October 8, 2009

FBI Crackdown Leads To 100 Arrests In Phishing Scam

Authorities in the U.S. and Egypt have cracked a major "phishing" identity theft scam, charging nearly 100 people with illegally obtaining personal bank account information and stealing money from customers of Wells Fargo & Co. and Bank of America Corp.

The Federal Bureau of Investigation (FBI) said 33 people were arrested throughout the U.S. early Wednesday, while authorities in Egypt charged an additional 47 linked to the theft.

The crackdown was the culmination of a two-year probe dubbed Operation Phish Phry, which the FBI described as one of the largest cyber fraud phishing cases to date.  

"Cyber thieves "phish" for personal information such as usernames, passwords, and financial account details by tricking users into thinking their sensitive information is being given to trusted Web sites when, in fact, the sites are trap," said the FBI in a statement about the arrests.

A total of 53 suspects were named in connection with the scam in a federal grand jury indictment.

The sophisticated identity theft network had gathered information from thousands of victims, and then used that information to defraud American banks, authorities said.

"The defendants in Operation Phish Phry targeted U.S. banks and victimized hundreds and possibly thousands of account holders by stealing their financial information and using it to transfer about $1.5 million to bogus accounts they controlled," the FBI said.

Officials said a series of raids early Wednesday resulted in arrests of suspects in California, Nevada and North Carolina.

The takedown is just the latest action in what FBI Director Robert Mueller described as a "cyber arms race," in which law enforcement and criminals battle to stay one step ahead of each other in cyberspace.

A 51-count U.S. indictment charges all defendants with conspiracy to commit wire fraud and bank fraud.   Some of the defendants are also accused of aggravated identity theft and conspiracy to commit computer fraud.

"During the two-year investigation led by our Los Angeles office, we worked closely with the Secret Service, the Electronics Crimes Task Force in Los Angeles, state and local law enforcement, and our Egyptian counterparts"”the first joint cyber investigation between Egypt and the United States," the FBI said.

Such a collaborative effort demonstrates "the power of our global partnerships," said Mueller on Wednesday during a major speech in San Francisco to address the criminal cyber threat.

"The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed," said FBI Los Angeles acting assistant director Keith Bolcar as saying.

"Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans."

"Operation Phish Phry commenced in 2007 when FBI agents, working with United States financial institutions, took proactive steps to identify and disrupt sophisticated criminal enterprises targeting the financial infrastructure in the United States," said the FBI's Los Angeles office in a statement.

"Intelligence developed during the initiative prompted the FBI and Egyptian authorities to agree to pursue a joint investigation into multiple subjects based in Egypt after investigators in both countries earlier this year uncovered an international conspiracy allegedly operating an elaborate scheme to steal identities through a method commonly called phishing," the office said.

An unsealed indictment said that Egyptian-based cybercriminals illegally obtained bank account numbers and personal information from bank customers through phishing, and then hacked into accounts.

Once the compromised accounts were accessed, the Egyptian hackers contacted conspirators in the U.S. via text messages, telephone calls and Internet chatrooms to coordinate transfer of cash to fraudulent accounts.

"This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands, of bank customers," said acting U.S. Attorney George Cardona in a statement.

"The FBI is both a law enforcement and national security agency, which means we can and must address every angle of a cyber case. This is critical, because what may start as a criminal investigation may lead to a national security threat. "¦ At the start of a cyber investigation, we do not know whether we are dealing with a spy, a company insider, or an organized criminal group," said the FBI's Mueller.


On the Net: