Feds say a transnational cyber crime ring based in Vietnam has ties to two exchange students.
By DAN BROWNING, Star Tribune
Last update: January 3, 2011 - 5:50 PM
A U.S. Department of Homeland Security investigation dubbed "Operation eMule" has led federal agents to a pair of 22-year-old foreign-exchange students in Winona who are suspected to be part of a sophisticated cyber crime ring based in Vietnam that has been misusing the identities of countless Americans to bilk online retailers out of millions of dollars.
"It's a big one," said Jason Calhoun, a fraud investigator with the Rosetta Stone language software company who has been working on the case with federal agents.
Numerous major companies have been stung in the scam, including eBay, PayPal, Amazon, Apple, Dell and Verizon Wireless, according to federal court documents and Calhoun.
Authorities say the operation is built around stolen identities that are used to open accounts with eBay, PayPal and U.S. banks. Through those accounts, the fraudsters sell popular, expensive merchandise at discounted prices. The sellers fill the orders by purchasing the goods from other vendors using stolen financial accounts. When the identity-theft victims protest the charges, the merchants end up holding the bag.
The two Winona State University students controlled more than 180 eBay accounts and more than 360 PayPal accounts that were opened using stolen identities, according to documents that were unsealed Dec. 29 by a federal magistrate judge in St. Paul.
Susan Higginbotham, 49, of Bemidji, was among the scheme's victims. She discovered that someone had stolen her identity in January when she started getting mail from banks welcoming her as a new customer.
"Sometimes there were seven, eight in a day. This happened over a number of days," Higginbotham said Friday. Then came some bills from eBay for trades she hadn't made.
Higginbotham, a special education teacher in Bagley, Minn., turned the matter over to a pre-paid legal services company called Identity Theft Shield, which she had learned about at work. "They just did a wonderful job," she said.
Investigators found that the two Winona students collected nearly $1.25 million in illicit funds, much of which was then wired to accounts in Vietnam and Canada, according to an affidavit filed by Daniel Schwarz, an agent with Homeland Security Investigations in Minnesota. Schwarz is working on the case with the National Cyber Crimes Center (C3) in Washington, D.C. The center is part of U.S. Immigration and Customs Enforcement.
The two Winona students contributed significantly to about $1 million in fraudulent credit card orders for Rosetta Stone software, which were charged back to the company, Schwarz said in his affidavit, which was used to obtain and execute a search warrant in November for the students' Winona apartment.
The students, Tram Vo and Khoi Van, have F1 visas that allow them to study at the university, but they're not allowed to work outside of it, the government says.
Ongoing investigation
Vo could not be reached for comment. Van declined to comment. Immigration officials declined to comment Friday on their status, noting that the matter is part of an "ongoing criminal investigation." Public records show no criminal charges against the students, however.
Calhoun said that C3 investigators uncovered the ring in Vietnam while pursuing a similar scheme that he uncovered at Rosetta Stone in 2008. That operation was run by a computer programmer named Randall Craig Senn, of Billings, Mont., and Osama Moosa Al Hami, of Amman, Jordan.
Senn pleaded guilty to conspiracy and was sentenced in March to 30 months in prison. Al Hami was arrested and prosecuted in Jordan, according to federal court records.
Operation eMule officially began in September 2009 to investigate criminal rings based in Vietnam that are targeting online commerce and express mail courier operations. Investigators estimate that the rings contribute "hundreds of millions of dollars" to an underground economy in Vietnam, according to the affidavit.
Schwartz said in his affidavit that the rings involve an "elaborate network" of specialists, including computer hackers, vendors of stolen identities and financial information, fraud managers and facilitators, money mules and shippers. The members communicate through a secure web site "accessed by vetted members only."
Investigators say the fraudsters, hiding behind proxy Internet addresses, pose as eBay sellers using stolen identities, offering heavily discounted merchandise for popular items like software, video games, textbooks and Apple iTunes gift cards.
But the fraudsters don't actually have the merchandise. So when someone buys the products on eBay using a credit card or PayPal account, the fraudsters collect the payments and order the merchandise -- at full price -- from third-party vendors using stolen identities. The goods are then shipped to the eBay buyers, and victims like Higginbotham get billed for products they neither ordered nor received. After they protest, the banks issue "chargebacks" to the vendors.
Meanwhile, money "mules" transfer the illicit funds to various U.S. bank accounts, then wire it to accounts where the money can be swept away.
"These guys overseas often feel like they are relatively untouchable," said Calhoun, who participated in a forum on Operation eMule with federal investigators and two other retail fraud investigators at an Oct. 1 meeting of the Merchant Risk Council. The Seattle-based organization was formed to fight online fraud schemes.
"Operation eMule has resulted in the infiltration of several underground criminal forums and the identification of numerous transnational cyber crime syndicates operating in Vietnam," according to a description of the presentation. It says the syndicates rely heavily on international exchange students to act as money mules.
Duped into participating
Craig Sorum, a supervisory agent overseeing the FBI's cyber crimes investigations in Minneapolis, said in a recent interview that most money mules are duped into participating in such schemes. In many cases, he said, they are recruited through Internet job sites by fraudsters posing as legitimate employers who offer good pay for easy work. Sorum could not be reached for comment on this particular case.
PayPal records link Vo to 24 eBay accounts and at least 56 accounts opened under the name of stolen identities, according to the affidavit. Some $247,000 flowed through those accounts. She also opened at least 26 bank accounts at Wells Fargo, Capital One, Eastwood and HSBC banks under purloined identities, the government says.
Deposits to those accounts totaled $352,676, nearly $200,000 of which was wired to Vietnam or Canada.
Investigators linked Van -- who recently won an award as an outstanding biochemistry student at Winona State -- to 157 eBay accounts and 310 PayPal accounts that were opened under stolen identities.
The affidavit says more than $1 million flowed through those accounts. It says that Van opened at least six Wells Fargo and Eastwood bank accounts under stolen identities. Deposits in those accounts totaled about $524,000, of which $480,020 was wired to Vietnam.
"I don't know when he would have time to do that. He spends all of his time studying," Thomas Nalli, a chemistry professor at Winona State who has worked closely with Van, said Saturday. "I hope none of it is true."
The government says it has probable cause linking Vo and Van to crimes of wire fraud, identity theft and money laundering.
Dan Browning • 612-673-4493
-----------------------------------------------------------------
Hai du học sinh VN bị tình nghi lừa 1,2 triệu USD qua mạng
Tram Vo và Khoi Van, sinh viên Đại học Winona (Mỹ), bị nghi ngờ liên quan đến một đường dây tội phạm mạng quy mô lớn có nguồn gốc từ Việt Nam.
Theo báo Star Tribune, cuộc điều tra mang tên Operation eMule của Bộ an ninh nội địa Mỹ đã lần ra hai sinh viên 22 tuổi giả mạo danh tính của rất nhiều người Mỹ để lừa đảo trên mạng.
Tram Vo và Khoi Van đã sử dụng những thông tin cá nhân ăn cắp để lập hơn 180 tài khoản eBay và hơn 360 tài khoản PayPal cùng nhiều tài khoản ngân hàng khác. Sau đó, cả hai dùng những tài khoản mạo danh này để mua các mặt hàng đắt đỏ từ eBay, Amazon, Apple, Dell và Verizon Wireless rồi bán lại với giá rẻ.
Ảnh minh họa: DigitalTrends. |
Susan Higginbotham, giáo viên 49 tuổi ở Minnesota, là một trong những nạn nhân của đường dây này. Bà đã phát hiện ra ai đó ăn cắp danh tính của mình vào tháng 1/2010 khi nhận được e-mail của các ngân hàng chào mừng bà như một khách hàng mới. "Đôi khi có tới 8 e-mail như vậy trong một ngày", Higginbotham kể. Sau đó, bà nhận được những hóa đơn từ eBay về các giao dịch bà chưa bao giờ thực hiện nên đã nhờ tư vấn và hiểu ra vấn đề.
Star Tribune trích tài liệu tòa án liên bang cho biết 2 sinh viên này đã kiếm được gần 1,25 triệu USD và hầu hết được chuyển tới tài khoản ở Việt Nam và Canada.
Cuộc điều tra Operation eMule bắt đầu từ tháng 9/2009 với mục đích tìm hiểu các đường dây tội phạm liên quan tới dịch vụ thương mại điện tử và chuyển phát nhanh có nguồn gốc từ Việt Nam.
Các quan chức di trú Mỹ không bình luận về tình trạng thị thực của Tram Vo và Khoi Van vì vụ việc vẫn đang trong quá trình điều tra và 2 sinh viên này cũng chưa chính thức bị truy tố.
Giữa tháng 12, Cục Cảnh sát phòng chống tội phạm công nghệ cao VN cũng phối hợp với cảnh sát Anh bắt giữ một số nghi phạm người Việt đột nhập vào hệ thống dữ liệu của một tổ chức tín dụng, đánh cắp mật khẩu cả trăm nghìn thẻ tín dụng cá nhân để mua bán qua mạng với số tiền lên tới hàng tỷ đồng.
Châu An