Major Achievements in the Courtroom




André Birotte, Jr., U.S. Attorney for the Central District of California
André Birotte, Jr., U.S. Attorney for the Central District of California

Central District of California

Bank Phishing Scheme/"Operation Phish Phry" Sentencing

In June 2011, Kenneth Joseph Lucas of Los Angeles was sentenced to 11 years in prison for committing bank and wire fraud, computer fraud, money laundering, and aggravated identity theft. Lucas was one of the leaders of the phishing group targeted by Operation Phish Phry. The group's scheme involved Egyptian-based hackers who obtained bank account numbers and related personal identification information by sending e-mail messages that appeared to be official correspondence from banks or credit card vendors. Members then hacked into accounts at various banks and transferred funds to newly-created fraudulent accounts. To date, forty-seven other members of the group have been convicted in federal court in Los Angeles.



Benjamin B. Wagner, U.S. Attorney for the Eastern District of California
Benjamin B. Wagner, U.S. Attorney for the Eastern District of California

Eastern District of California

127-Month Sentence in Phishing and ID Theft Case

On June 21, 2011, in the Eastern District of California, Tien Truong Nguyen, 34, was sentenced to 151 months imprisonment for charges involving hacking, access device fraud, aggravated identity theft, and illegal possession of a firearm. United States District Judge Morrison C. England called Nguyen "a one-man wrecking crew when it comes to identity theft." In 2007, Nguyen ran about 20 "phishing" web sites and traded information with hackers in Eastern Europe. A phishing site spoofs a financial institution's web site to fool customers into divulging personal information to the phishing site operator. Nguyen passed his stolen identities to people who used them to open credit and make purchases. Nguyen's computer contained 38,500 credit cards and complete identities (each including a name, date of birth, and social security number). Nguyen, who already had convictions for various property crimes and a narcotics offense, had also kept a shotgun next to his computer. In response to Nguyen's claims of rehabilitation, Judge England said, "Maybe he'll get the message this time."



Melinda Haag, U.S. Attorney for the Northern District of California
Melinda Haag, U.S. Attorney for the Northern District of California

Northern District of California

United States v. Wallace

On July 6, 2011, Sanford Wallace was charged in an indictment with three counts of 18 U.S.C. §§ 1037(a)(1) and (b)(2)(A), Fraud and Related Activity in Connection With Electronic Mail (Hacking to Spam), two counts of 18 U.S.C. §§ 1037(a)(2) and (b)(2)(C), Fraud and Related Activity in Connection With Electronic Mail (Using Relaying to Deceive), one count of 18 U.S.C. §§ 1037(a)(4) and (b)(2)(B) - Fraud and Related Activity in Connection With Electronic Mail (False Domain Registration), three counts of 18 U.S.C. §§ 1030(a)(5)(A) and (c)(4)(B)(i), Intentional Damage to a Protected Computer, and two counts of 18 U.S.C. § 401(3), Criminal Contempt. The case, United States v. Sanford Wallace, CR 11-00456 EJD, is pending before Judge Edward J. Davila.

The indictment alleges crimes connected to Wallace's ongoing spamming of Facebook users. In November 2008, Facebook investigators observed an individual whom they believed to be Wallace accessing nearly 500,000 legitimate Facebook accounts without authorization, and using that access to send more than 27 million spam messages through Facebook's computer network. Wallace's scheme was to compromise a user's account and send out spam to all of the user's friends. He tricked users into clicking on his spam messages, because the messages appeared to be from a user's friend. Users would click through a series of links, be prompted to enter their e-mail addresses and create passwords, and would ultimately be directed to commercial sites where Wallace would earn significant revenue. In some instances, users would be instructed to enter their a phone number, and they would be charged $9.99. Wallace was able to send millions of spam messages, because he developed an automated program that could distribute the messages. Facebook estimates that it incurred a loss of $753,991.00 based on employee costs, legal expenses, domain take downs, and lost advertising revenue as a result of Wallace's conduct. Wallace earned more than $300,000 from his scheme.

In addition, on February 24, 2009, Facebook filed a lawsuit in the United States District Court for the Northern District of California (C-09-00798 JF) against Wallace and two other individuals (who were eventually released from the lawsuit) for the above-described spamming activities. The lawsuit alleged a violation of the CAN-SPAM Act of 2003, the Computer Fraud and Abuse Act, and California's Anti-Phishing and Computer Data Access and Fraud Acts.

On March 2, 2009, Judge Jeremy Fogel issued a temporary restraining order (TRO) against Wallace that prohibited him from accessing or attempting to access Facebook in any manner whatsoever, including sending spam to Facebook users, accessing or attempting to access Facebook's website, retaining any copies of Facebook's information, entering Facebook's physical premises, creating or maintaining a Facebook account, and assisting others to violate Facebook's Terms of Use. On the same day, Facebook served Wallace with Facebook's complaint, motion for a TRO, a copy of Judge Fogel's order granting the TRO, Facebook's motion for a preliminary injunction, and a summons to appear on March 24, 2009.

On March 24, 2009, Judge Fogel issued an order granting a preliminary injunction against Wallace with the same provisions as the TRO. He failed to appear at the hearing. On June 12, 2009, based upon information from Facebook, that Wallace violated the TRO and preliminary injunction, Judge Fogel informed Wallace in open court that he was referring the matter to the USAO for a criminal contempt prosecution. On June 29, 2009, Judge Fogel formally referred the case to the USAO for the Northern District of California by written letter.

Wallace failed to respond to the complaint, and he filed for bankruptcy in Nevada in an attempt to get the lawsuit dismissed. The bankruptcy court dismissed Wallace's petition for bankruptcy, because he failed to properly complete it. On September 18, 2009, Judge Fogel issued a default judgment against Wallace for $711 million dollars and issued a permanent injunction against him in accordance with the same provisions as the TRO and preliminary injunction. According to Facebook investigators, Wallace accessed his Facebook account approximately 116 times between March 2, 2009 and May 11, 2009 in violation of Judge Fogel's order.

Finally, Wallace is a sophisticated spammer who has been undeterred in his illegal activities despite being sued numerous times over the last 15 years. He also has had numerous judgments entered against him in amounts that total nearly one billion dollars. These cases include Facebook default judgment in addition to the following: MySpace v. Wallace, 498 F.Supp.2d (C.D. Cal. 2007) (court later awarded MySpace $230 million for Wallace's spam on MySpace's network); FTC v. Seismic Entertainment Productions, Case No. CV 04-00377 JD (N.H. 2006) (court ordered default judgment against Wallace for $4,089,550 and a permanent injunction from spamming); Earthlink Networks v. Cyber Promotions, No. BC 167502 (Cal. Super. Ct. L.A. County Mar. 30, 1998 (lawsuit alleged spam on Earthlink's network; case settled for an alleged $1,000,000); Bigfoot Partners L.P. v. Cyber Promotions, CV 97-7397 (S.D.N.Y. 1998) (suit alleging spam by Wallace and his company); Concentric Network v. Wallace, No. 96-20829 RMW (N.D. Cal. 1996) (suit alleging spamming and e-mail spoofing); CompuServe v. Cyber Promotions, No. C2-96-1070 (S.D. Ohio 1996) (court ordered injunction against Wallace and his company in response to spamming); Cyber Promotions v. American Online, Inc., 948 F. Supp. 436 (E.D.Pa. 1996) (court held that AOL had the right to block Wallace's spam, because there is no First Amendment right to send spam).

Laura E. Duffy, U.S. Attorney for the Southern District of California
Laura E. Duffy, U.S. Attorney for the Southern District of California

Southern District of California

Former San Diego Man Pleads Guilty to Access Device Fraud and Aggravated Identity Theft

After unsuccessfully fighting his extradition from Japan, Khris St. Ives Dulay Lu pled guilty to violating 18 U.S.C. § 1029(a)(2), access device fraud, and 18 U.S.C. § 1028A(a)(1), aggravated identity theft. In the summer and fall of 2008, Lu opened credit cards through the Travelocity.com website using the stolen personal identifiers of almost 100 San Diegans associated with his former employer. Lu used these credit cards to buy air, hotel, and show ticket packages in Las Vegas, Nevada and then resold the show tickets on Craigslist. Mid-way through the scheme, Lu relocated to China, and, later, Japan, where he was ultimately apprehended. Lu's misconduct resulted in losses of approximately $250,000. He is in custody pending sentencing.



Ronald C. Machen, U.S. Attorney for the District of Columbia
Ronald C. Machen, U.S. Attorney for the District of Columbia

District of Columbia

U.S. Attorney's Office for the District of Columbia Leads Effort to Combat Counterfeit Microchips

Over the past two years, the United States Attorney's Office for the District of Columbia has led the effort inside and outside the courtroom to stop the flow of counterfeit integrated circuits that wind up in United States military weapon systems and other critical products. These devices, commonly referred to as "microchips," are a form of computer hardware found in everything from household appliances to missiles to communication systems. The use of counterfeit integrated circuits creates risks to both public safety and national security, and also harms our economy and the legitimate businesses whose hard work and ingenuity should be rewarded.

In two recent cases involving a California company named MVP Micro and a Florida company named VisionTech Components, the United States Attorney's Office for the District of Columbia prosecuted individuals involved in the trafficking of counterfeit integrated circuits. These cases involved the importation of hundreds of thousands of counterfeit integrated circuits from China and Hong Kong for sale to the United States Navy and to defense contractors, including some circuits that were marketed as "military-grade."

An outgrowth of these prosecutions has been the establishment of the "D.C. Counterfeit Microelectronics Working Group," a public-private partnership designed to provide members with substantive information and anti-counterfeiting strategies, to provide a networking opportunity, and to develop cases for prosecution. In existence for just over a year, the working group includes more than 170 agency, military, law enforcement, and corporate members, including companies in the semiconductor and defense contracting industries. The group brings together the expertise and enthusiasm of attorneys, engineers, scientists, policy makers, academics, quality assurance and security professionals, and law enforcement to work together to address counterfeit microelectronics. The working group's widely-attended meetings are considered the key forum for identifying and coordinating efforts to combat semiconductor counterfeiting operations. A recent meeting involved a presentation by Michael Pecht, a world-renowned engineering expert who has created a certification program for counterfeit chip detection and identification.



Sally Quillian Yates, U.S. Attorney for the Northern District of Georgia
Sally Quillian Yates, U.S. Attorney for the Northern District of Georgia

Northern District of Georgia

RBS World Pay

The first week of November, 2008, an elite group of cyber criminals hacked into the computer network of RBS WorldPay, a credit and debit card processor located around Atlanta. The hackers set to work, obtaining card numbers and reverse engineering PIN codes, using the company's internal encryption system against itself in a manner never seen before.

On November 8th, the hackers distributed 44 card account numbers and associated PIN codes to the leaders of casher networks around the globe. The hackers raised the balances on those card accounts, in essence printing money. They also raised the ATM limits on the cards and notified the lead cashers that the cashout was to begin. During the cashout, the lead hackers were on the RBS WorldPay network, monitoring the withdrawals from within as they happened, accounting for every dollar. Over a twelve-hour period, at over 2,100 ATMs, in at least 280 cities worldwide, cashers fraudulently withdrew over $9.4 million. Most of the withdrawals occurred within a half-hour span. After the cashout, the hackers sent commands that destroyed transaction logs from RBS WorldPay's servers, attempting to hide their tracks.

After returning from the Veterans Day holiday weekend, employees of RBS WorldPay arrived at their Atlanta offices to learn of a $9.4 million discrepancy from their bank clients. They contacted skilled consultants. They contacted the FBI.

Through the diligence of the victim, the hard work and resources of the FBI, cooperation from law enforcement agencies in over 26 countries around the world including dozens of treaty requests back and forth to countries like Hong Kong, Estonia, Panama, and Ukraine, one year after one of the most sophisticated hacks and coordinated cybercrime schemes ever, a grand jury returned an indictment against the leaders of the scheme, alleging conspiracy to commit wire fraud, wire fraud, computer fraud, and aggravated identity theft.

One of the lead hackers has been extradited from Estonia and currently is in pretrial proceedings. More recently, a grand jury superseded the indictment to add conspiracy, wire fraud, and access device fraud charges against two lead cashers, who await extradition from France and South Africa, and against another casher who was arrested while visiting from Nigeria, at JFK airport on her way to Britain. So far, arrests have been made on four continents. The RBS WorldPay investigation broke the back of one of the most sophisticated criminal hacking organizations in the world. The investigation continues to bring those most responsible to justice.



Carmen Milagros Ortiz, U.S. Attorney for the District of Massachusetts
Carmen Milagros Ortiz, U.S. Attorney for the District of Massachusetts

District of Massachusetts

Asu Pala

On February 28, 2011, Asu Pala was sentenced to serve 82 months in federal prison, and then complete two years of supervised release. He was also ordered to pay a $12,500 fine, forfeit $7.9 million, and pay restitution to the Internal Revenue Service of $2.2 million for back taxes.

In April 2010, Pala pleaded guilty to one count of conspiracy to commit computer fraud and five counts of failure to file a United States income tax return. Had the case proceeded to trial, evidence would have proved that from 2003 through 2007, Pala and his co-conspirators infected German citizens' computers with a program that would force the computers' telephone modems to surreptitiously dial premium telephone numbers rented from German telephone companies by Pala's co-conspirators. The premium telephone lines operated like 1-900 numbers such as those used for directory assistance or astrological predictions: the telephone companies charged callers for added expenses on top of standard connection fees and sent a portion of the added expenses to those who rented the premium lines, in this case Pala's co-conspirators.

The victims were generally unaware that their computers' telephone modems were calling these numbers and charging them these expenses. Victims paid the added charges if they did not notice them on their telephone bills. The telephone companies then sent the added charges to the premium telephone line renters, who divided the proceeds among the co-conspirators, including Pala. He participated in the conspiracy by employing computer programmers to write and edit the computer hacking software and by sending the hacks to co-conspirators.

Although Pala participated in the scheme while based in Massachusetts and elsewhere in New England, he did not target United States' computers or computer users. Instead, Pala focused solely on computers and computer users in Germany and possibly other European countries, in order, he thought, to avoid prosecution in the United States.

IRS Phishing/Tax Refund Theft Sentencing

In June 2011, Mikalai Mardakhayeu, a Belarusian national and resident of Massachusetts, was sentenced to 41 months in federal prison for committing wire fraud and conspiracy. His crimes were connected to his involvement in an international online "phishing" conspiracy to steal tax refunds from United States. taxpayers. The defendant was the "money man" of the Belarus-based conspiracy that ultimately diverted $209,000 in stolen tax refunds.



B. Todd Jones, U.S. Attorney for the District of Minnesota
B. Todd Jones, U.S. Attorney for the District of Minnesota

District of Minnesota

United States v. Ardolf

On July 12, 2011, a 46-year-old man from Blaine, Minnesota, was sentenced for hacking into his neighbor's wireless Internet system and posing as the neighbor to make threats against the Vice President of the United States and to email child pornography. United States. District Court Judge Donovan W. Frank, of the District of Minnesota, sentenced Barry Vincent Ardolf to 216 months in prison, along with 20 years of supervised release on two counts of aggravated identity theft, one count of distribution of child pornography, one count of possession of child pornography, one count of unauthorized access to a protected computer, and one count of making threats to the President and successors to the presidency. Ardolf was indicted on June 23, 2010, and pleaded guilty three days into trial on December 17, 2010. Ardolf's appeal of his sentence is pending.

In his plea agreement, Ardolf admitted that in February 2009, he hacked into his neighbor's wireless Internet connection and created multiple Yahoo.com e-mail accounts in his neighbor's name. Then, on May 6, 2009, he used one of those accounts to e-mail the office of the Vice President of the United States. In that e-mail message, he stated:

"This is a terrorist threat! Take this seriously. I hate the way you people are spending money you don't have. . . . I'm assigning myself to be judge jury and executioner. Since you folks have spent what you don't have it's time to pay the ultimate price. Time for new officials after you all are put to death by us."

The e-mail message, which also was sent to the governor of Minnesota and a United States. Senator from Minnesota, also contained a threat to kill the officials one at a time, with the first being dead by June 1, 2009. Ardolf signed the e-mail message with his neighbor's name. He admittedly sent the message using the neighbor's wireless router, his intent being to have the message traced back to the neighbor. In addition to sending the threatening message described above, Ardolf admitted that in February of 2009, he posed as his neighbor and used the e-mail accounts he had created to send e-mail messages of a sexual nature to three of the neighbor's co-workers. Again, the defendant sent the messages through the neighbor's wireless Internet connection, intending for them to be traced back to the neighbor. Moreover, in one of the messages, Ardolf attached an image containing child pornography. Ardolf also created a MySpace page in the neighbor's name, on which he posted the same image of child pornography.

This investigation and prosecution highlight the importance of maintaining wireless security, in residences and businesses, by protecting against unwanted intrusions with current anti-virus software, up-to-date firewalls, and properly-encrypted wireless routers. This case was the result of an investigation by the Minnesota Cyber Crimes Task Force, which is sponsored by the Federal Bureau of Investigation and the United States Secret Service. Investigative assistance was provided by the Anoka County Sheriff's Office and the Blaine Police Department.

Preet Bharara, U.S. Attorney for the Southern District of New York
Preet Bharara, U.S. Attorney for the Southern District of New York

Southern District of New York

Operation Ghost Click

The international cyber threat is perhaps the most significant challenge faced by law enforcement and national security agencies today. Online criminals can reach across thousands of miles to steal from victims with just the click of a mouse, safe behind the obscurity afforded by the Internet. In light of the dangers posed by cybercrime, the U.S. Attorney's Office for the Southern District of New York has made it a priority to aggressively pursue cyber criminals.

The challenges posed by the transnational nature of Internet-based crime and the increased sophistication of cyber criminals have magnified the difficulties of detecting, investigating, and prosecuting online illegal activity. As a result, the Southern District of New York has sought out partnerships with foreign law enforcement agencies and has coordinated with domestic and international private sector entities to both collect valuable evidence and locate and arrest cyber criminals.

Most recently, the Southern District of New York announced charges against six Estonian nationals and one Russian citizen in Operation Ghost Click. The defendants are alleged to have engaged in a massive, complex Internet fraud scheme that infected with malware more than four million computers located in over 100 countries. Of the infected computers, at least 500,000 are alleged to have been in the United States, including computers belonging to United States government agencies, such as NASA, educational institutions, non-profit organizations, commercial businesses, and individuals. The malware is alleged to have secretly altered the settings on infected computers. This enabled the defendants to hijack online browsing activity and re-route victims to websites and advertisements for which the defendants fraudulently received millions in advertising fees. Significantly, the malware is also alleged to have prevented updates to victims' anti-virus software or operating systems, leaving the victims' computers vulnerable a toxic cocktail of other malware infections.

The six Estonian defendants were arrested by the Estonian Police and Border Guard Board in coordination with the FBI and NASA's Office of Inspector General. They are alleged to have earned at least $14 million from the fraudulent scheme.

Just as important as the arrests was the remediation effort. The defendants are alleged to have been able to execute their fraudulent scheme, in part, because their malware attacked a critical piece of Internet infrastructure: the domain name system, or DNS, which translates user-friendly domain names, like irs.gov, to the numerical addresses used by computers to locate websites. In addition to arresting the defendants, the FBI dismantled more than 100 servers in locations around the United States which the defendants used to support their rogue DNS, and on which millions of infected computers relied to access websites. To avoid any disruption in Internet service, the Southern District of New York obtained a court order replacing the defendant's rogue DNS servers with clean ones, and appointing a not-for-profit entity, the Internet Systems Consortium, to act as a third-party receiver and administer the replacement DNS servers for 120 days, during which time victims can fix their computers.



Anne Tompkins, U.S. Attorney for the Western District of North Carolina
Anne Tompkins, U.S. Attorney for the Western District of North Carolina

Western District of North Carolina

ATM Hacking Sentencing

In May 2011, Rodney Reed Caverly was sentenced in the United States District Court for the Western District of North Carolina to 27 months imprisonment for making unauthorized access to a financial institution's protected computers, in violation of Title 18, United States Code, Section 1030(a)(4). Caverly, an employee of Bank of America, maintained and designed the bank's computer systems, including computers utilized for conducting financial transactions at its automated teller machines (ATMs). A review of Bank of America's computer systems identified five malicious code files that were deployed from March 2009 through October 2009. The malicious code caused the ATMs to disburse all of its cash in a single transaction. Over $300,000 was emptied from the affected ATMs without any financial record of the disbursements. Approximately $167,000 of the stolen cash was recovered by federal agents from the crawlspace of Caverly's unsuspecting neighbor.



Kenneth Magidson, U.S. Attorney for the Southern District of Texas
Kenneth Magidson, U.S. Attorney for the Southern District of Texas

Southern District of Texas

ATM Hacking Sentencing

In May 2011, Thor Morris of North Carolina was sentenced to 37 months in prison for committing fraud and related activity in connection with computers, stemming from his plan to hack into approximately 35 Houston-area ATMs in an attempt to embezzle more than $200,000.



Neil H. MacBride, U.S. Attorney for the Eastern District of Virginia
Neil H. MacBride, U.S. Attorney for the Eastern District of Virginia

Eastern District of Virginia

14-Year Sentence in Carding Case

In September 2011 Tony Perez III, 21, of Hammond, IN, was sentenced to 14 years in prison and ordered to pay $2.8 million in forfeiture in a carding case. In his earlier plea to wire fraud and aggravated identity theft, Perez admitted that he ran an online business that sold counterfeit credit cards encoded with stolen account information. When executing a search warrant at Perez's apartment, agents found a counterfeit credit card manufacturing operation and nearly 21,000 stolen credit card numbers, and related information, in his computers and e-mail accounts. Credit card companies identified thousands of fraudulent transactions using the card numbers found in Perez's possession, totaling more than $3 million.


60-Month and 30-Month Sentences in Counterfeit Cisco Equipment Case

In September 2011, Chun-Yu Zhao, 43, of Chantilly, VA, was sentenced to 60 months in prison for leading a conspiracy to import and to sell counterfeit Cisco-branded computer networking equipment, laundering criminal proceeds and obtaining her citizenship through fraud. She was also stripped of her United States citizenship, ordered to pay $2,709,238 in restitution, and ordered to forfeit multiple homes and condos, luxury automobiles, and bank accounts worth several million dollars combined. In August 2011 Zhao's co-conspirator, Donald H. Cone, 48, of Frederick, Md., was sentenced to 30 months in prison for his role in the conspiracy. He was also ordered to pay $143,300 in restitution.


Website founder and operators convicted of criminal copyright conspiracy for running website

In September and October 2011, Matthew David Howard Smith, 23, of Raleigh, NC, Hana Amal Beshara, 29, of Las Vegas, NV, Joshua David Evans, 34, of North Bend, WA, and Jeremy Lynn Andrew, 33, of Eugene, OR, pleaded guilty to various charges , including conspiracy and criminal copyright infringement, for their roles in founding and operating "NinjaVideo," a website that, over a 2 ½-year period, provided millions of users with the ability to illegally stream and download infringing copies of copyrighted movies and television programs. Many of the movies were still playing in theaters, while others had not yet been released. Smith designed the technology that allowed users to view content in a specialized browser, where advertising was present. The conspiracy collected more than $500,000 in ad revenue and "donations" during its time of operation. Beshara (infamously known on the Internet as "Phara") was the day-to-day administrator, took a lead role in policing the site, and made numerous postings and podcasts to publicize its operations. Evans was the "Head God" of the "uploaders" who were responsible for locating and uploading infringing content. Andrews was the "Head of Security" and was a website administrator and forum moderator. At its height, nearly a million visitors went to NinjaVideo each day.


120-Month Sentence in Hacking, Carding and ID Theft Case

In August 2011, Rogelio Hackett Jr., of Lithonia, Ga., was sentenced to 120 months for trafficking in counterfeit credit cards and aggravated identity theft. Agents searched Hackett during their investigation, and they located more than 675,000 credit card numbers that he had used in tens of thousands of fraudulent transactions. These transactions totaled more than $36 million in actual losses to the credit card issuers and other victims. Hackett admitted that, since at least 2002, he had been hacking into credit card databases and purchasing the information from "carding forums." Notably, at sentencing, rather than rely on the $500 per card value of loss as provided in the United States Sentencing Guidelines, the credit card companies were able to calculate an actual loss figure attributable to the stolen credit cards.



Jenny A. Durkan, U.S. Attorney for the Western District of Washington
Jenny A. Durkan, U.S. Attorney for the Western District of Washington

Western District of Washington

In the Western District of Washington, U.S. Attorney Jenny Durkan has made combating cybercrime a top priority. As Chair of the Justice Department's Cybercrime and Intellectual Property Enforcement advisory group, U.S. Attorney Durkan is particularly well versed in the dangers posed to both individuals and businesses by hackers who compromise our online security, and steal and exploit our valuable personal, professional, and financial information for their own criminal gain. A case filed recently in the WD WA spotlights the wide array and scope of the potential harms of hacking, as well as the critical importance of prompt reports, to law enforcement, of network intrusions.

The defendants in this "WEP hacking" case used a variety of techniques and schemes to hack dozens of businesses in the Puget Sound area. Using cars fitted with laptop computers, special power supplies, and extended range antenna, they would "war-drive" through commercial neighborhoods and reconnoiter businesses' wireless networks – looking, in particular for systems with less secure "WEP" encryption that could be vulnerable to password cracking techniques. Alternatively, they would adapt "old school" techniques to facilitate hacks—by burglarizing businesses, for example, which would give them physical access to server rooms and servers, which would then provide the opportunity to physically attach media that contained password cracking or password bypass programs. Using those media, they could effect downloads of data or uploads of malware that would allow them to get access to the compromised networks remotely, at a later date. Stolen laptops also provided WiFi access keys, and VPN and remote desktop credentials that would support future remote hacks.

Once the defendants had hacked into a business's network, they had access to—and fully exploited—the vast array of linked data and services that businesses have come to rely on for their everyday operations and commercial success. The defendants manipulated payroll systems to issue company paychecks to loadable debit card accounts they had opened—and then immediately drained the accounts through multiple debit card cash-outs at local ATMs. They made fraudulent online purchases—through the victim businesses' established commercial accounts—of computers and other high end electronics that they, in turn, either resold online, or deployed for further criminal hacking activity. They stole personal, identifying information of customers, employees, and business owners and used that information to fraudulently open new payroll, online payment, and credit accounts, which they then used, too, for fraudulent purchases and transactions. And to conceal all these criminal online activities, the defendants routinely "piggy-backed" onto the unsecured wireless accounts of other businesses or individuals, making it appear as though the criminal activity was attributable to those innocent third parties.

Fortunately, businesses that were victimized by the defendants began to report the intrusions, and burglaries (which initially were thought to be "just" isolated burglaries) to law enforcement agencies. Dedicated local police officers, working collaboratively as part of the USSS Seattle Field Office Electronic Crimes Task Force and with the benefit of the federal resources made available as a result, worked the investigation diligently and ultimately were able to connect what were initially disparate dots into patterns that led finally to the charged defendants. The over 50 businesses that were victimized were invited to meet with the prosecutor and investigators on the eve of indictment, at which time the government was able both to recognize the courage of the businesses who made those reports, and the significance of them in bringing the defendants to justice. Based on bonds forged at that meeting, three victim companies agreed to participate in a press conference to publicize the risks of vulnerable wireless networks, and the importance of timely reporting network intrusions to law enforcement.

One of the three defendants charged has now entered pleas of guilty to a range of crimes that include Conspiracy, Intentionally Causing Damage to Protected Computers, Accessing Protected Computers to Further Fraud, Access Device Fraud, and Aggravated Identity Theft. The trial date for the remaining two defendants has been set for April, 2012. The U.S. Attorney's Office anticipates federal charges against at least one other associate, and state charges against another.

The tips offered to the public at the press conference for this case included the following:

  • Secure wireless networks with the latest and most robust level of encryption available, (currently WPA-2).

  • Keep a record of all laptop computers and ensure that any computers with remote access are encrypted. Any missing laptop computers should have passwords and credentials replaced immediately.

  • Businesses should be aware of hacking that can occur from physical access to the server room as well as from external hacking.

  • Managers should be aware of "water cooler" talk among employees that may indicate a breach has occurred. This includes multiple employees complaining of fraud on personal accounts.

  • Businesses should ensure that they have a security response plan prepared in the event that some kind of incident does occur.

  • If you notice suspicious activity, contact your local law enforcement. You can make a referral to the U.S. Secret Service Electronic Crimes Task Force or other law enforcement agencies through the Justice Department's portal.

Multi-District Cybercrime Cases

"Scareware" Crime Ring Takedown & Indictment/Operation Trident Tribunal

In the Southern District of Florida, Western District of Pennsylvania, and the Eastern District of Missouri

In June 2011, charging documents were unsealed in the District of Minnesota, search warrants were executed in the Western District of Washington, and arrests were made in Latvia. These activities were part of a takedown of an international cybercrime ring that sold fraudulent computer security software known as "scareware." The scheme used a variety of ruses to trick consumers into infecting their computers with malicious scareware products. The crime ring was responsible for infecting hundreds of thousands of computers with scareware and sold more than $72 million of the fake antivirus product over a period of three years. The indictment charged two Latvian nationals with wire fraud and computer intrusion. More than 40 computers, servers, and bank account were seized. The case is as part of Operation Trident Tribunal, an ongoing, coordinated enforcement action targeting international cybercrime.


48-Month Sentence in Online Auction Fraud Case

In the Northern District of Illinois and the District of Columbia

In July 2011, Adrian Ghighina of Bucharest, Romania, was sentenced to serve a 48-month federal prison sentence. His conviction resulted from guilty pleas to wire fraud and conspiracy charges. Ghighina acted as a "money mule" in a complex Internet fraud conspiracy. Ghighina's co-conspirators, many of whom were in Romania, created fraudulent online auctions for expensive items. Purchasers were directed to transmit payment for the non-existent items using Western Union and bank wire transfers to accounts controlled by Ghighina. Ghighina moved from city to city in the United States and opened new accounts at financial institutions using false means of identification.