From the U.S. Attorney’s Office, Western District of Washington:
Three Seattle men indicted for Computer Hacking, Fraud, and Identity Theft
Three people are under arrest for hacking into computer systems to steal personal and business information used in a variety of thefts and frauds. The three are charged in a ten count indictment alleging a conspiracy to access computers to commit fraud, damaging computers, access device fraud and aggravated identity theft. If convicted the defendants face up to 15 years in prison and a $250,000 fine.
“These defendants combined ‘old school’ methods such as burglary, with high tech methods such as using unprotected wireless networks to hide their identities while draining bank accounts and committing fraud,” said U.S. Attorney Jenny A. Durkan who chairs the Justice Department’s Cybercrime and Intellectual Property Enforcement working group. “The victims in this case quickly reported the hacking to law enforcement — a key step to bringing these defendants to justice.”
According to the indictment, beginning in 2008 and continuing into 2010, the three suspects hacked the networks of more than a dozen businesses and burgled more than 40 businesses to steal equipment and obtain personal and business information used for fraud. The ring obtained credit card numbers and used them to purchase tens of thousands of dollars of high tech equipment and luxury goods that they used or sold. They hijacked payroll information so that payroll funds would be distributed to accounts under their control and sent company funds to reloadable debit cards, allowing them to rapidly cash out the company accounts. The ring broke into businesses and stole computer equipment which they then used to hack into the company’s network. The men outfitted at least one vehicle with high tech equipment, including extensive antennas, allowing them to search for wireless networks they could use both for hacking or to hide their ‘digital fingerprints’ when they accessed a company network. The steps they took to hide their identities led to innocent third parties or company employees being suspected and interviewed by law enforcement. From one Renton, Washington, business the men hacked in and stole the personal information of more than 50 employees.
The charges contained in the indictment are only allegations. A person is presumed innocent unless and until he or she is proven guilty beyond a reasonable doubt in a court of law.
U.S. Attorney Durkan thanked the victim companies for quickly reporting suspicious activity on their networks. The U.S. Attorney and law enforcement provided tips for businesses to protect against being a victim:
• Businesses should review their wireless encryption and confirm that they are using the appropriate level of encryption (WPA2 Personal or WPA Enterprise).
• Businesses should keep a record of all laptop computers and ensure that any computers with remote access are encrypted. Any missing laptop computers should have passwords and credentials replaced immediately.
• Businesses should be aware of hacking that can occur from physical access to the server room as well as from external hacking.
• Employees should never click past security certificate warning screens and should notify I.T. immediately.
• Managers should be aware of “watercooler” talk among employees that may indicate a breach has occurred. This includes numerous employees complaining of fraud on personal accounts.
• Businesses should ensure that they have a security response plan prepared in the event that some kind of incident does occur.
• If you notice suspicious activity, contact your local law enforcement agency. You can make a referral to the U.S. Secret Service Electronic Crimes Task Force.
The case was investigated by the U.S. Secret Service Electronic Crimes Task Force comprised of officers and agents from the Seattle Police Department, King County Sheriff’s Department, Kirkland Police Department, Bellevue Police Department, and Lynnwood Police Department. Significant additional assistance was provided by the Redmond, Renton, Woodinville and Bothell Police Departments.
The case is being prosecuted by Assistant United States Attorney Kathryn Warma.
For additional information please contact Emily Langlie, Public Affairs Officer for the United States Attorney’s Office, at (206) 553-4110 or Emily.Langlie@USDOJ.Gov.