I believe I heard a small cheer rise among the preyed upon when, on August 13, 2008, Michael Dolan, 24, formerly of West Haven, Connecticut and North Miami Beach, Florida, was sentenced by United States District Judge Alvin W. Thompson in Hartford to 84 months of imprisonment, followed by three years of supervised release for his participation in an elaborate internet "phishing" scheme that targeted and victimized America Online subscribers.
On August 22, 2007, Dolan pleaded guilty to one count of conspiracy to commit fraud in connection with access devices, and one count of aggravated identity theft.
According to documents filed with the Court and statements made in court, from approximately 2002 through 2006, Dolan conspired with others to obtain names, credit card numbers, bank account numbers, Social Security account numbers, and other private personal and financial information through an internet "spamming" and "phishing" scheme that targeted AOL subscribers. "Phishing" is the act of sending fraudulent email in an attempt to scam individuals into surrendering private information that will be used for identity theft.
The scheme involved the use of software to collect AOL account names from chat rooms and to "spam" those accounts with counterfeit emails, including emails purporting to convey electronic greeting cards from Hallmark.com. Through this scheme, an AOL subscriber who attempted to open one of the purported greeting cards would unwittingly download a software trojan that would prevent the subscriber from accessing AOL without first entering information including the subscriber's name, credit card number, bank account number, and Social Security account number.
The subscriber's information would then be used by DOLAN and others to order products online and to produce counterfeit debit cards, which were used at ATM machines and retail outlets such as gas stations.
Dolan, a veteran of Cyber Crime, was sentenced to two years of probation in May of 2004, after pleading guilty in Eastern District of New York to one misdemeanor count of accessing a protected computer without authorization. In April 2006, a judge revoked Dolan probation and sentenced Dolan to nine months of imprisonment after ruling that Dolan had violated the conditions of his probation by failing to report to his probation officer and by making numerous trips out of Connecticut without permission, including at least one trip overseas.
In addition, while incarcerated after being charged for his participation in this phishing scheme, Dolan induced his girlfriend to perjure herself before a federal grand jury, attempted to bribe a co-defendant to exonerate him falsely, and threatened to kill someone he believed to be a Government informant.
"This defendant has shown no respect for the law or the several hundred victims of his phishing schemes, and a long term of incarceration is appropriate," stated Acting U.S. Attorney Dannehy. "Identity theft schemes wreak havoc on the lives of victims, and federal law enforcement, with the cooperation of our state and local partners and internet service providers, are committed to investigating and prosecuting these crimes to the full extent of the law."
If there is one persistent roadblock to our Digital Citizen gaining full trust in the communication lines provided by online access, it is the Cyber Criminal, and it is heartening to read that many, like Mr. Dolan, are being apprehended, tried, and sentenced for their crimes.
Subscribe to this blog's feed
On June 10, 2008 the state of Connecticut passed a law concerning the confidentiality of Social Security Number, a driver's license number, a state identification card number, an account number, a credit or debit card number, a passport number, an alien registration number or a health insurance identification number. It states any person in possession of such information must protect the confidentiality of such numbers, prohibit unlawful disclosure of such numbers and to limit access to such numbers.
The violation of the above could result in a civil penalty in the amount of 500.00 for each violation. The penalty can not exceed five hundred thousand dollars. I have included a copy of the entire Public Act
Substitute House Bill No. 5658
Public Act No. 08-167
AN ACT CONCERNING THE CONFIDENTIALITY OF SOCIAL SECURITY NUMBERS.
Be it enacted by the Senate and House of Representatives in General Assembly convened:
Section 1. (NEW) (Effective October 1, 2008) (a) Any person in possession of personal information of another person shall safeguard the data, computer files and documents containing the information from misuse by third parties, and shall destroy, erase or make unreadable such data, computer files and documents prior to disposal.
(b) Any person who collects Social Security numbers in the course of business shall create a privacy protection policy which shall be published or publicly displayed. For purposes of this subsection, "publicly displayed" includes, but is not limited to, posting on an Internet web page. Such policy shall: (1) Protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.
(c) As used in this section, "personal information" means information capable of being associated with a particular individual through one or more identifiers, including, but not limited to, a Social Security number, a driver's license number, a state identification card number, an account number, a credit or debit card number, a passport number, an alien registration number or a health insurance identification number, and does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media.
(d) For persons who hold a license, registration or certificate issued by a state agency other than the Department of Consumer Protection, this section shall be enforceable only by such other state agency pursuant to such other state agency's existing statutory and regulatory authority.
(e) Any person or entity that violates the provisions of this section shall be subject to a civil penalty of five hundred dollars for each violation, provided such civil penalty shall not exceed five hundred thousand dollars for any single event. It shall not be a violation of this section if such violation was unintentional.
(f) The provisions of this section shall not apply to any agency or political subdivision of the state.
(g) Any civil penalties received pursuant to this section shall be deposited into the privacy protection guaranty and enforcement account established pursuant to section 19 of substitute senate bill 30 of the current session.
Approved June 10, 2008
www.infidelitypolice.com