Locals Among Dozens Caught Up in International Criminal Phishing Scheme

Congratulations, Orange County! Some of your residents were among today's arrestees in the largest cyber crime case of its kind.

“Operation Phish Phry,” the first joint cyber investigation between Egyptian law enforcement authorities and United States officials, netted the most defendants ever charged in a cyber crime case, turning up domestic suspects in Orange, Riverside, San Bernardino, Los Angeles and San Diego counties, elsewhere in California, Nevada, and North Carolina.



“Phishing” involves fraudulently collecting personal information stored electronically and, if the allegations hold true, using it to defraud American banks.

Thirty-three of 53 defendants named in an indictment returned last week by a federal grand jury in Los Angeles were arrested today in several U.S. cities. Authorities in Egypt have charged another 47 defendants for allegedly being linked to the same phishing scheme.

Operation Phish Phry was launched in 2007 when FBI agents, working with American financial institutions, took proactive steps to identify and disrupt sophisticated criminal enterprises targeting the financial infrastructure in the United States. Intelligence developed during the initiative prompted the joint FBI and Egyptian response.

The 51-count indictment accuses all of the defendants with conspiracy to commit wire fraud and bank fraud. Various defendants are charged with bank fraud; aggravated identity theft; conspiracy to commit computer fraud, specifically unauthorized access to protected computers in connection with fraudulent bank transfers and domestic and international money laundering.

The indictment unsealed this morning says Egyptian-based hackers obtained bank account numbers and related personal identification information from an unknown number of bank customers through phishing–a technique that involves sending e-mail messages that appear to be official correspondence from banks or credit card vendors. In illegal phishing schemes, bank customers are directed to fake websites purporting to be linked to financial institutions, where the customers are asked to enter their account numbers, passwords and other personal identification information. Because the websites appear to be legitimate–complete with bank logos and legal disclaimers–the customers do not realize that the websites do not belong to legitimate financial institutions.

Two American banks were targeted. The United States part of the ring was allegedly directed by Californians who directed trusted associates to recruit “runners” who set up bank accounts where the funds stolen from the compromised accounts could be transferred and withdrawn. A portion of the illegally obtained funds withdrawn were then transferred via wire services to the individuals operating in Egypt who had originally provided the bank account information obtained via phishing.

“This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands, of bank customers,” acting U.S. Attorney George S. Cardona said in an FBI-distributed statement. “Organized, international criminal rings can only be confronted by an organized response by law enforcement across international borders, which we have seen in this case.”

“The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed,” said Keith Bolcar, acting assistant director in charge of LA's FBI office. “Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans.”

The local arrestees were scheduled to have their initial court appearance in U.S. District Court in LA this afternoon. Each could get 20 years in the federal pen if convicted, with longer sentences possible for some.

Leave a Reply

Your email address will not be published. Required fields are marked *