With all the headlines about Internet cybersecurity breaches, there seem to be few headlines about the consequences for cybercriminals.
That is because not all cybercriminals are caught, and when they are it often takes months, if not years, before trials. Even when the cybercriminals plead guilty, the sentencing phase often occurs months after the trial. As a result, the public is rarely aware of what happens to the criminals for their Internet crimes.
In fact, in 2013 there were dozens of trials and Internet criminals were sentenced to jail, hopefully sending a strong message that there are stiff penalties for Internet crime. Here is a small sampling of the consequences for Internet criminals sentenced in 2013.
Hacker Sells Secrets to the FBI and Gets 18 Months in Jail
A member of the Underground Intelligence Agency pled guilty for hacking “into multiple corporate, university and government computer networks … including access to supercomputers from a U.S. national security laboratory,” as reported by Computerworld.
Andrew Miller, 24, reportedly pled guilty in August 2013 to one count of conspiracy and two counts of computer fraud for actions committed between 2008 and 2011. The FBI presented evidence that Miller:
- Asked an undercover FBI agent for US$50,000 in 2011 in exchange for access to two supercomputers at the Lawrence Livermore National Laboratory; and
- Claimed to have hacked into servers from American Express, Yahoo, Google, Adobe, WordPress, Cisco, Harvard University and the University of California at Davis as well as accessed sensitive U.S. government networks from agencies including NASA, Los Alamos National Laboratory, Oak Ridge National Laboratory and Argonne National Laboratory.
Although Miller faced a maximum penalty of 15 years in prison and $500,000 in fines, U.S. District Judge Mark Wolf of Massachusetts followed the U.S. Attorney’s recommendation and sentenced Miller to only 18 months in jail after hearing Miller’s plea for clemency because “he was very sorry for his actions, is seeing a psychiatrist for depression, and is needed at home to help care for his mother, who is very ill.”
Two Romanians Sentenced for Stealing $27.5 Million
In September 2013, Romanian Adrian-Tiberiu Oprea, 29, was sentenced to serve 15 years in prison and Iulian Dolan, 28, also of Romania, was sentenced to serve seven years in prison by the U.S. District Court in New Hampshire because of hacking they did between 2009 to 2012 into several hundred U.S. merchants’ POS systems, including 250 Subway restaurant franchises. The two also stole payment card data belonging to more than 100,000 U.S. cardholders.
As noted in the charges filed by the U.S. Department of Justice in the case:
Oprea and Dolan remotely hacked into hundreds of U.S. merchants’ point-of-sale (POS) or “check out” computer systems, where customers’ payment card data was electronically stored. Specifically, Oprea, who was the leader of the scheme, and Dolan, who was his trusted aide, first used the Internet to identify U.S.-based vulnerable POS systems. After identifying a vulnerable system, Oprea and Dolan would gain access and install software programs called “keystroke loggers” (or “sniffers”) onto the POS systems. These programs would record, and then store, all of the data that was keyed into or swiped through the merchants’ POS systems, including customers’ payment card data.
Both were extradited to the U.S. to stand charges and pled guilty.
5-Year Sentence for Copyright Infringement of Movies via the Internet
Many people assume that copyright infringement is only a civil wrong, but that is not true. In August 2012, Jeramiah Perkins, 40, pled guilty to conspiracy to commit criminal copyright infringement. As the leader of a number of other defendants for the same crime, he was sentenced in January 2013 to 5 years in jail and 3 years of supervised release as well as being ordered to pay $15,000 in restitution.
Other defendants also pled guilty to these changes and received long jail sentences as well.
Perkins admitted that he rented servers in France, among other places, to operate IMAGiNE Group, which made illegal copies of motion pictures and then sold them. The Motion Picture Association of America presented evidence to the U.S. District Judge in Virginia that “the IMAGiNE Group constituted the most prolific motion picture piracy release group operating on the Internet from September 2009 through September 2011.”
Hacker Sentenced to 10 years in Prison
In November 2013, 28-year-old Jeremy Hammond was sentenced to 10 years in prison. The sentence, announced by the U.S. Attorney for the Southern District of New York, was for Hammond’s role in, among other hacks, the December 2011 hack of Strategic Forecasting Inc. (“Stratfor”) that affected hundreds of thousands of victims, including employees and subscribers. Further, Hammond and his co-conspirators also stole credit card information for roughly 60,000 credit card users and used some of the stolen data to make more than $700,000 in unauthorized charges.
Manhattan U.S. Attorney Preet Bharara stated:
As he admitted through his plea of guilty, Jeremy Hammond launched a series of computer hacks that stole confidential information pertaining to companies, law enforcement agencies and thousands of innocent individuals. His sentence underscores that computer hacking is a serious offense with damaging consequences for victims, and this Office is committed to punishing the perpetrators of such crimes.
Hammond also admitted his involvement in 2011 hacks into computer systems used by the Federal Bureau of Investigation’s Virtual Academy, the Arizona Department of Public Safety, Brooks-Jeffrey Marketing, various law enforcement-related websites, Special Forces Gear, Vanguard Defense Industries, the Jefferson County, Ala., Sheriff’s Office, and the Boston Police Patrolmen’s Association.
At his sentencing Hammond defended his actions by arguing that they were “altruistic” and that he never personally used the credit card data he stole.
Crime does not pay, but perhaps Internet criminals think that they cannot be caught.
Given the efforts of police agencies around the world, however, Internet criminals continue to be caught and prosecuted.