A 17-year-old San Diego high school student has begun a one-year stint in a special probation program for young offenders after pleading guilty to an online scam that targeted Internet users across the country, including in Bend, with fake Web sites. The teen and an accomplice snagged credit card numbers and racked up $50,000 in fraudulent charges.
The teen was sentenced May 31st and will spend a year in the “Breaking Cycles” program, which officials said is a collaboration between justice, health, education and other agencies that serve youth. The program, similar in some ways to Dennis Maloney’s “restorative justice” program in Deschutes County, aims at breaking the cycle of juvenile delinquency through a comprehensive system of assessment and graduated sanctions.
“It’s not like a proscribed thing for each kid,” said Leslie McClelland, probation director for San Diego County. “Each kid is different – their family, their offense, their school record.” The 365-day sentencing of the young hacker is the maximum period of time juveniles are in the 3-year-old program, funded by state grants, McClelland said.
The young Internet scammer had been in lockup at juvenile hall for 77 days at the time of sentencing, said Amanda Rankhorn, an FBI special agent in San Diego. “In my limited interaction with juvenile (cases), usually time spent in custody is very unusual,” she said. The 16-year-old, who had limited involvement in the scam, spent 22 days in custody. The two teens still face a restitution hearing on Aug. 1st, Rankhorn added.
McClelland said she could not speak about the specific youth sentenced to the program but that he could spend more time in custody but in an open, “ranch” setting, while other options are day treatment for family, drug or alcohol problems. “If they have difficulty in day treatment, they can return to custody without having to go back to court,” she said. “It’s like a rubber band. It’s up and down (the level of sanctions) within a proscribed amount of time, based on a real intensive look at what the kid’s issues are.”
The young offenders can return to school, if they are doing well, or may be at home under “fairly intensive monitoring” and supervision, McClelland said. There have been “growing pains” since Breaking Cycles began in 1996, she said, and an assessment is under way to see if the program cuts down on reoffenders: “We’re figuring out what works and what may not work.”
All but one Bend user avoided scam
About 120 customers of BendNet, an Internet service provider in Bend, were among those targeted by the scammers. But there apparently was only one BendNet customer whose credit card number was obtained, said Bend police Det. Buck Church. As in the other cases, the suspects e-mailed him, posing as BendNet, and asked for updated credit card information at a Web site rigged to look very much like the Internet provider’s own pages. One other person who got the message from the teens also called police but did not give the scammers a credit card number, Church said.
The lone BendNet victim did not lose any money, as the credit card company covered about $125 in falsified charges, Church said. “They (the scammers) signed him up for some Internet service and he got a subscription to something,” he said. “There also were small purchases from some companies.” Church said local prosecutors felt it would be best to seek restitution as part of the California investigation, rather than to prosecute the case separately.
The teen and a 16-year-old fellow Mount Carmel High School student pleaded guilty to various charges on April 6th, about three weeks after their arrest at the school by agents, said Amanda Rankhorn, FBI special agent in San Diego. The 17-year-old entered the plea on eight felony charges and the younger student three charges involving computer and credit card fraud and receiving stolen property, Rankhorn said.
The 16-year-old was sentenced May 1st, but sentencing was delayed for the 17-year-old because his attorney was involved in a murder trial at the time, Rankhorn said. “The 16-year-old’s involvement was pretty minimal, compared to the 17-year-old’s, if you want to classify him as the mastermind,” she said. “The 16-year-old got involved in the later stages and was not responsible for any of the stolen credit cards.”
Teen ordered to stay off Net
The 16-year-old got credit for 22 days spent in custody in a juvenile detention facility, Rankhorn said. He was released on home supervision and three years’ probation, including 21 days of community service and a “Fourth Amendment” waiver of search and seizure rights, which means law enforcement can enter his home at any time without a search warrant, she said. “He forfeited a computer to the state, cannot have a computer in his room and cannot access the Net for three years,” Rankhorn said.
The FBI agent said state and not federal charges were pursued because “the federal system isn’t right now really equipped to deal with juveniles.” When the 17-year-old is sentenced, she said, “I don’t anticipate it to be probation,” rather than more time in a juvenile facility.
Police in Alaska and San Diego, aided by the FBI, investigated the case and led to the arrests. Anchorage police Det. Glen Klinkhart told bend.com the teens used stolen credit card information to register the fake sites at Web hosts across Canada and the United States, masking their location for months.
The teens would create a phony Web page that closely mimicked the pages of a targeted ISP, then send e-mail to customers, telling them of a billing problem with their account. The fake e-mail warned that without a valid credit card number, their service would be terminated in 24 hours. The victims would be directed to the fake site, where the youths would obtain the victim’s personal information, including their credit card numbers.
Among the BendNet customers targeted were the firm’s president and founder, Spencer Dahl, “so obviously they weren’t the brightest people in the world,” Dahl said in late January, after the scammers tried to hit his firm. “They weren’t as stupid as they might appear, because they covered their tracks pretty well.”
Dahl and Bend police said the BendNet e-mail told customers their credit card automatic withdrawal was late and directed them to a “customer care” page to update their personal information. It was the first such incident to happen to the 8-year-old firm, Dahl said. Dahl tried using the reply form and it didn’t work.
Teens kept scam going for months
Investigators determined the two youths scammed as many as 40 ISPs and hundreds of their customers in more than a dozen states. Search warrants executed on the high school and the two boys’ homes turned up eight computers.
BendNet apparently was the only Oregon ISP hit by the scam artists, Klinkhart said. Many Net providers contacted various federal and local authorities about the attacks, but Klinkhart said most victims were told the amounts were too small or the cases weren’t widespread enough.
The scheme apparently had been going on for several months. Last August, Internet Express, a San Diego service provider, contacted police after learning several customers had received the bogus e-mail message.
But the scam began to unravel the day after Christmas, when an Internet Alaska customer contacted the company abut the suspicious e-mail, which purported to be from the firm’s accounting department. The ISP’s security administrator, Mike Messick, found a near-perfect duplicate of the firm’s home page, titled sgbilling.com, and quickly took steps to prevent customers from reaching the phony site and vice versa. He then contacted Klinkhart.
Klinkhart and Messick began tracking the wrongdoers, who went to a great extent to cover their tracks. They learned that the sgbilling site was built at a Vancouver Web host site and the e-mails were routed through a server in Spain. The sites were registered and paid for using credit card information stolen from a Seattle resident.
The police detective and Net security expert began to believe the perpetrators were juveniles when they tracked the items being bought online: pornography viewing, games and other software popular with youths, as well as videos, digital cameras, a computer, a calculator, an MP3 player and even a deep fryer. They allegedly sold some of the fraudulently obtained goods to fellow students at their school.
Alaska duo succeed with online dragnet
Messick wrote a software program allowing investigators to electronically spy on the scammers. Using a list of billing site names the suspects had created, Messick and Klinkhart ran the electronic surveillance program and waited. The big break came one night in February when both men were home – Klinkhart asleep and Messick in a hot tub, according to Anchorage Daily News reporter Karen Aho.
The two men jumped online and saw the billing site targeting a Mississippi provider. Klinkhart found the real site, but it had no contact numbers listed. Eventually he reached a top-level manager’s mother by phone and the sheriff drove to the manager’s house. The duo explained the scam and offered software to block the transmissions.
Eventually, Messick and Klinkhart were able to identify a large list of potential targets and thwart similar attacks on more than a half-dozen other ISPs. The pair narrowed in on one suspect, but when Klinkhart contacted the San Diego Fraud Task Force in February, he learned they, too, had a suspect, but with a different name. Police said it turned out the suspects were working together.
“As far as the technical savvy they needed to pull it off, it wasn’t much, pretty basic,” Messick said. “The only thing I could credit them for was their thoroughness.”