One Hundred Phishers Charged In Largest Cybercrime Case

The FBI on Wednesday announced that it had charged 53 defendants, the largest number ever charged in a cybercrime case, following a multinational investigation into a phishing scheme that operated in the United States and Egypt. Thirty-three of the 53 defendants named in the indictment have been arrested, the FBI said, and several others are being sought. The investigation, dubbed "Operation Phish Phry," began in 2007.

Authorities in Egypt have charged 47 defendants linked to the phishing operation. Phishing is a form of social engineering that attempts to convince Internet users, via e-mail or other means, to provide online credentials via e-mail, Web submission form, or some other method under false pretenses. Often, phishers create fraudulent Web sites that have been designed to look like legitimate Web sites as a way to encourage site visitors to supply sensitive information, such as online banking login details.

Earlier this week, Microsoft (NSDQ: MSFT) warned that "several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a likely phishing scheme." The online attack also appears to have affected users of other online e-mail services, including Google Gmail, and Yahoo (NSDQ: YHOO) Mail.

According to the FBI, the U.S.-Egypt phishing operation collected personal information from thousands of victims and used that information to defraud U.S. banks. Hackers based in Egypt allegedly captured banking information and other personal details, then supplied that information to associates in the U.S. who then withdrew funds using the stolen credentials and wired back a portion of the proceeds to Egypt.

"The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed," said Keith Bolcar, acting assistant director of the FBI in Los Angeles, in a statement. "Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans."

All 53 defendants in the U.S. face charges of conspiracy to commit bank fraud and wire fraud, which carry a maximum sentence of 20 years in prison. Some of the defendants also face additional charges that could lead to longer terms.

http://www.ic3.gov/crimeschemes.aspx
http://www.lookstoogoodtobetrue.com/

Note: The following text is a quote:

http://www.fbi.gov/page2/oct09/phishphry_100709.html

Headline Archives

OPERATION PHISH PHRY
Major Cyber Fraud Takedown
10/07/09

The Director delivered a major speech on cyber crime today at the Commonwealth Club of California. Nearly 100 people were charged today in the U.S. and Egypt as part of Operation Phish Phry, one the largest cyber fraud phishing cases to date. It’s the latest action in what Director Robert Mueller described in a major address today as a “cyber arms race,” where law enforcement and criminals compete to stay one step ahead of each other on the ever-expanding virtual frontier.

Cyber thieves “phish” for personal information such as usernames, passwords, and financial account details by tricking users into thinking their sensitive information is being given to trusted websites when, in fact, the sites are traps.

The defendants in Operation Phish Phry targeted U.S. banks and victimized hundreds and possibly thousands of account holders by stealing their financial information and using it to transfer about $1.5 million to bogus accounts they controlled. More than 50 individuals in California, Nevada, and North Carolina, and nearly 50 Egyptian citizens have been charged with crimes including computer fraud, conspiracy to commit bank fraud, money laundering, and aggravated identify theft.

During the two-year investigation led by our Los Angeles office, we worked closely with the Secret Service, the Electronics Crimes Task Force in Los Angeles, state and local law enforcement, and our Egyptian counterparts—the first joint cyber investigation between Egypt and the United States. Such a cooperative effort illustrates “the power of our global partnerships,” Mueller said during his speech in San Francisco to address the criminal cyber threat and what we’re doing to combat it.

While Phish Phry defendants were being rounded up, Mueller told his audience, “The FBI is both a law enforcement and national security agency, which means we can and must address every angle of a cyber case. This is critical, because what may start as a criminal investigation may lead to a national security threat. … At the start of a cyber investigation, we do not know whether we are dealing with a spy, a company insider, or an organized criminal group.”

In the case of Operation Phish Phry, money appears to be the driving motive. But as Mueller pointed out, “Something that looks like an ordinary phishing scam may be an attempt by a terrorist group to raise funding for an operation.”

Mueller’s remarks came during National Cybersecurity Awareness Month, an annual event sponsored by the Department of Homeland Security to help educate the public on the shared responsibility of protecting cyberspace.

“Cyber crime might not seem real until it hits you,” Mueller said. “But every personal, academic, corporate, and government network plays a role in national security.”

To help battle the cyber threat, the Bureau relies on strong partnerships—with law enforcement and intelligence communities worldwide, and with universities, corporations, small businesses, and citizens.

Within the government, we have established the National Cyber Investigative Joint Task Force, which brings together law enforcement, intelligence, and defense agencies to focus on high-priority cyber threats. Within the private sector we run InfraGard, where we exchange information with 32,000 partners from private industry.

But even with all our partnerships, Mueller added, “we are still outnumbered by cyber criminals.” Which is why it’s so important for people to do their fair share. That means protecting your home computer with firewalls, anti-virus software, and strong passwords.

“We all have a responsibility to protect the infrastructure that protects the world,” Mueller said.

Resources:
- Director’s remarks
- Phish Phry press release (10/07/09)
- How to protect your computer
- Latest e-mail scams and warnings
- FBI cyber investigations
- National Cybersecurity Awareness Month

Don’t Become a Phishing Victim

Most banks or other companies will not request your personal information via e-mail. If you get an e-mail asking for such information, call the bank—but don’t use the phone number contained in the e-mail.
Use a phishing filter on your computer. Many current web browsers have them built in or offer them as plug-ins.
Never follow a link to a secure site from an e-mail—always enter the URL manually.

Don’t be fooled by the latest scams. Visit the Internet Crime Complaint Center (IC3) and LooksTooGoodToBeTrue websites for more tips and information.

October 7, 2009

Note: The following SNIPPET text is a quote:

http://losangeles.fbi.gov/pressrel/2009/la100709.htm

One Hundred Linked to International Computer Hacking Ring Charged by United States and Egypt in Operation Phish Phry

LOS ANGELES—The largest number of defendants ever charged in a cyber crime case have been indicted in a multinational investigation conducted in the United States and Egypt that uncovered a sophisticated “phishing” operation that fraudulently collected personal information from thousands of victims that was used to defraud American banks.

This morning, authorities in several United States cities arrested 33 of 53 defendants named in an indictment returned last week by a federal grand jury in Los Angeles. Several defendants charged in the indictment are being sought this morning by law enforcement. Additionally, authorities in Egypt have charged 47 defendants linked to the phishing scheme. The United States government is extremely grateful for the extraordinary assistance provided by the Egyptian government in this matter.

Operation Phish Phry marks the first joint cyber investigation between Egyptian law enforcement authorities and United States officials, which include the FBI, the United States Attorney’s Office, and the Electronic Crimes Task Force in Los Angeles. Phish Phry, with 53 defendants charged in United States District Court, also marks the largest cyber crime investigation to date in the United States.

Operation Phish Phry was announced following this morning’s arrests by Keith B. Bolcar, Acting Assistant Director in Charge of the FBI in Los Angeles; George S. Cardona, Acting United States Attorney in Los Angeles; Kieran Ramsey, the FBI’s Legal Attache in Cairo, Egypt; and Egyptian Law Enforcement Authorities.

Operation Phish Phry commenced in 2007 when FBI agents, working with United States financial institutions, took proactive steps to identify and disrupt sophisticated criminal enterprises targeting the financial infrastructure in the United States. Intelligence developed during the initiative prompted the FBI and Egyptian authorities to agree to pursue a joint investigation into multiple subjects based in Egypt after investigators in both countries earlier this year uncovered an international conspiracy allegedly operating an elaborate scheme to steal identities through a method commonly called “phishing.” The group is accused of conspiring to target American-based financial institutions and victimize an unknown number of account holders by fraudulently using their personal financial information.

The multinational investigative effort resulted in 53 defendants being named in the federal indictment and 47 suspects being identified by Egyptian authorities. The domestic defendants were arrested in California, Nevada, and North Carolina. In California, defendants reside in the counties of Los Angeles, Orange, San Bernardino, Riverside, and San Diego.

The 51-count indictment accuses all of the defendants with conspiracy to commit wire fraud and bank fraud. Various defendants are charged with bank fraud; aggravated identity theft; conspiracy to commit computer fraud, specifically unauthorized access to protected computers in connection with fraudulent bank transfers and domestic and international money laundering.

According to the indictment that was unsealed this morning, Egyptian-based hackers obtained bank account numbers and related personal identification information from an unknown number of bank customers through phishing—a technique that involves sending e-mail messages that appear to be official correspondence from banks or credit card vendors. In illegal phishing schemes, bank customers are directed to fake websites purporting to be linked to financial institutions, where the customers are asked to enter their account numbers, passwords and other personal identification information. Because the websites appear to be legitimate—complete with bank logos and legal disclaimers—the customers do not realize that the websites do not belong to legitimate financial institutions.

The indictment alleges that co-conspirators in Egypt collected victims’ bank account information by using information obtained from their phishing activities. Armed with the bank account information, members of the conspiracy hacked into accounts at two banks. Once they accessed the accounts, the individuals operating in Egypt communicated via text messages, telephone calls and Internet chat groups with co-conspirators in the United States. Through these communications, members of the criminal ring coordinated the illicit online transfer of funds from compromised accounts to newly created fraudulent accounts. The United States part of the ring was allegedly directed by defendants Kenneth Joseph Lucas, Nichole Michelle Merzi, and Jonathan Preston Clark, all California residents, who directed trusted associates to recruit “runners,” who set up bank accounts where the funds stolen from the compromised accounts could be transferred and withdrawn. A portion of the illegally obtained funds withdrawn were then transferred via wire services to the individuals operating in Egypt who had originally provided the bank account information obtained via phishing.

“The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed,” said Keith Bolcar, Acting Assistant Director In Charge of the FBI in Los Angeles. “Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans. The FBI is grateful for the assistance of its law enforcement partners in the U.S. and the Egyptian government’s dedicated cooperation, which illustrates that borders cease to exist among countries committed to the rule of law and to the protection of their citizens.”

Acting United States Attorney George S. Cardona stated: “This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands, of bank customers. Organized, international criminal rings can only be confronted by an organized response by law enforcement across international borders, which we have seen in this case.”

Those taken into custody in the United States will be afforded an initial appearance before United States Magistrate Judges in the district where they were arrested. Those arrested in and around Los Angeles will have their initial appearance in United States District Court in Los Angeles this afternoon.

Each of the 53 defendants named in the indictment is charged with conspiracy to commit bank fraud and wire fraud, a charge that carries a statutory maximum penalty of 20 years in federal prison. Some of the defendants are named in additional counts that would increase their maximum possible sentences.

An indictment contains allegations that a defendant has committed a crime. Every defendant is presumed to be innocent until and unless proven guilty in court.

The investigation in the United States was conducted by the FBI’s Los Angeles Field Office, supported by the Electronic Crimes Task Force in Los Angeles and the FBI’s Legal Attache in Cairo, Egypt. Several agencies provided considerable assistance to this investigation, including the Los Angeles Police Department, the Los Angeles District Attorney, the United States Secret Service, the Culver City Police Department, the El Segundo Police Department, and the United States Social Security Administration. U.S. Customs and Border Protection, the Drug Enforcement Administration, the Department of Water and Power, and local law enforcement departments in various counties assisted during today’s arrests.

The defendants charged in the United States will be prosecuted by the United States Attorney’s Office. The Department of Justice Criminal Division’s Office of International Affairs provided substantial support during the investigation.

Note: The following text is a quote:

http://www.fbi.gov/pressrel/speeches/mueller100709.htm

Major Executive Speeches

Robert S. Mueller, III
Director
Federal Bureau of Investigation

Commonwealth Club of California
San Francisco, California

October 7, 2009
Thank you and good afternoon. I am happy to be back in San Francisco, and back at the Commonwealth Club.

Today, I want to talk about cyber threats. So it seems fitting that my remarks are being broadcast on the Club’s national radio program, airing on XM Radio and iTunes, and streaming live to Club members. This is going on all around us, but if Skip hadn’t mentioned it, we would be none the wiser. Our lives are impacted by the Internet all the time, whether we can see it or not.

The Internet has thrown wide the windows of the world, allowing us to learn and communicate and conduct business in ways that were unimaginable 20 years ago. This is the upside of globalization, as author Tom Friedman has noted in best-sellers such as “The World is Flat.” But the downside of our increasingly flat world is that the Internet is not just a conduit for commerce, but also a conduit for crime.

The Internet has created virtual doors into our lives, our finances, our businesses, and our national security. Criminals, spies, and terrorists are testing our doorknobs every day, looking for a way in.

Cyber crime is a nebulous concept. It is difficult to grasp intangible threats, and easy to dismiss them as unlikely to happen to you. So far, too little attention has been paid to cyber threats—and their consequences.

But what if I told you that as you sit here today, strangers were walking through your offices, homes, and dorm rooms? What if they were opening your drawers, reading your files, accessing your financial information, or stealing your company’s research and development?

Well, that is happening, right now, in homes and offices and schools around the world. Intruders are reaching into our networks every day, looking for valuable information. And unfortunately, they are finding it, because many of us are unaware of the threat these persons pose to our privacy, our economic stability, and even our national security.

Most of us assume we will not be targets of cyber crime. We are not as careful as we know we should be. Let me give you an example.

Not long ago, the head one of our nation’s domestic agencies received an e-mail purporting to be from his bank. It looked perfectly legitimate, and asked him to verify some information. He started to follow the instructions, but then realized this might not be such a good idea.

It turned out that he was just a few clicks away from falling into a classic Internet “phishing” scam—“phishing” with a “P-H.” This is someone who spends a good deal of his professional life warning others about the perils of cyber crime. Yet he barely caught himself in time.

He definitely should have known better. I can say this with certainty, because it was me.

After changing all our passwords, I tried to pass the incident off to my wife as a “teachable moment.” To which she replied: “It is not my teachable moment. However, it is our money. No more Internet banking for you!”

So with that as a backdrop, today I want to talk about the nature of cyber threats, the FBI’s role in combating them, and finally, how we can help each other to keep them at bay.

* * *

Let me start by giving you two examples of what the FBI investigates on a daily basis.

In July 2008, a California oil and gas company called Pacific Energy Resources contacted the FBI and the Long Beach Police to report a computer attack. Six computer servers had been rendered inoperable, disabling the critical leak-detection systems on three off-shore oil platforms. This was the last in a series of network attacks, which cost the company over $100,000 in losses.

The investigation led us to a former IT contractor. After he had been let go, he retaliated by remotely accessing the system. His actions could potentially have resulted in significant environmental damage. He pled guilty last month to a federal computer intrusion charge, and faces up to 10 years in prison.

And this past April, someone hacked into the database of the Virginia Department of Health Professionals. The intruder blocked over 8 million patient records—records that hospitals, doctors, and pharmacies depend on in order to accurately prescribe and dispense medication. Those records are no longer blocked, and our investigation continues.

As you can see, cyber cases can have costly—and potentially deadly—consequences.

Again, most of us assume our systems have nothing that would interest a hacker or spy. But we never know exactly what information might have value to a criminal. Information is power, period.

Whenever an intruder opens a door to our networks, there is a clear risk to individual privacy and intellectual property—not to mention economic and national security.

My eyes were first opened to these risks back in the early 1990s, when I read a book called “The Cuckoo’s Egg.” It chronicles the electronic adventure of Cliff Stoll, then a systems manager at a Berkeley laboratory. In the mid-1980s, he noticed an accounting disparity of 75 cents. This was before the Internet as we know it existed. Cyber threats were just beginning to appear on our radars.

He tracked it to an unauthorized user who had repeatedly broken into the system and then used the lab’s computers to tap into military networks. He eventually traced the attacks to a German hacker who was part of an espionage ring.

The book was prescient. Twenty years later, the whole world is online. And because the web offers near-total anonymity, it is that much more difficult to discern the identity, motives, and location of an intruder.

At the start of a cyber investigation, we do not know whether we are dealing with a spy, a company insider, or an organized criminal group. Something that looks like an ordinary phishing scam may be an attempt by a terrorist group to raise funding for an operation. An intrusion into a corporate network could be the work of a high-school hacker across the street, or a hostile foreign power across the ocean.

Cyber threats present a unique challenge to law enforcement because we have a tendency to compartmentalize our investigations. Criminal cases are usually separate from espionage cases, which in turn are separate from counterterrorism cases. But when it comes to cyber threats, there is almost always some overlap.

The FBI is both a law enforcement and national security agency, which means we can and must address every angle of a cyber case. This is critical, because what may start as a criminal investigation may lead to a national security threat.

Take, for example, a next-generation bank robbery that occurred last fall. A group of cyber criminals orchestrated a highly sophisticated attack on a major financial institution. Hackers found their way into the network of this institution, and altered data to allow them to increase the funds available for a number of accounts. They also stole account data and created duplicate ATM cards. Then, one day in early fall, they struck.

Within 24 hours, the thieves targeted more than 2,100 ATMs in 280 cities around the world. They inserted their phony ATM cards, and then walked away with more than $9 million. Arrests have been made internationally, and our investigation continues.

To put it in perspective, imagine for a moment that these groups had simultaneously entered dozens of banks, armed with assault weapons, and emptied the vaults. It would have been one of the most notorious bank heists in history. But instead, the attack was planned and executed under the radar, using computers and fiber-optic cables as weapons. They did it without a shot being fired, and then disappeared back into the ether.

Such techniques make global deterrence a challenge, to put it mildly. The perpetrators can be anyplace in the world. And so can the victims. And, for that matter, the evidence.

At a minimum, piecing together a case requires close collaboration with our counterparts in other countries. But actually prosecuting one requires harmonizing different criminal justice systems, all of which work according to the laws of their own lands.

The global scale and scope of such attacks puts law enforcement at a disadvantage. The investigative challenges may seem insurmountable.

But we do have a significant advantage: partnerships. Partnerships with law enforcement and intelligence communities across the world. Partnerships with universities, corporations, and small businesses. Partnerships with citizens such as yourselves.

* * *

After the September 11th terrorist attacks, the FBI’s mindset and mission changed fundamentally. We could no longer focus our efforts on investigating terrorist attacks after the fact; we had to prevent them from happening in the first place. The only way to do that is to gather and analyze intelligence, and share it with those who need it.

The same mindset is true for our cyber responsibilities. The FBI can bridge both criminal and national security cases. So we are uniquely positioned to facilitate joint investigations that cross both local and international jurisdictions.

Within the government, the FBI has established the National Cyber Investigative Joint Task Force. This task force brings together law enforcement, intelligence, and defense agencies to focus on high-priority cyber threats.

But cyber threats take us well beyond partnerships with government alone. The FBI runs a program called InfraGard, which is one of our most important links to the private sector. We exchange information with partners from a host of industries, from computer software companies to chemical corporations. They are the experts on our critical infrastructure, the majority of which rely on computer networks. We have 32,000 members and counting, and those relationships have helped us to prevent risk from becoming reality.

And our partnerships stretch beyond our borders. For example, a substantial amount of cyber crime originates in Eastern Europe. And so we have embedded FBI agents in several police agencies there, to assist full-time on cyber investigations. Our relationship with the Romanian National Police is an example of the results of such cooperation: In the past year alone, we have dismantled organized criminal groups and arrested over 100 individuals, both here and in Romania.

And just this morning, we announced a major takedown in an international cyber investigation. A group of criminals in the United States and Egypt was engaged in a wide-ranging “phishing” scam. They targeted American financial institutions, and also approximately 5,000 American citizens. The FBI, the Secret Service, and state and local law enforcement cooperated closely with our Egyptian counterparts. As a result, earlier today we arrested over 50 subjects in the United States and Egypt.

This is the first joint cyber effort between the United States and Egypt. It is the largest international “phishing” case ever conducted. And it shows the power of our global partnerships in the face of global cyber criminal networks.

Those are just a small sampling of our many partnerships. Yet we are still outnumbered by cyber criminals. And that is where you come in.

Just as the police cannot come by every home or business, every night, to make sure the doors are locked, we must all take ownership of cyber security.

Cyber crime might not seem real until it hits you. But every personal, academic, corporate, and government network plays a role in national security. And given the extent of the damage cyber attacks can cause, it is important for all of us to protect ourselves, and each other.

If you are a basic user, then make sure to enable basic protections for your network—firewalls, anti-virus software, strong passwords, and security patches. And if you are part of a large corporate or academic network, start thinking of cyber security as a mission-critical component, and not an afterthought.

Investing in cyber security is akin to buying hazard insurance for a house. You invest relatively little to guard against losing everything.

Finally, talk to us. The more information we have, the more effective we can be at preventing you from becoming a victim of cyber crime. Whenever companies or institutions inform us of a potential breach, we have the chance to gather, analyze, and share critical intelligence. You never know when a single scrap of information may lead to the takedown of a global ring of cyber criminals, or even a terrorist cell. Remember the example of Cliff Stoll: a 75-cent billing disparity was no mere accounting error. It was the key to uncovering an international espionage ring.

* * *

For better or worse—and I generally think for better—cyberspace is here to stay. We live in a wireless world, and we have grown accustomed to its convenience.

We are all used navigating with GPS, checking our e-mail at the airport, trading stocks online, and—for most of us, anyway—paying bills online. “Tweeting” or updating your Facebook status from anywhere is no longer a luxury but an expectation.

There is no going back. Technology will continue its march forward, and criminals will take full advantage of it. We in the FBI liken our challenge to a “cyber arms race,” where both sides are competing to stay ahead of the other.

We have to bring the fight to them. We have to work together, as a united front—government, private industry, and the public.

We know the game plan of our adversaries. They will keep twisting doorknobs and picking locks until they find a way in. But we must not let them in. We must change the locks. We must bar the doors. And we must sound the alarms when we notice anything out of the ordinary.

We are all citizens of the Internet, and we must also be its stewards. We all have a responsibility to protect the infrastructure that protects the world. It will not be easy. But together, we are up to the task.

I will leave you with just one more warning. Many of you may be familiar with the Nigerian e-mail scam, which offers the recipient the “opportunity” to make millions—if they could just help the author with a few illegal money transfers.

If you ever receive a similar e-mail purporting to be from me—as has happened in the past—delete it! Especially if it asks you for money. Take it from me—having to memorize all those new passwords is no picnic.

# # #

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.