US Prosecutor Urges Crack Down on 'the Scourge of Online Scams'

Last month America's Federal Bureau of Investigation released its annual report on internet crime, which a former federal prosecutor bemoans as "another record year." The bureau received 791,790 complaints of "internet-enabled crime" in 2020 (a 69 percent increase over the prior year), representing over $4.1 billion in reported losses (a 20 percent increase). These complaints included a wide array of crimes, such as phishing, spoofing, extortion, data breaches, and identity theft. Collectively, they represent further evidence of the Justice Department's long-running failure to effectively pursue internet fraud.

Since the start of the pandemic, the scope and frequency of this criminal activity has become noticeably worse. Online fraudsters have stolen government relief checks, sold fake test kits and vaccines, and exploited the altruistic impulses of the American public through fake charities. But the broader failure has wreaked incalculable harm on the American public for years, including those in our most vulnerable and less tech-savvy populations, like senior citizens. The FBI's most recent report makes it clear that the government needs to dramatically step up and rethink its approach to combating internet-based fraud — including how it tracks this problem, as well as how it can punish and deter these crimes more effectively going forward...

One major reason that internet fraud remains such a persistent and vexing problem is that the Justice Department has never made it a real priority — in part because these kinds of cases are not particularly attractive to prosecutors. Victim losses on an individual basis tend to be relatively small and widely dispersed. A substantial amount of this crime also originates abroad, and it can be hard and bureaucratically cumbersome to obtain evidence from foreign governments — particularly from countries where these scams comprise a large, de facto industry that employs many people. It is also far more challenging to find and secure cooperating insider witnesses when the perpetrators are beyond our borders. And even under the best of circumstances, the large body of documentary evidence that fraud cases involve can be exceedingly difficult to gather and review. If you manage to overcome all of those obstacles, you may still end up having to deal with years of extradition-related litigation before anyone ever sees the inside of a courtroom. Making matters worse, much of the press does not treat these cases as particularly newsworthy — itself a symptom of how routine internet fraud has become — and prosecutors like being in the press...

[T]ime is not on our side. This is a problem that will continue to metastasize — including in new and unpredictable ways — unless and until the federal government dramatically steps up its enforcement efforts.

security standards for insurance

[OrangeTide]

There needs to be some minimum standards for security processes before a business can receive liability insurance. The only way you'll get change in the business world is to give them two option; of either paying a little or paying a lot.

Re:security standards for insurance

[nnull]

We need law enforcement to actually do their jobs. I had an attempted phising incident with my accountant. I was able to trace back and locate the fraudster as they use empty homes as mail drop off points. I then handed the FBI and local law enforcement the actual address to the fraudster.

Guess what? They don't care. They don't even care if a million dollars was swiped off your business accounts. They're "too busy". Meanwhile, the fraudster continues to pester all my people, despite me blocking all the domains he registers. Do we need better security? Yes. But we also need law enforcement to do their due diligence or vigilante justice will happen (It would probably be cheaper for me to hire a hitman overall).

Re:security standards for insurance

[jonwil]

Law enforcement are too busy seizing assets from innocent people under "Civil Asset Forfeiture" to deal with something like this...

Re:security standards for insurance

[Gavrielkay]

They say reward the behavior you want to encourage. Civil forfeiture rewards them going after addicts and small time dealers because they can't afford lawyers to fight the seizure. We need to change the reward structure if we want to change the behavior.

Re:

[Anonymous Coward]

Law enforcement are too busy seizing assets from innocent people under "Civil Asset Forfeiture" to deal with something like this...

It's fascinating that this continues, as numerous people have pointed out that it is illegal. I suppose it's indicative of just how deep the corruption is and how bad the ethics problems are in US law.

The dual rights to ethical practice of law and ethical government can both be asserted under the 9th and 10th Amendments, as fundamental rights 'retained by the people' (9th Amendment) and 'reserved to' the people (10th Amendment). These are two of the most fundamental rights - really universal and inalienab

Re:

[bloodhawk]

because an attempted phishing incident will be extremely difficult to successfully prosecute. They could just claim they are security professionals and were looking to show you the weaknesses in your system (yes still illegal but gets very difficult to do much about it). The sad reality is until you actually become a victim you are simply not worth the time and cost.

Re:

[Anonymous Coward]

no. "Defund the police" never happened.

This is what spending all their money on tanks and tactical gear, not on actually policing got us.

Re:

[groobly]

Law enforcement -- and ALL government organizations -- do not respond to average people. They only respond to what comes from above, and ultimately, that is the politicians. Don't expect law enforcement to do anything where there isn't a political reason for politicians to tell them to. So far, internet crime has not affected any elections to my knowledge.

Re:

[Lije Baley]

A) This seems kind of off-topic, at least by my read of the summary which talks about small, individual cases, and not something a person or small business would be insured for.
B) Thinking about your point anyway, I can't imagine that insurance companies are going to offer any protection that's designed to lose them money. Their actuaries will rationally work out the odds and potential losses, and price their products appropriately. Some may indeed require certain standards to be met for a certain price p

Re:

[rtb61]

The reason why they fail to pursue is because so much of it ends up offshore with no one to prosecute. So if the USA and Russia and China and the EU sign of a cybertreaty to crack down on cracking of networks and fraud and work to prosecute the individuals no matter where they are. Everyone will more readily pursue those cases and especially things like Americans using Russian serves to attack other Americans. The USA has been blocking the treaty because the corrupt three letter agencies want to keep commi

Don't stop there

[sjames]

Also nail the many scammy robocallers and other phone based scams and spam. It's actually reached a sufficient volume that the scam calls outnumber legitimate calls for many people. The phone is becoming useless as a means for legitimate communication.

That looks to me like a complete failure. Perhaps they should divert 10% of the budget burned for the war on some drugs into stopping scams.

Sorry it's not as much fun as busting down doors and hitting homes with assault weapons, but most people's jobs have less glamorous scut work and they're expected to do it anyway.

Re:

[Anonymous Coward]

It's actually reached a sufficient volume that the scam calls outnumber legitimate calls for many people.

I know people for whom this was true twenty years ago. It's not just the calls, unwanted junk mail vastly exceeds legitimate mail and has for a long time.

It's fascinating how incompetent government is on these issues. I suppose the politicians are too busy counting their bribe money aka 'campaign contributions' to do their jobs.

Gotta love the combination of deeply entrenched corruption and massive legal ethics problems.

Re:Don't stop there

[EvilSS]

This please. I've seen a huge uptick in scam calls and texts the last month. Seems like every time they bust one we get a tiny lull and then someone else hops in to fill the gap. Start by fining VOIP to PTSN gateway services that the scammers use if they can't positively identify their "customers" to law enforcement. If the cops come with a warrant, they should be able to provide the legal entity who made a call (or 100,000) on their gateways. It amazes me that with all the "know your customer" bullshit they have these days they let that one slide right by.

Also force the phone companies to stop allowing their customers (like the aforementioned PTSN gateway providers) to set outbound caller IDs to numbers not assigned to that customer's account. It's 2021, you can't tell me they can't find a way to code that into the switch software if properly motivated.

Re:

[tlhIngan]

This please. I've seen a huge uptick in scam calls and texts the last month. Seems like every time they bust one we get a tiny lull and then someone else hops in to fill the gap. Start by fining VOIP to PTSN gateway services that the scammers use if they can't positively identify their "customers" to law enforcement. If the cops come with a warrant, they should be able to provide the legal entity who made a call (or 100,000) on their gateways. It amazes me that with all the "know your customer" bullshit the

Re:

[EvilSS]

Warrants don't even matter - the gateway companies gladly sign up newcomers in 5 minutes with fake name and address - it's basically just show us a credit card, and prepaid cards cover this.

That's where the fines come in. Slap a few of them with 6 or 7 figure fines and watch how much more selective they are about their customers.

Re:

[stoatwblr]

It's even easier than this.

Telcos get revenue for terminating calls. Make the terminating telco jointly and severally liable for forged CLID calls and the problem will stop cold in a week

Re:

[kaatochacha]

This, exactly this.
"Mr. Phone Business, you were paid to service this scam call we have identified? Here's your fine. We have also determine it was done to 20,000 people So multiply that fine by 20,000."

Re:

[LostMyAccount]

Everything is a scam in America. The backbone of American commerce is a sleazy and deceptive sales pitch. Try to buy anything that you can't just literally pick off the shelf but have to deal with a salesperson to buy. They will try and scam you with extended warranties at a minimum and guaranteed there is no "price" but some fantasy "list price". And then if its something which involves financing, look out again because there's another scam situation of front-loading loans and bogus fees.

You can't enfo

Re:

[sjames]

Even the things you can just pick up off the shelf are loaded with scam. Four different brands in shiny packaging with competing claims of being the best, all made on the same production line in China. Then there's "warranties" that cost more in shipping and time than just throwing the thing away and buying another.

ISPs

[Retired Chemist]

Most of the scams I get are either from someone's hijacked account or an obviously bogus account created by a bot. So lets hold people accountable. If your computer is taken over by a botnet because you are not running basic security software, you should be liable. It comes with the operating system now. And stop bots from creating email ids and sending messages. Every email id should be connected to a verifiable human identity, who can be held responsible for it. Do that and 90% of the problem with g

Watch out Gwyneth.

[richy freeway]

They're coming for you.

Re:

[account_deleted]

Comment removed based on user account deletion

Get rid of the criminals

[quonset]

If a woman can track down Osama bin Laden in the middle of nowhere so he could be whacked, it shouldn't be that difficult to track down Rajesh or Bob who keep scamming people since the money has to go somewhere.

Follow the money, find the criminals, get rid of the criminals.

Re:

[hyades1]

A public access database that thoroughly doxxed the bastards would be just lovely. Leave the legal end of the matter to any vigilante with the means and the bloodlust to hold them accountable.

Is It "Broken By Design"?

[ytene]

The post of US Attorney or District Attorney is typically an elected office - meaning that the post-holder has to be, at least to a certain degree, some sort of "political animal".

Given the way that society expects that "success breeds success", what ends up happening is that a successful lawyer becomes a successful prosector and then a successful DA. Sooner or later, however, their desire to impact society through the courts is going to give way to the desire to impact society through governance, which is probably why we see so many lawyers enter politics.

With this backdrop, we can then see that prosecutorial decisions are going to be taken in this wider context. No up-and-coming prosecutor, and most certainly no ambitious District Attorney or US Attorney is going to want a less-than-flawless prosecution record.

No. They are going to want to be seen to go after high-profile, high-impact cases. But that also means that those prosecutorial decisions are not going to be made "blind" (i.e. justice is supposed to be "blind"), but on the basis of "Will it look good for me if I win this case? Do the potential benefits for me personally out-weigh the risks?"

Where this is successful, you see capable lawyers becoming capable DAs and going on to positions as Mayors, Congressional Representatives and Governors. Where it goes wrong, you see not only travesties of justice, but complete and unmitigated disasters. As happened with Carmen Ortiz, who prosecuted Aaron Swartz, increasing charges against him from 4 felony counts to 13, making it that much harder for him to secure a dismissal - and guaranteeing that he would be unable to stand for public office. When that went horribly, tragically wrong - Rest in Peace, Aaron - Ortiz came out with a statement saying that "of course" neither she nor her office intended to press the full spectrum of charges against him. Which clearly explains why that was exactly what she was threatening him with before trial.

Ultimately, then, I think the risk to society at large might come down to some fairly basic "design decisions"... including the way that our system of justice sets about making prosecutorial decisions [for example by assigning that authority to an elected and politically-motivated individual, rather than any form of board or panel or representative sample of society] coupled with the way that the same system grants them such sweeping authority as to make these decisions without pretty much any oversight at all... [except for an often AWOL "Main Justice"].

So while I think that it might benefit society if the Justice system were to "crack down on the scourge of online scams", I think that first the Justice system needs to ask itself why it isn't doing that already, to recognize where that system of Justice is flawed, and to fix the flaws.

If we don't do that, then we're just treating the symptoms, not the cause. Justice will remain broken, with yet another band-aid over yet another wound.


Footnote: One of the other things we've seen just recently is what happens when an Attorney General becomes influenced by the person that appointed them. The structural challenges in justice go all the way to the top... There needs to be a more independent, less partisan way of linking governance to justice. We're a long, long, long way short of that right now.

Re:

[ImprovOmega]

US Attorneys are not elected officials, they are appointed by the executive branch of the Federal Government. That's nationwide. You are correct that most District Attorneys are elected officials though, but they tend not to prosecute banking and financial crimes as those usually fall under federal jurisdiction.

One of the reasons the US Attorney for the Southern District of New York is the main guy for prosecuting many financial crimes is that his/her/their jurisdiction covers Wall Street, so they prosec

Maybe they'll act when more hospitals go down

[rapjr]

and banks and factories and ISP's due to ransomware. There has been almost no effort to protect individuals directly and as a result individuals are now the main channels for attacks on all the "more important" systems via social engineering and third party attack routes. The CEO's kids and family and the CEO herself are now a big risk to the corporation as are the outsourced janitors, outsourced HVAC crew, outsourced maintenance crews, etc. Ransomware is already causing big problems and large costs and

transformational technical invention needed

[AmusingClown]

Anybody have some spare genius in their pocket, or serendipity they can muster up?
I agree with the assessment that Prosecutorial system Structural and Motivational challenges are a big part of this situation, but even with changes, there exists all the other complications described.
Some transformational technical invention is going to be needed.

Not just a USA problem

[stoatwblr]

Law enforcement across the world are treating this as "too hard" and criminals are laughing all the way to the bank as a result

The problem is that if people turn to vigilante justice things could get very very nasty, very quickly