Calling Card Theft Rings Go High   by Independent (IND)

10/05:CALLING-CARD THEFT RINGS GO HIGH-TECH By SALLIE HOFMEISTER c.1994 N.Y. Times News Service LOS ANGELES - A $50 million telephone calling-card theft ring disclosed earlier this week by federal investigators is representative of the advanced types of scams that have emerged in the last two years as telephone companies have become better at ferreting out fraud. In contrast to older and still more common cases of calling-card fraud involving small batches of numbers, often obtained by peering over callers' shoulders while they are dialing public pay phones, the latest case typifies an emerging category of inside crimes by people with computer programming skills, telecommunications experts said. In what is the biggest single case of telephone calling-card theft, an employee of MCI Communications was charged last week with stealing some 60,000 card numbers from MCI and other long-distance companies that were subsequently used to make at least $50 million worth of long-distance calls, according to the Secret Service, the federal agency that investigates interstate telephone fraud. The report first appeared in The Los Angeles Times on Monday. The Secret Service said Ivy James Lay, a switch engineer at MCI's network center in Charlotte, N.C., sold the calling card numbers to an international band of computer hackers. The band, stretching from Los Angeles to Bonn, Germany, profited by selling the numbers and by using them to pirate software and video games from on-line computer networks, according to the Secret Service, which has been investigating the case for four months with the help of MCI, GTE Corp. and AT&T, and which expects to make several other arrests in the case in the next month. For years, theft of calling-card numbers has caused telephone companies to lose millions of dollars in calls that are completed but never paid for. To combat such crime, phone companies in recent years have built computer systems that identify the unusual calling patterns that are a primary indicator of fraud, and can enable a phone company to cut off service to those numbers in a matter of minutes. Rising to the challenge, calling-card fraud artists are taking their business overseas, especially to Europe, where the public telephone networks are highly automated enough to allow use of calling cards - but not advanced enough in most cases to detect fraudulent calling patterns within Europe or in calls to the United States. And these thieves are trying to work more efficiently, by buying volumes of calling-card numbers from telephone company employees rather than gathering them one by one through hidden software programs designed to capture the numbers as they pass through the computerized switching equipment that routes calls over the phone network. "The odds are good today that if you call from Chicago to the Dominican Republic using an illegal number, the phone company is going to catch you because their systems are pretty sophisticated in the United States," said John J. Haugh, chairman of Telecommunication Advisors Inc., a telecommunication consulting firm in Portland, Ore., that specializes in anti-fraud techniques. "But if you sell the numbers to Europeans, you can evade the monitoring network." He said a ring of what he called techno-bandits had grown up in the Netherlands, Belgium, Italy, Spain and Germany in the last two years to profit from the sale of long-distance numbers stolen in the United States. Because they transact much of their business via computers, using code names, it is hard for law enforcement officials to determine their identities. They typically have agents in the United States who bribe telephone employees to steal numbers for them. In fact, Haugh estimates that as much as 20 percent of the $3.8 billion worth of long-distance fraud this year will involve telephone company employees. "Why bother going to an airport to shoulder-surf for two or three numbers when you can get 20,000 of them from a telephone company employee?" he said. In a separate case that is also being investigated by the Secret Service, Max Louarn, an accused Spanish computer hacker, was arrested during a trip to Washington in late September on charges of selling stolen calling card numbers used to make at least $1.5 million of long-distance calls. The Secret Service said Louarn bought the bulk of the numbers, at least 40,000, from an employee of Cleartel Communications, a long-distance operator based in Washington. Jesse Wood of the Secret Service office in Charlotte, which is heading the investigation of Lay, said the agency was trying to determine whether the two cases involved any of the same people. Details of the Lay case remain sketchy, as the telephone company and federal agents are reluctant to provide specifics because of a pending federal grand jury investigation by the U.S. attorney's office in Charlotte. But Secret Service officers late last month seized numerous computers, software, diskettes, modems, logs and files said to have been used by the handful of people Lay was said to have sold the numbers to in Los Angeles, Seattle, Philadelphia, Minneapolis and Chicago. Lay, who has been released on bail, is being represented by Tom Cochran, a public defender in Charlotte, who could not be reached for comment. MCI dismissed Lay after he was arrested. MCI officials said that Lay had developed a software program that scanned traffic from various phone carriers at the switching station where he worked, which handles thousands of calls a day. The program allowed him to pull the calling card or credit card numbers used to place those calls. Over a period of several months, he pulled 60,000, according to Leslie Aun, a spokeswoman for MCI. "This is unprecedented in terms of scope and size," she said. "We have prosecuted cases against employees but never one this big." MCI and the other long distance companies have said they will not bill the customers whose calling-card numbers were stolen. James Bauer, a Secret Service agent in Los Angeles, said Lay faced felony charges for "access device fraud," which is punishable by up to 10 years in prison. Bauer said Lay, known as Knightshadow in computer networking circles, sold the numbers for $3 to $5 each to two people in Southern California, who then resold them to people who operate computer electronic bulletin boards in at least nine other cities. "A certain percentage of computer bulletin boards are illegitimate," Wood, the Secret Service agent, said. "They get to know each other through the networks, then start talking by phone and hatch this plot: "I'll send you these numbers if you give me access to this bulletin board.' None of them pays for any phone calls because they all trade these calling card numbers." The Secret Service would not disclose how much these resellers charged for the stolen numbers, but Ms. Aun of MCI said on the street in New York, illegal calling card numbers fetched $10 to $20 apiece for a call. Bauer said the bulletin board operators then sold some of the numbers to Europeans, who charged the bulk of the $50 million in long-distance services, mainly for long-distance pirating of software and games from legitimate computer data bases. "The phone numbers were not their end goal for the Europeans," he said. "They used them as a tool to cut the overhead of their business, for copying voluminous amounts of materials over the phone lines." Phone companies say these schemes are increasing and troublesome because they are hard to detect and prosecute. "Once you get beyond fraud involving immigrants calling from street pay phones, it's hard to track," Ms. Aun said. It is not only that hackers' identities are concealed, but once cases become international, they are difficult to pursue. "It's hard to prosecute a case in Germany," Ms. Aun said. "It's expensive and the police are more concerned with violent crimes." MCI, GTE and AT&T brought this most recent case to the attention of the Secret Service in May, after discovering unusually high volumes of illegal calling in certain cities. "The amount of activity was much greater than the typical shoulder-surfing," said Daniel Smith, a spokesman for GTE Telephone Operations, a subsidiary of GTE. "You don't have thousands of calling cards compromised within an individual geographic area. Many phone companies employ former agents of the FBI and Secret Service to penetrate the world of cyberspace looking for fraud. In the course of monitoring bulletin boards and reading hacker magazines, MCI, GTE and AT&T - which typically share information in tracking fraud cases - had discovered what they thought was an organized ring of hackers in the businesss of selling stolen calling card numbers. Once the Secret Service got involved, they were able to trace the source to MCI's operation in Greensboro. Transmitted: 94-10-04 23:07:51 EDT