20 COMPUTER FRAUD CASES

1. DR. GERLAD BARNES (IDENTITY THEFT)

A man currently serving a 12½-year sentence for impersonating a physician was sentenced
this morning to an additional 120 months in federal prison for posing as a doctor after
escaping from prison in 2000.

Gerald Barnes, 70, was sentenced on his fifth conviction of impersonating a doctor. The 10-
year sentence imposed by United States District Judge J. Spencer Letts in Los Angeles will
run consecutive to both the 12½-year sentence and a separate, previously imposed 2½-year
sentence for the escape. The prior sentences are not due to expire until June 2009.

Barnes, who was born Gerald Barnbaum, claims to have legally changed his name in the
1970s to Gerald Barnes, the name of a licensed physician who was practicing in Stockton,
California. After obtaining copies of Dr. Barnes’ school records and medical credentials, the
fake Dr. Barnes used the documents to obtain employment at numerous medical clinics and
offices in Southern California.

As part of today’s sentencing, Judge Letts ordered the defendant to stop using the name of
Gerald Barnes, finding no evidence that the defendant had ever legally adopted that name.

Barnes pleaded guilty in 1981 to involuntary manslaughter in connection with the death of a
29-year-old patient who died of complications from diabetes after being misdiagnosed by
Barnes. He was convicted again in 1984 and 1989 on state charges of grand theft and writing
fraudulent prescriptions. Upon each release from prison, Barnes resumed his impersonation
of Dr. Barnes.

In 1996, Barnes pleaded guilty to federal charges related to his ongoing impersonation of a
physician. Prior to his arrest by federal agents, Barnes had been employed as the medical
director of Executive Health Group, a Los Angeles clinic with a client list that included the
Federal Reserve Bank, the Federal Bureau of Investigation and a number of major
corporations. As a result of this conviction, Barnes was sentenced to 12½ years
imprisonment.

In August 2000, Barnes escaped from federal custody while being transferred from a prison
in Taft, California, to one in Marion, Illinois. He immediately returned to Los Angeles, re-
assumed the identity of Dr. Barnes, and obtained employment as a physician with Family
Medical Center, a clinic with offices in Los Angeles and North Hollywood. Barnes continued
working as a doctor, earning a salary of $10,000 per month, until he was arrested by United
States Marshals on September 27, 2000. Barnes was subsequently prosecuted in Illinois on
 federal escape charges, which resulted in the 2½-year sentence.

When he pleaded guilty to the most recent case in September 2003, Barnes admitted
impersonating Dr. Barnes to secure and maintain employment at Family Medical Center,
where he examined and treated patients and wrote numerous prescriptions for controlled
substances. Barnes also admitted using Dr. Barnes’ Social Security number and credit rating
to purchase merchandise, including a new Mitsubishi Eclipse purchased for over $25,000.
Barnes financed the entire purchase price and made no payments on the vehicle.

At today's sentencing hearing, Judge Letts described Barnes' case as "extraordinary," noting
that the defendant had been "incredibly successful" at portraying a physician, even at the age
of 66. Despite Barnes' request for leniency in light of his age and claimed health problems,
Judge Letts stated that he could not "in good conscience" impose anything less than a 10-year
sentence.

This case is the result of an investigation by the Federal Bureau of Investigation, which
received assistance from investigators with the California State Medical Board. The Drug
Enforcement Agency provided specialized expertise during this investigation.

2. LARA LOVE AND DAVID JACKSON (IDENTITY THEFT)

SANTA CRUZ — Lara Love and David Jackson were the “neighbors from hell.”

At least that”s how prosecutor Steve Drottar described the two, who were sentenced Wednesday to
a year in County Jail for a massive identity theft scheme that ensnared more than two dozen
victims — mostly neighbors and friends — in eight months last year.

The couple admitted to 30 counts of possessing others” identifying information, grand theft and
other charges. They each faced 24 years in state prison, but Judge Paul Marigonda gave them local
jail time, drug treatment and five years of supervised probation.

The judge called the case “a very tragic situation. … It”s the twin evils of controlled substance
addiction combined with identity theft.”

The couple and their children lived in a quiet Aptos hills neighborhood for about four years. About
a year ago they started stealing their neighbors” mail and pirating Internet access from the family
next door to establish phony accounts in others” names, according to the District Attorney”s
Office. Neighbors began noticing odd items arriving in the mail, checked their credit reports and
found accounts they had not opened.

The neighbors pooled information and called the Sheriff”s Office. By the fall, Love, 42, and
Jackson, 41, were in front of a judge facing a half-dozen charges each.
The judge released them on their own recognizance in October, and that”s when the crime spree
shifted into high gear, Drottar said.

The couple stole credit cards but left wallets behind in vehicles at a private school on Soquel Drive,
which at least one of their children attended. More mail was stolen. Charges — like a room at the
Seacliff Inn, purchases on amazon.com and charges to online gambling sites — added up. The total
amount of money scammed from people is around $15,000, according to Drottar.

ID theft is a serious problem in Santa Cruz County. The area ranked 16th in the country in ID theft
consumer complaints in 2008, according to the Consumer Sentinel Network Data Book published
by the Federal Trade Commission last month.

The case in court Wednesday didn”t differ drastically from a normal identity theft investigation,
Drottar said.

“This one”s not the most sophisticated one, but there”s certainly a lot of victims,” he said. “In
sheer volume of victims, these people did a lot of damage … in a very short period of time.”

Both Love and Jackson have admitted drug problems, and Drottar said sheriff”s deputies found
cocaine and heroin when searching their home. Deputies also recovered more than 50 pre-paid gift
cards worth thousands of dollars. The couple reportedly said they stole to feed their family.

In court Wednesday, the couple, dressed in street clothes, sat next to their court-appointed
attorneys. Neither Love nor Jackson addressed the 11 former neighbors who came to court to make
statements and watch the hearing, but through their attorneys said they were remorseful and hoped
to turn their lives around.

“She”s very sorry for her actions,” Love”s attorney, Jonathan Gettleman, said.

The two victims who addressed the court told Marigonda the crimes rocked their tranquil, close-
knit neighborhood where some had lived for 40 years.

“My view is these crimes are an assault on the community in which we live,” said Bryn Young,
whose family lived next door to the couple and befriended Love”s two teenage sons. “Your honor,
these are not faceless crimes.”

Denise Elerick, another neighbor, wept as she spoke about the loss of security she felt after her
family was victimized.

“Money can be replaced,” she said. “Trust, sense of safety in my home, joy and lightheartedness
— these things take time.”

To date, the couple has made $9,000 in restitution payments to the victims. They are banned from
entering the neighborhood for five years and the judge on Wednesday placed limits on their
Internet use and access to others” personal identifying information. They are also required to go
through drug-treatment programs and will be sent to state prison if they violate any of the court-
imposed terms, Marigonda said.
3. FREDERIC BOURDIN (IDENTITY THEFT)

*Circuit Judge of the Eighth Circuit, sitting by designation. **Pursuant to 5TH CIR. R.
47.5, the court has determined that this opinion should not be published and is not
precedent except under the limited circumstances set forth in 5TH CIR. R. 47.5.4.
UNITED STATES COURT OF APPEALS FOR THE FIFTH CIRCUIT
_______________________
No. 98-51227 _______________________
UNITED STATES OF AMERICA, Plaintiff-Appellee, versus FREDERIC BOURDIN,
a.k.a. Nicholas Patrick Barclay, a.k.a. Frederic Pierre Bourdin, a.k.a. Shedgin Guteyere,
a.k.a. Benjamin Kent, a.k.a. Jimmy Peter Manfred Morins, a.k.a. Shadjan Raskovic, a.k.a.
Marc Selopin, a.k.a. Thomas Wilson, a.k.a. Robin Morins, a.k.a. Arnaud Orions,
Defendant-Appellant.
________________________________________________________________
Appeal from the United States District Court for the Western District of Texas (SA-98-
CR-128-ALL)
_________________________________________________________________
November 19, 1999 Before DAVIS, JONES, and Magill*, Circuit Judges. EDITH H.
JONES, Circuit Judge:** On September 9, 1998, Appellant Frederic Bourdin pled guilty
to: 1) fraudulently obtaining a passport, in violation of 18 U.S.C. §1542; 2) perjury, in
violation of 18 U.S.C. §1621; and 3) possession of a fraudulent document, in violation of
18 U.S.C. §1546(a). On December 17, 1998, the district court departed upward from the
Sentencing Guidelines and sentenced him to 71 months of 1The district court also
imposed a three-year term of supervised release, a $10,000 fine and a $300 special
assessment. 2 imprisonment.1 Because the district court’s upward departure was
reasonable in light of the facts of the case, this Court affirms. FACTS In 1997 in Madrid,
Spain, Frederic Bourdin began representing himself as Nicholas Barclay, an American
boy missing since 1994. In the fall of 1997, Carrie Gibson, Nicholas Barclay’s sister,
flew to Spain to meet him. In October, Bourdin obtained a United States passport under
the name Nicholas Barclay, so that he could accompany Gibson to the United States. For
the next five months, Bourdin lived with Gibson and her family in San Antonio, Texas as
Nicholas Barclay. During the same period, FBI Special Agent Nancy Fisher began an
investigation as to whether Frederic Bourdin, as “Nicholas Barclay,” was actually
Nicholas Barclay. During the course of that investigation, Bourdin stated that he had been
rescued by a man named Jonathan Duran. Agent Fisher then spent numerous hours trying
to locate Duran. When she eventually asked Bourdin to do so for her, Bourdin pretended
to call Duran and then informed Agent Fisher that Duran did not want to talk to her. In
addition, Bourdin agreed to provide a blood sample only then to refuse after arriving at
the doctor’s office with Agent Fisher. On February 24, 1998, FBI employees obtained
Bourdin’s fingerprints in San Antonio and confirmed with Interpol records that he was
not Nicholas Barclay, but Frederic Bourdin. The documents provided by Interpol officials
indicated that Bourdin 3 used numerous aliases and had a foreign criminal history of
behavior similar to the behavior exhibited in this case. Bourdin was arrested on March 6,
1998. At sentencing, the district court determined that Bourdin’s offense level was 15 and
his criminal history category was I, producing a guideline sentence range of 18 to 24
months’ imprisonment. The court then departed upward 10 levels and imposed a sentence
of 71 months’ imprisonment. In doing so, the judge stated clearly that the departure was
based on the nature and extent of Bourdin’s continued obstructive behavior and the harm
he inflicted on various victims, particularly the family of Nicholas Barclay. It also stated
that it viewed all the reasons in the Government’s motion for upward departure, which
included the argument that a criminal history category of I did not adequately reflect the
criminal history that Bourdin deserved as a result of his criminal history in Europe, as
reasons to depart upwards. On appeal, Bourdin argues that the court’s 10-level increase
was unreasonable. Bourdin interprets the district court’s departure as based only on
Bourdin’s obstructive behavior and the harm to vulnerable victims. Because the departure
was greater than the increase afforded those factors under the guidelines the district court
analogized to, Bourdin argues that the increase was unreasonable. Bourdin further argues
that, because the district court did not clearly include the inadequacy of his criminal
history category in its oral statement describing its reasons for upwardly departing, this
Court cannot interpret the upward 4 departure as based also on the inadequacy of his
criminal history category. STANDARD OF REVIEW This Court reviews a district
court’s decision to depart from the Sentencing Guidelines for abuse of discretion. See
United States v. McKenzie, 991 F.2d 203, 204 (5th Cir. 1993). DISCUSSION The
district court may depart from the Sentencing Guidelines due to aggravating or mitigating
circumstances not considered or inadequately considered by the guidelines. See 18
U.S.C. §3553(b); U.S.S.G. §5K2.0. A departure from the guidelines will be affirmed if
the district court offers acceptable reasons for the departure and the departure is
reasonable. See United States v. Lambert, 984 F.2d 658, 663 (5th Cir. 1993). This Court
has upheld as reasonable departures that were over several times as much as the initial
guideline range, and has stated that “the mere fact that a departure sentence exceeds by
several times the maximum recommended under the Guidelines is of no independent
consequence in determining whether the sentence is reasonable.” United States v.
Roberson, 872 F.2d 597, 606 n.7 (5th Cir.), cert. denied, 493 U.S. 861, 110 S.Ct. 175,
107 L.Ed.2d 131 (1989). In this case, appellant does not contest that the district court
fulfilled prong one of the Lambert test. In any case, the district court clearly articulated at
least two acceptable reasons for an upward departure – Bourdin’s obstructive behavior
and the harm he inflicted on vulnerable victims. These reasons are analogous to U.S.S.G.
§3A1.1 and §3C1.1 and are thus 5 based on the policies underlying the Guidelines. See
United States v. Moore, 997 F.2d 30, 36 (5th Cir. 1993) (stating that a district court’s
 justification for departure from the initial guideline range must be based on the policies
underlying the Guidelines). Appellant focuses on prong two of the above test. Bourdin
argues that the district court acted unreasonably in imposing a sentence commensurate
with a 10-level increase, rather than the 4-level increase that the unavailable, but
analogous, guidelines provide. Although the use of analogous guidelines indicates that
the district court has articulated acceptable reasons for departure, the district court is not
constrained to impose an increase commensurate with that of the guideline. Bourdin’s
behavior was both egregious and well outside the heartland cases covered by the
guidelines. Thus, the district court acted within its discretion in departing upward 10
levels and imposing a 71- month sentence of imprisonment. Because we find that the
district court could reasonably have based its upward departure on Bourdin’s obstructive
behavior and the harm he inflicted on vulnerable victims, we do not reach the question
whether the district court also based its departure on the inadequacy of Bourdin’s
criminal history category. AFFIRMED.

4. PHISH PRY (PHISHING)

In 2009, the FBI called Operation Phish Phry the largest international phishing case ever
conducted. Hundreds of bank and credit card customers received official-looking emails
directing them towards fake financial websites. Victims entered their account numbers and
passwords into fraudulent forms, giving the attackers easy access to their private data.
The team behind the scam was highly organized. Then-director Robert Mueller used it as an
example of how large organized crime syndicates are indiscernible from nation-state actors when
it comes to ambitious, large-scale cyberattacks. There is just no way to know who the perpetrator
really is until after the investigation.
From the start, it was evident that Operation Phish Phry was a large-scale project. The FBI
ultimately charged more than 100 individuals, relying on cooperation from Egyptian national
security agents to capture nearly half of them outside United States’ territory.
The operation was relatively simple by today’s standards, but managed to pilfer about $1.5
million from hundreds or even thousands of bank accounts.

5. WALTER STEPHAN (PHISHING)

While Operation Phish Phry gives us the largest criminal organization dedicated exclusively to
email phishing, the story of Austrian aerospace executive Walter Stephan holds the record for
being the individual to lose the most money in history from a single scam – around $47 million.
During his tenure as CEO of FACC, which manufactures aircraft components for Boeing and
Airbus, cybercriminals faked Stephan’s email and demanded a lower-level employee to transfer
the enormous sum to an unknown bank account as part of an “acquisition project”.
FACC’s systems were not hacked. The attacker seems to have simply guessed Stephan’s email
correctly, created a look-alike spoof email address, and then targeted an entry-level accountant.
The employee immediately trusted the email and sent the wire. In the aftermath of the loss,
Stephan lost his position as CEO, FACC fired its chief financial officer, and the company
scrambled to retrieve the money – eventually recouping around one-fifth of the loss.
To avoid the fate of FACC, businesses need to empower employees to verify email
communication that appears to come from senior board members. That 30-second phone call
may be annoying, but it can save millions.

6. THE UKRAIN POWER GRID ATTACK (PHISHING)

The December 2015 Ukrainian power grid attack was a history-making event for a number of
reasons. It was the second time that malicious firmware was developed specifically for the
purpose of destroying physical machinery – the first being Stuxnet, used by the U.S. and Israel to
shut down Iranian nuclear centrifuges in 2009.
But unlike Stuxnet, the Ukrainian malicious firmware attack used email phishing as its
originating attack vector. It was also the first to use automated, scalable malicious firmware
updates so that a small team could disable multiple sites at the same time.
Russian cyberintelligence operatives had access to the power plant’s data and facilities for
months prior to the attack and carefully planned every stage of the attack for maximum effect.
The ability to write custom-coded malicious firmware for electrical power station nodes means
that once cybercriminals have access to a network, they can potentially override anything on it –
from printers and refrigerators to airplanes and airport comm towers.
This history-making cyberattack originated with a single mistake made by a power plant
employee. Comprehensive phishing protection and training could have prevented it entirely.

7. GOOGLE CHINA (HACKING)

When Google's Chinese headquarters detected a security breech in mid-December, it opened up a

whole can of worms (pun intended) implicating the Chinese Government.
Hackers had gained access to several Google’s corporate servers and intellectual property was
stolen.
In a blog, Google said it has “evidence to suggest that a primary goal of the attackers was
accessing the Gmail accounts of Chinese human rights activists”. As the company dug deeper,
they found numerous Gmail of users from US, China and Europe had been routinely been
accessed without permission. Those emails belonged to advocates of human rights in China.
All eyes darted towards the Chinese Government, which has been accused of flagrantly
disregarding human rights for years.
Google entered the Chinese market with www.google.cn in 2006 and capitulated to China’s
stringent Internet censorship regime. The cyberattacks in December 2009 resulted in the
company’s re-evaluation of its business in the country.
In March 2010, Google relocated its servers for google.cn to Hong Kong in order to escape
China’s Internet filtering policy.
 8. YAHOO (DATA BREACH)

Yahoo strikes $117.5 million data breach settlement after earlier accord rejected
(Reuters) - Yahoo has struck a revised $117.5 million settlement with millions of people whose
email addresses and other personal information were stolen in the largest data breach in history.

The proposed class-action settlement made public on Tuesday was designed to address criticisms
of U.S. District Judge Lucy Koh in San Jose, California. She rejected an earlier version of the
accord on Jan. 28, and her approval is still required.

Koh said the original settlement was not “fundamentally fair, adequate and reasonable” because
it had no overall dollar value and did not say how much victims might expect to recover. She
also said the legal fees appeared to be too high.

Yahoo, now part of New York-based Verizon Communications Inc, had been accused of being
slow to disclose three data breaches affecting about 3 billion accounts from 2013 to 2016.

The new settlement includes at least $55 million for victims’ out-of-pocket expenses and other
costs, $24 million for two years of credit monitoring, up to $30 million for legal fees, and up to
$8.5 million for other expenses.

It covers as many as 194 million people in the United States and Israel with roughly 896 million
accounts.

John Yanchunis, a lawyer for the plaintiffs, in a court filing called the $117.5 million the
“biggest common fund ever obtained in a data breach case.” He did not immediately respond to
requests for additional comment.

Separately, Verizon agreed to spend $306 million between 2019 and 2022 on information
security, five times what Yahoo spent from 2013 to 2016. It also pledged to quadruple Yahoo’s
staffing in that area.

“The settlement demonstrates our strong commitment to security,” Verizon said in a statement.

Yahoo agreed in July 2016 to sell its internet business to Verizon for $4.83 billion. Only later did
it reveal the scope of the breaches, prompting a price cut to $4.48 billion. Verizon wrote off
much of Yahoo’s value in December. U.S. prosecutors charged two Russian intelligence agents
and two hackers in connection with one of the breaches in 2017. One hacker later pleaded guilty.
 9. ADOBE (HACKING)

Adobe announced in October 2013 the massive hacking of its IT infrastructure. Personal
information of 2.9 million accounts was stolen (logins, passwords, names, credit card numbers
and expiration dates). Another file discovered on the internet later brought the number of
accounts affected by the attack to 150 million (only 38 million active accounts). To access this
information, the hackers took advantage of a security breach at the publisher, specifically related
to security practices around passwords. The stolen passwords had been encrypted instead of
being chopped as recommended. Fortunately, if this had led to banking data also being stolen, it
was at least unusable because of a high-quality encryption by Adobe. The company was attacked
not only for its customer information, but also for its product data. Indeed, the most worrying
problem for Adobe was the theft of over 40GB of source code. For instance, the entire source
code for the ColdFusion product was stolen as well as parts of the source codes for Acrobat
Reader and Photoshop. If other attacks were to be feared, they did not ultimately take place.

10. PREDA (CHILD GROOMING)

They were the reluctant four. Only 14 and 16 years old, the four — Ruby, Jenny, Angel and Ruth
— were rescued from traffickers by the municipal social worker and local police and brought to
the Preda Home for Girls for recovery and cure. They were caught in a house of prostitution and
exploitation where they were trafficked by a pimp, lured with promises of money, drugs and
drinks and boyfriends. They were sexually abused.

Instead of being happy at being “rescued,” the four wanted to return to the trafficker. They were
brainwashed into the world of vice; they denied any wrongdoing and wanted to return to that life.
They had debts to pay. They were made to believe that was all they were good for in this world
and that the trafficker was giving them a happy life.

I like to refer to those who groom, seduce, or lure children into dire situations where they are
trapped, exploited, and sexually abused as “millstones.” Two thousand years ago, child abuse
was common enough it seems in Palestine and the Gospel of Matthew has a passage in Chapter
18 (Matt. 18:1-8) that has Jesus of Nazareth telling his audience of the learned, lawyers and
scholars, to their disappointment, that they were not the most important in society. He stood a
child before them and said the child was.

Then a most shocking statement followed. If taken at its face value, it sounds like an
endorsement of the death penalty. He said in so many words that anyone who abuses one of these
children ought to have a millstone tied around his neck and be thrown into the depth of the
ocean. It’s hyperbole, an exaggeration not to be taken literally, but nevertheless it is a strict
teaching that children are sacred and innocent and to accept a child is to accept Jesus himself.

He said too, unless we become as innocent as children we cannot enter the Kingdom and be a
person of the highest integrity. That would be the ideal society where friendship, truth, justice,
love, social justice, and equality reigned. In Matthew 25:31 -46) he has us standing before the
king of that ideal Kingdom on judgment day. He said unless we have fed the hungry, given water
to the thirsty, clothed the naked, visited the people in jails and shared and helped our neighbor,
there is no ticket to the kingdom. To have done it to them, the poorest of his brothers and sisters,
is to have done it to Jesus himself. That is a real challenge for anyone.

In the modern world of today, those ideals seem irrelevant and ignored by the people in the
secular world. Going by the number of child abusers out there in society and online, it is a world
dominated by these pedophiles and child rapists and abusers. Here, every week at the Preda
children’s home, we see horrific cases of child abuse. The latest arrivals are a five-year-old and a
12-year-old, both victims of rape. They joined the Preda family of 48 girl-victims who are
recovering and healing and discovering what it is to be free from the fear and abuse. There are
hundreds of thousands more helpless children unable tell anyone of their ordeal and who live in
fear of their rapists. The statistics say one in every four children is a victim of sexual abuse, the
same in every country in the world.

The pimps and human traffickers, the “millstones” who recruit teenage girls into the sex industry
are smart, clever, and like pedophiles, have the power of persuasion to lure and ensnare victims
into their web of abuse and exploitation. The teenagers become dependent sex slaves.

11.