Identity Theft: The Organized Crime Factor
Identity theft is a lucrative business for criminals. That's why organized crime gangs, old and new, are planning to take advantage
August 2003The next time you see someone driving by your house and slowing down in front of your mailbox, be wary: they may be part of an organized crime ring that is trying to steal your personal identity.
That's what Russian immigrants Igor Kogan and Mikhail Moiseev did for a living. Both lived in San Francisco, but “commuted” outside the city for work. They would drive up and down the semi rural, tree-lined roads in the Bay Area's wealthy hills, where mailboxes stand in clusters of five or even 10 along the road, away from the homes located farther back in the woods.
Once they had gathered a bounty of credit cards, they would activate them through a stunningly simple process involving two short phone calls to the credit issuers. Then they would recruit a shopper, say a young Russian who spoke decent English, who would go to Macy's, Nordstrom, CompUSA, or some other store, and buy computer equipment, jewelry, or some other high-value merchandise with the activated card. The goods would then be returned to the store for cash or for credit -- to the account of the thief's own personal credit card!
Recent surveys indicate that 7 million Americans were victims of identity theft in 2002, a staggering increase of 81% over previous year's levels. As a consequence, identity theft is now considered the single fastest-growing crime in the United States. Federal agents point out that mail theft is normally the precursor to most identity thefts.
Mail theft is a Federal crime, and the U.S. Postal Inspection Service is the prime investigator, catching more identity thieves than any other law enforcement agency. It took the Northern California office four years of wiretaps, surveillance and interviews with petty thieves to crack the Bay Area Russian credit card case. In January 2003, three of the main players in that network of credit card thieves, including Igor Kogan, pleaded guilty to various felonies in a San Francisco federal court. Mikhail Moiseev is awaiting trial. At least three others connected to the same theft network already have been sentenced to state prison. In total, investigators estimate that this criminal network stole and used more than 800 credit cards belonging to Bay Area residents, netting themselves approximately $1 million a year.
Although federal agents say they found videotapes of mob movies and “The Sopranos” episodes in apartments they searched during their investigations, the Russian credit card thieves who hit the Bay Area in the late 1990s was not a classic, Mafia-style criminal organization. According to Secret Service agent Jim Deal, Russian ID thieves operate within a loose network of "cells" that simply do business with one another, rather than reporting (and passing a cut from each illegal transaction) up the line to a crime boss. “They are not involved in criminal enterprise as a thrilling hobby or as a source of quick drug money. Instead, its about finding loopholes, earning a living, doing business in a less-than-legitimate way.” This decentralized organization made the Russian credit card game a tough, time-consuming criminal enterprise to penetrate or prosecute. But it's a game that's increasingly played by a growing number of ID thieves from all over the world.
Who's involved?
Russian rings aside, most of the identity theft done by mail in the U.S. is still committed by individuals or a small group of people that has organized together to go around urban and suburban neighborhoods stealing mail in “volume attacks”, that is, breaking into a community mailbox that groups the mail of up to 40 people in one place. “Many criminals we've identified are using methamphetamines, and they break into mailboxes for credit cards and checks that can pay for their drug habit,” says Inspector Paul Lowery of the Northern California division of the.S. Postal Inspection Service.But more and more groups from overseas are making their way over here. “Russian, Asian, Romanian and Mafia groups are all organized to do identity theft activities - credit card fraud, check fraud, mail fraud,” says Jim Deal who has investigated ID crime in California and Nevada.
A Samoan Tonga gang of 15 was recently caught in San Jose, California, for mail theft. The first “skimming” case caught an Asian crime gang at a sushi restaurant in Lake Tahoe, where waiters stole 56 customers' credit card numbers to make counterfeit cards and run up $839,000 in one month. A Romanian group worked the entire West Coast breaking into cars at remote campgrounds and hiking trailheads, but only stealing one credit card per heist, using it to make cash advances at Nevada casinos and then to make counterfeit cards and IDs.
What methods are they using?
Mail. Even in the age of high-tech theft, police are warning homeowners to safeguard their most vulnerable source of financial and personal information -- their mailbox.Al Abalos doesn't need a reminder. Last year, he received a mysterious $5,000 bill from Nordstrom and Home Depot on a pre-approved credit card snatched from his mailbox in South San Jose, California. Someone also stole a bill with Abalos' Social Security number, which he stuck in the mailbox before taking off for a trip to the Philippines.
To find the culprit, Abalos connected a $120 spy camera above his garage to an $80 television. He turned the tape over to police when his mail was stolen six months later, but postal investigators could not make out the assailant's license plate number. Finally, he did what police say everyone should do: He bought a mailbox with a lock on it.
But San Jose detective Ken Munson estimates that one out of three cases of identity theft and credit card theft start with stolen mail. “Thieves used to scavenge for pre-approved credit cards, personal checks and money orders they could manipulate for instant profit. Now the thieves want information such as name, Social Security number, date of birth and bank account number. They use the information to apply for credit cards and use computers to manufacture sophisticated fraudulent identification and counterfeit checks."
Rural areas and anybody that has their mailbox close to the street are very susceptible, says Munson. Also, mailboxes affixed next to garages and front doors also make easy targets for thieves posing as solicitors, he said. And mail is not safe once it is inside the house. "If they're not stealing mail on the front side, they can wait a week and steal it from the recycling." Munson says he uses a paper shredder and pays his bills online.
The Postal Service says deterring mail thieves is as easy as locking outside mailboxes or switching to mail slots that leave letters inside. And it warns never to leave bills in mailboxes for postal workers to pick up.
Mail theft particularly attracts parolees wary of a receiving another strike. Stealing envelopes involves less risk than holding up a convenience store and is easier to get away with. “If police do catch a mail thief, the penalty is just about next to nothing," says James Sibley, Deputy District Attorney for Santa Clara County in California. National sentences for convicted mail thieves range from 16 months to three years.
Skimming. As you read this, a thief anywhere in the world could be using a counterfeit credit card he made himself with your name and account number on it. How? Someone, somewhere made an extra swipe of your credit card. It could be a waiter or a store clerk or anyone you've handed your credit card to for payment. Instead of just charging your card, the thief made an extra swipe of your credit card into a small hand-held device known as a skimmer. The skimmer pulls the data from your card, giving the thief all the information needed to make a counterfeit card. A skimmer can hold card data from hundreds of different credit cards.
Skimming and counterfeit credit card scams are widespread in Europe, Asia and Latin America and are on the rise in the U.S. It's an area that the Mafia is seeing as lucrative. Last January, authorities arrested a gang in New York City with ties to the Genovese crime family for credit card theft. The ringleaders were paying retail clerks who worked everywhere from Home Depot and Toys "R" Us to mom-and-pop record stores and nail salons to skim customers' credit cards at the price of $50 for each stolen identity. The ring used the numbers to make phony cards, which they sold for $1,000 apiece. Then they allegedly used the fake cards to purchase hundreds of thousands of dollars' worth of power tools, appliances, oak flooring and other expensive items that they resold at heavy discounts, making a profit of millions of dollars. They also allegedly sold bulk packs of phony cards on the street for as much as $30,000, the price depending on the credit limit available on the cards. When police made arrests at the ringleader's apartment, they found information from more than 4,300 credit cards, 200 cloned cards and the cloning equipment.
Internet chat groups and databases. According to research firm Celent Communications, online credit card fraud totaled more than $850 million last year. The Internet makes it easy for ID thieves to go high-tech with their schemes. Many card numbers are stolen by hackers who break into databases of Web commerce sites. Other con artists trick unsuspecting computer users into providing card numbers. The Secret Service's Jim Deal cites the ultimate in hacking - a group breaking into a credit card transmitter via the Internet in Omaha, Nebraska to steal 10.5 million credit card numbers from the credit card company's processor. “They got names, credit card numbers, verification values, dates of births and Social Security numbers. Now they can make counterfeit credit cards.” The group has yet to be caught.
Increasingly, Internet chat groups now play an important and growing role in online credit card fraud. Prior, hackers usually operated on their own but “chat channels” now make it possible for large groups of people to share tactics for criminal activity. Chat channels also allow access to programs users have placed there that automate the tasks of credit card fraud, such as checking a stolen card number's validity or systematically searching for Web sites that have card credit information and are vulnerable to attacks. “These users trade up to 5,000 credit card numbers at $20 per pop, and they ask that the money be put into their PayPal account,” says Deal.
Tracking users of these groups can be difficult. Many are based in foreign countries and almost all conceal their names and locations, in part by connecting to the chat channels through remote, unrelated computers they have hacked into. They shift locations when they suspect they are being monitored by government authorities or if the owners of the servers being used shut down the channels. But new channels can spring up overnight.
On the bright side, the information chat channel users share is now being used to do good. Card Cops, an anti-fraud education group, tipped federal authorities last year to an Internet chat room where thieves had been checking whether stolen card numbers were still valid or had been deactivated. At that point, the database had been up for just seven weeks but it already had amassed 100,000 stolen credit card numbers. The Secret Service immediately started investigating the most active Internet card thieves searching in that database. Also, Card Cops opened a Web site that enables people to find out if thieves have their card numbers (www.cardcops.com). You can type in your card number and if it comes back positive, you should alert your financial institution. Most credit card companies won't charge cardholders for fraudulent purchases, although it is important to contact the issuing bank promptly.
What are the authorities doing?
Even though ID thieves can carry off more money in a single heist than bank robbers, they're the ones most likely to get probation or single-digit years spent in prison. But as the number of identity-theft crimes increase, so do the legislative actions to create higher standards for privacy protection. In the last year alone, nearly twenty bills have been proposed at the state and federal levels.California, which has the highest rate of identity theft nationwide, has been at the forefront of ID theft legislation. The most recent law passed extends the time a victim of identity theft has to report the crime to four years, beginning when he or she notices the problem, since some victims don't find out about the crime for months or even years after it happens. Another initiative in the works proposes to stop banks and insurance companies from trading private information about their customers, but the financial industry vows to stop that bill from passing. “Laws that are usually successful in California are then included in Federal laws,” says Linda Foley, executive director of the nonprofit Identity Theft Resource Center. “And the state's recent success means stronger national ID theft laws will be introduced in Congress this fall.”
Still, San Jose Detective Ken Munson's wish list: More people to do ID theft investigation and stronger sentencing guidelines. “Violent crime is at the forefront of people's minds, so our High Tech task forces don't have enough people to investigate because violence crime takes the forefront. But he praises a recent California bill that allows law enforcement agents to extend their search warrants beyond county lines to stop ID thieves. And he says the legal system is starting to crack down on ID thieves. “We're getting good prison sentences handed down now. The last two we caught got eight years, and that's unheard of in many other states, where they usually get probation and a couple of months in jail. Once ID thieves get stronger sentences, they'll see it's not so lucrative.”
To help local police officers better understand and investigate ID theft crimes, the Secret Service, which has been looking at ID theft as part of a Homeland security issue, sent out a guide this summer to more than 40,000 police departments and other law enforcement authorities. But agent Jim Deal, for one, thinks more needs to be done, especially since terrorists are also becoming skilled at ID theft. “Everyone is concerned about weapons of mass destruction and rightfully so, but the 9/11 terrorists used identity and credit card theft to further their plan to blow up targets. So identity theft is where we should be looking to target aspiring terrorists. We really need to look at white-collar crime, tighten up our enforcement of it, and work with other countries to fight it, or else there won't be a global economy.” 
