Information for Victims in Large Cases
United States v. Jesse E. Kipf
Jesse E. Kipf of Somerset, Kentucky, has been charged with computer fraud stemming from data breaches he conducted on a number of state and corporate networks. Kipf obtained credentials to access the private networks of these public and private entities, and through such access, was able to view state constituent and business client personally identifying information. Kipf was also charged with attempting to sell the credentials he used to access these protected networks. The data breaches occurred on the following dates:
1) On or about February 12, 2023, Guest-Tek Interactive Entertainment Ltd.
2) On or about June 21, 2023, Kipf breached the protected network of Milestone, Inc.
Kipf specifically accessed networks associated to the above companies’ services provided to hotel chains. These services include the use of the internet during hotel stays or use of hotel websites. To date, investigators have no evidence that Kipf accessed the personally identifying information of hotel customers.
U.S. v. Andrei Catalin Stoica, et al.
The indictments allege that these defendants participated in a criminal conspiracy primarily located in Alexandria, Romania that engaged in a large-scale scheme of online auction fraud. Specifically, Romania-based members of the conspiracy and their associates posted false advertisements to popular online auction and sales websites—such as Craigslist and eBay—for high-cost goods (typically vehicles) that did not actually exist. According to the indictment, these members would convince American victims to send money for the advertised goods by crafting persuasive narratives. The members of the conspiracy are alleged to have created fictitious online accounts to post these advertisements and communicate with victims, often using the stolen identities of Americans to do so. They are alleged to have delivered invoices to the victims bearing trademarks of reputable companies in order to make the transaction appear legitimate. Once victims were convinced to send payment, the indictment alleges that the conspiracy engaged in a complicated money laundering scheme.
U.S. v. Adrian Mitan
On July 5, 2018, a federal grand jury charged one individual in United States v. Adrian Mitan, with money laundering offenses arising from a credit card phishing and brute-force attack scheme, likewise designed to steal money from Americans. The indictment explains that phishing is an attempt to acquire personal information by masquerading as a trustworthy entity through electronic communications, and brute force is a cryptological trial-and-error methodology used to obtain information such as personal identification numbers for credit cards. Mitan allegedly phished for credit/debit card information of U.S. customers, hacked into the electronic systems of American businesses, and then conducted a brute force attack on their point-of-sale systems for the purpose of stealing the remaining credit/debit card information. According to the indictment, Mitan then directed American money launderers to create “dummy” credit/debit cards with the stolen information, which were used to extract money from the customers’ accounts. These fraudulent proceeds were then returned to Mitan in the form of bitcoin.