FROM: U.S. JUSTICE DEPARTMENT
Friday, June 26, 2015
Indictment In UPMC Stolen Identity Scheme
On Wednesday, a federal grand jury in Pittsburgh returned a multi-count indictment against Yoandy Perez Llanes, a foreign national residing outside of the United States. Llanes was charged in a 21-count indictment with a scheme to defraud the Internal Revenue Service (IRS), and the U.S. Treasury, using the stolen identities of employees of the University of Pittsburgh Medical Center (UPMC) to file false federal income tax returns in order to obtain unlawful tax refunds. Llanes and unnamed conspirators converted the unlawful tax refunds to Amazon.com gift cards, which were used to buy merchandise which was shipped internationally. All of these acts occurred generally between January and April 2014. Llanes is charged with conspiracy to defraud the United States, wire fraud, money laundering and aggravated identity theft.
Early in 2014, thousands of employees of UPMC had their personal information compromised by hackers, who intruded into a UPMC computerized database stealing names, social security numbers, dates of birth and other personal identifying information. This data was then used to file false 2013 federal tax returns. Investigators learned that names and other identifiers were used by Llanes and other conspirators to file 935 false tax returns in which unlawful refunds were requested in the form of Amazon.com gift cards. Quick action by the IRS, UPMC and Amazon.com frustrated the efforts of the fraudsters to file additional false returns and obtain further fraudulent proceeds. While the perpetrators sought approximately $2.2 million in fraudulent refunds, only $1.4 million was actually disbursed as refunds. Stolen Identity Refund Fraud, such as that alleged to have been perpetrated by Llanes, costs United States taxpayers billions of dollars.
This criminal scheme was complex and crossed national borders. Llanes and the conspirators used anonymous and encrypted email to disguise their identities and proxy computers to file returns. Using the fraudulently obtained Amazon.com gift cards, Llanes purchased hundreds of thousands of dollars in electronic merchandise for shipment through reshipping services in Miami, Florida, with instructions for delivery to “drop” locations outside the United States. Llanes and others then retrieved the merchandise and advertised it for sale on online auction websites overseas.
Though Llanes and the conspirators attempted to conceal their whereabouts and their identities through the use of encrypted email and proxy services, investigators were able to uncover the sophisticated plot and identify Llanes.
The law provides for a sentence of imprisonment, a fine of $5.5 million or both. Under the Federal Sentencing Guidelines, the actual sentence imposed would be based upon the seriousness of the offenses and the prior criminal history, if any, of the defendant.
Assistant U.S. Attorney Gregory C. Melucci is prosecuting this case on behalf of the government.
The IRS-CI, the U.S. Secret Service and the U.S. Postal Inspection Service, conducted the investigation leading to the indictment in this case.
An indictment is an accusation. A defendant is presumed innocent unless and until proven guilty.
Showing posts with label IDENTITY THEFT. Show all posts
Showing posts with label IDENTITY THEFT. Show all posts
Thursday, July 2, 2015
Wednesday, March 11, 2015
IRANIAN SENTENCED TO PRISON FOR STEALING U.S. PILOTS IDENTITY
FROM: U.S. JUSTICE DEPARTMENT
Monday, March 9, 2015
Iranian Pilot Sentenced to 27 Months in Prison for Stealing U.S. Pilot’s Identity to Obtain Federal Aviation Administration Credentials
An Iranian man was sentenced today in Houston to serve 27 months in prison for using personally identifying information stolen from a U.S. pilot to fraudulently obtain a U.S. Federal Aviation Administration (FAA) Airline Transport Pilot (ATP) certificate and flight instructor certificate. At today’s sentencing hearing, the government indicated that the defendant sought the FAA credentials to allow him to fly aircraft for profit, and that there was no evidence that he was engaged in any terrorism-related activity.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division and U.S. Attorney Kenneth Magidson of the Southern District of Texas made the announcement.
Nader Ali Sabouri Haghighi, 41, of Iran, pleaded guilty on Nov. 3, 2014, to four counts of identity theft related to his use of the victim pilot’s passport and personally identifying information to fraudulently obtain the FAA credentials at issue. U.S. District Judge Kenneth M. Hoyt of the Southern District of Texas imposed the sentence.
An ATP certificate is the highest grade of certificate issued by the FAA. It authorizes the holder to pilot multi-engine aircraft under U.S. aviation regulations.
At his plea hearing, Haghighi admitted that he stole the identity of the victim pilot, which he used to obtain certain FAA credentials. These credentials permit a pilot to fly multi-engine aircraft, and have strict requirements for training, knowledge and experience. Haghighi had never been issued these specific credentials, and a general pilot’s license he had previously been issued had been revoked by the FAA.
Haghighi admitted that he used the victim pilot’s information to log onto the Airman Services Records System, an on-line database used by the FAA to monitor and regulate persons authorized to fly aircraft, posing as the victim pilot. He then changed the contact information associated with the victim pilot’s profile and requested a replacement ATP certificate and flight instructor certificate.
Haghighi also admitted that he fraudulently obtained a credit card in the victim pilot’s name and used the credit card to pay for the replacement FAA credentials.
According to court records, on Sept. 15, 2012, Haghighi crashed an airplane in Bornholm, Denmark, while in possession of the victim’s ATP certificate. After facing criminal charges in Denmark and Germany, Haghighi returned to Iran, only to later resurface in Indonesia. He was finally arrested in Panama, where he waived extradition to the United States in August 2014.
The case was investigated by the Office of Inspector General of the U.S. Department of Transportation, with significant assistance from the Federal Aviation Administration, the Diplomatic Security Service of the State Department and the Department of Homeland Security’s U.S. Immigration and Customs Enforcement, Homeland Security Investigations. The Criminal Division’s Office of International Affairs and the FBI also provided significant assistance in Haghighi’s apprehension and extradition. Assistance was also provided by the Bornholms Politi (Denmark Police). The case was prosecuted by Senior Trial Attorney William A. Hall Jr. of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Craig Feazel of the Southern District of Texas.
Monday, March 9, 2015
Iranian Pilot Sentenced to 27 Months in Prison for Stealing U.S. Pilot’s Identity to Obtain Federal Aviation Administration Credentials
An Iranian man was sentenced today in Houston to serve 27 months in prison for using personally identifying information stolen from a U.S. pilot to fraudulently obtain a U.S. Federal Aviation Administration (FAA) Airline Transport Pilot (ATP) certificate and flight instructor certificate. At today’s sentencing hearing, the government indicated that the defendant sought the FAA credentials to allow him to fly aircraft for profit, and that there was no evidence that he was engaged in any terrorism-related activity.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division and U.S. Attorney Kenneth Magidson of the Southern District of Texas made the announcement.
Nader Ali Sabouri Haghighi, 41, of Iran, pleaded guilty on Nov. 3, 2014, to four counts of identity theft related to his use of the victim pilot’s passport and personally identifying information to fraudulently obtain the FAA credentials at issue. U.S. District Judge Kenneth M. Hoyt of the Southern District of Texas imposed the sentence.
An ATP certificate is the highest grade of certificate issued by the FAA. It authorizes the holder to pilot multi-engine aircraft under U.S. aviation regulations.
At his plea hearing, Haghighi admitted that he stole the identity of the victim pilot, which he used to obtain certain FAA credentials. These credentials permit a pilot to fly multi-engine aircraft, and have strict requirements for training, knowledge and experience. Haghighi had never been issued these specific credentials, and a general pilot’s license he had previously been issued had been revoked by the FAA.
Haghighi admitted that he used the victim pilot’s information to log onto the Airman Services Records System, an on-line database used by the FAA to monitor and regulate persons authorized to fly aircraft, posing as the victim pilot. He then changed the contact information associated with the victim pilot’s profile and requested a replacement ATP certificate and flight instructor certificate.
Haghighi also admitted that he fraudulently obtained a credit card in the victim pilot’s name and used the credit card to pay for the replacement FAA credentials.
According to court records, on Sept. 15, 2012, Haghighi crashed an airplane in Bornholm, Denmark, while in possession of the victim’s ATP certificate. After facing criminal charges in Denmark and Germany, Haghighi returned to Iran, only to later resurface in Indonesia. He was finally arrested in Panama, where he waived extradition to the United States in August 2014.
The case was investigated by the Office of Inspector General of the U.S. Department of Transportation, with significant assistance from the Federal Aviation Administration, the Diplomatic Security Service of the State Department and the Department of Homeland Security’s U.S. Immigration and Customs Enforcement, Homeland Security Investigations. The Criminal Division’s Office of International Affairs and the FBI also provided significant assistance in Haghighi’s apprehension and extradition. Assistance was also provided by the Bornholms Politi (Denmark Police). The case was prosecuted by Senior Trial Attorney William A. Hall Jr. of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Craig Feazel of the Southern District of Texas.
Tuesday, March 3, 2015
MAN PLEADS GUILTY FOR PART IN ID TRAFFICKING OF PUERTO RICAN U.S. CITIZENS TO FOREIGN NATIONALS
FROM: U.S. JUSTICE DEPARTMENT
Friday, February 27, 2015
Florida Man Pleads Guilty for Role in Puerto Rican Identity Trafficking Ring
A Florida man pleaded guilty today for his role in a large-scale identity trafficking ring, which sold the identities of Puerto Rican U.S. citizens to foreign nationals to allow them to enter or remain in the United States illegally. To date, a total of 14 individuals have been charged for their roles in this identity trafficking ring, and four have pleaded guilty.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Rosa E. Rodríguez-Vélez of the District of Puerto Rico, Director Sarah R. Saldaña of Immigration and Customs Enforcement (ICE), Chief Postal Inspector Guy J. Cottrell of the U.S. Postal Inspection Service (USPIS), Director Bill A. Miller of the Department of State’s Diplomatic Security Service (DSS) and Chief Richard Weber of the Internal Revenue Service-Criminal Investigation (IRS-CI) made the announcement.
Rey David Bravo-Aguirre, 43, of Bartow, Florida, pleaded guilty to one count of conspiracy to commit identification fraud, one count of conspiracy to commit alien smuggling for financial gain and one count of transferring and possessing means of identification of another person during and in relation to a felony. A sentencing hearing is scheduled for June 3, 2015, before U.S. District Judge Juan M. Pérez- Giménez of the District of Puerto Rico.
According to his plea agreement, Bravo-Aguirre operated as a broker of Puerto Rican identities and corresponding identity documents out of Bartow, Florida. In that role, Bravo-Aguirre received identity documents from other members of the conspiracy located in the Caguas-area of Puerto Rico and sold them to individuals unlawfully residing in Florida. Specifically, Bravo-Aguirre admitted that he provided Social Security cards and corresponding Puerto Rico birth certificates to his customers.
The charges are the result of Operation Island Express II, an ongoing, nationally-coordinated investigation led by ICE’s Homeland Security Investigations (HSI), USPIS, DSS and IRS-CI offices in Chicago, in coordination with the ICE-HSI San Juan Office. The Illinois Secretary of State Police also provided substantial assistance. The ICE-HSI Attaché office in the Dominican Republic, National Drug Intelligence Center - Document and Media Exploitation Branch and International Organized Crime Intelligence and Operations Center (IOC-2) provided invaluable assistance, as well as various ICE, USPIS, DSS and IRS CI offices around the country.
The case is being prosecuted by Trial Attorneys Marianne Shelvey of the Criminal Division’s Organized Crime and Gang Section and William Kenety of the Criminal Division’s Human Rights and Special Prosecutions Section, and Special Assistant U.S. Attorney Jorge Ramos of the District of Puerto Rico.
Friday, February 27, 2015
Florida Man Pleads Guilty for Role in Puerto Rican Identity Trafficking Ring
A Florida man pleaded guilty today for his role in a large-scale identity trafficking ring, which sold the identities of Puerto Rican U.S. citizens to foreign nationals to allow them to enter or remain in the United States illegally. To date, a total of 14 individuals have been charged for their roles in this identity trafficking ring, and four have pleaded guilty.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Rosa E. Rodríguez-Vélez of the District of Puerto Rico, Director Sarah R. Saldaña of Immigration and Customs Enforcement (ICE), Chief Postal Inspector Guy J. Cottrell of the U.S. Postal Inspection Service (USPIS), Director Bill A. Miller of the Department of State’s Diplomatic Security Service (DSS) and Chief Richard Weber of the Internal Revenue Service-Criminal Investigation (IRS-CI) made the announcement.
Rey David Bravo-Aguirre, 43, of Bartow, Florida, pleaded guilty to one count of conspiracy to commit identification fraud, one count of conspiracy to commit alien smuggling for financial gain and one count of transferring and possessing means of identification of another person during and in relation to a felony. A sentencing hearing is scheduled for June 3, 2015, before U.S. District Judge Juan M. Pérez- Giménez of the District of Puerto Rico.
According to his plea agreement, Bravo-Aguirre operated as a broker of Puerto Rican identities and corresponding identity documents out of Bartow, Florida. In that role, Bravo-Aguirre received identity documents from other members of the conspiracy located in the Caguas-area of Puerto Rico and sold them to individuals unlawfully residing in Florida. Specifically, Bravo-Aguirre admitted that he provided Social Security cards and corresponding Puerto Rico birth certificates to his customers.
The charges are the result of Operation Island Express II, an ongoing, nationally-coordinated investigation led by ICE’s Homeland Security Investigations (HSI), USPIS, DSS and IRS-CI offices in Chicago, in coordination with the ICE-HSI San Juan Office. The Illinois Secretary of State Police also provided substantial assistance. The ICE-HSI Attaché office in the Dominican Republic, National Drug Intelligence Center - Document and Media Exploitation Branch and International Organized Crime Intelligence and Operations Center (IOC-2) provided invaluable assistance, as well as various ICE, USPIS, DSS and IRS CI offices around the country.
The case is being prosecuted by Trial Attorneys Marianne Shelvey of the Criminal Division’s Organized Crime and Gang Section and William Kenety of the Criminal Division’s Human Rights and Special Prosecutions Section, and Special Assistant U.S. Attorney Jorge Ramos of the District of Puerto Rico.
Sunday, March 1, 2015
FTC RELEASES NATIONAL RANKING OF CONSUMER COMPLAINTS FOR 2014
FROM: U.S. FEDERAL TRADE COMMISSION
Identity Theft Tops FTC’s Consumer Complaint Categories Again in 2014
Agency Also Notes a Large Increase in Complaints About “Imposter” Scams
Identity theft topped the Federal Trade Commission’s national ranking of consumer complaints for the 15th consecutive year, while the agency also recorded a large increase in the number of complaints about so-called “imposter” scams, according to the FTC's 2014 Consumer Sentinel Network Data Book, which was released today.
Imposter scams – in which con artists impersonate government officials or others – moved into third place on the list of consumer complaints, entering the top three complaint categories for the first time. The increase in imposter scams was led by a sharp jump in complaints about IRS and other government imposter scams. Debt collection held steady as the second-most-reported complaint.
“While identity theft remains a huge issue, consumers should also keep a close eye out for imposter scams,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “Whether it’s pretending to be the IRS during tax season, or making false promises of a lottery win, scammers are increasingly sophisticated in their efforts to deceive consumers, but the FTC will continue working to shut these scammers down.”
The Consumer Sentinel Network Data Book is produced annually using complaints received by the FTC’s Consumer Sentinel Network. That includes not only complaints made directly by consumers to the FTC, but also complaints received by state and federal law enforcement agencies, national consumer protection organizations and non-governmental organizations.
The report includes not only national data but also a state-by-state accounting of top complaint categories and a listing of the metropolitan areas that generated the most complaints. In 2014, 2,582,851 complaints were entered into the Consumer Sentinel Network. Florida was the top source of complaints per capita both for identity theft, and fraud and other complaints. For fraud and other complaints, Georgia and Nevada had the second and third highest per capita complaint rates, while Washington and Oregon were in the second and third position for identity theft complaints.
The complaint categories making up the top 10 are:
Number Percent
Identity Theft 332,646 13 percent
Debt Collection 280,998 11 percent
Imposter Scams 276,662 11 percent
Telephone and Mobile Services 171,809 7 percent
Banks and Lenders 128,107 5 percent
Prizes, Sweepstakes and Lotteries 103,579 4 percent
Auto-Related Complaints 88,334 3 percent
Shop-At-Home and Catalog Sales 71,377 3 percent
Television and Electronic Media 48,640 2 percent
Internet Services 46,039 2 percent
A complete list of all complaint categories is available on page six of the report.
The Consumer Sentinel Network’s secure online database is available to more than 2,000 civil and criminal law enforcement agencies across the country and abroad. Agencies use the data to research cases, identify victims and track possible targets.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.
Identity Theft Tops FTC’s Consumer Complaint Categories Again in 2014
Agency Also Notes a Large Increase in Complaints About “Imposter” Scams
Identity theft topped the Federal Trade Commission’s national ranking of consumer complaints for the 15th consecutive year, while the agency also recorded a large increase in the number of complaints about so-called “imposter” scams, according to the FTC's 2014 Consumer Sentinel Network Data Book, which was released today.
Imposter scams – in which con artists impersonate government officials or others – moved into third place on the list of consumer complaints, entering the top three complaint categories for the first time. The increase in imposter scams was led by a sharp jump in complaints about IRS and other government imposter scams. Debt collection held steady as the second-most-reported complaint.
“While identity theft remains a huge issue, consumers should also keep a close eye out for imposter scams,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “Whether it’s pretending to be the IRS during tax season, or making false promises of a lottery win, scammers are increasingly sophisticated in their efforts to deceive consumers, but the FTC will continue working to shut these scammers down.”
The Consumer Sentinel Network Data Book is produced annually using complaints received by the FTC’s Consumer Sentinel Network. That includes not only complaints made directly by consumers to the FTC, but also complaints received by state and federal law enforcement agencies, national consumer protection organizations and non-governmental organizations.
The report includes not only national data but also a state-by-state accounting of top complaint categories and a listing of the metropolitan areas that generated the most complaints. In 2014, 2,582,851 complaints were entered into the Consumer Sentinel Network. Florida was the top source of complaints per capita both for identity theft, and fraud and other complaints. For fraud and other complaints, Georgia and Nevada had the second and third highest per capita complaint rates, while Washington and Oregon were in the second and third position for identity theft complaints.
The complaint categories making up the top 10 are:
Number Percent
Identity Theft 332,646 13 percent
Debt Collection 280,998 11 percent
Imposter Scams 276,662 11 percent
Telephone and Mobile Services 171,809 7 percent
Banks and Lenders 128,107 5 percent
Prizes, Sweepstakes and Lotteries 103,579 4 percent
Auto-Related Complaints 88,334 3 percent
Shop-At-Home and Catalog Sales 71,377 3 percent
Television and Electronic Media 48,640 2 percent
Internet Services 46,039 2 percent
A complete list of all complaint categories is available on page six of the report.
The Consumer Sentinel Network’s secure online database is available to more than 2,000 civil and criminal law enforcement agencies across the country and abroad. Agencies use the data to research cases, identify victims and track possible targets.
The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC’s website provides free information on a variety of consumer topics. Like the FTC on Facebook, follow us on Twitter, and subscribe to press releases for the latest FTC news and resources.
Wednesday, February 11, 2015
Tuesday, January 13, 2015
WHITE HOUSE FACT SHEET: "SAFEGUARDING AMERICAN CONSUMERS & FAMILIES"
FROM: THE WHITE HOUSE
FACT SHEET: Safeguarding American Consumers & Families
Today, President Obama will build on the steps he has taken to protect American companies, consumers, and infrastructure from cyber threats, while safeguarding privacy and civil liberties. These actions have included the President’s 2012 comprehensive blueprint for consumer privacy, the BuySecure initiative—launched last year— to safeguard Americans’ financial security, and steps the President took earlier this year by creating a working group of senior administration officials to examine issues related to big data and privacy in public services and the commercial sector.
In an increasingly interconnected world, American companies are also leaders in protecting privacy, taking unprecedented steps to invest in cybersecurity and provide customers with precise control over the privacy of their online content. But as cybersecurity threats and identity theft continue to rise, recent polls show that 9 in 10 Americans feel they have in some way lost control of their personal information — and that can lead to less interaction with technology, less innovation, and a less productive economy.
At the Federal Trade Commission offices today, President Obama will highlight measures he will discuss in the State of the Union and unveil the next steps in his comprehensive approach to enhancing consumers’ security, tackling identity theft, and improving privacy online and in the classroom. These steps include:
Improving Consumer Confidence by Tackling Identity Theft
The Personal Data Notification & Protection Act: The President is putting forward a new legislative proposal to help bring peace of mind to the tens of millions of Americans whose personal and financial information has been compromised in a data breach. This proposal clarifies and strengthens the obligations companies have to notify customers when their personal information has been exposed, including establishing a 30-day notification requirement from the discovery of a breach, while providing companies with the certainty of a single, national standard. The proposal also criminalizes illicit overseas trade in identities.
Identifying and Preventing Identity Theft: To give consumers access to one of the best early indicators of identity theft, as well as an opportunity to improve their credit health, JPMorganChase and Bank of America, in partnership with Fair Isaac Corporation (FICO), will join the growing list of firms making credit scores available for free to their consumer card customers. USAA and State Employees’ Credit Union will also offer free credit scores to their members, and Ally Financial is further widening the community of companies taking this step by making credit scores available to their auto loan customers. Through this effort over half of all adult Americans with credit scores will now have access to this tool to help spot identity theft, through their banks, card issuers, or lenders.
Safeguarding Student Data in the Classroom and Beyond
The Student Digital Privacy Act: The President is releasing a new legislative proposal designed to provide teachers and parents the confidence they need to enhance teaching and learning with the best technology — by ensuring that data collected in the educational context is used only for educational purposes. This bill, modeled on a landmark California statute, builds on the recommendations of the White House Big Data and Privacy review released earlier this year, would prevent companies from selling student data to third parties for purposes unrelated to the educational mission and from engaging in targeted advertising to students based on data collected in school – while still permitting important research initiatives to improve student learning outcomes, and efforts by companies to continuously improve the effectiveness of their learning technology products.
New Commitments from the Private Sector to Help Enhance Privacy for Students: Today 75 companies have committed to the cause, signing a pledge to provide parents, teachers, and kids themselves with important protections against misuse of their data. This pledge was led by the Future of Privacy Forum and the Software & Information Industry Association, and today the President challenged other companies to follow their lead.
New Tools from the Department of Education to Empower Educators Around the Country and Protect Students: The Department of Education and its Privacy Technical Assurance Center play a critical role in protecting American children from invasions of privacy. Today, we are announcing a forthcoming model terms of service, as well as teacher training assistance that will enhance our ability to help ensure educational data is used appropriately and in accordance with the educational mission.
Convening the Public and Private Sector to Tackle Emerging Privacy Issues
Voluntary Code of Conduct for Smart Grid Customer Data Privacy: Today the Department of Energy and the Federal Smart Grid Task Force are releasing a new Voluntary Code of Conduct (VCC) for utilities and third parties aimed at protecting electricity customer data — including energy usage information. This Code reflects a year of expert and public consultation, including input from industry stakeholders, privacy experts, and the public. As companies begin to sign on, the VCC will help improve consumer awareness, choice and consent, and controls on access.
Promoting Innovation by Improving Consumers Confidence Online
Consumer Privacy Bill of Rights Legislation: Online interactions should be governed by clear principles — principles that look at the context in which data is collected and ensure that users’ expectations are not abused. Those were the key themes of the Administration’s 2012 Consumer Privacy Bill of Rights, and today the Commerce Department announced it has completed its public consultation on revised draft legislation enshrining those principles into law. Within 45 days, the Administration will release this revised legislative proposal and today we call on Congress to begin active consideration of this important issue.
These actions build on steps the President has already taken to support consumer privacy and fight identity theft, including:
Making Federal Payments More Secure to Help Drive the Market Forward: In October, as part of his BuySecure Initiative, the President issued an Executive Order laying out a new policy to secure payments to and from the Federal government by applying chip and PIN technology to newly issued and existing government credit cards, as well as debit cards like Direct Express, and upgrading retail payment card terminals at Federal agency facilities to accept chip and PIN-enabled cards. This accompanied an effort by major companies like Home Depot, Target, Walgreens, and Walmart to roll out secure chip and PIN-compatible card terminals in stores across the country.
New Measures to Prevent Identity Theft: The President also announced new steps by the government to assist victims of identity theft, including supporting the Federal Trade Commission in their development of a new one-stop resource for victims at IdentityTheft.gov and expanding information sharing to ensure Federal investigators’ ability to regularly report evidence of stolen financial and other information to companies whose customers are directly affected.
FACT SHEET: Safeguarding American Consumers & Families
Today, President Obama will build on the steps he has taken to protect American companies, consumers, and infrastructure from cyber threats, while safeguarding privacy and civil liberties. These actions have included the President’s 2012 comprehensive blueprint for consumer privacy, the BuySecure initiative—launched last year— to safeguard Americans’ financial security, and steps the President took earlier this year by creating a working group of senior administration officials to examine issues related to big data and privacy in public services and the commercial sector.
In an increasingly interconnected world, American companies are also leaders in protecting privacy, taking unprecedented steps to invest in cybersecurity and provide customers with precise control over the privacy of their online content. But as cybersecurity threats and identity theft continue to rise, recent polls show that 9 in 10 Americans feel they have in some way lost control of their personal information — and that can lead to less interaction with technology, less innovation, and a less productive economy.
At the Federal Trade Commission offices today, President Obama will highlight measures he will discuss in the State of the Union and unveil the next steps in his comprehensive approach to enhancing consumers’ security, tackling identity theft, and improving privacy online and in the classroom. These steps include:
Improving Consumer Confidence by Tackling Identity Theft
The Personal Data Notification & Protection Act: The President is putting forward a new legislative proposal to help bring peace of mind to the tens of millions of Americans whose personal and financial information has been compromised in a data breach. This proposal clarifies and strengthens the obligations companies have to notify customers when their personal information has been exposed, including establishing a 30-day notification requirement from the discovery of a breach, while providing companies with the certainty of a single, national standard. The proposal also criminalizes illicit overseas trade in identities.
Identifying and Preventing Identity Theft: To give consumers access to one of the best early indicators of identity theft, as well as an opportunity to improve their credit health, JPMorganChase and Bank of America, in partnership with Fair Isaac Corporation (FICO), will join the growing list of firms making credit scores available for free to their consumer card customers. USAA and State Employees’ Credit Union will also offer free credit scores to their members, and Ally Financial is further widening the community of companies taking this step by making credit scores available to their auto loan customers. Through this effort over half of all adult Americans with credit scores will now have access to this tool to help spot identity theft, through their banks, card issuers, or lenders.
Safeguarding Student Data in the Classroom and Beyond
The Student Digital Privacy Act: The President is releasing a new legislative proposal designed to provide teachers and parents the confidence they need to enhance teaching and learning with the best technology — by ensuring that data collected in the educational context is used only for educational purposes. This bill, modeled on a landmark California statute, builds on the recommendations of the White House Big Data and Privacy review released earlier this year, would prevent companies from selling student data to third parties for purposes unrelated to the educational mission and from engaging in targeted advertising to students based on data collected in school – while still permitting important research initiatives to improve student learning outcomes, and efforts by companies to continuously improve the effectiveness of their learning technology products.
New Commitments from the Private Sector to Help Enhance Privacy for Students: Today 75 companies have committed to the cause, signing a pledge to provide parents, teachers, and kids themselves with important protections against misuse of their data. This pledge was led by the Future of Privacy Forum and the Software & Information Industry Association, and today the President challenged other companies to follow their lead.
New Tools from the Department of Education to Empower Educators Around the Country and Protect Students: The Department of Education and its Privacy Technical Assurance Center play a critical role in protecting American children from invasions of privacy. Today, we are announcing a forthcoming model terms of service, as well as teacher training assistance that will enhance our ability to help ensure educational data is used appropriately and in accordance with the educational mission.
Convening the Public and Private Sector to Tackle Emerging Privacy Issues
Voluntary Code of Conduct for Smart Grid Customer Data Privacy: Today the Department of Energy and the Federal Smart Grid Task Force are releasing a new Voluntary Code of Conduct (VCC) for utilities and third parties aimed at protecting electricity customer data — including energy usage information. This Code reflects a year of expert and public consultation, including input from industry stakeholders, privacy experts, and the public. As companies begin to sign on, the VCC will help improve consumer awareness, choice and consent, and controls on access.
Promoting Innovation by Improving Consumers Confidence Online
Consumer Privacy Bill of Rights Legislation: Online interactions should be governed by clear principles — principles that look at the context in which data is collected and ensure that users’ expectations are not abused. Those were the key themes of the Administration’s 2012 Consumer Privacy Bill of Rights, and today the Commerce Department announced it has completed its public consultation on revised draft legislation enshrining those principles into law. Within 45 days, the Administration will release this revised legislative proposal and today we call on Congress to begin active consideration of this important issue.
These actions build on steps the President has already taken to support consumer privacy and fight identity theft, including:
Making Federal Payments More Secure to Help Drive the Market Forward: In October, as part of his BuySecure Initiative, the President issued an Executive Order laying out a new policy to secure payments to and from the Federal government by applying chip and PIN technology to newly issued and existing government credit cards, as well as debit cards like Direct Express, and upgrading retail payment card terminals at Federal agency facilities to accept chip and PIN-enabled cards. This accompanied an effort by major companies like Home Depot, Target, Walgreens, and Walmart to roll out secure chip and PIN-compatible card terminals in stores across the country.
New Measures to Prevent Identity Theft: The President also announced new steps by the government to assist victims of identity theft, including supporting the Federal Trade Commission in their development of a new one-stop resource for victims at IdentityTheft.gov and expanding information sharing to ensure Federal investigators’ ability to regularly report evidence of stolen financial and other information to companies whose customers are directly affected.
Monday, October 6, 2014
FORMER STATE OF ALABAMA EMPLOYEE PLEADS GUILTY TO STEALING IDENTITIES FROM STATE DATA BASES
FROM: U.S. JUSTICE DEPARTMENT
Thursday, October 2, 2014
Former Alabama State Employee Pleads Guilty to Stealing Identities from State Databases Used to Request over $7 Million in Tax Refunds
Today, Tamika Floyd pleaded guilty to one count of conspiracy to defraud the United States and one count of aggravated identity theft for her involvement in a Stolen Identity Refund Fraud Scheme (SIRF), announced Deputy Assistant Attorney General Ronald A. Cimino for the Justice Department's Tax Division and U.S. Attorney George L. Beck Jr. for the Middle District of Alabama.
According to the court documents, between 2006 and 2014, Floyd worked at the State of Alabama Department of Public Health and the Alabama Department of Human Resources, both located in Opelika, Alabama. At both jobs, she had access to the identification information of individuals. Beginning in 2012, Floyd was approached to obtain names from her employer that would be used to file false tax returns. Floyd agreed to steal the names and in turn provided them to her co-conspirator. Most of the names stolen belonged to teenagers. Floyd’s co-conspirators used the names she provided to file more than 3,000 fraudulent federal income tax returns that claimed more than $7.5 million in refunds.
A sentencing date has not been scheduled.
The case was investigated by special agents of the Internal Revenue Service - Criminal Investigation. Trial Attorney Michael Boteler of the Tax Division and Assistant U.S. Attorney Todd Brown for the Middle District of Alabama are prosecuting the case.
Sunday, October 5, 2014
MAN WHO ATTEMPTED TO PURCHASE 100 STOLEN IDENTITIES SENTENCED TO 27 MONTHS IN PRISON
FROM: U.S. JUSTICE DEPARTMENT
Wednesday, October 1, 2014
Florida Man Sentenced to 27 Months in Prison for Attempting to Purchase 100 Stolen Identities
A Florida man was sentenced today to serve 27 months in prison for attempting to purchase sensitive, detailed personal identifying information, known as PII – including Social Security numbers and bank account numbers – to open credit card accounts and file fraudulent tax returns.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division and U.S. Attorney John P. Kacavas of the District of New Hampshire made the announcement. U.S. District Judge Steven J. McAuliffe of the District of New Hampshire imposed the sentence.
Derric Theoc, 36, was indicted by a federal grand jury in July 2013 and pleaded guilty in June 2014 to one count of attempted access device fraud. In addition to his prison sentence, he was ordered to serve two years of supervised release.
In his guilty plea, Theoc admitted that, in April 2013, he attempted to purchase packages of personal identifying information for 100 people from an undercover United States Secret Service agent who was posing as a known, prolific vendor of personally identifiable information, Hieu Minh Ngo. Theoc had previously made multiple similar purchases from Ngo.
Ngo, a Vietnamese national, pleaded guilty on March 3, 2013, to wire fraud, identification fraud and fraud in connection with access devices and on Aug. 21, 2014, to a separate indictment to four counts of computer fraud. Sentencing is scheduled for Dec. 1, 2014. According to court documents, Ngo administered websites from 2007 through February 2013 that allowed more than 1,000 individuals from throughout the world to access databases containing personal identifying information and conduct more than 3 million queries to obtain a person’s date of birth, Social Security number and other information. He also sold or transferred more than 150,000 packages of personally identifiable information that would allow criminals to take over the identity of another person.
The packages of personal identifying information that Theoc attempted to purchase typically included a person’s name, address, date of birth, Social Security number, mother’s maiden name, driver’s license number, bank account number, bank routing number, email account, account password and place of work. Theoc further admitted that he attempted to purchase the information with the intent to obtain credit cards to make purchases or withdraw money and to file fraudulent tax returns in an effort to receive refunds to which he was not entitled.
The case is being investigated by the United States Secret Service. The case is being prosecuted by Senior Counsel Mysti Degani of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Arnold H. Huftalen of the District of New Hampshire.
Thursday, August 14, 2014
14 CHARGED IN IDENTITY TRAFFICKING CONSPIRACY
FROM: U.S. JUSTICE DEPARTMENT
Tuesday, August 12, 2014
Fourteen individuals were charged in three indictments in Puerto Rico with conspiracy to commit identification fraud, money laundering, aggravated identity theft and passport fraud in connection with their alleged roles in a scheme to traffic the identities and corresponding identity documents of Puerto Rican U.S. citizens.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Rosa Emilia Rodriguez-Velez for the District of Puerto Rico, Principal Deputy Assistant Secretary Thomas Winkowski of U.S. Immigration and Customs Enforcement (ICE), which oversees Homeland Security Investigations (HSI), Chief Postal Inspector Guy Cottrell of the U.S. Postal Inspection Service (USPIS), Chief Richard Weber of the Internal Revenue Criminal Investigation Division (IRSCID) and Director Bill Miller of the State Department’s Diplomatic Security Service (DSS) made the announcement.
The multi-count indictments were returned by a federal grand jury on Aug. 6, 2014. Since that time, five of the defendants have been found and arrested (four in Puerto Rico and one in Florida). They will be arraigned in federal court this week. Arrest warrants have been issued for the remaining defendants, who will make their initial appearances in federal court in the districts in which they are arrested.
According to the indictments, from at least July 2008 through April 2014, conspirators in the mainland United States and in Puerto Rico sold the identities and corresponding Social Security cards, Puerto Rico birth certificates and other identification documents of Puerto Rican U.S. citizens to undocumented aliens and others residing in the mainland United States.
Specifically, the indictments allege that individuals located in the Caguas, Rio Piedras and San Juan areas of Puerto Rico (suppliers) obtained Puerto Rican identities and corresponding identity documents, and conspirators in various locations in the United States (identity brokers) solicited customers for those identities and documents. The identity brokers allegedly sold the identities and documents to the customers for prices ranging from $700 to $2,500 per set of Social Security cards and corresponding Puerto Rico birth certificates.
According to the indictment, the identity brokers ordered the identity documents from the suppliers by making coded telephone calls, including using terms such as “shirts,” “uniforms” or “clothes” to refer to identity documents. The suppliers generally requested that the identity brokers send payment for the documents through a money transfer service to names provided by the suppliers. The conspirators frequently confirmed payee names and addresses, money transfer control numbers and trafficked identities via text messaging. The suppliers allegedly retrieved the payments from the money transfer service and sent the identity documents to the brokers using express, priority or regular U.S. Mail.
According to the indictments, once the identity brokers received the identity documents, they delivered the documents to the customers and obtained the remaining payment from the customers. The brokers generally kept the second payment for themselves as profit. Some identity brokers allegedly assumed a Puerto Rican identity themselves and used that identity in connection with the trafficking operation.
As alleged in the indictments, the customers generally obtained the identity documents to assume the identity of Puerto Rican U.S. citizens and obtain additional identification documents, such as state driver’s licenses. Some customers allegedly obtained the documents to commit financial fraud and others attempted to obtain U.S. passports.
The indictments alleges that various identity brokers were operating in Indianapolis, Columbus and Seymour, Indiana; Aurora, Illinois; Bartow, Florida; Lawrenceville, Jonesboro and Norcross, Georgia; Salisbury, Maryland; Columbus, Ohio; Lawrence and Springfield, Massachusetts; Grand Rapids, Michigan; Philadelphia, Pennsylvania; Houston, Texas; Guymon, Oklahoma; Huron, South Dakota and Albertville, Alabama.
The charges announced today are the result of Operation Island Express II, an ongoing, nationally-coordinated investigation led by the ICE-HSI Chicago Office and USPIS, DSS and IRS-CID offices in Chicago, in coordination with the ICE-HSI San Juan Office. The Illinois Secretary of State Police provided substantial assistance. The ICE-HSI Attaché office in the Dominican Republic, National Drug Intelligence Center - Document and Media Exploitation Branch and International Organized Crime Intelligence and Operations Center (IOC-2) provided invaluable assistance, as well as various ICE, USPIS, DSS and IRS CI offices around the country.
The case is being prosecuted by the Criminal Division’s Organized Crime and Gang Section, with the assistance of the Criminal Division’s Human Rights and Special Prosecution Section, and the support of the U.S. Attorney’s Office for the District of Puerto Rico.
Saturday, March 1, 2014
IRS ISSUES ANNUAL REPORT ON CRIMINAL INVESTIGATIONS
FROM: INTERNAL REVENUE SERVICE
IRS Criminal Investigation Issues Annual Report
IR-2014-18, Feb. 24, 2014
WASHINGTON – The Internal Revenue Service announced the release of its IRS Criminal Investigation (CI) Annual Report for fiscal year 2013, reflecting significant increases in enforcement actions against tax criminals and a robust rise in convictions, including identity theft.
CI investigates potential criminal violations of the Internal Revenue Code and related financial crimes in a manner to foster confidence in the tax system and compliance with the law.
High points of fiscal year 2013 include a 12.5 percent increase in investigations initiated compared to the prior year and a nearly 18 percent gain in prosecution recommendations. Specifically, CI initiated 5,314 cases and recommended 4,364 cases for prosecution. These increases were accomplished at a time when agent resources decreased more than 5 percent.
Meanwhile, convictions rose more than 25 percent compared to the prior year. The conviction rate for fiscal 2013 was 93 percent.
“The conviction rate is especially important because it reflects the quality of our case work, our teamwork with law enforcement partners and the U.S. Attorneys’ Offices, and it represents an increase over 2011 and 2012,” said Richard Weber, Chief of Criminal Investigation.
CI continues to play a vital role in the fight against identity theft. CI initiated over 1,400 investigations and recommended prosecution of over 1,250 individuals who were involved in identity theft crimes during fiscal 2013.
As an active partner in over 35 Identity Theft Task Forces, CI works side-by-side with federal, state and local law-enforcement agencies to combat the threat of this insidious crime. One of those task forces, the Tampa Bay Identity Theft Alliance, was recently recognized as the "2013 Task Force of the Year," a national award given by the International Association of Financial Crimes Investigators for investigative excellence and outstanding public service. The Tampa Bay Identity Theft Alliance was formed last year and comprises of 20 Tampa Bay federal, state and local law enforcement agencies and prosecutors.
“The Alliance represents true teamwork by all levels of law enforcement,” Weber said. “Individuals who commit identity theft demonstrate a blatant disregard of the integrity of the United States tax system and cause immeasurable hardship to innocent victims.”
In addition, the 36-page report summarizes a wide variety of IRS CI activity on a range of tax crimes, money laundering, public corruption, terrorist financing and narcotics trafficking financial crimes during the fiscal year ending Sept. 30, 2013.
“Our cases involved individuals and corporations from all segments of society. They led us into corporate board rooms, offices of public officials, tax preparation businesses, identity theft gangs and narcotics trafficking organizations,” Weber said.
"This report highlights some of the many noteworthy cases that were completed by CI, which is just the tip of the iceberg of the complex cases we completed this past year,” Weber added. “The dedication and enthusiasm of our employees was a driving force behind these achievements. IRS-CI continues to make our mark in history as the best financial investigators in the world."
IRS Criminal Investigation Issues Annual Report
IR-2014-18, Feb. 24, 2014
WASHINGTON – The Internal Revenue Service announced the release of its IRS Criminal Investigation (CI) Annual Report for fiscal year 2013, reflecting significant increases in enforcement actions against tax criminals and a robust rise in convictions, including identity theft.
CI investigates potential criminal violations of the Internal Revenue Code and related financial crimes in a manner to foster confidence in the tax system and compliance with the law.
High points of fiscal year 2013 include a 12.5 percent increase in investigations initiated compared to the prior year and a nearly 18 percent gain in prosecution recommendations. Specifically, CI initiated 5,314 cases and recommended 4,364 cases for prosecution. These increases were accomplished at a time when agent resources decreased more than 5 percent.
Meanwhile, convictions rose more than 25 percent compared to the prior year. The conviction rate for fiscal 2013 was 93 percent.
“The conviction rate is especially important because it reflects the quality of our case work, our teamwork with law enforcement partners and the U.S. Attorneys’ Offices, and it represents an increase over 2011 and 2012,” said Richard Weber, Chief of Criminal Investigation.
CI continues to play a vital role in the fight against identity theft. CI initiated over 1,400 investigations and recommended prosecution of over 1,250 individuals who were involved in identity theft crimes during fiscal 2013.
As an active partner in over 35 Identity Theft Task Forces, CI works side-by-side with federal, state and local law-enforcement agencies to combat the threat of this insidious crime. One of those task forces, the Tampa Bay Identity Theft Alliance, was recently recognized as the "2013 Task Force of the Year," a national award given by the International Association of Financial Crimes Investigators for investigative excellence and outstanding public service. The Tampa Bay Identity Theft Alliance was formed last year and comprises of 20 Tampa Bay federal, state and local law enforcement agencies and prosecutors.
“The Alliance represents true teamwork by all levels of law enforcement,” Weber said. “Individuals who commit identity theft demonstrate a blatant disregard of the integrity of the United States tax system and cause immeasurable hardship to innocent victims.”
In addition, the 36-page report summarizes a wide variety of IRS CI activity on a range of tax crimes, money laundering, public corruption, terrorist financing and narcotics trafficking financial crimes during the fiscal year ending Sept. 30, 2013.
“Our cases involved individuals and corporations from all segments of society. They led us into corporate board rooms, offices of public officials, tax preparation businesses, identity theft gangs and narcotics trafficking organizations,” Weber said.
"This report highlights some of the many noteworthy cases that were completed by CI, which is just the tip of the iceberg of the complex cases we completed this past year,” Weber added. “The dedication and enthusiasm of our employees was a driving force behind these achievements. IRS-CI continues to make our mark in history as the best financial investigators in the world."
Tuesday, February 25, 2014
AG HOLDER WANTS NATIONAL STANDARD FOR REPORTING CYBERATTACKS
FROM: U.S. JUSTICE DEPARTMENT
Monday, February 24, 2014
Attorney General Holder Urges Congress to Create National Standard for Reporting Cyberattacks
In a video message released today, Attorney General Eric Holder called on Congress to create a strong, national standard for quickly alerting consumers whose information may be compromised by cyberattacks. This legislation would strengthen the Justice Department's ability to combat crime, ensure individual privacy, and prevent identity theft, while also helping to bring cybercriminals to justice.
The complete text of the Attorney General’s weekly address is available below:
“Late last year, Target – the second-largest discount retailer in the United States – suffered a massive data breach that may have compromised the personal information of as many as 70 million people, in addition to credit and debit card information of up to 40 million customers. The Department of Justice is currently investigating this breach, in close coordination with the U.S. Secret Service. And we are moving aggressively to respond to hacking, cyberattacks, and other crimes that harm American consumers – and expose personal or financial information to those who would take advantage of their fellow citizens.
"As we’ve seen – especially in recent years – these crimes are becoming all too common. And they have the potential to impact millions of Americans every year. Just days after the Target breach was made public, another major retailer – Neiman Marcus – reported that it also suffered a suspected cyberattack during the holiday season. And although Justice Department officials are working closely with the FBI and prosecutors across the country to bring cyber criminals to justice, it’s time for leaders in Washington to provide the tools we need to do even more: by requiring businesses to notify American consumers and law enforcement in the wake of significant data breaches.
“Today, I’m calling on Congress to create a strong, national standard for quickly alerting consumers whose information may be compromised. This would empower the American people to protect themselves if they are at risk of identity theft. It would enable law enforcement to better investigate these crimes – and hold compromised entities accountable when they fail to keep sensitive information safe. And it would provide reasonable exemptions for harmless breaches, to avoid placing unnecessary burdens on businesses that do act responsibly.
“This legislation would strengthen the Justice Department’s ability to combat crime and ensure individual privacy – while bringing cybercriminals to justice. My colleagues and I are eager to work with Members of Congress to refine and pass this important proposal. And we will never stop working to protect the American people – using every tool and resource we can bring to bear.”
Monday, February 24, 2014
Attorney General Holder Urges Congress to Create National Standard for Reporting Cyberattacks
In a video message released today, Attorney General Eric Holder called on Congress to create a strong, national standard for quickly alerting consumers whose information may be compromised by cyberattacks. This legislation would strengthen the Justice Department's ability to combat crime, ensure individual privacy, and prevent identity theft, while also helping to bring cybercriminals to justice.
The complete text of the Attorney General’s weekly address is available below:
“Late last year, Target – the second-largest discount retailer in the United States – suffered a massive data breach that may have compromised the personal information of as many as 70 million people, in addition to credit and debit card information of up to 40 million customers. The Department of Justice is currently investigating this breach, in close coordination with the U.S. Secret Service. And we are moving aggressively to respond to hacking, cyberattacks, and other crimes that harm American consumers – and expose personal or financial information to those who would take advantage of their fellow citizens.
"As we’ve seen – especially in recent years – these crimes are becoming all too common. And they have the potential to impact millions of Americans every year. Just days after the Target breach was made public, another major retailer – Neiman Marcus – reported that it also suffered a suspected cyberattack during the holiday season. And although Justice Department officials are working closely with the FBI and prosecutors across the country to bring cyber criminals to justice, it’s time for leaders in Washington to provide the tools we need to do even more: by requiring businesses to notify American consumers and law enforcement in the wake of significant data breaches.
“Today, I’m calling on Congress to create a strong, national standard for quickly alerting consumers whose information may be compromised. This would empower the American people to protect themselves if they are at risk of identity theft. It would enable law enforcement to better investigate these crimes – and hold compromised entities accountable when they fail to keep sensitive information safe. And it would provide reasonable exemptions for harmless breaches, to avoid placing unnecessary burdens on businesses that do act responsibly.
“This legislation would strengthen the Justice Department’s ability to combat crime and ensure individual privacy – while bringing cybercriminals to justice. My colleagues and I are eager to work with Members of Congress to refine and pass this important proposal. And we will never stop working to protect the American people – using every tool and resource we can bring to bear.”
Thursday, February 20, 2014
IRS ISSUES WARNING REGARDING TAX SCAMS FOR 2014
FROM: INTERNAL REVENUE SERVICE
IRS Releases the “Dirty Dozen” Tax Scams for 2014; Identity Theft, Phone Scams Lead List
WASHINGTON — The Internal Revenue Service today issued its annual “Dirty Dozen” list of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud.
The Dirty Dozen listing, compiled by the IRS each year, lists a variety of common scams taxpayers can encounter at any point during the year. But many of these schemes peak during filing season as people prepare their tax returns.
"Taxpayers should be on the lookout for tax scams using the IRS name,” said IRS Commissioner John Koskinen. “These schemes jump every year at tax time. Scams can be sophisticated and take many different forms. We urge people to protect themselves and use caution when viewing e-mails, receiving telephone calls or getting advice on tax issues.”
Illegal scams can lead to significant penalties and interest and possible criminal prosecution. IRS Criminal Investigation works closely with the Department of Justice (DOJ) to shutdown scams and prosecute the criminals behind them.
The following are the Dirty Dozen tax scams for 2014:
Identity Theft
Tax fraud through the use of identity theft tops this year’s Dirty Dozen list. Identity theft occurs when someone uses your personal information, such as your name, Social Security number (SSN) or other identifying information, without your permission, to commit fraud or other crimes. In many cases, an identity thief uses a legitimate taxpayer’s identity to fraudulently file a tax return and claim a refund.
The agency’s work on identity theft and refund fraud continues to grow, touching nearly every part of the organization. For the 2014 filing season, the IRS has expanded these efforts to better protect taxpayers and help victims.
The IRS has a special section on IRS.gov dedicated to identity theft issues, including YouTube videos, tips for taxpayers and an assistance guide. For victims, the information includes how to contact the IRS Identity Protection Specialized Unit. For other taxpayers, there are tips on how taxpayers can protect themselves against identity theft.
Taxpayers who believe they are at risk of identity theft due to lost or stolen personal information should contact the IRS immediately so the agency can take action to secure their tax account. Taxpayers can call the IRS Identity Protection Specialized Unit at 800-908-4490. More information can be found on the special identity protection page.
Pervasive Telephone Scams
The IRS has seen a recent increase in local phone scams across the country, with callers pretending to be from the IRS in hopes of stealing money or identities from victims.
These phone scams include many variations, ranging from instances from where callers say the victims owe money or are entitled to a huge refund. Some calls can threaten arrest and threaten a driver’s license revocation. Sometimes these calls are paired with follow-up calls from people saying they are from the local police department or the state motor vehicle department.
Characteristics of these scams can include:
Scammers use fake names and IRS badge numbers. They generally use common names and surnames to identify themselves.
Scammers may be able to recite the last four digits of a victim’s Social Security Number.
Scammers “spoof” or imitate the IRS toll-free number on caller ID to make it appear that it’s the IRS calling.
Scammers sometimes send bogus IRS emails to some victims to support their bogus calls.
Victims hear background noise of other calls being conducted to mimic a call site.
After threatening victims with jail time or a driver’s license revocation, scammers hang up and others soon call back pretending to be from the local police or DMV, and the caller ID supports their claim.
In another variation, one sophisticated phone scam has targeted taxpayers, including recent immigrants, throughout the country. Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting.
If you get a phone call from someone claiming to be from the IRS, here’s what you should do: If you know you owe taxes or you think you might owe taxes, call the IRS at 1.800.829.1040. The IRS employees at that line can help you with a payment issue – if there really is such an issue.
If you know you don’t owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above), then call and report the incident to the Treasury Inspector General for Tax Administration at 1.800.366.4484.
If you’ve been targeted by these scams, you should also contact the Federal Trade Commission and use their “FTC Complaint Assistant” at FTC.gov. Please add "IRS Telephone Scam" to the comments of your complaint.
Phishing
Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information. Armed with this information, a criminal can commit identity theft or financial theft.
If you receive an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), report it by sending it to phishing@irs.gov.
It is important to keep in mind the IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels. The IRS has information online that can help you protect yourself from email scams.
False Promises of “Free Money” from Inflated Refunds
Scam artists routinely pose as tax preparers during tax time, luring victims in by promising large federal tax refunds or refunds that people never dreamed they were due in the first place.
Scam artists use flyers, advertisements, phony store fronts and even word of mouth to throw out a wide net for victims. They may even spread the word through community groups or churches where trust is high. Scammers prey on people who do not have a filing requirement, such as low-income individuals or the elderly. They also prey on non-English speakers, who may or may not have a filing requirement.
Scammers build false hope by duping people into making claims for fictitious rebates, benefits or tax credits. They charge good money for very bad advice. Or worse, they file a false return in a person's name and that person never knows that a refund was paid.
Scam artists also victimize people with a filing requirement and due a refund by promising inflated refunds based on fictitious Social Security benefits and false claims for education credits, the Earned Income Tax Credit (EITC), or the American Opportunity Tax Credit, among others.
The IRS sometimes hears about scams from victims complaining about losing their federal benefits, such as Social Security benefits, certain veteran’s benefits or low-income housing benefits. The loss of benefits was the result of false claims being filed with the IRS that provided false income amounts.
While honest tax preparers provide their customers a copy of the tax return they’ve prepared, victims of scam frequently are not given a copy of what was filed. Victims also report that the fraudulent refund is deposited into the scammer’s bank account. The scammers deduct a large “fee” before cutting a check to the victim, a practice not used by legitimate tax preparers.
The IRS reminds all taxpayers that they are legally responsible for what’s on their returns even if it was prepared by someone else. Taxpayers who buy into such schemes can end up being penalized for filing false claims or receiving fraudulent refunds.
Taxpayers should take care when choosing an individual or firm to prepare their taxes. Honest return preparers generally: ask for proof of income and eligibility for credits and deductions; sign returns as the preparer; enter their IRS Preparer Tax Identification Number (PTIN); provide the taxpayer a copy of the return.
Beware: Intentional mistakes of this kind can result in a $5,000 penalty.
Return Preparer Fraud
About 60 percent of taxpayers will use tax professionals this year to prepare their tax returns. Most return preparers provide honest service to their clients. But, some unscrupulous preparers prey on unsuspecting taxpayers, and the result can be refund fraud or identity theft.
It is important to choose carefully when hiring an individual or firm to prepare your return. This year, the IRS wants to remind all taxpayers that they should use only preparers who sign the returns they prepare and enter their IRS Preparer Tax Identification Numbers (PTINs).
The IRS also has a web page to assist taxpayers. For tips about choosing a preparer, details on preparer qualifications and information on how and when to make a complaint, visit www.irs.gov/chooseataxpro.
Remember: Taxpayers are legally responsible for what’s on their tax return even if it is prepared by someone else. Make sure the preparer you hire is up to the task.
IRS.gov has general information on reporting tax fraud. More specifically, you report abusive tax preparers to the IRS on Form 14157, Complaint: Tax Return Preparer. Download Form 14157 and fill it out or order by mail at 800-TAX FORM (800-829-3676). The form includes a return address.
Hiding Income Offshore
Over the years, numerous individuals have been identified as evading U.S. taxes by hiding income in offshore banks, brokerage accounts or nominee entities and then using debit cards, credit cards or wire transfers to access the funds. Others have employed foreign trusts, employee-leasing schemes, private annuities or insurance plans for the same purpose.
The IRS uses information gained from its investigations to pursue taxpayers with undeclared accounts, as well as the banks and bankers suspected of helping clients hide their assets overseas. The IRS works closely with the Department of Justice (DOJ) to prosecute tax evasion cases.
While there are legitimate reasons for maintaining financial accounts abroad, there are reporting requirements that need to be fulfilled. U.S. taxpayers who maintain such accounts and who do not comply with reporting requirements are breaking the law and risk significant penalties and fines, as well as the possibility of criminal prosecution.
Since 2009, tens of thousands of individuals have come forward voluntarily to disclose their foreign financial accounts, taking advantage of special opportunities to comply with the U.S. tax system and resolve their tax obligations. And, with new foreign account reporting requirements being phased in over the next few years, hiding income offshore is increasingly more difficult.
At the beginning of 2012, the IRS reopened the Offshore Voluntary Disclosure Program (OVDP) following continued strong interest from taxpayers and tax practitioners after the closure of the 2011 and 2009 programs. The IRS works on a wide range of international tax issues with DOJ to pursue criminal prosecution of international tax evasion. This program will be open for an indefinite period until otherwise announced.
The IRS has collected billions of dollars in back taxes, interest and penalties so far from people who participated in offshore voluntary disclosure programs since 2009. It is in the best long-term interest of taxpayers to come forward, catch up on their filing requirements and pay their fair share.
Impersonation of Charitable Organizations
Another long-standing type of abuse or fraud is scams that occur in the wake of significant natural disasters.
Following major disasters, it’s common for scam artists to impersonate charities to get money or private information from well-intentioned taxpayers. Scam artists can use a variety of tactics. Some scammers operating bogus charities may contact people by telephone or email to solicit money or financial information. They may even directly contact disaster victims and claim to be working for or on behalf of the IRS to help the victims file casualty loss claims and get tax refunds.
They may attempt to get personal financial information or Social Security numbers that can be used to steal the victims’ identities or financial resources. Bogus websites may solicit funds for disaster victims. The IRS cautions both victims of natural disasters and people wishing to make charitable donations to avoid scam artists by following these tips:
To help disaster victims, donate to recognized charities.
Be wary of charities with names that are similar to familiar or nationally known organizations. Some phony charities use names or websites that sound or look like those of respected, legitimate organizations. IRS.gov has a search feature, Exempt Organizations Select Check, which allows people to find legitimate, qualified charities to which donations may be tax-deductible.
Don’t give out personal financial information, such as Social Security numbers or credit card and bank account numbers and passwords, to anyone who solicits a contribution from you. Scam artists may use this information to steal your identity and money.
Don’t give or send cash. For security and tax record purposes, contribute by check or credit card or another way that provides documentation of the gift.
Call the IRS toll-free disaster assistance telephone number (1-866-562-5227) if you are a disaster victim with specific questions about tax relief or disaster related tax issues.
False Income, Expenses or Exemptions
Another scam involves inflating or including income on a tax return that was never earned, either as wages or as self-employment income in order to maximize refundable credits. Claiming income you did not earn or expenses you did not pay in order to secure larger refundable credits such as the Earned Income Tax Credit could have serious repercussions. This could result in repaying the erroneous refunds, including interest and penalties, and in some cases, even prosecution.
Additionally, some taxpayers are filing excessive claims for the fuel tax credit. Farmers and other taxpayers who use fuel for off-highway business purposes may be eligible for the fuel tax credit. But other individuals have claimed the tax credit although they were not eligible. Fraud involving the fuel tax credit is considered a frivolous tax claim and can result in a penalty of $5,000.
Frivolous Arguments
Promoters of frivolous schemes encourage taxpayers to make unreasonable and outlandish claims to avoid paying the taxes they owe. The IRS has a list of frivolous tax arguments that taxpayers should avoid. These arguments are wrong and have been thrown out of court. While taxpayers have the right to contest their tax liabilities in court, no one has the right to disobey the law or disregard their responsibility to pay taxes.
Those who promote or adopt frivolous positions risk a variety of penalties. For example, taxpayers could be responsible for an accuracy-related penalty, a civil fraud penalty, an erroneous refund claim penalty, or a failure to file penalty. The Tax Court may also impose a penalty against taxpayers who make frivolous arguments in court.
Taxpayers who rely on frivolous arguments and schemes may also face criminal prosecution for attempting to evade or defeat tax. Similarly, taxpayers may be convicted of a felony for willfully making and signing under penalties of perjury any return, statement, or other document that the person does not believe to be true and correct as to every material matter. Persons who promote frivolous arguments and those who assist taxpayers in claiming tax benefits based on frivolous arguments may be prosecuted for a criminal felony.
Falsely Claiming Zero Wages or Using False Form 1099
Filing a phony information return is an illegal way to lower the amount of taxes an individual owes. Typically, a Form 4852 (Substitute Form W-2) or a “corrected” Form 1099 is used as a way to improperly reduce taxable income to zero. The taxpayer may also submit a statement rebutting wages and taxes reported by a payer to the IRS.
Sometimes, fraudsters even include an explanation on their Form 4852 that cites statutory language on the definition of wages or may include some reference to a paying company that refuses to issue a corrected Form W-2 for fear of IRS retaliation. Taxpayers should resist any temptation to participate in any variations of this scheme. Filing this type of return may result in a $5,000 penalty.
Some people also attempt fraud using false Form 1099 refund claims. In some cases, individuals have made refund claims based on the bogus theory that the federal government maintains secret accounts for U.S. citizens and that taxpayers can gain access to the accounts by issuing 1099-OID forms to the IRS. In this ongoing scam, the perpetrator files a fake information return, such as a Form 1099 Original Issue Discount (OID), to justify a false refund claim on a corresponding tax return.
Don’t fall prey to people who encourage you to claim deductions or credits to which you are not entitled or willingly allow others to use your information to file false returns. If you are a party to such schemes, you could be liable for financial penalties or even face criminal prosecution.
Abusive Tax Structures
Abusive tax schemes have evolved from simple structuring of abusive domestic and foreign trust arrangements into sophisticated strategies that take advantage of the financial secrecy laws of some foreign jurisdictions and the availability of credit/debit cards issued from offshore financial institutions.
IRS Criminal Investigation (CI) has developed a nationally coordinated program to combat these abusive tax schemes. CI's primary focus is on the identification and investigation of the tax scheme promoters as well as those who play a substantial or integral role in facilitating, aiding, assisting, or furthering the abusive tax scheme (e.g., accountants, lawyers). Secondarily, but equally important, is the investigation of investors who knowingly participate in abusive tax schemes.
What is an abusive scheme? The Abusive Tax Schemes program encompasses violations of the Internal Revenue Code (IRC) and related statutes where multiple flow-through entities are used as an integral part of the taxpayer's scheme to evade taxes. These schemes are characterized by the use of Limited Liability Companies (LLCs), Limited Liability Partnerships (LLPs), International Business Companies (IBCs), foreign financial accounts, offshore credit/debit cards and other similar instruments. The schemes are usually complex involving multi-layer transactions for the purpose of concealing the true nature and ownership of the taxable income and/or assets.
Form over substance are the most important words to remember before buying into any arrangements that promise to "eliminate" or "substantially reduce" your tax liability. The promoters of abusive tax schemes often employ financial instruments in their schemes. However, the instruments are used for improper purposes including the facilitation of tax evasion.
The IRS encourages taxpayers to report unlawful tax evasion. Where Do You Report Suspected Tax Fraud Activity?
Misuse of Trusts
Trusts also commonly show up in abusive tax structures. They are highlighted here because unscrupulous promoters continue to urge taxpayers to transfer large amounts of assets into trusts. These assets include not only cash and investments, but also successful on-going businesses. There are legitimate uses of trusts in tax and estate planning, but the IRS commonly sees highly questionable transactions. These transactions promise reduced taxable income, inflated deductions for personal expenses, the reduction or elimination of self-employment taxes and reduced estate or gift transfer taxes. These transactions commonly arise when taxpayers are transferring wealth from one generation to another. Questionable trusts rarely deliver the tax benefits promised and are used primarily as a means of avoiding income tax liability and hiding assets from creditors, including the IRS.
IRS personnel continue to see an increase in the improper use of private annuity trusts and foreign trusts to shift income and deduct personal expenses, as well as to avoid estate transfer taxes. As with other arrangements, taxpayers should seek the advice of a trusted professional before entering a trust arrangement.
The IRS reminds taxpayers that tax scams can take many forms beyond the “Dirty Dozen,” and people should be on the lookout for many other schemes. More information on tax scams is available at IRS.gov.
IRS Releases the “Dirty Dozen” Tax Scams for 2014; Identity Theft, Phone Scams Lead List
WASHINGTON — The Internal Revenue Service today issued its annual “Dirty Dozen” list of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud.
The Dirty Dozen listing, compiled by the IRS each year, lists a variety of common scams taxpayers can encounter at any point during the year. But many of these schemes peak during filing season as people prepare their tax returns.
"Taxpayers should be on the lookout for tax scams using the IRS name,” said IRS Commissioner John Koskinen. “These schemes jump every year at tax time. Scams can be sophisticated and take many different forms. We urge people to protect themselves and use caution when viewing e-mails, receiving telephone calls or getting advice on tax issues.”
Illegal scams can lead to significant penalties and interest and possible criminal prosecution. IRS Criminal Investigation works closely with the Department of Justice (DOJ) to shutdown scams and prosecute the criminals behind them.
The following are the Dirty Dozen tax scams for 2014:
Identity Theft
Tax fraud through the use of identity theft tops this year’s Dirty Dozen list. Identity theft occurs when someone uses your personal information, such as your name, Social Security number (SSN) or other identifying information, without your permission, to commit fraud or other crimes. In many cases, an identity thief uses a legitimate taxpayer’s identity to fraudulently file a tax return and claim a refund.
The agency’s work on identity theft and refund fraud continues to grow, touching nearly every part of the organization. For the 2014 filing season, the IRS has expanded these efforts to better protect taxpayers and help victims.
The IRS has a special section on IRS.gov dedicated to identity theft issues, including YouTube videos, tips for taxpayers and an assistance guide. For victims, the information includes how to contact the IRS Identity Protection Specialized Unit. For other taxpayers, there are tips on how taxpayers can protect themselves against identity theft.
Taxpayers who believe they are at risk of identity theft due to lost or stolen personal information should contact the IRS immediately so the agency can take action to secure their tax account. Taxpayers can call the IRS Identity Protection Specialized Unit at 800-908-4490. More information can be found on the special identity protection page.
Pervasive Telephone Scams
The IRS has seen a recent increase in local phone scams across the country, with callers pretending to be from the IRS in hopes of stealing money or identities from victims.
These phone scams include many variations, ranging from instances from where callers say the victims owe money or are entitled to a huge refund. Some calls can threaten arrest and threaten a driver’s license revocation. Sometimes these calls are paired with follow-up calls from people saying they are from the local police department or the state motor vehicle department.
Characteristics of these scams can include:
Scammers use fake names and IRS badge numbers. They generally use common names and surnames to identify themselves.
Scammers may be able to recite the last four digits of a victim’s Social Security Number.
Scammers “spoof” or imitate the IRS toll-free number on caller ID to make it appear that it’s the IRS calling.
Scammers sometimes send bogus IRS emails to some victims to support their bogus calls.
Victims hear background noise of other calls being conducted to mimic a call site.
After threatening victims with jail time or a driver’s license revocation, scammers hang up and others soon call back pretending to be from the local police or DMV, and the caller ID supports their claim.
In another variation, one sophisticated phone scam has targeted taxpayers, including recent immigrants, throughout the country. Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting.
If you get a phone call from someone claiming to be from the IRS, here’s what you should do: If you know you owe taxes or you think you might owe taxes, call the IRS at 1.800.829.1040. The IRS employees at that line can help you with a payment issue – if there really is such an issue.
If you know you don’t owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above), then call and report the incident to the Treasury Inspector General for Tax Administration at 1.800.366.4484.
If you’ve been targeted by these scams, you should also contact the Federal Trade Commission and use their “FTC Complaint Assistant” at FTC.gov. Please add "IRS Telephone Scam" to the comments of your complaint.
Phishing
Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information. Armed with this information, a criminal can commit identity theft or financial theft.
If you receive an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), report it by sending it to phishing@irs.gov.
It is important to keep in mind the IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels. The IRS has information online that can help you protect yourself from email scams.
False Promises of “Free Money” from Inflated Refunds
Scam artists routinely pose as tax preparers during tax time, luring victims in by promising large federal tax refunds or refunds that people never dreamed they were due in the first place.
Scam artists use flyers, advertisements, phony store fronts and even word of mouth to throw out a wide net for victims. They may even spread the word through community groups or churches where trust is high. Scammers prey on people who do not have a filing requirement, such as low-income individuals or the elderly. They also prey on non-English speakers, who may or may not have a filing requirement.
Scammers build false hope by duping people into making claims for fictitious rebates, benefits or tax credits. They charge good money for very bad advice. Or worse, they file a false return in a person's name and that person never knows that a refund was paid.
Scam artists also victimize people with a filing requirement and due a refund by promising inflated refunds based on fictitious Social Security benefits and false claims for education credits, the Earned Income Tax Credit (EITC), or the American Opportunity Tax Credit, among others.
The IRS sometimes hears about scams from victims complaining about losing their federal benefits, such as Social Security benefits, certain veteran’s benefits or low-income housing benefits. The loss of benefits was the result of false claims being filed with the IRS that provided false income amounts.
While honest tax preparers provide their customers a copy of the tax return they’ve prepared, victims of scam frequently are not given a copy of what was filed. Victims also report that the fraudulent refund is deposited into the scammer’s bank account. The scammers deduct a large “fee” before cutting a check to the victim, a practice not used by legitimate tax preparers.
The IRS reminds all taxpayers that they are legally responsible for what’s on their returns even if it was prepared by someone else. Taxpayers who buy into such schemes can end up being penalized for filing false claims or receiving fraudulent refunds.
Taxpayers should take care when choosing an individual or firm to prepare their taxes. Honest return preparers generally: ask for proof of income and eligibility for credits and deductions; sign returns as the preparer; enter their IRS Preparer Tax Identification Number (PTIN); provide the taxpayer a copy of the return.
Beware: Intentional mistakes of this kind can result in a $5,000 penalty.
Return Preparer Fraud
About 60 percent of taxpayers will use tax professionals this year to prepare their tax returns. Most return preparers provide honest service to their clients. But, some unscrupulous preparers prey on unsuspecting taxpayers, and the result can be refund fraud or identity theft.
It is important to choose carefully when hiring an individual or firm to prepare your return. This year, the IRS wants to remind all taxpayers that they should use only preparers who sign the returns they prepare and enter their IRS Preparer Tax Identification Numbers (PTINs).
The IRS also has a web page to assist taxpayers. For tips about choosing a preparer, details on preparer qualifications and information on how and when to make a complaint, visit www.irs.gov/chooseataxpro.
Remember: Taxpayers are legally responsible for what’s on their tax return even if it is prepared by someone else. Make sure the preparer you hire is up to the task.
IRS.gov has general information on reporting tax fraud. More specifically, you report abusive tax preparers to the IRS on Form 14157, Complaint: Tax Return Preparer. Download Form 14157 and fill it out or order by mail at 800-TAX FORM (800-829-3676). The form includes a return address.
Hiding Income Offshore
Over the years, numerous individuals have been identified as evading U.S. taxes by hiding income in offshore banks, brokerage accounts or nominee entities and then using debit cards, credit cards or wire transfers to access the funds. Others have employed foreign trusts, employee-leasing schemes, private annuities or insurance plans for the same purpose.
The IRS uses information gained from its investigations to pursue taxpayers with undeclared accounts, as well as the banks and bankers suspected of helping clients hide their assets overseas. The IRS works closely with the Department of Justice (DOJ) to prosecute tax evasion cases.
While there are legitimate reasons for maintaining financial accounts abroad, there are reporting requirements that need to be fulfilled. U.S. taxpayers who maintain such accounts and who do not comply with reporting requirements are breaking the law and risk significant penalties and fines, as well as the possibility of criminal prosecution.
Since 2009, tens of thousands of individuals have come forward voluntarily to disclose their foreign financial accounts, taking advantage of special opportunities to comply with the U.S. tax system and resolve their tax obligations. And, with new foreign account reporting requirements being phased in over the next few years, hiding income offshore is increasingly more difficult.
At the beginning of 2012, the IRS reopened the Offshore Voluntary Disclosure Program (OVDP) following continued strong interest from taxpayers and tax practitioners after the closure of the 2011 and 2009 programs. The IRS works on a wide range of international tax issues with DOJ to pursue criminal prosecution of international tax evasion. This program will be open for an indefinite period until otherwise announced.
The IRS has collected billions of dollars in back taxes, interest and penalties so far from people who participated in offshore voluntary disclosure programs since 2009. It is in the best long-term interest of taxpayers to come forward, catch up on their filing requirements and pay their fair share.
Impersonation of Charitable Organizations
Another long-standing type of abuse or fraud is scams that occur in the wake of significant natural disasters.
Following major disasters, it’s common for scam artists to impersonate charities to get money or private information from well-intentioned taxpayers. Scam artists can use a variety of tactics. Some scammers operating bogus charities may contact people by telephone or email to solicit money or financial information. They may even directly contact disaster victims and claim to be working for or on behalf of the IRS to help the victims file casualty loss claims and get tax refunds.
They may attempt to get personal financial information or Social Security numbers that can be used to steal the victims’ identities or financial resources. Bogus websites may solicit funds for disaster victims. The IRS cautions both victims of natural disasters and people wishing to make charitable donations to avoid scam artists by following these tips:
To help disaster victims, donate to recognized charities.
Be wary of charities with names that are similar to familiar or nationally known organizations. Some phony charities use names or websites that sound or look like those of respected, legitimate organizations. IRS.gov has a search feature, Exempt Organizations Select Check, which allows people to find legitimate, qualified charities to which donations may be tax-deductible.
Don’t give out personal financial information, such as Social Security numbers or credit card and bank account numbers and passwords, to anyone who solicits a contribution from you. Scam artists may use this information to steal your identity and money.
Don’t give or send cash. For security and tax record purposes, contribute by check or credit card or another way that provides documentation of the gift.
Call the IRS toll-free disaster assistance telephone number (1-866-562-5227) if you are a disaster victim with specific questions about tax relief or disaster related tax issues.
False Income, Expenses or Exemptions
Another scam involves inflating or including income on a tax return that was never earned, either as wages or as self-employment income in order to maximize refundable credits. Claiming income you did not earn or expenses you did not pay in order to secure larger refundable credits such as the Earned Income Tax Credit could have serious repercussions. This could result in repaying the erroneous refunds, including interest and penalties, and in some cases, even prosecution.
Additionally, some taxpayers are filing excessive claims for the fuel tax credit. Farmers and other taxpayers who use fuel for off-highway business purposes may be eligible for the fuel tax credit. But other individuals have claimed the tax credit although they were not eligible. Fraud involving the fuel tax credit is considered a frivolous tax claim and can result in a penalty of $5,000.
Frivolous Arguments
Promoters of frivolous schemes encourage taxpayers to make unreasonable and outlandish claims to avoid paying the taxes they owe. The IRS has a list of frivolous tax arguments that taxpayers should avoid. These arguments are wrong and have been thrown out of court. While taxpayers have the right to contest their tax liabilities in court, no one has the right to disobey the law or disregard their responsibility to pay taxes.
Those who promote or adopt frivolous positions risk a variety of penalties. For example, taxpayers could be responsible for an accuracy-related penalty, a civil fraud penalty, an erroneous refund claim penalty, or a failure to file penalty. The Tax Court may also impose a penalty against taxpayers who make frivolous arguments in court.
Taxpayers who rely on frivolous arguments and schemes may also face criminal prosecution for attempting to evade or defeat tax. Similarly, taxpayers may be convicted of a felony for willfully making and signing under penalties of perjury any return, statement, or other document that the person does not believe to be true and correct as to every material matter. Persons who promote frivolous arguments and those who assist taxpayers in claiming tax benefits based on frivolous arguments may be prosecuted for a criminal felony.
Falsely Claiming Zero Wages or Using False Form 1099
Filing a phony information return is an illegal way to lower the amount of taxes an individual owes. Typically, a Form 4852 (Substitute Form W-2) or a “corrected” Form 1099 is used as a way to improperly reduce taxable income to zero. The taxpayer may also submit a statement rebutting wages and taxes reported by a payer to the IRS.
Sometimes, fraudsters even include an explanation on their Form 4852 that cites statutory language on the definition of wages or may include some reference to a paying company that refuses to issue a corrected Form W-2 for fear of IRS retaliation. Taxpayers should resist any temptation to participate in any variations of this scheme. Filing this type of return may result in a $5,000 penalty.
Some people also attempt fraud using false Form 1099 refund claims. In some cases, individuals have made refund claims based on the bogus theory that the federal government maintains secret accounts for U.S. citizens and that taxpayers can gain access to the accounts by issuing 1099-OID forms to the IRS. In this ongoing scam, the perpetrator files a fake information return, such as a Form 1099 Original Issue Discount (OID), to justify a false refund claim on a corresponding tax return.
Don’t fall prey to people who encourage you to claim deductions or credits to which you are not entitled or willingly allow others to use your information to file false returns. If you are a party to such schemes, you could be liable for financial penalties or even face criminal prosecution.
Abusive Tax Structures
Abusive tax schemes have evolved from simple structuring of abusive domestic and foreign trust arrangements into sophisticated strategies that take advantage of the financial secrecy laws of some foreign jurisdictions and the availability of credit/debit cards issued from offshore financial institutions.
IRS Criminal Investigation (CI) has developed a nationally coordinated program to combat these abusive tax schemes. CI's primary focus is on the identification and investigation of the tax scheme promoters as well as those who play a substantial or integral role in facilitating, aiding, assisting, or furthering the abusive tax scheme (e.g., accountants, lawyers). Secondarily, but equally important, is the investigation of investors who knowingly participate in abusive tax schemes.
What is an abusive scheme? The Abusive Tax Schemes program encompasses violations of the Internal Revenue Code (IRC) and related statutes where multiple flow-through entities are used as an integral part of the taxpayer's scheme to evade taxes. These schemes are characterized by the use of Limited Liability Companies (LLCs), Limited Liability Partnerships (LLPs), International Business Companies (IBCs), foreign financial accounts, offshore credit/debit cards and other similar instruments. The schemes are usually complex involving multi-layer transactions for the purpose of concealing the true nature and ownership of the taxable income and/or assets.
Form over substance are the most important words to remember before buying into any arrangements that promise to "eliminate" or "substantially reduce" your tax liability. The promoters of abusive tax schemes often employ financial instruments in their schemes. However, the instruments are used for improper purposes including the facilitation of tax evasion.
The IRS encourages taxpayers to report unlawful tax evasion. Where Do You Report Suspected Tax Fraud Activity?
Misuse of Trusts
Trusts also commonly show up in abusive tax structures. They are highlighted here because unscrupulous promoters continue to urge taxpayers to transfer large amounts of assets into trusts. These assets include not only cash and investments, but also successful on-going businesses. There are legitimate uses of trusts in tax and estate planning, but the IRS commonly sees highly questionable transactions. These transactions promise reduced taxable income, inflated deductions for personal expenses, the reduction or elimination of self-employment taxes and reduced estate or gift transfer taxes. These transactions commonly arise when taxpayers are transferring wealth from one generation to another. Questionable trusts rarely deliver the tax benefits promised and are used primarily as a means of avoiding income tax liability and hiding assets from creditors, including the IRS.
IRS personnel continue to see an increase in the improper use of private annuity trusts and foreign trusts to shift income and deduct personal expenses, as well as to avoid estate transfer taxes. As with other arrangements, taxpayers should seek the advice of a trusted professional before entering a trust arrangement.
The IRS reminds taxpayers that tax scams can take many forms beyond the “Dirty Dozen,” and people should be on the lookout for many other schemes. More information on tax scams is available at IRS.gov.
Wednesday, February 5, 2014
DOJ SENATE TESTIMONY ON "PRIVACY IN THE DIGITAL AGE"
FROM: DEPARTMENT OF JUSTICE PRIVACY
Testimony as Prepared for Delivery by Acting Assistant Attorney General for the Criminal Division Mythili Raman Before the U.S. Senate Committee on the Judiciary on the Topic, “Privacy in the Digital Age”
~ Tuesday, February 4, 2014
Good afternoon, Chairman Leahy, Ranking Member Grassley, and Members of the Committee. Thank you for the opportunity to appear before the Committee today to discuss the Department of Justice’s fight against cybercrime. I also particularly want to thank the Chair for holding this hearing and for his continued leadership on these important issues.
At the Department of Justice, we are devoting significant resources and energy to fighting computer hacking and other types of cybercrime. The recent revelations about the massive thefts of financial information from large retail stores have served as a stark reminder to all of us about how vulnerable we are to cyber criminals who are determined to steal our personal information. The Justice Department is more committed than ever to ensuring that the full range of government enforcement tools is brought to bear in the fight against cybercrime.
Cybercrime has increased dramatically over the last decade, and our financial infrastructure has suffered repeated cyber intrusions. As we all know, it is becoming far too commonplace an occurrence that our email accounts are hijacked, our financial information siphoned away, and our personal information compromised. The technology revolution – which has brought enormous benefits to individuals, U.S. companies and our economy as a whole – has also facilitated these criminal activities, making available a wide array of new methods that identity thieves can use to access and exploit the personal information of others. Skilled criminal hackers are now able to perpetrate large-scale data breaches that leave, in some cases, tens of millions of individuals at risk of identity theft. Today’s criminals, who often sit on the other side of the world, can hack into computer systems of universities, merchants, financial institutions, credit card processing companies, and data processors to steal large volumes of sensitive and valuable information. They then peddle the stolen information to other criminals, use the information for their own financial gain, or sometimes even terrorize and extort their victims.
Last December, Target, the second-largest U.S. discount chain, announced that credit and debit card data for as many as 40 million consumers who shopped in its stores between November 27 and December 15 may have been compromised. Target then disclosed on January 10 that thieves had also accessed the personal information, including names, phone numbers, home addresses, and/or email addresses, of as many as 70 million people – information that is valued by criminals because it can be used to lure victims with fake emails or hack into other accounts. The U.S. Secret Service, within the Department of Homeland Security, and the Department of Justice are investigating this massive data breach.
A few days later, retailer Neiman Marcus Inc. reported that it also was the victim of a suspected cyberattack over the holidays in which some of its customers’ credit card information may have been stolen. Target and Neiman Marcus are just two of the latest known victims.
The Justice Department is vigorously responding to hacking and other cybercrimes through the tenacious work of the Criminal Division’s Computer Crime and Intellectual Property Section, also known as CCIPS, which partners with Computer Hacking and Intellectual Property Coordinators in U.S. Attorney’s Offices across the country as part of a network of almost 300 Justice Department cybercrime prosecutors. In addition, the Federal Bureau of Investigation has made combating cyber threats one of its top national priorities, working through Cyber Task Forces in each of its 56 field offices and continuing to strengthen the National Cyber Investigative Joint Task Force. Every day, these prosecutors and agents strive to hold to account cyber criminals who victimize Americans.
Consider, for instance, the case of Vladislav Horohorin, which was prosecuted here in the District of Columbia by CCIPS and the United States Attorney’s Office, based on an investigation by the FBI and U.S. Secret Service. Horohorin, known by the online nickname “BadB,” used online criminal forums to sell stolen credit and debit card information to individuals around the world to enable fraudulent transactions by other cyber criminals. At the time of his arrest, he possessed more than 2.5 million stolen credit and debit card numbers. In one instance, he participated in a criminal group that, in a single 12-hour crime spree, stole over $9.4 million through fraudulent transactions at over 2,100 ATMs in 280 cities around the world. As a result of a massive investigation spanning several years – and several countries – we located and charged him, and he was arrested after leaving Russia for France. In April 2013, Horohorin was sentenced to serve 88 months in prison.
Our investigation of the Coreflood botnet is another example of our commitment to stopping massive computer crimes by using the most innovative law enforcement techniques. A botnet is a network of secretly hacked computers, sometimes numbering in the millions, which are located in homes, schools, and offices. The computers are infected with sophisticated malicious software, or “malware,” and once the malware is installed, hackers can put these bots to countless illegal uses. The Coreflood botnet, for example, hijacked hundreds of thousands of computers for the purpose of stealing private personal and financial information – including usernames and passwords – from unsuspecting computer users. In one example, the Coreflood botnet software illegally monitored Internet communications between a computer user and her bank, took over an online banking session, and then emptied the user’s bank account. Overall losses from the scheme were staggering, estimated to be in the tens of millions of dollars.
Although the individuals controlling the Coreflood network resided overseas and were largely outside the direct reach of U.S. law enforcement, in 2011, CCIPS, the United States Attorney’s Office for the District of Connecticut, and the FBI used a combination of civil and criminal legal authorities to seize key control servers, shut down the network, and work with private sector partners to help disinfect victims’ computer systems. Among other things, as part of this ground-breaking law enforcement operation, the Justice Department obtained a court order authorizing the government to respond to signals sent from infected computers in the United States to stop the Coreflood software from running, and thus to prevent further harm to hundreds of thousands of Americans whose computers were under the control of the botnet. And, in a relatively short period of time, the Coreflood botnet was dismantled.
The Department has continued to place a high priority on arresting and deterring those who create botnets. CCIPS and the U.S. Attorney’s Office in Atlanta just last week announced the guilty plea of a Russian citizen named Aleksandr Panin for developing and distributing malware called “SpyEye.” The SpyEye malware created botnets that stole personal and financial information such as credit card information, banking credentials, usernames, passwords, and personal identification numbers. Panin sold his software to at least 154 criminal “clients,” who in turn used it to infect an estimated 1.4 million computers around the world. The FBI arrested Panin on July 1, 2013, while he was flying through Hartsfield-Jackson Atlanta International Airport.
Hacking can have terrifying consequences even when conducted on a smaller scale, and we have vigorously pursued hackers who have used the Internet to invade Americans’ privacy. In 2011, for example, in a case investigated by the FBI, the United States Attorney’s Office in Los Angeles successfully prosecuted a hacker named Luis Mijangos. Mijangos hacked for sexual thrill. He infected the computers of victims with malicious software that gave him complete control over their computers. He deliberately targeted teens and young women, reading their emails, turning on their computer microphones and listening to conversations taking place in their homes, and, most importantly for him, watching them through their webcams as they undressed. Even more frightening, Mijangos then extorted certain victims by threatening to post intimate pictures on the Internet unless the victims provided him with even more salacious images or videos of themselves. When one victim shared Mijangos’s threats with a friend, Mijangos retaliated by posting nude pictures of the victim on her friend’s social networking page. In another instance, Mijangos had infected the computers of a college student, her boyfriend, and her roommate. When the victim called her boyfriend, and they discussed calling the police, Mijangos reportedly sent the boyfriend an anonymous instant message that said: “I know you’re talking to each other right now!” The victim then decided to call the police. But when she did, she got a message, too. “I know you just called the police,” he wrote. His message was unmistakable: he was in control; he knew everything; and he had the power to hurt the victim further if she reported the crime. At the time of his arrest, FBI computer forensics experts had determined that Mijangos had infected more than 100 computers that were used by approximately 230 individuals, at least 44 of them minors. The Court sentenced Mijangos to 72 months in federal prison.
There are many other examples of the Department’s recent work to bring cyber criminals to justice. There is the takedown of Silk Road, a hidden website designed to enable its users to buy and sell illegal drugs and other unlawful goods and services, and charges against the alleged operator of the site by the U.S. Attorney’s Offices for the Southern District of New York and the District of Maryland. There is the prosecution by CCIPS and the U.S. Attorney’s Office in New Hampshire of Adrian-Tiberiu Oprea, a Romanian who recently received a 15-year sentence in September for leading an international, multimillion-dollar scheme to remotely hack into and steal unsuspecting customers’ payment card data from U.S. merchants’ computers. The case was investigated by the U.S. Secret Service. There is the recent indictment by CCIPS and the U.S. Attorney’s Office for the Western District of Wisconsin of Sinovel Wind Group Co. Ltd., a China-based manufacturer and exporter of wind turbines, which is alleged to have stolen trade secrets from an American company for the purpose of producing wind turbines and retrofitting existing wind turbines with the stolen technology. And on January 23, the FBI arrested two men for conspiring to hack into victims’ email accounts to steal nude photos that were later posted on the “revenge porn” website isan yon eup.com . The U.S. Attorney’s Office for the Central District of California charged the men with violating the Computer Fraud and Abuse Act.
The recent disclosures about the massive data breaches at retailers have underscored that cybercrime is a real, present threat, and one that is growing. Cyber criminals steal the personal and financial information of individuals, carry out Distributed Denial of Service (or DDOS)1 attacks on networks, and purloin sensitive corporate or military data. These criminals can easily prey on victims halfway around the world. They sometimes use virtual currencies to enrich themselves while hiding their identities and avoiding leaving their fingerprints in the traditional banking system. Despite these challenges, the Justice Department is staying ahead of these threats. We are using all of the tools available to us to identify cyber criminals, wherever in the world they are located, break up their networks, and bring them to justice. We are developing meaningful partnerships with foreign law enforcement to strengthen our collective capacity to fight cybercrime. And we use our tools responsibly and consistent with established legal safeguards that protect against abuse. But without the tools we have been provided, we would not be able to bring offenders to justice. And we must ensure that the statutes we enforce keep up with technology so that we can keep pace with the cyber criminals, who are constantly developing new tactics and methods.
Computer Fraud and Abuse Act
In addition to the important law enforcement techniques that we must use to successfully investigate cyber criminals, our prosecutors also rely on substantive criminal statutes to bring cyber criminals to justice. One of the most important of these laws is the Computer Fraud and Abuse Act, also called the “CFAA.” The CFAA is the primary Federal law against hacking. It protects the public against criminals who hack into computers to steal information, install malicious software, and delete files. The CFAA, in short, reflects our baseline expectation that people are entitled to have control over their own computers and are entitled to trust that information they store in their computers remains safe.
The CFAA was first enacted in 1986, at a time when the problem of cybercrime was still in its infancy. Over the years, a series of measured, modest changes have been made to the CFAA to reflect new technologies and means of committing crimes and to equip law enforcement with tools to respond to changing threats. The CFAA has not been amended since 2008, and the intervening years have again created the need for the enactment of modest, incremental changes. The Administration’s May 2011 legislative proposal proposed revisions to keep Federal criminal law up-to-date. We continue to support changes like these that will keep up with rapidly-evolving technologies and uses.
Deterring Insider Threats
Another portion of the CFAA that has received considerable attention is the way that the law addresses the threat posed by insiders – those who have some right to access a system but who abuse that right, such as employees of a business who unlawfully make off with their employers’ intellectual property. The CFAA addresses this problem by criminalizing conduct by those who “exceed authorized access” to a protected computer.
Some commentators have contended that the CFAA’s provision criminalizing exceeding authorized access should be limited or abolished because the provision is subject to misuse or overuse. Some have worried, for example, that the statute permits prosecution of people who merely lie about their age when going to a dating site, or harmlessly violate the terms of service of an email provider. To that end, we are open to addressing these concerns by working with Congress to develop appropriate statutory amendments, such as new statutory thresholds regarding the value or sensitivity of the information improperly accessed under 1030(a)(2), or new language making more explicit that the statute does not permit prosecution based on access restrictions that are not clearly understood.
At the same time, insider hackers pose a serious threat to American businesses and citizens. Examples of insiders include employees at a credit card company or stock broker who regularly deal with sensitive information. There is generally no way to encrypt and password- protect every piece of data on a system to eliminate the insider threat, because employees need to be able access the data to do their jobs. Thus, written policies between employers and employees – which are simply a contractual means of ensuring trust – are an important way to secure information. Violating these written restrictions harms businesses. Just as businesses justifiably rely on the criminal law to deter thefts of physical property, so they also should be able to rely on it to deter misappropriation of their private, sensitive data – data that is often far more valuable than equipment or supplies.
In recent years, two courts of appeals have interpreted the CFAA to bar certain “insider” cases, creating a circuit split. Compare United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) (en banc) and WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012), with United States v. John, 597 F.3d 263 (5th Cir. 2010); United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010); and Int’l Airport Ctrs., LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006). Specifically, the Fourth and Ninth Circuits have interpreted the statute not to permit prosecution as long as an insider was authorized to access the database or information in question for any purpose. Under this interpretation, the CFAA would not apply where a police officer accessed an arrest record for the purpose of harassing a romantic rival, because the officer was authorized to access the records to assist in criminal investigations. Similarly, under this interpretation, the CFAA would not apply where a bank employee accessed customer records for the purpose of selling them to organized crime members, because the employee was authorized to access the records to resolve customer complaints. This interpretation makes it substantially more challenging for DOJ to protect American companies from the misappropriation of their intellectual property and sensitive data – misappropriation that may also directly harm American citizens when that data includes their personal or financial information.
We look forward to working with Congress to address these important issues.
Data Breach Notification
While the Justice Department continues to use all of the tools at its disposal to combat cybercrime, the Administration recommends the establishment of a strong, uniform Federal standard requiring certain types of businesses to report data breaches and thefts of electronic personally identifiable information. Businesses should be required to provide prompt notice to consumers in the wake of a breach. We should balance the need to safeguard consumers and hold compromised entities accountable, while setting clear standards that avoid undue burdens on industry. We should include a safe harbor for breaches with no reasonable risk of harm or fraud. This approach would protect the privacy of individuals while holding firms accountable for failure to safeguard personal data.
In 2011, the Administration put forth a package of recommended cybersecurity amendments that included a data breach notification proposal.2 The 2011 proposal is based upon the belief that American consumers should know when they are at risk of identity theft or other harms because of a data security breach. In addition, to strengthen the tools available to law enforcement to investigate data security breaches and to combat identity theft, the proposal would require that business entities notify the Federal government of a data security breach in a timely fashion so that law enforcement can promptly pursue the perpetrators of cyber intrusions and identity theft. The proposal has several sections of particular note.
First, under this proposal, following the discovery of a security breach, business entities must notify any individual whose sensitive, personally identifiable information has been, or is reasonably believed to have been, accessed or acquired, unless there is no reasonable risk of harm. Business entities covered under this requirement are those that use, access, transmit, store, dispose of, or collect sensitive, personally identifiable information about more than 10,000 people during any 12-month period. But the Administration believes that business entities which have demonstrated that they have effective data breach prevention programs should be exempt from notice to individuals if a risk assessment concludes that there is no reasonable risk that a security breach has harmed, or will harm, the individuals whose information was compromised.
The proposal would also recognize that such harm may be avoided where the stolen data has been rendered unusable by criminals; for example, through encryption, or through programs that block unauthorized financial transactions and provide effective notice to affected victims. The proposal also includes certain exceptions for notice that would impair law enforcement investigations or national security.
Because of the importance of bringing the perpetrators of data breaches to justice, the Administration’s proposal would also require business entities to notify law enforcement agencies if the security breach involves (1) the sensitive information of more than 5,000 people; (2) a database or other data system containing sensitive information of more than 500,000 people nationwide; (3) databases owned by the Federal government; or (4) primarily the sensitive information of Federal employees and contractors involved in national security or law enforcement. Businesses would report to a single entity that would then promptly disseminate the reported information to key Federal law enforcement agencies. In recognition of the time- sensitivity of data breach investigations, the notice required under this section would be provided as promptly as possible, but no later than 72 hours before notification to an individual or 10 days after discovery of the events requiring notice, whichever comes first.
Millions of Americans every year are faced with the potential for fraud and identity theft from online breaches of their sensitive, personally identifiable information. The nation clearly needs strong protections for consumers’ rights and privacy, and accountability for businesses that do not safeguard credit card and social security numbers, names and addresses, medical records, and other sensitive information. The Administration’s proposal creates a strong national standard to notify consumers with clear, actionable information when their personal information is compromised. Responsible entities will be held accountable through these disclosures. At the same time, a consistent national standard and reasonable exemptions for harmless breaches will reduce unnecessary compliance costs. This proposal meets the dual challenge of ensuring privacy, security, and safety without burdening economic prosperity and innovation.
Access Device Fraud
To ensure that we can take action when cyber criminals acting overseas steal data from U.S. financial institutions, we also recommend a modification to what is known as the access device fraud statute, 18 U.S.C. § 1029. One of the most common motivations for hacking crime is to obtain financial information. The access device fraud statute proscribes the unlawful possession and use of “access devices,” such as credit card numbers and devices such as credit card embossing machines. Not only do lone individuals commit this crime, but, more and more, organized criminal enterprises have formed to commit such intrusions and to exploit the stolen data through fraud.
The Department of Justice recommends that the statute be expanded to prosecute offenders in foreign countries who directly and significantly harm United States financial institutions and citizens. Currently, a criminal who trades in credit card information issued by a U.S. financial institution, but who otherwise does not take one of certain enumerated actions within the jurisdiction of the United States, cannot be prosecuted under section 1029(a)(3). Such scenarios are not merely hypothetical. United States law enforcement agencies have identified foreign-based individuals selling vast quantities of credit card numbers issued by U.S. financial institutions where there is no evidence that those criminals took a specific step within the United States to traffic in the data. The United States has a compelling interest in prosecuting such individuals given the harm to U.S. financial institutions and American citizens, and the statute should be revised to cover this sort of criminal conduct.
Deterring the Spread of Cell Phone Spying
The Department of Justice further recommends a legislative change to enable law enforcement to seize the profits of those who use cell phone spyware. The spread of computers and cellular phones in recent years has created a new market in malicious software that allows perpetrators to intercept victims’ communications without their knowledge or consent. This is illegal under current law, and current law also provides that law enforcement can forfeit the surreptitious interception devices themselves. It does not, however, enable forfeiture of the proceeds of the sale or use of those devices, or the forfeiture of any property used to facilitate their manufacture, advertising, or distribution. Further, the surreptitious interception of communications is currently not listed as a predicate offense in the money laundering statute, 18 U.S.C. § 1956. Because perpetrators of these crimes often act from abroad, making it more difficult to prosecute them, it is particularly important that law enforcement be able to seize the money that the criminals make from engaging in this criminal surveillance, and seize the equipment they use.
Selling Access to Botnets
We also recommend amending current law to address the proliferation of botnets, such as the Coreflood botnet I discussed earlier. Botnets can be used for various nefarious purposes, including theft of personal or financial information, the dissemination of spam, and cyberattacks, such as Distributed Denial of Service attacks. But creators and operators of botnets do not always commit those crimes themselves – frequently they sell, or even rent, access to the infected computers to others. The CFAA does not clearly cover such trafficking in botnets, even though trafficking in infected computers is clearly illegitimate, and can be essential to furthering other criminal activity. We thus propose that the CFAA be amended to cover trafficking in access to botnets.
In addition, section 1030(a)(6) presently requires proof of intent to defraud. Such intent is often difficult to prove because the traffickers of unauthorized access to computers often have a wrongful purpose other than the commission of fraud, or do not know or care why their customers are seeking unauthorized access to other people’s computers. This has made it more challenging in many cases for prosecutors to identify a provable offense even when they can establish beyond a reasonable doubt that individuals are selling access to thousands of infected computers. We therefore recommend that Congress consider amending the CFAA to address this shortcoming.
Conclusion
I very much appreciate the opportunity to discuss with you the ways in which the Department protects American citizens and businesses by aggressively investigating and prosecuting hackers – both outsiders and insiders. We understand how devastating it is to victims of cybercrime who have their personal and financial information siphoned away, whether by hackers on the other side of the world or by insiders at a company that might hold their personal information. The Justice Department is committed to using the full range of investigative tools and laws available to us to fight these crimes and protect Americans. And, we will continue to use these tools responsibly.
Thank you for the opportunity to discuss the Department’s work in this area, and I look forward to answering any questions you might have.
Testimony as Prepared for Delivery by Acting Assistant Attorney General for the Criminal Division Mythili Raman Before the U.S. Senate Committee on the Judiciary on the Topic, “Privacy in the Digital Age”
~ Tuesday, February 4, 2014
Good afternoon, Chairman Leahy, Ranking Member Grassley, and Members of the Committee. Thank you for the opportunity to appear before the Committee today to discuss the Department of Justice’s fight against cybercrime. I also particularly want to thank the Chair for holding this hearing and for his continued leadership on these important issues.
At the Department of Justice, we are devoting significant resources and energy to fighting computer hacking and other types of cybercrime. The recent revelations about the massive thefts of financial information from large retail stores have served as a stark reminder to all of us about how vulnerable we are to cyber criminals who are determined to steal our personal information. The Justice Department is more committed than ever to ensuring that the full range of government enforcement tools is brought to bear in the fight against cybercrime.
Cybercrime has increased dramatically over the last decade, and our financial infrastructure has suffered repeated cyber intrusions. As we all know, it is becoming far too commonplace an occurrence that our email accounts are hijacked, our financial information siphoned away, and our personal information compromised. The technology revolution – which has brought enormous benefits to individuals, U.S. companies and our economy as a whole – has also facilitated these criminal activities, making available a wide array of new methods that identity thieves can use to access and exploit the personal information of others. Skilled criminal hackers are now able to perpetrate large-scale data breaches that leave, in some cases, tens of millions of individuals at risk of identity theft. Today’s criminals, who often sit on the other side of the world, can hack into computer systems of universities, merchants, financial institutions, credit card processing companies, and data processors to steal large volumes of sensitive and valuable information. They then peddle the stolen information to other criminals, use the information for their own financial gain, or sometimes even terrorize and extort their victims.
Last December, Target, the second-largest U.S. discount chain, announced that credit and debit card data for as many as 40 million consumers who shopped in its stores between November 27 and December 15 may have been compromised. Target then disclosed on January 10 that thieves had also accessed the personal information, including names, phone numbers, home addresses, and/or email addresses, of as many as 70 million people – information that is valued by criminals because it can be used to lure victims with fake emails or hack into other accounts. The U.S. Secret Service, within the Department of Homeland Security, and the Department of Justice are investigating this massive data breach.
A few days later, retailer Neiman Marcus Inc. reported that it also was the victim of a suspected cyberattack over the holidays in which some of its customers’ credit card information may have been stolen. Target and Neiman Marcus are just two of the latest known victims.
The Justice Department is vigorously responding to hacking and other cybercrimes through the tenacious work of the Criminal Division’s Computer Crime and Intellectual Property Section, also known as CCIPS, which partners with Computer Hacking and Intellectual Property Coordinators in U.S. Attorney’s Offices across the country as part of a network of almost 300 Justice Department cybercrime prosecutors. In addition, the Federal Bureau of Investigation has made combating cyber threats one of its top national priorities, working through Cyber Task Forces in each of its 56 field offices and continuing to strengthen the National Cyber Investigative Joint Task Force. Every day, these prosecutors and agents strive to hold to account cyber criminals who victimize Americans.
Consider, for instance, the case of Vladislav Horohorin, which was prosecuted here in the District of Columbia by CCIPS and the United States Attorney’s Office, based on an investigation by the FBI and U.S. Secret Service. Horohorin, known by the online nickname “BadB,” used online criminal forums to sell stolen credit and debit card information to individuals around the world to enable fraudulent transactions by other cyber criminals. At the time of his arrest, he possessed more than 2.5 million stolen credit and debit card numbers. In one instance, he participated in a criminal group that, in a single 12-hour crime spree, stole over $9.4 million through fraudulent transactions at over 2,100 ATMs in 280 cities around the world. As a result of a massive investigation spanning several years – and several countries – we located and charged him, and he was arrested after leaving Russia for France. In April 2013, Horohorin was sentenced to serve 88 months in prison.
Our investigation of the Coreflood botnet is another example of our commitment to stopping massive computer crimes by using the most innovative law enforcement techniques. A botnet is a network of secretly hacked computers, sometimes numbering in the millions, which are located in homes, schools, and offices. The computers are infected with sophisticated malicious software, or “malware,” and once the malware is installed, hackers can put these bots to countless illegal uses. The Coreflood botnet, for example, hijacked hundreds of thousands of computers for the purpose of stealing private personal and financial information – including usernames and passwords – from unsuspecting computer users. In one example, the Coreflood botnet software illegally monitored Internet communications between a computer user and her bank, took over an online banking session, and then emptied the user’s bank account. Overall losses from the scheme were staggering, estimated to be in the tens of millions of dollars.
Although the individuals controlling the Coreflood network resided overseas and were largely outside the direct reach of U.S. law enforcement, in 2011, CCIPS, the United States Attorney’s Office for the District of Connecticut, and the FBI used a combination of civil and criminal legal authorities to seize key control servers, shut down the network, and work with private sector partners to help disinfect victims’ computer systems. Among other things, as part of this ground-breaking law enforcement operation, the Justice Department obtained a court order authorizing the government to respond to signals sent from infected computers in the United States to stop the Coreflood software from running, and thus to prevent further harm to hundreds of thousands of Americans whose computers were under the control of the botnet. And, in a relatively short period of time, the Coreflood botnet was dismantled.
The Department has continued to place a high priority on arresting and deterring those who create botnets. CCIPS and the U.S. Attorney’s Office in Atlanta just last week announced the guilty plea of a Russian citizen named Aleksandr Panin for developing and distributing malware called “SpyEye.” The SpyEye malware created botnets that stole personal and financial information such as credit card information, banking credentials, usernames, passwords, and personal identification numbers. Panin sold his software to at least 154 criminal “clients,” who in turn used it to infect an estimated 1.4 million computers around the world. The FBI arrested Panin on July 1, 2013, while he was flying through Hartsfield-Jackson Atlanta International Airport.
Hacking can have terrifying consequences even when conducted on a smaller scale, and we have vigorously pursued hackers who have used the Internet to invade Americans’ privacy. In 2011, for example, in a case investigated by the FBI, the United States Attorney’s Office in Los Angeles successfully prosecuted a hacker named Luis Mijangos. Mijangos hacked for sexual thrill. He infected the computers of victims with malicious software that gave him complete control over their computers. He deliberately targeted teens and young women, reading their emails, turning on their computer microphones and listening to conversations taking place in their homes, and, most importantly for him, watching them through their webcams as they undressed. Even more frightening, Mijangos then extorted certain victims by threatening to post intimate pictures on the Internet unless the victims provided him with even more salacious images or videos of themselves. When one victim shared Mijangos’s threats with a friend, Mijangos retaliated by posting nude pictures of the victim on her friend’s social networking page. In another instance, Mijangos had infected the computers of a college student, her boyfriend, and her roommate. When the victim called her boyfriend, and they discussed calling the police, Mijangos reportedly sent the boyfriend an anonymous instant message that said: “I know you’re talking to each other right now!” The victim then decided to call the police. But when she did, she got a message, too. “I know you just called the police,” he wrote. His message was unmistakable: he was in control; he knew everything; and he had the power to hurt the victim further if she reported the crime. At the time of his arrest, FBI computer forensics experts had determined that Mijangos had infected more than 100 computers that were used by approximately 230 individuals, at least 44 of them minors. The Court sentenced Mijangos to 72 months in federal prison.
There are many other examples of the Department’s recent work to bring cyber criminals to justice. There is the takedown of Silk Road, a hidden website designed to enable its users to buy and sell illegal drugs and other unlawful goods and services, and charges against the alleged operator of the site by the U.S. Attorney’s Offices for the Southern District of New York and the District of Maryland. There is the prosecution by CCIPS and the U.S. Attorney’s Office in New Hampshire of Adrian-Tiberiu Oprea, a Romanian who recently received a 15-year sentence in September for leading an international, multimillion-dollar scheme to remotely hack into and steal unsuspecting customers’ payment card data from U.S. merchants’ computers. The case was investigated by the U.S. Secret Service. There is the recent indictment by CCIPS and the U.S. Attorney’s Office for the Western District of Wisconsin of Sinovel Wind Group Co. Ltd., a China-based manufacturer and exporter of wind turbines, which is alleged to have stolen trade secrets from an American company for the purpose of producing wind turbines and retrofitting existing wind turbines with the stolen technology. And on January 23, the FBI arrested two men for conspiring to hack into victims’ email accounts to steal nude photos that were later posted on the “revenge porn” website isan yon eup.com . The U.S. Attorney’s Office for the Central District of California charged the men with violating the Computer Fraud and Abuse Act.
The recent disclosures about the massive data breaches at retailers have underscored that cybercrime is a real, present threat, and one that is growing. Cyber criminals steal the personal and financial information of individuals, carry out Distributed Denial of Service (or DDOS)1 attacks on networks, and purloin sensitive corporate or military data. These criminals can easily prey on victims halfway around the world. They sometimes use virtual currencies to enrich themselves while hiding their identities and avoiding leaving their fingerprints in the traditional banking system. Despite these challenges, the Justice Department is staying ahead of these threats. We are using all of the tools available to us to identify cyber criminals, wherever in the world they are located, break up their networks, and bring them to justice. We are developing meaningful partnerships with foreign law enforcement to strengthen our collective capacity to fight cybercrime. And we use our tools responsibly and consistent with established legal safeguards that protect against abuse. But without the tools we have been provided, we would not be able to bring offenders to justice. And we must ensure that the statutes we enforce keep up with technology so that we can keep pace with the cyber criminals, who are constantly developing new tactics and methods.
Computer Fraud and Abuse Act
In addition to the important law enforcement techniques that we must use to successfully investigate cyber criminals, our prosecutors also rely on substantive criminal statutes to bring cyber criminals to justice. One of the most important of these laws is the Computer Fraud and Abuse Act, also called the “CFAA.” The CFAA is the primary Federal law against hacking. It protects the public against criminals who hack into computers to steal information, install malicious software, and delete files. The CFAA, in short, reflects our baseline expectation that people are entitled to have control over their own computers and are entitled to trust that information they store in their computers remains safe.
The CFAA was first enacted in 1986, at a time when the problem of cybercrime was still in its infancy. Over the years, a series of measured, modest changes have been made to the CFAA to reflect new technologies and means of committing crimes and to equip law enforcement with tools to respond to changing threats. The CFAA has not been amended since 2008, and the intervening years have again created the need for the enactment of modest, incremental changes. The Administration’s May 2011 legislative proposal proposed revisions to keep Federal criminal law up-to-date. We continue to support changes like these that will keep up with rapidly-evolving technologies and uses.
Deterring Insider Threats
Another portion of the CFAA that has received considerable attention is the way that the law addresses the threat posed by insiders – those who have some right to access a system but who abuse that right, such as employees of a business who unlawfully make off with their employers’ intellectual property. The CFAA addresses this problem by criminalizing conduct by those who “exceed authorized access” to a protected computer.
Some commentators have contended that the CFAA’s provision criminalizing exceeding authorized access should be limited or abolished because the provision is subject to misuse or overuse. Some have worried, for example, that the statute permits prosecution of people who merely lie about their age when going to a dating site, or harmlessly violate the terms of service of an email provider. To that end, we are open to addressing these concerns by working with Congress to develop appropriate statutory amendments, such as new statutory thresholds regarding the value or sensitivity of the information improperly accessed under 1030(a)(2), or new language making more explicit that the statute does not permit prosecution based on access restrictions that are not clearly understood.
At the same time, insider hackers pose a serious threat to American businesses and citizens. Examples of insiders include employees at a credit card company or stock broker who regularly deal with sensitive information. There is generally no way to encrypt and password- protect every piece of data on a system to eliminate the insider threat, because employees need to be able access the data to do their jobs. Thus, written policies between employers and employees – which are simply a contractual means of ensuring trust – are an important way to secure information. Violating these written restrictions harms businesses. Just as businesses justifiably rely on the criminal law to deter thefts of physical property, so they also should be able to rely on it to deter misappropriation of their private, sensitive data – data that is often far more valuable than equipment or supplies.
In recent years, two courts of appeals have interpreted the CFAA to bar certain “insider” cases, creating a circuit split. Compare United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) (en banc) and WEC Carolina Energy Solutions LLC v. Miller, 687 F.3d 199 (4th Cir. 2012), with United States v. John, 597 F.3d 263 (5th Cir. 2010); United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010); and Int’l Airport Ctrs., LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006). Specifically, the Fourth and Ninth Circuits have interpreted the statute not to permit prosecution as long as an insider was authorized to access the database or information in question for any purpose. Under this interpretation, the CFAA would not apply where a police officer accessed an arrest record for the purpose of harassing a romantic rival, because the officer was authorized to access the records to assist in criminal investigations. Similarly, under this interpretation, the CFAA would not apply where a bank employee accessed customer records for the purpose of selling them to organized crime members, because the employee was authorized to access the records to resolve customer complaints. This interpretation makes it substantially more challenging for DOJ to protect American companies from the misappropriation of their intellectual property and sensitive data – misappropriation that may also directly harm American citizens when that data includes their personal or financial information.
We look forward to working with Congress to address these important issues.
Data Breach Notification
While the Justice Department continues to use all of the tools at its disposal to combat cybercrime, the Administration recommends the establishment of a strong, uniform Federal standard requiring certain types of businesses to report data breaches and thefts of electronic personally identifiable information. Businesses should be required to provide prompt notice to consumers in the wake of a breach. We should balance the need to safeguard consumers and hold compromised entities accountable, while setting clear standards that avoid undue burdens on industry. We should include a safe harbor for breaches with no reasonable risk of harm or fraud. This approach would protect the privacy of individuals while holding firms accountable for failure to safeguard personal data.
In 2011, the Administration put forth a package of recommended cybersecurity amendments that included a data breach notification proposal.2 The 2011 proposal is based upon the belief that American consumers should know when they are at risk of identity theft or other harms because of a data security breach. In addition, to strengthen the tools available to law enforcement to investigate data security breaches and to combat identity theft, the proposal would require that business entities notify the Federal government of a data security breach in a timely fashion so that law enforcement can promptly pursue the perpetrators of cyber intrusions and identity theft. The proposal has several sections of particular note.
First, under this proposal, following the discovery of a security breach, business entities must notify any individual whose sensitive, personally identifiable information has been, or is reasonably believed to have been, accessed or acquired, unless there is no reasonable risk of harm. Business entities covered under this requirement are those that use, access, transmit, store, dispose of, or collect sensitive, personally identifiable information about more than 10,000 people during any 12-month period. But the Administration believes that business entities which have demonstrated that they have effective data breach prevention programs should be exempt from notice to individuals if a risk assessment concludes that there is no reasonable risk that a security breach has harmed, or will harm, the individuals whose information was compromised.
The proposal would also recognize that such harm may be avoided where the stolen data has been rendered unusable by criminals; for example, through encryption, or through programs that block unauthorized financial transactions and provide effective notice to affected victims. The proposal also includes certain exceptions for notice that would impair law enforcement investigations or national security.
Because of the importance of bringing the perpetrators of data breaches to justice, the Administration’s proposal would also require business entities to notify law enforcement agencies if the security breach involves (1) the sensitive information of more than 5,000 people; (2) a database or other data system containing sensitive information of more than 500,000 people nationwide; (3) databases owned by the Federal government; or (4) primarily the sensitive information of Federal employees and contractors involved in national security or law enforcement. Businesses would report to a single entity that would then promptly disseminate the reported information to key Federal law enforcement agencies. In recognition of the time- sensitivity of data breach investigations, the notice required under this section would be provided as promptly as possible, but no later than 72 hours before notification to an individual or 10 days after discovery of the events requiring notice, whichever comes first.
Millions of Americans every year are faced with the potential for fraud and identity theft from online breaches of their sensitive, personally identifiable information. The nation clearly needs strong protections for consumers’ rights and privacy, and accountability for businesses that do not safeguard credit card and social security numbers, names and addresses, medical records, and other sensitive information. The Administration’s proposal creates a strong national standard to notify consumers with clear, actionable information when their personal information is compromised. Responsible entities will be held accountable through these disclosures. At the same time, a consistent national standard and reasonable exemptions for harmless breaches will reduce unnecessary compliance costs. This proposal meets the dual challenge of ensuring privacy, security, and safety without burdening economic prosperity and innovation.
Access Device Fraud
To ensure that we can take action when cyber criminals acting overseas steal data from U.S. financial institutions, we also recommend a modification to what is known as the access device fraud statute, 18 U.S.C. § 1029. One of the most common motivations for hacking crime is to obtain financial information. The access device fraud statute proscribes the unlawful possession and use of “access devices,” such as credit card numbers and devices such as credit card embossing machines. Not only do lone individuals commit this crime, but, more and more, organized criminal enterprises have formed to commit such intrusions and to exploit the stolen data through fraud.
The Department of Justice recommends that the statute be expanded to prosecute offenders in foreign countries who directly and significantly harm United States financial institutions and citizens. Currently, a criminal who trades in credit card information issued by a U.S. financial institution, but who otherwise does not take one of certain enumerated actions within the jurisdiction of the United States, cannot be prosecuted under section 1029(a)(3). Such scenarios are not merely hypothetical. United States law enforcement agencies have identified foreign-based individuals selling vast quantities of credit card numbers issued by U.S. financial institutions where there is no evidence that those criminals took a specific step within the United States to traffic in the data. The United States has a compelling interest in prosecuting such individuals given the harm to U.S. financial institutions and American citizens, and the statute should be revised to cover this sort of criminal conduct.
Deterring the Spread of Cell Phone Spying
The Department of Justice further recommends a legislative change to enable law enforcement to seize the profits of those who use cell phone spyware. The spread of computers and cellular phones in recent years has created a new market in malicious software that allows perpetrators to intercept victims’ communications without their knowledge or consent. This is illegal under current law, and current law also provides that law enforcement can forfeit the surreptitious interception devices themselves. It does not, however, enable forfeiture of the proceeds of the sale or use of those devices, or the forfeiture of any property used to facilitate their manufacture, advertising, or distribution. Further, the surreptitious interception of communications is currently not listed as a predicate offense in the money laundering statute, 18 U.S.C. § 1956. Because perpetrators of these crimes often act from abroad, making it more difficult to prosecute them, it is particularly important that law enforcement be able to seize the money that the criminals make from engaging in this criminal surveillance, and seize the equipment they use.
Selling Access to Botnets
We also recommend amending current law to address the proliferation of botnets, such as the Coreflood botnet I discussed earlier. Botnets can be used for various nefarious purposes, including theft of personal or financial information, the dissemination of spam, and cyberattacks, such as Distributed Denial of Service attacks. But creators and operators of botnets do not always commit those crimes themselves – frequently they sell, or even rent, access to the infected computers to others. The CFAA does not clearly cover such trafficking in botnets, even though trafficking in infected computers is clearly illegitimate, and can be essential to furthering other criminal activity. We thus propose that the CFAA be amended to cover trafficking in access to botnets.
In addition, section 1030(a)(6) presently requires proof of intent to defraud. Such intent is often difficult to prove because the traffickers of unauthorized access to computers often have a wrongful purpose other than the commission of fraud, or do not know or care why their customers are seeking unauthorized access to other people’s computers. This has made it more challenging in many cases for prosecutors to identify a provable offense even when they can establish beyond a reasonable doubt that individuals are selling access to thousands of infected computers. We therefore recommend that Congress consider amending the CFAA to address this shortcoming.
Conclusion
I very much appreciate the opportunity to discuss with you the ways in which the Department protects American citizens and businesses by aggressively investigating and prosecuting hackers – both outsiders and insiders. We understand how devastating it is to victims of cybercrime who have their personal and financial information siphoned away, whether by hackers on the other side of the world or by insiders at a company that might hold their personal information. The Justice Department is committed to using the full range of investigative tools and laws available to us to fight these crimes and protect Americans. And, we will continue to use these tools responsibly.
Thank you for the opportunity to discuss the Department’s work in this area, and I look forward to answering any questions you might have.
Sunday, October 27, 2013
MAN PLEADS GUILTY IN STOLEN PRISONER NAMES IDENTITY FRAUD
FROM: U.S. JUSTICE DEPARTMENT
Friday, October 25, 2013
Alabama Man Pleads Guilty to His Involvement in an Identity Theft Scheme Using Stolen Prisoner Names and a Corrupt Postal Employee
Harvey James pleaded guilty to one count of mail fraud and one count of aggravated identity theft for his role in a Stolen Identity Refund Fraud (“SIRF”) scheme , announced Assistant Attorney General Kathryn Keneally of the Justice Department's Tax Division and U.S. Attorney for the Middle District of Alabama George L. Beck Jr.
According to court documents and court proceedings, Harvey James obtained stolen identities from individuals who had access to inmate information from the Alabama Department of Corrections. For several years, James, his sister, Jacqueline Slaton, and others used those inmate names to file false federal and state tax returns. James and Slaton directed some of the false refunds to be sent to either prepaid debit cards or issued via check. In 2012, James and Slaton enlisted the assistance of U.S. Postal Service mail carrier Vernon Harrison in the scheme. Harrison, who provided James and his co-conspirators with mailing addresses to which they could mail debit cards, retrieved the debit cards from the mail and delivered them to James and his co-conspirators. In exchange, Harrison received substantial payments. Between 2010 and 2012, James and his co-conspirators filed hundreds of federal and state income tax returns that claimed over $1,000,000 in fraudulent tax refunds.
Sentencing has not yet been scheduled. James faces a minimum sentence of two years in prison and a maximum sentence of twenty-two years in prison, three years of supervised release, restitution and a maximum fine of $250,000. Slaton already pleaded guilty and was sentenced to 70 months in prison. In July 2013, Harrison was found guilty by a jury for his role in the scheme. Harrison will be sentenced on Oct. 31, 2013.
The case was investigated by Special Agents of the IRS - Criminal Investigation. Trial Attorneys Jason H. Poole and Michael Boteler of the Justice Department’s Tax Division and Assistant U.S. Attorney Todd Brown are prosecuting the case.
Friday, October 25, 2013
Alabama Man Pleads Guilty to His Involvement in an Identity Theft Scheme Using Stolen Prisoner Names and a Corrupt Postal Employee
Harvey James pleaded guilty to one count of mail fraud and one count of aggravated identity theft for his role in a Stolen Identity Refund Fraud (“SIRF”) scheme , announced Assistant Attorney General Kathryn Keneally of the Justice Department's Tax Division and U.S. Attorney for the Middle District of Alabama George L. Beck Jr.
According to court documents and court proceedings, Harvey James obtained stolen identities from individuals who had access to inmate information from the Alabama Department of Corrections. For several years, James, his sister, Jacqueline Slaton, and others used those inmate names to file false federal and state tax returns. James and Slaton directed some of the false refunds to be sent to either prepaid debit cards or issued via check. In 2012, James and Slaton enlisted the assistance of U.S. Postal Service mail carrier Vernon Harrison in the scheme. Harrison, who provided James and his co-conspirators with mailing addresses to which they could mail debit cards, retrieved the debit cards from the mail and delivered them to James and his co-conspirators. In exchange, Harrison received substantial payments. Between 2010 and 2012, James and his co-conspirators filed hundreds of federal and state income tax returns that claimed over $1,000,000 in fraudulent tax refunds.
Sentencing has not yet been scheduled. James faces a minimum sentence of two years in prison and a maximum sentence of twenty-two years in prison, three years of supervised release, restitution and a maximum fine of $250,000. Slaton already pleaded guilty and was sentenced to 70 months in prison. In July 2013, Harrison was found guilty by a jury for his role in the scheme. Harrison will be sentenced on Oct. 31, 2013.
The case was investigated by Special Agents of the IRS - Criminal Investigation. Trial Attorneys Jason H. Poole and Michael Boteler of the Justice Department’s Tax Division and Assistant U.S. Attorney Todd Brown are prosecuting the case.
Saturday, August 24, 2013
TAX PREPARERS AND FOREIGN NATIONALS CHARGED WITH CONSPIRACY TO DEFRAUD U.S.
FROM: U.S. JUSTICE DEPARTMENT
Tuesday, August 20, 2013
Alabama Tax Return Preparers and 19 Foreign Nationals Charged with Conspiring to Defraud the United States, Identity Theft and Money Laundering
Justice Department announced that a 14-count superseding indictment was unsealed today, charging JB Tax Professional Services Inc., Jacqueline J. Arias and Jose Bayron Estrada, of Spruce Pine, Ala., along with 19 foreign nationals, many of whom resided in the New Orleans area, with conspiracy to defraud the United States and conspiracy to commit mail and wire fraud by filing fraudulent income tax returns. The indictment also charges certain defendants with aggravated identity theft and conspiracy to commit money laundering. Most of the defendants were previously indicted in May 2013 and arrested in June 2013.
According to the indictment, members of the conspiracy obtained Forms W-2, often by purchasing them for cash, for the purposes of filing fraudulent income tax returns. Conspirators further obtained individual taxpayer identification numbers (ITINs) for use in filing fraudulent tax returns, in some cases using false applications filed with the assistance of Arias and JB Tax Professional Services. An ITIN is a tax processing number issued by the Internal Revenue Service (IRS) to individuals who do not have, and are not eligible to obtain, a social security number. Both Arias and the business were designated by the IRS as certified acceptance agents, which are entrusted by the IRS with the responsibility of reviewing the documentation of an ITIN applicant’s identity and alien status for authenticity, completeness and accuracy before submitting their application to the IRS.
The charging documents allege that the defendants used the social security numbers of real persons to conduct mail and wire fraud. The defendants also allegedly disguised and concealed the proceeds of their fraud by agreeing to conduct certain types of financial transactions.
An indictment merely alleges that crimes have been committed, and each defendant is presumed innocent until proven guilty. Each defendant faces a maximum potential sentence of five years in prison for the conspiracy charge. Each aggravated identity theft charge carries a mandatory two-year prison sentence, and the defendants charged in the money laundering conspiracy count face a possible maximum sentence of twenty years in prison. The defendants will also be subject to fines, mandatory restitution and forfeiture if convicted.
The case is being investigated by U.S. Immigration and Customs Enforcement, which oversees Homeland Security Investigations; IRS-Criminal Investigation; the U.S. Secret Service; the U.S. Postal Inspection Service; and the Social Security Administration, Office of the Inspector General, in partnership with the St. Tammany Parish, La. and Jefferson Parish, La. Sheriffs’ Departments. The case is being prosecuted by Tax Division Trial Attorneys Hayden Brockett and Kevin Lombardi.
Tuesday, August 20, 2013
Alabama Tax Return Preparers and 19 Foreign Nationals Charged with Conspiring to Defraud the United States, Identity Theft and Money Laundering
Justice Department announced that a 14-count superseding indictment was unsealed today, charging JB Tax Professional Services Inc., Jacqueline J. Arias and Jose Bayron Estrada, of Spruce Pine, Ala., along with 19 foreign nationals, many of whom resided in the New Orleans area, with conspiracy to defraud the United States and conspiracy to commit mail and wire fraud by filing fraudulent income tax returns. The indictment also charges certain defendants with aggravated identity theft and conspiracy to commit money laundering. Most of the defendants were previously indicted in May 2013 and arrested in June 2013.
According to the indictment, members of the conspiracy obtained Forms W-2, often by purchasing them for cash, for the purposes of filing fraudulent income tax returns. Conspirators further obtained individual taxpayer identification numbers (ITINs) for use in filing fraudulent tax returns, in some cases using false applications filed with the assistance of Arias and JB Tax Professional Services. An ITIN is a tax processing number issued by the Internal Revenue Service (IRS) to individuals who do not have, and are not eligible to obtain, a social security number. Both Arias and the business were designated by the IRS as certified acceptance agents, which are entrusted by the IRS with the responsibility of reviewing the documentation of an ITIN applicant’s identity and alien status for authenticity, completeness and accuracy before submitting their application to the IRS.
The charging documents allege that the defendants used the social security numbers of real persons to conduct mail and wire fraud. The defendants also allegedly disguised and concealed the proceeds of their fraud by agreeing to conduct certain types of financial transactions.
An indictment merely alleges that crimes have been committed, and each defendant is presumed innocent until proven guilty. Each defendant faces a maximum potential sentence of five years in prison for the conspiracy charge. Each aggravated identity theft charge carries a mandatory two-year prison sentence, and the defendants charged in the money laundering conspiracy count face a possible maximum sentence of twenty years in prison. The defendants will also be subject to fines, mandatory restitution and forfeiture if convicted.
The case is being investigated by U.S. Immigration and Customs Enforcement, which oversees Homeland Security Investigations; IRS-Criminal Investigation; the U.S. Secret Service; the U.S. Postal Inspection Service; and the Social Security Administration, Office of the Inspector General, in partnership with the St. Tammany Parish, La. and Jefferson Parish, La. Sheriffs’ Departments. The case is being prosecuted by Tax Division Trial Attorneys Hayden Brockett and Kevin Lombardi.
Wednesday, July 24, 2013
ARMY SERGEANT PLEADS GUILTY TO STEALING IDENTITY INFORMATION
FROM: U.S. DEPARTMENT OF JUSTICE
Thursday, July 18, 2013
US Army Sergeant Pleads Guilty in Georgia to Stealing Identity Information from US Army Computer System
Ammie Brothers, 29, of Columbus, Ga., a sergeant in the U.S. Army, pleaded guilty today to unlawfully obtaining personal information from the U.S. Army’s Army Knowledge Online computer system.
The guilty plea was announced by Acting Assistant Attorney General Mythili Raman of the Justice Department’s Criminal Division; U.S. Attorney for the Eastern District of Virginia Neil H. MacBride; U.S. Attorney for the Middle District of Georgia Michael J. Moore; and Director Daniel T. Andrews of the U.S. Army Criminal Investigation Command’s Computer Crime Investigative Unit.
Brothers pleaded guilty before U. S. District Judge Clay Land in Columbus, Ga., to one count of unauthorized access to information from a U.S. Army computer system. She was charged on Feb. 14, 2013, in a five-count indictment returned by a federal grand jury in Alexandria, Va.
In a statement of facts filed with the plea agreement, Brothers admitted that between April 24, 2009, and Oct. 5, 2011, she repeatedly and intentionally accessed two victims’ Army Knowledge Online accounts, which contain personnel files for members of the armed services. Brothers initially gained access by calling the Army Knowledge Online help desk in the Eastern District of Virginia and providing the victims’ Social Security numbers and dates of birth in order to obtain temporary passwords.
When law enforcement searched Brothers’s home in Columbus, they recovered numerous documents printed from the Army Knowledge Online system that contained victims’ Social Security numbers, bank account numbers and employment history, including the Social Security number of one minor child. Brothers admitted to law enforcement that, in addition to illegally accessing the victims’ Army Knowledge Online accounts, she regularly harassed the victims by telephone and accessed several credit card accounts belonging to one victim, and in one case authorized charges without the victim’s knowledge or consent.
At sentencing, scheduled for Oct. 24, 2013, Brothers faces a maximum penalty of five years in prison.
This case was investigated by the Computer Crime Investigative Unit of U.S. Army Criminal Investigation Command.
The case is being prosecuted by Trial Attorney Peter V. Roman of the Justice Department’s Computer Crime and Intellectual Property Section, Assistant U.S. Attorney Lindsay Kelly of the Eastern District of Virginia and Assistant U.S. Attorney Crawford L. Seals of the Middle District of Georgia.
Thursday, July 18, 2013
US Army Sergeant Pleads Guilty in Georgia to Stealing Identity Information from US Army Computer System
Ammie Brothers, 29, of Columbus, Ga., a sergeant in the U.S. Army, pleaded guilty today to unlawfully obtaining personal information from the U.S. Army’s Army Knowledge Online computer system.
The guilty plea was announced by Acting Assistant Attorney General Mythili Raman of the Justice Department’s Criminal Division; U.S. Attorney for the Eastern District of Virginia Neil H. MacBride; U.S. Attorney for the Middle District of Georgia Michael J. Moore; and Director Daniel T. Andrews of the U.S. Army Criminal Investigation Command’s Computer Crime Investigative Unit.
Brothers pleaded guilty before U. S. District Judge Clay Land in Columbus, Ga., to one count of unauthorized access to information from a U.S. Army computer system. She was charged on Feb. 14, 2013, in a five-count indictment returned by a federal grand jury in Alexandria, Va.
In a statement of facts filed with the plea agreement, Brothers admitted that between April 24, 2009, and Oct. 5, 2011, she repeatedly and intentionally accessed two victims’ Army Knowledge Online accounts, which contain personnel files for members of the armed services. Brothers initially gained access by calling the Army Knowledge Online help desk in the Eastern District of Virginia and providing the victims’ Social Security numbers and dates of birth in order to obtain temporary passwords.
When law enforcement searched Brothers’s home in Columbus, they recovered numerous documents printed from the Army Knowledge Online system that contained victims’ Social Security numbers, bank account numbers and employment history, including the Social Security number of one minor child. Brothers admitted to law enforcement that, in addition to illegally accessing the victims’ Army Knowledge Online accounts, she regularly harassed the victims by telephone and accessed several credit card accounts belonging to one victim, and in one case authorized charges without the victim’s knowledge or consent.
At sentencing, scheduled for Oct. 24, 2013, Brothers faces a maximum penalty of five years in prison.
This case was investigated by the Computer Crime Investigative Unit of U.S. Army Criminal Investigation Command.
The case is being prosecuted by Trial Attorney Peter V. Roman of the Justice Department’s Computer Crime and Intellectual Property Section, Assistant U.S. Attorney Lindsay Kelly of the Eastern District of Virginia and Assistant U.S. Attorney Crawford L. Seals of the Middle District of Georgia.
Saturday, May 4, 2013
ALGERIAN NATIONAL EXTRADITED TO U.S. FOR ALLEGED PART IN "SPYEYE" CYBERCRIMES
FROM: U.S. DEPARTMENT OF JUSTICE
Friday, May 3, 2013
International Cybercriminal Extradited from Thailand to the United States
Algerian national Hamza Bendelladj, aka "Bx1," has been extradited from Thailand to the United States to face charges in Atlanta for allegedly playing a critical role in developing, marketing, distributing and controlling "SpyEye," a pernicious computer virus designed to steal unsuspecting victims’ financial and personally identifying information.
The charges were announced today by Acting Assistant Attorney General Mythili Raman of the Justice Department’s Criminal Division, U.S. Attorney Sally Quillian Yates of the Northern District of Georgia and FBI Special Agent in Charge Mark F. Giuliano of the Atlanta Field Office.
Bendelladj, 24, has been charged in a 23-count indictment that was returned on Dec. 20, 2011, and unsealed today. The indictment charges Bendelladj with one count of conspiring to commit wire and bank fraud, 10 counts of wire fraud, one count of conspiracy to commit computer fraud and 11 counts of computer fraud. Bendelladj is scheduled to be arraigned today in U.S. District Court in the Northern District of Georgia before U.S. Magistrate Judge Janet F. King.
On Jan. 5, 2013, Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, while he was in transit from Malaysia to Egypt. He was extradited from Thailand to the United States on May 2, 2013.
"Hamza Bendelladj has been extradited to the United States to face charges of controlling and selling a nefarious computer virus designed to pry into computers and extract personal financial information," said Acting Assistant Attorney General Raman. "The indictment charges Bendelladj and his co-conspirators with operating servers designed to control the personal computers of unsuspecting individuals and aggressively marketing their virus to other international cybercriminals intent on stealing sensitive information. The extradition of Bendelladj to face charges in the United States demonstrates our steadfast determination to bring cybercriminals to justice, no matter where they operate."
"No violence or coercion was used to accomplish this scheme, just a computer and an Internet connection," said U.S. Attorney Yates. "Bendelladj’s alleged criminal reach extended across international borders, directly into victims’ homes. In a cyber-netherworld, he allegedly commercialized the wholesale theft of financial and personal information through this virus which he sold to other cybercriminals. Cybercriminals take note; we will find you. This arrest and extradition demonstrates our determination to bring you to justice."
"The FBI has expanded its international partnerships to allow for such extraditions of criminals who know no borders," said FBI Special Agent in Charge Giuliano. "The federal indictment and extradition of Bendelladj should send a very clear message to those international cyber-criminals who feel safe behind their computers in foreign lands that they are, in fact, within reach."
According to court documents, the SpyEye virus is malicious computer code or "malware," which is designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs and other personally identifying information. The SpyEye virus facilitates this theft of information by secretly infecting victims’ computers, enabling cybercriminals to remotely control the computers through command and control (C&C) servers. Once a computer is infected and under the cybercriminals’ control, a victim’s personal and financial information can be surreptitiously collected using techniques such as "web injects," which allow cybercriminals to alter the display of web pages in the victim’s browser in order to trick them into divulging personal information related to their financial accounts. The financial data is then transmitted to the cybercriminals’ C&C servers, where criminals use it to steal money from the victims’ financial accounts.
According to court documents, from 2009 to 2011, Bendelladj and others allegedly developed, marketed and sold various versions of the SpyEye virus and component parts on the Internet and allowed cybercriminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information. Bendelladj allegedly advertised the SpyEye virus on Internet forums devoted to cybercrime and other criminal activities. In addition, Bendelladj allegedly operated C&C servers, including a server located in the Northern District of Georgia, which controlled computers infected with the SpyEye virus. One of the files on Bendelladj’s C&C server in the Northern District of Georgia allegedly contained information from approximately 253 unique financial institutions.
If convicted, Bendelladj faces a maximum sentence of up to 30 years in prison for conspiracy to commit wire and bank fraud; up to 20 years for each wire fraud count; up to five years for conspiracy to commit computer fraud; up to five or 10 years for each count of computer fraud; and fines of up to $14 million dollars.
The public is reminded that the indictment contains only allegations, and the defendant is presumed innocent unless and until proven guilty.
This case is being investigated by the FBI and is being prosecuted by Special Assistant U.S. Attorney Nicholas Oldham and Assistant U.S. Attorney Scott Ferber of the Northern District of Georgia, and Trial Attorney Carol Sipperly of the Criminal Division’s Computer Crime and Intellectual Property Section. Valuable assistance was provided by the Criminal Division’s Office of International Affairs, which worked with its international counterparts to effect the extradition.
Friday, May 3, 2013
International Cybercriminal Extradited from Thailand to the United States
Algerian national Hamza Bendelladj, aka "Bx1," has been extradited from Thailand to the United States to face charges in Atlanta for allegedly playing a critical role in developing, marketing, distributing and controlling "SpyEye," a pernicious computer virus designed to steal unsuspecting victims’ financial and personally identifying information.
The charges were announced today by Acting Assistant Attorney General Mythili Raman of the Justice Department’s Criminal Division, U.S. Attorney Sally Quillian Yates of the Northern District of Georgia and FBI Special Agent in Charge Mark F. Giuliano of the Atlanta Field Office.
Bendelladj, 24, has been charged in a 23-count indictment that was returned on Dec. 20, 2011, and unsealed today. The indictment charges Bendelladj with one count of conspiring to commit wire and bank fraud, 10 counts of wire fraud, one count of conspiracy to commit computer fraud and 11 counts of computer fraud. Bendelladj is scheduled to be arraigned today in U.S. District Court in the Northern District of Georgia before U.S. Magistrate Judge Janet F. King.
On Jan. 5, 2013, Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, while he was in transit from Malaysia to Egypt. He was extradited from Thailand to the United States on May 2, 2013.
"Hamza Bendelladj has been extradited to the United States to face charges of controlling and selling a nefarious computer virus designed to pry into computers and extract personal financial information," said Acting Assistant Attorney General Raman. "The indictment charges Bendelladj and his co-conspirators with operating servers designed to control the personal computers of unsuspecting individuals and aggressively marketing their virus to other international cybercriminals intent on stealing sensitive information. The extradition of Bendelladj to face charges in the United States demonstrates our steadfast determination to bring cybercriminals to justice, no matter where they operate."
"No violence or coercion was used to accomplish this scheme, just a computer and an Internet connection," said U.S. Attorney Yates. "Bendelladj’s alleged criminal reach extended across international borders, directly into victims’ homes. In a cyber-netherworld, he allegedly commercialized the wholesale theft of financial and personal information through this virus which he sold to other cybercriminals. Cybercriminals take note; we will find you. This arrest and extradition demonstrates our determination to bring you to justice."
"The FBI has expanded its international partnerships to allow for such extraditions of criminals who know no borders," said FBI Special Agent in Charge Giuliano. "The federal indictment and extradition of Bendelladj should send a very clear message to those international cyber-criminals who feel safe behind their computers in foreign lands that they are, in fact, within reach."
According to court documents, the SpyEye virus is malicious computer code or "malware," which is designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs and other personally identifying information. The SpyEye virus facilitates this theft of information by secretly infecting victims’ computers, enabling cybercriminals to remotely control the computers through command and control (C&C) servers. Once a computer is infected and under the cybercriminals’ control, a victim’s personal and financial information can be surreptitiously collected using techniques such as "web injects," which allow cybercriminals to alter the display of web pages in the victim’s browser in order to trick them into divulging personal information related to their financial accounts. The financial data is then transmitted to the cybercriminals’ C&C servers, where criminals use it to steal money from the victims’ financial accounts.
According to court documents, from 2009 to 2011, Bendelladj and others allegedly developed, marketed and sold various versions of the SpyEye virus and component parts on the Internet and allowed cybercriminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information. Bendelladj allegedly advertised the SpyEye virus on Internet forums devoted to cybercrime and other criminal activities. In addition, Bendelladj allegedly operated C&C servers, including a server located in the Northern District of Georgia, which controlled computers infected with the SpyEye virus. One of the files on Bendelladj’s C&C server in the Northern District of Georgia allegedly contained information from approximately 253 unique financial institutions.
If convicted, Bendelladj faces a maximum sentence of up to 30 years in prison for conspiracy to commit wire and bank fraud; up to 20 years for each wire fraud count; up to five years for conspiracy to commit computer fraud; up to five or 10 years for each count of computer fraud; and fines of up to $14 million dollars.
The public is reminded that the indictment contains only allegations, and the defendant is presumed innocent unless and until proven guilty.
This case is being investigated by the FBI and is being prosecuted by Special Assistant U.S. Attorney Nicholas Oldham and Assistant U.S. Attorney Scott Ferber of the Northern District of Georgia, and Trial Attorney Carol Sipperly of the Criminal Division’s Computer Crime and Intellectual Property Section. Valuable assistance was provided by the Criminal Division’s Office of International Affairs, which worked with its international counterparts to effect the extradition.
Subscribe to:
Posts (Atom)