Hackers Infiltrated Mortgage Company

A recently closed California hacking and identity theft case sadly illustrates the misery that can be visited on unsuspecting victims when their personal information is compromised.

Between 2011 and 2014, four U.S. citizens who resided in San Diego—but carried out their crimes from across the Mexican border in Tijuana—hacked the computer servers of major U.S. mortgage brokers, stealing detailed loan application information from thousands of customers and then using the victims’ Social Security numbers, addresses, dates of birth, and driver’s license numbers to open unauthorized lines of credit and take over and drain victims’ retirement accounts.

“The damage crimes like these have on victims, the economy, and society in general are significant,” said Special Agent Chris Christopherson, who investigated the case from the FBI’s San Diego Division. “Individuals had their finances wrecked and their credit destroyed, through no fault of their own. For many of them,” he added, “the impacts are still being felt.”

One of the fraudsters in the conspiracy, John Baden, was the chief hacker. He infiltrated mortgage companies using a common hacking technique known as “fuzzing,” which works by overloading a web server with massive amounts of data that can lead to the server revealing security loopholes.

Once Baden had access to victims’ information, he and his conspirators, Victor Fernandez, Jason Bailey, and Joel Nava, went to work. Fernandez—the group’s ringleader—identified multiple victims’ brokerage accounts and took control of them by calling the companies and providing the victims’ personal information to change passwords and contact information. Then it was simple for him and his conspirators to wire funds—sometimes up to $30,000 at a time—from the victims’ accounts to accounts they controlled.

Victims stretched from California to Florida, and one individual lost nearly $1 million in the scheme, Christopherson said. A second part of the scheme involved extensive credit fraud. The criminals used victims’ detailed personal information to set up bogus lines of credit and retail credit card accounts to which they charged thousands of dollars for goods and services. Most of the proceeds from the sale of items in these crimes were used to buy drugs.

Read More

State-Sponsored Cyber Theft

Nine Iranian citizens—working at the behest of the government of Iran—have been charged in a massive computer hacking campaign that compromised U.S. and foreign universities, private companies, and U.S. government entities, including the Department of Labor and the Federal Energy Regulatory Commission.

The hackers were affiliated with the Mabna Institute, an Iran-based company created in 2013 for the express purpose of illegally gaining access to non-Iranian scientific resources through computer intrusions. Members of the institute were contracted by the Islamic Revolutionary Guard Corps—one of several entities within the Iranian government responsible for gathering intelligence—as well as other Iranian government clients.

During a more than four-year campaign, these state-sponsored hackers “compromised approximately 144 U.S.-based universities and 176 foreign universities in 21 countries,” said FBI Deputy Director David Bowdich during a press conference today at the Department of Justice in Washington to announce the indictments. When the FBI learned of the attacks, he said, “we notified the victims so they could take action to minimize the impact. And then we took action to find and stop these hackers.”

Initially, the cyber criminals used an elaborate spearphishing campaign to target the e-mail accounts and computer systems of their victims, which in addition to the universities included nearly 50 domestic and foreign private-sector companies, the states of Hawaii and Indiana, and the United Nations.

According to the indictments unsealed today in a Manhattan federal court, the hackers stole more than 30 terabytes of academic data and intellectual property—roughly three times the amount of data contained in the print collection of the Library of Congress.

“Their primary goal was to obtain user names and passwords for the accounts of professors so they could gain unauthorized access and steal whatever kind of proprietary academic information they could get their hands on,” said a special agent who investigated the case from the FBI’s New York Division. “That information included access to library databases, white papers, journals, research, and electronic books. All that information and intellectual property was provided to the Iranian government,” he added.

Read More

Crooked Michigan Doctor Sentenced

From 2010 to 2015, Advanced Care Services (ACS), located in Southfield, Michigan—a suburb of Detroit—billed itself as a pain management clinic and HIV infusion center that primarily served Medicare recipients.

But as it turned out, ACS wasn’t serving anyone but itself. It was nothing more than a pill mill involved in the illegal sale and distribution of dangerous prescription medications, including opioids, into nearby communities. And if that wasn’t bad enough, ACS was also involved in a related multi-million-dollar health care fraud scheme. The lone doctor employed at the facility, Rodney Moret, personally enabled both of these conspiracies through his actions at the clinic.

Fortunately, law enforcement ultimately uncovered the actions of Moret and his four co-conspirators, and he was sentenced last month to a federal prison term on various drug and health care fraud charges after previously pleading guilty. Moret’s associates have also pleaded guilty in connection with their roles in the criminal activity and have been sentenced. All five were ordered to pay more than $2.5 million in restitution.

And ACS—a clinic that ostensibly offered medical care for a vulnerable population but instead broke its promise to the communities it served—was put out of business.

According to FBI case agent Larissa Kramer, the Bureau’s Detroit Field Office opened an investigation into ACS in December 2011 after receiving a referral from the Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) concerning suspicious billings from a Dr. Rodney Moret. “Shortly after that,” Kramer explained, “an ongoing Detroit investigation into another pill mill led directly to the doorstep of Advanced Care Services, Moret’s employer. And our case, run jointly with HHS-OIG investigators, took a new direction.”

Kramer said that a variety of investigative techniques—including confidential informants, consensual recordings, analysis of financial records, and interviews with ACS employees and patients—uncovered the breadth and depth of the fraudulent activity being perpetrated by Moret and company.

Read More

Child Sexual Exploitation Ring Collaborative

In late 2015 through early 2016, vulnerable girls as young as 14 and 16 were being exploited as part of a sex trafficking ring run by a group of conspirators in Ohio and Indiana.

But thanks to a joint law enforcement effort conducted by the FBI-led Toledo Child Exploitation Task Force, the ringleader of the conspiracy as well as the other six participants were eventually brought to justice and sentenced to lengthy federal prison terms.

The case started in December 2015, when the Lima (Ohio) Police Department began investigating allegations of human trafficking and forced prostitution involving a juvenile victim. One of the Lima officers who originally interviewed the victim was also a member of the Child Exploitation Task Force. That officer—based on his previous task force experiences—understood that the interstate aspects of the case made it a good candidate for federal jurisdiction, which often results in enhanced investigative resources and stronger criminal justice penalties.

So the case was referred to the task force—specifically to Special Agent Devon Lossick, the task force coordinator who works out of the FBI Cleveland Division’s Toledo Resident Agency.

According to Lossick, Lima resident Lorenzo Young was the leader of the group and was assisted, in varying degrees, by his longtime friend Aundre Davis, as well as by his girlfriend, mother, and three acquaintances.

“Members of the conspiracy would go after vulnerable and trusting young girls—usually runaways and others estranged from their families—by promising them money and then coaxing them into posing for sexually explicit photos,” Lossick explained. The photos would be posted to the adult entertainment sections of a classified ads website; when interested customers reached out, the girls would be transported to apartments in Lima or to motel rooms in nearby Fort Wayne across the Indiana state line.

“And the financial proceeds of the transactions would go straight into the pockets of Young and his co-conspirators,” said Lossick.

Once the task force was on the case, investigators began to question some of the victims, gathered motel records and receipts, reviewed video surveillance, and conducted physical surveillance and court-authorized electronic surveillance on the suspects.

Read More

Two Sentenced in $10 Million Investment Fraud Scheme

The victims’ stories of losing their retirement savings in a $10 million investment fraud scheme were heartbreaking: some lost their homes, some had to declare bankruptcy, and many suffered—and continue to suffer—from physical and emotional ailments upon learning they had virtually nothing left to retire with.

The fraudsters responsible for this fallout—who lined their own pockets with the hard-earned money of working people trying to save for their golden years—were Merrill Robertson and Sherman Carl Vaughn, Jr., two Virginia businessmen. After a joint federal law enforcement investigation into the pair’s Ponzi-like scheme, the two were ultimately brought to justice for their crimes against more than 60 victims in multiple states. In light of Robertson’s earlier conviction at trial and Vaughn’s previous guilty plea, Robertson was recently sentenced to 40 years in prison, and Vaughn—who testified at Robertson’s trial—received 12 years. The men were also ordered to pay nearly $9 million in restitution to their victims.

Robertson is a former University of Virginia football star who had worked for a large broker-dealer and was licensed as a broker. Vaughn had a business degree from another Virginia college but has never been licensed as a broker. Together, in 2010, the pair formed Cavalier Union Investments, LLC, which claimed to be a “leading private investment firm” catering to IRA account holders and offering investment opportunities—with fixed annual returns of 10 to 20 percent—in restaurants, real estate, and alternative energy. Cavalier purportedly had a variety of divisions, investment funds, and investment advisers.

But in reality, Cavalier did not have any divisions, investment funds, or investment advisers—it was just Robertson and Vaughn. And what a pair they were—Robertson no longer had his broker’s license, and Vaughn had filed for personal bankruptcy four times, including the two times he did it while working at Cavalier. Shortly after the company was formed, Cavalier became insolvent and relied on cash from newer investors to stay afloat and pay back older investors who asked for their money back—the perfect Ponzi scheme, at least for a while.

Read More

Feds bust twin brothers from the Bronx for trying to build bombs

Bronx NY Cops have busted twin brothers from the Bronx for allegedly stockpiling explosive materials and crafting bombs inside their home — with help from high school students.

Christian Toro, a former teacher at Harlem Prep, and his brother, Tyler Toro, were arrested by the FBI on Thursday as part of a joint investigation with the NYPD.

The two 27-year-olds had been forging explosive devices inside their Pelham Parkway apartment since last October — using gunpowder from fireworks as the base for their bomb-making, according to the complaint.

A search of the residence turned up a slew of dangerous chemicals, including 20 pounds of iron oxide and aluminum powder, which form thermite when combined.

A “diary” was also allegedly found — which contained disturbing, handwritten notes, such as “WE ARE TWIN TOROS STRIKE US NOW” and “WE WILL RETURN WITH NANO THERMITE.”

As if that wasn’t enough, federal agents then discovered “a yellow backpack in a living area of the apartment, which contained, among other things, a purple index card with handwriting that reads, ‘UNDER THE FULL MOON THE SMALL ONES WILL KNOW TERROR.”

The complaint, obtained by The Post on Thursday afternoon, outlines numerous allegations against the Toro brothers — including how they’d been researching the 2013 Boston Marathon bombings and paying teens to construct their makeshift weapons.

Christian allegedly met the youths through his job as a teacher and offered to pay them $50 per hour to “break apart fireworks and store the powder that came out of the fireworks in containers,” the complaint says.

Investigators spoke with “multiple students” who said that at least two people had agreed to work for the Toros in exchange for cash.

“Based on the interviews, it appears that the students visited the apartment between in or around October 2017 and in or around early January 2018,” the complaint says.

Authorities were tipped off earlier this year by officials from Harlem Prep after they found instructions on how to construct explosives on Christian’s laptop.

The FBI had launched an investigation back in December after the school received a bomb threat, but they didn’t start probing Christian until after the information was found on his computer.

“This case likely saved many, many lives,” NYPD Commissioner James O’Neill said at a press conference Thursday night.

Read More

Insider Sentenced for Economic Espionage

On July 7, 2016, three days after his fellow Americans had celebrated the nation’s Independence Day, engineer Gregory Allen Justice—who worked for a cleared government contractor in California—was arrested in a hotel room for selling sensitive satellite information to someone he believed was a Russian agent.

Unfortunately for Justice, that foreign agent turned out to be an undercover FBI employee. And this wasn’t the first time that Justice had passed satellite secrets to his “handler”—but it would be his last. He was immediately taken into custody by the FBI on charges of selling proprietary trade secrets and technical data that had been controlled for export from the United States.

Justice had been employed with the government contractor—under its satellite systems program—since 2000. He was assigned to a team working to build and test U.S. military satellites, including projects for the Air Force, Navy, and NASA that involved satellites with communication, navigational, and observational technology.

The trade secrets and other technical data he had access to as part of his job related to areas such as satellite operations testing, firmware installed on satellites, and anti-jamming technology.

After the FBI’s Los Angeles Division opened its investigation into Justice’s activities, a lawful search of his vehicle uncovered handwritten notes containing addresses for the Russian Embassy in Washington, D.C. and the Russian Consulate in San Francisco.

In February 2016, the Bureau’s undercover employee—in the guise of a Russian agent—was able to make contact with Justice, who was more than willing to talk and eventually meet with the employee a total of six times. They first met at a coffee shop and then in various hotel rooms—and each time, Justice turned over a thumb drive with information downloaded from his employer’s computer network. All told, Justice received $3,500 in cash from the undercover employee.

Read More

Stopping Human Trafficking

Jaboree Williams was a pimp and drug dealer who brutally abused and psychologically tortured his victims. And thanks to the joint efforts of the FBI and local law enforcement, he will spend the next 30 years in federal prison.

“He preyed on vulnerable women who were having difficult times in their lives,” said Special Agent Maria Miller, who investigated the case out of the FBI’s Milwaukee Division as part of the office’s Human Trafficking Task Force. “He started by being more of a ‘Romeo’ pimp—he would act like a boyfriend and make them think they were doing this for their future as a couple.”

However, shortly after the women began working for Williams, he would take all or nearly all of their earnings, beat them, and limit their access to food. Williams also took the women’s identification, cell phones, and money to make it difficult for them to escape. When one victim tried to leave, he severely beat her with a belt and threatened to kill her children. With another, he beat her beloved dog to keep her under his control.

The investigation began in 2015 when a woman contacted the Racine Police Department saying she could not find her sister, whose photo appeared on a prostitution website. The police department collaborated with the FBI’s Wisconsin Human Trafficking Task Force to begin an investigation.

Racine Police Department Investigator Neal Lofy, who works human trafficking cases for his department and also serves on the local FBI task force, explained the importance of taking a collaborative approach in human trafficking cases and using the FBI’s available resources, such as administrative subpoenas of prostitution websites.

“Trafficking is a very transient crime; there’s a lot of movement between jurisdictions,” Lofy said. “Partnering with the FBI and having access to FBI databases and records, as well as the ability to travel to other jurisdictions, has been very helpful in these cases. Also, the clarity and penalties of the federal laws, as opposed to individual state laws, ensure convicted human traffickers can receive the punishments they deserve.”

Read More

Online Predator Used Familiar Tactics to Victimize 12-Year-Old Girl

A 32-year-old Georgia man who pretended to be someone else online is behind bars after using familiar predatory tactics to coerce a 12-year-old girl to produce child pornography and send it to him.

The victims of this type of crime—commonly referred to as sextortion—are almost always vulnerable teenagers who are tricked online and then find themselves in a nightmare situation: They are afraid to tell their parents or friends what is happening, and believe complying with their abuser is the only solution.

“The predators typically pretend to be teenagers online and lurk on popular social media sites,” said Special Agent Kevin Orkin, who investigated the case from the FBI’s Atlanta Division. “The victims—striving for attention, maybe having issues with their parents, as teens often do—are easily manipulated.”

The predators establish an online relationship, flirt, and in time convince the victims to send them a sexually provocative picture. “That initial image might not be too incriminating by today’s standards,” Orkin said, but the predators use the image to blackmail the victims. If they don’t send more explicit material, the victims are told, the image will be shared online with their friends and family to humiliate them.

“The victims are too scared to tell anyone what’s going on,” Orkin said, “and before they know it, they are in way over their heads.”

In the case of the Georgia man, Gerardo Uribe, he masqueraded online as a 13-year-old boy, and later as a 25-year-old man. After the young victim sent a partially nude image of herself at his request in 2014, Uribe was eventually able to take over one of her social media accounts by resetting her password and then locking her out.

With access to all her information, including the initial compromising image, Uribe coerced the girl into providing more sexually explicit material—four images that met the federal definition of child pornography.

The girl’s parents discovered the crime and reported it to the local sheriff’s office, which referred the matter to the FBI. Through various investigative methods, Uribe was located in Georgia and charged with child pornography offenses.

He pleaded guilty in August 2017, and in November 2017 was sentenced to 10 years in prison. A Mexican citizen who was living in the United States as a permanent resident, Uribe will be deported after he completes his prison term. Investigators said that Uribe had tried to victimize at least one other girl.

“Sextortion is a growing problem on social media sites,” Orkin said, and although it may be easy to blame the victims of sextortion for the predicament they find themselves in, he explained, “we are talking about children being manipulated by adults. It’s clear that these criminals are preying on their victims and taking advantage of them in the worst way.”

Read More

Theft of Federal Funds for Housing

Alternatives Living, Inc., was a non-profit organization in the New Orleans area with a stated mission of providing affordable housing to the elderly, homeless families, and individuals with mental disabilities. And through the state of Louisiana, the non-profit received funds from the U.S. Department of Housing and Urban Development (HUD) to carry out its noble work—assisting about 660 clients annually, enabling them to live successfully within their communities.

Unfortunately, the chief financial officer (CFO) of Alternatives Living—Rickey Roberson—had another purpose as well: to use some of the funds from HUD, specifically earmarked for needy individuals, for his own personal gain. And as a result, there were clients who were not able to get the services that they needed.

How did this all start? In 2010, HUD had contracted with the state of Louisiana to administer its Community Development Block Grants in order to implement affordable housing programs throughout the state. Alternatives Living was one of the organizations selected by the state to provide housing support services to qualified residents.

However, fast forward to 2015. The Louisiana Legislative Auditor, a state government entity, released a public report which concluded that executives at Alternatives Living may have used public funds for personal gain. Based on that report, the FBI’s New Orleans Field Office—after notifying its partners at HUD’s Office of Inspector General—opened a joint investigation.

And what the FBI and HUD investigators uncovered, after looking into the finances of both Alternatives Living and Roberson personally, seemed to validate the findings of the audit report.

As CFO at Alternatives Living, Roberson was entitled to use the non-profit’s credit cards, and he had signature authority on Alternatives Living bank accounts. He used both payment methods to assist clients, but the accounts were also used to pay for his kids’ cell phone bills and some school tuition as well as personal travel, satellite radio, concert tickets, sports tickets, cruise expenses, repairs to his luxury automobiles, and even medical bills for the family dog.

In June 2016, Roberson was indicted on various charges, and in September 2017, in light of the evidence uncovered during the investigation, he pleaded guilty to theft of federal grant funds and agreed to pay more than $84,000 in restitution. Last month, he was sentenced to a federal prison term.

Read More