Thursday, January 05, 2023

SIM Swapping, Crypto Theft, and Sentencing in the United States

As you know from the title of my blog, "CyberCrime & Doing Time," I'm very interested in cybercrime and the criminal justice system. This week I've been looking at SIM Swapping cases and wanted to share what I learned from reading the sentencing memos sentencing transcript for Ricky Handschumacher.

Ricky was one of the members of "The Community" - a group of six OGUsers/HackForums punks who decided to go into the crypto theft business. They haunted crypto community forums gathering data on people who over-shared about their crypto earnings and then did the social media intelligence (SOCMINT) work to id their target, assess their holdings, get their online credentials, and then pay a phone company contractor or employee to SIM Swap their device and steal their crypto.

They stole over $50 Million dollars.

Ricky was the last guy to get sentenced.  The other members of the group (not their phone store patsies, but the core group) were: 

  • Conor Freeman, 20, of Dublin, Ireland.  Conor was sentenced to three years in Ireland.
  • Colton Jurisic, 20, of Dubuque, Iowa. He was sentenced to 42 months and restitution in the amount of $9,517,129.
  • Reyad Gafar Abbas, 19, of Rochester, New York.  He was sentenced to 24 months and restitution in the amount of $310,791.
  • Garrett Endicott, 21, of Warrensburg, Missouri.  He was sentenced to 10 months and restitution in the amount of $121,549.
  • Ryan Stevenson, 26, of West Haven, Connecticut.  He got two years probation.  Minor player.

Ricky pleads guilty to a single count of "18 USC § 1349 - Conspiracy to Commit Wire Fraud" and in exchange the court agrees to drop several additional charges of: 
18 USC §§ 1343 and 2 - Wire Fraud, Aiding and Abetting 
18 USC §§ 1028A(a)(1) and 2 - Aggravated Identity Theft, Aiding and Abetting

Anyway, Guilty plea is received, family all lines up to say what a good boy Ricky is, blah blah blah, and how he was such a good boy while he was out on bond.

Sentencing Guidelines 

Here's how our sentencing Guidelines work ...

The base crimes each have a number of "sentencing points" that they are assigned.  Then there are a whole host of modifications that can be applied based on other factors.  This score is then further modified by how many prior criminal convictions the individuals have.

Conspiracy to Commit Wire Fraud has a base score of 7.  With no criminal history, that would give a sentence of 0-6 months. But that would be a crime with no victims, no losses, and the most basic conspiracy.  All of the other factors add points. 

The following modifications are then applied.

+2 - the number of victims matter.  In this case, they are charging "ten or more victims." 

Ricky's score is now a 9.  Sentencing guideline: 4-10 months.

+2 - sophisticated means. Because this was a high-tech crime with a lot of technology and a lot of moving parts.

Ricky's score is now an 11.  Sentencing guideline: 8-14 months. 

+2 illicit authentication.  To curb identity theft and the flippant use of stolen credentials, crimes that involve stolen identities get an automatic +2. 

Ricky's score is now a 13.  Sentencing guideline: 12-18 months.

+18 - Theft of between $3.5 million and $9.5 million.  The two greatest "adjustments" in the sentencing world are Number of Victims, and Amount Stolen. This is a huge modification, however, they stole a lot of money!  Many victims lined up to say they lost 100% of their life savings.  One of them even appeared at the Sentencing hearing and said so.  He told the court he had lost everything, and had been waiting FOUR YEARS for justice to be served.  It definitely needs consideration.  

Ricky's score is suddenly a 31.  108-135 months.  That's 9 to 11 years.

-3 - Because Ricky was cooperative and accepted responsibility for his crimes, apologizing to the court and to the victims, his sentencing guideline score is dropped by three points.  That's huge, actually.

Ricky's score is now 28.  78-97 months. 

In their sentencing memo, the prosecution says they would be happy to accept the "mid-point" of that range and asks for an 88 month sentence.

The Judge Speaks

The judge in this case is The Honorable Denise Page Hood in the Eastern District of Michigan.  I appreciate that she puts a great deal of explanation in before rendering her verdict.  She shares with us each of the things she is charged with considering as she builds her decision on what sentence to impose.  All of the following is quoted from the Sentencing Transcript available on PACER, although the emphasis added is mine.  

1. "The factors I'm supposed to consider are these: The nature and circumstances of the offense and the history and characteristics of the Defendant, and I'm satisfied that, while I don't think that -- well, I think the age of the other individuals involved really didn't have anything to do with you. What it really has to do with is whether or not you were a more mature person and maybe should have had some other indication of this wrongdoing and made a better judgment than someone who perhaps is still young and a bit naive might be. Like I know one of the people, I was convinced that person was much more naive than other individuals involved in this. You, however, aren't one of those.

"I have here also that I think that the nature and circumstances the offense are serious, because there's a lot of money stolen, and it's stolen from individuals who, number one, are unsuspecting, and, number two, some of them are like Mr. S.S., who is here in court today, that this was not, you know, some organization or anything. It was an individual and their personal money, their, as he describes it, his life savings that were involved, and I think that makes it a little bit different than stealing from a company that might have some other means of recovering that than an individual. I'm also satisfied that it seemed like kind of a we're going to go out there and just do these things. We're just going to hack. We don't have any sense of caring very much, until it's over, about people who might be involved in this and where the money might be coming from and where it might go, and so, to some extent, on the part of everybody involved, it seemed like it was kind of a relaxed look at what you were doing and just kind of like a greed thing. I mean it wasn't -- particularly in your case, it wasn't that you were destitute or anything. You had some education, and you had the ability to have a job. So it wasn't that you couldn't go out and make money on your own, and that is kind of the nature of these kind of things, but I think it's a very serious offense in this particular scheme of things.

2. I'm also to look at the history and characteristics of the Defendant, and, for that, I would note that in the scheme of people who come into court,  you're on the young end of that. You may not think you are, but you really are on the young end of those people who commit crimes within our system.

I'm satisfied that you had a decent childhood. I had some notes here that you were and athlete and well-integrated into your experiences as a youth, and, also, that, unlike some other people, you did not seem to be someone who was just, you know, isolating themselves and unliked by others and, therefore, kind of a person who might reach out to do something like this because of a bad situation that they were in. Not that that excuses that behavior, which is exactly what I told them, that it doesn't excuse that behavior.

I'm also satisfied that -- I don't know whether it's better or worse that there are hackers out there that don't know one another, and maybe that adds a little bit to the frivolousness and the unaccountability of it relative to one another. Otherwise, I don't think there's anything in your history or characteristics that is a negative to you. I had one thing I wanted to note here. Okay, I wanted to note that it does not appear that you have any physical problems or that you have any mental health diagnosis or received any mental health treatment. It does not appear that you have any substance abuse problems.

It appears that you graduated from high school and that you were able to have some employment, including an employment from July of 2019, on Paragraph 44, until – at least at the time that this report was written, and that prior to that, that you have worked -- you had been unemployed for a time but that you were also employed by the city of Port Richey, and, prior to that, in a grocery store, and for the short period of time that you've been an adult, that's a significant amount, as far as I'm concerned, of employment.

The other thing I want to say is thatI'm to consider whether or not the sentence that I'm going to craft will reflect the seriousness of the offense. I've already spoken to that. Promotes respect for the law and provides just punishment, and I'm sure that you're aware now of the seriousness of the offense. That may be enough to promote respect for the law. I don't know that. You know, I don't know that in these particular kind of instances whether people look at it and say, you know, I've been involved in this. It was easy. I just happened to get caught. I'm never going to get caught again because of the nature of how this is done and how hard it is to investigate and to find out what each person involved in it is doing. So I don't know that my sentence will promote respect for the law, but at least I have taken it into consideration.

I'm also to fashion a sentence that provides just punishment, and I know that in all of the cases during the pandemic, where people have been on bond, they have noted I've been, you know, really good, in quotes, on pretrial release, and that shows that I am rehabilitated, and, to some extent, that may be true. To the other extent, the opportunity was that you would not be on pretrial release and you would be in custody where everyone else is attempting to get out of custody because of Covid-19. So I see that people would be, to a very great extent, well-behaved on pretrial release at this time, especially when they don't want to be incarcerated. So I don't give that a lot of weight. I know it's a long time to wait, but I'm sure it is far less onerous conditions than if you were waiting in jail to be able to proceed.

5. I'm also to consider whether or not I will afford adequate deterrence to criminal conduct, and I recognize that this may have been an opportunistic crime, but it's still illegal. You still have to answer for it, and some of it, the deterrence, I think, is not only deterring yourself, meaning that something happens to you that makes you not want to do this ever again even if you think the opportunity to be caught is very small, and it's going to become less small. The Government is going to get better at uncovering this type of crime and uncovering it earlier, but I also think that we deter others by letting them know that we're not going to just let this kind of crime go unaddressed

6. I'm also to fashion a sentence that protects the public from the further crimes of the  Defendant, and I will do that in this case by requiring, since it's your first contact with law enforcement, and to some extent the presentence report indicates it's a deviation from your otherwise law-abiding life, that you will have to participate in the Computer Internet Monitoring Program for the entire time that you're connected to the Court by being incarcerated, if you're put in a halfway house, or while you're on supervised release, and you'll have to abide by that agreement, which addresses all of the computers to which you would have any contact, okay, and it allows them to not only search but at reasonable times and places, but to also be for you to provide other people using the computers with the understanding if you're using their computer, it's subject to search as well.

7. I'm to fashion a sentence that provides you with needed education and vocational training, medical care, or other correctional treatment in the most effective manner, and it does not appear that you're unhealthy, or, as I said, have any mental health or substance abuse concerns. I know you have a high school diploma, and you have had some employment that's consistent with that, and so I would note that you should have the opportunity to engage in any programs that you think are beneficial to you to enhance that, but I don't have any that I'm going to particularly point out.

8. I also have to consider the kinds of sentences available, and that is the 78 to 97 months of incarceration, and that it will be followed by a term of supervised release, and I'm also to consider the need to avoid unwarranted sentencing disparities among defendants with similar records having been found guilty of similar kinds of conduct, and I have these other codefendants, all of whom seem to have various roles in conducting this conspiracy, and I think that my sentence will reflect how I think the various roles and the history and characteristics and other factors have impacted those people, all of whom, so far, have received a sentence that is below the guideline range. 

9. I'm also to consider the need to provide restitution to any victims of the offense, and I am going to order a restitution against you relative to this. I will also recommend that the amount that you're forfeiting go against the restitution, but, you know, part of it is that, you know, the amount of restitution is really high, and I think it's really difficult for anybody, although you're a young person and so are the others, to pay back seven-and-a-half-million dollars. That's a tremendous amount of money, and the amount that it is apparent that you're forfeiting doesn't really approach that. It doesn't approach $7 million, and so, you know, the Court is always wondering what happened to the money that was stolen away from people and whether or not people have spent it or they hid it away, especially if there's nothing really apparent. There is, in some cases, something apparent to show for it, but I have considered that as well.

I've said in the other sentences, because in the other instances, people also ask for  noncustodial sentences, that I don't think that a noncustodial sentence is appropriate in these cases. I mean we think, kind of like we do in other kinds of cyber crimes, that you don't see what's happening. It's not done with some -- it's not like you went in and robbed a place where some people were standing there and you had to deal with the actual people that you might be stealing the money from, or had to confront an actual bank teller who might be afraid or anything like this. This is kind of done on your own on the computer. You don't really have any real people in front of you. It's not maybe very -- it does not seem very personal to the people committing the crime, but it's really personal against the people that the crime is committed, and so I don't think that a noncustodial sentence is appropriate.  Even with the halfway house and the like, I don't think it's appropriate, and I think you can tell that from the other sentences that I've imposed.

The Sentence

And, therefore -- but I should also say that I think the 78 to 97 months is driven, as many as of these monetary crimes are, by the amounts of loss, and I think, in this particular instance, where I have people before me and you who don't have prior serious offenses or any offenses at all, that I give credit for that in most other instances of fashioning a sentence, and the credit for it actually goes to the amount of time that you have to be incarcerated usually, and I don't see any reason why I shouldn't do that in this particular instance. In all of these instances, I think I have before me people who have the ability to do one of two things. They can grow and become productive members of society and attempt to pay back the victims the money that was, you know, secretly stolen from them and computers used to do that, and, therefore, I think that a sentence within the guideline range is too much for the charges that I'm presented with here for the reasons that I've stated.

And, therefore, with respect to Count 1 of the indictment, pursuant to the Sentencing Reform Act of 1984, the Court, having considered the advisory guidelines and the factors contained in 18 U.S.C. §3553(a), commits the Defendant to the custody of the Bureau of Prisons for a term of 48 months. And, upon release from imprisonment, the Defendant will be placed on supervised release for a term of three years. 

... I'm ordering that you pay that restitution to the clerk of the court for disbursement to the victims identified below in the amounts below for a combined restitution order of $7,681,570.03, which is due immediately. While on supervised release, payments must be made at a rate and schedule determined by the probation department, approved by the Court, and they are going to these victims:
Victim with initials D.M. in the amount of $116,387.12;
Mr. S.S. in the amount of $1,967,146.57;
And S.B. in the amount of $5,598,036.34.

Thoughts on Sentencing 

I am always frustrated when judges choose to depart from the recommended sentence, especially in a way that I feel does not take cybercrime seriously.  As we look at the rationale behind the sentence though, I think it boils down to this:

In the world of Big Crypto and with the pathetic security in place that means a kid in a phone shop can facilitate a $5.5 Million theft, how do we balance the trivial means of stealing that money with the fact that someone's life savings have been destroyed?

In this case, restitution will start with the fact that Ricky is giving up 38 BTC and 900 Ethereum from what he stole.  At the time of this writing that is about $1.8 Million.  How is a kid with a high school degree and a criminal record going to pay back the other $5.8 Million?  He's not.  The parole board will come up with a garnishment of future wages, but if he ends up in a minimum wage job, that is likely to be repaid at a rate of $100 per month, so the victims will get the rest of their money slowly over the next four thousand eight hundred years or so.

I would really like to hear your thoughts on this.  Feel free to comment below.  Thank you!

1 comment:

  1. Did they seize Ricky's redneck trucks as part of the restitution or did they let him keep all the shit he bought with victim's money?


Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.