| |
New Page 4
Good morning, Mr.
Chairman and Members of the Subcommittee. I am pleased to appear before you this
morning to testify about the problem of Internet fraud and the closely related
problem of identity theft, and what the Department of Justice is doing to combat
them. I will first discuss Internet fraud and then identity theft.
As a preliminary
matter, Mr. Chairman, today the Department of Justice and the FBI are announcing
a major enforcement operation targeting Internet fraud, one of the
fastest-growing and most pervasive forms of white-collar crime. The threat of
Internet fraud calls for forceful action, and today, the Department and the FBI,
in partnership with the U.S. Postal Inspection Service, the Internal Revenue
Service - Criminal Investigative Division, the U.S. Customs Service, and
numerous state and local law enforcement agencies, are responding with a
national "sweep" of coordinated enforcement actions against
approximately 90 subjects. In a few moments, Mr. Thomas Kubic, Deputy Assistant
Director in the FBI's Criminal Investigative Division, will provide details of
the sweep, "Operation Cyber Loss."
I. INTERNET
FRAUD
Internet fraud,
in all of its forms, is one of the fastest-growing and most pervasive forms of
white-collar crime. Criminals, both here and abroad, have recognized that the
very features of the Internet that many people find appealing – its global
reach, its ability to communicate instantaneously with millions of people at
virtually zero cost, and the relative anonymity that its users have while online
– can be turned to their advantage for fraudulent purposes. Regrettably,
criminal exploitation of the Internet now encompasses a wide variety of
securities and other investment schemes, online auction schemes, credit-card
fraud, financial institution fraud, and identity theft. If law enforcement does
not move aggressively to respond to this threat, there are significant
indications that the threat will become more severe and more pervasive over
time.
A January 2001 study
by Meridien Research, for example, reports that with the continuing growth of
e-commerce, payment-card fraud on the Internet will increase worldwide from $1.6
billion in 2000 to $15.5 billion by 2005. The Securities and Exchange Commission
staff reports that it receives 200 to 300 online complaints a day about
Internet-related securities fraud. Foreign law enforcement authorities also
regard Internet fraud as a growing problem. Earlier this year, the European
Commission reported that in 2000, payment-card fraud in the European Union rose
by 50 percent to $553 million in fraudulent transactions, and noted that fraud
was increasing most in relation to remote payment transactions, especially on
the Internet. Similarly, the International Chamber of Commerce’s Commercial
Crime Service reported that nearly two-thirds of all cases it handled in 2000
involved online fraud.
To ensure an
effective and coordinated response to the problem of Internet fraud, the
Department has been pursuing a comprehensive six-part strategy. The elements of
that strategy are as follows.
A. Interagency
Coordination
First, the
Department has taken a number of steps to provide enhanced coordination on
Internet fraud prosecutions between law enforcement and regulatory agencies at
regional, national, and even international levels. On the national level, for
example, the Department has been proactive in maintaining contact with United
States Attorneys’ offices throughout the country about their Internet fraud
cases, and working to develop coordinated actions wherever possible.
United States
Attorneys have been compiling a record of significant accomplishments in
prosecuting major Internet fraud schemes. The following are but a few of the
more recent successful Internet fraud prosecutions by United States Attorneys:
• On May 10,
2001, a federal jury in the District of Colorado found Daniel Ketelsen
guilty of charges relating to Internet fraud. Ketelsen received money for
computer components he auctioned under false identities but never delivered
via eBay. After receiving numerous complaints from victims, Ketelsen filed a
fraudulent claim with his insurance company, alleging that the computer
components had been stolen from his garage. An investigation by U.S. Postal
Inspectors revealed that Ketelsen never had the computer components
auctioned on eBay, and was attempting to obtain money illegally from an
insurance company.
• On March 8,
2001, a federal jury in the Southern District of New York convicted Fred
Moldofsky, on securities fraud charges for distributing over the Internet a
series of fake press releases regarding Lucent Technologies. The evidence at
trial showed that on March 22-23, 2000, Moldofsky, a self-described
securities day trader living in Houston, used the Internet to distribute a
series of 19 fake press releases purporting to announce that Lucent expected
its earnings for the second quarter of its fiscal year 2000 to fall short of
analysts’ expectations. After Moldofsky’s posting of these messages on a
Yahoo! message board, on the morning of March 23, 2000, the price of Lucent’s
common stock declined by as much as 3.6 percent, resulting in losses of
millions of dollars by investors who sold Lucent stock at artificially
depressed prices. Later that morning, when Bloomberg News announced that
Lucent had confirmed the release to be fake, Lucent’s common stock price
rose by approximately $5 per share in less than eight minutes.
• On December
27, 2000, a federal judge in the Central District of California sentenced
two defendants in a business opportunity fraud scheme to 27 months’
imprisonment and more than $100,000 in restitution to fraud victims. The
defendants in this case had pleaded guilty to fraud-related charges stemming
from their sending out more than 50 million "spam" e-mails,
fraudulently soliciting money. The e-mails, which targeted students, the
elderly, and others, promised enormous returns from a
"work-at-home" scheme in exchange for the payment of a so-called
"processing fee" of $35. The scheme resulted in approximately
12,405 victims sending money to the defendants. (It should be noted that the
cost of sending these 50 million spam e-mails was less than $100. By
contrast, sending the same number of messages by first-class mail, at 34
cents per envelope, would have cost the defendants approximately $17 million
in postage alone.)
To misdirect
people who wanted to complain about the solicitations or the lack of action
after the "fees" were paid, the defendants’ "spam"
included a forged return address, making it appear that the point of origin
was an Internet service provider, BigBear.Net. Irate Internet users sent
approximately 100,000 e-mails in response, mistakenly believing that
BigBear.Net had sent the spam. This flood of messages led to the
"crash" of BigBear.Net’s Internet computer file servers. The
company that operated BigBear.Net also had to hire three temporary workers
for nearly six months to respond to these complaints. Ultimately, the court’s
restitution order included not only individual victims but the victimized
company.
The Department also
fosters national-level coordination through its chairing of the interagency
Telemarketing and Internet Fraud Working Group. This Working Group, which meets
quarterly, brings together representatives of numerous United States Attorneys’
offices, the FBI, the Secret Service, the Postal Inspection Service, the Federal
Trade Commission, the Securities and Exchange Commission, and other law
enforcement and regulatory agencies. The Working Group meetings enable agencies
to share information about trends and patterns in Internet fraud schemes, to
brief members on noteworthy legal and policy developments, and otherwise to
encourage closer and more active communication on Internet and telemarketing
fraud matters.
At the international
level, the Department of Justice has played a leading role in initiating
discussions about Internet fraud at subgroup meetings of the G8's Senior Experts
Group on Transnational Organized Crime (also known as the "Lyon
Group"). These discussions have led to the G8 Ministers of Justice
identifying Internet fraud as a significant threat to the growth and development
of e-commerce, and committing to adopt a comprehensive response to the problem
that includes investigation, prosecution, and prevention. Discussions on
followup measures on Internet fraud are being pursued in the Projects and
High-tech Subgroups of the Lyon Group.
B. Support and
Advice on Prosecutions
Second, the
Department provides continuing support and advice on Internet fraud prosecutions
to federal prosecutors. As a result of its continuing contact with Assistant
United States Attorneys who handle Internet fraud cases, the Department has
compiled a substantial "brief bank" of pleadings and other legal
materials that prosecutors may find useful. The Department makes these materials
readily available to United States Attorneys’ offices throughout the country.
The Department is now working to establish an Intranet on Internet fraud to
improve communication and information-sharing among its prosecutors. The
Department, through the Fraud Section and the Computer Crime and Intellectual
Property Section of the Criminal Division, also routinely provides legal and
practical advice to federal prosecutors working on Internet fraud cases.
C. Training for
Prosecutors and Agents
Third, the
Department has demonstrated its commitment to ensuring that prosecutors and
agents receive appropriate training to conduct Internet fraud investigations and
prosecutions effectively. At its National Advocacy Center, the Department has
established basic and advanced training courses on Internet fraud. The Center
has a basic Cybercrimes course, presented several times a year, that now
includes a track on Internet fraud. The Center has also conducted two advanced
Internet fraud courses for more than 180 federal, state, and local prosecutors,
FBI agents, and even foreign prosecutors from Canada, Germany, Hong Kong, and
the United Kingdom. The Department has taken affirmative steps to invite foreign
prosecutors to these courses, because it regards Internet fraud as a global
problem that will require increased understanding of how U.S. and foreign
prosecutors can work together more effectively. The Department has also provided
expert speakers on Internet fraud issues for training sessions at the FBI
Academy and other law enforcement and regulatory training programs.
D. Investigative and
Analytical Resources
Fourth, the
Department has recognized the need to develop investigative and analytical
resources, so that agents and prosecutors can more quickly identify Internet
fraud schemes while they are still underway and develop effective enforcement
responses. To that end, it has supported the establishment of the Internet Fraud
Complaint Center (IFCC), a joint project of the FBI and the National White
Collar Crime Center. The IFCC receives complaints from members of the public in
nearly 90 countries about various types of Internet frauds and other
Internet-related crimes. It then analyzes the fraud-related complaints for
patterns, develops additional information on particular cases, and sends
investigative packages to law enforcement authorities in the jurisdiction that
appears likely to have the greatest investigative interest in the matter.
E. Education and
Prevention
Fifth, the
Department has been actively pursuing new measures for public education about,
and prevention of, Internet fraud, with appropriate collaboration between
government and the private sector.
F. Nature and Scope
of the Problem
Finally, the
Department continues to work closely with other agencies to develop better
information about the nature and scope of Internet fraud. The IFCC’s data
compilations are expected to be increasingly useful in identifying longer-range
trends and patterns of Internet fraud schemes, including statistical data that
law enforcement and regulatory agencies may find useful in allocating resources
and devising enforcement strategies. The Department has also worked closely with
the Federal Trade Commission (FTC) to enhance the quality and availability of
data from complaints about Internet-related consumer fraud that the FTC receives
for inclusion in its Consumer Sentinel database.
This summary of the
Department’s efforts against Internet fraud should help to demonstrate that
the Department is wholeheartedly committed to an aggressive strategy for
combating Internet fraud, and that this strategy is based on fostering improved
cooperation and coordination at all levels of government.
II. IDENTITY
THEFT
With your
permission, Mr. Chairman, I would like to turn to the issue of identity theft.
Identity theft, and the crimes that it furthers, can take advantage of the
Internet, but can be committed online or offline.
Law enforcement has
made remarkable strides in dealing with identity theft as a crime problem over
the last two years. One of the first steps that needed to be taken was to ensure
that identity theft is clearly identified as a serious crime. Before October 30,
1998, when the Identity Theft and Assumption Act of 1998 (18 U.S.C. §
1028(a)(7)) became law, there was no federal statute that made identity theft a
crime, and state statutes on identity theft were few and far between. Only two
years later, federal prosecutors are making substantial use of the statute. To
date, we have identified at least 92 cases in which U.S. Attorneys’
offices throughout the country have made use of that section in prosecuting
cases that involved identity theft. Here are some examples of federal identity
theft prosecutions that the Department has been pursuing this year:
• In
California, a defendant was sentenced to 27 months’ imprisonment and five
years’ supervised release after pleading guilty to identity theft and
related charges. The defendant stole private bank account information about
an insurance company’s policyholders and used that information to deposit
approximately 4,300 counterfeit bank drafts, totaling more than $764,000,
and withdraw funds from the accounts of the policyholders. United States
v. Johnson (C.D. Cal.).
• In Delaware,
two defendants were sentenced to terms of imprisonment after pleading guilty
to identity theft. The defendants obtained names and Social Security numbers
of high-ranking military officers on the Internet and used them to apply for
credit cards and bank and corporate credit in the officers’ names. One
defendant was sentenced to 33 months’ imprisonment, three years’
supervised release, $160,910.87 in restitution, and a $100 special
assessment; the other was sentenced to 41 months’ imprisonment, three
years’ supervised release, $126,298.79 in restitution, and a $100 special
assessment. United States v. Christian (D. Del.).
• In Texas, a
man was indicted on identity theft and related charges, after allegedly
creating false identification documents in the name of his deceased
brother-in-law and twice applying for a U.S. passport in the brother-in-law’s
name. United States v. Ipi (S.D. Tex.).
• In the State
of Washington, a defendant pleaded guilty to identity theft, after using the
date of birth and Social Security number of another individual (with the
same first and last names and middle initial) to obtain credit cards and an
automobile loan. United States v. Wahl (W.D. Wash.). Another
defendant pleaded guilty to identity theft and related charges, after
participating in a conspiracy to use the identities and names of others to
obtain credit cards, open banking and investment accounts at numerous
locations, and negotiate fraudulent and counterfeit checks. United States
v. Tomaszewski (W.D. Wash.).
Approximately 40
states have now enacted statutes to prohibit identity theft, and other states
are considering such legislation. Moreover, to ensure that persons convicted
under the federal identity theft provisions receive appropriate sanctions, the
United States Sentencing Commission has issued Sentencing Guidelines for
identity theft. The new Guidelines establish a two-level enhancement, in
addition to the offense level dictated by the amount of loss, where the identity
thief has used "breeder documents," such as Social Security cards.
Even if there is no loss, the Guidelines will set a "floor" – that
is, a minimum offense level – of 12, which would ensure a jail sentence that
could be as high as 10-16 months, even for someone with no prior criminal
convictions. The Guidelines also invite upward departures for more severe
sentences in cases where egregious conduct seriously affects individuals (for
example, where the criminal "takes over" a victim’s identity).
Until recently,
victims of identity theft had no single national point of contact to report
instances of identity theft or get advice on how to deal with identity theft,
and law enforcement had no single place to which they could go to find and
review complaints from identity theft victims in their jurisdictions. Under the
1998 Act, the Federal Trade Commission established a national toll-free number
[1-877-ID-THEFT] for victims to call, and has made the identity theft complaints
available to law enforcement through its Consumer Sentinel data base.
Similarly, until
recently federal, state, and local law enforcement had no means by which they
could coordinate their efforts and resources to deal more effectively with
identity theft. We now understand that identity theft – while it may appear in
any one case to be a comparatively minor violation – is a crime problem of
significant proportions, and one that calls out for genuine and sustained
cooperation among federal, state, and local law enforcement.
Today, law
enforcement is vigorously pursuing two distinct approaches to improved
coordination. First, soon after the enactment of the Identity Theft and
Assumption Deterrence Act in 1998, the Attorney General’s Council on White
Collar Crime established a Subcommittee on Identity Theft. This Subcommittee is
intended to provide appropriate coordination and coherence in the fight against
identity theft.
The Subcommittee,
which includes all of the major federal law enforcement agencies, operates to
foster closer coordination among all levels of government. Its growing list of
accomplishments includes preparation and distribution of guidance memoranda
about the identity theft offense to United States Attorneys’ offices, federal,
state, and local law enforcement agencies, and numerous government agencies,
such as the Social Security Administration’s Office of Inspector General, the
FTC, the SEC, the Federal Deposit Insurance Corporation, the Office of the
Comptroller of the Currency, the Federal Reserve Board, and the Department of
the Treasury. The Subcommittee also has assisted the FTC and other agencies in
preparing and distributing educational and other materials directly to consumers
and victims of identity theft, in an effort to prevent or ameliorate the effects
of this crime. Much of this progress is due to the leadership of the Criminal
Division’s Fraud Section, which continues to devote significant resources to
the work of the Subcommittee.
Second, in the
field, law enforcement agencies are establishing closer working arrangements,
such as identity theft task forces, to investigate and prosecute appropriate
cases more efficiently:
• In the
Western District of Washington, a Special Assistant U.S. Attorney, employed
by the Social Security Administration, has been instrumental in the
development of an Identity Theft Working Group. The group includes
representatives from the U.S. Attorney’s Office, the U.S. Department of
Agriculture, the Veterans Administration, the FBI, the Immigration and
Naturalization Service, the IRS Criminal Investigation Division, the Postal
Inspection Service, local law enforcement, county prosecutors, the
Washington State Department of Health and Social Services, and the
Washington State Attorney General. The Working Group is addressing training
on fraud and identity theft, coordination of statistics on identity theft,
and outreach.
• In the
District of Maryland, investigators have set up a multiagency task force on
identity theft that includes representatives of the U.S. Secret Service and
local police.
• Other
informal arrangements or task forces are now established or being
established in Cleveland, Detroit, St. Louis, and Los Angeles.
Only two years ago,
there was no nationwide program to educate and warn the public and law
enforcement about identity theft. To date, we have taken a number of significant
steps to inform the public about the seriousness of the problem. The FTC has an
extensive collection of online resources and materials about identity theft,
available through the Web site at www.consumer.gov/idtheft. In addition, the
Fraud Section of the Department’s Criminal Division has a series of Web pages
on identity theft that are posted on the Department’s Web site,
www.usdoj.gov.
These Web pages include information
about the nature of identity theft, what the Department is doing about it, and
how consumers can better protect themselves from identity theft. These Web pages
are linked to the FTC Identity Theft Web site, and other law enforcement Web
sites, to help consumers immediately contact other agencies that can assist them
in addressing their personal problems resulting from identity theft.
Furthermore, last
year the Treasury Department, the FTC, the Social Security Administration, the
Secret Service, and the Department of Justice sponsored a series of events to
highlight the problem of identity theft. The Treasury-sponsored Identity Theft
Summit, which was open to the public, included panel discussions on victims’
experiences; federal and state prevention programs; private sector prevention
programs; federal, state, and local investigative and prosecutive actions in
response to identity theft; public and private sector remediation programs;
possible future trends to be anticipated in identity theft; and identifying
areas for enhanced cooperation between governmental and private sector. As a
followup to the Summit, three workshops on identity theft were held focusing
separately on remediation (FTC), prevention (Social Security Administration) and
law enforcement (Department of Justice) strategies.
We have made a good
beginning to combat identity theft in a more coordinated and effective fashion.
We must, however, continue the efforts we have begun in order to have a lasting
impact on the identity theft threat.
* * *
Mr. Chairman, that
concludes my prepared statement. I would be pleased to respond to any questions
that you or other Members of the Subcommittee may have at this time.
* * *
|
|
