The Kinko's Caper: Burglary by Modem
Source: The New York Times
By Lisa Napoli
Date: August 07, 2003
A Kinko's store in Manhattan where cybertheft occurred.
On a steamy summer day, the 16-story apartment building on Kissena Boulevard in Flushing, Queens, hardly looks like a place where Secret Service agents would show up with a search warrant, and later for an arrest. Women trudge from the bustling markets just two blocks away, children and bags in tow^; elderly couples sun themselves on park benches. Nothing about the quiet, neatly kept grounds suggests a crime scene.
But when computers are the weapons and the victims are far from sight, it is easy to operate quietly and, for a while at least, undetected. And that is how, for almost two years, Juju Jiang used an arsenal of computers in his bedroom on the 14th floor - in an apartment he shared with his mother - to break into others.
According to the federal agents who prosecuted him, Mr. Jiang had unwitting help from his victims: customers at Internet terminals at 13 Kinko's copy shops in Manhattan entered personal information that he gathered with software he had installed there to capture their every keystroke.
Mr. Jiang, 25, pleaded guilty last month to computer fraud and software piracy. Had one target not heard his home computer inexplicably come alive late one night last fall, there is no telling how long Mr. Jiang might have gone on with his scheme - and even then, he was not finished trying. Agents say 450 people were ultimately victimized, with Mr. Jiang breaking into a number of their bank accounts, opening new ones with their data or selling that data on the Internet.
Now Mr. Jiang, who immigrated from China at 16, sits in custody awaiting sentencing, an audacious if ultimately clumsy predator in the immeasurable world of cybercrime. "It's one of those things that's so - for lack of a better word - easy, and so prevalent," said Shannon Zeigler, a spokesman for the Secret Service, which after 9/11 was given an expanded role in investigating computer fraud.
The source and extent of Mr. Jiang's computer knowledge are not clear. He was enrolled as an engineering major at Penn State from 1996 to 1998. A doorman at his Queens building said Mr. Jiang described himself as a consultant. In any case, Mr. Zeigler said, "if you know how to maneuver a computer, there are ways to kind of get into areas to do things you probably shouldn't be doing."
That is putting it lightly, as the man identified in court documents as Victim 1 knows only too well. In a telephone interview with a reporter - the call was put through by the Secret Service to shield the man's identity, which neither they nor the victim would disclose - Victim 1 recounted how he came to detect a cyberburglar in his home.
He had just finished watching the movie "Rocky" one night last October. And as he was winding down with a little channel surfing after midnight, he heard his laptop activate across the room.
"I thought it was my antivirus software running, and I kind of ignored it," he said.
After a few minutes, he realized that software does not make the sort of noise he was hearing. Curious, he walked over to the computer and watched as the mouse moved around the screen, opening up files and searching, as if they were dresser drawers that might harbor cash.
A few weeks earlier, Victim 1 had signed up for a $179-a-year service called GoToMyPC, which gives users remote access to their own computer desktops. Instantly, he wondered if that might be the tool by which this ghost was casing his hard drive.
Like a determined sleuth, Victim 1 resisted the urge to stop the rogue cursor, and instead watched it move.
"I sat there as this person opened my CV, and some documents in other files, and got my Social Security and credit card numbers," he said. They were easy to get: Victim 1 had them stored on a desktop organizing program. Armed with the data, the phantom user dialed up a bill-paying service called Neteller and opened an account in Victim 1's name.
The virtual intruder's next stop was the Web site for American Express. There, Victim 1 saw his credit card information being entered on the screen.
And that, he said, is when he intervened, grabbing control of the computer by touching the mouse and, in essence, shooing the intruder away. "As soon as I did it, he disappeared," Victim 1 said.
But the man known as Victim 1 did not drop the incident. He called 24-hour customer support for GoToMyPC, a product of ExpertCity of Santa Barbara, Calif.
Original article at: http://www.nytimes.com/
^macro[showdigestcomments;^uri;The Kinko's Caper: Burglary by Modem]