Why Study Cybercrime Law?

I've dealt with online fraud and identity theft as a federal prosecutor for 15 years, and taught cybercrime-related courses as an adjunct professor at Georgetown Law Center and the University of Virginia Law School at various times for more than a decade.  To me, it seems intuitively obvious why law students would be interested in studying cybercrime.  But in the continuing woes of the legal job market, I can also understand why some law students might think, "Sounds fun, but a little marginal. What I need is Corporations/Securities Regulation/Tax/[etc.]"

No one can dispute that business-oriented law courses can be valuable and interesting for future practitioners.  But here are my reasons that law students should make room in their busy schedules for a cybercrime law course or seminar:

1.  As a practitioner, it's now your ethical obligation to understand the risks and benefits of technology.  No joke: The American Bar Association just amended the Model Rules of Professional Conduct to address this issue.  Model Rule 1.1 deals with an attorney's duty to provide competent representation to a client, which "requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation."  The amended language of Rule 1.1 now states, "To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject."  [Emphasis supplied]  To me, that means that your competence and skill as an attorney, whether in the private or the public sector, will depend on your ability to keep up with developments in digital technology that can affect your firm's, agency's, or clients' abilities to safeguard data, as well as your clients' own information technology practices that can affect current operations.  With due respect to law professors who teach conventional business-oriented courses, you're not going to develop a working understanding of current information technology threats and risks in Sec Regs.

2.  It's more important that you get the best grades you can, regardless of what courses you take, and taking a course like Cybercrime won't affect your marketability.  Employers won't care if you loaded up on business-oriented law courses if you pulled B-s or C+s in those courses.  As one poster put it on Lawyerist.com "while law school grades aren't a good measure of lawyering skills, grades are, for better or worse, the most quantifiable measure of law school success."  Of course, a prospective employer might raise an eyebrow if she sees that you've taken lots of esoteric courses like "the Law of the Horse" (a phrase of former Stanford President and emeritus law professor Gerhard Casper that Judge Frank Easterbrook used more than 15 years ago to characterize the then-nascent field of cyberlaw).  But any course in which you were intrigued by the subject matter and did well becomes a great talking point on on-campus or callback interviews.

3.  Actually, maybe Cybercrime makes you more marketable to some.  Think about point 1 above.  Here's a possible interview scenario: "I see you took Cybercrime.  Why did you decide to take that?" "Because I think that lawyers have to understand technology, with all its risks and benefits, in order to represent their clients competently.  That course gave me a much better understanding of the risks and how lawyers need to respond to them, for prevention and mitigation of harm.  Does your firm deal with information security or data-breach issues?"  "As a matter of fact, yes. . . ."

4.  Cybercrime matters as a distinct field of law.  Just look at the past week's headlines to see how many different areas of law and public policy cybercrime touches:

• Child Exploitation and Pornography: The Louisiana-based moderator of Dreamboard, a child exploitation bulletin board, was sentenced in federal court to 38 years imprisonment for his role in an international child-pornography ring.  Seven other defendants were also sentenced for their roles in the network.  The U.S. Attorney's Office in Shreveport explained in a press release that the moderator "handl[ed] technical matters including the encryption of posts so that law enforcement could not catch participants on the board and the mentoring of members," and that to date 42 out of 72 individuals had been convicted for their participation in Dreamboard.
• Critical Infrastructure Protection: After the defeat in the U.S. Senate of proposed cybersecurity legislation, White House Homeland Security Adviser John Brennan reportedly stated, according to CNBC, that the White House "is exploring whether to issue an executive order to protect the nation's critical computer infrastructure."
• Cyberbullying: In addition to reports that British Olympic diver Tom Daley and rock singer Shirley Manson were the targets of cyberstalkers, a new study of German youth reportedly concluded that "young people who suffer from cyberbullying or cyber harassment struggle the most when fellow classmates make fun of them by distributing embarrassing photos and videos."
• Cybersecurity:  Researchers at Kaspersky Lab just issued an analysis showing that a new type of malware, as the Washington Post reported, "appears to be the creation of the same state-sponsored program that produced the viruses known as Stuxnet and Flame,"  which "were aimed at computers tied to Iran’s nuclear program."
• Cyberwarfare: The Washington Post reported that the Pentagon "proposed that military cyber-specialists be given permission to take action outside its computer networks to defend critical U.S. computer systems — a move that officials say would set a significant precedent."
• Economic Espionage:  The Manhattan District Attorney's Office charged a former Goldman Sachs programmer with state-law felonies of "unlawful use of secret scientific material and duplication of computer-related material" relating to the ex-programmer's alleged theft of secret source code from Goldman.  This same conduct was the basis of a federal prosecution that resulted, earlier this year, in reversal by the U.S. Court of Appeals for the Second Circuit (676 F.3d 71 (2d Cir. 2012)).  Also, a former Intel Corporation worker was sentenced in federal court to three years imprisonment for stealing proprietary information valued between $200 million and $400 million.
• Intellectual Property Theft:  The Chairman's staff of the Congressional Joint Economic Committee issued a report that "there has been a dramatic rise" in the number of foreign infringement of domestic intellectual property rights" in recent years, with the number of cases that the International Trade Commission is investigating increasing by 80.6 percent in 2010 and 23.2 percent in 2011.
• Internet Governance: Rebecca McKinnon of the New America Foundation wrote in Foreign Policy that "[a] number of countries, including Russia and China, have put forward proposals to regulate aspects of the Internet like 'crime' and 'security" that are currently unregulated at the 'global level due to lack of international consensus over what those terms actually mean or over how to balance enforcement with the protection of citizens' rights."  These efforts are associated with a larger effort by some countries to bring the Internet under the control of a United Nations agency, the International Telecommunications Union.
• Law Enforcement Cooperation: During her visit to South Africa, Secretary of State Hillary Rodham Clinton announced the creation of "a new cyber working group to identify the common cyber threats and national priorities to build capacity to fight cyber crime and coordinate in international forums."

In short, cybercrime touches many facets of the global economy and everyday life, and the consequences of successful cybercrime can be devastating to individuals, businesses, governments, and society as a whole.

5.  It's fun.  Not a sufficiently intellectual argument to whet your appetite?  Okay - Cybercrime law can be (1) intellectually satisfying to study because the legal and tech landscapes are in constant flux and require even tech-savvy lawyers to run very fast just to keep up, and (2) personally satisfying because in a wired world we can sense, much more than our parents' generation, that cybercrime can directly reach us -- our personal data, our relationships, our property -- through the iPhones, iPads, and other digital communications that are woven into our daily lives, and we can feel relatively more secure if we learn how best to respond to that threat.

That's why to study cybercrime.

Water, Water Everywhere ... But So Is The Net

Even as drought blankets more than three-fifths of the United States, a number of countries around the world have lately suffered from sudden and devastating overabundances of water.  Last month, what the New York Times termed "catastrophic flooding" led to 172 deaths in southern Russia, and "torrential rains" that deluged southern and western Japan caused the evacuation of 250,000 people and killed at least 27 people.  North Korea has also endured heavy flooding that reportedly caused hundreds of deaths and left 212,000 homeless. Within the past week, China has been hit by three typhoons.  In just the past day or two, the last of those, Typhoon Haikui, prompted the evacuation of nearly 2 million people in China and, thanks to a monsoon enhanced by Haikui, the Philippines endured "widespread flooding", including 20 inches of rain on Manila just yesterday, that forced more than 780,000 people to flee their homes.

While water and electronics don't usually mix, two of these disasters also brought to light what digital technology can do during and after the devastation to help those in need.  In Russia, "opposition leaders and civic activists" drew on online and street social networks to gather food, water, and medical supplies for flood and travel to flood-affected areas to help with cleanup efforts.  In the Philippines, Christine Hauser posted  on the New York Times's The Lede blog that "residents turned to social media to call out for help and to pinpoint with names and addresses the locations of those trapped," and Google set up a "People Finder", in English and Filipino, that allows people to post information whether they are looking for someone or have information about someone.

These types of initiatives are welcome and useful -- so long as there's no massive disruption of power for ISPs and disaster victims alike.  Unfortunately, maintenance of critical communications in major disasters requires not just resilience in the primary power grid but backup or independent power sources for both users and providers, whether battery-, diesel-, solar-, or even hand-powered.  Although Hurricane Katrina showed that (as ULL Professor Robert Henry put it) the Internet can be "less vulnerable to failure than other telecommunications links," Twitter won't tweet and Google won't -- well, google -- if there's no juice.

"It's Me, Grandma" -- The Growth of "Grandparent Scams"

For most of the last decade, Japan has been plagued with the so-called "It's me" scams (translated from "Ore ore sagi").  These are telephone-based fraud schemes in which the fraudster calls a person and pretends to be a younger relative who is in legal or other trouble and urgently needs money for bail, traffic fines, or hospital expenses.  (The scheme got its name from the caller saying, if the person appeared to sound older, "Grandma (or Grandpa), it's me."  If the person receiving the call then assumes it is their relative and responds accordingly, such as "Ichiro, is that you?", the caller then "confirms" his identity and seeks to persuade the call recipient to transfer money through a particular bank account.

Some empirical data about "It's me" schemes are available from a survey of victims that the Tokyo Metropolitan Police Department conducted between October and December 2011.  According to a report on the survey by the Japan Times, out of 323 cases, 75 percent involved the caller posing as the call recipient's son, and another 14 percent posing as the recipient's grandson.  The Tokyo Police also reported that 70 percent of victims lived alone or with their spouses and had never discussed the "It's me" fraud with their families.

This apparently simple scheme has proved surprisingly lucrative for fraudsters.  In 2011, according to the Japan Times, Japan's National Police Agency (NPA) reported that the fraud had increased by 34 percent from 2010 to yield ¥10.6 billion, equivalent to about US$138 million, and that more than 4,600 cases of such fraud had been recorded.  In 2012, the Tokyo Police stated that of the 340 "It's me" cases in Tokyo this year, the average amount stolen from victims was ¥3 million, equivalent to about US$12,800. 

Perhaps because this type of scam requires minimal preparation and skill of the criminal, while yielding substantial sums of money, some "It's me" scams reportedly were being run by Yakuza members.  More recently, as early as 2009 some "It's me" callers reportedly claimed to be Yakuza members and demanded money from the persons they called.  In 2011, in the aftermath of a major earthquake in northern Japan, the Telegraph reported that some callers pretended to be relatives who were earthquake victims and urgently needed funds.

Some have speculated that the scheme succeeds in Japan "because debt holds great shame." Yet since about 2008, "it's me" schemes began a dramatic surge, under the name "grandparent" or "emergency scams," in a variety of countries where debt has less cultural sensitivity, including the United States, Canada, and Australia:

• In the United States, victims span the country from New York to Florida to Hawaii.  So pervasive have these schemes become that numerous government and private-sector organizations -- including the AARP, the FBI, the State Department, MoneyGram, and the Canadian Anti-Fraud Centre -- have issued warnings to the public about them. Moreover, where "It's me" schemes were confined to Japan, "grandparent" schemes targeting U.S. residents can be traced to Canada, Spain, Mexico, and Nigeria, according to the New York State Attorney General's Office, and to the United Kingdom.
• Last year, according to the AARP, "more than 25,500 older Americans reported sending money" to grandparent schemes.  The typical amounts that these scams request from U.S. victims vary widely, but typically range from $1,000 to $4,000, as reflected in recent reports from California (jail/auto accident/court settlement pitch) and New York (bail money pitch). When the scammers seek to "reload" the victim -- that is, to find additional bases to request more money from the victim, such as lawyers or additional fees -- reported losses have risen to $8,100, $11,000 and even to nearly $90,000 in one case.
• Canada, too, has its share of victims from both domestic and international schemes. Victims there have publicly reported comparable loss ranges:CA$1,200 to $1,900, up to $5,900 and even $20,000 when the victims were reloaded.
• Australia has reported a surge in grandparent scams victimizing its residents.  One recent report by the Western Australia Department of Commerce listed fraud losses ranging from AU$3,000 to $30,000.  Particularly noteworthy in two of these cases was the apparent targeting of people who spoke Central European languages.  One victim who sent AU$30,000 was called by someone who spoke Serbian, the victim's first language, and claimed to be from the Australian Embassy in Belgrade.  Another victim, who spoke Croatian, sent AU$3,000 after the caller, who spoke fluent Croatian, claimed to be from the Croatian Embassy in Dubai.
• In general, single demands for higher amounts of money are less likely in this scheme, as the amount being requested presumably has to bear some reasonable relationship to the type of purported need for immediate assistance. One Florida resident reported that he became suspicious immediately when a scammer pretending to be the call recipient's granddaughter asked for $100,000 so she could get out of legal trouble in Las Vegas.

Law enforcement authorities, including in the United States and Canada, have shown that they are willing to pursue the cases.  Just two weeks ago, after parents and grandparents of students of the University of Texas at Austin got calls claiming that the students had been kidnapped or injured or needed medical attention and demanding small amounts of money, the University Police Department announced that it, the FBI, and the Joint Terrorism Task Force were investigating the calls.  Moreover, any defendants prosecuted in such a scheme would be unlikely to find sympathetic juries.  Just two months ago, a U.S. federal district judge sentenced two Montreal-based emergency scammers to two years imprisonment.

The key to effective law enforcement responses, however, is prompt reporting by the public.  So long as only about 8 percent of victims report the crime, according to Steve Baker, a regional director of the Federal Trade Commission, law enforcement will inevitably get a fragmented and misleading picture of the scope and extent of the problem.  Proactive public-service programs -- such as the Consumer Federation of America's consumer education campaign and the Japanese National Police Agency's advertising campaign against "It's me" schemes -- could help to encourage more reporting and fill the gaps in that picture.

Spanish Authorities Conduct Three Rounds of Arrests on Mass-Marketing Fraud Schemes

For some time, law enforcement authorities in numerous countries have closely tracked the growth of mass-marketing fraud rings that use Spain as a base of operations for lottery fraud and investment fraud. In recent months, several operations that Spanish authorities have mounted against these rings provide significant indications of the scale and methods of these groups.


First, the Spanish National Police announced that on March 12-13, with assistance from the United States Secret Service and the Canadian Anti-Fraud Centre, they arrested 23 individuals allegedly involved with a "Nigerian letter" scheme, as part of "Operacion Birte."  According to the National Police, the scheme sent thousands of letters each day to prospective victims, claiming that the recipients either were heirs to millions of dollars or had won a lottery.  Victims who responded were promised up to €75 million, but were told that they needed to pay various advance fees.  Victim losses reportedly ranged from €50,000 to €100,000 per victim, for total of about €2 million.  As part of the scheme, victims also were invited to travel to Madrid, where they were shown trunks supposedly containing the Euros they were to receive (a variation on the traditional "black money" scheme).  police also determined that the proceeds of the scheme were to be invested in building a three-story shopping center in Lagos, Nigeria.


In Operacion Birte, police arrested the 23 individuals in Madrid and in nine towns in the Madrid and Castilla la Mancha regions, conducted 12 searches in various locations, and seized numerous items, including three cars, 25 computers, cash, 90 cell phones and numerous phone cards, hundreds of names and addresses of U.S., U.K., and German residents, and substantial amounts of counterfeit Euros packed in a trunk.  The arrestees' nationalities included Spain, Nigeria, Equatorial Guinea, the Democratic Republic of the Congo, and Romania.


Second, the Guardia Civil announced on March 21 that in "Operation Magos," its Cybercrime Group had arrested eight individuals (six Nigerian, one Colombian, and One Spanish) in five towns in the Madrid region.  The arrests were in connection with a mass-marketing fraud scheme that targeted businessmen, offering them allegedly spurious business loans or investment opportunities.  As in the first scheme, victims were invited to come to Madrid and were shown trunks that purported to be filled with genuine currency, but were persuaded first to pay various taxes and fees.  Police estimated that the scheme had taken about €7 million from victims.  Searches conducted at the times of the arrests yielded more than 50 mobile telephones, fraudulent documentation, and hundreds of parcels wrapped in transparent film that were made to appear to contain $50 million.


Third, the Telegraph recently reported that Spanish police had "detained six people in Torrejon de Ardoz, near Madrid, and Malaga" for their alleged involvement in lottery fraud.  The scheme reportedly mailed out letters, principally to Italians, claiming that the recipients had won  €1 million but needed first to pay  €4,000 in administrative "fees."  Police stated that in 2012, nearly 500 victims (mainly Italians) lost money to the scheme, which directed the victims to send the money via bank or postal money transfers.


Police also reportedly seized 800 "Nigerian letters" ready for mailing, as well as 700 envelopes and   lists of possible victims.  In one search location in Torrejon de Ardoz, police stated that some members of the ring ""tried to flee through the window after flushing a large quantity of drugs down the toilet," and noted that "the network also trafficked narcotics."

Exclusion from Federal Programs - U.S. Court of Appeals Overturns 12-Year Ban Against Purdue Executives

Exclusion from participation in federal contracts or programs is a longstanding civil sanction that agencies often bring to bear after an individual or company is convicted under various U.S. federal criminal laws.  Last November, in a memorandum to the heads of all executive departments and agencies, the Director of the Office of Management and Budget cited one form of exclusion, suspension and debarment, as "a powerful tool" in ensuring responsible conduct by federal contractors and grantees.

While exclusions of various types are used throughout the federal government, it is unusual for federal courts to overturn exclusion decisions by executive departments.  But on July 27, in Friedman v. Sebelius, a three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit did just that, in reversing a decision by the U.S. Department of Health and Human Services (HHS) to exclude three corporate executives from participation in federal health-care programs.

Friedman involved three executives at the Perdue Frederick Company, which manufactured the painkiller OxyContin.  Perdue Frederick was convicted of a federal felony, misbranding of OxyContin, and the three executives were convicted under the “responsible corporate officer” doctrine -- a legal doctrine under the Food, Drug and Cosmetic Act that reportedly is seeing increased use by enforcement authorities -- of a federal misdemeanor, misbranding of a drug.  Based on their convictions, the Secretary of HHS, Kathleen Sebelius, excluded them from participation in Federal health care programs for 12 years, pursuant to a federal statute that permits the Secretary to exclude individuals or entities convicted under federal or state law of a misdemeanor relating to controlled substances.

On appeal, Senior Circuit Judge Douglas Ginsburg, writing for the Court, held that the statute authorized the Secretary’s exclusion of the three executives, but that her decision was "arbitrary and capricious for want of a reasoned explanation for the length of their exclusions" (page 3), particularly because her decision failed "to explain its departure from the agency’s own precedents" (page 26).  The Court remanded the decision to the U.S. District Court for the District of Columbia with instructions to remand it to HHS "for further consideration consistent with this opinion" (page 27).

In strict terms, the decision directly applies only to HHS, because the decision is based on a statute empowering the HHS Secretary.  Nonetheless, its application of the "arbitrary and capricious" standard should send a clear signal to other departments and agencies that they will need to adhere to, or carefully to explain departures from, their own precedents in future debarment or exclusion proceedings.

Human-on-Technology and -Human Crime - When Hackers Attack

As if the term "hacker" wasn't already "charged with connotation," as Randy Abrams of NSS Labs recently put it, a recent report from Australia adds a new and more literal connotation.  According to the Melbourne Herald Sun, an individual in Tailem Bend, South Australia, Bryce Kingsley Quilley, pleaded guilty to charges of unlawful modification of computer data, threatening to cause harm, and threatening to damage property, after he hacked three times into an ISP's servers and, on the same day, "threatened to burn down the offices of the ISP and, while armed with an axe, threatened to cause harm to its owner."  The article does not specify whether the axe in question was the Axe of Frozen Death, the Axe of Earthly Sundering, or a mere mortal artifact from a local hardware store.  Sentencing submissions are due to the court in August.

Human-on-Technology Crime - When Slot Players Attack

Technology inspires frustration.    Everyone who has ever witnessed a computer crash that results in the loss of critical files, or simply watched a tablet, mobile phone, or other digital device suddenly pull a Rip Van Winkle, knows the sweet temptation of adjusting the offending device with the nearest blunt instrument, or even hands and feet.  (On several occasions when my office computer has chosen catatonia as a systems response, the mere thought of using the Louisville Slugger in my office as a programming tool has proved surprisingly satisfying, even calming.)  No wonder that, according to TechNewsDaily, a 2011 survey by the security software firm Avira found that approximately 39 percent of people frustrated by a computer have cursed or yelled at the computer out loud and 9 percent have hit the computer with an object such as a fist or baseball bat.

Sadly, in the gaming world computer-driven slot machines are far more likely than their home/office kin to be the victims of assault. The New York Times recently reported that since the new Resorts World Casino in Queens, New York opened in October 2011, "the police have arrested 41 people accused of damaging its machines," compared to "19 arrests of casino patrons for larceny, mostly picking pockets, and 19 arrests for assault."  The notion that, unlike a street mugging, no slot ever forced a player to give up his or her money apparently is not part of the decisional calculus that leads some players to misdemeanor prosecution or payment of thousands of dollars for the damage they cause.

Although the Times quoted the Queens District Attorney as saying that overall the casino "has so far proved to be a remarkably safe place," digital slots should take little comfort.  After all, when a disgruntled player starts a beatdown on a hapless slot, casino security are unlikely to better the response time of even the most dedicated police department. Maybe slots programmers should take pity on their creations and build in cameras and algorithms that allow computers to determine when a human face shows happiness or frustration, so a slot about to be dry-gulched can call for help.  Even on a casino floor, there's need for a neighborhood watch.

Philippine Authorities Arrest 21 Phone and Internet Fraudsters Targeting Chinese

On July 21, the Focus Taiwan News Channel reported that Philippine authorities had arrested 21 members of a ring conducting phone and Internet fraud in Angeles City, led by a Taiwanese man residing in the Philippines.  According to the report, an investigator stated that "[w]hen police raided the fraud ring's bases, the members were caught attempting to burn and destroy evidence. . . . During initial questioning, 13 members of the fraud ring said they were from Taiwan, while eight said they were from China . . . ."  The investigator also said that most of the victims of the scheme -- in which ring members posed as law enforcement authorities, local officials, or customer service personnel "to trick or threaten victims into transferring money to the ring" (according to Focus Taiwan) -- were from China.  The article also reported a clear disparity in pay between Taiwanese and Chinese members of the ring: Taiwanese "were paid between NT$30,000 (US$999.56) and NT$40,000 per month," while the Chinese received only 2,000 yuan (US$312.73) per month.

CIFAS Reports "Unprecedented Levels" of Identity Crime in United Kingdom

On July 24, CIFAS, the United Kingdom's fraud prevention service, issued its Fraudscape Bulletin 2012.  According to the CIFAS press release on the Bulletin, which drew on fraud statistics for the first half of 2012, CIFAS members reported "data driven identity crime at unprecedented levels."  Among other findings, the release reported that "The use of fake identity details, or the impersonation of an innocent victim (Identity Fraud) now accounts for 1 in 2 of all frauds identified" and that "Account - or facility - takeover frauds constitute 15% of all frauds, meaning that nearly two thirds of all frauds (65%) now relate directly to the abuse of identity details such as dates of birth, postcodes, email addresses and passwords."

The release also noted, in unusually emphatic language: "While the 5% increase in overall fraud levels during the first half of 2012 is noteworthy enough, the fact that identity fraud (the use of a false identity or the identity details of another person) now accounts for 50% of all frauds is unprecedented. In addition, 15% of all recorded frauds in the first half of 2012 related to the takeover or hijacking of a customer's account. This means that frauds relating to the misuse of identity details now account for an astonishing 65% of all fraud."

"Romance" Scams Around the World

Although online "romance scams" -- fraud schemes that seek to exploit the trust of Internet users hoping for love and companionship -- have been prevalent for more than a decade, operators of the schemes are reaching into more and more corners of the globe.  Even as warnings about such schemes proliferate on government and law enforcement websites in Australia, Canada, India, New Zealand, the United Kingdom, and the United States, and on various private-sector sites, romance scammers continue to ply their trade with apparently growing success.

In the United Kingdom, a study -- by Professor Monica Whitty of the University of Leicester and Dr. Tom Buchanan of the University of Westminster, with government funding and support from the Serious Organised Crime Agency -- found that as many as 200,000 residents of Britain may have become romance-scam victims.  The researchers' study of the problem is continuing.)  In the United States, according to the Internet Crime Complaint Center (IC3), romance scams in 2011 were the fourth-most frequently reported online scam, with reported losses of $50.4 million -- an average of $138,000 per day (though such data do not reflect the vast numbers of people who do not report being defrauded in such schemes).  One recent media report even identified romance-scam victims in Brunei.

Moreover, romance-scam operations can be found in numerous countries around the world.  The Canadian Anti-Fraud Centre, after analyzing romance-fraud complaints in just a three-month period from December 2010 to February 2011, found "payout locations" (i.e., locations where someone connected with the scheme was able to obtain payouts of funds that the victims had sent through money-transfer services) "in 11 different countries including, Canada, Philippines, United Kingdom, Nigerian, Ghana, Cote D’Ivoire, Russia, Ukraine, Malaysia, Italy and Iraq."

Just last month, Colorado authorities indicted a mother and daughter living in the state for their roles in a Nigerian-based romance scheme that allegedly took in more than $1 million from 374 victims who thought they were being contacted by U.S. armed forces members.  The ABC News report on the indictment stated that the 374 victims were located in the United States and 40 other countries, and that the defendants, apparently operating as "money mules" for the Nigerian operation, wired funds  "addressed to 112 different names in Nigeria, . . . [and] to individuals in Ecuador, Great Britain, India, United Arab Emirates and the U.S."

"Emergency" Schemes - United States and Beyond

On July 13, ABC News posted an article and video of a "Nightline" story about so-called "stranded traveler" schemes, in which scammers hack into someone's email account and proceed to email that person's contacts that the accountholder has been "stranded" (e.g., mugged or arrested) in a foreign country and urgently needs money.  The Nightline segment features Charles Pavelites, an FBI Special Agent with the Internet Crime Complaint Center.

This report is simply one of the latest in a spate of recent media and law enforcement reports about the growing variety of "emergency" or "grandparent" scams in a growing number of countries such as Canada, Haiti, Japan, the United Kingdom, and the United States.  In Japan, where the "grandparent" scam came to light a number of years ago as the "It's me" scam, on January 20 the Tokyo Reporter (a ready guide to the dark side of life in Japan) posted an article stating that the National Police Agency had tracked a 34 percent increase in "It's me" fraud from 2010 to 2011, involving a reported $138 million in losses.  The Japan Times published an article on April 27 reporting that an "It's me" scammer has even written a book (in Japanese) about his experience in such frauds.

Australia - Mass-Marketing Fraud "Back with a Vengeance"?

On July 18, the Melbourne Age published an article by journalist Eileen Ormsby on a purported surge in mass-marketing fraud schemes targeting Australians.  (The article refers to Nigerian scammers being "back with a vengeance," without citing any data to suggest that such schemes were ever away.)  The article provides some interesting details about various Australian victims who were defrauded in classic romance or auction-website schemes, including the scammers' use of technology to disguise their voices or make it appear that they are on live webcams with the victims.

Those interested in Ormsby's writing on crime can check out her blog, All Things Vice.

Internet Fraud and Kidnaping in Benin

Europe 1 and Agence Frence-Presse reported on May 31 that an American Internet fraud victim who had been abducted the week before in Benin was freed, and two Nigerian kidnapers apprehended, according to the Benin Interior Ministry.  A Ministry spokesman stated that the American "was found in the Mono [a department of Benin at the border with Togo] and two of his kidnapers, who were Nigerian, were arrested and in the hands of the Benin police."  The spokeman credited the combined efforts of the FBI and the Benin police.

Fraud and Identity Theft in North Africa

Three recent news reports (translated from French) provide examples of fraud and identity theft affecting North African countries:
- Le Temps d'Algérie, April 11: According to information received from the Wilaya de Annaba detachment of the Algerian National Gendarmerie, police uncovered a recent scheme involving misuse of current postal accounts.  An individual reportedly withdrew 174 million centimes from the postal account of D.N., a 67-year-old doctor, using a fraudulent check and a form of false identification.  Police questioned the reported author of the scheme, M.R., a 57-year-old man, who had obtained a checkbook of postal checks from the El Kala post and telecommunications bureau, and falsified a driver's license in the victim's name.  Police also found that the postmaster of that post office, Dj. D., a 49-year-old man, had participated in the falsification.  They arrested M.R. just when he was preparing to take money again, as well as a third participant, A.W., a 42-year-old man, who was an accomplice in and a financial beneficiary from the scheme.  A fourth person, Y.L., a 46-year-old man, who was a former postal inspector in the Amirouche post office in Annaba, was reportedly a fugitive.  Police presented the local tribunal's Public Prosecutor with the interrogation of the El Kala postmaster for charges of forgery and use of forgery, impersonation, and theft in the amount of 174 million centimes.  One defendant was placed under a committal order and the others, including the postmaster, were placed on bail.

Cybercrime - EC Proposes Euro Cybercrime Center

CeriseClub's April 12 issue reported that the European Commission (EC) has proposed the creation of a dedicated European center to combat cybercrime. According to the article, which drew on a March 28 EC press release and an AFP report, The Center's objective would be to assist Member States in combating the activities of organized criminals online, with data theft and pedophilia as its two main priorities.  The Center would be located on the premises of Europol in The Hague and could be operational by January 2013 if Europol's budget authority adopted the proposal.

If the Center is established, it would focus on online frauds, organizations disseminating pedophilic images, and "phishers."  The Commissioner responsible for security, Cecilia Malmstrom, reportedly stated that "people are afraid of using their computers and we must restore their confidence."  The Center also would be responsible for warning States about leading computer threats, and exploring networks of computer criminals.  The article also cited the highly debatable statistic, included in the EC press release, that cybercrime costs US $388 billion a year.

Internet Fraud - France

While law enforcement agencies, academics, and commercial enterprises in many countries seek to understand the nature and growth of fraud, much, if not most, of the discussion focuses on complaints, news reports, and other materials available in English.  To broaden the picture, we need to seek out materials in other languages, including French, on fraud-related activities.  Here's the first in a continuing series of summaries of news reports in Francophone jurisdictions about fraud:

France: Premium-Rate Call Scheme in Val-de-Marne

A May 15 article in leParisien.com reported on an extensive fraud scheme targeting the Val-de-Marne department of the Île-de-France region. According to leParisien, the scheme combines the use of fraudulent delivery notices left in people's mailboxes, and premium-rate telephone numbers.  The notices, which purport to be from Chronodex, are addressed to recipients by name, informing them that a package is available for pickup.  The notice also bear a date and hour of delivery, like those included in postal service notices.  To obtain the purported package, the person is informed that he or she must call a number listed on the notice, specifying that the rate per call is €1.34.  When the caller places the call to that number, however, a voicemail at that number makes the person wait -- unknowingly, running up the cost of the call at a premium rate of €0.34 per minute.  Eventually, the voicemail informs the caller that a technical error "prevents us from responding to your request."  The caller must then place another call, thereby starting the premium-rate process again.
While Val-de-Marne was originally targeted, the article also indicated that victims are reporting the same scam from southeastern and eastern suburbs of Paris, such as Maisons-Alfort, Joinville-le-Pont, La Queue-en-Brie, Le Plessis-Trévise, and Saint-Maurice.  In addition, the scam appears to have reached the Paris region, including other departments in the Île-de-France region such as Seine-et-Marne and Les Hauts-de-Seine.  Some victims have reported the scam to their local police station, and the file on the scam has been transmitted to the Val-de-Marne police.

IC3 Issues 2011 Annual Report

Today, the Internet Crime Complaint Center (IC3) issued its Annual Report for 2011.  Highlights of the Report include:
- For the third year in a row, the IC3 received more than 300,000 complaints. In fact, its 314,246 complaints for 2011 constituted the second-highest annual total since the IC3's creation in 2000.
- Of those who filed complaints in 2011, 51.76 percent were male and 48.24 percent were female. The age distribution of complaints was <20: 3.2 percent; 20-39: 40 percent; 40-59: 43 percent; and 60+: 14 percent.
- The top five reported crime types reported in 2011 were (1) FBI-related scams: 35,764 complaints; (2) identity theft: 28,915; (3) advance fee fraud: 27,892; (4) non-auction non-delivery of merchandise: 22,404; and (5) overpayment fraud (i.e., schemes in which the criminal persuades the victims to deposit a check for more than the amount owed, and the victims later discover that the checks are counterfeit): 18,511.
- The top five fraud types reported in 2011 were (1) work-from-home scams: 17,352; (2) FBI impersonation scams: 14,350; (3) loan intimidation scams: 9,968; (4) auto auction fraud: 4,066; and (5) romance scams: 5,663.