Table of Contents
Title Page
Copyright Page
Foreword
Preface
CHAPTER 1 - Just What the Doctor Ordered
Pills and Abuse
Shut Him Down
This Is Not a Game
Death Threats
Finally Behind Bars
About the Author
CHAPTER 2 - Of Botnets and Bagels: Vaccinating the Hospital against Cybercrime
The Virus
Searching for a Cure
On the Mend
About the Authors
CHAPTER 3 - Pandora’s Box
The Initial Meeting
The Investigation
Opening Pandora’s Box
Pandora’s Modus Operandi
Out With the Old, In With the New
About the Author
CHAPTER 4 - Mail-Order Fraud
Toying with Human Emotion
Real Love
Going After Lover Boy
Lovers’ Protocol
Who Said Making Crime Pay was Cheap?
About the Author
CHAPTER 5 - Lancelot Gone Missing
Lancelot to the Rescue
Gone Missing
How Dead Men Talk
Beware of the Chat Room Flirt
About the Authors
CHAPTER 6 - Double Trouble
License to Build
Seeing Double
The Investigation
The Whole Truth
About the Author
CHAPTER 7 - Unimaginable Wealth
The Ponzi of Cyberspace
If It’s Too Good to Be True . . .
Faceless Fraud
About the Author
CHAPTER 8 - Hacked
Reality Check
Shoddy Security
Card-Carrying Crooks
Facing Legal Action
Elusive Hackers
The Incompetence Within
The Canadian Regulators’ Investigation
About the Author
CHAPTER 9 - Bad Education
Anonymous Revelation
A Deceitful Donation
The Dirt Is in the Details
About the Author
CHAPTER 10 - If Only His Nose Could Grow
Don’t Tell Me What I Won’t Find
The Intimidation Factor
No Concept of Truth
About the Author
CHAPTER 11 - Keeping Up with the Jamesons
The Tip of the Iceberg
No Stone Left Unturned
Piecing It Together
A Case of Stolen Identities
About the Author
CHAPTER 12 - Imaginary Satellites
Suspect Satellites
Hit with an Audit
Think Before You Fabricate
Another Trick Up the Sleeve
About the Author
CHAPTER 13 - Never Pass Your Password
Information Leak
Acting Fast
A Bitter End
Acting Alone
About the Authors
CHAPTER 14 - Why Computers and Meth Don’t Mix
Trailer Treasure
Meth and Motels
First Clyde, Then Bonnie
Time to Face the Music
About the Author
CHAPTER 15 - Fishing in Dangerous Waters
Don’t Write Checks You Can’t Cash
Check, Please
Breakdown of the Scheme
Agent Orange?
About the Author
CHAPTER 16 - The Man Who Told on Himself
Isn’t Greed Grand?
Damaged Goods
Jurisdictional Limbo
About the Authors
CHAPTER 17 - Triple Threat
Scheme One
Thinking Outside the Box
Scheme Two
Scheme Three
About the Author
CHAPTER 18 - Swiped
We’re Going to Overtime
See You in Court
About the Author
CHAPTER 19 - Have Computer, Will Video
About the Author
CHAPTER 20 - Server, We Have a Problem
Server Down
A Silent Attacker
Escape Into a Trap
Corporate Espionage or Petty Revenge?
About the Author
CHAPTER 21 - Do It for the Kids
A Snake in the Grass
Spread Thin
The Road to Coming Clean
One Admission Please
Expelled
About the Author
CHAPTER 22 - Moving Money
A $40,000 Dilemma
Impotent Controls
Forge Ahead
About the Author
CHAPTER 23 - Operation: Overnight Identity Theft
The Prosecutor’s Office
A “Winner” of a Case
The Chase
No Honor Amongst Friends and Thieves
Another Thief and a Lucky Break
You Can Run, but You Can’t Hide
Do the Crime, Pay the Time
About the Author
CHAPTER 24 - The Karma of Fraud
The Falling Dollar
Big Loss Leads to Big Investigation
Unjust Bonuses
The Enlightened Way Out
About the Authors
CHAPTER 25 - Secret Shopper
Big Spender
A Call for Experts
Problematic Payback
Tying It All Together
About the Author
CHAPTER 26 - Would You Like a Receipt?
Fishy Receipts
A Trip to the Golden State
Fraud from the Get-Go!
About the Author
CHAPTER 27 - The Coupon Code Crooks
Coupon Stacking
Warranty Fraud
Trouble in Paradise
After Hours Interview
Big Savings Gone Bad
About the Authors
CHAPTER 28 - He Fought the Law
Online Disorder
Dressing as the Enemy
Radioing the Truth
The Outcome of the Investigation
About the Author
CHAPTER 29 - Eyes on the Company Secrets
A Vindictive Lover
There’s No Crying in Crime
Plan of Action
Confessions of an Awkward Engineer
About the Author
CHAPTER 30 - French Connections
The Benefits of Blandishment
A Case of Manipulation
A Prolific Liar
About the Author
CHAPTER 31 - Irreconcilable Differences
Looking for Buried Checks
Too Much Trust
One Bad Check Leads to Another
Reputation vs. Justice
About the Author
CHAPTER 32 - Keeping It In the Family
Welcome to the Family
Family Secrets
Getting Down to Business
Breaking the News
About the Author
CHAPTER 33 - I Due
Fraud: A Cruel Mistress
Taking the Necessary Steps
Picking Up the Pieces
About the Author
CHAPTER 34 - What Lies Inside the Trojan Horse
Risky Business
A Supposed Software Savior
Deception at the Hands of Their Own
Shadow Company
About the Author
CHAPTER 35 - Lost in Transition
Off to a Bad Start
Manipulate the Balance
Dinner with a Thief
Take It to the Grave
About the Author
CHAPTER 36 - Superhero Syndrome
When in Doubt, Ask
Call to Duty
The Computer Made Me Do It
Fraud Revealed
About the Author
CHAPTER 37 - Stealing for the Sale
A Check for Christmas
Planes, Jewels, and Automobiles
Forfeiting the Farm
About the Authors
CHAPTER 38 - Do as I Say, Not as I Do
Not Another Lunar Special
Give Me the Raw Data
In Violation of Public Trust
About the Author
CHAPTER 39 - Cinderella: One Glass Slipper Just Wasn’t Enough
Trust in Me
Balancing Act
Spend-erella
About the Author
CHAPTER 40 - Bloggers: Separating the Wheat from the Chaff
Cyber Gossip: Spreading Rumors on the Internet
Hell Hath No Fury Like . . .
Smoking Guns and Poetic Justice
About the Authors
CHAPTER 41 - The Campus Con
A Special Mother-Daughter Relationship
The Cookie That Crumbled
The Other Daughter
Restitution
About the Author
CHAPTER 42 - One for You, One for Me: A Tale of Crooked Insurance
Insurance 101
It’s Better to Give Than Receive
Follow the Money
The Outcome of the Investigation
About the Author
Index
Foreword
It was almost a decade ago that a colleague introduced me to Joseph Wells. At the time he was chairman of the Association of Certified Fraud Examiners (ACFE), a membership group he had founded only 10 years earlier but which was already recognized as a major player in the fight against business fraud and corruption. At the meeting he proposed writing a monthly column for the Journal of Accountancy; I, being its editor-in-chief, reacted with a journalist’s natural skepticism about working with a new writer and agreed to try it on the condition that JofA readers proved they valued his articles. We assigned Joe the task of targeting his articles to small-business fraud, and he chose the format of presenting real case studies to make his points. What a fortuitous meeting that was. Not only did the Journal’s readers praise his work from day one, they went on to vote his articles as the best in the JofA for three years running and catapulted him into the Journal of Accountancy’s Hall of Fame, a very rare honor that only four writers have attained. Our partnership lasted for eight fruitful years.
Based on that highly successful working relationship, I am very pleased to write this introduction to the ACFE’s fourteenth book and the first one devoted entirely to computer fraud. As Joe’s editor at the magazine all those years, I had gotten an eye-opening education on small-business fraud and a great respect for the ACFE’s mission when I saw the pressing need in the marketplace for the information and education the ACFE delivered. From today’s vantage point those crimes seem relatively simple: Each case consisted of three elements: a perpetrator (an employee), a victim (the small-business owner), and a fraud investigator who was continuously honing his or her skills as a Certified Fraud Examiner. The average small business lost $127,500 to fraud (ACFE 2002 Report to the Nation). In the vast majority of the stories, the opportunity to defraud presented itself in the form of an administrator who had not set internal controls in place, had placed trust in the wrong person, or who believed that a fail-safe system was not necessary. How easy it was for a thief to filch money from a cash drawer or forge a check or cook the books or doctor a bank reconciliation. We even managed to find humor in the ineptitude of some of the would-be crooks. How could you not chuckle over the bank robber who wrote the holdup note on the back of his utility bill? Or the Wal-Mart shopper who tried to pay for her $1,672 bill with a $1 million bill? Or the genius check writer who used disappearing ink to pawn off bad checks, but didn’t notice they had his name and address in permanent ink?
But the fraud landscape has changed dramatically by adding one more element—the computer. Computer fraud is sophisticated, global, annihilating, and unimaginably expensive. High-tech criminals can obliterate records, bankrupt companies, steal money, cheat consumers, rob identities, and cause unprecedented havoc, sometimes with a single mouse click. In cyberspace, the fraudster has morphed from a hapless rip-off artist into a clever, diabolical techno-thief who deliberately sets out to steal, manipulate, deceive, or in some other way destroy on a grand scale—just count the current frauds that cost companies and consumers in the billions of dollars. Sounds alarming? You bet it does. It is not an exaggeration to say this book is appearing at the right moment. Technology experts and professional crime fighters alike predict that computer crime will explode in the coming years.
As you read this book, many of the case studies will astonish you, but at the same time you will gain an understanding of the scope and complexity of computer crime. You will be introduced to scam methods and techniques that were unheard of just a few years ago and to some as old as the pyramids. For example, you will read about a fraudster who began as a 15-year-old spammer making thousands of dollars a day while still in high school, who then moved on to peddling illegal drugs on the Net and laundering money through a computer network that spread far beyond the United States. His every action preyed on the unsuspecting. He amassed untold illicit millions by age 25, but ended up being sentenced to 30 years to life before he was 30.
Yet, in my opinion, the true value of this book lies not in knowing the criminals, as cunning as they are; rather it is in the telling of their downfall. For each and every schemer in this volume, there was a fraud investigator or team of them whose dedication, skill, and intelligence uncovered the fraudster and put an end to the corruption. As I read the case studies, I marveled at how smart the investigators were, their dogged determination, and the number of resources they used—and which you can use—to snare the criminal. The detailed plan of action outlined in each case should prove invaluable to fraud fighters everywhere. I heartily recommend this book to anyone who has an interest in fraud detection and prevention, or, for that matter, to anyone who uses a computer—for everyone is at risk. Fraud examiner, client, employer, manager, consumer, student—read and absorb, for you will never treat your computer casually again.
Colleen Katz, Editor-in-Chief, Journal of Accountancy (Ret.)
Preface
• Barings Bank, England’s oldest, failed in 1995 due to the actions of one employee, Nick Leeson, who was in charge of arbitrage at Barings’s Singapore branch. Through a computerized shell game, he was able to conceal $1.4 billion in trading losses from his superiors. When this computer fraud was uncovered, the bank collapsed.
• In 1996, Timothy Allen Lloyd, former disgruntled employee of Omega Engineering Co., hacked into their computer system to permanently delete all manufacturing software programs, causing losses of more than $10 million.
• In 2001, Geoffrey Osowski and Wilson Tang, former accountants for Cisco Systems, pled guilty to stealing about $8 million in company stock option refunds. They did so by computerizing certain aspects of their responsibilities to direct payments away from the rightful payees and into bank accounts the two had set up for their own benefit.
• Daniel Jeremy Baas pleaded guilty in 2003 to illegally accessing customer databases at Acxiom, a company that maintains information for various vendors. He was able to extract sensitive data on over 300 accounts maintained by Acxiom, which cost the company an estimated $5.8 million.
What all the case examples above have in common is that the means to carry them out did not exist 30 years ago. But that was then and this is now. We stand on the precipice of a whole new era that is forever changing our lives because of advancements in technology. Computer fraud is just one aspect of these changes, but a very important one.
In a worst-case scenario, hackers and cyber thieves could cripple the global economy. That hasn’t happened—at least not yet. The U.S. Cyber Consequences Unit estimates such attacks could average $700 billion per incident. The Computer Security Institute believes annual losses by U.S. companies more than doubled from 2006 to 2007.
No one really knows the cost of computer fraud. Estimates range from well-researched opinions to wild guesses. There is no government agency or private sector organization that gathers comprehensive data on these crimes. Indeed, there is not even agreement on a definition of computer fraud.
Because there are so many variations, we decided to concentrate on cases committed in the workplace by employees to enrich themselves or their companies. So if you are looking for detailed information on malware, phishing, computer viruses, or hacking, this book might not be your best choice. One question that I am frequently asked is, “Why is there so much more computer fraud now and why does it seem to be growing?” The reason is that there are more and more computers. This trend, of course, is unlikely to reverse itself.
There are those of you reading this book who may share something in common with me: I know just as much about brain surgery as I do about computers. When I graduated with an accounting degree over four decades ago, classes on computers were not even offered. Now, in the first part of the twenty-first century, I can finally navigate e-mail and type a document in Microsoft Word. But that is about it.
In today’s business environment, we are almost completely dependent on technology, which can be used for both good and evil. The bad part about computers is that they can enhance the ability of fraud perpetrators to carry out their nefarious schemes. But the good aspect is that the very computers used to commit these crimes can also help solve them; they can quickly hone in on statistical and other data that will lead fraud examiners and auditors to solid clues of fraud. In the following pages, you’ll see multiple examples of both.
Computer Fraud Casebook: The Bytes That Bite is a collection of 42 real case studies written by the ACFE members who investigated them. There is no better perspective. You will see that in some situations, justice was served. But that is the exception, not the rule. You will also notice something that my experience has taught me: Once fraud occurs, recovering the victim’s money is difficult if not impossible. That makes prevention the number one goal of the antifraud specialist.
As hard as it is for me to believe, this is my fourteenth book on fraud. That doesn’t even count the 200 or so magazine articles I have published on the subject. The writing I have done has been a tremendous learning experience for me, and this work is no exception. That has been the reason I have continued, plus the fact that profits from all of my books are donated to the CFE General Scholarship Fund to assist worthy students in the antifraud field.
Some computer fraud takes real technical expertise; sometimes not. My first computer fraud case came from a Fortune 500 bank based in Dallas. A computer programmer named Nelson wished very much to return to Louisiana, his home state, so the company graciously arranged for him to transfer to New Orleans as head of the data processing department. They granted Nelson a $15,000 “bridge loan” to take care of miscellaneous moving expenses, with the understanding that the loan would be repaid in full after he sold his Texas home. That’s where the trouble started.
He made a miniscule profit on the sale of his house, so he took the money from the bridge loan to pay some of his more pressing creditors—the squeaky wheel gets the grease. But Nelson eventually tallied his debts, which were in excess of a quarter of a million dollars. He was between a rock and a hard place. No one would loan him money because his credit had more holes than a block of Swiss cheese. And if he filed for bankruptcy, chances are he would have been given his walking papers by the bank.
So Nelson devised a scheme to get himself out of hock. First he opened a checking account under the name of an uncle. Why the bank allowed this serious breach of internal control is not known. Then Nelson wrote a program that would remove money from the ending balance field on a customer’s account and transfer it to the uncle’s, where Nelson would spend it. Had he moved the funds directly from the customer’s account, the statement would have shown the transaction; hence, the ending balance method.
Because checking accounts cycled throughout the month, Nelson figured that he had exactly 29 days to reverse the transaction, which he would then move to another customer, so he wrote another program to remind him when to do that. All in all, it was a computerized lapping scheme. But Nelson’s “move the money around” program didn’t account for February, which has only 28 days except for leap year.
So, around the first week of April, customers started streaming in the bank, checking account statements in hand showing that the beginning balance for March was lower than the ending balance for February—a mathematical impossibility. The total losses to the bank were about $250,000 and Nelson spent three years as a guest of the Louisiana penal system.
You will learn some useful lessons from the Computer Fraud Casebook. The first is that most “computer frauds” are garden-variety embezzlements that are not technology dependent; the same crime could have been committed with pen and ink. Another lesson is that most computer frauds are committed by one fraudster acting alone. Were that not the fact, losses would be exponentially higher. The good news is the losses to date have been relatively small when compared to the risks. But will that continue? Only time will tell; the cases in this book deal with what has happened, not what might.
This book would not be in print without the efforts of two different groups. The first is the 42 contributing authors who wrote the original case studies. Writing well is difficult at best. And it’s almost impossible to be done to perfection. Many of our members had never taken on such a project. But with diligence and hard work, they have produced something they can be proud of for a lifetime.
The second group is the ACFE’s Research Department, led by John D. Gill, J.D., CFE. He and his staff, including Chris Kajander and Andi McNeal, worked tirelessly to edit the contributing authors’ material into what we hope is a seamless style. Kassi Underwood, our research editor/writer, deserves special recognition. She was saddled with the details of conducting the next-to-last edits and handling dizzyingly diverse other assignments at the same time. She was principal liaison with our publisher, Wiley, ensuring that we got the book out on time. We did—Kassi never missed a single deadline. We also must recognize the contributions of Tim Burgard, my longtime colleague at Wiley, for his input. He was always there with his sage advice when we needed him.
Finally, it will be obvious to you—from reading Computer Fraud Casebook: The Bytes That Bite—that computer fraud is not going away. Our only real hope is to educate ourselves and potential victims on how to minimize the risks. This book is a start.
Joseph T. Wells, CFE, CPA
December 2008
CHAPTER 1
Just What the Doctor Ordered
GEORGE KYRILIS
By his mid-twenties, Cory Steele was already well-known on the Internet as one of the top ten spammers in the world. The golden-haired entrepreneur from Minnesota started writing software programs for distributing spam when he was just 15. He circulated his product throughout the globe in exchange for half the spammers’ profits. This business venture earned him so much money that he dropped out of high school. When his father objected, Cory replied, “Dad, I made $69,000 online by 11 a.m. today.”
The rebellious teenager spent his time sharpening his computer and online expertise. Once he paid five thousand dollars for a Russian computer programmer to fly to Minnesota and give him a one-day lesson. Cory began pedaling human growth hormones, penis enlargement pills, and other fake supplements online. He used the anonymity of the Internet to conceal his true identity and take advantage of gullible customers willing to buy his “pixie dust.” Anyone was fair game as long as there was money to be made.
Shortly after his 24th birthday, Cory ventured into his most lucrative Internet scam—selling prescription drugs. With the help of Betsy Hartman, a computer programmer known as the “spam queen,” he set up an illegal online pharmacy. The scheme made him a wealthy man. Before he turned 25, Cory was a multimillionaire. He bought a $1.1 million home in cash and added a Ferrari Spyder, Mercedes Benz C55AMG, and Lamborghini Murcielago to his collection of foreign cars.
Cory was obsessed with affluence, but his most prized possession was his artificially enhanced trophy wife, Amber. He often spied on her. Even though Cory frequented strip joints and had a dancer named Christie Kelly as a mistress, he expected Amber to remain faithful. He was insecure with their relationship and controlled her to the point of abuse. She was the one possession he couldn’t stand to lose.
Fear and suspicion consumed Cory’s life. Once when an officer came to serve court documents, he hid in a closet with his four-year old son, telling him that the police were bad and would hurt him. He protected his money and fleet of vehicles by constantly transferring safes full of cash and his luxury vehicles from one storage facility to another. Cory used disposable cell phones to avoid electronic eavesdropping. He had 24 cameras at the office watching his employees every hour of the day. They were required to walk through metal detectors where security guards, led by Cory’s heavyset enforcer and confidant, Randy Mesher, confiscated their cell phones.
In spite of all his wealth, Cory failed to overcome his own weakness. He was addicted to Xanax, a prescription drug for anxiety. His addictive nature made him extremely erratic. He often had emotional outbursts. People were frightened by his unpredictable behavior, which was compounded by the fact that he brought a 9 mm pistol to work every day.
Cory originally established Advanced Express Systems as a billing company to facilitate online sales for his spammed products. But after realizing that it could be used as a marketing tool for his primary pharmacy operation, SwiftRX.com, he developed it into a call center employing more than 100 telemarketers working around the clock to sell prescription drugs. Next, he established another Web site, www.directdiscountdrugs.com, which served as the core for his online pharmacy operation by processing orders for customers of SwifteRX and connecting with a doctor to approve orders.
Pills and Abuse
I was a special agent with the FBI and assigned to the Minnesota Cyber Crimes Task Force in Minneapolis, a squad of highly trained agents from the FBI and U.S. Secret Service dedicated to investigating a multitude of computer-related crimes. After working white-collar crime investigations for most of my 28 years of duty, I decided that cybercrime would make a challenging finale to my career. This case, my last FBI investigation, proved to be my most fascinating and rewarding.
One frosty day in late November, I got a phone call from a colleague who had received a complaint regarding Cory. A tenant in the same building as Advanced Express Systems had grown suspicious of the operation. He had noticed several limousines in the parking lot that the employees used as break rooms. Many of Cory’s workers were disorderly and disturbed others in the building. We later found out that quite a few had been recruited from a halfway house and were former felons. The curious tenant had seen the baby-faced entrepreneur arrive at work in a $300,000 Mercedes Maybach, driven by a chauffeur. Puzzled, he searched the Internet and discovered that Cory was named on several antispam Web sites as one of the world’s most prolific spammers. He learned that several people who bought prescription drugs from his Web site, SwifteRX, complained about being overcharged and never receiving their orders.
I ran a Google search on Cory and discovered more information about his nefarious online activity. He had been linked with a group of individuals who hijacked IP (Internet protocol) net blocks to commit billing and credit card fraud, send spam, and launch attacks against spam opponents and Internet service providers (ISPs). A Whois (a domain search engine) check on www.swifterx.com revealed that it was registered with an ISP in Switzerland and had a United Kingdom business address—a dead end. Using a covert computer, which cannot be traced back to law enforcement, I visited the Web site. It offered a multitude of generic drugs available for sale without a prescription. SwifteRX claimed it had a network of doctors and pharmacies throughout the United States. The customer’s patient history and an FDA-APPROVED online questionnaire were said to be reviewed by these supposed physicians to approve prescriptions. SwifteRX would not accept any health insurance. Only major credit cards and COD payments were accepted and FedEx delivered the medication. I immediately opened an investigation on Cory’s credit card fraud and spamming activity.
A few weeks into the case, Special Agent David Flynn of the IRS Criminal Investigation Division called regarding allegations that Cory was potentially involved with a money laundering scheme. We began working together. David was a meticulous investigator, one who accounted for every single dollar. He and I identified several former and current employees who were fed up with Cory’s continual sexual harassment and appalling conduct at the office. They claimed he belittled them and would fire anyone without reason. He was even said to have used a taser gun on them to test their threshold for pain, laughing until they succumbed.
We learned from his employees that Cory was making millions of dollars through his online pharmacy business. The top sellers were painkillers, usually hydrocodone-based drugs such as Vicodin and Norco. Customers were provided with an online questionnaire to describe medical symptoms, self-prescribe their own drugs, and place an order. For painkillers, clientele rated their level of discomfort on a scale of 1 to 10. If their threshold did not link with their desired dosage, telemarketers coached customers to increase their pain level. It was confirmed that the call center used the Web site for Direct Discount Drugs to place orders. A Whois check on www.directdiscountdrugs.com revealed that it was registered in Seattle, Washington, to someone using the name RegisterFly. The registrant’s real name was concealed by a security feature called Whois Privacy Protect, but after obtaining a subpoena, we reviewed the records, which proved that Cory used an alias and Visa business credit card to buy the domain name.
The former call center employees told us that all of their customer orders were electronically sent to one doctor, Paul Martel in New Jersey, for approval. Telemarketers were ordered not to call him for any reason. Dr. Martel had no face-to-face, telephone, or any other contact with the clients. And not one employee could recall the doctor ever rejecting a prescription.
Cory required his employees to work around the clock, demanding that they “Sell, sell, sell!” Those with the highest performance were placed on an elite team called the “Platinum Group.” Staff contacted repeat customers, usually drug abusers, and pressured them into refilling their prescriptions. Advanced Express Systems was essentially an online drug dealer preying on addicts.
David and I interviewed more employees and learned that Cory had several other Web sites with servers located in different locations in the United States and the Bahamas. I looked at the SwifteRX Web site again and noticed a 1-800 number for placing orders and customer service. Google revealed several other online pharmacies with the same number. After performing a Whois search on each Web site, I discovered that the domain names were registered with different names and addresses, but some of them shared the same IP address. I then searched Netcraft, which provides Web server analysis, and found the locations of their servers, four ISPs in Texas, Ohio, and Minnesota. When David reviewed the bank records for Advanced Express Systems, he confirmed that Cory made payments to all four ISPs. David and I continued to build our case for credit card fraud and money laundering.
Shut Him Down
Our findings were reported to Assistant U.S. Attorney Sarah Rich. She immediately recognized that Cory’s operations were illegal. Without a legitimate doctor consultation, each and every prescription was invalid under federal law. She noted that by using the Internet and FedEx, Cory also violated federal wire and mail fraud statutes. She invited Special Agent Rob Kinsey of the U.S. Food and Drug Administration to join our investigation and look at the illegal distribution of controlled substances. Rob was a tenacious investigator and quickly reviewed Cory’s Web sites to gather evidence on the drug charges. He pointed out that the sites touted an FDA-APPROVED online questionnaire, which was a lie. After Rob joined the team, there was never a dull moment. And his gift for gab meant there was no such thing as a short conversation.
Our team was almost set, anchored by Sarah, whom Rob accurately described as our “scary smart” prosecutor. There were no single federal statutes regulating the legality of prescribing pharmaceuticals over the Internet. Sarah brilliantly deciphered the combination of federal regulations, state laws, pharmacy board rules, and medical association pronouncements applicable to our case. What initially appeared to be a grey area of the law became as clear as day. An online pharmacy selling pharmaceuticals without a valid prescription was illegal. She set the precedence for our investigative team, refocusing our efforts on drug charges. Rob was our resident drug expert and became our undercover agent to buy prescription drugs from Cory’s online pharmacies.
Within a short period of time, we developed several confidential sources that provided critical information regarding the illegal operation. Unfortunately, one source gave Cory the heads-up about our investigation and kept him up-to-date on our progress. Despite his warnings and inside information, Cory continued to brazenly build his enterprise. Greed had swallowed him. After he opened the Minnesota call center in September, his prescription drug sales grew from $500,000 to $5 million per month. The marketing whiz kid deftly used the Internet, call centers, spamming, post-cards, and facsimiles to produce more revenue. A few weeks after the winter holidays, David noticed a huge spike in deposits in the Advanced Express Systems’ bank account. We later discovered that Cory had Betsy Hartman, the spam queen, hack into a competitor’s online pharmacy operation and steal all of their customer information.
Cory had begun withdrawing huge amounts of cash each week. Coincidentally, we learned from a source that in February, a Brink’s armored truck started making deliveries to Advanced Express Systems. It was unloading $125,000 in cash to their office two or three times each week. It didn’t take long for Cory to accumulate more than $2.9 million in cash. David established that Cory’s online pharmacy operation had generated more than $18 million in prescription drug sales. The number would soon round out at $28 million.
During this same time frame, between late February and April, we discovered that Cory and Sean Pitts, a manager at Advanced Express Systems, were traveling on a chartered jet to Montreal, Canada, each week. Cory enjoyed the private jet so much that he made a $385,000 deposit to buy a $1.16 Million British Aerospace Aircraft. He brought cash, luxury vehicles, and equipment to Montreal in preparation to set up a new call center. I ran a Google search on Sean and found that he had been charged with spamming online college diplomas—caught selling a master’s degree to an investigator’s cat. When I ran a Whois on Sean’s diploma sales domain name, I recognized one of Cory’s aliases as the registrant.
While we continued our interviews, Rob diligently arranged his undercover buys from several of Cory’s Web sites and his call center. Each time he placed an order, he self-prescribed the quantity, dosage, and type of medication. All of his undercover buys were approved by Dr. Martel without any consultation and delivered by FedEx. He discovered that when he submitted false or incomplete information, even using a female name, his orders were filled. He also received up to five calls a day from telemarketers asking the same question: “Are you ready for a refill?”
With the help of the Drug Enforcement Agency (DEA), we identified several U.S. pharmacies providing prescription drugs to Cory’s customers. The DEA received grievances from doctors and pharmacists recruited to approve prescriptions and supply painkillers and controlled substances. Addicts complained that they had tried to stop abusing drugs but continued to succumb to the pressure of relentless telemarketers.
After Rob made a few undercover purchases, we learned that Cory was planning to move his Minnesota call center. A source informed us that he was transferring his luxury vehicles to different storage facilities. I rechecked his Web sites on Netcraft and found that he had also moved his servers to different ISPs. Cory was one step ahead of us, trying to hide his assets and destroy evidence. At the time, we had no idea what prompted his evasive measures.
Only five months into the investigation, Sarah decided that we had to shut down Cory’s operation in the interest of public safety. A newspaper article linked a Minnesota man’s suicide with his addiction to painkiller prescription drugs bought from several online pharmacies, including Cory’s. Shortly thereafter, our FBI office received a phone call from one of the employees indicating that Cory knew we were planning a raid. Acting quickly, David obtained search and seizure warrants and I obtained a temporary restraining order to freeze Cory’s assets and stop his online pharmacy operation. We gathered about 30 agents to help us execute the warrants.
This Is Not a Game
On May 10, we executed 13 search warrants on Cory’s operations in five states. We found him at his million-dollar home sitting in the backseat of his limousine. He was wearing an empty holster with a 9mm pistol under the floor mat. As I approached Cory, he said, “This must be George Kyrilis.” I was surprised he knew my name. I then served him with the temporary restraining order and explained that we were shutting him down and freezing all of his assets. Cory remained defiant and cocky. “Oh, I see. This is just a game,” he replied.
“No, Cory, this isn’t a game; your drugs are killing people.”
The searches took all day and carried on until late into the evening. We seized boxes and boxes of documentary evidence, computers, and other items. We confiscated more than $4 million in assets, including $1.8 million in vehicles and $1.3 million in cash. On May 13, search warrants were executed at four pharmacies supplying the prescription drugs. The following week a federal judge froze the accused’s assets by preliminary injunction and appointed a receiver to take control of and dissolve the pharmacy operation. Cory was ordered to stop his illegal online activity.
On May 24, Cory hopped on a plane and flew to the Dominican Republic. Randy Mesher flew down a few days later. Cory persuaded several people, including Amber, Sean, Christie, and Randy’s wife, to smuggle cash out of the United States for him. Christie, his mistress, had stopped stripping at clubs when Cory offered to pay for her lost income. Cory needed the money to start a new online pharmacy offshore, out of the reach of U.S. law enforcement.
During the following month, several of Cory’s employees came forward and provided information regarding his criminal enterprise. Betsy decided to cooperate after her house was searched. She proved to be our most valuable source of knowledge. The proficient programmer had been involved in Cory’s operation from beginning to end. She designed and maintained his whole computer system. Betsy described nearly every detail of their drug business. With the assistance of an FBI computer forensic expert, she spent countless hours recreating their database and retrieving critical information. She confirmed that Dr. Martel was their one and only doctor and had approved 72,000 prescriptions. He received $7.00 for each prescription and often approved 25 orders at a time with just one click. The online pharmacy had $28 million in sales with a 90 percent profit margin. Nearly 85 percent of sales were of hydrocodone-based products. Using 17 Web sites and three call centers, Cory had quite the operation.
Death Threats
After the search warrants, Betsy recorded her instant message communications with Cory. He tried to retrieve his customer database for his new offshore online pharmacy. A former SwifteRX employee came forward and told us he sent two FedEx packages containing $70,000 in cash to New York and Florida. The U.S. Postal Inspection Service intercepted them. Cory sent one package to a shady online pharmacy operator. With the help of a merchant bank manager, we learned that his accountant, Ben Luserman, had opened a merchant account for Cory, which he needed to process credit card transactions for his offshore online pharmacy. The bald, skittish Ben opened the account with a fake name and helped set up a fake Web site to deceive MasterCard. The manager recorded the telephone calls and instant messages with Ben, who revealed Cory’s domain names for two new offshore online pharmacies. I immediately located the servers through Netcraft and the ISPs were ordered to shut down the Web sites.
At this point, Assistant U.S. Attorney Liz Grayson, a prosecutor with a competitive attitude and experience in drug cases, joined the investigation. Typically, after executing search warrants, the investigative team will focus on reviewing the evidence. But Cory never slowed down—we stayed busy. He continued to rebuild his criminal empire, ignoring the preliminary injunction and defying the judge’s orders. We filed a complaint charging criminal contempt of court and obtained an arrest warrant for Cory.
A week later, Sean decided to cooperate and informed us that Cory had smuggled more than $500,000 in cash to Montreal. He flew down to the Dominican Republic to meet Cory and go over a new business plan. Cory wanted his help to set up an offshore online pharmacy and hide in Honduras. The well-dressed former manager admitted that he helped Cory launder money through a bank account. Sean deposited the COD payments from Cory’s customers in the account and then ordered Brink’s to deliver cash to their office suite.
Soon after Cory realized that Sean had cooperated, he and Christie fled the Dominican Republic and went to the Turks and Caicos Islands. Cory discovered that Amber was having an affair, which sent him into a rage. He tried to slip back in the country on July 1st, arriving at the Minneapolis- St. Paul airport at midnight. When he exited the plane, I greeted him, “Cory, welcome back.”
He withered when he realized his fate. We seized Cory’s PDA and laptop and obtained search warrants for them. Cory had protected his laptop with PGP (pretty good protection) encryption and his PDA was password protected.
After a two-day hearing Cory was released with an electronic monitoring device and ordered to stay away from computers and from developing new Web sites. He ignored the order. On August 24, Cory and others were indicted on wire fraud, money laundering, and drug charges. We arrested Cory again and the judge placed him in a halfway house. Within a week he was found with a laptop and PDA. We placed the cuffs on Cory for the third time and took him to the county jail. This time breaking the rules landed Cory behind bars until his trial, 13 months later.
After three months in jail, Cory, now nicknamed “Crybaby,” came to the U.S. attorney’s office to cooperate on a possible plea deal. Cory was somewhat truthful during the eight-hour interview. When he returned to jail, the guards kept a close eye on him. But it wasn’t enough; he found every loophole in the jail’s telephone monitoring system to make unrecorded calls. When they deprived Cory of his Xanax, he had a defense attorney smuggle the drug into his cell.
In January, Cory came back to the U.S. attorney’s office to explain the incident, but failed to give a full accounting of his unrecorded telephone calls. He admitted that, the day after the search, he took $1.1 million in cash from a safe hidden at a storage facility and put it in the trunk of Christie’s car. A couple of weeks later, he said, he moved the money to his home, where he and Amber counted out bundles of $10,000, wrapped them in Saran Wrap, stuffed them into Apple Jacks cereal boxes, and hid the boxes in his parents’ boathouse. His lack of credibility and compliance caused Sarah and Liz to end plea negotiations. Subsequent charges would be forthcoming, including operating a continuing criminal enterprise (CCE). Cory knew that the minimum prison sentence for CCE was 20 years and came up with a plan to derail the case.
In March, with the help of another inmate, Cory found the telephone number of a local defense attorney that was no longer in service but still recognized by the jail. Since the jail could not monitor calls to his supposed attorney, Cory had an associate in the Philippines set the number up through voice-over-Internet protocol (VOIP). The jail became suspicious and monitored the calls. They heard Cory make arrangements to kill Betsy and her children. He callously stated, “This is a kill or be killed world,” and quoted Joseph Stalin, “No man, no problem.”
Cory was immediately transferred to a supermax prison. Finally, he was under control and we could focus our attention on the trial. On March 8, a criminal complaint was filed against a Filipino associate who had helped Cory run an online casino in Costa Rica and, later, customer service for his online pharmacy; the charges were witness tampering and conspiracy to obstruct justice. On March 21, Cory was indicted on the same charges and with CCE on a superseding indictment on the main case.
In spite of all of Cory’s distractions, we continued to build our case on the illegal online pharmacy. Sitting in a room with a view of a brick wall, we carefully reviewed and organized all the documentation and computer evidence obtained from the search warrants. We found key information in nearly every box and computer. It seemed that Cory spent more time trying to hide his assets than destroying evidence that might bury him. We interviewed more than 100 witnesses, including telemarketers, doctors, pharmacists, addicts, inmates, and defendants. Tirelessly, often working late into the evenings and on weekends, we located frightened and hostile witnesses. After serving more than 200 subpoenas and executing 45 search-and-seizure warrants, we stood atop a mountain of evidence.
Most valuable was the digital evidence, the information harvested from computers, e-mails, instant messages, and especially servers. Some of the computer documents revealed that Cory was fully aware that his online pharmacy was operating illegally. The flood of e-mails between Cory and his codefendants presented us with a detailed history of the entire operation. All his efforts to deceive and manipulate lawful doctors and pharmacies and his total indifference to the customers’ health were evident. In spite of Cory’s efforts to protect his data with encryption, passwords, and Skype instant messages, we persevered and defeated his blockade by finding his passwords.
Finally Behind Bars
Dr. Martel, Sean, and Betsy entered guilty pleas and agreed to testify at trial. Randy, the incorrigible security guard, pleaded guilty but remained loyal to Cory and refused to fully cooperate. After we had asked Randy for his laptop, he deleted everything and pawned it. The six-week trial started after Columbus Day and ended the day before Thanksgiving. An eerie silence filled the courtroom before the jury read its verdict. When his guilt was announced, the glimmer of hope in Cory’s pale expression completely vanished. His face turned green as he trembled and began to vomit. Cory left the courtroom to the sounds of his sobbing sister.
Nearly nine months later, a sentence hearing was held for enhancements to Cory’s 20-year sentence on the CCE conviction. Cory’s flagrant defiance of judicial orders, his death threat against Betsy, and his reckless disregard of life were some of the issues argued. On August 1, the dismayed judge was left with no choice and elevated his sentencing range to between 30 years and life. The judge compared Cory to a drug kingpin. Cory was ordered to forfeit the fruits of his crime, nearly $5 million in assets.
Lessons Learned
Our team learned a thing or two about investigating a difficult Internet, money-laundering, and health-care fraud case. Foremost, we learned that teamwork was paramount to a successful outcome. Throughout the investigation we worked side by side, equally sharing responsibilities. We had the utmost confidence and trust in each other’s judgment and ability.
We also learned that confinement in prison will not stop a criminal from breaking the law. Time and time again, Cory found ways to exploit and bypass the jail’s security measures, ultimately leading to the death threat. Rob developed a superb liaison with the jail and monitored Cory’s abuse of their telephone system.
Another lesson we learned was that confidential sources can be unpredictable and their trust should always be held in question. The source, the office landlord, betrayed us and compromised our investigation. I disregarded remarks that the source was a little too chummy with Cory; I should not have. We also learned that digital evidence was crucial and should be quickly reviewed and analyzed. Our computer forensic examiners were overwhelmed by the number of computers seized on the investigation. Some examinations were delayed until just weeks before the trial, which interfered with our preparation.
Recommendations to Prevent Future Occurrences
Be Aware
The world of computer technology has created an overabundance of Web sites that sell prescription drugs over the Internet without requiring a prescription. People should be aware of the risks and the consequences associated with purchasing drugs online.
Develop Statutes
A single federal statute that clearly criminalizes the prescribing of pharmaceuticals over the Internet would make prosecutions easier. At least one face-to-face examination between doctor and patient should be required prior to prescription.
Publicity and Education
More publicity about prescription drug abuse and convictions of online pharmacy operators might curtail the growth of prescription drug abusers. Shutting down online pharmacies is effective to a point, but in reality it is merely attacking a symptom rather than the actual problem: drug abuse. People must be educated about the dangers of drugs. It is simple economics. The reason illicit online pharmacies exist is to meet a demand. If the demand is reduced, online pharmacies will be forced to close.
About the Author
George Kyrilis is director of Special Investigations for the Insurance Fraud Division of the Minnesota Department of Commerce. He served as a special agent of the Federal Bureau of Investigation for nearly 29 years. He was assigned to the Minnesota Cyber Crimes Task Force before his retirement in 2007.
CHAPTER 2
Of Botnets and Bagels: Vaccinating the Hospital against Cybercrime
FRANK RICCARDI AND JENNIFER CAMPBELL
A