Sunday, October 30, 2016

Major Call Center Scam Network Revealed - 56 Indicted

This week the US Attorney for the Southern District of Texas unsealed indictments against 56 individuals operating a conspiracy to commit wire fraud through a sophisticated scam involving five call centers in Ahmedabad, Gujarat, India.

The Call Centers -- HGlobal, Call Mantra, Worldwide Solutions, Sharma Business Process Outsourcing Services, and Zoriion Communications -- placed calls in four primary types of telefraud, and then laundered the money through a network of Domestic Managers, Runners, and Payment Processors in the United States.   The money was then moved via a Hawaladar, a person who runs an underground banking system, or an international money transfer service called a Hawala.  Hawala banking speeds the availability of international funds by operating on a trust system where the Hawaladar can incur or pay debts in one country for a large number of trusted parties from locally available funds on hand.

October 27, 2016 Press Release


Fraud types

IRS Scams: India-based call centers impersonated U.S. Internal Revenue Service officers and defrauded U.S. residents by misleading them into believing that they owed money to the IRS and would be arrested and fined if they did not pay their alleged back taxes immediately.

Law Enforcement Scams: India-based call centers also impersonated various law enforcement agencies, as with the IRS scams, threatening immediate arrest if the victim failed to comply with transferring funds.  (This blog has covered this scam before, including sharing a recording of one such call -- see: "Warrant for Your Arrest Phone Scams" from November 7, 2014.)

USCIS Scams: India-based call centers impersonated U.S. Citizen and Immigration Services (USCIS) officers and defrauded U.S. residents by misleading them into believing that they would be deported unless they paid a fine for alleged issues with their USCIS paperwork.

Payday Loan Scams: India-based call centers defrauded U.S. residents by misleading them into believing that the callers were loan officers and that the U.S. residents were eligible for a fictitious "payday loan".  They would then collect an upfront "worthiness fee" to demonstrate their ability to repay the loan.  The victims received nothing in return.

Government Grant Scams: India-based call centers defrauded U.S. residents by misleading them into believing that they were eligible for a fictitious government grant. Callers directed the U.S. residents to pay an upfront IRS tax or processing fee.  The victims received nothing in return.

Roles in the Operation

In the US, the primary parties were the Domestic Managers, the Runners, and the Payment Processors.  A Domestic Manager directed the activities of the runners and provided them with the resources they needed to do their work, including vehicles, and credit cards to be used to pay business expenses.  The Runners job was to purchase temporary "GPR cards" (General Purpose Reloadable) and then send the information about these cards to the scammers who were working in the call centers in India.  When they reached the "payout" portion of the scam, the funds would be transferred from the victim to the Runner's GPR card.  The Runners would then retrieve the cash and send it further upstream, often via Western Union or Moneygram using false identification documents. 

Data Brokers helped to generate "lead lists" for the Call Center Operators.  (For example, One of the data brokers used by the call centers was working as an IT Consultant for a company in New York.  Vishal Gounder would steal the PII from company databases and use the identities to activate the GPR cards.  )

Payment Processors acted as the intermediary between the Runners and the Call Centers for exchanging funds either through Hawaladars or via GPS Cards and international wire transfers.


The Indicted

The largest number of arrested and indicted individuals came from the HGlobal call Center.  I've illustrated the information from the indictment below:
HGlobal: Runners in 8 states, including Alabama


The other Ahmedabad, Gujarat, India Call Centers and their indicted members

 

GreenDot Investigations 

One of the methods that the members of the conspiracy were tracked was by their reliance on certain GPR cards, including the GreenDot MoneyPak cards.  When a GreenDot MoneyPak card is used, an identity and a telephone number have to be associated with the card.   The call centers in India operate primarily by using "Magic Jack" devices to place unlimited international calls over Voice Over IP (VOIP) lines where they can choose the callerid number that is displayed.   GreenDot investigators found that more than 4,000 GreenDot cards had been registered to the same Magic Jack telephone number, (713) 370-3224, using the identity details of more than 1,200 different individuals!

That Magic Jack number was controlled by Hitesh Patel, the call center manager of HGlobal.

The criminals did a poor job back-stopping their fake identities.  In this case, the Magic Jack was registered to the email "acsglobal3@gmail.com" which used as its recovery email hitesh.hinglaj@gmail.com, which lists the telephone number 9879090909, which Hitesh also used on his US Visa Application.  The Magic Jack device had been purchased in Texas by Asvhwin Kabaria, who used the email acs.wun@gmail.com to send the news to acsglobal3@gmail.com that he was shipping him 20 Magic Jack devices via UPS.  The same individual would ship more than 100 Magic Jack devices to other members of the conspiracy, including people in India and in Hoffman Estates, Illinois.

Another Magic Jack number, (630) 974-1367, was associated by 990 Green Dot GPR Cards using 776 different stolen identities.  (785) 340-9064 was associated with 4,163 Green Dot cards using 1903 different stolen identites!  That one was used by Jatan_oza@rocketmail.com which was frequently checked from the same IP address that Magic Jack calls using this number were originating.

Sunny Joshi (sunny143sq@yahoo.com) was shown to have purchased $304,363.45 worth of GPR cards in a single month (October 2013!)  Emails to and from Sunny often had spreadsheets documenting which transactions had been funded by which GRP cards.  One spreadsheet showed $239,180.79 worth of transactions from 116 different cards!

Another investigative trick was to look for cards that were used in "geographically impossible" situations.  For example, on January 13, 2014 at 11:37 AM a conspirator used a card to buy gas in Racine, Wisconsin.  On the same day at 12:46 PM the same card was used to buy groceries in Las Vegas, Nevada.

At least 15,000 victims have been confirmed to have lost money to these scammers, and an additional 50,000 victims are known to have had their identity details in the possession of these scammers.

The Most Vulnerable Among Us

The most vulnerable victims seem to have been recent immigrants and the elderly.  Those who are accustomed through habit or fear to quickly obeying any order of authority, even when it seems incredulous.   There are several victims who were ordered repeatedly to purchase the largest possible Green Dot cards ($500 value) and to do so in batches over several days.  One victim in 2013 purchased 86 cards worth $43,000 and transmitted the details to the scammers.  These cards were accessed from the IP of the 703 Magic Jack phone and transferred by email to "hglobal01@gmail.com".  

One resident of Hayward, California was contacted repeatedly from January 9, 2014 through January 29, 2014 and extorted into purchasing 276 MoneyPaks worth $136,000 and transmitting the PIN numbers to the thieves.  She was frightened into believing she was speaking with the IRS and would be immediately arrested if she did not comply!

Recent immigrants are also especially vulnerable.  In one of the many examples from the indictment, Rushikesh B., a resident of Naperville, Illinois, was extorted for $14,400 by an individual claiming to be the Illinois State Police and threatening arrest if he did not immediately pay fines related to immigration violations.

Those who work with our elderly and with recent immigrant communities are strongly encouraged to remind them that NO LAW ENFORCEMENT OFFICIAL will EVER take payment for a fine via money transferred over the internet or email!  Nor will they ever require a GPR card to be used to pay such a fee!   

Anyone who hears of a friend, family member, co-worker who has been a victim of such a scam is strongly encouraged to file a report. 

For all IRS-related telephone scams, please help your colleague to report the scam by using the TIGTA website, "IRS Impersonation Scam Reporting" run by the Treasury Department's Inspector General for Tax Administration. 
The URL is: https://www.treasury.gov/tigta/contact_report_scam.shtml

For all other Telefraud scams involving government impersonation, this FTC website may be used:  https://www.ftccomplaintassistant.gov  

Email Traffic a key to the Case

The indictment goes on for 81 pages listing incident after incident, including many email accounts used by the criminals.  Some of the criminals made accounts for money movement, such as money.pak2012@gmail, payment8226@gmail, but others used their "primary emails" like Cyril Jhon who used the email cyrilhm2426@gmail for his conspiracy traffic. Saurin Rathod used the email saurin2407@gmail, while Hardik Patel used hardik.323@gmail!  One of the payment processors, Rajkamal Sharma, sent over 1,000 emails to conspirators with directions about where to deposit various funds. Almost 50 pages of the 81 page indictment are walking through the evidence uncovered by email analysis!

The full indictment is a fascinating read ... you can find a copy here:

https://www.justice.gov/usao-sdtx/file/905837/download

The indicted:
Hitesh Madhubhai Patel
Hardik Arvindbhai Patel
Janak Gangaram Sharma
Tilak Sanjaybhai Joshi
Saurin Jayeshkumar Rathod
Tarang Ranchhodbhai Patel
Kushal Nikhilbhai Shah
Karan Janakbhai Thakkar
Manish Balkrishna Bharaj
Rajpal Vastupal Shah
Sagar Thakar (aka Shaggy, Shahagir Thakkar)
Cyril Jhon Daniel
Jatin Vijaybhai Solanki
Jerry Norris (aka James Norris, IV)
Nisarg Patel
Miteshkumar Patel
Rajubhai Bholabhai Patel
Ashvinbhai Chaudhari
Fahad Ali
Jagdishkumar Chaudhari (Jagdish)
Bharatkumar Patel (Bharat)
Asmitaben Patel
Vijaykumar Patel
Montu Barot (Monty Barot)
Praful Patel
Ashwinbhai Kabaria
Dilipkumar Ramanlal Patel
Nilam Parikh
Dilipkumar Ambal Patel (Don Patel)
Viraj Patel
Abshishek Rajdev Trivedi
Samarth Kamleshbhai Patel
Harsh Patel
Aalamkhan Sikanderkhan Pathan
Jaykumar Rajanikant Joshi
Anjanee Pradeepkumar Sheth
Kunal Chatrabhuj Nagrani
Subish Surenran Ezhava (aka Chris Woods)
Sunny Tarunkumar Sureja (aka Khavya Sureja)
Sunny Joshi (aka Sharad Ishwarial Joshi, Sunny Mahashanker Joshi)
Rajesh Bhatt (aka Manoj Joshi, Mike Joshi)
Nilesh Pandya
Tarun Deepakbhai Sadhu
Vishalkumar Ravi Gounder (Vishal Gounder)
Bhavesh Patel
Raman Patel
Rajesh Kumar Un
Aniruddh Rajeshkumar Chauhan
Rahul Tilak Vijay Dogra
Vicky Rajkamal Bhardwaj
Clintwin Jacob Chrisstian
Aneesh Antony Padipurikal (Aneesh Anthony)
Jatankumar Kareshkumar Oza (aka Jatan Oza)
Rajkamal Omprakash Sharma
Vineet Dharmendra Vasishtha (aka Vineet Sharma, Vineet Vashistha)
Gopal Venkatesan Pillai

Monday, October 24, 2016

Yevgeniy Nikulin hacked LinkedIn and Formspring via Employee VPN

From the indictment against Yevgeniy Nikulin

On October 20, 2016, Radio Free Europe/Radio Liberty announced that they had identified the Russian hacker who was arrested in Prague.  They were the first ones to announce the identify of Yevgeniy Nikulin providing a link to his arrest video:


 Nikulin's arrest video


VPN Hacking?

Two points in the Indictment's "Background" section.  One says "LinkedIn employees were assigned individual credentials by which they could remotely access the LinkedIn Corporate network..  As individual with the initials N.B. worked for LinkedIn at its Mountain View, California headquarters.

... and a couple paragraphs later ,,,

Formspring employees were assigned individual credentials by which they could remotely access the Formspring corporate network.  An individual with the initials J.S. worked for Formspring in its San Francisco, California, headquarters.


The hack of LinkedIn, according to the Indictment, occurred on March 3-4, 2012, during which, Yevgeniy "did knowingly possess and use, without lawful authority, a means of identification of another person, that is, the user name and password assigned to LinkedIn employee N.B., during and in relation to violations of Title 18, USC, Section 1030.

Dropbox was hacked between May 14, 2012 and July 25, 2012, although no mention is made of the technique.  (Motherboard indicates that more than 68 million passwords were stolen in this breach.)

The hack of Formspring was between June 13, 2012 and June 29, 2012, during which the defendant "did knowingly possess and use, without lawful authority, a means of identification of another person, that is, the user name and password assigned to Formspring employee J.S., during and in relation to violations of Title 18, USC, Section 1030.


BitCoin Theft by ChinaBig01

After the indictment was released, as several others users have done, (such as @TalBeerySec of Microsoft Research), we found the allegations that Yevgeniy was involved in other types of crimes, including breaking in to the MySQL Database of a BitCoin "Hedge Fund".

The operator of that site sent this claim to the users:

"Hello,

I wanted to share a very bad news with you. Yesterday, in the middle of the night, someone hacked in to Bitmarket database and managed to modify his account. Then, he withdrew ~610 BTC from the site. He left about 100 BTC in the wallets.

Right now I'm investigating what happened. It seems that he managed to somehow find my administration console for the database, which wasn't under any gueassable name. This console was password protected (a very long, random password) but he still managed to overcome this somehow. I'm still investigating how this could happen. Right now I've removed this console entirely to prevent any further damage, but I'm devastated :(. I wrote a message to the email he registered with (chinabig01@gmail.com) literally begging him to return the stolen BTC. If he has any conscience, maybe he'll give it back. But at the moment we are 600 BTC short, and if this sees the light of day (ie. people want to withdraw more than 92 BTC that's currently in the wallets), we're totally screwed.

I know it's much to ask, but do you have any Bitcoins available right now to fill this gap temporarily? There is a small chance that the thief will give this back, but until then… I really don't know what to do now. I didn't have the luxury to screw up again, and when things started to go on the right track, this happens. All this makes me wanting to kill myself. My hands are shaking right now. I won't do this, because I have people to repay. I hope this turns out good… Sorry, I don't have any other idea right now, I just wanted to be 100% honest with you and inform you on this as soon as I saw what happened. 
"

The author claims that 620 BTC were stolen.  He later offers this link to the alleged purse, controlled by "ChinaBig01@gmail.com" according to him.  You can see the 620 BTC as 1, then 9, then 55.456, then 554.54 being deposit and then removed from this bitcoin address:

http://blockchain.info/en/address/1Lbcfpaw3uHs3iarBqZ12FYeD5vFwNvY49



Monday, October 10, 2016

Ten Years of Cybercrime & Doing Time

On October 10, 2006 while I was sitting in my office at Energen I decided to start a blog.  I had been an InfraGard member for five years at that time, and was realizing based on the feedback I was getting from other InfraGard members around the country that while many people knew about Cyber Security, very few knew about CyberCrime.  I was working on a daily basis with the FBI Cybercrime Squad in Birmingham, so I had a fairly good view on the topic, so I decided to try to share what I knew by starting this blog.  One year later I had taken things to a whole new level by quitting my job at the Oil & Gas company and moving to the University of Alabama at Birmingham to dedicate the next decade to training new cybercrime fighters!

While the blog has seen ups and downs in the regularity of the posts, even being named "Most Popular Security Blog" by SC Magazine back in 2010, overall we've averaged one post per week and have been visited by nearly 3 million readers.

As I tried to decide how to mark the 10th Anniversary of the blog, I thought one way to do it would be to share what has been our most popular stories each year.

One of the strengths of the blog has always been to document "big campaigns" that are attacking people and try to help them understand the nature of the scam so that they could avoid being a victim themselves.  The three most popular stories on the blog have all been of that nature:

1. "More ACH Spam from NACHA" (March 11, 2011) and "ACH Transaction Rejected payments lead to Zeus" (Feb 25, 2011) were both of that type.  Even years later, spikes in visitors to these stories were an indication that someone was imitating NACHA again.   In these spam campaigns, the spammers would claim to be sending email from the  "National Automated Clearing House Association" the organization that handles all electronic payments between American banks.  We later came to call these type of campaigns "Soft-Targeting" as most Americans have never heard of NACHA, but those who are involved in regularly moving money most certainly would have -- making them also the most likely to fall victim to such a spam message.  The first entry in this series, "Newest Zeus = NACHA: The Electronic Payments Association" (November 12, 2009) was also very popular.

2. Coming much later, November 7, 2014, was "Warrant for your Arrest phone scams." It was great to see the heavy traffic to that blog post and receive the emails letting me know that someone had just "proven" to them that they were about to be scammed by sending them a link to the article!

3. During 2014 one of the largest spamming botnets was the ASProx botnet.   This malware blasted out high volume spam campaigns that used a variety of social engineering ploys to make their campaigns convincing, leading to huge victimization rates.   The most popular, based on hits to the blog, was the E-Z Pass Spam.  "E-Z Pass Spam Leads to Location Aware Malware" (July 8, 2014) had tens of thousands of visitors.  A close second, also ASProx, was "Urgent Court Notice from GreenWinick Lawyers delivers malware."   ASProx had been dominate from the holiday season in 2013, when "package delivery failure" messages really hit a profound number of victims.  (See for example "Holiday Delivery Failures Deliver Kuluoz Malware" (December 26, 2013)

Rather than go through the top campaigns in order, I thought it might be more interesting to see the most popular posts for each of our ten years as a blog.


Top Cybercrime & Doing Time Blog Posts of 2016
Vovnenko / Fly / MUXACC1 pleads guilty24JAN2016
Kelihos botnet delivering Dutch WildFire Ransomware09JUL2016
Is the Bank of Bangladesh ready for the Global Economy?23APR2016
Unlimited ATM Mastermind Ercan Findikoglu pleads guilty06MAR2016

In 2016, two of our four top stories were about arrests of top cybercriminals, which is a trend that I love to say is growing and rising as we see a higher level of cooperation internationally, and a growing ability among our Law Enforcement partners. One of the highest volume spam botnets, Kelihos, is regularly in our blogs and is quite popular with the readers, indicating how often they also see the spam. The Bank of Bangladesh SWIFT theft was also a high interest story!

Top Cybercrime & Doing Time Blog Posts of 2015
Tech Support "pop-ups"30MAR2015
Hillary"s Email Server and the New York City malware03OCT2015
Passwords, Password Cracking, and Pass Phrases29OCT2015
Darkode guilty pleas: Phastman, Loki, & Strife24AUG2015

In 2015, the Darkode forum was a top story for us. Readers responded well to the Tech Support "pop-up" scams, indicating that they were also seeing it quite a bit! Hillary's email server gave us a chance to show the value of a long-term spam repository. And the story on password cracking seems to be regularly accessed from people teaching others about strong passwords.

Top Cybercrime & Doing Time Blog Posts of 2014
Warrant for Your Arrest phone scams07NOV2014
E-ZPass Spam leads to Location Aware Malware08JUL2014
Urgent Court Notice from GreenWinick Lawyers delivers malware13JUL2014
GameOver Zeus now uses Encryption to bypass Perimeter Security02FEB2014

The phone scams claiming that a warrant has been issued for your arrest have been popular on a daily basis for most of the two years since this story was first released. EZ Pass and Urgent Court Notice spoke to the popularity of the ASProx botnet. Gameover Zeus was also quite interesting as it changed the way spam-delivered malware defeated perimeter security.

Top Cybercrime & Doing Time Blog Posts of 2013
Holiday Delivery Failures lead to Kuluoz malware26DEC2013
Vietnamese Carders arrested in MattFeuter.ru case05JUN2013
When Parked Domains Still Infect - Internet.bs and ZeroPark10AUG2013
New Spam Attack accounts for 62% of our spam!10APR2013

Kuluoz, later called ASProx, had its first big Christmas in 2013. One of the first arrests of Vietnamese hackers spoke to internationally cooperation.

Top Cybercrime & Doing Time Blog Posts of 2012
Operation Open Market: The Vendors25MAR2012
Paypal "You Just Sent a Payment" spam leads to malware01MAY2012
DNS Changer: Countdown clock reset, but still ticking28MAR2012
Operation Open Market: Jonathan Vergnetti17MAR2012

In 2012, the DNS Changer malware was on everyone's minds (we later blogged about the successful prosecution of the leaders of that campaign, all now in prison in New York.) Operation Open Market was the big Forum take-down that year.

Top Cybercrime & Doing Time Blog Posts of 2011
More ACH Spam from NACHA11MAR2011
ACH Transaction Rejected payments lead to Zeus25FEB2011
Federal Reserve Spam14MAR2011
The Epsilon Phishing Model08APR2011

I've already mentioned the ACH/NACHA spam campaigns that delivered Zeus. The Epsilon Phishing model focused on hacking email delivery services and using validated accounts to deliver phishing and malware. (This is the group that Neil Schwartzman of CAUCE labeled "The Adobers" for the many times their malware claimed to be Adobe software.)

Top Cybercrime & Doing Time Blog Posts of 2010
New York FBI: 17 Wanted Zeus Criminals30SEP2010
PakBugs Hackers arrested12JUL2010
Lin Mun Poo: Hacker of the Federal Reserve and ...?20NOV2010
Iranian Cyber Army returns - target: Baidu.com12JAN2010

The Iranian Cyber Army, and a variety of international cyber criminals captured the headlines in 2010.

Top Cybercrime & Doing Time Blog Posts of 2009
Newest Zeus = NACHA: The Electronic Payments Association12NOV2009
The FBI's Biggest Domestic Phishing Bust Ever08OCT2009
Who is the "Iranian Cyber Army"? Twitter DNS Redirect18DEC2009
Traveler Scams: Email Phishers Newest Scam09FEB2009

Our 2009 "Traveler Scams" post was for years the most successful post on the blog, as many people shared the post with their friends to warn about the scam. NACHA was just becoming the leading scam-victim related to Zeus, and the FBI celebrated a huge phishing victory!

Top Cybercrime & Doing Time Blog Posts of 2008
The UAB Spam Data Mine: Looking at Malware Sites09AUG2008
Anti-Virus Products Still Fail on Fresh Viruses12AUG2008
ICE: Operation Predator - Solving Intertwined Child Porn cases05NOV2008
Bank of America Demo Account - DO NOT CLICK26NOV2008

In 2008, we were just getting seriously up to ability with the UAB Spam Data Mine, and found many interesting malware campaigns using these techniques, which eventually led to the creation of Malcovery Security, later acquired by PhishMe

Top Cybercrime & Doing Time Blog Posts of 2007
Is Your Fifth Grader Smarter Than a Laughing Cat?15OCT2007
Google Referrer Only malware sites13DEC2007
AffPower Indictments Scare Affiliates!06AUG2007
TJX: From Florida to the Ukraine?04SEP2007

In 2007, the Storm Worm was one of the top spreaders of malware. The Laughing Cat story pointed out that if you share your computer with younger family members, they may very well click on lures that any educated adult would reject. The AffPower case remains one of my favorite law enforcement actions against online pharmaceutical affiliate programs. The TJX story tracked some of the carders involved in the TJX data breach.

Top Cybercrime & Doing Time Blog Posts of 2006
Pump & Dump: SEC gives us a peek!21DEC2006
Counterfeit Checks? Who cares!12OCT2006
Birmingham InfraGard - October 200610OCT2006
FAL$E HOPE$ @ CHRI$TMA$22DEC2006

In 2006, our inaugural year, we didn't have a lot of stories, honestly. Pump & Dump spam was interesting that year, and we blogged about some of the holiday scams we were seeing.

Unfortunately, several of the graphics in the older stories are unavailable due to changes in hosting. Hopefully we'll get those recovered eventually. Sorry for any loss of enjoyment that may cause while strolling down Cybercrime Memory Lane with me!

Looking forward to another Ten Years informing the public about Cybercrime & Doing Time!

Thanks to all of my friends and students who encouraged this blog along the way, and helped through their dedication to fighting Cybercrime and sharing in the analysis we did together. While there have been tons of great contributors in the lab, with regards to things that ended up in the blog I'd like to especially thank: Heather McCalley, Matthew Grant, Chun Wei, Brad Wardman, Brian Tanner, Tommy Stallings, Sarah Turner, Josh Larkins, Jui Sonwalker, JohnHenri Ewerth, Brendan Griffin, and Kyle Jones.

Thanks also to my inspirations in blogging, Brian Krebs, and Graham Cluley. This amateur blogger is truly grateful for what you guys do and share!

Sunday, October 09, 2016

Backpage.com, Human Trafficking, and Free Speech

Charges Against Backpage

Earlier this week the states of Texas and California worked together to have the CEO of Backpage.com arrested. The charges were brought in California, who issued the arrest warrant for CEO Carl Ferrer, who was then arrested in Texas. The cause of the arrest was that by running a website that profited heavily from the sale of sexual services, through the "escort" section of his website, Backpage was profiting from prostitution and human trafficking. 

The Dallas AG's press conference regarding the arrest is here:

Dallas was a good venue, because the company's headquarters are actually in Dallas, Texas.  The CEO was arrested at the airport as he returned from an international trip.

Kamala Harris, the California Attorney General, shares her announcement here:


California brought the charges primarily because Backpage.com made more money on their escort services from selling women and children in California than in other states.  In addition to charging CEO Carl Ferrer, California brings charges against controlling stock-holders, Michael Lacey and James Larkin.  Ferrer, Lacey, and Larkin are charged with operating a "Pimping Conspiracy" from 2010 through 2016.   Among the specific charges brought in the 9 page Criminal Complaint against Backpage.com are that although most sections of Backpage.com are free -- there is no charge to post an advertisement there -- the Escort service DOES charge to place ads, and in California, these ads generate more than $2 Million PER MONTH in profits just in the state of California.  Yes, ALMOST ALL of the revenue for Backpage.com is generated by its ads for escort services!

Furthering the conspiracy, however, is the fact that the same trio also operate other prostitution-oriented websites, EvilEmpire.com, an "escort directory service" and BigCity.com, an app for android and iPhone that provides profiles of those listed on EvilEmpire. (EvilEmpire currently has 1300 profiles claiming to be in Birmingham, Alabama!)   

The California charges then go on to include several violations of California Penal Code section 266h(b)(2), Pimping a Minor Under 16 Years of Age, and several additional violations of 266h(b)(2)/664, "Attempted" Pimping of a Minor Under 16.

Backpage and Law Enforcement

I've met the Backpage lawyer featured in this Anderson Cooper video. She used to defend CraigsLists adult services. She was at a law enforcement conference I attended in Singapore, and she said she was there to try to build law enforcement contacts because they wanted to be "the best ally possible" for law enforcement:



In 2011, Backpage received a letter signed by 46 Attorneys General asking Backpage to clarify 20 points of contention with regards to its advertising, monitoring of, and profiting from, the advertisement of prostitution.


The letter also mentions that CEO Carl Ferrer told Washington's Attorney General that at that time they were removing around 400 advertisements per month on suspicion that they involved underage minors.

Backpage and Freedom of Speech

The website has already been hit with a federal lawsuit -- but then the lawsuit was dismissed, and on appeal, it is clear that the "Freedom of Speech" crowd is pro-Human Trafficking.

Here is how the judge who heard the appeal opened her 37 page judgement:

"This is a hard case — hard not in the sense that the legal issues defy resolution, but hard in the sense that the law requires that we, like the court below, deny relief to plaintiffs whose circumstances evoke outrage. The result we must reach is rooted in positive law. Congress addressed the right to publish the speech of others in the Information Age when it enacted the Communications Decency Act of 1996 (CDA). See 47 U.S.C. § 230. Congress later addressed the need to guard against the evils of sex trafficking when it enacted the Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA), codified as relevant here at 18 U.S.C. §§ 1591, 1595. These laudablelegislative efforts do not fit together seamlessly, and this case reflects the tension between them. Striking the balance in a way that we believe is consistent with both congressional intent and the teachings of precedent, we affirm the district court's order of dismissal. The tale follows. . . "

The law that makes this all legal, from the Federal side, is "47 U.S.C. § 230" which is the law that protects websites from being responsible for the things that third parties post on their servers. The full judgment in that lawsuit is here:


The EFF (Electronic Frontier Foundation) and the CDT (Center for Democracy and Technology) both argued in favor of Backpage in amicus briefs, and Forbes magazine foolishly went along with their headline "Big Win For Free Speech Online In Backpage Lawsuit" -- (click image for story)


http://www.forbes.com/sites/ericgoldman/2016/03/17/big-win-for-free-speech-online-in-backpage-lawsuit/

So "Free Speech" wins and our young woman get trafficked. I'm shocked that Forbes finds this a thing to celebrate!

Federal Responses to BackPage CEO Arrest

One of the champions against Human Trafficking on Capital Hill is Congresswoman Ann Wagner from the 2nd District of Missouri.  She is the sponsor of the Stop Advertising Victims of Exploitation Act (SAVE Act).  In many ways you could say the SAVE Act was written in response to Backpage.com.
https://www.youtube.com/watch?v=5vZAaOClo0M
 Wagner's SAVE Act became law with the passage of Senate Bill 178 - Justice for Victims of Trafficking Act of 2015, when it was signed by President Obama on May 29, 2015.  What her section of the law does is just adds the word "Advertising" to an existing law, 18 U.S. Code § 1591 - Sex trafficking of children or by force, fraud, or coercion.



We'll have to wait to see whether this new language gets used in Federal court sometime soon.  In this case, the big question with regards to 18 USC Section 1591 would be "who did the advertising?"  We already know that BackPages will say they are a neutral third part who allows OTHERS to advertise.

Senator Porter is also leading the charge from the Senate side.  In November 2015 he held hearings about Backpage and subpoenaed CEO Carl Ferrer to appear before the commitee.  When Ferrer refused, Contempts charges were filed against him (with a 96-0 vote in the Senate to sustain the charges.)  In his Senate Report about BackPage.com, he points out that in 2013, 80% of all revenue from advertising escort services in the United States was believed to have been generated by Backpage.com, and that according to the National Center for Missing and Exploited Children (NCMEC), 71% of the alerts they receive from members of the public about possible sex trafficking of underage persons has a Backpage.com nexus.  The report also points out that American Express, Visa, and MasterCard refuse to allow their cards to do business with Backpage.com, due to their illegal or "brand damaging" activities.  Although Backpage claims that 120 of its 180 employees do nothing but edit and filter ads on the site, NCMEC has documented 400 cases in 47 states of children being trafficked via Backpage.com.


(196 report from Portman/McCaskill)
Although the main body of the report is only 33 pages, the 196 page report from Senators Porter and McCaskill contains a great deal of additional interesting reading, if this is a topic of interest.  One document that is cited second-hand is a report by researcher Danah Boyd called "Combating Sexual Exploitation Online: Focus on the Networks of People, not the Technology."  I agree, focusing on the people is a key, but does that mean we continue to allow our children to be advertised in the meantime?

 Statements issued after the Arrest of Backpage.com's CEO:

 One Example Sex Trafficking Case 

https://www.ice.gov/news/releases/ice-investigation-results-17-sex-trafficking-indictments-minnesota

In this case, announced 05OCT2016, a group smuggled sex workers in from Thailand to the United States and kept each woman confined in a house of prostitution until they were able to pay off their "bondage debt" of between $40,000 and $60,000.  Hundreds of women were held in this way.  Each "house manager" would choose the best way to advertise the women, but many chose the websites backpage.com and eros.com.