Cybercrime & Technology

Attorney General Kamala D. Harris Announces Arrest by eCrime Unit in Phony Bar Code Scheme

April 27, 2012
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

SAN DIEGO -- Attorney General Kamala D. Harris and San Diego County District Attorney Bonnie Dumanis today announced the arrest of an individual who ran a sophisticated scheme at San Diego area Lowe’s and Home Depot stores in which he replaced the bar codes on expensive merchandise with bar codes that scanned at lower prices.

Steve Allen Koski, 42, of San Diego, was arraigned yesterday in San Diego Superior Court on 11 felony counts, including grand theft and 10 counts of burglary. His bail has been set at $250,000. He is being held in San Diego County Jail.

Koski stole or attempted to steal more than $30,000 in copper wire and other merchandise from Lowe’s and Home Depot stores. He then re-sold that merchandise to California recycling centers for over $180,000.

“For all the efficiency and conveniences that modern technologies provide, we are continuing to see criminals use these same technologies to defraud California businesses and consumers,” Attorney General Harris said. “The eCrime Unit is devoted to aggressively pursuing criminals who misappropriate modern technologies for their own benefit.”

Surveillance video showed Koski entering various home improvement stores and replacing legitimate bar codes on copper wire and other expensive merchandise with counterfeit bar codes that scanned at lower prices. Through this scheme, Koski fraudulently purchased copper wire for $60 to $90 and then re-sold it at California recycling centers for $200 to $300. To appear legitimate and sidestep the State’s efforts to crack down on recycling fraud, Koski created a phony business called “iRecycle”. The evidence suggests Koski may have netted over $180,000 through this scheme.

In February, the Attorney General’s eCrime Unit launched an investigation after Lowe’s reported to the offices of the Attorney General and the San Diego District Attorney that Koski ran this scheme at multiple stores throughout San Diego.

“Our office is holding Steve Allen Koski responsible for his actions,” said San Diego County District Attorney Bonnie Dumanis. “We do not tolerate scams and we are aggressive about prosecuting perpetrators who think they can get away with bilking businesses and consumers.”

California is among the top five states with the highest reported incidences of copper theft. The National Insurance Crime Bureau reports 1,342 metal theft claims in California from January 2009 to December 2011, with approximately 96% of these claims pertaining to the theft of copper.

Last year, Attorney General Harris created the eCrime Unit to identify and prosecute identity theft crimes, cyber crimes and other crimes involving the use of technology. More information available here: http://oag.ca.gov/cybersafety.

A copy of the complaint is attached to the online version of this release at www.oag.ca.gov

AttachmentSize
PDF icon Koski Complaint521.87 KB

Attorney General Kamala D. Harris Announces Sentencing for Phony Online Rewards Scheme

April 12, 2012
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

RIVERSIDE -- Attorney General Kamala D. Harris announced today that two men were sentenced to more than 30 years in state prison for stealing millions of dollars through an illegal pyramid scheme and phony stock sales.

In April 2011, James A. Sweeney, II, 64, of Afton, Tennessee, and Patrick M. Ryan, 35, of Canyon Lake, California, were found guilty on 65 counts of grand theft and securities fraud. Sweeney was sentenced to 33 years in state prison and Ryan to 31 years in state prison today in Riverside County Superior Court. Each was ordered to pay restitution of approximately $8.2 million.

Sweeney and Ryan, co-founders of Riverside-based Big Co-op, Inc., stole approximately $8.2 million from more than 1,000 Californians through an illegal pyramid scheme and phony stock sales.

Big Co-op, also operating as Ez2Win.biz, purported to be an online shopping hub where consumers could go to purchase goods and services at discounted prices from big-name retailers including, Sears, Target and Macy’s.

From 2005 to 2006, Big Co-op generated $1.2 million in revenues through an illegal pyramid scheme. Consumers were informed that if they purchased a Big Co-op membership, they could save money on their own purchases plus earn commissions and rewards by convincing others to shop at the site. In reality, consumers never received rebates or rewards. Instead, their monetary gains were based on recruiting others to purchase memberships, and having those purchasers recruit others to purchase memberships (and so on).

Individuals who were recruited paid Big Co-op between $19.95 and $99.95 in monthly membership fees to be part of the Ez2Win.biz pyramid scheme.

In addition to the pyramid scheme, the two men sold phony stock in Big Co-op as a stand-alone investment.
At seminars and meetings across California, Sweeney and Ryan pitched Big Co-op as the future of online commerce, compared it to Google and EBay, and falsely informed investors the company was turning huge profits. Investors were also told that an initial public offering (IPO) was imminent and that when the company went public, the stock would double or triple and their investment could climb to well over $100 per share.

In reality, Big Co-op was never profitable, there was not an impending IPO, and the only significant revenue generated was as a result of the sale of phony stock and the payment of membership fees for the pyramid scheme.

Sweeney and Ryan sold shares for $0.50 to $5 and offered two-for-one deals to investors willing to pay cash. From 2005 to 2006, they took in more than $7 million from this scheme.

With investor cash, Sweeney and Ryan bought homes, country club memberships, several luxury cars, and ran up $30,000 to $50,000 in monthly credit card bills. Investor funds were also used to pay for an elaborate bachelor party in Las Vegas, a $23,000 wedding ring and a $100,000 wedding.

In October 2006, after receiving numerous complaints, the California Department of Corporations issued a desist and refrain orders against Sweeney, Ryan and other associates directing them to cease selling stock in the company. In May 2007, a second order directed them to cease selling memberships in the company. At that time, the case was referred to the Attorney General’s office for prosecution.

The case was prosecuted by Deputy Attorney General Patricia M. Fusco, with assistance from lead investigator Andy Thomas, both of the Special Crimes Unit.

Attorney General Kamala D. Harris Announces Sentencing for ATM Identity Theft Scam

March 28, 2012
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

SAN FRANCISCO -- Attorney General Kamala D. Harris today announced that Gervork Aroutiounyan, 48, was sentenced for an ATM identity theft scam that spanned seven counties.

Aroutiounyan and Gnel Snapyan, 35, were charged for “skimming” debit card information of Chase Bank customers and stealing $320,728. The Department of Justice eCrime Unit was able to charge the entirety of the scheme across seven counties, including the counties of Santa Clara, Marin, Fresno, San Bernardino, San Diego and Los Angeles.

Aroutiounyan was sentenced today in San Luis Obispo County Superior Court to three years and eight months in state prison, and ordered to pay restitution to Chase Bank of $320,728. The sentencing of Snapyan was delayed until June 15.

“These criminals stole not just money, but people’s identity,” said Attorney General Harris. “While modern technology provides many advantages, it is also increasingly being used by criminals, which is why I created the eCrime unit within the Department of Justice.”

In September 2011, the Attorney General’s office charged the defendants with 28 counts of felony fraud. On March 1, the defendants entered a plea of guilty to one count of conspiracy to commit grand theft, computer access fraud, identity theft, second degree burglary and forgery of access cards. Additionally, each plead guilty to three counts of second degree burglary.

Between July 2010 and February 2011, Aroutiounyan and his co-conspirator replaced the card readers at Chase Bank ATM vestibules. The readers they installed allowed them to retrieve the card information of customers using the ATM. Additionally, the crew installed micro cameras to capture the card holders’ PIN entry. With both the card information and the PIN information, they created bogus ATM access cards. These cards were used to fraudulently withdraw $320,728. This type of crime is frequently referred to as a “skimmer operation.”

Chase Bank has reimbursed customers for their losses. The case was investigated by the San Luis Obispo County Police Department.

The California Department of Justice eCrime unit was created last year to identify and prosecute identity theft crimes, cyber crimes and other crimes involving the use of technology.

Attorney General Kamala D. Harris Secures Global Agreement to Strengthen Privacy Protections for Users of Mobile Applications

February 22, 2012
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

SAN FRANCISCO – Attorney General Kamala D. Harris today announced an agreement committing the leading operators of mobile application platforms to improve privacy protections for millions of consumers around the globe who access the Internet through applications (“apps”) on their smartphones, tablets and other mobile devices.

Attorney General Harris forged the agreement with six companies whose platforms comprise the majority of the mobile apps market: Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion. These platforms have agreed to privacy principles designed to bring the industry in line with a California law requiring mobile apps that collect personal information to have a privacy policy. The majority of mobile apps sold today do not contain a privacy policy.

“Your personal privacy should not be the cost of using mobile apps, but all too often it is,” said Attorney General Harris.

“This agreement strengthens the privacy protections of California consumers and of millions of people around the globe who use mobile apps,” Attorney General Harris continued. “By ensuring that mobile apps have privacy policies, we create more transparency and give mobile users more informed control over who accesses their personal information and how it is used.”

Privacy policies are an important safeguard for consumers. Privacy policies promote transparency in how companies collect, use and share personal information. The agreement with the platforms is designed to ensure that mobile apps comply with the California Online Privacy Protection Act. The Act requires operators of commercial web sites and online services, including mobile apps, who collect personally identifiable information about Californians to conspicuously post a privacy policy.

This agreement will allow consumers the opportunity to review an app’s privacy policy before they download the app rather than after, and will offer consumers a consistent location for an app’s privacy policy on the application-download screen. If developers do not comply with their stated privacy policies, they can be prosecuted under California’s Unfair Competition Law and/or False Advertising Law.

The agreement further commits the platforms to educate developers about their obligations to respect consumer privacy and to disclose to consumers what private information they collect, how they use the information, and with whom they share it. The platforms will also work to improve compliance with privacy laws by giving users tools to report non-compliant apps and committing companies to implement processes to respond to these reports.

In six months, Attorney General Harris will convene the mobile application platforms to assess privacy in the mobile space.

There are more than 50,000 individual developers who have created the mobile apps currently available for download on the leading platforms. There are nearly 600,000 applications for sale in the Apple App Store alone, and another 400,000 for sale in Google’s Android Market. These apps have been downloaded more than 35 billion times.

These figures are expected to grow. An estimated 98 billion mobile applications will be downloaded by 2015, and the $6.8 billion market for mobile applications is expected to grow to $25 billion within four years.

The rapid growth and expansion in the mobile market exposes consumers to a wide variety of privacy invasions. Smartphones are often on and tethered to their user, transmitting rich data to the app developers. Users of mobile devices are vulnerable to privacy intrusion and abuse by numerous entities, app developers, analytic services and advertising networks. These entities could have access to sensitive information, including a user’s location, contacts, identity, messages and photos. Without a privacy policy, what companies do with the personal data they collect is largely invisible to consumers.

It is estimated that a majority of the mobile apps currently available for download through the platforms do not include even the most basic privacy protection: a privacy policy setting forth how personal data is collected, used and shared. One recent study found that only 5 percent of all mobile apps have a privacy policy.

A recent report by the Federal Trade Commission (FTC), Mobile Apps are Disappointing, evaluated the lack of privacy information available to parents before downloading mobile apps for their children. The FTC report recommended that mobile apps platforms do more to help parents and kids by providing a consistent means for app developers to display information about their privacy practices. The FTC specifically recommended that the platforms provide a designated space for developers to disclose their information in the app stores and markets and that the platforms improve enforcement of requirements for app developers to disclose the private data they collect.

Attorney General Harris, in August, 2011, convened Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research In Motion as the most direct way to improve compliance with California law requiring that mobile apps have privacy policies. The platforms have committed to these principles today and are now working to implement them.

“California has a unique commitment to protecting the privacy of our residents. Our constitution directly guarantees a right to privacy, and we will defend it,” added Attorney General Harris. “Forging this common statement of mobile privacy principles shows the power of collaboration -- among government, industry and consumers -- to create solutions to problems no one group can tackle alone.”

Last year, Attorney General Harris also established an eCrime Unit to prosecute identity theft, data intrusions, and crimes involving the use of technology.

Attorney General Kamala D. Harris Announces Creation of eCrime Unit Targeting Technology Crimes

December 13, 2011
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

SAN JOSE -- Attorney General Kamala D. Harris today announced the creation of the eCrime Unit, staffed with Department of Justice attorneys and investigators, and charged with identifying and prosecuting identity theft crimes, cyber crimes and other crimes involving the use of technology.

“Today’s criminals increasingly use the Internet, smartphones, and other digital devices to victimize people online and offline,” said Attorney General Harris. “I am creating the eCrime Unit so that California can be a leader in using innovative law enforcement techniques to target these criminals. The eCrime Unit will be comprised of investigators and prosecutors charged with working across jurisdictions and leading task forces to protect California consumers and businesses.”

The eCrime Unit investigates and prosecutes crimes that include a substantial technology component. Examples and descriptions of the kinds of crimes that the unit will prosecute are:

• Identity theft – The Internet provides new ways for criminals to steal personal information and identities whether through email phishing scams or trolling the Internet for personal information about others.
• Fraud committed using the Internet – This includes scams perpetrated via email and on Internet auction websites.
• Theft of computer components or services – Burglary and robbery of computers or other electronic devices by highly-organized gangs at manufacturing sites, storage facilities and retail stores.
• Intellectual property crimes, such as counterfeiting or piracy – Large numbers of websites and online networks exist solely for the unauthorized distribution of copyrighted material, such as movies, music and software.
• Child exploitation – Disrupting online child pornography networks and those who commit sex crimes against children using the Internet or social media.

Many of these crimes are multi-jurisdictional and are better suited for prosecution on a statewide level. The eCrime Unit, which began operations in August, consists of 20 attorneys and investigators, many of whom have spent years working on complex technology crimes.

Technology crimes affect consumers, businesses and the state government’s operations. California had 10 of the top 25 metropolitan areas for identity-theft related consumer complaints in 2010. According to the Federal Trade Commission, California has the most identity theft complaints of any state and third highest per capita. In fact, every year, more than 1 million Californians are victims of identity theft. Total losses throughout the state exceeded $46 million last year.

“Every year, California loses millions of dollars because the intellectual capital of our state is being hijacked by criminal elements,” said Assemblywoman Nora Campos, D-San Jose. “The addition of the eCrime Unit to California’s fight against technology crimes sends a clear message that we are determined to root out this type of illegal activity.”

The eCrime Unit will also provide investigative and prosecutorial support to the five California regional high-tech task forces funded through the High Technology Theft Apprehension and Prosecution Trust Fund Program and provide coordination for out-of-state technology-crime investigation requests. The eCrime Unit also will develop and provide training for law enforcement officers, prosecutors, the judiciary, and the public on cyber safety and the importance of strong information-security practices.

“As the importance of the Internet to our economy has grown, criminals have moved online to steal valuable information and goods from individuals and businesses,” said Santa Clara District Attorney Jeffrey Rosen. “In the 21st Century, law enforcement will be increasingly combating online criminal activity. The Attorney General's eCrime Unit will provide much needed resources and expertise to thwart and prosecute online criminals who cause billions of dollars in damage every year.”

Attorney General Harris outlined several cases that exemplify the work of the eCrime Unit. In July, George Bronk, a Sacramento-area man was sentenced to more than four years in state prison after hacking into email addresses and Facebook accounts of victims by finding answers to email security questions. He found indecent pictures and video and then blackmailed the victims. The victims in this case were located in at least 17 states and United Kingdom. More information on the case can be found http://www.oag.ca.gov/news/press_release?id=2541&y=&m=6

Attorney General Harris also announced the filing of five felony charges against Chen Zhang on December 8, 2011, in San Joaquin Superior Court. Zhang is being charged with possession of unauthorized and counterfeit jewelry from five different companies. Investigators for the Attorney General’s Office seized an estimated $1.5 million of counterfeit goods from her residence in Tracy, California on November, 3, 2011. A copy of the complaint, and photographs of the counterfeit jewelry, are attached to the electronic version of this press release.

In another case, defendants allegedly ran an identity theft scam at ATM vestibules across seven counties. They allegedly used a card reader to capture victims’ card numbers and a hidden camera to capture the PIN numbers. Total losses are estimated to be $2 million. The case (California v. Aroutiounyan) originated in San Luis Obispo County, but the Department of Justice eCrime Unit was able to investigate and charge the entirety of the scheme across all seven counties.

The Attorney General also announced the launch of a new web site devoted to cyber safety, which can be found at http://oag.ca.gov/cybersafety. The website contains information about online child safety, identity theft prevention tips and help for victims.

AttachmentSize
Image icon n2598_photo_1.jpg2.78 MB
Image icon n2598_photo_2.jpg2.42 MB
PDF icon n2598_comlpaint.pdf120.87 KB
PDF icon Charts1.1 MB

Social Media Stalker Sentenced to Four Years in State Prison

July 27, 2011
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

SACRAMENTO -- Attorney General Kamala D. Harris announced today that George Samuel Bronk, 23, of Citrus Heights, was sentenced on Friday to more than four years in state prison for stalking women on the social networking site Facebook.

Bronk plead guilty in Sacramento Superior Court to seven felonies, including computer intrusion, false impersonation and possession of child pornography. Bronk received four years, eight months in state prison and will have to register as a sex offender.

"For all of the conveniences the Internet offers, it has also opened a new frontier for crime. Cyber-predators, like Mr. Bronk, must be held accountable for their criminal activities,' Attorney General Harris said. 'Let this be an example for all those who will stoop to steal other people's identities.'

From December 2009 through September 2010, Bronk accessed e-mail accounts and Facebook pages of people in 17 states, as well as residents of England. He essentially found answers to the women’s e-mail security questions in information they had posted on their Facebook sites.

Bronk searched the victim’s “sent mail” folder for nude or semi-nude photographs and videos, which he often sent to the victim’s entire e-mail address book. He also gained access to some victims’ Facebook accounts by clicking the “Forgot Your Password?” link and asking for a new password to be sent to the victim's e-mail account, which he now controlled. In many cases, he posted the photographs to victims’ Facebook pages and to other Internet sites and made comments on the Facebook sites of friends.

Superior Court Judge Lawrence Brown rejected a defense request for probation and sentenced Bronk to state prison. Judge Brown sentenced Bronk to four years in state prison for the crimes of computer intrusion and false impersonation and then added an additional consecutive term of eight months for Bronk's possession of child pornography.

The investigation began after one victim contacted the Connecticut State Police, and the agency then contacted the California Highway Patrol because the suspect appeared to be operating here. The CHP requested the Attorney General's assistance.

On the hard drive of Bronk’s desktop computer, which was confiscated from his Citrus Heights home during a search in September, investigators found more than 170 files containing explicit photographs of women, including a film actress, whose e-mail accounts he had commandeered. Finding victims, however, proved a challenge. CHP and Attorney General agents were able to use location tagging information embedded on the photographs on Bronk’s hard drive to assist in identifying victims, and e-mailed 3,200 questionnaires to potential victims asking them to come forward.

Some 46 victims did, including one who described Bronk’s actions as “virtual rape.”

Former City Council Candidate Sentenced to More Than Six Years for Jailhouse Threats Against Prosecutors

May 3, 2011
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

VENTURA – Daniel Avila, a former candidate for the Thousand Oaks City Council has been sentenced to six years and four months in prison for threatening to kill six prosecutors in the Ventura County District Attorney’s office.

Avila was convicted of six counts of making criminal threats and six counts of threatening public officials on April 4 in Ventura County Superior Court. He was sentenced yesterday. The case was prosecuted by Deputy Attorney General Jonathan Kline.

“As the chief law enforcement officer of California,” Attorney General Kamala D. Harris said, “I take very seriously any threat against prosecutors or police officers. They are the ones charged with keeping the public safe, so their own protection is doubly important, and violators must be punished. The result in this case achieves both objectives.”

Avila ran for the Thousand Oaks City Council in 2004, and was charged with hacking into the Verizon wireless system and sending bogus text messages to thousands of residents between midnight and 4 a.m. in the name of a fellow candidate. The District Attorney’s office filed charges including computer fraud and identity theft against him.

While he was in jail on those charges in 2008, Avila threatened in a phone call to kill one prosecutor, and wrote letters to five female prosecutors threatening to rape them, kill them with a fishing knife and burn their bodies with lighter fluid.

Avila has been in custody continuously since March 2006, including two stints in mental hospitals. The sentence gives him credit for 279 days served on the current charges, which means he must serve more than five-and-a-half additional years.

Attorney General Kamala D. Harris Announces Convictions of Hucksters Who Stole $8 Million in a Phony Online Rewards Scheme

April 18, 2011
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

RIVERSIDE - Attorney General Kamala D. Harris announced that two men who stole millions of dollars through phony stock sales and an illegal pyramid scheme were convicted today on charges of grand theft and securities fraud.

James A. Sweeney, II, 64, of Afton, Tennessee, and Patrick M. Ryan, 35, of Canyon Lake, California, were found guilty on 65 counts of grand theft and securities fraud. The two men, who face a maximum of more than 20 years in state prison, will be sentenced June 14 in Riverside County Superior Court.

Sweeney and Ryan, co-founders of Riverside-based Big Co-op, Inc., stole approximately $8.2 million from more than 1,000 Californians through an illegal pyramid scheme and phony stock sales.

Big Co-op, also operating as Ez2Win.biz, purported to be an online shopping hub where consumers could go to purchase thousands of goods and services at discounted prices from big-name retailers including, Sears, Target and Macy’s.

Pyramid Scheme

Consumers were informed they could save money on their own purchases, plus earn commissions and rewards, by convincing others to shop at the site. In reality, consumers never received rebates or rewards. Instead, their monetary gains were based on recruiting others to purchase memberships, and having those purchasers recruit others to purchase memberships (and so on).

Individuals who were recruited paid Big Co-op between $19.95 and $99.95 in monthly membership fees for the rewards program.

From 2005 to 2006, Big Co-op generated $1.2 million in revenues through this pyramid scheme.

Phony Stock Sale

In addition to the pyramid scheme, the two men sold phony stock in Big Co-op as a stand-alone investment.

At seminars and meetings across California, Sweeney and Ryan pitched Big Co-op as the future of online commerce, compared it to Google and EBay, and falsely informed investors the company was turning huge profits. Investors were also told that an initial public offering (IPO) was imminent, and that when the company went public, the stock would double or triple and their investment could climb to well over $100 per share.

In reality, Big Co-op was never profitable, there was not an impending IPO, and the only significant revenue generated was as a result of the sale of phony stock and the payment of membership fees for the pyramid scheme.

Shares in the company were sold for $0.50 to $5.00, with two-for-one deals offered to investors willing to pay cash. From 2005 to 2006, Big Co-op took in more than $7 million from this scheme.

With investor cash, Sweeney and Ryan bought luxury homes, country club memberships, five Mercedes, and ran up $30,000 to $50,000 in monthly credit card bills. Investor funds were also used to pay for an elaborate bachelor party in Las Vegas, a $23,000 wedding ring and a $100,000 wedding.

In October 2006, after receiving numerous complaints, the California Department of Corporations issued two desist and refrain orders against Sweeney, Ryan and other associates directing them to cease selling stock in the company. In May 2007, a second order directed them to cease selling memberships in the company. Following the second order, the case was referred to the Attorney General’s office for prosecution.

The case was prosecuted by Deputy Attorney General Patricia M. Fusco, with assistance from lead investigator Andy Thomas.

The two men were charged in May 2009. A copy of the original complaint can be found at: http://oag.ca.gov/news/press_release?id=1749&p=3&y=2009

Attorney General Kamala D. Harris Warns About Identity Theft as Predator Pleads Guilty to Hacking Hundreds of E-Mail Accounts

January 13, 2011
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

SACRAMENTO – A Citrus Heights computer hacker pleaded guilty to seven felony charges for breaking into hundreds of women’s e-mail accounts, the sort of identity theft crime that Californians should take steps to protect themselves against, according to Attorney General Kamala D. Harris.

“This case highlights the fact that anyone with an e-mail account is vulnerable to identity theft,” Attorney General Harris said. “One of the major goals of my office is to track down and prosecute every criminal who would stoop to stealing people’s identities.”

George Samuel Bronk, 23, of Citrus Heights, faces six years in state prison after entering guilty pleas today in Sacramento Superior Court to seven felonies including computer intrusion, false impersonation and possession of child pornography. Bronk will have to register as a sex offender. He will return to court on March 10 for further proceedings relating to his sentence.

From December 2009 through September 2010, Bronk accessed e-mail accounts and Facebook pages of people in 17 states, as well as residents of England. He essentially found answers to the women’s e-mail security questions in information they had posted on their Facebook sites.

Bronk targeted his victims by scanning Facebook for women who also posted their e-mail addresses there. He then contacted the woman’s e-mail service, pretending he was the legitimate customer, and claimed to have forgotten the password. Bronk was able to correctly answer security questions posed by the e-mail service by finding the answers on victims’ Facebook pages.

Some of the security questions posed by e-mail providers included, “What is your high school mascot?” “What is your father’s middle name?” “What is your favorite food?” and “What is your favorite color?”

Once Bronk gained access to the e-mail account, he changed the password and the victim was locked out.

Bronk searched the victim’s “sent mail” folder for nude or semi-nude photographs and videos, which he often sent to the victim’s entire e-mail address book. He also gained access to some victims’ Facebook accounts by clicking the “Forgot Your Password?” link and asking for a new password to be sent to the victim’s e-mail account, which he now controlled. In many cases, he posted the photographs to victims’ Facebook pages and to other Internet sites and made comments on the Facebook sites of friends.

Bronk messaged one victim that he had taken over her e-mail account “because it was funny.” In an online chat session with another victim using the name “xogreeneyesx3,” Bronk demanded the victim send him more explicit photographs or he would post the photographs he already had more widely. The victim complied.

The investigation began after one victim contacted the Connecticut State Police, and the agency then contacted the California Highway Patrol because the suspect appeared to be operating here. The CHP requested the Attorney General’s assistance.

On the hard drive of Bronk’s desktop computer, which was confiscated from his Citrus Heights’ home during a search in September, investigators found more than 170 files containing explicit photographs of women, including a film actress, whose e-mail accounts he had commandeered. Finding victims, however, proved a challenge. CHP and Attorney General agents were able to use location tagging information embedded on the photographs on Bronk’s hard drive to assist in identifying victims, and e-mailed 3,200 questionnaires to potential victims asking them to come forward.

Some 46 victims did, including one who described Bronk’s actions as “virtual rape.”

Bronk was arrested in October and has been held since then on $500,000 bail.

Attorney General Harris reminded users of e-mail and social networking sites that security questions and answers need to be as secure as passwords. There are steps people can take to avoid being victimized by “security question” hacks. These steps include:

•Pick security questions and answers that do not involve any personal information that is available from social networking sites or any other sites.

•Try to switch the security questions you choose for password protection on e-mail services and social networks.

•Add numbers or special characters to your security answers. For example, the question 'What was the name of your High School' could be answered “Middle02High@School.”

Joining the Attorney General’s office in this investigation were the Sacramento Valley Hi-Tech Crimes Task Force, the CHP, and the Connecticut State Police. The Attorney General’s office prosecuted the case.

For more information about identity theft, please see http://ag.ca.gov/idtheft/.

The arrest warrant and complaint are attached at the Attorney General’s website www.ag.ca.gov.

Two Men Plea Guilty in Sophisticated Gas Station ATM and Credit Card Skimming Scheme

January 11, 2011
Contact: (916) 210-6000, agpressoffice@doj.ca.gov

MARTINEZ – Two men were sentenced today to prison for their role in stealing more than $90,000 from some 200 people in Northern California by stealing personal financial information with a sophisticated skimming device placed inside ATM and credit card payment devices at gas station pumps.

This morning in Contra Costa County Superior Court in Martinez, the two men pleaded guilty to all felonies they were charged with, including conspiracy and identity theft. David Karapetyan, 32, pled guilty to 37 felonies and received a seven-year prison sentence. Zhirayr Zamanyan, 31, pled guilty to five felonies and received a five-year prison sentence. Two other defendants, Edwin Hamazaspyan, 31, and Naum Mints, 21, are scheduled to appear in court on February 15.

In March, the Attorney General's office took over prosecution of the case from the Contra Costa District Attorney's office because the crimes occurred in multiple jurisdictions throughout Northern California. An amended complaint was filed in October.

In their high-tech crime spree, the gang traveled to gas stations across the Bay Area in a rented Cadillac Escalade. From November 2009 to February 2010, they are believed to have stolen $90,000 from 196 people through their skimming scheme.

The thieves acquired keys to unlock various kinds of gas station pumps. Once they opened the pumps, they were able to connect two cables inside to their two-inch electronic device, which looked like a circuit board encased in electrical tape, and recorded ATM and credit card data as well as victims' PINs. No tampering was visible on the outside of the pumps. The gang would later return to retrieve the skimmers, which took less than 20 seconds.

The investigation began in February when police in Solano and Contra Costa counties reported an increase in identity theft and a 7-Eleven store employee in Martinez noticed a skimming device inside a gas pump. Police removed the device, replaced it with a mock device and conducted 24-hour surveillance. Karapetyan and Zamanyan were arrested when they arrived to remove the device. In total, seven devices were found inside gas pumps in Martinez, Benicia, Livermore, Hayward, Oakland, San Mateo and Sacramento.

Banks have reimbursed the victims.

The Northern California Computer Crimes Task Force, a partnership of 17 local, state and federal agencies, participated in the investigation with assistance from the U.S. Secret Service, Martinez Police Department and the Glendale Police Department.

The amended complaint and second amended complaint, as well as the arrest affidavit for Mints, are attached to the electronic version of the press release on the Attorney General’s website: www.ag.ca.gov.

AttachmentSize
PDF icon ATM_Amended Complaint821.69 KB
PDF icon ATM_2d_amended_complaint1.09 MB
PDF icon Mints Arrest593.55 KB