On Q Professional Investigations

Before today no one thought it was possible to successfully break a 923-bit code. And even if it was possible, scientists estimated it would take thousands of years.

However, over 148 days and a couple of hours, using 21 computers, the code was cracked.

Working together, Fujitsu Laboratories, the National Institute of Information and Communications Technology, and Kyushu University in Japan announced today that they broke the world record for cryptanalysis using next-generation cryptography.

“Despite numerous efforts to use and spread this cryptography at the development stage, it wasn’t until this new way of approaching the problem was applied that it was proven that pairing-based cryptography of this length was fragile and could actually be broken in 148.2 days,” Fujitsu Laboratories wrote in a press release.

Using “pairing-based” cryptography on this code has led to the standardization of this type of code cracking, says Fujitsu Laboratories. Scientists say that breaking the 923-bit encryption, which is 278-digits, would have been impossible using previous “public key” cryptography; but using pairing-based cryptography, scientists were able to apply identity-based encryption, keyword searchable encryption, and functional encryption.

Researchers’ efforts to crack this type of code is useful because it helps companies, governments, and organizations better understand how secure their electronic information needs to be.

“The cryptanalysis is the equivalent to spoofing the authority of the information system administrator,” Fujitsu Laboratories wrote. “As a result, for the first time in the world we proved that the cryptography of the parameter was vulnerable and could be broken in a realistic amount of time.”

Researchers from NICT and Hakodate Future University hold the previous world record for code cracking, which required far less computer power. They managed to figure out a 676-bit, or 204-digit, encryption in 2009.

Read more

The prospect that thousands of drones could be patrolling U.S. skies by the end of this decade is raising the specter of a Big Brother government that peers into backyards and bedrooms.

The worries began mostly on the political margins, but there are signs that ordinary people are starting to fret that unmanned aircraft could soon be circling overhead.

Jeff Landry, a freshman Republican congressman from Louisiana’s coastal bayou country, said constituents have stopped him while shopping at Walmart to talk about it.

“There is a distrust amongst the people who have come and discussed this issue with me about our government,” Landry said. “It’s raising an alarm with the American public.”

Another GOP freshman, Rep. Austin Scott, said he first learned of the issue when someone shouted out a question about drones at a Republican Party meeting in his Georgia congressional district two months ago.

An American Civil Liberties Union lobbyist, Chris Calabrese, said that when he speaks to audiences about privacy issues generally, drones are what “everybody just perks up over.”

“People are interested in the technology, they are interested in the implications and they worry about being under surveillance from the skies,” he said.

The level of apprehension is especially high in the conservative blogosphere, where headlines blare “30,000 Armed Drones to be Used Against Americans” and “Government Drones Set to Spy on Farms in the United States.”

When Virginia Gov. Bob McDonnell, a Republican, suggested during an interview on Washington radio station WTOP last month that drones be used by police domestically since they’ve done such a good job on foreign battlefields, the political backlash was swift. NetRightDaily complained: “This seems like something a fascist would do. … McDonnell isn’t pro-Big Government, he is pro-HUGE Government.”

John Whitehead, president of the Rutherford Institute of Charlottesville, Va., which provides legal assistance in support of civil liberties and conservative causes, warned the governor, “America is not a battlefield, and the citizens of this nation are not insurgents in need of vanquishing.”

There’s concern as well among liberal civil liberties advocates that government and private-sector drones will be used to gather information on Americans without their knowledge. A lawsuit by the Electronic Frontier Foundation of San Francisco, whose motto is “defending your rights in the digital world,” forced the Federal Aviation Administration earlier this year to disclose the names of dozens of public universities, police departments and other government agencies that have been awarded permission to fly drones in civilian airspace on an experimental basis.

Giving drones greater access to U.S. skies moves the nation closer to “a surveillance society in which our every move is monitored, tracked, recorded and scrutinized by the authorities,” the ACLU warned last December in a report.

The anxiety has spilled over into Congress, where a bipartisan group of lawmakers have been meeting to discuss legislation that would broadly address the civil-liberty issues raised by drones. A Landry provision in a defense spending bill would prohibit information gathered by military drones without a warrant from being used as evidence in court. A provision that Rep. Rush Holt, D-N.J., added to another bill would prohibit the Homeland Security Department from arming its drones, including ones used to patrol the border.

Scott and Sen. Rand Paul, R-Ky., have introduced identical bills to prohibit any government agency from using a drone to “gather evidence or other information pertaining to criminal conduct or conduct in violation of a regulation” without a warrant.

“I just don’t like the concept of drones flying over barbecues in New York to see whether you have a Big Gulp in your backyard or whether you are separating out your recyclables according to the city mandates,” Paul said in an interview, referring to a New York City ban on supersized soft drinks.

He acknowledged that is an “extreme example,” but added: “They might just say we’d be safer from muggings if we had constant surveillance crisscrossing the street all the time. But then the question becomes, what about jaywalking? What about eating too many donuts? What about putting mayonnaise on your hamburger? Where does it stop?”

Calabrese, the ACLU lobbyist, called Paul’s office as soon as he heard about the bill.

“I told them we think they are starting from the right place,” Calabrese said. “You should need some kind of basis before you use a drone to spy on someone.”

In a Congress noted for its political polarization, legislation to check drone use has the potential to forge “a left-right consensus,” he said. “It bothers us for a lot of the same reasons it bothers conservatives.”

The backlash has drone makers concerned. The drone market is expected to nearly double over the next 10 years, from current worldwide expenditures of nearly $6 billion annually to more than $11 billion, with police departments accounting for a significant part of that growth.

“We go into this with every expectation that the laws governing public safety and personal privacy will not be administered any differently for (drones) than they are for any other law enforcement tool,” said Dan Elwell, vice president of the Aerospace Industries Association.

Discussion of the issue has been colored by exaggerated drone tales spread largely by conservative media and bloggers.

Scott said he was prompted to introduce his bill in part by news reports that the Environmental Protection Agency has been using drones to spy on cattle ranchers in Nebraska. The agency has indeed been searching for illegal dumping of waste into streams but is doing it the old-fashioned way, with piloted planes.

In another case, a forecast of 30,000 drones in U.S. skies by 2020 has been widely attributed to the FAA. But FAA spokeswoman Brie Sachse said the agency has no idea where the figure came from. It may be a mangled version of an aerospace industry forecast that there could be nearly 30,000 drones worldwide by 2018, with the United States accounting for half of them.

Fear that some drones may be armed has been fueled in part by a county sheriff’s office in Texas that used a homeland security grant to buy a $300,000, 50-pound ShadowHawk helicopter drone for its SWAT team. The drone can be equipped with a 40mm grenade launcher and a 12-gauge shotgun. Randy McDaniel, chief deputy with the Montgomery County Sheriff’s Office, told The Associated Press earlier this year his office had no plans to arm the drone, but he left open the possibility the agency may decide to adapt the drone to fire tear gas canisters and rubber bullets.

Earlier this year Congress, under pressure from the Defense Department and the drone manufacturers, ordered the FAA to give drones greater access to civilian airspace by 2015. Besides the military, the mandate applies to drones operated by the private sector and civilian government agencies, including federal, state and local law enforcement.

Reps. Ed Markey, D-Mass, and Joe Barton, R-Texas, co-chairs of a congressional privacy caucus, asked the FAA in April how it plans to protect privacy as it develops regulations for integrating drones into airspace now exclusively used by aircraft with human pilots. There’s been no response so far, but Acting FAA Administrator Michael Huerta will probably be asked about it when he testifies at a Senate hearing Thursday.

Even if the FAA were to establish privacy rules, it’s primarily a safety agency and wouldn’t have the expertise or regulatory structure to enforce them, civil liberties advocates said. But no other government agency is addressing the issue, either, they said.

Read more

The overwhelmingly successful results of the new microstamping study prove that this important technology belongs in the hands of law enforcement to help them catch violent criminals. Conducted by forensic firearm and scientific experts, the peer reviewed independent study showed that all 6 of the microstamped numbers and letters on an expended shell casing could be correctly identified 87% of the time.

Experts agree that for the more than 11,000 firearm aggravated assaults that have gone unsolved over the last 10 years in New York, microstamping will be an invaluable tool for law enforcement.

Here is an excerpt from the study:

“microstamping could enable tracking of fired cartridges in an efficient and timely manner.”

More than 80 police departments and law enforcement organizations from across New York support microstamping. Law enforcement officials are standing up to call for microstamping as it is ready as an effective and useful investigative tool to solve gun crimes.
Syracuse Police Chief Frank Fowler said, “Microstamping is an important tool that law enforcement across New York want and need. Connecting crime scene shell casings to the shooter will help us catch violent criminals, establish trafficking patterns and increase forensic intelligence. The overwhelmingly successful results of this new study confirm that microstamping is a tool that belongs in the hands of law enforcement today in order to keep our streets safe. I hope that this study will motivate our elected officials into taking action to pass microstamping this year.”

Read more

Lexington financial crimes detective Gene Haynes swiped a credit card through an innocuous black card reader known as a “skimmer.” Less than a second later, two lines of illuminating text showed up in a Microsoft Word document on his computer screen.

The mishmash of numbers and symbols was the visual representation of all the information stored on the card’s magnetic strip.

“That’s all it takes” for a credit card to be compromised, he said.

The information then can be emailed or downloaded over the Internet and rewritten onto any card with a magnetic strip, such as gift cards or hotel keys. While the victim’s credit card is still in his or her possession, someone could be using a perfect replica hundreds of miles away.

“Suddenly they’ve got a physical asset that they can use to shop in stores,” said John Sileo, a Denver-based author and speaker on identity theft and financial crimes. “There’s not much you can do. They can spend on it until you figure it out or until the credit card company catches it.”

The process, called “cloning,” accounts for much of the growth in credit card fraud during the past few years, officials said. According to a Javelin Strategy and Research report, credit card fraud has increased 87 percent since 2010, culminating in aggregate losses of $6 billion nationwide.

Credit card cloning is easy and lucrative, accounting for its popularity, said Sileo, who founded the Web site Thinklikeaspy.com. For example, an unscrupulous restaurant waiter with a pocket skimmer might be able to steal information from hundreds of customers a week, selling that information to those with the means to encode fake credit cards.

Battery-powered skimmers can be carried in a pocket or hung inconspicuously over card slots at gas pumps and ATMs, copying information as customers swipe cards to pay for gas or withdraw cash.

People whose cards are skimmed might not know for weeks or months that their information has been stolen. Once someone realizes it, the account usually is closed quickly. Savvy crooks know to rack up major bills just as fast.

Two financial crimes detectives in Lexington primarily investigate credit card fraud. Detectives Mike Helsby and Larry Kinard each take about 50 reports of credit card fraud a month, they said. Among those, cases involving cloned credit cards are most troublesome because there is little Lexington police can do, Helsby said.

If a cloned card is used outside Lexington, police do not have the authority to investigate it.

“We don’t like to take reports here for people whose cards have been used outside of our jurisdiction, because all it does is inflate our numbers,” he said. “There is nothing we can do. We can’t call California and request (surveillance) video, and even if we got it, we can’t place charges.”

Instead, interstate credit card fraud should be reported to the Internet Crime Complaint Center, or IC3, a partnership between the FBI and National White Collar Crime Center. Most, if not all, banks and lending institutions accept reports from the IC3 in lieu of a police report when victims are disputing fraudulent charges, Haynes said.

Online reports may be submitted at IC3.gov, by clicking on “file a complaint” on the home page. When following the prompts, victims should select “identity theft” as the type of incident they are reporting. (Many states consider credit card fraud a form of identity theft, though Kentucky doesn’t, detectives said.)

IC3 aggregates data submitted and can cross-check it to find a point of compromise. For example, they might discover 500 fraudulent credit cards were used at the same gas station in Lexington, and they can forward that information to Lexington police, who then can investigate further.

However, given the lengthy paper trails that can complicate fraud investigations, the best defense is never to have your credit or debit card compromised. Detectives offered the following tips:

■ Don’t carry more credit cards than you need.

■ Check card readers at self-serve gas pumps, ATMs or other machines for obvious card skimmers.

■ Don’t let your credit card out of your sight for any longer than necessary when paying for items or meals.

■ Check your bank history often. Most banks allow you to check your account online or through apps on smartphones.

■ Take advantage of security measures offered by your bank. For example, some banks allow you to set spending limits that require authorization over certain dollar amounts.

■ Never give anyone the PIN number for your debit card (and don’t write it on or near your card).

■ Pick a random PIN number rather than obvious numbers like your address or phone number.

■ As soon as you notice your wallet or credit card is missing, cancel all your cards.

■ If your card has been stolen or compromised, secure copies of bank statements to provide to police or federal authorities.

Such tips might seem like common sense, but investigators say they’re invaluable to combat a type of crime that affects thousands of people daily and siphons billions of dollars from individuals and financial institutions every year.

Read more

In this day and age, most of us have friends of the opposite sex, whether they are co-workers, casual acquaintances or close confidantes. The question is: how close is too close when you’re in a romantic relationship with someone else? Here are some signs that your so-called friendship may be entering the not-so-gray area of emotional infidelity:

1. You dress up for him. When you buy new clothes or change your hairstyle and wonder what he’ll think (instead of how your partner will react) that’s a danger sign. We all consider our audience when we’re getting ready to go out, but doing so with a particular other in mind — not your significant other — suggests there’s something more here than meets the eye.

2. You lie to your significant other about seeing him. Perhaps you fail to mention an innocent coffee you had with him. You consider it just a small omission, not to be confused with a real lie, when you don’t share it with your significant other. Maybe you even tell yourself you just forgot. If this is the case, you must ask yourself what you’re hiding from your partner and why.

3. You do special things for him that you don’t do for others. You give him that cute card that perfectly captures how you feel about your friendship, or the little knickknack from your last trip which you imagine him placing on his desk. It seems innocent enough, but they are little reminders of you and invitations to reciprocate. What are your true intentions about this relationship and this person?

4. You’re spending more and more time away from home and/or your significant other. Late nights at the office are starting to add up. Long lunches are becoming routine. When you really think about it, you can see you’re trying to increase your opportunity to spend time with him at the expense of the time you spend with your significant other. What is all this time with him really about?

5. Your electronic communications are increasingly devoted to your non-significant other. You can’t wait to surreptitiously check your phone to see the latest text from him. You’re up in the middle of the night on Facebook. When the balance of who you communicate with tips away from your significant other toward someone else, it’s a sure sign of trouble in both relationships.

Read more

Female customers who shopped at a Sears store in North Hollywood, Calif., over the past three years may have been videotaped in the dressing rooms and restrooms, according to an attorney representing 25 women suing the retail chain.

The group is suing Sears and a former maintenance worker who allegedly videotaped them from 2009 to April 2012.

Michael Alder, the attorney for the plaintiffs, said an unknown number of female customers were also likely videotaped in the store during that period.

“There’s a lot of people who were patrons and don’t have any idea that they’ve been videotaped,” Alder said.

Alejandro Gamiz, 27, a maintenance worker who worked at Sears for seven years, who is accused of placing hidden cameras behind the walls of the store. He was arrested on April 12 for burglary and surreptitious filming of unsuspecting women by North Hollywood Area Sexual Assault detectives. Gamiz posted $20,000 bail and was released from custody.

The Los Angeles District Attorney’s office is still reviewing the case and has not yet filed charges against Gamiz. Gamiz did not return a request for comment.

Krystel Dean, an employee and one of the plaintiffs, said she was “shocked” when she learned of the secret videotaping.

“My heart immediately sank,” she said. “Not only have I used the restroom and dressing rooms, but my small children have used them as well. I feel like our privacy has been invaded.”

Dean is also suing Sears in the same suit for retaliation, saying her employer cut her work hours after she was the first to hire an attorney and speak to the media about the the alleged taping.

Of the women filing the lawsuit against Sears, 16 are employees while the other nine are store customers who believe they may have been taped, including four children. The plaintiffs’ last names, including Dean’s, were not included in the lawsuit.

The group filed a lawsuit against Sears on June 11 in the Los Angeles Superior Court, asking for unspecified compensatory and punitive damages for unpaid wages, mental and emotional distress, and attorney fees and costs, among other damages.

The plaintiffs said Sears knew or should have known that Gamiz had installed video equipment and created peep holes within the three years he had set up the equipment. They are suing Sears for invasion of privacy, intentional infliction of emotional distress, hostile work environment harassment, and negligent hiring, supervision, retention, among other charges.

Alder has invited other female patrons or employees who were in the dressing rooms or bathroom of the North Hollywood store in the three years before Gamiz was arrested to contact his law firm and visit the special website his law firm has established, SearsPeepingTom.com.

“As information gets out, they will realize they frequented that Sears for the last three years and undressed,” he said.

Kimberly Freely, spokeswoman for Sears Holding Corp., said the company could not comment because the litigation is pending.

“But as we said previously, and with all due respect to the associates who may have been impacted by this incident, no member of management or leadership in the company had any prior knowledge of the accused’s alleged conduct until it was discovered in our store,” she said. “At that point, we immediately launched an investigation and turned the matter over to the police.”

The lawsuit states that Gamiz created “peep holes” in women’s restrooms and dressing rooms, and children’s dressing rooms too. He then installed video equipment to record the women and children. He uploaded some of the videos to the Internet, according to the lawsuit, on a site that police have since been taken down.

The plaintiffs accuse Sears of turning a “blind eye” to Gamiz’s “suspicious behavior” during the course of his employment. The suit states that he “regularly and frequently purported to be performing maintenance” in the restrooms and dressing rooms, air ducts and crawl spaces, and “close off access to these areas” when “no maintenance was required, requested or necessary.”

Alder said Sears informed employees that video on Gamiz’s hard drive had been reviewed, and that the women were in some of the recordings. Alder is seeking access to the videotapes and hard drive that were confiscated by the police.

Read more

There it was on video: Five heavily armed policemen barge into a hotel in western Mexico before dawn and march out with three handcuffed men in underwear.

But police weren’t making an arrest. Prosecutors say they apparently were taking orders from criminals. Just hours after the three were seized, they were found asphyxiated and beaten to death.

Mexicans have become inured to lurid tales of police collaboration with narcotics gangs during 5 ½ years of a drug war that has cost more than 47,500 lives. But seldom can they actually see it occur, and the video broadcast on national television was a shocker.

“One assumes that in some cities … the municipal police work for the drug cartels,” said Jorge Chabat an expert on security and drug trafficking at the Center for Economic Research and Teaching. “But what is different here is that there is a video. It’s not the same thing to imagine that this going on, and to see it.”

The Jan. 20 video released by prosecutors late Wednesday shows a police truck pulling up to the hotel in the city of Lagos de Moreno, quickly followed by a pickup carrying four armed men in civilian clothing. A city policeman carrying an assault rifle runs over to their truck and is given what appears to be a list. Then he and his fellow officers trot into the hotel and present the list at the reception desk, apparently asking what rooms the men are staying in.

In the next segment of the video, the victims are trotted out of the hotel in their underwear with their hands cuffed behind their backs. One is being hustled along by a man in civilian dress, who stuffs him into a patrol car. The gunmen — police are investigating whether they belong to the Jalisco New Generation drug gang — appear to be calling the shots throughout, with the police officers serving as gofers.

The police then watch and wait in front of the hotel while the men’s luggage and vehicle are stolen. Finally, the police truck carrying the victims follows the gunmen as they drive away in the own pickup and the stolen vehicle.

While the kidnapping and murder occurred in January, and the faces of several officers were clearly seen on the videos, the officers were not detained until June 6, when soldiers and state police raided a local police station. And they still have not been formally charged with any crime.

“It took time to obtain the video tapes, to do the investigation, and to get the arrest warrants,” said Jalisco state prosecutor’s spokesman Lino Gonzalez said Thursday. “We didn’t have the information.”

In any case, the release of the dramatic images comes less than three weeks before national and state elections in which security is a major issue. Critics accuse President Felipe Calderon of setting off a bloodbath with his strategy against gangs, while his party’s presidential candidate, Josefina Vazquez, has suggested her opponents are ready to compromise with the cartels.

Jalisco is governed by Calderon’s party. The man who was mayor of Lagos de Moreno when the video was shot is now a rival party’s candidate for the state legislature.

Gonzalez said that so far, seven policemen and officials of the municipal police force of Lagos de Moreno have been detained pending charges. And state Attorney General Tomas Coronado said the four men in civilian clothing also have been detained separately in other cases. He declined to say what gang they might belong to.

There are still mysteries surrounding the case, including whether the gunmen thought the victims were members of a rival drug cartel. The victims were from the northern state of Coahuila, where the hyperviolent Zetas cartel has been battling the Sinaloa cartel, allies of the local Jalisco Nueva Generacion gang.

Gonzalez said the victims, before checking into the hotel, had been briefly detained by police at the local jail for a minor infraction. They paid a fine and were released. But while in custody, “They said something indiscrete,” Gonzalez said. “Apparently they said something like ‘We’re from Coahuila, and we’re part of the mafia.’”

It’s not unusual in Mexico for detainees to boast about their connections, hoping to press corrupt police to release them.

This time, however, it backfired.

“Apparently, somebody at the jail heard the comment, and reported it to the real criminals,” Gonzalez said.

Coronado told local media the men had claimed to be Zetas.

Gonzalez said it has never been proved the kidnapped men were gang members. They may have just been in Lagos de Moreno collecting the rent on a ranch, and they are being treated simply as victims.

Chabat noted that corruption has reached so deep that in 2010 in the northern state of Nuevo Leon, seven local police officers in the town of Santiago were arrested on allegations they were working for the Zetas drug gang and that they kidnapped and killed the town’s Mayor, Edelmiro Cavazos, in retaliation for his attempts to cut corruption.

“There are police officers who kill the mayors they are supposed to protect,” Chabat said. But this week’s video “is cause for despair,” he said. “It gives rise to the feeling that this is not going to be solved in the short term.”

Read more

Beware of scam text messages that could affect cell phones with malware and make personal information accessible to thieves.

Attorney General Chris Koster warned Missourians about recent activity by identity thieves to steal information by offering fake prizes like Walmart or Costco gift cards.

According to Koster, these scam text messages ask the consumer to click a link to claim their prize. Unfortunately, when the consumer clicks the link, her cell phone is automatically infected with malware that allows identity thieves access to personal information, such as social security numbers and bank information. Koster said this scam is called “smishing.”

“My office is seeing a lot of illegitimate text messages promising free gift cards. We are warning Missourians not to fall for these scams and not to open the link in the text message,” Koster said. “You should never open a link in a text or email unless you know the sender very well and trust that he or she would only send you safe links.”

Koster said if consumers are ever in doubt as to whether to open a link, they should just delete it.

Koster also suggested consumers consider putting “security freezes” on their credit reports. Missouri law allows Missouri residents to notify credit reporting agencies not to give any business or person your credit information unless you so authorize. If you have a freeze on your account, thieves who steal your information will not be able to open credit accounts in your name. There is a small fee to set up the security freeze, limited by law to $5. If you have already been a victim of identity theft, there is no fee.

To place a freeze on your report, contact each credit agency at: Equifax, Trans Union, or Experian.

Read more

In an international hacking case, a Dutch man appeared in U.S. federal court today and pled not guilty to stealing at least 44,000 credit card numbers, according to the Associated Press.

Apparently, this is just the tip of the iceberg.

David Benjamin Schrooten, aka “Fortezza,” is being targeted by federal prosecutors for allegedly hacking into computers and stealing massive amounts of credit card numbers. Once he obtained the numbers, he allegedly sold them in bulk quantities via different Web sites. The 44,000 is reportedly from just one sale.

Police caught onto Schrooten’s alleged heist last November after a Seattle restaurant owner contacted the police. According to the Associated Press, several customers who ate at the restaurant got suspicious charges on their cards. Some were even getting charged $70 to $80 in as little as 10 minutes after using their cards at the restaurant.

Local and federal authorities eventually caught onto the trail of one of Schrooten’s alleged partners, Christopher A. Schroebel, 21, who was living in Maryland. According to the Associated Press, Schroebel put spying malware in the sales systems of dozens of business. Investigators said that the two alleged hackers worked together to create Web sites to sell the credit card numbers.

Schroebel was arrested in November and pled guilty to federal charges last month. His sentence is not yet set.

As for Schrooten, who is also 21, he was arrested in Romania and landed in Seattle on Saturday to attend his hearing in court today. He is being charged with access device fraud, identity theft, and 12 other federal counts. Police told the Associated Press that the investigation into Schrooten’s cybercrime ring is ongoing.

“People think that cyber criminals cannot be found or apprehended. Today we know that’s not true. You cannot hide in cyberspace,” U.S. Attorney Jenny A. Durkan said at a news conference, according to the Associated Press. “We will find you. We will charge you. We will extradite you and we will prosecute you.”

Read more

An Oregon woman is on the hook for what Internal Revenue Service investigators are calling one of the largest cases of tax fraud in the state’s history.

Krystle Marie Reyes, of Salem, Ore. allegedly weaseled more than $2 million from the state by filing a false return using automated TurboTax software, according to a police report obtained by Oregon Live.

Reyes, 25, reported $3 million in wages and claimed $2.1 million in refunds, which worked its way through TurboTax’s system and was approved by the state. Soon enough, a Visa debit card loaded with the refund was in her hands.

What’s bizarre about the situation is how Reyes was caught. She reported another debit card as lost or stolen to the issuer, which apparently saw enough red flags to get the state’s revenue service on the case. The police affidavit doesn’t offer say how much cash was loaded on the second card or whether it was obtained by a fraudulent tax return as well.

When Reyes was taken into custody June 6, she had allegedly spent about $150,000 over a two-month period, including $2,000 on a Dodge Caravan and more than $800 in tires and wheels, according to police. It’s not clear from the report where the rest of the cash went, though it says she spent tens of thousands of dollars per week.

Her case underscores the debate over whether the IRS should issue refunds via debit cards. On one hand, they’re a boon to unbanked Americans who can’t rely on direct deposits for speedy returns.

But that also means fraudsters can get their hands on cash faster than authorities can catch them. Reyes was running around Salem for two months before authorities cottoned on – and that was only after she practically served herself up on a silver platter by reporting the card stolen.

Oregon may have its own issues to sort out – the state reported $559 million in delinquent taxes in 2010 alone, according to Oregon Live – but tax fraud is running rampant nationwide.

The IRS counted more than 900,000 fraudulent tax returns in 2011 that totaled $6.5 billion – and that’s only counting returns that weren’t actually issued. The IRS told CNN earlier this year it couldn’t estimate how much cash has been doled out to scammers.

Read more