Feds nab more members of alleged identity theft gang

Computerworld - Federal authorities say they have taken another step toward busting a multinational identity theft ring that is alleged to have used stolen personal data to withdraw millions of dollars from home equity line-of-credit accounts at dozens of financial institutions in the U.S., including some of the country's largest banks.

Four individuals were arrested last week in connection with the alleged scheme, which has resulted in more than $2.5 million being stolen from the affected financial institutions, according to law enforcement officials. Another $4 million worth of attempted withdrawals by the gang were unsuccessful, the U.S. attorney's office in New Jersey said in announcing the arrests last Wednesday (download PDF).

Court documents filed in connection with the case described an operation that appears to have been highly sophisticated and global in nature. The identity theft gang operates in the U.S. as well as the U.K., Canada, China, Japan, Vietnam, South Korea and several other countries, the court documents said.

Four other men already were charged with participating in the scheme after being arrested between August and October. The additional suspects arrested last week were identified as Derrick Polk, 45, of Los Angeles; Oludola Akinmola, 37, and Oladeji Craig, 39, both of Brooklyn, N.Y.; and Oluwajide Ogunbiyi, 32, of Springfield, Ill. Each was charged with three felony counts, including wire fraud and gaining unauthorized access to computers. If convicted, they face a maximum of 50 years in prison and fines of $1.5 million.

Officials at the U.S. attorney's office, which is located in Newark, didn't respond by publication time to requests for comments about the latest arrests.

According to the charging papers, the scheme involved the theft of money from home equity accounts by cybercrooks who used the personal data of legitimate customers to access their accounts online. The documents said that accounts were compromised at Citibank, JPMorgan Chase, Wachovia, Bank of America and "dozens" of other banks and credit unions, including the Navy Federal Credit Union, U.S. Senate Federal Credit Union and State Department Federal Credit Union.

The alleged perpetrators obtained confidential information belonging to thousands of customers of the various banks from co-conspirators based both in the U.S. and overseas, the court documents said. They also appear to have harvested much of the personal data and even samples of people's signatures from publicly available databases and from public records posted on government Web sites, including copies of property deeds and mortgage documents.

The information stolen by the gang included full names, birth dates, Social Security numbers and bank account numbers, balances and withdrawal limits, as well as online usernames, passwords and account security questions, the court documents said. The papers added that in cases where the alleged cybercrooks didn't have all the information about a person that was needed to carry out a fraudulent transaction, they would call the relevant bank and use social engineering tactics to gather additional data.