Skip to main content
Press Release

Gladstone Man Pleads Guilty to his Role in Computer Hacking, ID Theft Scheme

For Immediate Release
U.S. Attorney's Office, Western District of Missouri

KANSAS CITY, Mo. - Tammy Dickinson, United States Attorney for the Western District of Missouri, announced that the fifth and final defendant pleaded guilty in federal court today to his role in a $725,000 fraud scheme that involved hacking into business computer systems to steal the identity information of hundreds of their customers.

Vince Evola, 45, of Gladstone, Mo., pleaded guilty before U.S. Chief District Judge Fernando J. Gaitan to conspiracy to commit mail fraud.

By pleading guilty today, Evola admitted that he participated in a computer hacking and identity theft scheme with his ex-wife, Kimberly Evola, 45, of Gladstone, his sisters, Carrie Evola, 46, of Gladstone and Rosemary Evola, 42, of Overland Park, Kan., and Sael Mustafa, 35, a citizen of Jordan who resided in Gladstone.

The three-year-long scheme, which began in 2006, was designed to obtain stolen credit and debit card numbers from hundreds of victims and use that information to make online purchases. Vince Evola acknowledged in today’s plea agreement that a loss between $30,000 and $70,000 can be attributed to his conduct.

All of Vince Evola’s co-defendants already have pleaded guilty and been sentenced. Mustafa, the leader of the scheme, was sentenced on July 8, 2011, to 10 years in federal prison without parole and ordered to pay restitution to his victims. Mustafa committed a substantial part of the fraud scheme outside the United States. Before moving to Gladstone, Mustafa used the wireless network at an Internet café in Jordan to hack into company Web sites, as well as to use the stolen identity information to access online credit card accounts and to conduct fraudulent transactions. He moved from Jordan to Gladstone in January 2009 and continued to operate the scheme until April 2009.

Court documents describe the computer hacking, identity theft and fraud scheme as follows:

Step One: The Computer Hack

Mustafa accessed the computer servers that hosted the Web sites of several businesses to access customer databases and download the customers= personal information. Mustafa exploited these businesses for presumably less secure information, such as e-mail addresses, Web site passwords and security questions. This information was usually provided to the business by a customer registering on the Web site for online services such as a company newsletter, making a reservation, buying a gift card, or receiving e-mail coupons.

Step Two: Accessing Credit Card Accounts

Mustafa and his co-conspirators then tried to use this stolen customer information at major credit card Web sites. Mustafa counted on the likelihood that many identity theft victims used the same password for the hacked accounts that they used for their online credit card accounts. Mustafa visited various credit card Web sites and, by trial and error, tested the stolen identity information to see if it matched the login and password information for their credit card account. If a victim had an account at a particular credit card Web site, and if the victim used the same login and password information, Mustafa was able to access their accounts.

Step Three: Using the Victims’ Accounts

After gaining access to victims' credit card accounts, conspirators purchased more than $240,000 worth of airline tickets (both domestic and international) and more than $30,000 in gift cards online. They also sent, or attempted to send, more than $344,000 in wire transfers and conducted more than $106,000 in other fraudulent online transactions (such as a subscription to the Al-Jazeera Channel). They purchased gift cards or made purchases online from businesses such as Hy-Vee, Nebraska Furniture Mart, AMC Theaters, Bass Pro Shop, Hallmark, Liz Claiborne, Lowes, Red Lobster, Olive Garden, PF Chang’s, and Zales, among others. They directed the products to be mailed to their residences.

Under federal statutes, Evola is subject to a sentence of up to 20 years in federal prison without parole, plus a fine up to $250,000. A sentencing hearing will be scheduled after the completion of a presentence investigation by the United States Probation Office.

This case is being prosecuted by Assistant U.S. Attorney Matthew P. Wolesky. It was investigated by the U.S. Postal Inspection Service and the Gladstone, Mo., Police Department.
Updated January 8, 2015