5 Notes From the Identity Underground
|
|||
| |||
| |
put your cell number on the fake check and make sure your girlfriend is out in the parking lot answering phone calls. So, the stores got tougher. Now, they started calling 411 first, to determine that the payer was a real listed company, before calling the direct number to verify. This made things harder. But not for the perp nailed by CATCH, who starting his scam by first looking in the paper for rentable office space. Having found an unoccupied office address, he’d call the phone company and claim that his firm—say, ABC Inc.—had moved into it. He’d need a phone number, a fax number, data lines, voicemail, and call-forwarding by end-of-business. When the phone company politely satisfied the request, he called in to the new ABC voice system. He set up a greeting and then automatically had all calls forwarded. To his cell phone. Which his girlfriend would answer in the parking lot. Now he printed “ABC” checks with a real address and an active real phone number that bounced calls back to his cell, and he hit one check-cashing store after another, raking in thousands of dollars. Of course, you could always just park outside a check-cashing store, like another CATCH suspect did, and “borrow” IDs from customers on line. This guy hooked up a scanner to a battery in his car and offered people in line $50 to let him scan their paychecks and return them. He wasn’t interested in their names or signatures. He was looking for the data on the check issuers. Back home, he now had the names, addresses, account numbers, and bank routing numbers of dozens of legitimate employers or public agencies. Print the data of those payers on new checks of his own making, and he could write out checks to himself, come back to the lines later, and cash them. Such systems are fairly lucrative, but they still require just one or two people. CATCH has seen larger operations that require gophers to hit multiple stores or ATMs. Fred likes to tell the story, for instance, of the waiter in Idaho who carried a palm-sized card reader in his apron that could suck the info off the magnetic strip on a credit card with a swipe. The device could hold lots of data, and over time the waiter collected the information from hundreds of cards. He uploaded this data onto his computer and sold it via email. One of his customers was a mid-tier crook in San Diego who hired a stable of (in Fred’s words) “mentally handicapped” helpers with their own credit cards. Using a PC and a piece of hardware into which he’d insert each card, the crook would re-program the magnetic stripes on the helpers’ cards with information from the stolen IDs and send these runners off with shopping lists of high-end electronics and other pricey items. When his helpers (law enforcement calls them “cut-outs”) returned with the goods, they’d get their own information stored back on their cards and pocket $100 for the trouble. The crook would then sell the shrink-wrapped, untouched products for 25 cents on the dollar to fences or on Ebay. This tale has a twist that explains how Fred helped put the guy behind bars. When a salesperson noticed that the name on one of the helpers’ cards was different from the name that came up on the printed receipt, he grew suspicious and insisted on confiscating the card. The “mentally handicapped” shopper, who had no idea he was part of any scam, became irate and persisted in demanding the card back. Eventually, having gotten nowhere, he marched outside to a pay phone and called the cops—who referred the case to CATCH. A San Diego ID-theft ring Fred also helped investigate employed an estimated 50 people. Like a factory, this operation involved various job descriptions. There were people who drove vans through neighborhoods where they would repeatedly steal mail—ingoing mail containing credit card promotions, and outgoing mail containing personal checks intended to pay bills. There were check washers—literally, people who rinsed checks in chemicals that would remove the handwritten payee’s name and signature but leave the original printed information, so that the legitimate checks could be made out to someone else. There were dedicated mail sorters, forgers, ID counterfeiters, and cut-outs. Nineteen of these workers were apprehended and convicted. |
The ring ran |
|
|
CATCH has also solved cases involving piles of money. To seize all the merchandise one couple had purchased using stolen IDs—the flat-screen TVs, a barbeque grill, laptops, furniture—required two moving trucks. The main suspect in this case had spent $32,000 against stolen identities at Staples alone. He got two years in prison. * * *Still, all these outfits are exploiting identities that tally at most in the thousands. That’s a far cry from the millions that have been hacked. Whether street-level criminals even combined with these small organizations can account for the aggregate damage is disputable. Fred thinks they can. One hundred thousand mail thieves, working one hundred identities each, he figures, easily gets you to the 10 million victims the FTC estimates. As Erin Kenneally, a cyber forensics analyst at the San Diego Supercomputer Center, puts it, “ID theft empowers smaller guys. I tend to think of it as peer-to-peer crime.” If she’s right, task forces like Fred’s are the ideal response to the problem. But others will say there’s a much different story, that big-time organized groups out there are moving identities—as well as the funds or goods they turn into—in bulk, and that they are the hardcore felons law enforcement should attack. Scott Christie, for instance, now a partner at the law firm McCarter & English, sees “marginal utility” in the kinds of busts Fred and Art and Ray are making. “You can really equate these folks with drug runners. It’s all well and good to arrest a guy who’s swallowed 12 condoms of heroin before coming into the country. But what does that do for you, other than get 12 condoms of dope off the street? These guys are a dime a dozen and replaceable.” Christie is more interested in the handful of cases so far that indicate ID theft is more organized and larger scale. Most notable among them is one he prosecuted, referred to as Shadowcrew, after the name of the website at its center. In this instance, about 4,000 different identity thieves were participating, buying and selling huge swathes of “profiles”—personal information that could include anything from mothers’ maiden names to home mortgages—for as little as $1 a piece. At shadowcrew.com, a teenager in Michigan, say, who camped out in parking lots to tap into a chain store’s wireless network and steal data, could sell his list to mobsters in the Ukraine. A sophisticated cracker in Scarsdale or a small-time rental-car clerk in Omaha could offer their “dumps” to a college campus kingpin selling one or two profiles at a time to students. Vetted members of Shadowcrew would sign on and post offers of thousands at a time to the password-protected Web site and even engage in Ebay-style auctions. “You could pick and choose based upon credit cards’ numerical prefixes,” Christie explains, “that indicate certain geographic areas.” You could also shop according to credit limits on Previous 1, 2, 3, 4, 5, 6 Next |
|||
books recent articles other projects about home
©2006 Martha Baer All Rights Reserved | |||