyber Law & Crime News

PLUMAS LAKE MAN SENTENCED TO ONE YEAR AND THREE MONTHS IN PRISON FOR COMPUTER FRAUD
Used the Internet to Steal Micro-Deposits

SACRAMENTO, Calif.—United States Attorney Lawrence G. Brown announced today that United States District Judge Morrison C. England Jr. Sentenced MICHAEL LARGENT, 22, of Plumas Lake, to 15 months in prison and restitution of $200,073.44 for fraud and related activity in connection with computers. After release from prison, LARGENT will also face three years of strict restrictions on his use of computers and the Internet.

This case was the product of a joint investigation by the United States Secret Service and the Federal Bureau of Investigation. The United States Attorney’s Office for the Northern District of California, San Jose Division, also assisted with this case.

According to Assistant United States Attorney Matthew D. Segal, a prosecutor in the office’s Computer Hacking and Intellectual Property (CHIP) unit, who prosecuted the case, from November 2007 through May 2008, LARGENT wrote a computer program that allowed him to defraud E-Trade, Charles Schwab & Co., and Google by opening or attempting to open more than 58,000 brokerage accounts. He did this to steal the “micro-deposits.” A financial institution will make a micro-deposit when an account is opened to test the functionality of an account. The amounts deposited in this case ranged from $0.01 to $2.00.

LARGENT used false names, addresses, driver’s license numbers, and social security numbers, including the names of known cartoon and comic book characters to open the accounts. When the deposits occurred, he would transfer the funds into his own bank accounts or onto prepaid debit cards, without the authorization or knowledge of his victims. As a result, LARGENT fraudulently obtained or attempted to obtain tens of thousands of dollars, which he used for personal expenses.

E*TRADE and Charles Schwab & Co. Inc. detected the fraud and notified law enforcement independently of each other. Assistant United States Attorney Robin R. Taylor, also of the CHIP unit, brought the criminal complaint and the indictment in this case in May 2008 and Segal took over in January 2009.
In sentencing, Judge England observed that LARGENT’s scheme took some sophistication, and wondered why he had not used his skills and talents in a lawful way.

source: www.cybercrime.gov

CBP OFFICER CHARGED WITH UNLAWFUL ACCESS TO GOVERNMENT DATABASES

TUCSON, Ariz. – Nogales, Ariz.-based U.S. Customs and Border Protection Officer Natan Ben-Shabat, 42, of Tucson, made his initial appearance yesterday before U.S. Magistrate Judge Hector C.Estrada on charges of Unauthorized Access to a Government Computer. Ben-Shabat was releasedpending a December 1, 2009, trial date.

The three-count information alleges that while employed as a U.S. Customs and Border Protection Officer, Ben-Shabat abused his official access to the Consular Consolidated Database (CCD) and Treasury Enforcement Communications System (TECS) database to obtain personal information
about a person he was suing in small claims court, and used the information to further his personal lawsuit. The information further alleges that Ben-Shabat induced other law enforcement officials, under the guise of official business, to access official records in the Arizona Criminal Justice Information System (ACJIS) database concerning the defendant in his personal lawsuit.

A conviction for Unauthorized Access to a Government Computer carries a maximum penalty of 12 months in federal prison, a $100,000 fine or both. In determining an actual sentence, U.S. District Judge Frank R. Zapata will consult the U.S. Sentencing Guidelines, which provide appropriate sentencing ranges. The judge, however, is not bound by those guidelines in determining a sentence.

A criminal information is simply the method by which a person is charged with criminal activity and raises no inference of guilt. An individual is presumed innocent until competent evidence is presented to a jury that establishes guilt beyond a reasonable doubt.

The investigation in this case was conducted by U.S. Customs and Border Protection Internal Affairs and the Department of Homeland Security Office of Inspector General, with assistance from the Pima County Sheriff’s Department. The prosecution is being handled by Mary Sue Feldmeier, Assistant U.S. Attorney, District of Arizona, Tucson.

CASE NUMBER: CR 09-2180-TUC-FRZ (CRP)
RELEASE NUMBER: 2009-318(Ben-Shabat)

source: www.cybercrime.gov

Computer Hacker Fugitive Extradited for Cybercrimes Relating to VOIP Telephone Services

Computer Hacker Fugitive Extradited for Cybercrimes Relating to VOIP Telephone Services

NEWARK, N.J. – A Venezuelan citizen arrested in Mexico last February on hacking and wire fraud charges has been extradited and is expected to appear in court tomorrow in New Jersey, U.S. Attorney Paul J. Fishman, announced.

Edwin Pena, 26, is scheduled to appear tomorrow at 2 p.m. before U.S. Magistrate Judge Claire C. Cecchi for an initial appearance. A 20-count Indictment charges Pena with conspiracy to secretly hack into the computer networks of unsuspecting Voice Over Internet Protocol (VOIP) phone service providers; conspiracy to commit wire fraud by transmitting telephone calls over the victim’s networks; and individual hacking and wire fraud counts.

Pena’s arraignment on the indictment is scheduled for Oct. 23 before U.S. District Judge Susan D. Wigenton, to whom the case has been assigned.

Pena was extradited from Mexico following his arrest on Feb. 6, 2009. He is scheduled to arrive in Newark at approximately 6:30 p.m. in the custody of the FBI. Tomorrow, the U.S. Attorney’s Office will ask Judge Cecchi to continue Pena’s detention pending trial.

“This extradition represents the continued success of the United States in working with foreign countries to bring alleged cyber criminals to justice,” said Fishman. “No one should feel free and comfortable from prosecution or detection merely be being in another country.”

Pena was first charged on June 6, 2006, in the District of New Jersey in a criminal Complaint that set forth the scheme described in the subsequent indictment. He was arrested on that Complaint on June 7, 2006, and released the next day on $100,000 bail set by a federal magistrate judge in Florida. Pena appeared in Court in New Jersey on June 29, 2006, and on approximately Aug. 12, 2006, Pena allegedly fled the country to avoid prosecution.

Pena was indicted on fraud and computer hacking charges for his role in a scheme to defraud Voice Over Internet Protocol (VoIP) telephone service providers. Pena, who purported to be a legitimate wholesaler of these Internet-based phone services, allegedly sold discounted service plans to his unsuspecting customers. The Indictment alleges that Pena was able to offer such low prices because he would secretly hack into the computer networks of unsuspecting VoIP providers, including one Newark-based company, to route his customers’ calls.

Through this scheme, Pena is alleged to have sold more than 10 million minutes of Internet phone service to telecom businesses at deeply discounted rates, causing a loss of more than $1.4 million in less than a year. The victimized Newark-based company, which transmits VoIP services for other telecom businesses, was billed for more than 500,000 unauthorized telephone calls routed through its calling network that were “sold” to the defendant’s unwitting customers at those deeply discounted rates, according to the Indictment.

The case is being prosecuted by Assistant U.S. Attorney Erez Liebermann in the U.S. Attorney’s Office Computer Hacking and Intellectual Property group, within the Commercial Crimes Unit.

source: www.cybercrime.gov
Breaking News: http://www.usdoj.gov/usao/nj/publicaffairs

One Hundred Linked to International Computer Hacking Ring Charged by United States and Egypt in Operation Phish Phry

LOS ANGELES—The largest number of defendants ever charged in a cyber crime case have been indicted in a multinational investigation conducted in the United States and Egypt that uncovered a sophisticated “phishing” operation that fraudulently collected personal information from thousands of victims that was used to defraud American banks.

This morning, authorities in several United States cities arrested 33 of 53 defendants named in an indictment returned last week by a federal grand jury in Los Angeles. Several defendants charged in the indictment are being sought this morning by law enforcement. Additionally, authorities in Egypt have charged 47 defendants linked to the phishing scheme. The United States government is extremely grateful for the extraordinary assistance provided by the Egyptian government in this matter.

Operation Phish Phry marks the first joint cyber investigation between Egyptian law enforcement authorities and United States officials, which include the FBI, the United States Attorney’s Office, and the Electronic Crimes Task Force in Los Angeles. Phish Phry, with 53 defendants charged in United States District Court, also marks the largest cyber crime investigation to date in the United States.

Operation Phish Phry was announced following this morning’s arrests by Keith B.Bolcar, Acting Assistant Director in Charge of the FBI in Los Angeles; George S.Cardona, Acting United States Attorney in Los Angeles; Kieran Ramsey, the FBI’s Legal Attache in Cairo, Egypt; and Egyptian Law Enforcement Authorities.

Operation Phish Phry commenced in 2007 when FBI agents, working with United States financial institutions, took proactive steps to identify and disrupt sophisticated criminal enterprises targeting the financial infrastructure in the United States. Intelligence developed during the initiative prompted the FBI and Egyptian authorities to agree to pursue a joint investigation into multiple subjects based in Egypt after investigators in both countries earlier this year uncovered an international conspiracy allegedly operating an elaborate scheme to steal identities through a method commonly called “phishing.” The group is accused of conspiring to target American-based financial institutions and victimize an unknown number of account holders by fraudulently using their personal
financial information.

The multinational investigative effort resulted in 53 defendants being named in the federal indictment and 47 suspects being identified by Egyptian authorities. The domestic defendants were arrested in California, Nevada, and North Carolina. In California, defendants reside in the counties of Los Angeles, Orange, San Bernardino, Riverside, and San Diego.

The 51-count indictment accuses all of the defendants with conspiracy to commit wire fraud and bank fraud. Various defendants are charged with bank fraud; aggravated identity theft; conspiracy to commit computer fraud, specifically unauthorized access to protected computers in connection with fraudulent bank transfers and domestic and international money laundering.

According to the indictment that was unsealed this morning, Egyptian-based hackers obtained bank account numbers and related personal identification information from an unknown number of bank customers through phishing—a technique that involves sending e-mail messages that appear to be official correspondence from banks or credit card vendors. In illegal phishing schemes, bank customers are directed to fake websites purporting to be linked to financial institutions, where the customers are asked to enter their account numbers, passwords and other personal identification information. Because
the websites appear to be legitimate—complete with bank logos and legal disclaimers—the customers do not realize that the websites do not belong to legitimate financial institutions.

The indictment alleges that co-conspirators in Egypt collected victims’ bank account information by using information obtained from their phishing activities. Armed with the bank account information, members of the conspiracy hacked into accounts at two banks. Once they accessed the accounts, the individuals operating in Egypt communicated via text messages, telephone calls and Internet chat groups with co-conspirators in the United States. Through these communications, members of the criminal ring coordinated the illicit online transfer of funds from compromised accounts to newly created fraudulent accounts. The United States part of the ring was allegedly directed by defendants Kenneth Joseph Lucas, Nichole Michelle Merzi, and Jonathan Preston Clark, all California residents, who directed trusted associates to recruit “runners,” who set up bank accounts where the funds stolen from the compromised accounts could be transferred and withdrawn. A portion of the illegally obtained funds withdrawn were then transferred via wire services to the individuals operating in Egypt who had originally provided the bank account information obtained via phishing.

“The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed,” said Keith Bolcar, Acting Assistant Director In Charge of the FBI in Los Angeles. “Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans. The FBI is grateful for the assistance of its law enforcement partners in the U.S. and the Egyptian government’s dedicated cooperation, which illustrates that borders cease to exist among countries committed to the rule of law and to the protection of their citizens.”

Acting United States Attorney George S. Cardona stated: “This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands, of bank customers. Organized, international criminal rings can only be confronted by an organized response by law enforcement across international borders, which we have seen in this case.”

Those taken into custody in the United States will be afforded an initial appearance before United States Magistrate Judges in the district where they were arrested. Those arrested in and around Los Angeles will have their initial appearance in United States District Court in Los Angeles this afternoon.

Each of the 53 defendants named in the indictment is charged with conspiracy to commit bank fraud and wire fraud, a charge that carries a statutory maximum penalty of 20 years in federal prison. Some of the defendants are named in additional counts that would increase their maximum possible sentences.

An indictment contains allegations that a defendant has committed a crime. Every defendant is presumed to be innocent until and unless proven guilty in court.

The investigation in the United States was conducted by the FBI’s Los Angeles Field Office, supported by the Electronic Crimes Task Force in Los Angeles and the FBI’s Legal Attache in Cairo, Egypt. Several agencies provided considerable assistance to this investigation, including the Los Angeles Police Department, the Los Angeles District Attorney, the United States Secret Service, the Culver City Police Department, the El Segundo Police Department, and the United States Social Security Administration. U.S. Customs and Border Protection, the Drug Enforcement Administration, the Department of Water and Power, and local law enforcement departments in various counties assisted during today’s arrests.

The defendants charged in the United States will be prosecuted by the United States Attorney’s Office. The Department of Justice Criminal Division’s Office of International Affairs provided substantial support during the investigation.

source: www.cybercrime.gov

Former Inmate Pleads Guilty to Hacking Prison Computer

Acting United States Attorney Michael K. Loucks and Warren T. Bamford, Special Agent in Charge of the Federal Bureau of Investigation – Boston Field Division, announced today that FRANCIS G. JANOSKO, age 43, pled guilty before U.S. District Judge George A. O’Toole, Jr., to one count of intentional damage to a protected computer.

At today’s plea hearing, the prosecutor told the Court that had the case proceeded to trial the Government’s evidence would have proven that while JANOSKO was an inmate at the Plymouth County Correctional Facility in 2006 and 2007, the correctional facility provided inmates a computer for legal research with security controls to prohibit Internet access, e-mail, or using other computers or computer programs. Despite these restrictions, JANOSKO hacked the computer network to send e-mail; provide inmates access to a report that listed the names, dates of birth, Social Security numbers, home addresses and telephone numbers, and past employment history of over 1,100 current and former Plymouth County Correctional Facility personnel and applicants; and access (without success) an important prison management computer program.

Judge O’Toole scheduled sentencing for December 15, 2009. Under the terms of the plea agreement, both parties will recommend a sentence of incarceration for 18 months, to be followed by 3 years of supervised release, and restitution to Plymouth County in an amount to be determined. JANOSKO had been free following his release from the Plymouth County Correctional Facility, but has been incarcerated since he was rearrested in November 2008.

The case was investigated by the Federal Bureau of Investigation and the Plymouth County Sheriff’s Department. It is being prosecuted by Assistant U.S. Attorney Scott L. Garland of Loucks’s Computer Crime Unit.

source: www.cybercrime.gov

Charges Filed Involving Interception of Internet Email and Computer Keystrokes

William J. Edwards, United States Attorney for the Northern District of Ohio, announced today that a one count Information was filed in U.S. District Court in Cleveland, Ohio, charging Scott Graham, age 38, of Avon Lake, Ohio, with illegally intercepting and endeavoring to intercept wire and electronic communications, in violation of Title 18, United States Code, Section 2511(1)(a) (Illegal Wiretapping).

The Information charges that between on or about February 29, 2008, and on or about March 28, 2008, Scott Graham intentionally intercepted and endeavored to intercept Internet email and computer keystrokes of others, without their knowledge or consent.

If convicted, the defendant’s sentence will be determined by the Court after review of factors unique to this case, including the defendant’s prior criminal record, if any, the defendant’s role in the offense and the characteristics of the violation. In all cases the sentence will not exceed the statutory maximum and in most cases it will be less than the maximum.

This case is being prosecuted by Assistant U.S. Attorney Robert W. Kern, Cybercrime Coordinator for the Cleveland U.S. Attorney’s Office, following an investigation by the Akron Office of the Federal Bureau of Investigation.

An Information is only a charge and is not evidence of guilt. A defendant is entitled to a fair trial in which it will be the government’s burden to prove guilt beyond a reasonable doubt.

source: www.cybercrime.gov