Friday, February 11, 2011

Zeus Sentencing

I don’t do many posts on sentencing in cybercrime cases, not because it isn’t an important issue but because sentencing is a pretty cut and dried process under the U.S. Federal Sentencing Guidelines.

I’m making an exception in this instance because, as a September 30, 2010, Wired article explained, the person being sentenced was involved in an international “fraud ring based in East Europe that stole more than $3 million from bank accounts belonging primarily to small businesses and municipalities, according to indictments released Thursday.”

This post deals with the sentencing of “Victoria Opinca, a/k/a `Natalia Kostina,’ a/k/a `Natalia Zueva,’” who, on December 21, 2010, pled guilty to “one count of conspiracy to commit bank fraud” in violation of 18 U.S. Code §§ 1344 (bank fraud) and 1349 (conspiracy). U.S. v. Opinca, 2011 WL 204901 (U.S. District Court for the Southern District of New York 2011). After Opinca pled guilty, her lawyer sent the judge who has the case a letter asking that the “Court be lenient when imposing sentence” in light of her “personal circumstances and minor role in the offense.” U.S. v. Opinca, supra.

What, you may ask, was that “minor role”? Well, here’s how this opinion describes the scheme in which Opinca participated:

The fraudulent scheme had two components. First, . . . hackers in Eastern Europe used a malicious computer program to access the bank accounts of small and mid-sized businesses and municipal entities in the United States (the `Victim Accounts’). The . . . program, known as the `Zeus Trojan’, was designed to steal computer access data, such as usernames and passwords, for . . . bank accounts, e-mail accounts, and social networking websites.

The Zeus Trojan typically infects a victim's computer when the victim clicks on a link, or opens a file, that is attached to a seemingly legitimate e-mail message . . . but is actually an e-mail sent by hackers for the purpose of infecting the victim's computer. Once installed, the Zeus Trojan allows hackers to secretly monitor the victim's computer activity, recording . . . the victim's bank account numbers, passwords, and authentication information as they are typed by the victim into the infected computer to access online banking websites, among other things. The stolen bank account data is then used to fraudulently transfer funds out of the Victim Accounts. . . .

`[M]oney mules’ . . . , were recruited to open bank accounts in the United States . . . (the `Mule Accounts’), to receive wire transfers from the Victim Accounts. Once the transfers were received . . . mules withdrew the fraudulently-acquired funds and distributed them to other members of the conspiracy, keeping a portion for themselves. A group . . . (the `Mule Organization’). . . . recruited mules from Eastern Europe who were planning to travel to, or were in, the United States on. . . . non-immigrant visas that allow foreigners to visit the United States. . . .

Once in the United States, the . . . Mule Organization provided the mules with fake foreign passports, which the mules used to open accounts at various banks . . . .

[A]fter the Mule Accounts were opened, other participants in the scheme used stolen account information to transfer money from the Victim Accounts to the Mule Accounts, typically in amounts close to $10,000. . . . [T]he the mules withdrew the money . . .before the fraud could be detected by the victims or the banks. The mules kept a portion of the fraudulent proceeds for themselves . . . and transferred the rest to other participants in the scheme. . . .

U.S. v. Opinca, supra. Opinca and Alina Turuta entered the U.S. in May of 2010 and met with Dorin Codreanu, who offered them jobs as money mules, which they accepted. U.S. v. Opinca, supra. When Codreanu told Opinca she could “earn more money” by opening accounts “using passports with a new identity”, she agreed to do so and was “given two Greek passports with different names.” U.S. v. Opinca, supra. As the opinion notes, she used the passports “to open accounts at several banks”:

On June 22, Opinca opened an account at Chase Bank using her own name and a Moldova passport. On July 6, approximately $12,740 was wire transferred to that account “from an entity in Michigan”. The opinion refers to this transaction as involving “Victim-1.” On July 10, she withdrew approximately $5,000 and $6.900 from the Chase Account, using two bank branches.

On July 19, Opinca, purporting to be “Natalia Kostina” opened an account at a TD Bank branch and an account at a Bank of America branch, both branches being in Forest Hills, New York. On July 21, Opinca, purporting to be “Natalia Zueva” opened an account at a TD Bank branch in New York, New York and another account at Bank of America.

U.S. v. Opinca, supra. All the accounts Opinca opened “were Mule Accounts that were used, or intended to be used, to receive and subsequently transfer stolen funds from Victim Accounts.” U.S. v. Opinca, supra.

Opinca and Turuta were arrested on August 4, 2010 at the Chase bank. U.S. v. Opinca, supra. Codreanu was arrested November 18. U.S. v. Opinca, supra.

Okay, sentencing: The opinion we’re dealing with is the judge’s “sentencing opinion”, which sets out the sentence he believed was appropriate when he wrote it on January 21, 2011. U.S. v. Opinca, supra. The opinion notes that the sentencing terms given in the opinion “are subject to modification at the sentencing hearing scheduled for January 25, 2011.” U.S. v. Opinca, supra. I don’t know if that sentencing went as scheduled; I can’t find any news stories about Opinca’s being sentenced, which may simply mean that it didn’t warrant that much press. . . .

The judge began his discussion of Opinca’s sentencing by noting that under 18 U.S. Code §§ 1344 and 1349, “the maximum term of imprisonment is 30 years.” U.S. v. Opinca, supra. He also noted that she wasn’t eligible for probation, that the maximum fine he could impose was $1 million, and that Opinca “shall forfeit to the United States, pursuant to 18 U.S. Code § 1963, all property real and personal, involved in the offense or traceable to such property.” U.S. v. Opinca, supra.

The judge then calculated the “applicable offense level” under the Federal Sentencing Guidelines. U.S. v. Opinca, supra.

The guideline for a violation of § 1349 is found in § 2X1.1, which directs that the guidelines for the underlying offense (§ 1344) be utilized. The guideline for [§ 1344] . . . provides for a base offense level of 7 pursuant to § 2B1.1(a)(1).

As [Opinca] is responsible for a loss of $21,800, the offense level is increased by 4 levels pursuant to § 2B1.1(b)(1)(C). . . . A further increase of 2 levels is warranted because a substantial part of the fraudulent scheme was committed from outside the United States and the offense involved sophisticated means, pursuant to § 2B1.1(b)(9) (B).

Based on the [her] plea allocution, we believe [Opinca] has shown recognition of responsibility for the offense. Pursuant to § 3E1.1(a), the offense is reduced two levels.

Accordingly, the applicable offense level is 11.

U.S. v. Opinca, supra. The judge noted that “Opinca has no prior criminal convictions”, which gave her “zero criminal history points and a Criminal History Category of I.” U.S. v. Opinca, supra. (If you want to learn more about what all this means under the Federal Sentencing Guidelines, check out the Wikipedia entry on them).

The judge then found that based “on a total offense level of 11 and a Criminal History Category of I, the Guidelines range for imprisonment is 8 to 14 months.” U.S. v. Opinca, supra. He explained that the “minimum term of imprisonment” can be satisfied by

(1) a sentence of imprisonment; (2) a sentence of imprisonment that includes a term of supervised release . . ., provided that at least one month is satisfied by imprisonment. . . ; or (3) a sentence of probation. . . .

U.S. v. Opinca, supra. As I noted earlier, Opinca wasn’t eligible for probation, so her sentence had to include imprisonment and/or supervised release. After considering the letter from her lawyer “and accompanying character letters,” the judge “consider[ed[“ that Opinca “is a `well-liked’ person who has a history of good behavior, and whose misconduct appears to be an `aberration.’” U.S. v. Opinca, supra (quoting a letter).

He therefore sentenced Opinca to “4 months’ imprisonment and 3 years’ supervised release.” U.S. v. Opinca, supra. Her supervised release came with three conditions:

Opinca shall (1) not commit another federal, state, or local crime; (2) not illegally possess a controlled substance; (3) not possess a firearm or destructive device; and (4) cooperate in the collection of DNA as directed by the probation officer. The mandatory drug testing condition is suspended due [sic] [Opinca’s] low risk of future illicit drug use.

U.S. v. Opinca, supra. He waived a fine because it “does not appear that” Opinca “is able to pay a fine”, imposed a mandatory special assessment of $100 and ordered her to forfeit her interest in the $21,800 to the U.S. U.S. v. Opinca, supra.

What do you think: Too much? Too little? Just right?


JW said...

I actually think it's just right. I suspect most people would think it's not enough, but I think that's a result of the inflated jail terms.

I think that the mandatory maximum jail time for a first-time, non-violent offender should be one year. Seriously. Kiddie porn possession? One year max. Fraud? One year max. Drug possession? One year max. Illegal firearm? One year max.

Then ramp it up if they do it again. We need to give people (like Zeus) a chance to change. Spending more than a year in prison changes a person in a bad way, IMHO.

Anonymous said...

I totally agree, I think the judge was fair enough.

James said...

Fair with sentencing although if here on a fake passport and not a citizen then I think deportation should also be on the table.

Cyber Crime said...

The Judge's decision is appropriate. If I were in his place, I would also sentenced him to death for such a fraudulent activity. what he did is just too much and what the judge did is just right