Project Phish Phry nabs 100 cyber crime suspects in U.S and Egypt
LOS ANGELES—The largest number of defendants ever charged in a cyber crime case have been indicted in a multinational investigation conducted in the United States and Egypt.
Project Phish Phry uncovered a sophisticated “phishing” operation that fraudulently collected personal information from thousands of victims that was used to defraud American banks.
On Wednesday morning, authorities in several U.S. cities arrested 33 of 53 defendants named in an indictment returned last week by a federal grand jury in Los Angeles.
Several defendants charged in the indictment are being sought this morning by law enforcement.
Additionally, authorities in Egypt have charged 47 suspects linked to the phishing scheme.
Operation Phish Phry marks the first joint cyber investigation between Egyptian law enforcement authorities and United States officials, which include the FBI, the United States Attorney’s Office, and the Electronic Crimes Task Force in Los Angeles.
Phish Phry, with 53 defendants charged in United States District Court, also marks the largest cyber crime investigation to date in the United States.
Operation Phish Phry commenced in 2007 when FBI agents, working with United States financial institutions, took proactive steps to identify and disrupt sophisticated criminal enterprises targeting the financial infrastructure in the United States.
Intelligence developed during the initiative prompted the FBI and Egyptian authorities to agree to pursue a joint investigation into multiple subjects based in Egypt after investigators in both countries earlier this year uncovered an international conspiracy allegedly operating an elaborate scheme to steal identities through a method commonly called “phishing.”
The group is accused of conspiring to target American-based financial institutions and victimize an unknown number of account holders by fraudulently using their personal financial information.
The multinational investigative effort resulted in 53 defendants being named in the federal indictment and 47 suspects being identified by Egyptian authorities. The domestic defendants were arrested in California, Nevada, and North Carolina. In California, defendants reside in the counties of Los Angeles, Orange, San Bernardino, Riverside, and San Diego.
The 51-count indictment accuses all of the defendants with conspiracy to commit wire fraud and bank fraud.
Various defendants are charged with bank fraud; aggravated identity theft; conspiracy to commit computer fraud, specifically unauthorized access to protected computers in connection with fraudulent bank transfers and domestic and international money laundering.
According to the indictment that was unsealed this morning, Egyptian-based hackers obtained bank account numbers and related personal identification information from an unknown number of bank customers through phishing.
In illegal phishing schemes, bank customers are directed to fake websites purporting to be linked to financial institutions, where the customers are asked to enter their account numbers, passwords and other personal identification information.
Because the websites appear to be legitimate—complete with bank logos and legal disclaimers—the customers do not realize that the websites do not belong to legitimate financial institutions.
The indictment alleges that co-conspirators in Egypt collected victims’ bank account information by using information obtained from their phishing activities.
Armed with the bank account information, members of the conspiracy hacked into accounts at two banks. Once they accessed the accounts, the individuals operating in Egypt communicated via text messages, telephone calls and Internet chat groups with co-conspirators in the United States. Through these communications, members of the criminal ring coordinated the illicit online transfer of funds from compromised accounts to newly created fraudulent accounts.
The United States part of the ring was allegedly directed by defendants Kenneth Joseph Lucas, Nichole Michelle Merzi, and Jonathan Preston Clark, all California residents, who directed trusted associates to recruit “runners,” who set up bank accounts where the funds stolen from the compromised accounts could be transferred and withdrawn.
A portion of the illegally obtained funds withdrawn were then transferred via wire services to the individuals operating in Egypt who had originally provided the bank account information obtained via phishing.
“The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed,” said Keith Bolcar, Acting Assistant Director In Charge of the FBI in Los Angeles. “Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans.”
Each of the 53 suspects named in the indictment is charged with conspiracy to commit bank fraud and wire fraud, a charge that carries a statutory maximum penalty of 20 years in federal prison.