OSI, U.S. Postal Inspection Service catch cyber criminal Published Feb. 14, 2012 By James C. Dillard Office of Special Investigations Public Affairs QUANTICO MARINE BASE, Va. (AFNS) -- Criminals work their mischief where there is money to be gained, and in a world that relies heavily on the Internet, identity thieves are working overtime to find new and creative ways to steal. That was the case with Rene Quimby, who was able to get his virtual hands on the identities of more than 16,000 people. For a while, his dishonest venture was extremely profitable ... until the Air Force Office of Special Investigations began investigating his online activities. Thanks in part to their efforts, Quimby was sentenced by a U.S. District Court judge to 75 months in federal prison and ordered to pay $210,119 in restitution to the Army and Air Force Exchange Service for his cybercrimes. This case was a joint effort between OSI Detachment 118, AAFES, Dallas, Tex.; OSI Detachment 810, Los Angeles Air Force Base, Calif.; and the U.S. Postal Inspection Service Identity Theft Economic Crimes Task Force. Two Army Criminal Investigation Command detachments and four local police departments were also involved. Quimby found vulnerability on the AAFES website and was also able to illegally obtain credit card financial information, along with other personally identifiable information via peer-to-peer software. His victims were from all over the world. His victims were primarily people who allowed "all" files to be shared via the file-sharing programs. Quimby conducted keyword searches for "passwords," locating text files and Word documents his victims had saved on their computers. He was also able to download and extract copies of check images, photo copies of driver's licenses, Social Security cards, passports and recall rosters from military bases that were also on the computers. The investigative team learned that Quimby had fraudulently-ordered merchandise sent to vacant, dead-drop and other locations controlled by the Mexican Mafia in southern California. The AAFES merchandise, including computers, washing machines, iPods, pools, books, stereos, etc., was fenced by members of the Mexican Mafia. Special Agent Keith Ide took the lead on this investigation the first day he arrived at Det. 118 in July 2007. In the autumn of 2007, he flew to California to discuss the case with Det. 810 and helped set up the task force to assist in the investigation. He also worked to get the U.S. Attorney's Office in Central California, and later the U.S. Attorney's Office in the northern district of Texas, on board with the investigation. During their investigation, they discovered that Quimby logged onto retail websites, primarily AAFES, using the personally identifiable information from his victims. He manipulated existing accounts and opened new lines of credit using 647 of the 16,000 identities to place hundreds of thousands of dollars in fraudulent orders on the AAFES website. When he reached credit limits, he simply used the routing and account numbers on the copies of checks he downloaded to place fraudulent Automatic Clearing House payments to "pay off" the Military STAR Card accounts, allowing him to free up credit and continue his scheme until the payments bounced. Ide said when someone runs a credit card/identity theft investigation, that person is effectively running two cases simultaneously. First, the investigator looks into the source of the compromise of victims' personally identifiable information: Was it a technical exploit such as someone hacking into an ATM or was it a human exploit where someone obtained the personally identifiable information and conducted account take overs and opened new lines of credit? Secondly, the investigator must find what the subject did with the personally identifiable information once her or she got it. Special Agent Ryan Himes came on the case at Det. 118 in August 2007 and began working with Ide on the investigation. "The case was very challenging from the get-go," Himes said. "I have never dealt with a financial crimes case in the past, and the numbers associated with this case were a little overwhelming to begin with. As the case went on, I got more comfortable with the numbers. I got to the point where I could tell if the IP address was in the same location, if the credit card number was Visa/MasterCard/Discover/STAR Card, and if the address was near any of the original addresses without even looking the information up." In May 2010, Himes, Special Agent David Gilmer, and agents from the U.S. Postal Inspection Service interviewed Quimby, who not only confessed but gave permission to seize his computers. Quimby had 132 gigabytes of victim data on his computer and OSI agents had to figure out a way to organize and identify chargeable conduct within the vast amount of data. They sent Quimby's hard drive to the 3rd Field Investigations Squadron cyber office, where Tech. Sgt. Richard Shepard worked for more than four months organizing data from Quimby's hard drive. Stacey Patterson at OSI Headquarters was also involved with organizing the hard drive. "Once we had the data/victim (personally identifiable information) organized, we sent the organized hard drive to Icon (Investigations and Security, Inc.) to identify victims, financial accounts, credit cards, Social Security numbers, names, dates of birth, etc., in order to determine levels for sentencing purposes," Ide said. "Icon also had to research all of the victims and compile a list of primary victims in order to notify all of them." Icon coordinated with the U.S. Postal Inspection Service, because it is the only agency that has automated access to the victim notification system that the U.S. Attorney's Office uses. "In this way, all 647 primary victims could be automatically notified," Ide said. "This was crucial because we could not indict Quimby without first identifying and notifying all of the victims." Ide said the process of analyzing, organizing, identifying, researching and uploading took an entire year. U.S. Postal Inspector Noah Thompson worked closely with OSI throughout this investigation. He is assigned to the U.S. Postal Inspection Service-sponsored Identity Theft Economic Crimes Task Force. Thompson worked directly with all of the OSI agents in developing leads to identify the perpetrator of the AAFES scheme by doing things such as subject interviews, surveillance, law enforcement liaison, probation searches and various other investigative techniques. "At the beginning of the case, there was a lot of data that we had to sift through from AAFES," Thompson said. "Special Agent Ide and Special Agent Himes particularly did a great job on getting their arms around the data and being able to organize it so everyone could get a clear picture of what was happening." Special Agent David Gilmer, who works with Det. 810, worked with Thompson on developing leads targeting the California connection, identifying the subject, conducting the subject interview, and coordinating the search where the key evidence was seized. Finally, in February 2011, after Quimby was indicted, Ide said he worked with Det. 810, (the U.S. Postal Inspection Service) and the Secret Service to arrest Quimby in Southern California. "I believe this case was truly a team event," Gilmer said. "A lot of parts came together because we kept going in the face of adversity and picking each other up until we finally locked the right target."