Hi, I’m Aaron Kornblum, Internet Safety Enforcement Attorney at Microsoft, and a member of Microsoft’s global team committed to help fight cybercrime and protect our customers while they are online. As a parent, former Air Force prosecutor and civil litigator, and now in-house corporate counsel focused on Internet Safety, I am increasingly concerned by the proliferation of cybercrime and, in particular, online fraud such as phishing. My IE colleagues have invited me to share with you the news of a milestone just reached in Microsoft’s Global Phishing Enforcement Initiative (GPEI): the sentencing of a convicted phisher to 21 months imprisonment and $57,000.00 restitution to victims in a federal prosecution directly supported by Microsoft.
First and foremost, I want to note that enforcement actions by government agencies and private companies are not a stand-alone solution to cybercrime. A comprehensive approach is essential. As you know, new technologies designed to halt online fraud – such as the Phishing Filter for IE and email authentication like Sender ID – are critically important to halting the spread of online threats. Similarly, educating consumers about the dangers of phishing, spyware, etc., is also a key strategy.
However, Microsoft also believes it is crucial to help identify and pursue the persons responsible for actually hitting the “send” button to launch spam, phishing attacks, and other cybercrimes. Microsoft’s Internet Safety Enforcement Team – a worldwide group of 65 attorneys, investigators, and other professionals – spearheads such investigations and legal enforcement actions, partners with law enforcement, and helps to deter would-be online criminals by growing public awareness of enforcement initiatives. To date Microsoft has supported hundreds of enforcement actions worldwide against botnet operators, phishers, spammers, and spyware distributors, and partnered with government enforcement agencies with tools, training, and technical support.
In this regard, I’m reporting a significant sentence handed down by a U.S. federal judge to the first global phisher investigated by Microsoft and referred to federal authorities for prosecution. The defendant in this case, Mr. Jayson Harris, 23, of Davenport, Iowa, was sentenced to 21 months imprisonment to be followed by a term of three years supervised release on each of two counts stemming from his earlier guilty plea to wire fraud and fraud and related activity in connection with access devices. The judge further ordered Harris to pay restitution in the amount of $57,294.07 and to pay a $200 assessment to the crime victims fund.
From January 2003 to June 2004, Mr. Harris operated a phishing scheme by creating a bogus MSN billing website and then sending e-mails to MSN customers requesting that they visit the website and update their accounts by providing credit card account numbers and other personal information. Mr. Harris provided a false incentive to these MSN customers that by using his (fake MSN) website, the customer would receive a 50% credit towards their next monthly bill from MSN. The spoofed website transmitted victim data to an email account controlled by Mr. Harris.
Microsoft’s Internet Safety Enforcement Team tracked Harris across the Internet pursuing a variety of leads in North America and Europe and uncovered this scheme, ultimately referring the matter to the Federal Bureau of Investigation (FBI) for investigation. A search warrant was executed at Harris’s residence by FBI agents and evidence of the phishing scam was found on the computers at Mr. Harris’ residence. The investigation was conducted by the FBI and the Davenport Police Department with the assistance of Microsoft.
This case is just part of Microsoft’s Global Phishing Enforcement Initiative (GPEI), a global campaign targeting phishers across three primary areas: Protecting Microsoft brands and domains online, Partnerships with government and industry, and Prosecuting worldwide investigations.
Importantly, I think that the Harris case clearly illustrates the value of public-private partnerships in pursuing cybercriminals such as phishers. In fact, I’m writing this blog post from Bangkok, Thailand, where I am joining representatives of the U.S. Secret Service and other leading technology companies to share with prosecutors from across Asia about the importance of such partnerships to achieve greater impact in the fight against cybercrime. Microsoft will continue to collaborate with law enforcement authorities worldwide to help protect people from cybercrime. We hope this sentencing will help to keep our customers safe online and serve to have a deterrent effect on phishers and would-be phishers who consider profiting in this way.