Phisher Sentenced to 12 Years

A Sign That Courts Take Cybercrimes More Seriously?

By , August 1, 2011.
Phisher Sentenced to 12 Years

A U.S. District Court in California has slapped a hacker with a 12-year prison sentence for phishing attacks he launched on more than 38,000 consumers.

Tien Truong Nguyen, 34, was found guilty of stealing personal bank information from unsuspecting online users after sending those users to spoofed bank sites that collected account log-in and password details.

Through targeted spear-phishing attacks, Nguyen collected bank details that he sold to other cyberthieves who then used the stolen identities to open lines of credit.

The judge's sentencing in the case highlights a win for the good guys, says Neil Schwartzman of CASL Consulting, which specializes in online security.

"It is certainly a good and welcome start, and a clear signal to those who want to commit bank robbery online that they can and will go to prison for a good long time," he says. "I think as more of these crimes are finally being brought to court, naturally enough, judges and prosecutors are beginning to have the requisite knowledge about the impact of the theft, as well as an understanding of the technology behind them."

Since the arrest and sentencing of Albert Gonzalez, the mastermind behind the Heartland Payment Systems breach that led to the compromise of more than 130 million payment cards, the courts appear to be taking cyberattacks on financial information much more seriously. Gonzalez got 20 years for his cybercrime. If sentenced today, most experts agree the ruling would have been much steeper.

Phishing Attacks: Growing Global Concern

Phishing has quickly emerged as one of the financial world's greatest threats. And regulators, law enforcement agencies and the courts are taking online schemes and phishing attacks very seriously.

Increasing incidents of corporate account takeover spurred the Federal Financial Institutions Examination Council to issue updated guidance for banks and credit unions to follow for authenticating online banking transactions and accounts. [See the updated FFIEC authentication guidance.]

And last month, the White House issued a plan to fight transnational cybercrime. [See Obama Vows to Battle Int'l Cybercrime.]

"Transnational criminal organizations have taken advantage of our increasingly interconnected world to expand their illicit enterprises," said President Obama during his announcement of the strategy. The strategy's 56 priorities include enhancing intelligence and information sharing and protecting the nation's financial system and strategic markets.

Highly publicized phishing incidents, such as the Epsilon e-mail breach, which affected more than 100 companies and brands, also have fueled concern.

Neal O'Farrell, executive director of the Identity Theft Council, a grassroots support network for victims of ID theft, says banks and credit unions are at the center of the phishing debate, since financial details are what cybercriminals most often seek. "Most of the phishing I've seen recently has been focused on credential ID theft, since it's the most profitable," he says. "That should be concerning to financial institutions."

Customer awareness is the best line of defense, which also is noted in the new FFIEC guidance as being a critical piece of layered security. But most institutions are failing when it comes to customer education, O'Farrell says. "The phishing only works if the consumer participates," he says. "They have to click on something; they have to open something; so, based on that assumption, shouldn't we be doing more to educate them?"

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Infographic: Are You a Breach Victim?

Has your personal information been compromised in a data breach this year? This infographic...

Latest Tweets and Mentions

ARTICLE Infographic: Are You a Breach Victim?

Has your personal information been compromised in a data breach this year? This infographic...

The ISMG Network