The FBI on Wednesday rounded up 33 of 53 U.S.-based defendants named in an indictment returned last week by a federal grand jury in Los Angeles, culminating more than two years of legwork investigating a sophisticated phishing operation designed to steal personal information and then use it to rip off banks.
Dubbed Operation Phish Phry, the investigation began in 2007 and netted 53 alleged phishers in the U.S. and another 47 in Egypt, according to an FBI statement released Wednesday afternoon.
The bust represents the largest cyber fraud phishing case prosecuted to date.
“Operation Phish Phry marks the first joint cyber investigation between Egyptian law enforcement authorities and United States officials, which include the FBI, the United States Attorney’s Office, and the Electronic Crimes Task Force in Los Angeles,” FBI officials said in the statement.
The 51-count indictment accuses all of the defendants with conspiracy to commit wire fraud and bank fraud. Various defendants are charged with bank fraud; aggravated identity theft; conspiracy to commit computer fraud, specifically, unauthorized access to protected computers in connection with fraudulent bank transfers; and domestic and international money laundering.
Phishing scams have become nothing short of a plague to Internet users in the past few years, with scams taking root in social networking sites, popular e-mail services and on Web sites hosted around the globe.
FBI officials said in this instance, Egyptian-backed hackers snared bank account numbers and other personal information from an “unknown number” of banking customers through unsolicited e-mails that directed victims to official-looking banking or credit card Web sites where their personal and account information was obtained.
“Because the Web sites appear to be legitimate — complete with bank logos and legal disclaimers — the customers do not realize that the Web sites do not belong to legitimate financial institutions,” the FBI release continued.
“The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed,” said Keith Bolcar, acting assistant director in charge of the FBI in Los Angeles. “Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans.
Three Californians — Kenneth Joseph Lucas, Nichole Michelle Merzi and Jonathan Preston Clark — were alleged to be the ringleaders of the U.S.-based operations. The FBI claimed the trio directed trusted associates to recruit “runners” who set up bank accounts where the funds stolen from the compromised accounts could be transferred and withdrawn.
A portion of the stolen money, according to the FBI, was withdrawn and transferred via wire services to co-conspirators in Egypt who allegedly provided the bank account information they had phished.
“This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands, of bank customers,” acting U.S. Attorney George Cardona said in a statement. “Organized, international criminal rings can only be confronted by an organized response by law enforcement across international borders, which we have seen in this case.”
None of the banks affected by the alleged scam were named in Wednesday’s release.
The 33 defendants arrested Wednesday were taken into custody in either have appeared or will appear before U.S. magistrate judges in the district where they were arrested.
The FBI said each of the 53 U.S.-based defendants will be charged with conspiracy to commit bank fraud and wire fraud, a charge that carries a statutory maximum penalty of 20 years in federal prison. Some of the defendants are named in additional counts that would increase their maximum possible sentences.