Online crime charges denied
Source: Pioneer Press
By Lisa Donovan
Date: January 15, 2004
Talk about hush money.
Last October, Richfield-based Best Buy received an e-mail from one "Jamie Weathersby," who notified the company of a security glitch on its Web site, www. bestbuy.com, authorities say.
Perhaps, Weathersby wrote, he and the electronics giant could work something out.
In additional e-mails, Weathersby spelled out the deal: Best Buy needed to fork over $2.5 million or he would go public with the security breach, spelling out how to penetrate the Web site, even posting the names and credit card numbers of customers who made their purchases online. To make matters worse, he said he was going to do it right on Best Buy's Web site.
An investigation, which was aided by a computer-tracing technique, led authorities to a 25-year-old Mississippi man named Thomas E. Ray III, who allegedly used the name Jamie Weathersby to do his business with Best Buy.
On Tuesday, Ray was in Minneapolis to make his first appearance before U.S. Magistrate Judge J. Earl Cudd in a case that authorities are calling one of the first "cyber-extortion" investigations in this area. Ray pleaded not guilty to the two felony extortion charges filed against him last month^; he is free on $10,000 bond and probably will return to his hometown of Jackson, Miss., authorities said.
Neither Ray nor his Minneapolis-based attorney, Rick Petry, could be reached for comment.
Authorities are convinced they've got the right man and U.S. Attorney Thomas Heffelfinger points to a cooperative effort between the public and private sectors for unmasking this otherwise faceless attempted transaction.
Those parties include the Minnesota CyberCrime Task Force along with Best Buy, America Online and Netscape.
"The Ray case came about because Best Buy realized they were victimized, brought in the police and worked hand in hand to bring this guy in," Heffelfinger said. He stressed that there was no reason to believe the Web site had any security problems.
"We believe, obviously, the perpetrator's claim was without merit and we did extensive work on our systems that no customer data was compromised," said Dawn Bryant, spokesman for Best Buy.
Best Buy launched its own investigation using its own methods to track down the author after "Weathersby" sent his first message to the company on Oct. 16, informing them about the security glitch. Weathersby offered to enter a business relationship with the company and said "without your response, we are obligated to share the security hole with the public for their protection." The letter was signed Jamie Weathersby, IPC Corp.
A Best Buy employee responded to that e-mail saying Best Buy would be interested in learning more, but could not locate any information about IPC Corp.
The next day, a second e-mail arrived, along with a business deal: Best Buy shells out $2.5 million or Weathersby goes public with the security problem. In a later note, he would set a deadline of Oct. 24.
By then, federal authorities were on the trail. They were getting permission from the courts to use a specialized e-mail device — called the Internet Protocol Address Verifier — to track down the author. Typically, with the help of an Internet service provider and the IP address, authorities can find the author.
Investigators in this case would say only that the IP address led them to Ray.
The case is somewhat unusual, but not unique, authorities say.
"We're seeing more and more cyber-crime, but I think this is one of the first cyber-extortion cases I can recall," Heffelfinger said.
The Internet Crime Complaint Center, a venture of the FBI and the National White Collar Crime Center, counted 120,000 complaints nationwide in 2002 — the most recent statistics available.
Asked whether Ray is suspected in any other cases, Heffelfinger declined to comment.
^macro[showdigestcomments;^uri; Online crime charges denied]