Viktor Savtyrev of Old Bridge, New Jersey was arrested on Monday and charged with two counts of violating a federal cyberextortion statute for allegedly threatening to hack the computer system of his former employer if the company didn’t meet his demands for money, better medical coverage and a good job reference. Savtyrev, a systems administrator, was one of 14 employees laid off on November 5 by Third Avenue Management, a Manhattan-based mutual fund manager. The next day, he allegedly emailed the company attorney and three employees, threatening to breach and damage the company’s computers if his demands weren’t met. He repeated his threats in an additional email and two phone conversations which were recorded, at one point saying he would get “comrades from Belarus” to help him hack the company’s servers. Savtyrev is a Russian but has legal permanent resident status — at least for now. At his initial hearing on Monday in US District Court in Newark before US Magistrate Judge Patty Shwartz, Savtyrev’s attorney called it “an idle threat.” A bail hearing is scheduled today. He can probably forget about getting that good job reference (Newark Star-Ledger, Computerworld).
You are currently browsing the archive for the Internet Fraud category.
Three Florida A&M University students have been indicted by a federal grand jury in Tallahassee for allegedly hacking into the university’s computer system and changing about 650 grades of about 90 students. In most cases, failing grades were changed to “A” grades. In addition, the status of some students was changed from out-of-state to resident. Marcus Barrington, Christopher Jacquette and Lawrence Secrease were charged in a five-count indictment with conspiracy to commit wire fraud and unauthorized computer access, aggravated identity theft, and one substantive count of unauthorized computer access. From the DOJ Press Release:
According to the indictment, the conspirators were able to access the FAMU computer system by surreptitiously installing keystroke loggers on computers used by employees of the registrar’s office. The keystroke loggers enabled the conspirators to obtain the secure user names and passwords of FAMU registrar’s office employees; the conspirators then used these names and passwords to access the FAMU computer system to make both grade and residency changes. The indictment also alleges that after learning that FAMU had reversed the unauthorized grade changes, the conspirators accessed the computer system a second time to change their grades back, once again improving students’ GPAs and changing failing grades to passing ones.
All three men have pleaded not guilty. A trial date of December 15 has been scheduled (Tallahassee Democrat).
Gregory King of Fairfield, California was sentenced last week to two years in prison by US District Judge Lawrence Karlton in Sacramento. He was also ordered to pay over $69,000 in restitution. On June 10 King pleaded guilty to two counts of transmitting code to cause damage to a protected computer (earlier). He admitted operating a 7,000-computer botnet and using it to launch distributed denial-of-service (DDoS) attacks against the Killanet and CastleCops forums. He was caught in the DOJ and FBI’s “Operation Bot Roast” operation (DOJ).
In a unanimous decision (.pdf), the Virginia Supreme Court on Friday overturned the state’s anti-spam law on federal constitutional grounds and reversed the conviction of Jeremy Jaynes, who in 2004 became the first person in the country to be convicted of a felony for spamming. The court ruled that the state law violates protected speech under the First Amendment because it prohibits all unsolicited email, not just commercial junk mail. Jaynes was sentenced to nine years in prison but has been under house arrest pending the outcome of his appeal. Virginia Attorney General Bob McDonnell said he will appeal the decision to the US Supreme Court (WaPo).
Daniel Dove, formerly of Clintwood, Virginia, was sentenced on Tuesday to 18 months in prison by US District Judge James P. Jones in the Eastern District of Virginia for his role in a P2P internet piracy group. Dove, an administrator for the now-defunct EliteTorrents, was convicted by a jury in June on one count of conspiracy and one count of felony copyright infringement for using BitTorrent technology to distribute copyrighted movies. EliteTorrents attracted the FBI’s attention in 2005 when it released “Star Wars Episode III: Revenge of the Sith” six hours before it was released in theaters. The operation was closed as part of the FBI’s Operation D-Elite. Dove is the eighth administrator to be convicted in connection with the operation, and the only one to plead not guilty and go to trial (Daily Tech, DOJ).
Thomas Rushing III, Brian Rue and William Partridge pleaded guilty on August 22 in US District Court in Austin, Texas to one count each of criminal copyright infringement for selling downloadable counterfeit software through a series of websites. They allegedly sold $2.5 million at retail value between early 2006 and September 2007. They face statutory maximum sentences of five years each; sentencing for all three defendants is scheduled for December 19 (DOJ).
Former KYW-TV Philadelphia news anchor Larry Mendte on Friday pleaded guilty before US District Judge Mary McLaughlin to a one count information charging him with with intentionally accessing a protected computer without authorization. Mendte admitted hacking into former co-anchor Alycia Lane’s email accounts for over 2 years, including 537 times between January 1 and May 26, 2008, and leaking her personal information to a Philadelphia Daily News gossip columnist. He accessed the accounts using a keystroke logger. Mendte was fired in June after the FBI raided his house. He faces a statutory maximum of five years in prison when he is sentenced on November 24. His public remarks at a news conference later Friday caused controversy after he said he had a “flirtatious, unprofessional and improper relationship” with Lane, whose attorney immediately denounced the statement (Philadelphia Inquirer here and here, our earlier entry).
A Uniontown, Pennsylvania man already indicted in state court for identity theft was indicted Wednesday by a federal grand jury in Pittsburgh on eight counts of mail fraud. Jason Joy, a former math professor, allegedly collected money for merchandise he sold on eBay and Yahoo Auctions but never delivered the goods. He allegedly told the buyers he was the victim of identity theft, but prosecutors claim he was actually using the identity of one of his students and that he stole his sister-in-law’s identity and used her check card to pay eBay seller’s fees. The loss involved in the charged counts totals over $38,000 (Pittsburgh Post-Gazette, DOJ).
In Casper, Wyoming on Wednesday, 19-year-old Jason Milmont of Cheyenne pleaded guilty before US Magistrate Judge Michael Shickich to one count of unauthorized access to a computer to conduct fraud. Milmont admitted creating a botnet of 5,000 to 15,000 computers by modifying the Nugache Worm to infect Limewire users in order to steal credit card and banking information. It’s the first case nationally in which a defendant has been charged with using P2P software to infect users. Milmont agreed to plead guilty in June in Los Angeles where the case originated but it was transferred to Wyoming last month. Milmont will be sentenced on October 23 by US District Judge William Downes. He faces a statutory maximum of five years in prison (Casper Star-Tribune).
Jeremiah Mondello of Eugene, Oregon was sentenced to four years in prison on Wednesday by US District Judge Ann Aiken in Portland for criminal copyright infringement, aggravated identity theft and mail fraud. Mondello pleaded guilty to the charges in May. He admitted using computer viruses to install keystroke logging software which he used to steal financial data from at least 40 victims. He then used the stolen data to set up multiple bank, eBay and PayPal accounts under which he sold counterfeited software between 2005 and 2007. He made about $400,000 but the loss to the copyright owners was an estimated $1.2 million (Wired News, DOJ).
“Spam King” Eddie Davidson, who escaped from a minimum security federal prison in Florence, Colorado on Sunday (earlier), shot and killed his wife and three-year-old daughter on Thursday morning and then killed himself. Their bodies were found at their former home in Bennett, east of Denver, in and beside the same vehicle his wife was driving Sunday night when he jumped in and forced her to drive off. The current homeowners were at work. His 14-year-old daughter escaped after being grazed in the neck and his seven-month-old son was found unharmed in the back seat.
USA Troy Eid said “What a nightmare, and such a coward. Davidson imposed the death penalty on family members for his own crime.” Davidson was sentenced to 21 months in prison on April 28 and began serving his sentence in late May (Rocky Mountain News, Denver Post).
The Rocky Mountain News reported Wednesday that “Spam King” Eddie Davidson escaped from a minimum security prison in Colorado on Sunday. Davidson was sentenced in late April to 21 months in prison (earlier).
In Seattle on Tuesday, US District Judge Marsha Pechman sentenced “Spam King” Robert Soloway to 47 months in prison for violating the CAN-SPAM act. Soloway pleaded guilty in March to email fraud, mail fraud and tax evasion (Seattle Post-Intelligencer, DOJ).
And let’s not forget Adam Vitale, who was sentenced to 30 months in prison last week for spamming (earlier). Investigators and prosecutors crowned him the “Spam King” too.
Somebody stop the coronations, please! Not every spammer can be the Spam King. I suggest using Spam Dauphin, Spam Crown Prince or Spam Duke of Earl.
Federal prosecutors in Philadelphia on Monday announced the filing of a one count information charging former KYW-TV news anchor Larry Mendte with intentionally accessing a protected computer without authorization. Mendte, who was fired last month after the FBI raided his house, is accused of hacking into former co-anchor Alycia Lane’s email accounts for over 2 years, including 537 times between January 1 and May 26, 2008, and leaking her personal information to a Philadelphia Daily News gossip columnist. He apparently accessed the account by installing a keystroke logger, although that is not specified in the information. The emails included attorney-client communications relating to criminal and civil litigation involving Lane. A hearing has been set for August 22, at which Mendte is expected to plead guilty. He faces a statutory maximum of five years in prison (Philadelphia Inquirer, DOJ Press Release, Information).
Adam Vitale of Brooklyn was sentenced to 30 months in prison last Tuesday by US District Judge Denny Chin in Manhattan for his role in a scheme that sent 1.2 million spam emails to AOL subscribers in one six-day period in 2005. Vitale was listed as a professional spammer on an industry watchlist operated by Spamhaus. He was caught because the spamming was done on behalf of a confidential informant. Vitale and co-defendant Todd Moeller, who was sentenced last November to 27 months in prison, used multiple servers to bypass AOL’s spam filters, indicating that they may have been operating a botnet. Ironically, the spam was for a computer security product. Vitale pleaded guilty in June 2007 to one count of conspiracy and two counts related to the illegal spamming (Reuters via Yahoo, DOJ).
Recent results in the DOJ and FBI’s “Operation Bot Roast”:
Robert Matthew Bentley of Panama City, Florida, on June 11 was sentenced to 41 months in prison and ordered to pay $65,000 in restitution by US District Judge Richard Smoak in Pensacola. Bentley pleaded guilty in March to conspiracy and computer fraud counts; he admitted overloading Newell Rubbermaid’s computer network by using his botnet to install ad-serving software on over 100 computers; he was paid to do it by a now-defunct Dutch adware company. Others companies were targeted and unnamed co-conspirators are under investigation (Techworld, DOJ).
Gregory King of Fairfield, California on June 10 pleaded guilty to two counts of transmitting code to cause damage to a protected computer before US District Judge Lawrence Karlton in Sacramento. King admitted using a 7,000-computer botnet he controlled to launch distributed denial-of-service (DDoS) attacks against Killanet and CastleCops. The latter is a well-respected online security community which specializes in analyzing, exposing and fighting malware, phishing and other computer security concerns. King agreed to serve two years in prison, although the court is not bound by the recommendation; sentencing is scheduled for September 3 (Wired, DOJ).
Convicted spammer Eddie Davidson of Louisville, Colorado was sentenced to 21 months in prison on Monday by US District Judge Marcia Krieger in Denver. He was also ordered to pay $714,000 to the IRS. Davidson was indicted in May 2007 in connection with a 5 year long operation during which he allegedly sent hundreds of thousands of spam emails on behalf of 19 clients who paid him at least $3.5 million. The spam, which promoted penny stocks and merchandise such as cheap watches and perfume, was sent with fake email headers to disguise the source. He pleaded guilty in December to charges of tax evasion and falsifying email headers in violation of the CAN-SPAM Act (PC World, DOJ).
Sometimes, spamming scammers are brought to justice: Two Nigerian nationals and a Senegalese national, each with a variety of aliases, pleaded guilty to charges of conspiracy, mail fraud and multiple charges of wire fraud last Wednesday before US Magistrate Judge Roland Reyes Jr. in Brooklyn. Each wire and mail fraud count carries a maximum 20 year sentence; the conspiracy charges each carry a 5 year maximum sentence. The case was originally investigated by Dutch authorities; the three were arrested in Amsterdam in 2006 and extradited. A fourth defendant fled to Nigeria and is being held pending extradition.
The charges arose from an advance fee fraud scheme (419 scam) operated by the defendants: the all-too-familiar spam emails in which the writer claims to control millions of dollars overseas and the recipient is offered a commission for his help in gaining control of the funds; one of the scenarios in this case involved a throat cancer sufferer who wished to distribute $55 million to charity. The suckers victims in these schemes lost approximately $1.2 million in wire transfer payments to the defendants for advance fees. The DOJ Press release is here.