Venezuela-based fraud ring stole UPMC identities to buy electronics from Amazon, federal indictment says
A Venezuela-based fraud ring used the stolen identities of UPMC employees to scam $1.5 million in tax refunds and buy $886,000 worth of smartphones, computers, tablets and other electronics from Amazon.com, federal prosecutors say in an indictment unsealed Friday.
A Pittsburgh federal grand jury Wednesday indicted Yoandy Perez-Llanes, 31, address unknown, on 21 counts of conspiracy, wire fraud, money laundering conspiracy and aggravated identity theft.
Hackers last year stole the names, birth dates, Social Security numbers, salary and tax withholding information of all 62,000 employees at UPMC, the state’s largest private employer.
The indictment doesn’t say whether Perez-Llanes or the others involved in the tax-return fraud were responsible for stealing the employees’ identities. The U.S. Attorney’s Office declined to comment.
“It would not surprise me if he was not the hacker,” said Daniel Garrie, founding editor of the Journal of Law & Cyber Warfare.
Although hackers sometimes directly use the information they steal to commit fraud, “it’s certainly not as common as them selling it in the marketplace,” he said.
Often called the “dark web” or “dark markets,” the anonymous websites offer drugs, weapons, stolen identity information and other illegal goods and services.
American and European law enforcement agencies announced in November that a coordinated investigation had shut down more than 400 such sites.
UPMC applauded the indictment but otherwise declined to comment.
“On behalf of our employees whose personal information was compromised by hackers, we applaud the diligent and thorough investigation conducted by the Internal Revenue Service-Criminal Investigation, the United States Secret Service and the United States Postal Inspection Service leading to the indictment in this case,” spokeswoman Gloria Kreps said in a prepared statement.
The indictment doesn’t mean the employee information is safe, another expert said.
“Once data is breached, it is almost impossible to know whether or not, or when, that data has made its way into these black markets,” said Brian Nussbaum, a cybersecurity professor at the University of Albany in New York. “It is probably best to assume that breached data is likely to end up in such dark corners of the Internet and to exercise caution as such.”
Perez-Llanes and others used the employee information to file 935 false federal tax returns for the 2013 tax year seeking a total of $2.2 million in refunds, prosecutors say. They succeeded in getting about $1.5 million, prosecutors say.
They used proxy servers and Turbo Tax software to make it appear the returns were filed in Western Pennsylvania.
An Internal Revenue Service spokesman couldn’t be reached for comment.
The conspirators used anonymous email services to get refund redemption codes from Turbo Tax and order about $886,000 in Galaxy IV cell phones, iPhones, HP laptop computers, tablets, gaming devices and other electronics from Amazon.
They had the goods shipped to Miami, where members of the ring repackaged it and shipped it to Maracay and Maracaibo in Venezuela.
The conspirators kept some of the goods for personal use and sold the rest on online auction websites, prosecutors say.
The government is seeking a court order to seize about $700,000 worth of gift cards that are being held by Amazon or Turbo Tax, according to the indictment.
Brian Bowling is a staff writer for Trib Total Media. He can be reached at 412-325-4301.