Cyber Identity Theft: A Case Comparison

Cyber Identity Theft: A Case Comparison Submitted in partial fulfillment for the requirements for course SCMT537 facilitated by Dr. Nwatu

Gene Souza

American Military University 28 November 2014

Identify Theft: A Case Comparison 1

Introduction "But he that filches from me my good name, Robs me of that which not enriches him, And makes me poor indeed.” - Shakespeare, Othello, act iii. Sc. 3.

Identity theft is one of the most frustrating crimes utilizing cyber-technology plaguing the American population. Many victims only become aware of the crime after significant damage is done, the local police have little authority as the crimes are normally committed outside their jurisdiction, the state and federal police have numerous other more important issues to deal with, and the proof of identity theft falls upon the victim to prove beyond a reasonable doubt that they, the victim, did not perpetrate the crime. Furthermore, “there’s no shortage of schemes that identity thieves perpetrate to line their own pockets” (Federal Bureau of Investigation, 2014). Identity thieves will utilize personal information to accomplish numerous tasks as outlined in the movie “Catch Me if you Can” (2002) based upon the life of Frank Abagnale who conned people and organizations out of millions of dollars. Like Abagnale, Tobechi Onwuhara utilized personal information found on the internet to run a real-estate racket to scam banks out of over $38 million (Federal Bureau of Investigation, 2014). In contrast, some identity thieves, such as Matthew Weaver, utilize computers to steal personal information in voter fraud schemes and intrude into personal accounts. This work will compare these two cyber-enabled identity theft cases, identify the laws that were violated, analyze the impact of each case, and discuss the forensic methods utilized to assist in determining their guilt.

Identify Theft: A Case Comparison 2

Cyber Identity Theft: A Case Comparison

Identity theft is one of the most intrusive crimes against an individual, one of the fastest growing crimes around the world, and a crime that many will never psychologically recover from. The victims of identity theft feel violated, they no longer feel safe conducting everyday financial transactions, “No matter how well they monitor their financial records for the rest of their lives, they may still feel vulnerable” (Monchuk, 2011). Unfortunately, the victim’s feelings are valid as the American public watches helplessly while identity crime escalates without adequate recourse. Easttom and Taylor (2011) utilize the United States Department of Justice definition of identity theft: “Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain” (Easttom & Taylor, 2011). One’s identity in the modern era is not a physical attribute (such as a fingerprint, a dna sample, or an iris scan), but a conglomeration of information given by or certified by a government, or banking institution, utilized to identify the legitimacy of an individual. For Americans, our identity is information about ourselves that we readily give out to governments, banks, or businesses to clearly identify who we are in order to conduct a transaction. Information, unlike a fingerprint, is easy to replicate or manipulate in order for others to perform actions on another’s behalf. It was not until 1998 that the United States Congress recognized identity theft as a federal offense (Department of Justic, 2014).

Identify Theft: A Case Comparison 3

During the final hours of the student council election in March 2012 at the California State University San Marcos, Matthew Weaver was caught attempting to rig an election based upon nearly 750 identities he had stolen with a keylogger device (Federal Bureau of Investigation, 2013). A keylogger device is “tiny electronic device capable of capturing keystrokes…a keylogger is completely undetectable…to anti-virus programs and security scanners…just plug the keylogger in-between the keyboard and the USB or PS/2 socket on the computer's rear side” (KeeLog, 2014). Matthew Weaver used 19 devices across the campus to steal usernames and passwords of this fellow students. The keystrokes he captured gave Weaver unlimited access to not only on-line voting at the University, but also the unsuspecting students e-mails, social networks, and financial records. (Federal Bureau of Investigation, 2013) Mathew Weaver violated several laws and the privacy of nearly 750 students with less than $1000 investment in legal electronics. On a federal level Mr. Weaver violated the Electronics Communications Privacy Act of 1986, the Computer Fraud and Abuse Act of 1986, No Electronic Theft Act of 1998, and Identity Theft Enforcement and Restitution Act of 2008; Weaver pled guilty to wire fraud, unauthorized access of a computer, and identify theft; he was sentenced to one year in prison (Federal Bureau of Investigation, 2013). No state, local, or university charges were filed against Weaver. A search of California civil suites did not indicate that any civil charges have been filed by his fellow classmates. In total, no financial losses to the University, nor private citizens were recorded in this case; however, Mr. Weaver and his friends were prevented from collecting $36,000 in stipends and control of a $300,000 student budget.

Identify Theft: A Case Comparison 4

Identity theft facilitated by keyloggers like the ones utilized by Matthew Weaver allow one to gain access to computers, email accounts, social media accounts, and bank records. Prior to the election, Weaver admitted to “snooping in email and Facebook accounts” (Federal Bureau of Investigation, 2013). Forensics on Weaver’s computer indicate that scans were done on his internet browser histories, documents, and the numerous keylogger devices found in his possession. Had Mr. Weaver been a little more cleaver in his endeavor by utilizing multiple computers over a longer period, vs entering in a substantial number of votes for himself and his friends from one computer terminal, his crime may have never been exposed. The criminal activity was first identified by a network administrator noting unusual voting activity from one single terminal (Federal Bureau of Investigation, 2013). In contrast, most identity theft is conducted for financial gain. Tobechi Onwuhara utilized his cyber skills to steal identities for organized crime purposes. “Onwuhara and his co-conspirators identified potential victims…by assessing certain fee-based websites often used in the real estate for customer leads” (Federal Bureau of Investigation, 2014) This scheme was first reported in civil court by a victim in Washington, D.C.; based upon the amount of losses claimed, the Federal Bureau of Investigation began looking into the case and determined that Onwuhara had stolen more than $38 million. Onwuhara and his associates utilized their knowledge of the web to gain personal information on their targeted victims with equity in their homes. Onwuhara would then impersonate the victim online, on the phone and in person to open lines of credit against home loans and then transfer that money into overseas accounts.

Identify Theft: A Case Comparison 5

Tobechi Onwuhara was very bold in his actions for a cyber-criminal. “After collecting bits of personally identifiable information from…websites—like names, addresses, dates of birth, and Social Security numbers—and then using other online sites to obtain personal information to help with passwords and security questions, they were able to access victims’ credit reports online, which contained loan balances and other financial and personal information” (Federal Bureau of Investigation, 2014). The technology that Onwuhara and his associates utilized was sophisticated in that forensics were able to determine that the group utilized phone caller ID spoofing services to display victims phone numbers to banks. The exact details of the forensics performed on Onwuhara and his associates devices is unknown in the information publically available; however, one can conclude that in depth analysis of computer bank records, numerous computers, call spoofing software, and cellular phones to identify not only Onwuahara, but also his associates. The FBI’s case against Onwuhara was established in August of 2008; however, Onwauhara fled the jurisdiction of the FBI resulting in a four year delay in his prosecution. Tobechi pleaded guilty to conspiracy to commit bank fraud, conspiracy to commit money laundering and computer fraud. He received less than six years in federal prison as his sentence, significantly less than the 55 years and fine of $1.75 million that he could have received.

Identify Theft: A Case Comparison 6

Conclusion The growing theft of government and bank issued information to legitimately identify individuals, control money, record voting histories, and to understand demographic information is alarming. In most instances, the purpose of stealing this information is simply for financial gain without regard for the individuals that are victimized by this faceless crime. Americans do not have the authority or ability to not be tracked by a social security number, phone number, account number, birth date, or street address; the more Americans consume, the more likely our information is exposed for theft. In order to protect the information that our government, or banks provide to us, we must spend time and money to constantly monitor all of the numbers linked to our identity and protect our communications. If we are not prudent, becoming a victim of identity theft may ultimately result in jail time for crimes that we are not committing.

Identify Theft: A Case Comparison 7

References America's Most Wanted. (2011). America's Most Wanted: Tobechi Onwuhara. Retrieved from Vimeo: http://vimeo.com/23664002 Department of Justic. (2014, November). War Are Identity Theft and Identity Fraud? Retrieved from Identity Theft and Identity Fraud: http://www.justice.gov/criminal/fraud/websites/idtheft.html Easttom, C., & Taylor, J. (2011). Computer Crime, Investigation, and Law. Boston, MA: Cengage Learning. Federal Bureau of Investigation. (2013, July 15). Cal State San Marcos Student Sentenced for Rigging Campus Elections . Retrieved from San Diego Division: http://www.fbi.gov/sandiego/press-releases/2013/cal-state-san-marcos-studentsentenced-for-rigging-campus-elections Federal Bureau of Investigation. (2013, August). Election Hack: Stealing Votes the Cyber Way. Retrieved from Stories: http://www.fbi.gov/news/stories/2013/august/election-hack-stealing-votes-thecyber-way/election-hack-stealing-votes-the-cyber-way Federal Bureau of Investigation. (2014, January). Scam on the Run: Fugitive Identity Thief Global Criminal Enterprise. Retrieved from Storeis: http://www.fbi.gov/news/stories/2014/january/fugitive-identity-thief-led-globalcriminal-enterprise/fugitive-identity-thief-led-global-criminal-enterprise KeeLog. (2014, November 12). KeyGrabber. Retrieved from KeeLog: http://www.keelog.com/keylogger/

Identify Theft: A Case Comparison 8

Monchuk, J. (2011, April 20). Researcher finds the psychological effects of identity theft lingers with victims. Retrieved from Medical Xpress: http://medicalxpress.com/news/2011-04-psychological-effects-identity-theftlingers.html Neubauer, D. W. (1992). America's Courts and the Criminal Justice System (4th ed.). Belmont, California: Wadsworth, Inc.