Hackers Infiltrated Mortgage Company

A recently closed California hacking and identity theft case sadly illustrates the misery that can be visited on unsuspecting victims when their personal information is compromised.

Between 2011 and 2014, four U.S. citizens who resided in San Diego—but carried out their crimes from across the Mexican border in Tijuana—hacked the computer servers of major U.S. mortgage brokers, stealing detailed loan application information from thousands of customers and then using the victims’ Social Security numbers, addresses, dates of birth, and driver’s license numbers to open unauthorized lines of credit and take over and drain victims’ retirement accounts.

“The damage crimes like these have on victims, the economy, and society in general are significant,” said Special Agent Chris Christopherson, who investigated the case from the FBI’s San Diego Division. “Individuals had their finances wrecked and their credit destroyed, through no fault of their own. For many of them,” he added, “the impacts are still being felt.”

One of the fraudsters in the conspiracy, John Baden, was the chief hacker. He infiltrated mortgage companies using a common hacking technique known as “fuzzing,” which works by overloading a web server with massive amounts of data that can lead to the server revealing security loopholes.

Once Baden had access to victims’ information, he and his conspirators, Victor Fernandez, Jason Bailey, and Joel Nava, went to work. Fernandez—the group’s ringleader—identified multiple victims’ brokerage accounts and took control of them by calling the companies and providing the victims’ personal information to change passwords and contact information. Then it was simple for him and his conspirators to wire funds—sometimes up to $30,000 at a time—from the victims’ accounts to accounts they controlled.

Victims stretched from California to Florida, and one individual lost nearly $1 million in the scheme, Christopherson said. A second part of the scheme involved extensive credit fraud. The criminals used victims’ detailed personal information to set up bogus lines of credit and retail credit card accounts to which they charged thousands of dollars for goods and services. Most of the proceeds from the sale of items in these crimes were used to buy drugs.

Read More