Cyber Law & Crime News

A Nebraska man agreed today to plead guilty to participating in an attack on Church of Scientology websites in January 2008 that shut down the group’s websites.

Brian Thomas Mettenbrink, 20, of Grand Island, Nebraska, was previously indicted by a federal grand jury, but in documents filed today he agreed to plead guilty to the misdemeanor charge of unauthorized access of a protected computer and to serve a one-year prison sentence.

According to court documents, Mettenbrink participated in the attack on the Scientology websites that was orchestrated by a group that labeled itself “Anonymous.” That underground group has led protests against the Church of Scientology at various locations across the country, and in January 2008 announced a new offensive against Scientology. In the court documents, Mettenbrink admits that he downloaded computer
software from an “Anonymous” message board and used that software to bombard Scientology websites to the point that it impaired the integrity and availability of those websites in a variation of a distributed denial of service attack (DDOS) attack. A DDOS attack occurs where a large amount of malicious Internet traffic is directed at a website or a set of websites. The target websites are unable to handle the high volume of Internet traffic and therefore become unavailable to legitimate users trying to reach the sites.

Mettenbrink, who was scheduled to go to trial on the charges in the grand jury indictment on February 9, is expected to plead guilty in federal court in Los Angeles next week.

Previously in the investigation into the “Anonymous” computer attack, Dmitriy Guzner, of Verona, New Jersey, was sentenced last year to one year and one day in federal prison after pleading guilty to participating in the “Anonymous” attack against the Scientology websites.

The cases against Mettenbrink and Guzner are part of an ongoing investigation by the United States Secret Service Electronic Crimes Task Force in Los Angeles. The agencies involved in the investigation are the United States Secret Service, the Federal Bureau of Investigation, the Los Angeles Police Department and the Los Angeles County District Attorney’s Office Bureau of Investigation.

source: www.cybercrime.gov

Nora R. Dannehy, United States Attorney for the District of Connecticut, announced that CORNEL IONUT TONITA, 28, of Galati, Romania, pleaded guilty today before United States Magistrate Judge Holly B. Fitzsimmons in Bridgeport to one count of conspiracy to commit fraud in connection with electronic mail (“spamming”). The charge stems from a “phishing” scheme that victimized individuals, financial institutions and companies. A phishing scheme uses the Internet to target large numbers of unwary individuals, using fraud and deceit to obtain private personal and financial information such as names, addresses, bank account numbers, credit card numbers and Social Security numbers. Phishing schemes often work by sending out large numbers of counterfeit email messages, or “spam,” which are made to appear as if they
originated from legitimate banks, financial institutions or other companies.

In pleading guilty, TONITA admitted that, from approximately February 2005 through April 2005, he conspired with others to engage in spamming. TONITA was paid to use software tools to harvest email addresses from Internet sites, focusing primarily on colleges and universities in the United States. TONITA then provided the email addresses to others with the knowledge that they would send spam to those email addresses.

Specifically, on approximately March 19, 2005, TONITA sent a file containing approximately 9,811 email addresses to a co-conspirator.

On January 18, 2007, a federal grand jury in New Haven returned an indictment charging TONITA and five other Romanian citizens for their alleged participation in the phishing scheme.

On July 18, 2009, TONITA was arrested on an Interpol warrant at the sea border crossing in Dubrovnik, Croatia. He was extradited to the U.S. on September 4, 2009.

The investigation of this matter stemmed from a citizen’s complaint concerning a fraudulent e-mail message made to appear as if it originated from Connecticut-based People’s Bank. In fact, the e-mail message directed victims to a computer in Minnesota that had been compromised, or “hacked,” and used to host a counterfeit People’s Bank Internet site. During the course of the investigation, it was determined that the defendants had allegedly engaged in similar phishing schemes against many other financial institutions and companies, including Citibank, Capital One, JPMorgan Chase & Co., Comerica Bank, Wells Fargo & Co., eBay and PayPal. TONITA is scheduled to be sentenced by United States District Judge Janet C. Hall on April 5, 2010, at which time TONITA faces a maximum term of imprisonment of five years.

This matter has been investigated by the Federal Bureau of Investigation in New Haven, Connecticut, and the Connecticut Computer Crimes Task Force. Critical assistance to the investigation also has been provided by the FBI Legal Attachés in Vienna, Bucharest and Ottawa; Interpol in Zagreb and Washington, D.C.; the Romanian National Police; the Croatian Criminal Police Directorate and Croatian General Police Directorate; the U.S. Embassy in Sarajevo; the Royal Canadian Mounted Police; Canada Border Services Agency in Montreal; and the United States Marshals Service.

The case is being prosecuted by Assistant United States Attorney Edward Chang.

source: www.cybercrime.gov

A federal grand jury in Dallas returned a superseding indictment this week charging 19 defendants in a massive cybercrime conspiracy, announced U.S. Attorney James T. Jacks of the Northern District of Texas. This indictment supersedes a September 2, 2009, indictment that charged nine of the defendants in the conspiracy.

The following 19 defendants are each charged with one count of conspiracy to commit wire and mail fraud. Defendants (3) through (7), who were charged in the original indictment, have made their initial appearances in federal court and, with the exception of defendant (6), are on pretrial release. Defendant (6) remains in custody. Defendants (10) through (15) and (18) and (19) were either arrested or have surrendered to federal authorities this week. Defendants (16) and (17) are outside of the United States.

Defendants (1), (2), (8) and (9) are believed to have fled the United States to avoid prosecution. One anonymous internet report suggested that Michael Faulkner was killed attempting to reenter the U.S. from Mexico. This report has not been confirmed.

(1) *Chastity Lynn Faulkner, 34, of Southlake, Texas (fugitive)
(2) *Michael Blaine Faulkner, 36, of Southlake, Texas (fugitive)
(3) *Brian Patrick Haney, 36 of Plano, Texas
(4) Eric Byron Littlejohn, II, 19, of Desoto, Texas
(5) Nathan Todd Shafer, 31 of Irving, Texas
(6) *Matthew Norman Simpson, 25, of Red Oak, Texas
(7) *Alicia Nicole Cargill Smallwood, 28, of Midlothian, Texas
(8) *Jason Carter Watts, 32, of Plano, Texas (fugitive)
(9) *William Michael Watts, 38, of Plano, Texas (fugitive)
(10) *Logan L. Vig, 22, of Dallas, Texas
(11) *Arya Neal Behgooy, 33, of Plano, Texas
(12) *Christopher Wayne Sigler, 27, of Roanoke, Texas
(13) *Marcus William Wentrcek, 29, of Frisco, Texas
(14) *Valerian James Stock, 42, of New Orleans, Louisiana
(15) *Ricky J. Keele, 55, of Coppell, Texas
(16) *Dmitri Siiatski, 22, of Canada
(17) *Milos Vujanic, 29, of Eastern Europe
(18) Jennifer Jo Gilliland, 29, of Phoenix, Arizona
(19) Casimir A. Wojciechowski, a/k/a Casey, 56, of Illinois

The eight-count indictment also charges 15 of the defendants (*) with fraud and related activity in connection with electronic mail and aiding and abetting. Michael Blaine Faulkner is also charged with one count of obstruction – threatening a witness or informant; one count of obstruction – hiding assets; one count of obstruction – destruction of evidence; and one count of false registration of a domain name. Matthew Norman Simpson is also charged with one count of obstruction – destruction of evidence and one count of false registration of a domain name. Logan L. Vig and Milos Vujanic area also each charged with one count of obstruction – destruction of evidence. The indictment also includes a forfeiture allegation which would require that the defendants, upon conviction, forfeit any proceeds obtained, directly or indirectly, as a result of the offense.

The indictment alleges that from March 2003 through July 2009, the defendants conspired to defraud various telecommunications companies, including AT&T; Verizon; XO Communications; SMARTnet VOIP; Waymark Communications; the lessors of properties at 2020 Live Oak, 2323 Bryan Street and 1950 Stemmons Freeway, in Dallas; various financial institutions; leasing companies and creditors, including Wells Fargo, AT&T Capital Services, and the credit reporting agencies; and various other service providers, such as power companies, insurance companies, air-conditioning companies, web site developers, and others for goods and services amounting to more than $15 million.

The indictment further alleges, that as part of the conspiracy, the conspirators made false representations to obtain goods, such as computer and telecommunications equipment and infrastructure, to include racks to hold computer equipment, generators to provide power for the equipment, and office space to install the equipment, as well as services related to the operation and use of computers and telecommunications. The conspirators created, purchased and used shell companies to hide the true identity of the owners or operators of the companies, or the relationships between the companies. They also established P.O. Boxes, commercial remailer services, shell offices, apartments, or other physical locations to hide owners’ or operators’ identity or the relationships between the companies. They assumed multiple fake identities to hide true ownership of the shell companies and made materially false representations to their victims, by mail, fax, telephone, email, or other communications, to obtain goods and services from them.

A series of search warrants were conducted by FBI agents in March and April 2009 at Chastity and Michael Faulkner’s residence in Southlake, and at a Faulkner business, Crydon, located at 1950 Stemmons Freeway in Dallas. Searches were also conducted at Core IP, located at 2323 Bryant Street in Dallas, and at other related businesses.

An indictment is an accusation by a federal grand jury and a defendant is entitled to the presumption of innocence unless proven guilty. However, if convicted, the conspiracy charge carries a maximum statutory sentence of 30 years in prison and a $1 million fine. Each of the obstruction charges carries a maximum statutory sentence of 20 years in prison and a $250,00 fine. If a defendant is convicted on a felony and also on false registration of a domain name, the penalty for that felony conviction is doubled, or increased by seven years, whichever is less. Restitution could be ordered.

U.S. Attorney Jacks praised the investigative efforts of the FBI, as well as the assistance provided by the Texas Workforce Commission, the Texas Secretary of State, the Dallas Police Department, the Southlake Police Department, Dallas Sheriff’s Office, Ellis County Sheriff’s Office, the Duncanville Police Department, the Longview Police Department, the New Orleans Police Department, and the American Registry for Internet Numbers (ARIN).

Assistant U.S. Attorney C.S. Heath is in charge of the prosecution. The investigation is ongoing.

source: www.cybercrime.gov

Kyle Jeffrey Tschiegg, 39, of Sarasota, Florida was sentenced in United States District Court here today to 90 months imprisonment for emailing threats including threats to cause a candidate to drop out of a race for statewide office in Florida, hacking into email accounts of individuals and companies, and using stolen identity information to commit computer crimes.

Carter M. Stewart, United States Attorney for the Southern District of Ohio, and Keith L. Bennett, Special Agent in Charge, of the Cincinnati Division of the Federal Bureau of Investigation (FBI) announced the sentence handed down today by Senior United States District Court Judge James L. Graham.

Tscheigg pleaded guilty on September 4, 2009 to one count each of interstate transmission of threatening communications, interstate extortion, computer intrusion, and identity theft. On August 4, 2008, Tscheigg sent an email to a Columbus company he picked at random and two company employees threatening to “start shooting the whole place up, blowing your heads off…”

In part, Tscheigg’s email said, “I want to come to “RF” company in columbus and just start shooting the whole place up, blowing your heads off, and then I’m gonna go to “Pro” in sarasota and and kill all of them too, see ya soon!! Im looking forward to painting walls with brain matter:)”

A group of approximately 40 individuals and businesses received repeated email and telephone threats or harassment by Tschiegg. At one point, approximately 3500 email accounts were being copied on the threatening emails.

Tschiegg used several methods to conceal his identity online including using his laptop computer to access the Internet through neighbors’ unsecured, wireless networks in Sarasota. Tschiegg also hacked into a Florida state legislator’s email account in October 2008. He used personal information he found about the legislator on the Internet to reset the legislator’s password. Less than two weeks before the November 4, 2008 election, Tscheigg sent two emails threatening to injure the legislator, her family and supporters unless she withdrew from the race. Tscheigg has been in custody since FBI agents arrested him at his parents’ Sarasota home on February 12, 2009.

Stewart commended the investigation by FBI agents and investigators in the Sarasota County Sheriff’s Office, as well as Assistant U.S. Attorney Deborah A. Solove and Department of Justice Attorney Joseph Springsteen of the Computer Crime and Intellectual Property Section, who prosecuted the case. Stewart also acknowledged the assistance of Assistant U.S. Attorney Laurel Moore in the Middle District of Florida.

source: www.cybercrime.gov

WASHINGTON- Albert Gonzalez, 28, of Miami, pleaded guilty today to conspiring to hack into computer networks supporting major American retail and financial organizations, and to steal data relating to tens of millions of credit and debit cards, announced Assistant Attorney General of the Criminal Division Lanny A. Breuer, U.S. Attorney for the District of New Jersey Paul J. Fishman, U.S. Attorney for the District of Massachusetts Carmen Milagros Ortiz and Director of the U.S.
Secret Service Mark Sullivan.

Gonzalez, aka “segvec,” “soupnazi” and “j4guar17,” pleaded guilty to two counts of conspiracy to gain unauthorized access to the payment card networks operated by, among others, Heartland Payment Systems, a New Jersey-based card processor; 7-Eleven, a Texas-based nationwide convenience store chain; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain. The plea was entered in federal court in Boston before U.S. District Court Judge Douglas P. Woodlock.

The case is one of the largest data breaches ever investigated and prosecuted in the United States. According to information contained in the plea agreement, Gonzalez leased or otherwise controlled several servers, or “hacking platforms,” and gave access to these servers to other hackers, knowing that they would use them to store malicious software, or “malware,” and launch attacks against corporate victims. Malware used against several of the corporate victims was also found on a server controlled by Gonzalez. Gonzalez tested malware by running multiple anti-virus programs in an attempt to ascertain if the programs detected the malware. According to information in the plea
agreement, it was foreseeable to Gonzalez that his co-conspirators would use malware to steal tens of millions of credit and debit card numbers, affecting more than 250 financial institutions. Gonzalez
was indicted in New Jersey in August 2009 for this criminal conduct.
Based on the terms of the plea agreement, Gonzalez will not seek a prison term under 17 years and the government will not seek a prison term of more than 25 years. Gonzalez pleaded guilty in September 2009 in Boston to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft relating to hacks into numerous major U.S. retailers including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority.

Gonzalez was indicted for those offenses in August 2008 in the District of Massachusetts. Gonzalez also pleaded guilty in September 2009 in Boston to one count of conspiracy to commit wire fraud relating to hacks into the Dave & Buster’s restaurant chain, which were the subject of a May 2008 indictment in the Eastern District of New York.

As part of the plea agreement with the government, the New Jersey case was transferred to the District of Massachusetts for plea and sentencing. According to the terms of the New Jersey plea agreement, the parties agree that Gonzalez’ sentence in the New Jersey case should run concurrently with the sentence imposed in the Boston and New York cases. Gonzalez remains in federal custody.

Sentencing in the Boston and New York cases is currently scheduled for March 18, 2010, in Boston. Sentencing in the New Jersey case is scheduled for March 19, 2010. “The Department of Justice will not allow computer hackers to rob consumers of their privacy and erode the public’s confidence in the security of the marketplace,” said Assistant Attorney General Breuer. “Criminals like Albert Gonzalez who operate in the shadows will be caught, exposed and held to account. Indeed, with timely reporting of data breaches and high-tech investigations, even the most sophisticated hacking rings can be uncovered and dismantled, as our prosecutors and agents demonstrated in this case.”

“Commercial hackers like Gonzalez believe they are immune from detection and prosecution as they lurk in the shadows of the Internet,” said U.S. Attorney Fishman of the District of New
Jersey. “But time and again they are caught, prosecuted and sentenced to lengthy federal prison terms. Other hackers should sit up and take notice.”

“The conviction of Mr. Gonzalez, and the unraveling of one of the most complex and large scale identity theft cases in history, should serve as a reminder to hacker organizations, that the Department of Justice will vigorously investigate and prosecute cybercrimes, regardless of their sophistication and global reach. Mr. Gonzalez’s conviction is the result of unprecedented coordination across agency and geographical lines, and I want to commend the investigators and
prosecutors who have worked tirelessly to bring this case to fruition,” said U.S. Attorney Ortiz of the District of Massachusetts.

“Today’s plea proves that although cyber criminals can threaten our nation’s financial sector, the Secret Service and its many partners around the world will pursue and prosecute them,” said U.S. Secret Service Director Sullivan. “Time and again, cooperation and advanced methodologies have allowed us to focus our resources in order to detect and prevent these types of crimes, wherever they
originate.”

The New Jersey case is being prosecuted by Assistant U.S. Attorneys Erez Liebermann and Seth Kosto of the District of New Jersey, Assistant U.S. Attorneys Stephen Heymann and Donald Cabell of the District of Massachusetts, and Senior Counsel Kimberly Kiefer Peretti of the Criminal Division’s Computer Crime and Intellectual Property Section. All of these cases are being investigated by the U.S. Secret Service.

source: www.cybercrime.gov

Sanchez, 47, who resides in The Bronx, was arrested at his home
without incident. This morning’s arrest follows an indictment returned on December 10 by a federal grand jury in Los Angeles that charges Sanchez with uploading the copyrighted “X-Men Origins: Wolverine to www.Megaupload.com last spring. The indictment was unsealed after Sanchez’ arrest this morning. Sanchez is expected to make his initial appearance today before a United States Magistrate Judge in New York.

The charge of uploading a copyrighted work to the Internet carries a statutory maximum penalty of three years in federal prison and a $250,000 fine or twice the gross gain or gross loss attributable to the offense, whichever is greater.

An indictment contains allegations that a defendant has committed a crime. Every defendant is presumed to be innocent until proven guilty in court. This case is the result of an investigation by the Federal Bureau of Investigation.

United States Attorney Karen P. Hewitt announced that Jeffrey Steven Girandola and Kajohn Phommavong have been charged in a previously sealed 16-count indictment handed up by a federal grand jury on November 20, 2009, with Conspiracy, Computer Fraud, Access Device Fraud and Aggravated Identity Theft. The indictment was unsealed upon the initial appearance of Mr. Phommavong today before United States Magistrate Judge Nita L. Stormes, in federal court in San Diego. Mr. Girandola is presently in custody in San Diego County on other charges.

According to the indictment, the defendants installed peer-to-peer file sharing software on computers under their control and searched the available peer-to-peer file sharing networks for account login information and passwords inadvertently exposed to the file sharing network by other users of the peer-to-peer file sharing software. Peer-to-peer or “P2P” software programs, the indictment explains, allow users to share files and other data with other users of that software. Most P2P software is free and available to download to anyone with a computer and an Internet connection. After installation, the user can search all files made available

for sharing by any other users of that program and download files of interest. Users can place files that the user wants to share into a folder on the user’s computer designated for sharing. It is not unusual, however, for users to download corrupt P2P programs or to misconfigure the software and unintentionally allow all of the files on their computer to be shared to the community.

The defendants are charged with using the account information and passwords that they obtained by searching the P2P networks to access the bank accounts of the victims and transfer funds to prepaid credit cards which they obtained in their own names. The defendants are alleged to have used the prepaid credit cards to purchase goods and to obtain cash in and around San Diego County. The victims include five users of the online payroll system of the United States Department of Defense (“DoD”). DoD, through its Defense Finance and Accounting Service (“DFAS”) provides an Internet accessible website to DoD personnel, including the Armed Forces, known as “DFAS MyPay,” to view and change information relating to their paychecks and other benefits. According to the indictment, the defendants accessed the accounts of the five individuals, consisting of active duty military, retired military and a civilian employee of the Air Force, Navy and Marine Corps, and re-directed their paychecks to the defendants’ prepaid credit card accounts. The defendants also are charged with victimizing a company in Florida that is in the business of selling products to assist senior citizens. All together, during the commission of these offenses from November 22, 2005, until September 12, 2006, according to the indictment, the defendant redirected and attempted to redirect over $20,000 in funds to themselves.

Bail was set at $20,000 for Mr. Phommavong. His next appearance will be on January 8, 2010, before United States District Judge Jeffrey T. Miller for hearing motions and setting a trial date. Mr. Girandola’s appearance will be arranged with the County of San Diego.

This case was investigated by Special Agents of the Cybersquad of Federal Bureau of Investigation in San Diego and by Special Agents of the Defense Criminal Investigative Service.

An indictment itself is not evidence that the defendants committed the crimes charged. The defendants are presumed innocent until the Government meets its burden in court of proving guilt beyond a reasonable doubt.

source: www.cybercrime.gov