Rave Radio: Offline (0/0)
Email: Password:
News (Media Awareness Project) - CN AB: Meth Addicts' Other Habit: Online Theft
Title:CN AB: Meth Addicts' Other Habit: Online Theft
Published On:2005-12-15
Source:USA Today (US)
Fetched On:2008-08-19 02:16:51
METH ADDICTS' OTHER HABIT: ONLINE THEFT

Methamphetamine Addicts Skilled in Identity Theft Are Turning to
Computers and the Internet to Expand Their Reach.

USA TODAY Examines the Inner Workings of One Small Ring of Addicts
Who Began Partnering With Global Internet Crime Groups to Trade in
Stolen Identity Data and Launder Hijacked Funds.

EDMONTON, Alberta -- Hot on the trail of identity thieves, veteran
Edmonton Police Service detectives Al Vonkeman and Bob Gauthier last
winter hustled to a local motel, a cinder-block establishment where
rooms rent by the hour.

Twice before, police had descended on locations in Edmonton and
Calgary, 200 miles away, chasing down a tip about someone accessing a
dial-up Internet account linked to an e-mail folder full of stolen
identity data. Each time, the user logged off and vacated the
premises before police arrived.

This time the motel's manager told the detectives that the phone in
Room 24 was in use. As Vonkeman and Gauthier prepared to bust down
the door, out strolled a garrulous drug addict, 25, whom they'd
arrested before, followed by a younger man -- a 21-year-old computer
whiz -- both sky-high on methamphetamine.

Inside Room 24 the detectives found meth pipes, stolen credit cards,
notebooks with handwritten notations about fraudulent transactions
and printouts of stolen identity data. The distinctive smell of
street meth pervaded the air. "They were just starting to set up,"
recalls Vonkeman, an economic crimes analyst.

On the motel room bed, connected to a wall phone jack, a laptop
computer was downloading something. Before going to work on stolen ID
data, the younger man was downloading the latest version of his
favorite video game. "But it was a dial-up modem, so it was taking
forever," says Gauthier, a veteran drug unit detective.

Vonkeman, 44, and Gauthier, 48, had flushed out the roving nerve
center of a loose-knit ring of meth addicts running identity-theft
scams. Evidence in the motel room would ultimately lead them to a
much bigger revelation: The Edmonton ring had gone global.

It no longer relied solely on dumpster-diving, mailbox-pilfering
street addicts to supply stolen credit cards, checks and account
statements, the grist for local thefts. Instead, it had advanced to
complex joint ventures, conducted over the Internet, in partnership
with organized cybercrime rings outside the country.

What's happening in Edmonton is happening to one degree or another in
communities across the USA and Canada -- anywhere meth addicts are
engaging in identity theft and can get on the Internet, say police,
federal law enforcement officials and Internet security experts.

Internet Relay Chat channels, private areas on the Internet where
real-time text messaging takes place, are rife with communications
between organized cybercrime groups and meth users and traffickers
discussing how they can assist each other. "It's big time," says San
Diego-based security consultant Lance James, who monitors IRC channels.

Such collaboration seems almost preordained. "This hits at the
intersection of two of the more complex law enforcement
investigations: computer crimes and drug crimes," says Howard
Schmidt, CEO of R&H Security Consulting and former White House
cyber-security adviser.

Identity theft has fast become the crime of preference among meth
users for three reasons: It is non-violent, criminal penalties for
first-time offenders are light -- usually a few days or weeks in jail
- -- and the use of computers and the Internet offers crooks anonymity
and speed with which to work. Meth is a cheap, highly addictive
street derivative of amphetamine pills; it turns users into
automatons willing to take on risky, street-level crime.

Meanwhile, global cybercrime groups control e-mail phishing attacks,
keystroke-stealing Trojan horse programs and insider database thefts
that swell the pool of stolen personal and financial information.
They also have ready access to hijacked online-banking accounts. But
converting assets in compromised accounts into cash is never easy.
That's where the meth users come in.

Sophisticated meth theft rings, like the one in Edmonton, control
local bank accounts -- and underlings who are willing to extract
ill-gotten funds from such accounts. The two men at the seedy motel
were helping outside crime groups link up with local accounts under
their control when a tipster guided police to them in December 2004.

Edmonton police granted USA TODAY exclusive access to cases
investigated by Vonkeman and Gauthier from early 2003 to the present.
The newspaper examined police evidence files and interviewed two
central ring members, ages 37 and 22. In this story, they are
referred to as Mary and Frank.

Police set up the interviews but required that the suspects' real
names, as well as the true identities of the two men arrested at the
motel, be withheld for the safety of the individuals and to preserve
the integrity of ongoing investigations. In this story, the two men
arrested at the motel are called Martin and Socks -- not their real names.

Police participated in USA TODAY'S phone interviews with Mary and
Frank, then arranged for a reporter to interview Mary in person, with
no police present. She took the reporter on a daylong tour of
locations in Edmonton where the ring had committed ID thefts and fraud.

What emerges is the tale of how one cadre of meth addicts, from
ordinary backgrounds, found extraordinary ways to steal and
manipulate sensitive personal and financial data -- data they
discovered to be rather haphazardly protected. Here is their story:

Mary had to think quickly. The security guard had appeared out of
nowhere. She was sitting in her black sedan, waiting for Frank to
yank garbage bags out of a dumpster behind Neiman Marcus' Edmonton
call center, where the upscale U.S. retailer routes calls from customers.

A soft-spoken, attractive blonde with a friendly demeanor, Mary
passed herself off as an absent-minded employee hunting for a lost
day-planner. She sweet-talked the guard into helping Frank load bags
into the sedan. "He says, 'Oh I'll help you, maybe it's in one of
these,' " she recalled during an interview conducted while showing a
reporter dumpsters she helped scope.

Mary, 37, met Frank in the summer of 2003 through her boyfriend, a
meth dealer who was Frank's supplier. Up until her divorce in 2001,
Mary says, she was a "model citizen": She was college-educated and
had two children and a management career. But then her marriage hit
the skids. Her boyfriend, the meth dealer, "was domineering, and I
was vulnerable from the divorce," she says.

Frank, 22, passionate, creative but easily manipulated, says he
became a meth addict at age 14. He quickly demonstrated a high
aptitude for committing fraud. A fellow addict who was an employee of
Canadian cellphone company Rogers Communications showed him how to
open new cellphone accounts over the phone and on the Internet, using
data from customer records plucked from Rogers' dumpsters.

As a high school student, Frank had possession of stolen cellphones
to use and sell. He soon advanced to using stolen credit card numbers
to shop online. He found that he loved manipulating data on his
computer almost as much as conning customer-service reps over the
phone. "I needed to feed my drug habit and make a living," Frank said
in a phone interview from an Edmonton police station in October.
"That's when I began to look into using my PC."

During the summer and fall of 2003, the Neiman Marcus call center was
a favorite stop on a route of dumpsters Mary and Frank mined behind
banks, trust companies, telecom companies, hotels, car rental
agencies, restaurants, video rental stores -- anywhere a business
might throw out paperwork.

Neiman Marcus spokeswoman Ginger Reeder says no records of sensitive
customer information are printed out at the call center. If any such
information made it into the trash, "It would be a breach of company
policy and an isolated incident," says Reeder.

Frank and Mary say their dumpster route yielded copies of credit card
transactions, loan applications, customer-service reports, employee
manuals and internal phone directories -- all with potentially useful
information. "Nothing was shredded," says Frank. "All the information
you wanted was (in the dumpsters)."

One dumpster behind a call center in suburban Mill Woods proved to be
a jackpot. In a nondescript strip mall just two blocks from the
spacious three-bedroom apartment where Frank lived with his divorced
dad, it brimmed with valuable data. The company using the dumpster,
Convergys, often tossed out paperwork related to customer-service
calls from Sprint cellphone subscribers in the USA, Mary says.

"We'd get credit check information from Equifax, credit card numbers
to make payments, Social Security numbers, date of birth, addresses,"
Mary says. "They would make a printout, then just throw it out."

Convergys spokeswoman Lauri Roderick disputes Mary's account. The
Cincinnati-based company has a "strict clean-desk policy" that
requires shredding of any sensitive paperwork, she says. And Sprint
customer-service calls, she says, were never handled by the 1,200
workers at the Mill Woods facility, one of 14 in Canada. "We're
confident there has been no breach in security of our customers'
data," Roderick says.

Mary's management skills and Frank's computer savvy were a profitable
match. By late 2003, they had delegated dumpster diving to others and
concentrated on fine-tuning schemes to make the most of pilfered
data. They became adept at developing what they referred to as "full profiles."

Given just a name and home address, Mary would dispatch a street
addict to the residence with instructions to scour the occupant's
garbage for bank statements (a big score) or even a debit card
receipt (still valuable). Depending on whether the victim was a woman
or man, she or Frank would phone the victim's bank and pose as the customer.

If the bank rep asked for a recent transaction as proof of identity,
information from a receipt plucked from the garbage, along with a bit
of improvised play acting, often sufficed to win the rep's help. They
could then change a billing address, request a replacement debit card
and PIN number, apply for credit cards and credit line increases, and
add other account users.

Frank used stolen credit card numbers to order the tools of their
trade online: computers, graphics software to manufacture fake IDs,
and online services, such as Vonage phone accounts. Vonage, like
other Internet-based phone services, allows subscribers to pick any
area code they want. That's useful for ID thieves who want to take
control of financial accounts surreptitiously. Mary could order up
area codes matching those of the location of breached accounts
outside of Edmonton. The numbers appeared to be local, but actually
routed back to her.

Stolen credit card numbers, Social Security numbers, and Canadian
Social Insurance Numbers emerged as valuable commodities. Frank
progressed to buying and selling them online. He maneuvered his way
onto Internet Relay Chat channels where such trading takes place, and
began transacting with crime rings in Romania, Austria and Egypt.
"Whatever you wanted to buy or sell, it was there," he says.

Meanwhile, Mary and Martin, a longtime fixture in the Edmonton meth
crowd, focused on assembling a street-level distribution network.
Martin, 25, from a well-to-do family, had a knack for recruiting
underlings. "If he was in the business world, he'd be a headhunter,"
Detective Vonkeman says.

Soon the Edmonton ring controlled a matrix of local bank accounts,
some stolen, some opened by addicts using their real names, others
opened by addicts using assumed identities and fake IDs supplied by Frank.

Mary, Frank and Martin began to test financial websites. They
exploited e-mail cash transfers -- a service offered by Canadian
banks, by which account holders can conveniently e-mail up to $1,000
to an individual.

They sent runners to withdraw cash from ATMs just before and after a
unit was serviced late at night, thus getting two days' of maximum
withdrawals in the same hour. They set up shell companies to exploit
bill-paying services that allow online payments of up to $10,000 to
business accounts.

And they tapped online payment services, like PayPal and NETeller, to
bypass the 48-hour hold on international bank-to-bank cash transfers.

They stayed awake for days at a time in hotel rooms or dingy
residences -- called sketch pads -- where meth addicts congregated.
The three of them plotted intricate variations of scams or concocted
wild, blockbuster capers. Sleep-deprived, they were paranoid about
two things: the police and their larcenous fellow addicts.

Frank migrated from sketch pad to sketch pad, rarely going home to
his father's apartment. "I stayed until the cops knocked on the door
- -- or someone ripped me off," Frank says.

Mary often fantasized about a big score that would give her the
impetus to return to a normal life.

"But nothing ever got really big," she says. "Somebody rips you off,
or you never collect what you're owed. You feel like you can do
anything (when high on meth). But you can't stay focused. You lose
your train of thought. You have to move fast when you're doing fraud,
and speeders don't move fast."

By the time 2003 drew to a close, Frank had been arrested twice and
released on bail. A judge ordered him to avoid contact with the meth
crowd and banned him from using a computer.

Frank was trying to stay low when Mary introduced him to Socks, an
acquaintance. Then 20, Socks was idle and had time on his hands. He
had never used meth or committed ID theft. But he had just been laid
off from his job as a computer technician.

A somewhat introverted video game fanatic, Socks began smoking
crystal meth and associating with Mary, Frank and Martin. When the
extroverted Frank bragged about his prowess at scams, Socks paid
close attention. Then he began delving deeper than Frank ever did.

Socks began wheeling and dealing with cybercrime rings in Quebec,
Romania and Egypt via Internet Relay Chat channels. "What we saw with
Socks was interactions that were more with the dark side of the
Internet," Vonkeman says.

The global contacts Socks developed put the Edmonton ring in a
position to make a profound transition. Instead of going through the
labor-intensive process of building profiles of local marks, it began
to buy ready-made full profiles of identity theft victims in the USA.

Milking a victim from Tallahassee, Fla., had become as easy as
bilking someone from nearby Banff. Mary could easily attach a Vonage
IP phone number, say, with a Tallahassee area code, onto a hijacked
account and use PayPal or Western Union to transfer funds across
international borders.

Besides, going after U.S. victims seemed less risky; and the going
rate for a full profile of a U.S. consumer seemed a bargain: $200
American for data that typically included the mark's bank account
password, credit card number with security code, even his or her
Social Security number.

It was such a good deal, Martin insisted on using clean money sent
via Western Union to make the purchase. "We didn't want to screw it
up and use fraud money that might get them caught," Mary says.

The Edmonton ring also began helping outside crime groups launder
hijacked funds through local bank accounts. A street addict would
take the last -- and riskiest -- step: making a cash withdrawal.
Martin would use Western Union to wire some of the cash back to the
crime group and divide the rest locally.

Yet, the maxim "there is no honor among thieves" has never been truer
than with meth addicts. "They're very networked and quite social, but
when you arrest and debrief these people, they'll give you a ton of
information," Vonkeman says.

Someone ratted out Frank in the summer of 2004, leading to his third
arrest -- and an 11-month jail sentence. Mary and Martin got arrested
multiple times at sketch pad raids. Released on bail, they'd lie low
for a few weeks before starting up again. Meanwhile, copycat cells
cropped up to try to imitate their success.

"It's like plugging your finger in the dike," Gauthier says. "For all
the people we catch and take out of action, there could be 10 more
networking and already starting to form another cell."

Socks was arrested three times in an eight-month span. He is now
serving a two-year sentence for various drug and theft crimes.

Until his initial arrest at the motel in December 2004, Socks had
been a mystery figure to Vonkeman and Gauthier. The detectives heard
rumors about a new techie on the scene with access to thousands of
credit card numbers. But Socks had no rap sheet, nothing, really, to
tie him to the meth crowd.

He was also clever. Socks knew investigators could monitor Internet
traffic going into and out of his laptop computer, so he had made it
a point to move around.

For two months in early 2004, Socks, Mary and a friend of Frank's
worked from inside a plush GMC camper van parked in an alley
alongside a rundown, three-story apartment building a half-mile from
downtown Edmonton.

Socks extended a phone cable from the van, down a stairwell to the
building's telephone-access panel. When a tenant left for work or
appeared to be sleeping, he'd patch into the person's phone line to
get on the Internet. "We needed a safe place to use the computer, and
it was so nice in there," Mary says.

As an extra precaution, Socks stored nothing of importance on his
laptop's hard drive. He uploaded all incriminating stolen identity
data to an e-mail folder that came with the dial-up Internet account
he'd been given by a fellow addict who worked for an Internet service provider.

But when that accomplice got arrested on another criminal matter, the
accomplice promptly disclosed the existence of the account. Vonkeman
asked the Internet service provider to leave the account open and
alert him anytime anyone logged on.

Ironically, it was that e-mail folder, Socks' protective buffer, that
drew Vonkeman and Gauthier to the motel to see who had logged on.

Released on bail soon after the motel arrest, Socks skipped a court
appearance and was on the run until Gauthier arrested him again last
March. He had become more involved than ever with overseas cybercrooks.

On his person Socks had a slip of paper with log-ons and passwords
for 15 hijacked Canadian bank accounts, which he said came from
Romanian cybercrooks, including one account with access to six
figures' worth of funds. Police believe the accounts served partly as
a show of good faith to cement a partnership with the Edmonton ring.

Sentenced to house arrest after pleading guilty on several drug- and
fraud-related counts after the March incident, Socks took off again,
Gauthier says.

Then last July, an informant guided Gauthier to a north Edmonton
apartment where the detective caught Socks in the act of using a
laptop computer to manufacture fake IDs.

Socks reacted calmly, Gauthier says. "He says, 'Hi, Bob. I've been
wondering when you were coming to get me.' "
Member Comments
No member comments available...