Federal judges in two cases have imposed sentences totaling 13 years in prison against a Los Angeles man who was the leader of the domestic arm of an international “phishing” operation that used spam e-mails and bogus websites to collect personal information that was used to defraud American banks.
Kenneth Joseph Lucas, II, 27, was also sentenced in the second case, which involved an indoor marijuana grow at his residence in the Baldwin Hills district of Los Angeles.
In the case stemming from the phishing scheme, United States District Judge Valerie Baker Fairbank sentenced Lucas on Friday to 11 years in prison after he pleaded guilty to 49 counts of bank and wire fraud, aggravated identity theft, computer fraud, and money laundering conspiracy charges.
During Friday’s sentencing hearing, Judge Fairbank said that Lucas’ role in the phishing scheme was “deliberate and ongoing,” and that his actions showed an “extreme disregard for the law and the community.” Lucas was a “key and active player in the bank fraud” that extended from Southern California to Nevada, North Carolina, Maryland, and overseas in Egypt, Judge Fairbank said.
In total, Lucas has been sentenced to 156 months in federal prison.
Lucas was the lead defendant in a 53-defendant indictment returned in the fall of 2009 as part of Operation “Phish Phry,” a multinational investigation conducted in the United States and Egypt that led to charges against 100 individuals—the largest number of defendants ever charged in a cybercrime case. As a result of Operation Phish Phry, 47 people have been convicted in federal court in Los Angeles.
Operation Phish Phry revealed how Egyptian hackers obtained bank account numbers and related personal identification information from an unknown number of bank customers through phishing—a technique that involves sending e-mail messages that appear to be official correspondence from banks or credit card vendors.
Bank customers who received the spam e-mails were directed to fake websites purporting to be linked to financial institutions, where the customers were asked to enter their account numbers, passwords and other personal identification information.
Because the websites appeared to be legitimate—complete with bank logos and legal disclaimers—the victims did not realize that the websites were not related to legitimate financial institutions. Armed with the bank account information, members of the conspiracy hacked into accounts at two banks.
Once they accessed the accounts, the individuals in Egypt coordinated transfers of funds from the compromised accounts to newly created fraudulent accounts and other accounts used as part of the scheme.
The United States part of the ring was directed by Lucas and two others, who directed associates to recruit runners to set up and use bank accounts where stolen funds could be held. A portion of the illegally obtained funds were transferred via wire services to the Egyptian co-conspirators. Judge Fairbank determined the total amount of intended loss was more than $1 million.
The investigation in the United States was conducted by the Federal Bureau of Investigation, which received support from the Electronic Crimes Task Force in Los Angeles and the Social Security Administration’s Office of Special Investigations.