US racketeering law enters the world of cybercrime

library
crime | hacking | security

A Las Vegas court convicted a cybercriminal under RICO (Racketeering Influenced Corrupt Organizations Act) law last week, in what may well turn out to be a landmark case.

The US RICO law allows for anyone found guilty of racketeering offences, if seen to be part of organized criminal activity, to be subject to extra-heavy jail terms and fines, and implicitly extends responsibility for crimes committed by any gang member to any other member of the same organisation.

Part of the aim of the RICO law is to enable the conviction of gang leaders who have ordered their subordinates to commit crimes but not taken part themselves.

In the past RICO law has generally been used against mafia-type gangsters and global drug cartels, and this is thought to be the first time it has been used to target online criminals. Other unusual areas where the law has been invoked include the Catholic Church, the LAPD and the Hell’s Angels.

The crook in question in this case, 22-year-old Arizonan David Ray Camez, was a relatively small-time fraudster already serving jail time on forgery charges. He was a member of cybercrime forum Carder.su, where he bought bank card data, fake identity documents and bespoke counterfeiting services.

Camez was tracked down after a parcel of fake credit cards was intercepted en route to a post box in Arizona, subsequently linked to Camez.

He later bought more counterfeit items on the forum, infiltrated by the same undercover FBI agent involved in other cybercrime forum cases such as DarkMarket.

The gang connection is the forum itself, which the US prosecutors successfully argued was equivalent to an organised crime ring, although others have compared it to a “criminal eBay”.

The Russian-run forum was a hub for all sorts of cybercriminal shenanigans, much more than the carding which gave it its name, with its own escrow system to keep the crooks honest. Estimates of the number of users seem to vary wildly, ranging from 5,500 to 7,900.

The Camez case and the history of Carder.su has been followed in depth by Wired.

A major part of the case for counting the forum as a criminal organisation as recognised under RICO law was that there was a vetting process for new members.

The precedent this sets will doubtless be a little worrying for many internet users operating on the fringes of legality – file sharers and underground marketplaces like the now-infamous Silk Road being prime examples.

Almost everything useful on the web has some sort of “vetting process” for new members, even if it’s only confirming that you have access to the email account you’ve provided.

How high the bar is set for accepting this as proof that a website’s users constitute a (potentially criminal) organisation seems likely to be contested in a lot of future cyber-RICO cases.

The racketeering activities covered by RICO are quite broad and varied, covering various kinds of counterfeiting and copyright infringement as well as the murder, kidnap and arson usually associated with violent organised crime.

Indeed the definition of racketeering under the RICO act seems to include everything from “white slave traffic” to “unauthorized fixation of and trafficking in sound recordings and music videos of live musical performances”.

So could YouTube users find themselves up on RICO charges? Unlikely perhaps, as there seems to be a requirement that racketeering activities make you some money.

With penalties even harsher than the already tough sentences available to US prosecutors, RICO means Mr Camez faces up to 40 years imprisonment for the two indictments required for the law to kick in.

Ostensibly, the main purpose of jail sentences is to punish and rehabilitate offenders, with scaring the hell out of other potential offenders so they avoid breaking laws a secondary byproduct.

It seems this dissuasion tactic is becoming an ever bigger weapon against cybercriminals.