Articles Posted in Computer, Internet Crimes

At the end of last November, an article was posted on this blog that related to the use of genealogy websites by police to find and catch criminals utilizing DNA submitted by users, many from cold cases that were at one time considered unsolvable.

The article told the story of the arrest of Benjamin Lee Holmes who allegedly murdered a University of Central Florida student named Christine Franke in October, 2001.

The case had gone cold for close to eighteen years.

After a rocky three year relationship Michael Hamel, Jr. and his girlfriend parted ways. The breakup was not affable and was ended by the woman, whose name is being withheld.

The relationship grew so troubled that last September, Hamel’s girlfriend and mother of his child had a restraining order filed against him.

After the order was in place, although his girlfriend ceased contact with him, Mr. Hamel took to texting one of her ex’s family members while passing on a threat to her that he would post compromising pictures on the Internet if his ex-girlfriend allowed any new man in his life to get near their child.

Modern technology in its union with computers and the Internet is responsible for many changes in existing laws, both federal and local. A prime example of this is the crime of wire fraud which was previously defined as criminalities which were committed crossing state lines, mostly associated by telephone, telegraph, radio, and television. But in our current day environment, many types of crimes have been expanded to include new devices associated with computers as well as cell phones which didn’t exist when these laws were first placed on the books.

In addition to laws being lengthened to cover the new devices; which in many cases are used to commit crimes, innovative and new types of crimes have been devised through the use of these devices in the new digital world where we all can be affected.

Phishing scams, online sales scams and cyberbullying are just a few new crimes that didn’t exist before computers became popular and were ultimately coupled to the Internet.

An example of one of these modern crimes leads to the story of the suicide of a young girl who lived in Lakeland, Florida.

From all outward appearances, Rebecca Sedwick was an average 12-year-old, with all the challenges that young girls of that pre-teen age group face every day. But the investigation into her suicide revealed a troubling collection of tactics by her peers that by all appearances caused her to choose to end her life.

The story became a case of National prominence when two of Rebecca’s schoolmates from Crystal Lake Middle School were charged with a crime related to cyberbullying and intimidation by means of cellphone texts, social media and in-person verbal assaults.

Guadalupe Shaw and Katelyn Roman, were ages 14 and 12 respectively at the time they were charged with aggravated stalking in the death of Rebecca. The crime is a third-degree felony in the State of Florida. Both girls were eventually released into the custody of their parents although Shaw was first processed and spent a short time at a juvenile detention facility.

The findings of the investigation suggested that the older girl was the main culprit in the events that led up to the suicide. The investigation was launched soon after the suicide but the bullying began in 2012 and it was discovered that Rebecca was allegedly tormented by as many as fifteen girls, instigated by Shaw who was dating a boy that was previously Rebecca’s boyfriend. It may have been this element that caused Shaw to start turning classmates against her.

When the younger Katelyn Roman was interviewed by investigators, she told them that when the in-person taunting began at school, she was still friends with Rebecca. But Shaw “had so many people on her side.” She went on to tell investigators that around that time, she told Rebecca she didn’t think it was a good idea for them to remain friends. Rebecca didn’t take that news well and replied “it didn’t matter, because I (she) wasn’t a good friend anyway.” Roman continued by saying that “everyone was telling me she was a liar. I’d hear it all around school… Every day, I’d hear stuff about her… I didn’t want to believe what everyone was saying, but I didn’t know what to do.”

Shortly after the taunting began Katelyn and Rebecca got into a physical altercation between classes at school which was broken up by a teacher.

But it was the online taunting and bullying followed by a seemingly never-ending horde of text messages that caused the Polk County Sheriff to bring formal charges against the two girls despite their ages.

The hateful texts started in 2012 via cellphone and messaging applications including, an anonymous question and answer platform website, Kik, an instant messaging application for mobile devices, and Voxer, a “Walkie Talkie app” and voice messaging system for smartphones.

Some of the texts that were discovered through the investigation said “You’re ugly”, “Why are you still alive?”, and “Can u die please?”

It was around that time that Rebecca started cutting herself with razor blades. Some of the images which were posted by Rebecca herself, on some of the aforementioned messaging sites as well as Facebook showed her cutting herself in the upper thigh, displaying her arms and body covered in cuts, showing a razor placed on the inside of her arm, as well as a picture showing her lying with her head on railroad tracks.

In early 2013, Tricia Norman, Sedwick’s mother, filed a complaint with the Polk County Sheriff’s office reporting that her daughter was the target of physical threats, also stating that she had an “ongoing feud” with another student. The student, who was unnamed in the report but implied to be Shaw, claimed that she never touched Sedwick when questioned by police. When Norman realized the abuse her daughter was facing she closed her daughter’s Facebook page, took away her cell phone, and ultimately had her transferred to a new school in August 2013 after first attempting to home school her beforehand in January of that year.

After weeks of investigation and scrutiny of thousands of Facebook messages the charges were ultimately dropped by the Polk County state attorney’s office. It was decided that there wasn’t enough concrete evidence to succeed with a prosecution against the girls even though an apparent admission by Shaw was plainly damaging, and the main reason that the Sheriff decided to pursue charges in the first place. Below is the Facebook post made by Shaw after the Sedwick suicide:
“Yes ik [I know] I bullied Rebecca nd [and] she killed her self [sic] but IDGAF [I don’t give a F…]

Presently, there are no federal laws that address the issue of cyberbullying but Tricia Norman, along with her attorney are aggressively pressing for a federal anti-bullying law. And in the State of Florida, Norman is fighting for the legislation of “Rebecca’s Law”, which would define statutory penalties for in-person bullying as well as this type of intimidation via the Internet and by use of other communication devices.

To find out more about Cyberbullying, its penalties in the State of Florida, and other crimes related to it, follow this link found on my Website.

Continue reading ›

These days it seems that with far too much frequency there is continually breaking news about another retailer with online outlets being victimized by a security breach. The latest of these high tech break-ins was successfully aimed at Home Depot and turned out to be executed by a low-tech method; at least when first hijacking their network.

The well-known distributor of appliances and supplies for home and garden items released news that show that a breach which began in April of this year and went undetected through September allowed hackers to steal credit and debit card data of fifty-six million customers. The news got worse when the company announced last week that in addition to the credit data being compromised as many as fifty-three million email addresses were also revealed to the hackers through the attack.

The hackers didn’t have to break through any firewalls or tough encryption protocols or even find a flaw in their Website’s security code. They did it the old fashioned way by stealing a vendor’s login information to gain access to their network.

Once inside the system the online bandits were able to move around the network and plant malware known as “Backoff” which in this case was custom-built, accessing records of customer’s credit and debit card information at point of sale terminals that were located throughout the United States and Canada. This type of bug had been previously flagged by the Secret Service leading the Agency to issue an advisory that warned businesses of the threat before this latest attack took place.

According to Kaspersky Labs a well-regarded cyber security company, the amount of companies targeted by this method may easily have exceeded the more than one thousand companies thought to be affected by it based on estimates released by federal officials.

The technicians from Kaspersky found that during a period of only a few days of their investigation, in excess of one hundred networks from eighty-five separate IP addresses were attempting to link to what are technically known as malicious command-and-control servers.

Malicious command-and-control servers are used in cyber-attacks for the purpose of maintaining communication with systems that have been previously compromised within a network that has been breached. Ninety-seven of those infected systems were in the U.S and Canada with the other small group targeting Israel and the United Kingdom.

It appears that most of the systems were compromised quite a while ago, since this particular Backoff component had been identified as early as October of last year according to one of the senior security researchers at Kaspersky. “Looking at the bigger picture here, these companies were infected for a very long time, maybe even half a year or longer,” said Roel Schouwenberg, the senior security researcher that was interviewed and speculated that the companies under attack “should have detected and blocked any malicious activity related to the malware” and then added that “none of the companies appears to have even known they were infected.”

It appears that Home Depot did not learn from the massive data breach earlier this year against Target stores that affected more than 100 million customers. The company has been accused of not keeping up-to-date on necessary security measures that would have made them aware of the planted malware ultimately thwarting the break-in and subsequent data theft.

The implications of such a theft of data are usually not immediately felt but the threat continually exits without taking measures to protect the stolen data. That’s not to say that there aren’t immediate financial ramifications.

Before the breach was even publicized a consumer class action suit was filed in federal court by First Choice Federal Credit Union that listed an extensive listing of damages. The case was filed in Georgia which is Home Depot’s hub.

First Choice which is located in New Castle, Pennsylvania filed the suit on behalf of financial institutions including credit unions and banks anticipating that they will be suffering injuries as a result of a massive security breach which compromised the retailer’s customers’ names, and zip codes of the stores marked by the theft, debit and credit numbers along with their expiration dates, and verification codes. The suit also mentions the immediate costs of redistributing new cards and other costs involving the intensity of labor needed to achieve it. To sum it up, the complaint states that “Home Depot utilized weak password configurations and did not employ lockout security procedures at its remote access points.”

In Florida, the breach affected 434,000 members of credit unions. With the average cost of each card estimated to be just over eight dollars it will cost close to three and one half million dollars to replace and reissue the cards as well as sustaining additional costs for notifying their members by way of additional staffing. Charges will also be incurred for the monitoring of the affected accounts. These figures are according to the League of Southeastern Credit Unions and Affiliates.

To read more in detail about computer and Internet cases visit the following page on my Website:

Continue reading ›

Throughout his career, thirty year old Michael Gerard Stavris II worked in the company of children. Since he was sixteen years old, beginning in the year 2000, Stavris worked for the school system in Flagler County. He was an instructor of activities and safety for kids in grade eight and lower. He remained at that position through 2006. He also worked for the Duval County school system in Jacksonville during 2009 and 2010 as a patrol officer with responsibilities of reacting to calls on a city-wide basis after regular school hours had ended. He joined the Bunnell Police Department in 2011 and held the rank of corporal.

The Palm Coast police officer was arrested this week and charged with one count of criminal use of personal identification information stemming from the theft of the identity of a 16-year-old girl. He was also charged with two counts of child exploitation and computer pornography violations under the child exploitation prevention act according to Gretl Plessinger a spokesperson for the Florida Department of Law Enforcement (FDLE). All charges are third-degree felonies. A conviction for these offenses carries a sentence of five years in prison.

The arrest was made by the FDLE at the Bunnell City Hall and took place after the conclusion of a three month investigation which was initiated when a teenaged boy complained to a police officer about Stavris’ interaction with him late last year.

Part of the complaint points out that Stavris utilized the social media site Facebook to lure unsuspecting teenage boys into sexual conversations beginning in November of 2012. He did so by becoming their Facebook friends, posing as a teenage girl. After interaction with one of the new friends began, he went as far as sending a picture of a young girl’s breasts, asking the boy to send him pictures of his genitalia in return and saying “maybe” we could meet. The young boy responded by saying “Later when you show me your stuff,” but did not send back a picture. Currently, it is unknown if that meeting ever occurred between the two

Also uncovered through the investigation was another instance when Stavris asked another youth if he could send him a picture of himself getting oral sex through Facebook’s messaging system. The boy’s reply was “*IDK (*I don’t know) if I can get a girl that would let me take a pic doin that to me lol but your bi?” to which Stavris answered “Ya and I know u got pics in your phone of other giels (**sic)” There were additional references about meeting underage male students behind the school to participate in oral sex, and pictures requested of student’s genitals and those of them masturbating.

Stavris purportedly admitted to the FDLE that he did set up the bogus Facebook account and made contact with boys between the ages of 14 and 16 who attended Flagler Palm Coast High School and Buddy Taylor Middle School.

The arrest of the eight year veteran of law enforcement took place on the evening of March twenty-fifth.

After being processed he was released on $125,000 bail and let go from the Flagler County Detention Facility. Stavris is a big man at 6’3″ and weighing in at about 400 pounds. After his release, he couldn’t be reached for comment relating to the allegations, but has been placed on leave from the Department without pay.

By observing his Facebook account, the investigation uncovered that Stavris had more than 40 students under the age of eighteen listed as Facebook friends. A group of them were from Flagler Palm Coast High School, the same school he graduated from in 2002.

At least six students from Flagler County were mentioned in the affidavit as being targets or victims of Stavris and the FDLE made a public plea for anyone having any further information about any other persons that may have been victimized by him to get in touch with them by telephone.

Dennis Bustle, of the law enforcement agency’s Jacksonville office was quoted as saying “We will do everything in our power to see that all potential victims are identified and this person is charged with each crime that’s committed.”

Tom Foster, 57, who is Stavris’ boss and the Police Chief of the Bunnell Police Department, said that he was disappointed to find out about the alleged actions of one of his officers. But he went on to state that no single officer’s actions is a reflection on the entire department. Foster has only served as chief since early February. He was previously a veteran of the Orange County Sheriff’s Office where he served for over thirty years. Bunnell County is the governmental center or county seat of Flagler County.

Although the evidence and allegations may seem overwhelming, Stavris does have at least one person who believes in his innocence. Sherry Blevins, who may soon be his mother-in-law, asserted that Stavris is being framed. Presently, he is engaged to marry her daughter. Ms. Blevins was quoted as saying “I tell you this was all prompted when him and the ex-girlfriend broke up and he wouldn’t take her back.” She maintains his innocence proposing that he is being set up by a rejected ex-girlfriend.

To view the redacted arrest report, click here.

**sic: the quotation has been transcribed exactly as found in the original source, complete with any erroneous or archaic spelling or other nonstandard presentation.
Continue reading ›

A Ukrainian National seemed to be in a pretty good position to evade arrest and prosecution after fleeing to his native country once federal charges were filed against him in New York City and Broward County, Florida. But in 2008, his decision to take a vacation on the Greek island of Rhodes led to his undoing. The United States doesn’t have an extradition treaty with the Ukraine, but in Greece, a treaty is intact.

Egor Shevelev, 27 who has been called “one of the premier vendors of stolen credit card data in the world”, by federal authorities was extradited to New York in 2010 from the popular Greek resort Island to face charges including grand larceny, criminal possession of stolen property, scheme to defraud, and conspiracy. The charges were filed in an online identity theft case for trafficking and selling a total of more than 95,000 credit card account numbers that produced a total of over a $5 million-plus fraud.

The scheme was carried out operating through an online forum where Shevelev among other cyber-thieves trafficked in stolen, forged and fraudulent credit card numbers as well as other merchandise; turning the sales into cash with the help of unsuspecting eBay users, while Shevelev loafed in the seclusion of his apartment in Kiev.

In addition to the aforementioned criminal activities operated from that apartment, authorities said that Shevelev laundered more than $600,000 in digital currency through E-Gold, which is a worldwide electronic monetary/payments system and the Russian-based payment system WebMoney which based on their Website’s information is a “multifunctional payment tool that provides secure and immediate transactions online”.

Shevelev, who called himself Eskalibur online, also known as Esk, was one of the leaders of an International cybercrime ring that extended from Russia to the United States with stopovers in the Czech Republic. He was convicted of all charges. At the conclusion of a ten-week New York State Supreme Court trial and an eight-year-long investigation, Shevelev, along with his codefendants Anna Ciano, a/k/a “Angela Perez,” 41,and Douglas Latta, a/k/a “Realbusy,” 40, were found guilty by a jury of all charges listed in the Indictment.

Both living in Brooklyn, New York, Ciano and Latta were a duo who acquired in excess of 800 pilfered credit card numbers between the years of 2004 and 2007 from Shevelev as well as other cyber criminals as associates of the online forum.

Ciano was sentenced to up to 47 years in federal prison for her part in the scheme two days before Shevelev was given up to 40 years. Less than a month later in August, 2012, Latta’s punishment returned a term of up to 44 years behind bars.

To read the New York County District Attorney’s Office press release regarding this case in its entirety click here.
But the guilty verdict from New York and the continuance of his sentence will have to wait. In addition to the jury’s verdict and subsequent sentencing, Shevelev will now have to face further federal charges in the Sunshine State.

Late last month, Shevelev made his first appearance in federal court in Fort Lauderdale, Florida to face separate charges that were listed in an Indictment that was filed in 2008.

The Indictment charges him with selling stolen credit card numbers and forgery of credit cards for the purpose of committing identity theft. The Indictment alleges that the crimes took place in Miami-Dade, Broward, and Palm Beach Counties, as well as Martin County, which is north of Palm Beach, between the dates of September 2007 and May 2008.

The Fort Lauderdale Sun Sentinel conveyed that investigators who were close to the case were overheard maintaining that the fraud distributed multiple millions of dollars.

Communicating through an interpreter and wearing jail scrubs, Shevelev pleaded not guilty to the charges, during a brief appearance in court. An Assistant Federal Public Defender was appointed by U.S. Magistrate Judge Lurana Snow after Shevelev stated that he had no resources to pay for his own defense. He was mostly silent during the hearing replying to questions in his native language with a yes or no answer. He also asked for a clarification of his legal rights.

The prosecution agreed to a bond of $250,000 which is basically a formality as Shevelev will remain in custody due to his convictions in New York. At the completion of any prison term he will ultimately be deported back to his country of origin.

Continue reading ›

He went by the screen name “Eskalibur” which was used in his role of making online transactions at meeting places for thieves located in cyberspace. The criminal enterprise’s name on the Internet was known as the Western Express Cybercrime Group and Eskalibur was one of its ringleaders. He was personally responsible for the trafficking and sale of approximately 75,000 credit card account numbers in a fraud that would bear fruit to a tune of over a $4 million in proceeds. With two others, who lived in the United States, the trio was accountable for over 95,000 stolen and forged credit card accounts and another million dollars in profits building to a grand total of over $5 million in cybercrime earnings.

Egor Shevelev a/k/a Eskalibur, 27 was safe from prosecution. Living in Kiev in the Ukraine, there was no way US law enforcement was able to apprehend him. However in 2008, he decided to spend some of his ill-gotten gains and take a vacation to Greece. It was there on the Island of Rhodes that Greek law enforcement apprehended him after the issuance of an international arrest request. Shortly after, Ukrainian authorities executed a search warrant of his apartment, finding evidence that allowed Greek officials to detain him in preparation for extradition back to New York State on July 2, 2010 for the cybercrime of identity theft and the global trafficking of stolen and forged credit card accounts.

The two Americans who lived in United States were easier to apprehend and arrest. Douglas Latta, 40 whose online handle was “Realbusy” and Anna Ciano, 41, a/k/a “Angela Perez,” were both picked up in the Brooklyn, New York apartment they shared.
Along with Shevelev, the three were indicted and found guilty by a jury of all charges listed in the Indictment in New York State Supreme Court, after a ten-week trial in August of this year.

Shevelev operated his part in the scheme out of his apartment in Kiev. He was among five other men of Eastern European descent who were listed in the Indictment that was originally filed in 2009, where the case was prosecuted by the Manhattan District Attorney’s office. The ring as stated operated a carding forum on the Internet by the name of the International Association for the Advancement of Criminal Activity. Thieves interacted in stolen credit card activities as well as other transactions in violation of law. They also purportedly forged credit cards using the hijacked numbers, turning them into cash with the unsuspecting, innocent assistance of eBay shoppers.

Manhattan District Attorney Cyrus R. Vance, Jr. made the announcements of the extradition, Indictment and the results of the trial. After the indictment was revealed Vance said “The extradition and indictment of this defendant bring us a step closer to apprehending the members of an international identity theft ring. This Office is committed to shutting down criminal operations that traffic in stolen information used to steal identities and illegally acquire money.”

After the verdict by the jury was made public, Vance was quoted as saying “It was a highly profitable scheme that netted the principals millions of dollars. I am pleased that these defendants have been sentenced to prison sentences appropriate to the scope and breadth of their misconduct.”

Aside from the results of this trial four others included in the 173-count Indictment were Dzimitry Burak, aka “Graph,” 30, a native of Belarus who like Shevelev was living in the Ukraine, Oleg Kovelin (Covelin), aka “DoZ,” 32, from Moldova, and Vladimir Kramarenko, aka “Envisor,” 35, a Moldovan national, as well as Viatcheslav Vasilyev, aka “The Viver,” 37 from the Czech Republic. Kramarenko and Vasilyev were arrested in July 2008 in Prague and subsequently extradited to the U.S. the following year.

According to officials, the five Eastern European men, worked in line with seventeen other accused individuals who were named in the November 2007 indictment, as well as a company based in New York called Western Express International Inc. WEI was managed by an additional defendant named Vadim Vassilenko, which authorities say was used to coordinate and facilitate the illegal activities and launder the ring’s ill-gotten gains.

Vasilyev and Kramarenko previously pleaded guilty. Burak and Kovelin (Covelin) still remain fugitives to this point, avoiding capture.

Continue reading ›

“Jealousy is a strange transformer of characters.” – Arthur Conan Doyle
Prosecutors didn’t suggest a motive for a New York City Detective being charged with Cyber-crimes but Police Commissioner Raymond Kelly and various other police sources said that it was done in order for him to grasp who was communicating with his ex-girlfriend. “I know that the allegations have to do with the fact that he went to a company to be able to hack into information that may have been related to a relationship he had with a young woman and I believe the mother of his child,” said Kelly.

Edwin Vargas, 42, a Detective from the Bronx and 20-year veteran of the New York City Police Department was arrested late last month for allegedly hacking into some of his colleague’s email accounts.

According to NBC New York, Vargas believed that his ex-girlfriend, also a police officer was having a relationship with a workmate and hacked into other officer’s email accounts to see if there was any incriminating information for his concerns therein. He is also accused of performing at least two illegal searches in the FBI’s database; the National Crime Information Center (NCIC), without consent.

By way of tapping into the NCIC database he apparently gained further information dealing with two police officers whose email addresses he had previously obtained through the results of the email hacking.

According to the complaint, it is charged that he paid an independent unspecified email hacking service based in Los Angeles, CA in excess of $4000 in exchange for passwords to his fellow officers email boxes. Another allegation charges that he scrutinized another cop’s cell phone records so he could see who that officer was receiving text message from.

An investigation of the “hacking” service showed that some NYPD employees’ email boxes had been compromised and it was that evidence that led back to Vargas. The Internal Affairs Division (IAD) first began questioning him in early April about cyber-stalking his ex-girlfriend. The investigation became a joint effort between the IAD and the FBI due to the assertions of the federal agency’s database being hacked.

The results of the investigation demonstrated that he snooped on more than 40 mailboxes, 21 of them maintained by those with NYPD affiliations. The activity took place over more than a 2-year period between 2010 and 2012.

Detective Vargas is now charged with one count of conspiracy to commit computer hacking and one count of computer hacking to be tried in federal court. Each of the charges carries a maximum sentence of 10 years in prison.

FBI Assistant Director in Charge George Venizelos was quoted as remarking.” Of all places, the police department is not a workplace where one should have to be concerned about an unscrupulous fellow employee.”

To read related federal cases concerning these types of allegations demonstrating the penalties for these charges, click here (FBI Press Release, March 06, 2012)

Continue reading ›

Contact Information