Venezuela-based fraud ring stole UPMC identities to buy electronics from Amazon, federal indictment says |

Venezuela-based fraud ring stole UPMC identities to buy electronics from Amazon, federal indictment says

A Venezuela-based fraud ring used the stolen identities of UPMC employees to scam $1.5 million in tax refunds and buy $886,000 worth of smartphones, computers, tablets and other electronics from, federal prosecutors say in an indictment unsealed Friday.

A Pittsburgh federal grand jury Wednesday indicted Yoandy Perez-Llanes, 31, address unknown, on 21 counts of conspiracy, wire fraud, money laundering conspiracy and aggravated identity theft.

Hackers last year stole the names, birth dates, Social Security numbers, salary and tax withholding information of all 62,000 employees at UPMC, the state’s largest private employer.

The indictment doesn’t say whether Perez-Llanes or the others involved in the tax-return fraud were responsible for stealing the employees’ identities. The U.S. Attorney’s Office declined to comment.

“It would not surprise me if he was not the hacker,” said Daniel Garrie, founding editor of the Journal of Law & Cyber Warfare.

Although hackers sometimes directly use the information they steal to commit fraud, “it’s certainly not as common as them selling it in the marketplace,” he said.

Often called the “dark web” or “dark markets,” the anonymous websites offer drugs, weapons, stolen identity information and other illegal goods and services.

American and European law enforcement agencies announced in November that a coordinated investigation had shut down more than 400 such sites.

UPMC applauded the indictment but otherwise declined to comment.

“On behalf of our employees whose personal information was compromised by hackers, we applaud the diligent and thorough investigation conducted by the Internal Revenue Service-Criminal Investigation, the United States Secret Service and the United States Postal Inspection Service leading to the indictment in this case,” spokeswoman Gloria Kreps said in a prepared statement.

The indictment doesn’t mean the employee information is safe, another expert said.

“Once data is breached, it is almost impossible to know whether or not, or when, that data has made its way into these black markets,” said Brian Nussbaum, a cybersecurity professor at the University of Albany in New York. “It is probably best to assume that breached data is likely to end up in such dark corners of the Internet and to exercise caution as such.”

Perez-Llanes and others used the employee information to file 935 false federal tax returns for the 2013 tax year seeking a total of $2.2 million in refunds, prosecutors say. They succeeded in getting about $1.5 million, prosecutors say.

They used proxy servers and Turbo Tax software to make it appear the returns were filed in Western Pennsylvania.

An Internal Revenue Service spokesman couldn’t be reached for comment.

The conspirators used anonymous email services to get refund redemption codes from Turbo Tax and order about $886,000 in Galaxy IV cell phones, iPhones, HP laptop computers, tablets, gaming devices and other electronics from Amazon.

They had the goods shipped to Miami, where members of the ring repackaged it and shipped it to Maracay and Maracaibo in Venezuela.

The conspirators kept some of the goods for personal use and sold the rest on online auction websites, prosecutors say.

The government is seeking a court order to seize about $700,000 worth of gift cards that are being held by Amazon or Turbo Tax, according to the indictment.

Brian Bowling is a staff writer for Trib Total Media. He can be reached at 412-325-4301.

TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.