Cyber Sweep

Executive Summary:

Operation Cyber Sweep represents a coordinated initiative targeting an expansive array of Cyber Crime schemes victimizing individuals and industry worldwide.  This initiative highlights numerous investigations that have been successfully advanced through cooperation and coordination of law enforcement, and a growing list of industry partners.  

Cases included in Operation Cyber Sweep exemplify the growing volume and character of  Internet facilitated crimes confronting law enforcement, and also underscores the continuing commitment of law enforcement to aggressively pursue cyber criminals, both domestically and abroad.   Historically, Cyber criminals abroad have perceived themselves as beyond the reach of U.S. authorities, and in some instances, untouchable by their own country’s law enforcement.  Until recently, law enforcement and industry were consistently frustrated with the inability to effectively pursue matters in certain countries.  That situation is rapidly changing, due to a concerted emphasis within DOJ to train and equip law enforcement in many of these countries, including Ghana, Nigeria and Romania.  Due in large part to these efforts, certain noteworthy international successes included in Operation Cyber Sweep became possible.

Criminal schemes included in this initiative include: International re-shipping schemes, auction fraud, spoofing/phishing, credit card fraud, work at home schemes, cyber-extortion, Intellectual Property Rights (IPR), Computer Intrusions (hacking), economic espionage (Theft of Trade Secrets), International Money Laundering, Identity Theft, and a growing list of “traditional crimes” that have migrated on-line. 

The substantial accomplishments included in this initiative are attributable to the growing number of joint cyber-crime task forces established across the U.S.  Over the past year, more than 50 such task forces have either been established or significantly augmented with resources from numerous federal, state and local agencies.  Enhanced industry partnerships developed in coordination with associations such as the Merchants Risk Council (MRC), the Business Software Alliance (BSA), the Software and Information Industry Association (SIIA) and the Motion Picture Association of America (MPAA) also contributed significantly to the success of this initiative.   Operation Cyber Sweep has been coordinated at the Federal level with the Department of Justice, the FBI, the U.S Postal Inspection Service, the U.S. Secret Service, the Federal Trade Commission and the Bureau of Immigration and Customs Enforcement.   Numerous state and local law enforcement agencies contributed significantly to this initiative as well.  State & Local participation in this effort was amplified in coordination with The National White Collar Crime Center (NW3C).

Operation Cyber Sweep includes more than 100 investigations, in which more than 125,000 victims lost more than $100 million dollars.   Through these investigations more than 350 subjects were targeted, resulting in 125 arrests/convictions, 70+ indictments and the execution of more than 90 search/seizure warrants.   Although significant in number, these investigations represent only a fraction of the cyber crime problem, underscoring not only the need for sustained law enforcement focus, but the continuing development of expanded industry partnerships as well.

Common Internet Fraud Schemes

Advance-Fee Fraud Schemes

The victim is required to pay significant fees in advance of receiving a substantial amount of money or merchandise.  The fees are usually passed off as taxes, or processing fees, or charges for notarized documents.  The victim pays these fees and receives nothing in return.  Perhaps the most common example of this type of fraud occurs when a victim is expecting a large payoff for helping to move millions of dollars out of a foreign country.  The victim may also believe he has won a large award in a nonexistent foreign lottery.

Business/Employment Schemes

Typically incorporate identity theft, freight forwarding, and counterfeit check schemes.  The fraudster posts a help-wanted ad on popular Internet job search sites.  Respondents are required to fill out an application wherein they divulge sensitive personal information, such as their date of birth and Social Security number.   The fraudster uses that information to purchase merchandise on credit.  The merchandise is sent to another respondent who has been hired as a freight forwarder by the fraudster.  The merchandise is then reshipped out of the country.  The fraudster, who has represented himself as a foreign company, then pays the freight forwarder with a counterfeit check containing a significant overage amount.  The overage is wired back to the fraudster, usually in a foreign country, before the fraud is discovered.         

Counterfeit Check Schemes

A counterfeit or fraudulent cashier’s check or corporate check is utilized to pay for merchandise.  Often these checks are made out for a substantially larger amount than the purchase price.  The victims are instructed to deposit the check and return the overage amount, usually by wire transfer, to a foreign country.  Because banks may release funds from a cashier's check before the check actually clears, the victim believes the check has cleared and wires the money as instructed.  One popular variation of this scam involves the purchase of automobiles listed for sale in various Internet classified advertisements.  The sellers are contacted about purchasing the autos and shipping them to a foreign country.  The buyer, or person acting on behalf of a buyer, then sends the seller a cashier's check for an amount several thousand dollars over the price of the vehicle.  The seller is directed to deposit the check and wire the excess back to the buyer so they can pay the shipping charges.  Once the money is sent, the buyer typically comes up with an excuse for canceling the purchase, and attempts to have the rest of the money returned.  Although the seller does not lose the vehicle, he is typically held responsible by his bank for depositing a counterfeit check. 

Credit/Debit Card Fraud

Is the unauthorized use of a credit/debit card to fraudulently obtain money or property.  Credit/debit card numbers can be stolen from unsecured web sites, or can be obtained in an identity theft scheme.

Freight Forwarding/Reshipping

The receiving and subsequent reshipping of on-line ordered merchandise to locations usually abroad.  Individuals are often solicited to participate in this activity in chat rooms, or through Internet job postings.  Unbeknownst to the reshipper, the merchandise has been paid for with fraudulent credit cards.  

Identity Theft

Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud.  Identity theft is a vehicle for perpetrating other types of fraud schemes.  Typically, the victim is led to believe they are divulging sensitive personal information to a legitimate business, sometimes as a response to an email solicitation to update billing or membership information, or as an application to a fraudulent Internet job posting.

Investment Fraud

An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities.

Non-delivery of Goods/Services

Merchandise or services that were purchased or contracted by individuals on-line are never delivered. 

Online Auction/Retail

The fraud attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the non-delivery of products purchased through an Internet auction site.

Phony Escrow Services

In an effort to persuade a wary Internet auction participant, the fraudster will propose the use of a third-party escrow service to facilitate the exchange of money and merchandise.  The victim is unaware the fraudster has spoofed a legitimate escrow service.  The victim sends payment or merchandise to the phony escrow and receives nothing in return. 

Ponzi/Pyramid Schemes

Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high profits.  However, no investments are actually made by the so called “investment firm.”  Early investors are paid returns with the investment capital received from subsequent investors.  The system eventually collapses and investors do not receive their promised dividends and lose their initial investment.

Spoofing/Phishing

A technique whereby a fraudster pretends to be someone else's email or web site.  This is typically done by copying the web content of a legitimate web site to the fraudster's newly created fraudulent web site.  Phishing refers to the scheme whereby the perpetrators use the spoofed web sites in an attempt to dupe the victim into divulging sensitive information, such as passwords, credit card and bank account numbers. The victim, usually via email is provided with a hyperlink that directs him/her to a fraudster's web site.  This fraudulent web site’s name (Uniform Resource Locator) closely resembles the true name of the legitimate business.  The victim arrives at the fraudulent web site and is convinced by the sites content that they are in fact at the company’s legitimate web site and are tricked into divulging sensitive personal information.  Spoofing and phishing are done to further perpetrate other schemes, including identity theft and auction fraud.

OPERATION CYBER SWEEP

This map depicts the locations of the investigative actions highlighted in Operation CYBER SWEEP.

These screen-captures illustrate the similarities between the websites for the fraudulent escrow service (pictured above) and the legitimate escrow service (pictured below). 

Sampling of Investigations from Operation Cyber Sweep:

The following cases are a sampling of the investigations that are a part of this initiative.  Some of the information has been generalized due to the on-going nature of  a small number of investigations.

 Phony Escrow Services

The subject of this investigation operated a fraudulent website called www.safexchange-escrow.com.  This site, which was nearly identical to a legitimate website operated by an escrow company located in Singapore, www.safe-ex.com, was designed to deceive victims into believing that they were working with a legitimate escrow company.  The operator of the fraudulent escrow service used the bogus website to entice eBay auction sellers to mail high-dollar merchandise to mail drop sites in the Philadelphia area.

	Items fraudulently obtained via the phony escrow service include a $42,000 diamond ring, as well as, a ruby and diamond necklace and matching earrings, valued at over $25,000.

 

 

In conversations with the Undercover Agent, the subject advised he wanted to sell U.S. Navy Seaman Robert Blume’s Congressional Medal of Honor, awarded for service in the Spanish American War, for $12,000.  Although the subject wanted this sale to occur in Canada, he expressed a willingness to sell the Undercover Agent additional Medals of Honor, including one that had been awarded to U.S. Army First Sergeant George Washington Roosevelt, for service in the Battles of Bull Run and Gettysburg, for $30,000.  The subject stated he would be willing to meet in the United States for any subsequent sales, and also requested assistance in finding buyers for other medals, firearms, and "large and expensive items" which could be shipped across the border to the United States.  Following the purchase of Blume’s Medal of Honor, it was arranged for the subject to travel to Buffalo, New York, to purchase Roosevelt’s Medal of Honor for $30,000.   When the subject arrived in the United States, he was arrested and charged, and is scheduled to plead guilty.

This investigation was conducted with the assistance of the following agencies:  The Buffalo Cyber Task Force, composed of: The FBI, The Buffalo Police Department, The Erie County Sheriff's Office, The Greece Police Department, The New York State Attorney General's Office, The New York State Police, and The United States Secret Service.  Other agencies providing assistance include: The United States Attorney’s Office; Bureau of Immigration and Customs Enforcement; United States Ambassador to Canada; Royal Canadian Mounted Police, Toronto, Canada; Peel Regional Police Department, Ontario, Canada; Provincial Weapons Enforcement Unit, Ontario, Canada; Department of the Navy, Naval Historical Center; Department of the Army, Military Awards; and the Medal of Honor Society.

Internet Fencing Operation

This Chicago based scheme involves 20+ individuals who were active members of a theft ring/fencing operation which used Internet auction sites to sell the stolen merchandise at prices far below what the items could legitimately be purchased for.  The stolen merchandise was obtained via thefts from interstate shipments and major retail stores across the U.S.  The main subjects of the investigation are a mother and son who operated three Chicago area pawnshops.  The two have generated approximately $3,000,000.00 via Internet auction sales since January 2001.  Search warrants executed during the course of the investigation have resulted in the recovery of stolen merchandise valued at $175,000.00.

It is anticipated federal charges of criminal conspiracy to commit interstate transportation of stolen property, mail fraud, wire fraud, and possession of property stolen from interstate shipments will be filed during the week of November 17, 2003.

The Chicago offices of the Federal Bureau of Investigation, the United States Postal Inspection Service, and the Chicago Police Department investigated this matter.

The “Reshipping” Scheme

As the popularity of shopping on the Internet has grown, so have correspondingly the number of e-commerce websites.  As traditional brick and mortar stores continue to increase their World Wide Web presence, the organized criminal elements have quickly responded by adapting, changing, and bringing their tradecraft to the Cyber world. 

Although the “Reshipping” scheme continues to change and evolve with time, one main underlying component remains the same.  This scheme requires individuals in the United tates who, in some instances are coconspirators and, at other times, are unwitting accomplices, to receive packages at their residence and subsequently repackage the merchandise and ship it to another location, usually abroad.       

“Reshipper” Recruitment

“Reshippers” are being recruited in various ways.  However, the two most prevalent recruitment scenarios that transpire almost everyday are described as follows: 

Employment

Unknown subjects post help-wanted advertisements at popular Internet job search sites.  Respondents throughout the United States, who are very much interested in the prospect of working at home, quickly respond to the on-line advertisement.  As part of the application process, the prospective employee is required to complete an employment     application, wherein he/she divulges sensitive personal information, such as their date of birth and social security number.

The applicant is informed that he/she has been hired and will be responsible for forwarding merchandise purchased in the United States to the company’s overseas home office.   The scheme now transitions to the freight-forwarding phase, commonly referred to as the "Reshipper."  The packages quickly begin to arrive and, as instructed by his/her employer, he employee dutifully forwards the packages to their overseas destination.  Unbeknownst to the “Reshipper,” the recently received merchandise was purchased with fraudulent credit cards.

After being employed for one month, the employee is now ready to receive his/her first paycheck.  Prior to receiving his/her first payroll check, the employer contacted the employee by the usual means, email, and informed him/her that another business, which owes him money, will be forwarding to him/her a cashier’s check drawn on a United States financial institution.  Incidentally, the cashier’s check will be issued for an amount in excess of the employee’s negotiated monthly stipend.  The employee will be instructed to negotiate the cashier’s check and electronically forward the overage to an overseas bank account.  As a matter of fact, the employer will extend his good will by offering the new employee a small financial bonus for the inconveniences associated with negotiating the cashier’s check.

  A fraudulent website offering, “work at home” employment.

Subsequently, the new employee will be contacted by the financial institution that recently handled the transactions and be informed that the cashier’s check was in fact a fraudulent nstrument.  At that time, the employee will also be informed that he/she is liable for the total amount of the negotiated fraudulent cashier’s check.

The employee now realized his/her employment was fraudulent.  However, this fraudulent scheme does not end here.  For the victim employee, it is now when the most troubling aspect of this employment begins.  Remember at the outset of the interview, the prospective employee was required to complete an employment application that asked for very personal information.  That information is in the hands of an unscrupulous “employer,” who unbeknownst to the victim employee has already obtained credit in his/her name. 

“Friendship” and “Love” via Internet Relay Chat

While conversing in various Internet Relay Chat “rooms,” unsuspecting United States citizens are befriended by unknown individual(s) who represent themselves as living in either Ghana or Nigeria.  At this initial juncture, the unknown subject’s line of recruitment will take one of two paths.

“Friendship”

After establishing this new on-line “friendship,” the unknown subject explains that, for various legal reasons, his/her country will not let direct business shipments into his/her country from the United States.  After the unknown subject has “played" their sad story, he/she asks for permission to send recently purchased items to his/her United States address for subsequent shipment abroad.  The unknown subject further explains that he/she will cover all shipping expenses.  After the U.S. citizen agrees, the proverbial “flood gates” open and the packages start to arrive at great speed.  This fraudulent scheme lasts several weeks until the “reshipper” is contacted.  The victimized merchants explain to the “reshipper” that the recent shipments were purchased with fraudulent credit cards.  The “reshipper” is interviewed by law enforcement and usually cooperates in the investigation.

“Love”

This recruitment method is very similar in nature to the scheme detailed above.  However, instead of friendship, this unknown subject uses the art of seduction to ensnare his/her unwitting accomplice.  The unknown subject quickly confirms his/her romantic overtures by providing his/her unsuspecting partner with a nominal gift.

After the romantic trap has been set, the unknown subject proffers the idea of him/her being allowed to utilize their partner’s U.S. residential address for the receiving and subsequent reshipping of the recent on-line purchases.  Once the agreement has been reached, the packages start to quickly arrive and, out of his/her feelings of obligation, the packages are quickly prepared for reshipment abroad.  Several weeks pass and eventually, the U.S. girlfriend/boyfriend is contacted by the victimized merchants.  Shortly thereafter, the strings of attachment are untangled and the boyfriend/girlfriend realize that their Cyber relationship was nothing more than an Internet scam to help facilitate the transfer of goods that were purchased on-line by fraudulent means.   

“Reshippers” Economic Impact

In preparation for Operation Cyber Sweep, the Internet Crime Complaint Center (IC3), through its established public/private alliance with the Merchants Risk Council (MRC), requested suspected on-line fraudulent “Reshipper” transaction for the 120 days preceding November 1, 2003.

Numerous Reshipper investigations have been initiated nationwide and abroad, coordinated via the IC3.  USPIS, FBI, USSS and a myriad of state and local agencies have participated in these investigations.

Members of the MRC reported 7,812 fraudulent transactions with an aggregated potential economic loss of $1.7 million.  Analysis of the transactional data identified

5,053 addresses in the United States that were utilized in the furtherance of the “Reshipper” scheme. 

As a result of the continual real time sharing of information between law enforcement and private industry, over $350,000 in merchandise was recovered and returned to the respective victim companies. 

According to the MRC, e-commerce in the United States has experienced losses related to the “Reshipper” scheme in excess of 500 million dollars.

“LOVERSPY”  Intrusion/Illegal Interception of Communications

The subjects of this investigation were selling a service marketed as a way to “catch a cheating lover.”  The service sends software in the form of an e-mail greeting card, which says, “I Love You” or a similar message.  Once the greeting card is opened, the software installs itself on the victim’s computer and logs all keystrokes. The service was marketed to potential buyers via spammed e-mail messages.  For $89, each buyer received access to a webpage that allowed him or her to send five greeting cards containing the malicious software that could be sent to five separate e-mail addresses.  Both the main subject and the buyers received logs of victims’ computer activity.  The subject also received copies of all keystrokes.

In October 2003, a search warrant was executed at the residence of the main subject which revealed more than 1,000 victims of intrusion with an egregious loss of privacy and an estimated economic loss of $500,000. The number of victims and the economic loss are expected to increase as the records obtained during the search are analyzed. Charges for intrusion and interception of electronic communications against the main subject, co-conspirators, and purchasers of the software are being considered.

This case is being prosecuted by the U.S. Attorney’s Office, Southern District of California, and investigated by B-ICE, Department of Justice-CCIP and FBI San Diego.

Auction Fraud (Non-Delivery of Merchandise)

In what eBay and investigators believe may be the largest domestic eBay auction fraud case, Russell Dana Smith, aka John P. Leary, is charged in a 54-count indictment returned in the District of Utah with operating a scheme to defraud winning bidders of eBay auctions by failing to deliver equipment purchased by winning bidders.  The indictment alleges Smith auctioned computers on eBay and had auction winners pay for the computers by sending money to him through the mail or having payments transferred into his bank accounts.  Although winning bidders paid for the computer equipment, the indictment alleges Smith did not provide the equipment to them.  The dollar loss and total number of victims in the case is still under investigation, although both appear to be substantial.

This case was investigated by the Utah Cyber Crime Task Force, composed of the Federal Bureau of Investigation, the Department of Defense, the United States Postal Inspection Service, the Utah State Attorney General’s Office, the Salt Lake City Police Department, the West Valley City Police Department, and the South Salt Lake City Police Department.

Access Device Fraud

In a case highlighting the multiple criminal violations often employed in a typical fraudulent Internet scheme, the subject of this investigation orchestrated a sophisticated plan to obtain expensive electronic merchandise through a combination of Access Device Fraud, Identity Theft, Credit Card Fraud, Wire Fraud, and Mail Fraud.  The subject facilitated this scheme by illegally obtaining legitimate Internet connection accounts for customers of a major Internet Service Provider (ISP).  The subject accomplished these ISP account takeovers by entering ISP chat rooms and cutting and pasting the list identifying which users were currently in the chat room.  The subject then used “cracker” software, available for download from the Internet, to gather information concerning the users’ passwords.  This code breaking software utilized a brute force attack which was able to randomly guess the user IDs and passwords of approximately 800 of the ISP's legitimate customers.  Once in possession of the victims' account information, the subject logged onto the Internet and assumed the identity of one or more of his 800 victims.  The subject made use of the ISP's shopping feature to scour the Internet in search of high-end electronic equipment.  This equipment was purchased and billed directly to his victims’ credit card accounts which were already on file with the ISP.  The merchandise, valued at over $70,000.00, was shipped to the subject and his associates.

Investigation determined the identities of 70 different victims were utilized to fraudulently purchase merchandise via this criminal scheme.  The Federal Bureau of Investigation and the United States Postal Inspection Service participated in this investigation. 

International Initiatives

Numerous on-line complaints have been filed with the Internet Crime Complaint Center (IC3), wherein the alleged perpetrator(s) reside abroad.  After analyzing the complaints and identifying the country from which the offense originated, the IC3, in coordination with the Federal Bureau of Investigation’s (FBI) Legal Attaché (Legat) program, forwarded numerous Internet Investigative Reports to those FBI agents assigned abroad.

In response to those IC3 complaints, Legat Lagos (Nigeria) provided details of the perpetrators’ various on-line fraudulent activities to their counterparts at the newly created Nigerian Economic and Financial Fraud Commission (EFCC).  One of EFCC missions is to “Contribute to the Global war against financial crimes.”

As a result of the joint efforts between the FBI and law enforcement officers in Nigeria, to date, FBI Lagos has assisted in the recovery of over $100,000 in merchandise that was fraudulently obtained on-line and has recovered 2.1 million dollars in fraudulent cashier’s checks.

Additionally, FBI Lagos is currently providing investigative assistance to the EFCC regarding a recent recovery of numerous fraudulent bank documents and checks.   So far this investigation has identified six subjects in Lagos and two victims in the United States.  The subjects in Nigeria have been arrested and the FBI is attempting to locate and interview the victims in the United States.        

Internet Investment Fraud

An Internet Investment Company founded and established an on-line website at www.EE‑BIZ VENTURES.COM (EBV).  EBV claimed to be a Christian‑based humanitarian organization that helped individuals improve their financial situation.  EBV solicited individuals, via the Internet and Internet chat rooms, to invest money with promises of a 100 percent return in three to four days.  Investors, known as participants, were led to believe EBV was able to make such large investment returns due to overseas investments and day trading, when in fact, no such investments were made by EBV.  Participants were required to set up an E‑GOLD account and transfer funds from their E‑GOLD account to various EBV, E‑GOLD accounts.  Participants invested in $20.00, $50.00 and $125.00 increments with a maximum daily investment total not to exceed $5,000.00.  26,000 victims located throughout the world lost a total of 50 million dollars as a result of the fraud.  Seven subjects have been identified and two subjects have already pled guilty.

This investigation was conducted by the Federal Bureau of Investigation, the Postal Inspection Service and the Security Exchange Commission. 

Identity Theft

The subjects in this investigation obtained victims’ identity information by stealing U.S. mail from victims’ mailboxes, vehicles, and homes. The subjects then created credit card accounts and forged checks utilizing the stolen identities. To aid their scheme, the subjects used computers to create checks and fraudulent Department of Motor Vehicle, U.S. Military, and business identity cards for the stolen identities. These false identity cards were then used to cash the forged checks and purchase goods with the fraudulent credit card in local stores and over the Internet.

This scheme affected more than 200 victims with an estimated loss expected to exceed $100,000. Twenty-one subjects were indicted on October 31, 2003.

This case is being prosecuted by the San Diego District Attorney’s Office. The law enforcement agencies involved in this investigation include: San Diego Cyber Crime Task Force, Chula Vista Police Department, USPIS, Social Security Administration, California Department of Motor Vehicles, US Naval CID, B-ICE and FBI San Diego.

Intrusion/Extortion

The Washington Post obtained information that Forensic Tec Solutions, a computer security consulting company, illegally entered confidential government and business computers. The consultants purportedly entered these systems to notify victims of system vulnerability problems, gain exposure/publicity and subsequently offered to protect the systems for a fee. Investigation has confirmed that computers located on military installations, government facilities, and 70 civilian businesses, to include law and medical offices, were illegally accessed by employees of Forensic Tec Solutions.

Law enforcement personnel from the San Diego Regional Computer Forensics Laboratory, the FBI, Army Criminal Investigative Command's Computer Crime Investigative Unit, and NASA Inspector General's Office executed a federal search warrant and analyzed the evidence. Brett O’Keeffe, the former president of Forensic Tec Solutions, was recently indicted for unauthorized access to protected computers and arrested.

The following agencies are involved in this investigation: NASA's Inspector General's Office, Army Criminal Investigative Command's Computer Crime Unit, Department of Energy Inspector General's Office, Defense Criminal Investigative Service, Naval Criminal Investigative Service, the US Attorney’s Office-Southern District of California, and FBI San Diego.

MSBlaster

This investigation was initiated in response to the illegal release of the Internet worm known as MSBlaster.  As a result of this worm’s release, Microsoft experienced a successful distributed denial of service attack (DDoS) on their Internet website, Microsoft.com.  This DDoS attack caused the Microsoft website to be shutdown for approximately four hours.  Upon notification from Microsoft to the Northwest Cyber Task Force (NWCTF) that possible information regarding the source of the worm had been detected, the NWCTF, together with the United States Secret Service (USSS) and FBI agents from San Diego, Minneapolis, Boston, Seattle, Dallas and Raleigh, coordinated this complex investigation and seized vital computer evidence.  Two search warrants were executed which resulted in the recovery of digital data.  Analysis of the recovered data assisted in the ultimate identification and arrest of the two responsible subjects.  The potential loss due to the MSBlaster worm is estimated at over $10 million dollars. 

The NWCTF is composed of investigators from the USSS, the FBI, the IRS, the Washington State Patrol, and the Seattle Police Department.

On-line Death Threats

During July 2003, subject Charles Booher, sent numerous email and telephonic death threats to an individual residing in Canada.  Booher thought this individual was responsible for sending him spam email.  The threatening messages sent by Booher were very explicit and graphic threatening to kill or maim the victim, as well as any employee at the victim's company.  The Internet Service Provider (ISP) made numerous attempts to get him to stop, but he continued until his account was terminated.  The Sunnyvale Department of Public Safety also made contact with Booher in hopes of getting him to stop, but he continued making almost daily death threats to the victim.  Charles Booher was indicted on four counts of “Sending Interstate Threatening Communications”, November 18, 2003.

Auction Fraud (Non-Delivery of Merchandise)

In October 2003, the Boone County Kentucky Sheriff’s Department initiated a fraud investigation into the activities of Michael D. Hoffert of Florence, Kentucky.  The investigation was opened based on complaints from victims who made bids on items posted at Internet auction sites and were then subsequently contacted by Hoffert, offering to sell the same item for less than the current bid.  Hoffert would arrange for the victim to send him money via wire transfer, or money orders for the item, which ranged from computer equipment to high end electronics, and upon receipt of the funds, would break contact and not deliver the item. 

The Internet Fraud Complaint Center was instrumental in identifying victims of this scheme, which increased the loss figure to over $7,000.00.

On October 31, 2003, the Boone County Sheriff’s Department executed a search warrant at Hoffert’s residence in Florence, Kentucky, which resulted in the seizure of computers, and other items deemed to be of evidentiary value.

On November 7, 2003, Boone County District Court Judge Michael Collins issued an arrest warrant for Michael D. Hoffert for eight counts of Theft by Deception. On November 9, 2003, Hoffert was arrested by the Warren County Ohio Sheriff’s Department, and is currently lodged in the Warren County Ohio Jail, awaiting extradition to Boone County, Kentucky.

The following agencies participated in this investigation:  Boone County Sheriff’s Department, Warren County Ohio Sheriff Department, and City of Florence Kentucky Police.

Lowe’s Corporation – Intrusion Matter

Lowe’s Corporation Network Security and System Administration personnel detected intrusions into their company’s computer network and notified FBI Charlotte via the InfraGard representative.  Subjects gained unauthorized access to Lowe’s network in an attempt to obtain credit card transaction data. A subsequent intrusion on October 25, 2003, was detected at the Southfield, Michigan Lowe’s store. In response, a 24-hour surveillance of the Southfield Lowe’s store was initiated by local and federal law enforcement agencies, FBI Charlotte manned 24-hour shifts at Lowe’s Corporation Headquarters, and personnel from the FBI Electronic Research Facility (ERF) traveled from Quantico, Virginia, and installed specialized equipment to capture network traffic data at the Southfield Lowe’s store.

On November 9, 2003, two search warrants were executed by FBI Detroit and subjects Adam W. Botbyl and Paul G. Timmons were arrested. During the search, approximately 25 computers, network micro cells, telnet servers, and telephone diagnostic tools were seized. Botbyl and Timmons were charged with violating Title 18, USC, Section 1030 (a)(5)(A)(i), “knowingly causing the transmission of a program, information, code and command, and, as a result of such conduct, intentionally caused damage, without authorization, to a protected computer.”

Although the subjects were skilled enough to gain initial access to Lowe’s network, a swift and coordinated response by Lowe’s personnel and law enforcement resulted in the apprehension of the subjects, denial of unauthorized access to credit card data and prevention of serious damage to the network. The estimated costs related to investigate the intrusion and secure the network have not yet been determined.

The following law enforcement agencies participated in this investigation: Waterford Township Police Department, Bloomfield Hills Police Department, Southfield Police Department, Allen Park Police Department, Ottawa Sheriff’s Department, Macomb County Sheriff's Department, FBI Charlotte, and FBI Detroit.

Chicago Re-Shipper/Counterfeit Check Scam

This matter was initiated by the Lansing, Illinois Police Department, upon being notified by several industry participants of the Merchants Risk Council (MRC), that a suspect address in Lansing, Illinois was being used to receive and re-ship numerous packages of miss-appropriated merchandise.  Lansing PD requested the assistance of the U.S Postal Inspection Service in this matter.   Joint investigation determined that the subject was actually using four separate addresses to facilitate the scheme.   Subject was identified as a Nigerian national living in Illinois.  Subject was arrested, and through a search and surveillance conducted incident to that arrest, approximately $100,000 in counterfeit checks were recovered, as well as merchandise and invoices from forty two separate merchants, reflecting losses of more than $70,000. 

Subject, who continues to cooperate pursuant to arrest, has provided details regarding both the substantial re-shipper scheme, as well as the expanded scheme to enlist additional participants, who would ultimately become victims, upon learning that the payments they received were counterfeit cashiers checks.   Typically, these additional participants/victims are asked to assist the subject, either in a re-shipment of merchandise, or in handling a payment from a third party, that the subject is not capable of handling.   Due in part to the quality of the counterfeiting, checks were not determined to be bogus for several days after being deposited into the victims account.  By that time, the victim, believing the check to be authentic, had already deducted his/her profit, and forwarded the remainder (via wire transfer/Western Union) to subject overseas.

Romanian Internet Fraud Investigation

The Romanian General Directorate for Combating Organized Crime (DGCCOA), in cooperation with the United States Secret Service, arrested a subject in Alba Julia, Romania, who was responsible for a large scale "Phishing" scheme resulting in nearly $500,000 in on-line losses. 

The subject forwarded spoofed emails resembling an actual auction web page to the attention of bidders who were not successful in an online auction. On this spoofed page, the subject advised victims of the availability of a similar item for a better price. Upon visiting the "sale" page, victims were asked for personal information including their name, bank account numbers and passwords. The victims were then advised that they "won" the spoofed auction and agreed to send money to the subject through a spoofed escrow site created by the subject.

This investigation had a positive impact in protecting American citizens against on-line fraud emanating from abroad.

SPAM

Allan Eric Carlson was charged with "hacking" into computers around the country.   Subsequent to the initial illegal intrusions, Carlson hijacked or "spoofed" return e-mail addresses of reporters at the Philadelphia Inquirer, the Philadelphia Daily News, and the Philadelphia Phillies.  Carlson used these accounts to launch spam e-mail attacks.  Carlson was also charged with identity theft. This case marks the first use of an identity theft statute against an e-mail spammer.  Carlson faces a maximum possible sentence of 471 years imprisonment, $117,250,000 in fines and a special assessment of $7,800.

This case was investigated by the Federal Bureau of Investigation.

FTC Consumer Alert

How Not to Get Hooked by a “Phishing” Scam

Internet scammers casting about for people’s financial information have a new way to lure unsuspecting victims: They go”phishing.”  Phishing, also called “carding,” is a high-tech scam that uses spam to deceive consumers into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information.

According to the Federal Trade Commission (FTC), the emails pretend to be from businesses the potential victims deal with - for example, their Internet service provider (ISP), online payment service or bank. The fraudsters tell recipients that they need to “update” or “validate” their billing information to keep their accounts active, and direct them to a “look-alike” Web site of the legitimate business, further tricking consumers into thinking they are responding to a bona fide request. Unknowingly, consumers submit their financial information - not to the businesses - but the scammers, who use it to order goods and services and obtain credit.

To avoid getting caught by one of these scams, the FTC, the nation’s consumer protection agency, offers this guidance:

Ø      If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm you’re billing information, do not reply or click on the link in the email.  Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.

Ø      Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during transmission.

Ø      Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

Ø      Report suspicious activity to the FTC. Send the actual spam to uce@ftc.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov, and then visit the FTC’s Identity Theft Web site

(www.ftc.gov/idtheft) to learn how to minimize your risk of damage from identity theft. 

Ø      Visit www.ftc.gov/spam to learn other ways to avoid email scams and deal with deceptive spam.

The Federal Trade Commission works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers’ spot, stop, and avoid them. To file a complaint or to get free information on consumer issues visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

The Federal Trade Commission has final Federal Court Orders in the following cases:

Agencies Participating in the Cyber Sweep Initiative Include:

Statement by Robert Holleyman

President and CEO, Business Software Alliance

The Business Software Alliance (BSA), an industry watchdog for the software industry, applauds the recent action taken by the FBI in Operation Cyber Sweep.  

BSA has seen an increase in law enforcement activity aimed at combating criminal software piracy on the Internet.  We commend the FBI for its leadership and initiative in addressing the serious threat of software piracy.  Globally, piracy impacts software publishers and consumers and costs the industry nearly $12 billion worldwide annually.

We hope that law enforcement agencies’ increased attention to this problem will send the message that piracy is often a crime that can result in very serious consequences.  BSA hopes that if the consequences of engaging in copyright infringement over the Internet continue to become known, there will be less of a need for future criminal prosecutions.

The Business Software Alliance (www.bsa.org) is the foremost organization dedicated to promoting a safe and legal digital world.  BSA is the voice of the world's commercial software industry before governments and in the international marketplace. Its members represent one of the fastest growing industries in the world.   BSA educates consumers on software management and copyright protection, cyber security, trade, e-commerce and other Internet-related issues.  BSA members include Adobe, Apple, Autodesk, Avid, Bentley Systems, Borland, CNC Software/Mastercam, Internet Security Systems, Macromedia, Microsoft, Network Associates and Symantec.

November 20, 2003

Director Robert Mueller:

The Merchant Risk Council is pleased to continue working with Law Enforcement and we are very pleased to establish formal partnerships with the Internet Fraud Complaint Center, FBI, U.S. Postal Inspection Service and other areas of law enforcement. 

Through collaboration with law enforcement we firmly believe our organization is helping ensure that on-line shopping continues to be safe and profitable for both consumers and merchants. 

Julie Fergerson

Co-Chair, Merchant Risk Council

512-977-5525

About the Merchant Risk Council

The Merchant Risk Council (formerly known as the Merchant Fraud Squad) is a not-for-profit organization founded in September 2000. It provides education about fraud prevention techniques and encourages businesses selling online to adopt best practices and anti-fraud technologies. The Council’s merchant focus distinguishes this group from others that are trying to combat this problem.

To learn more about the Council and sign up to join, visit www.merchantriskcouncil.org.

eBay Inc.
2145 Hamilton Avenue
San Jose, CA  95125

November 12, 2003

Robert S. Mueller, III

Director

Federal Bureau of Investigation

Dear Director Mueller:

I am writing on behalf of the Trust and Safety Team at eBay, as well as our more than

eighty-five million registered users, to thank you for the Federal Bureau of

Investigation’s ongoing commitment to fighting cybercrime and to applaud your

announcement of Operation CyberSweep.

As you know from our long partnership with the Bureau and the Internet Fraud

Complaint Center, we at eBay take even the smallest Internet fraud case seriously and are

committed to partnering with government to track down and fight against such criminal

conduct.  We believe that Government-Industry partnerships are critical to the continued

development and success of electronic commerce and we greatly appreciate IFCC’s

ongoing commitment to the partnerships.  We have enjoyed working closely with all of the agents and analysts at IFCC during the investigative stages of Operation CyberSweep,

and we look forward to following closely your continued success during the arrests and

prosecutions of those responsible for these crimes.

Thank you again for making these cases a priority and for going to such great lengths to

protect our community of users.

Statement of Ken A. Wasch, President,

Software & Information Industry Association

WASHINGTON, D.C. – Nov. 14, 2003 – “The Software & Information Industry Association (SIIA) commends the efforts of the Attorney General, the Department of Justice, CCIPS, FBI as well as the Bureau of Immigration and Customs Enforcement in their steps to help combat the increasing problem of online piracy through effective educational and enforcement programs and initiatives.  The Department of Justice’s increased involvement in this war against theft of digital code and content that is exemplified through today’s announcement is both much needed and appreciated.”

“Piracy has become a subculture of criminal activity where criminals believe that the malicious act of digital piracy is a victimless crime that has no punishment.  SIIA believes it is essential to send a clear message to digital pirates that stealing copyrighted works is not only wrong but could result in stiff penalties and even jail time.  The action announced today – in conjunction with prior enforcement activities – goes a long way toward that goal.” 

“SIIA will continue to work closely with law enforcement to actively change the notion that piracy does have victims and that it will carry with it grave consequences.”

About SIIA
The Software & Information Industry Association (SIIA) is the principal trade association for the software and digital content industry. SIIA provides global services in government relations, business development, corporate education and intellectual property protection to more than 600 leading software and information companies. For further information, visit http://www.siia.net.

# # # #

Contact: James Kim 202 289 7442, ext. 1362