eBay scammer steals identity of special agent investigating him

He might get 20 years to boast about that one

A cybercriminal who ran a mere eBay scam became a more significant collar for the US Department of Justice after he successfully stole the identity of the special agent investigating him.

Rohit Jawa, 25, has pleaded guilty to eight counts of wire fraud, and one count of stealing a special agent's identity which he then used to fraudulently gain access to privileged law enforcement databases – from which he stole the personal identifying information of multiple victims.

According to court documents, Jawa's mischief began in January 2013. He controlled "a set of at least 19 eBay and 18 PayPal accounts ... engaged in a scheme to defraud eBay buyers and eBay's third-party parcel insurance company".

Investigating these fraudulent accounts, agents from the United States Postal Service's Office of the Inspector General (USPS OIG) obtained search warrants to dig into the email addresses. These were hosted by 1&!1 Mail and Media, a provider which lets users register multiple addresses under a single account.

The agents found "numerous conversations where buyers reported to the seller that they had not received a purchased item, despite Postal Service tracking history showing the item had been delivered."

In the case of insured parcels, the seller would file a claim with eBay's third-party insurance company, using the tracking history as evidence the Postal Service had lost the parcel – or it had been stolen. For uninsured parcels, the seller would use the tracking history to prove to eBay he had shipped the purchased item to the buyer, causing eBay to decide disputes in his favour.

Other messages in those accounts contained Postal Service tracking numbers for parcels the seller had sent, supposedly using eBay-generated Postal Service shipping labels, but which the buyer claimed to have never received despite Postal Service tracking history showing the parcel had been delivered.

As customers on eBay/PayPal are only provided with the five-digit ZIP code of where a package was delivered, if a shipping label address is changed to a different address within the same ZIP code, this creates a tracking history that makes it appear as if the Postal Service has delivered the package to the expected destination, rather than an unrelated address within that local area.

Agents found irregularities comparing the destination addresses eBay provided to the Postal Service, with the addresses on the labels as seen by the Postal Service's mail processing equipment.

"A seller can then use this legitimate-looking tracking history to convince eBay, a buyer, or an insurance company that he sent the purchased item to the buyer, when he actually mailed an empty box to a random address in the same ZIP code to generate tracking history," the agents said.

Special Agent John Watson stated in his affidavit in support of the criminal complaint, that in his "training and experience, this kind of manipulation of a shipping label is a strong indication of fraud."

OpSec 101

Identity theft

A victim of this fraud scheme complained to the Postal Service about his missing parcel. His complaint eventually reached a USPS OIG special agent, who began looking into it as an incident of mail theft by a Postal Service employee.

Corresponding with the seller via one of the 1&1 email addresses, the agent requested additional information about the missing parcel – doing so quite explicitly as a special agent, not suspecting any criminality on the part of the seller.

Jawa, the seller, then requested the agent provide him with a copy of his credentials as verification of his identity, which the OIG agent did.

Two days later after receiving this information, the FBI received a request using the special agent's identity with a secondary email address registered to 1&1.

This was for an account with Law Enforcement Online, a web portal which provides access to criminal intelligence and other highly privileged information for law enforcement officials. A day later, someone purporting to be the special agent phoned FBI tech support and successfully obtained a temporary username and password for that account.

Using the @leo.gov email which came with the LEO account, Jawa then corresponded with several police forces requesting accounts be made for him on their internal services. Although he was only successful in one instance, he then exploited this access to obtain sensitive personal information on at least nine people, including the special agent.

These nine subsequently had fraudulent eBay, PayPal, and other financial accounts opened using their identities.

Jawa, who is an Indian national, was indicted by a federal grand jury on 13 August 2015. He faces a mandatory minimum of two years in prison and a maximum penalty of 20 years. He will be sentenced on 12 February 2016. ®

Narrower topics

Other stories you might like

  • FBI, CISA: Don't get caught in Karakurt's extortion web
    Is this gang some sort of Conti side hustle? The answer may be yes

    The Feds have warned organizations about a lesser-known extortion gang Karakurt, which demands ransoms as high as $13 million and, some cybersecurity folks say, may be linked to the notorious Conti crew.

    In a joint advisory [PDF] this week, the FBI, CISA and US Treasury Department outlined technical details about how Karakurt operates, along with actions to take, indicators of compromise, and sample ransom notes. Here's a snippet:

    Continue reading
  • Man gets two years in prison for selling 200,000 DDoS hits
    Over 2,000 customers with malice on their minds

    A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.

    A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.

    Gatrel, was convicted of owning and operating two websites – DownThem.org and AmpNode.com – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.

    Continue reading
  • World Economic Forum wants a global map of online crime
    Will cyber crimes shrug off Atlas Initiative? Objectively, yes

    RSA Conference An ambitious project spearheaded by the World Economic Forum (WEF) is working to develop a map of the cybercrime ecosystem using open source information.

    The Atlas initiative, whose contributors include Fortinet and Microsoft and other private-sector firms, involves mapping the relationships between criminal groups and their infrastructure with the end goal of helping both industry and the public sector — law enforcement and government agencies — disrupt these nefarious ecosystems.  

    This kind of visibility into the connections between the gang members can help security researchers identify vulnerabilities in the criminals' supply chain to develop better mitigation strategies and security controls for their customers. 

    Continue reading
  • Interpol anti-fraud operation busts call centers behind business email scams
    1,770 premises raided, 2,000 arrested, $50m seized

    Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe.

    In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.

    Among the 2,000 people arrested in Operation First Light 2022 were call center operators and fraudsters, and money launderers. Interpol stated that the operation also saw 4,000 bank accounts frozen and 3,000 suspects identified.

    Continue reading
  • Capital One: Convicted techie got in via 'misconfigured' AWS buckets
    Assistant US attorney: 'She wanted data, she wanted money, and she wanted to brag'

    Updated A former Seattle tech worker has been convicted of wire fraud and computer intrusions in a US federal district court.

    The conviction follows the infamous 2019 hack of Capital One in which personal information of more than 100 million US and Canadian credit card applicants were swiped from the financial giant's misconfigured cloud-based storage.

    Paige Thompson (aka "erratic") was arrested in July 2019 after data was leaked between March and July of that year. The data was submitted by credit card hopefuls between 2005 and early 2019, and Thompson was able to get into Capital One's AWS storage thanks to a "misconfigured web application firewall."

    Continue reading
  • Former chip research professor jailed for not disclosing Chinese patents
    This is how Beijing illegally accesses US tech, say Feds

    The former director of the University of Arkansas’ High Density Electronics Center, a research facility that specialises in electronic packaging and multichip technology, has been jailed for a year for failing to disclose Chinese patents for his inventions.

    Professor Simon Saw-Teong Ang was in 2020 indicted for wire fraud and passport fraud, with the charges arising from what the US Department of Justice described as a failure to disclose “ties to companies and institutions in China” to the University of Arkansas or to the US government agencies for which the High Density Electronics Center conducted research under contract.

    At the time of the indictment, then assistant attorney general for national security John C. Demers described Ang’s actions as “a hallmark of the China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.” The DoJ statement about the indictment said Ang’s actions had negatively impacted NASA and the US Air Force.

    Continue reading

Biting the hand that feeds IT © 1998–2022