A U.S. Department of Homeland Security investigation dubbed "Operation eMule" has led federal agents to a pair of 22-year-old foreign-exchange students in Winona who are suspected to be part of a sophisticated cyber crime ring based in Vietnam that has been misusing the identities of countless Americans to bilk online retailers out of millions of dollars.
"It's a big one," said Jason Calhoun, a fraud investigator with the Rosetta Stone language software company who has been working on the case with federal agents.
Numerous major companies have been stung in the scam, including eBay, PayPal, Amazon, Apple, Dell and Verizon Wireless, according to federal court documents and Calhoun.
Authorities say the operation is built around stolen identities that are used to open accounts with eBay, PayPal and U.S. banks. Through those accounts, the fraudsters sell popular, expensive merchandise at discounted prices. The sellers fill the orders by purchasing the goods from other vendors using stolen financial accounts. When the identity-theft victims protest the charges, the merchants end up holding the bag.
The two Winona State University students controlled more than 180 eBay accounts and more than 360 PayPal accounts that were opened using stolen identities, according to documents that were unsealed Dec. 29 by a federal magistrate judge in St. Paul.
Susan Higginbotham, 49, of Bemidji, was among the scheme's victims. She discovered that someone had stolen her identity in January when she started getting mail from banks welcoming her as a new customer.
"Sometimes there were seven, eight in a day. This happened over a number of days," Higginbotham said Friday. Then came some bills from eBay for trades she hadn't made.
Higginbotham, a special education teacher in Bagley, Minn., turned the matter over to a pre-paid legal services company called Identity Theft Shield, which she had learned about at work. "They just did a wonderful job," she said.
Investigators found that the two Winona students collected nearly $1.25 million in illicit funds, much of which was then wired to accounts in Vietnam and Canada, according to an affidavit filed by Daniel Schwarz, an agent with Homeland Security Investigations in Minnesota. Schwarz is working on the case with the National Cyber Crimes Center (C3) in Washington, D.C. The center is part of U.S. Immigration and Customs Enforcement.
The two Winona students contributed significantly to about $1 million in fraudulent credit card orders for Rosetta Stone software, which were charged back to the company, Schwarz said in his affidavit, which was used to obtain and execute a search warrant in November for the students' Winona apartment.
The students, Tram Vo and Khoi Van, have F1 visas that allow them to study at the university, but they're not allowed to work outside of it, the government says.
Ongoing investigation
Vo could not be reached for comment. Van declined to comment. Immigration officials declined to comment Friday on their status, noting that the matter is part of an "ongoing criminal investigation." Public records show no criminal charges against the students, however.
Calhoun said that C3 investigators uncovered the ring in Vietnam while pursuing a similar scheme that he uncovered at Rosetta Stone in 2008. That operation was run by a computer programmer named Randall Craig Senn, of Billings, Mont., and Osama Moosa Al Hami, of Amman, Jordan.
Senn pleaded guilty to conspiracy and was sentenced in March to 30 months in prison. Al Hami was arrested and prosecuted in Jordan, according to federal court records.
Operation eMule officially began in September 2009 to investigate criminal rings based in Vietnam that are targeting online commerce and express mail courier operations. Investigators estimate that the rings contribute "hundreds of millions of dollars" to an underground economy in Vietnam, according to the affidavit.
Schwartz said in his affidavit that the rings involve an "elaborate network" of specialists, including computer hackers, vendors of stolen identities and financial information, fraud managers and facilitators, money mules and shippers. The members communicate through a secure web site "accessed by vetted members only."
Investigators say the fraudsters, hiding behind proxy Internet addresses, pose as eBay sellers using stolen identities, offering heavily discounted merchandise for popular items like software, video games, textbooks and Apple iTunes gift cards.
But the fraudsters don't actually have the merchandise. So when someone buys the products on eBay using a credit card or PayPal account, the fraudsters collect the payments and order the merchandise -- at full price -- from third-party vendors using stolen identities. The goods are then shipped to the eBay buyers, and victims like Higginbotham get billed for products they neither ordered nor received. After they protest, the banks issue "chargebacks" to the vendors.
News Submitted By : Om Rathore