OSI works with U.S. Postal Inspection Service to catch cyber criminal

  • Published
  • By Mr. James C. Dillard
  • Office of Special Investigations Public Affairs
OSI HQ QUANTICO, Va. --  Criminals work their mischief where there is money to be gained, and in a world that relies heavily on the Internet, identity thieves are working overtime to find new and creative ways to steal.

That was the case with Mr. Rene Quimby, who was able to get his virtual hands on the identities of more than 16,000 people. For a while, his dishonest venture was extremely profitable - that is until the Air Force Office of Special Investigations began investigating his online activities.

This was a joint case between OSI Detachment 118, AAFES, Dallas, Tex., OSI Detachment 810, Los Angeles Air Force Base, Calif., and the U.S. Postal Inspection Service Identity Theft Economic Crimes Task Force. Two CID detachments and four local police departments were also involved.

Mr. Quimby found vulnerability on the AAFES Web site and was also able to illegally obtain credit card financial information, along with other personally identifiable information via peer-to-peer software. His victims were from all over the world.

His victims were primarily people who allowed "all" files to be shared via the file-sharing programs. Mr. Quimby conducted keyword searches for "passwords," locating text files and Word documents his victims had saved on their computers. He was also able to download and extract copies of check images, photo copies of driver's licenses, Social Security cards, passports, and recall rosters from military bases that were also on the computers.

The investigative team learned that Mr. Quimby had the fraudulently-ordered merchandise sent to vacant, dead-drop, and other locations controlled by organized crime (Mexican Mafia) in southern California.

The AAFES merchandise, including computers, washing machines, iPods, pools, books, stereos, etc., was fenced by members of the Mexican Mafia.

SA Keith Ide took the lead on this investigation the first day he arrived at Det. 118 in July 2007. In Fall 2007, he flew to California, to discuss the case with Det. 810 and helped set up the task force to assist in the investigation. He also worked to get the U.S. Attorney's Office in Central California on board with the investigation. SA Ide later sent the case to the USAO in the Northern District of Texas, a little closer to home.

"I testified to the Grand Jury to get Quimby indicted and served the warrant with Det. 810, USPIS and the Secret Service, and arrested Quimby in February 11 in Southern California," SA Ide said.

During their investigation, they discovered that Mr. Quimby logged onto retail Web sites (primarily AAFES), using the personally identifiable information from his victims. He manilupated existing accounts and opened new lines of credit using 647 of the 16,000 identities to place hundreds of thousands of dollars in fraudulent orders on the AAFES Web site.

When he reached credit limits, he simply used the routing and account numbers on the copies of checks he downloaded to place fraudulent Automatic Clearing House payments to "pay off" the Military STAR Card accounts, allowing him to free up credit and continue his scheme until the payments bounced.

SA Ide said when you run a credit card/ID theft investigation, you are effectively running two cases simultaneously.

First, you look into where the source of the compromise of victims' PII; i.e. was it a technical exploit such as someone hacking into an ATM or was it a human exploit where someone obtained the PII and conducted account take overs and opened new lines of credit. Secondly, investigators must find what the subject did with the PII once they got it.

SA Ryan Himes came on the case at Det. 118 in August 2007 and began working with SA Ide on the investigation.

"The case was very challenging from the get-go," SA Himes said. "I have never dealt with a financial crimes case in the past, and the numbers associated with this case were a little overwhelming to begin with. As the case went on I got more comfortable with the numbers. I got to the point where I could tell if the IP address was in the same location, if the credit card number was Visa/Master Card/Discover/STAR card, and if the address was near any of the original addresses without even looking the information up."

In May 2010, SA Himes, SA David Gilmer, and USPIS interviewed Mr. Quimby, who not only confessed, but gave permission to seize his computers.

Mr. Quimby had 132 gigabytes of victim data on his computer and OSI agents had to figure out a way to organize and identify chargeable conduct within the vast amount of data. They sent Mr. Quimby's hard drive to the 3rd Field Investigations Squadron cyber office, where Tech. Sgt. Richard Shepard worked for more than four months organizing data from Mr. Quimby's hard drive. Ms. Stacey Patterson at OSI Headquarters was also involved with organizing the hard drive.

"Once we had the data/victim PII organized, we sent the organized hard drive to ICON to identify victims, financial accounts, credit cards, SSNs, names, dates of birth, etc. in order to determine levels for sentencing purposes," SA Ide said. "ICON also had to research all of the victims and compile a list of primary victims in order to notify all of them."

ICON also coordinated with the USPIS, because they are the only agency that has automated access to the victim notification system that the USAO uses.

"In this way, all 647 primary victims could be automatically notified," SA Ide said. "This was crucial because we could not indict Quimby without first identifying and notifying all of the victims."

SA Ide said the process of analyzing, organizing, identifying, researching and uploading took an entire year.

U.S. Postal Inspector Noah Thompson worked closely with OSI throughout this investigation. He is assigned to the USPIS sponsored Identity Theft Economic Crimes Task Force.

"I worked directly with all of the OSI agents in developing leads to identify the perpetrator of the AAFES scheme by doing things such as subject interviews, surveillance, law enforcement liaison, probation searches, various other investigative techniques, and finally arresting Quimby," SI Thompson said. "At the beginning of the case there was a lot of data that we had to sift through from AAFES - SA Ide and SA Himes particularly did a great job on getting their arms around the data and being able to organize it so everyone could get a clear picture of what was happening."

SA David Gilmer, Det. 810, worked with PI Thompson on developing leads targeting the California connection, identifying the subject, conducting the subject interview, and coordinating the search where the key evidence was seized. He also coordinated and participated in Mr. Quimby's arrest and initial arraignment.

"I believe this case was truly a team event," SA Gilmer said. "A lot of parts came together because we kept going in the face of adversity and picking each other up until we finally locked the right target."

For his cyber crimes, Mr. Quimby was sentenced by a U.S. District judge to 75 months in federal prison and ordered to pay $210,119 in restitution to AAFES.