Cracking down on large-scale hackers, thieves
- By William Jackson
- Nov 12, 2007
In a pair of apparently unrelated investigations, state and federal prosecutors have filed charges in the last week against alleged hackers accused of millions of dollars in identification thefts and credit card fraud.
The cases involve networks of hundreds of thousands of compromised computers to steal information, and a sophisticated online network for the sale of stolen information and laundering the proceeds through digital currencies.
In New York, Manhattan District Attorney Robert M. Morgenthau announced indictments Nov. 7 against 17 persons and one company, Western Express International, on charges of enterprise corruption and multiple other felony counts. The charges are the result of a two-year investigation by New York, California and federal authorities that uncovered a multinational network dedicated to trafficking in stolen credit card numbers and other personal identifiers.
The indictments mark the second phase of the investigation. Charges were filed last year against some of the same defendants in an illegal check-cashing scheme and two of the defendants in the current case already are serving time on those charges.
Federal prosecutors in Los Angeles on Friday announced charges against a 26-year-old computer consultant who has agreed to plead guilty to four felony counts. John Schiefer was charged with accessing protected computers for fraud, disclosing illegally intercepted communications, and wire and bank fraud.
The cases come while several federal computer crime bills are pending in Congress. Information technology business and industry associations have said the legislation is needed because cybercriminals are using new technologies such as botnets ' networks of compromised computers used to spread malicious code and harvest sensitive data ' that are not addressed under existing laws. But federal prosecutors used existing laws to prosecute a bot herder in the California case.
'It is the first time in the nation that someone has been charged under the federal wiretap statute for conduct related to botnets,' the Justice Department said in announcing the Schiefer plea agreement.
The department said that Schiefer has admitted to installing malware on as many as 250,000 computers to steal sensitive information and to defraud a Dutch advertising company. The software would capture traffic to online transaction sites such as Paypal, and that material was mined for user names and passwords. This information then would be sold or used to illegally access accounts.
In the advertising fraud, Schiefer was hired as a consultant to a Dutch company to install advertising software on computers with the owners' consent. Instead he collected more than $19,000 by uploading the software to compromised computers in his network.
Schiefer is scheduled to be arraigned Dec. 3. Once he pleads guilty he will face a maximum sentence of 60 years in prison and a fine of $1.75 million.
The New York case was lead by the Manhattan DA's identity theft unit with the help of the Secret Service and has produced 173 felony counts covering a period from 2001 to 2007. The defendants are accused of cooperating through a variety of Web sites to buy and sell stolen personal identification. Western Express allegedly acted as a service provider for the transactions and laundered money.
The defendants allegedly used anonymous instant messaging, e-mail and online cash accounts to conduct business secretly. According to the DA's office, Western Express moved more than $35 million through various bank accounts and used digital currency such as Egold and Webmoney for the deals.
'The Western Express Cybercrime Group is responsible for over $4 million worth of identified credit card fraud and trafficked in well over 95,000 stolen credit card numbers,' the DA's office said.
Nine of the New York defendants have been arraigned and two are in custody in other states on unrelated charges. Six remain at large.
William Jackson is a Maryland-based freelance writer.