The Federal Bureau of Investigation (FBI) recently closed a case where hackers were put behind by bars for stealing information from a mortgage company.
Between 2011 and 2014, four U.S. citizens hacked the computer servers of major U.S. mortgage brokers to steal loan application information from thousands of customers, Then, they used the victims’ Social Security numbers, addresses, dates of birth, and driver’s license numbers to open unauthorized lines of credit and take over and drain their retirement accounts.
“The damage crimes like these have on victims, the economy, and society, in general, are significant,” FBI Special Agent Chris Christopherson, who investigated the case from the FBI’s San Diego Division, said. “Individuals had their finances wrecked and their credit destroyed, through no fault of their own. For many of them, the impacts are still being felt.”
The fraudsters resided in San Diego—but carried out their crimes from across the Mexican border in Tijuana. The chief hacker, John Baden, infiltrated mortgage companies using a common hacking technique known as “fuzzing.” Fuzzing works by overloading a web server with massive amounts of data that can lead to the server revealing security loopholes.
Once they had the information, Baden and his conspirators, Victor Fernandez, Jason Bailey, and Joel Nava, identified multiple brokerage accounts and took control of them. They did this by calling the companies and providing the victims’ personal information to change passwords and contact information. Once they did that, they wired funds—sometimes up to $30,000 at a time—from the victims’ accounts to accounts they controlled. One of the victims lost nearly $1 million in the scheme, the FBI said.
They also used the personal information for extensive credit fraud, setting up bogus lines of credit and retail credit card accounts to which they charged thousands of dollars for goods and services. FBI officials said Most of the proceeds from the sale of items in these crimes were used to buy drugs. They did this to more than 25,000 people at a loss totaling approximately $2.5 million. In reality, Christopherson said, the amount was much higher than that.
“There was so much retail fraud over such a long period of time, it was impossible to calculate an accurate and provable loss amount,” he said.
The FBI was alerted to the fraud by a financial institution that noticed irregularities. FBI cyber investigators detected that many victims had a “common point of compromise,” Christopherson said. “They had all recently applied to the same mortgage company.”
Investigators worked backward from the mortgage company to identify and arrest the hackers. All four of the fraudsters pled guilty. Bailey was sentenced to more than five years in federal prison, while Baden got nine years, and Fernandez got more than 10 years in prison. Nava was sentenced to 44 months in prison.
“We are pleased that these criminals are now behind bars and will not be able to victimize anyone else,” Christopherson said. He encourages people to regularly check their credit information to make sure their information has not been compromised.