December 08, 2006
Operation Cyberstorm Convictions
The U.S. Attorney's Office for the Northern District of California announced the conviction of three defendants for defrauding Microsoft by purchasing software from the company at the academic discount rate and then reselling it in violation of their agreement with the company. According to a press release (here):
Mirza Ali, 59 and Sameena Ali, 52, of Fremont, the former owners of Samtech Research Inc., were convicted on 30 counts of conspiracy, mail fraud, wire fraud, and money laundering. Keith Griffen, 55, of Oregon City, Oregon, was convicted on nine counts of conspiracy, mail fraud and wire fraud. According to the evidence, from January 1997 through January 2001, the Alis and Mr. Griffen formed several nominee corporations and purchased existing corporations holding Microsoft licensing agreements for the purpose of participating in Microsoft’s Authorized Education Reseller (AER) program, a program that provides Microsoft software at steeply discounted prices for resale to academic institutions only.
In 1996, after the Alis were audited by Microsoft and removed from the AER program for failure to comply with the terms of the licensing agreement, the Alis formed new corporations in the names of others to disguise their identity from Microsoft and reenter the AER program. In 1999, when Microsoft stopped accepting AER applications from new corporations, the Alis and Mr. Griffen, in the names of others, bought small companies throughout the United States that held Microsoft AER licensing agreements and thereafter continued to purchase academic software products. Using these nominee entities, the Alis and their co-conspirators purchased more than $29 million worth of AER software from Microsoft and sold this software to non-academic entities, in violation of the Microsoft agreement. The Alis were also convicted of laundering the proceeds of this scheme, including purchasing real property in the name of their college age son and wiring more than $300,000 of the proceeds from the illegal sales of the Microsoft educational software to Pakistan.
Microsoft estimates that it lost over $60 million from the the defendants' scheme. “Operation Cyberstorm” is an undercover operation to investigate software piracy. (ph)
December 07, 2006
Mortgage Fraud & Other Topics Highlight the Seminar
The Evolution of Crime in the 21st Century conference of the Continuing Legal Education of Georgia had some fascinating programs yesterday. Ken Morris and Jake Waldrop of the Federal Public Defender's Office gave a superb overview of Computer Forensics and Internet Based Sex Crimes at the Federal Level. They discussed "what a lawyer needs to know about electronic evidence," computer forensics like acquisition ("usually when law enforcement makes the biggest mistakes"), and common myths related to technology (e.g., "delete means delete").
Another program that caught my eye was Mortgage Fraud: A Modern Crime Wave. As the Circuit is where the McFarland case rests ( 30 year sentence to an attorney who is a first offender) (see post here), it was interesting to hear the take of players in this area of the law. The panel consisted of AUSA Barbara Nelson, David McLaughlin - an Asst. AG in Georgia, Daniel Griffin (Miller & Martin); and Holly A. Pierson (NelsonMullins). Paul Kish, the moderator of this panel, and co-chair of the program, asked some very telling questions. Two major cases are in the pipeline here and they will clearly be cases to watch. One question raised among the group was whether jurors understand this type of fraud case. Do they get bogged down with the documentation and recall just being in the room when they too signed mortgage papers without really reading them? Or, is it that the public is tired of their community taxes going up or property values going down because of mortgage failures in the community, and are thus ready to convict for these types of crimes. One thing is for certain --- taking the risk of trial can result in an astronomically high sentence because of the existing federal sentencing scheme being used.
November 22, 2006
A fascinating story in the Wall Street Journal titled, "To Catch Crooks in Cyberspace, FBI Goes Global" discusses the cooperation that the U.S. has provided to other countries in the investigation of international cybercrime. Without doubt, cybercrime poses unusual problems in that it crosses borders by a mere keystroke. What becomes problematic is when the U.S. decides to prosecute the conduct merely because it affects this country. The Wall Street Jrl. article puts a good face on the U.S. prosecution in that it describes the U.S. providing assistance to other countries in the investigative stage, with other countries then proceeding with the prosecution.
November 11, 2006
Beware the Former IT Director
The U.S. Attorney's Office for the Southern District of Florida announced (here) the indictment of Joseph H. Shook for violating the computer crime statute, 18 U.S.C. Sec. 1030, for allegedly hacking into the computer system of his former employer. Shook had been the Director of Information Technology for Muvico, which operates movie theaters, primarily in Florida. He was laid off from his position in February 2006. On May 5, 2006, the day Mission: Impossible III premiered, Muvico's computers suddenly stopped taking on-line ticket orders, and the theaters at six of its largest complexes could not process credit card payments for tickets, forcing the theaters to accept only cash. The company estimated that the computer problem caused it to lose at least $100,000 in sales. A few months after the problem, the government seized a wireless access device from Shook that had the same Media Access Control (MAC) address as the computer that accessed Muvico's system on May 5 and blocked electronic payments. The indictment (here) notes that the only way to tap into the Muvico's computer system through the wireless device is to be inside its headquarters building or within five hundred feet of it. Whoever hacked into the system literally may have been hiding in the bushes when the computer access occurred. As the IT director responsible for implementing Muvico's computer security measures, Shook would probably know how to get around them. It is interesting how the government used the information from the company's computers to track how the system was accessed, showing again that even in cyberspace it is very hard to hide. (ph)
November 02, 2006
Do You Trust Your Employer With Identifying Information?
It is common to hear of individuals in companies stealing information, or outsiders to a business obtaining confidential information. These are the typical prosecutions for identity theft. But could it happen that the one charged with compromising the information might be your boss? The Atlanta Jrl Constitution has a story here about a CEO of a computer company who has been accused of stealing employee's identities.
October 24, 2006
Pleas in Coke Case
With increased technology, we will probably be seeing more and more cases involving the misuse and criminal conduct related to information. So it is not surprising to see a prosecution related to trade secrets.
Michael Kanell of the Atlanta Jrl Constitution reports here that two individuals plead guilty to conspiracy in a case involving trade secrets at Coca Cola. And of all places to go with the alleged trade secrets - Pepsi. (Although there is no mention of Former Deputy Attorney General Larry Thompson here, it is interesting to note that he is General Counsel at PepsiCo) According to the DOJ press release the investigation started when Pepsi reported receipt of a letter offering the alleged secrets to Coca Cola and Coca Cola contacted the FBI.
Although sentencing remains to be seen on these two, a third individual who is also charged did not enter a plea. One has to wonder whether there will be cooperation with the DOJ to reduce their sentence. Clearly accepting responsibility should serve to mitigate the sentence of the cooperating defendants. The accused were represented by Atlanta attorneys Don Samuel & Anna Blitz.
October 14, 2006
Port Security to Internet Gambling
President Bush signed into law the Security and Accountability For Every Port Act of 2006, or the "SAFE Port Act" stating that "[t]he Act strengthens the Government's ability to protect the Nation's seaports and maritime commerce from attack by terrorists." (see here) But the add-on to this Act is what is focused on here, that being the Unlawful Internet Gambling Enforcement Act.
The new law basically outlaws some online gambling. But it is controversial to say the least. (see Washington Post here). The ramifications of this prohibition are far reaching with the LATimes (AP) reporting that the companies of Sportingbet and Leisure & Gaming have decided to leave the US business. (see here) This will certainly assist the government in its recent move to crackdown on online gambling (see here). The statute can be found here.
October 08, 2006
Identity Theft Indictments in Operation French Fry
One of the top problems of the day in the white collar crime arena is identity theft. Debra Wong Yang, the USA for the Central District of California is confronting this problem directly with indictments and prosecutions. According to a press release from her office, here, the "Orange County Identity Theft Task Force has charged nearly four dozen [alleged] identity thieves who [allegedly] targeted the mails, banks, mortgage companies, stores and other sources to steal checks, credit cards and information that were used to cause millions of dollars in losses." The name of the task force's operation to "dismantle[ ] a credit card 'skimming' ring" is "called Operation French Fry."
September 25, 2006
HIPAA Enforcement & Identity Theft
A recent indictment in Florida presents a novel prosecution theory - state identity theft becomes a HIPAA violation. The Indictment charges conspiracy and computer fraud, but also adds a count of wrongful disclosure of identifiable health information. Information is allegedly compromised by a medical clinic's employee who steals patient information and then allegedly sells this information. As opposed to proceeding with a state theft charge, the government decides to proceed with a federal prosecution, because after all - if the allegations are accurate - the information is covered under HIPAA.
The Indictment can be found here.
August 27, 2006
Computer Hacker Gets Three Years
A computer hacker who launched a "botnet" into the system was given a sentence of three years. (See Seattle Times here; Yahoo News here). The government asked for six years. According to Yahoo news, the computer attack "hit tens of thousands of computers" including a hospital. He plead guilty to "one count of conspiracy to intentionally damage a protected computer and one count of intentional computer damage that interferes with medical treatment." His co-conspirators were juveniles.
August 12, 2006
Five Doctors Indicted in Georgia For Internet Drug Prescriptions
Five doctors and two others were Indicted in the Northern District of Georgia. According to a press release of the U.S. Attorney for the Northern District of Georgia here, two of the individuals were owners of a business that is:
"based in Marietta, Georgia. These business sought customers who would request specific controlled substances and prescription drugs. The businesses forwarded these requests to doctors who would click electronic prescriptions causing the drugs to be sent to the customers. The doctors allegedly never met the customers, nor would they typically even speak to the customers over the telephone. Thus, customers were able to obtain controlled substances and prescription drugs without any genuine medical need and outside of a legitimate doctor-patient relationship."
August 05, 2006
Senate Ratifies Cybercrime Treaty
The United States Senate ratified the Council of Europe's Cybercrime Treaty. In a statement issued by Attorney General Gonzalez he states:
" The Cybercrime Convention - the first of its kind - will be a key tool for the United States in fighting global, information-age crime. This treaty provides important tools in the battles against terrorism, attacks on computer networks, and the sexual exploitation of children over the Internet, by strengthening U.S. cooperation with foreign countries in obtaining electronic evidence. The Convention is in full accord with all U.S. constitutional protections, such as free speech and other civil liberties, and will require no change to U.S. laws. I congratulate and thank the Senate for its advice and consent, and look forward to having the United States become a party to the convention at the earliest opportunity."
The Convention itself can he found here. One of the fascinating provisions in the Convention is the jurisdiction provision which provides:
"1 Each Party shall adopt such legislative and other measures as may be necessary to establish jurisdiction over any offence established in accordance with Articles 2 through 11 of this Convention, when the offence is committed:
a in its territory; or
b on board a ship flying the flag of that Party; or
c on board an aircraft registered under the laws of that Party; or
d by one of its nationals, if the offence is punishable under criminal law where it was committed or if the offence is committed outside the territorial jurisdiction of any State.
2 Each Party may reserve the right not to apply or to apply only in specific cases or conditions the jurisdiction rules laid down in paragraphs 1.b through 1.d of this article or any part thereof.
3 Each Party shall adopt such measures as may be necessary to establish jurisdiction over the offences referred to in Article 24, paragraph 1, of this Convention, in cases where an alleged offender is present in its territory and it does not extradite him or her to another Party, solely on the basis of his or her nationality, after a request for extradition.
4 This Convention does not exclude any criminal jurisdiction exercised by a Party in accordance with its domestic law.
5 When more than one Party claims jurisdiction over an alleged offence established in accordance with this Convention, the Parties involved shall, where appropriate, consult with a view to determining the most appropriate jurisdiction for prosecution."
August 04, 2006
Former Bowne Exec Pleads
We reported on Robert Johnson, the former CEO of financial information and document management firm Bowne & Co., and also a former publisher of Newsday and member of the New York Board of Regents, here regarding charges of child pornography and obstruction of justice. Yesterday he plead guilty to these charges (see Wall St. Jrl here) (see AP here).
August 02, 2006
BetOnSports Pleads Not Guilty
July 17, 2006
DOJ Cracks Down on Online Gambling
The DOJ is cracking down on online gambling as seen by the unsealing of an indictment that had been issued by a federal grand jury in the Eastern District of Missouri. The "22-count indictment charg[es] 11 individuals and four corporations on various charges of racketeering, conspiracy and fraud." (see DOJ Press Release here; see also Wall Street Journal here) The Press Release states:
"The indictment alleges that Gary Kaplan started his gambling enterprise via operation of a sportsbook in New York City in the early 1990s. After Kaplan was arrested on New York state gambling charges in May 1993, Kaplan moved his betting operation to Florida and eventually offshore to Costa Rica. According to the indictment, BetonSports.com, the most visible outgrowth of Kaplan’s sports bookmaking enterprise, misleadingly advertised itself as the “World’s Largest Legal and Licensed Sportsbook.” The indictment also alleges that Kaplan failed to pay federal wagering excise taxes on more than $3.3 billion in wagers taken from the United States and seeks forfeiture of $4.5 billion from Kaplan and his co-defendants, as well as various properties.
"The indictment alleges that Gary Kaplan and Norman Steinberg, as the owners and operators of Millennium Sportsbook, Gibraltar Sportsbook, and North American Sports Association, took or caused their employees to take bets from undercover federal agents in St. Louis who used undercover identities to open wagering accounts. The indictment also alleges that Kaplan and Mobile Promotions illegally transported equipment used to place bets and transmit wagering information across state lines and that DME Global Marketing and Fulfillment shipped equipment to Costa Rica from Florida for BetonSports.com."
This indictment raises a host of questions including questions on the criminality of the alleged activities, the appropriate jurisdictional base for prosecution of these alleged activities, and the credibility of witnesses who obtained their evidence via an undercover operation (a jury might be very accepting of undercover evidence when the activities involve drugs or fraud; but will they be as accepting for conduct related to gambling?). For an interesting discussion on whether online gambling should be illegal see the Wall Street Journal discussion here between Rep Jim Leach (Iowa) and David Carruthers, Chief Executive of BetOnSports Plc (both Carruthers and BetOnSports were charged in this indictment). It is interesting to see that this case comes out of the Eastern District of Missouri. With alleged online gambling, could other jurisdictions in the United States have investigated and prosecuted this case? Is the selection of this venue another example of prosecutorial discretion?
July 10, 2006
How Safe is Your Computer?
So, according to the Washington Post here, the government hires a computer consultant.
And the computer consultant breaks into the government computer.
And data on the government computer is compromised. And this includes FBI data such at the classified documents and the password of the Director of the FBI.
And the program used to do this was on the Internet.
So, the question is - how safe is your computer if this can happen to the head of the FBI's computer?
June 08, 2006
Latest Telephone Scam: Selling Someone Else's VOIP Calls
I won't pretend that I have any more than the faintest idea how Voice Over Internet Protocol (VOIP) telephone service works, or why Vonage's IPO has done so poorly. But anything that involves the internet as a key component means that it is possible to engage in fraudulent conduct. The U.S. Attorney's Office for the District of New Jersey arrested the owner of two Miami-based companies on a criminal complaint (here) charging wire and computer fraud for selling deep-discounted VOIP calling plans to businesses by having a hacker route the calls through another company that had to pay the freight for over 500,000 calls made through its network. A press release (here) issued by the USAO states:
A Miami man who purported to be a legitimate wholesaler of Internet-based phone services was arrested today for allegedly running a sophisticated fraud, by secretly hacking into the computer networks of unsuspecting Voice Over Internet Protocol (VOIP) telephone service providers, including one Newark-based company, to route his customers’ calls . . .
Through his scheme, defendant Edwin Andres Pena, is alleged to have sold more than 10 million minutes of Internet phone service to telecom businesses at deeply discounted rates. The victimized Newark-based company, which transmits VOIP services for other telecom businesses, was billed for more than 500,000 unauthorized telephone calls routed through its calling network that were “sold” to the defendant’s unwitting customers at those deeply discounted rates, according to a criminal Complaint unsealed with Pena’s arrest . . .
As a result of not having to pay the Newark-based company or other actual VOIP providers, revenues for Pena’s telecom companies – Fortes Telecom, Inc. and Miami Tech & Consulting, Inc. – were virtually all profit. The Complaint states that law enforcement was able to identify more than $1 million he received from his telecom business customers that were directed into various bank accounts connected to Pena.
To disguise the money obtained from the hacking scheme, Pena purchased real estate, new cars, and a 40-foot motor boat, and put all of that property except for one car in the name of another individual identified in the complaint only as A.G.
A separate criminal complaint (here) was filed against Robert Moore for his role as the computer hacker who obtained access to the network of another provider that permitted Pena to sell the VOIP plans without having to pay for the calls. (ph)
May 20, 2006
Internet Music Piracy Sentencing
With so many high-profile white collar indictments and trials, the ones that don't make the front page can sometimes be lost. Yet, in the white collar world, internet crimes and particularly internet piracy remain hot topics.
The first indictments from Operation Fastlink came in July 2005 (see here) and now we are seeing the pleas and sentencing of some. (see here) According to a DOJ Press release, the "first members of pre-release music piracy groups from Operation FastLink were sentenced . . . for their involvement with Internet music piracy groups." Although one individual had previously received a sentence of "15 months in prison," the new sentences were "six months in prison/six months home confinement" and "six months home confinement."
The DOJ press release states that:
"These are the first federal criminal sentences for members of pre-release music groups from Operation FastLink, an ongoing federal crackdown against the organized piracy groups responsible for most of the initial illegal distribution of copyrighted movies, software, games and music on the Internet. Operation FastLink has resulted, to date, more than 120 search warrants executed in 12 countries; the confiscation of hundreds of computers and illegal online distribution hubs; and the removal of more than $50 million worth of illegally-copied copyrighted software, games, movies and music from illicit distribution channels. As of today, Operation FastLink has yielded felony convictions for 30 individuals."
February 19, 2006
Is Any Computer Really Safe?
The Washington Post provides an indepth story of recent computer issues here. The article, titled "The Invasion of Computer Snatchers," looks at whether "botnets" are shaking down companies to purchase protection from computer activities that might hurt their business. The article also examines the far-reaching activities of some botnets and the problems faced by businesses who have had to contend with Phishing and unwanted spam. It is clear in reading this article that law enforcement is far behind the new technology crimes. Once law enforcement does move to arrest and prosecute individuals who may be committing computer crimes, the interesting aspect will be whether 18 U.S.C. sec. 1030, the computer crimes statute, will prove sufficient ti handle new developing technology crimes.
January 20, 2006
FBI Releases Its 2005 Computer Crime Survey
The FBI released its 2005 Computer Crime Survey on Jan. 18, 2006 (here). The Survey compiles the responses form over 2000 public and private organizations in four states, and contains the following "key findings":
- Frequency of attacks. Nearly nine out of 10 organizations experienced computer security incidents in a year's time; 20% of them indicated they had experienced 20 or more attacks.
- Types of attacks. Viruses (83.7%) and spyware (79.5%) headed the list. More than one in five organizations said they experienced port scans and network or data sabotage.
- Financial impact. Over 64% of the respondents incurred a loss. Viruses and worms cost the most, accounting for $12 million of the $32 million in total losses.
- Sources of the attacks. They came from 36 different countries. The U.S. (26.1%) and China (23.9%) were the source of over half of the intrusion attempts, though masking technologies make it difficult to get an accurate reading.
- Defenses. Most said they installed new security updates and software following incidents, but advanced security techniques such as biometrics (4%) and smart cards (7%) were used infrequently. In addition, 44% reported intrusions from within their own organizations, suggesting the need for strong internal controls.
- Reporting. Just 9% said they reported incidents to law enforcement, believing the infractions were not illegal or that there was little law enforcement could or would do. Of those reporting, however, 91% were satisfied with law enforcement's response. And 81% said they'd report future incidents to the FBI or other law enforcement agencies. Many also said they were unaware of InfraGard, a joint FBI/private sector initiative that battles computer crimes and other threats through information sharing.
(ph -- thanks to Vernon McCandlish for alerting me to the Survey)