E-Gold Gets Tough on Crime

[R.A. Hettinga]

<http://www.wired.com/news/technology/1,72278-0.html>

Wired News

 E-Gold Gets Tough on Crime


By Kim Zetter
02:00 AM Dec, 11, 2006

The founder of PayPal competitor e-gold has grown tired of the government
characterizing his business as a haven for money launderers, terrorists,
child pornographers and credit card thieves.

So a year after the Department of Justice raided his offices, Douglas
Jackson, president of Gold and Silver Reserve, which operates e-gold, has
been wading deep into his customer transaction logs to identify and fight
back against people who misuse his system. In the last month, he's blocked
about 2,000 accounts from his system, and he's voluntarily turned over
detailed account and transaction histories to federal law enforcement.

In the process, Jackson says he's exposed an illicit and previously
invisible economic underground.

"It's like discovering an undisturbed tomb in Egypt where you've got this
archaeological thing," Jackson says about the wealth of data he's
uncovered. "There will never be another crack like this one where all of
these people have left their footprints with memos that sometimes give us
clues as to what they're doing."

E-gold is a privately issued digital currency backed by real gold and
silver stored in banks in Europe and Dubai. Jackson says about 1,000 new
e-gold accounts are opened daily, and the system processes between 50,000
and 100,000 transactions a day.

With a value independent of any national legal tender, the electronic cash
has cultivated a libertarian image over the years, while drawing the ire of
law enforcement agencies who frequently condemn it publicly as an
anonymous, untraceable criminal haven, inaccessible to police scrutiny.

Jackson says the image is false. Although a user can open an account using
a fraudulent name and a proxy server that shields his or her IP address, a
permanent record of every transaction remains in the e-gold system, which
can help law enforcement agencies track criminals.

Jackson says he first became aware that credit card thieves were laundering
money through e-gold from 2004 news stories about a Secret Service bust of
Shadowcrew, a website where carders congregated. He contacted the Secret
Service and pleaded with them to work with him to catch the carders, but
the agency inexplicably rebuffed him.

Last December, the Department of Justice raided the Melbourne, Florida,
office of Gold and Silver Reserve, and seized more than 100 boxes of paper
records in a move dubbed Operation Goldwire.

"They basically raped our computers and also took us offline for 36 hours,
took all the paper out of our office," Jackson says. The government also
froze Gold and Silver's U.S. bank account. The company survived, Jackson
says, only because its euro, pound and yen accounts are maintained outside
the United States.

Jackson says the criminal affidavit, filed under seal, accused Gold and
Silver of aiding terrorists and child pornographers. But prosecutors later
dropped the criminal claim, replacing it with a civil complaint charging
Gold and Silver with operating as an unlicensed money-transmitting
business. Jackson's lawyers say the charge is bogus because Gold and Silver
isn't a money transmitter, since the company doesn't accept cash from
customers, only wire transfers. That case is on hold until April, and a
Justice Department spokeswoman declined to comment on the suit.

Rather than attack him, Justice officials and the Secret Service should
have been working with him, says Jackson. Because all the while they were
trying to build a case against e-gold, he was gathering evidence that could
help them battle the real criminals.

Around the time of the Shadowcrew bust, Jackson's staff developed a method
for doing global searches in e-gold transactions. So Jackson decided to see
if he could find carders in his system by searching the "memo" field, where
-- like the memo line on a check -- the sender can note the reason for the
transaction. Jackson says some carders, apparently so convinced of their
invisibility, don't try to hide the nature of their activity.

He searched keywords from news articles about carders, such as "cvv,"
"dumps" and "cob." The first two terms refer to data encoded on the
magnetic stripe of credit cards; the last one stands for "change of
billing," referring to credit card accounts for which a crook has changed
the billing address to a mail drop under his control.

Jackson also searched the online nicknames of specific carders that law
enforcement agents mentioned in news reports or at a cybercrime conference
Jackson attended: names like Zoomer, Kayser Sose, Smash, Segvec, Jilsi,
Ragoo and John Dillinger, a carder who described his crimes for Wired News
earlier this year and who recently signed a plea agreement to cooperate
with authorities.

Jackson says some culprits that authorities deemed "unfindable" were easy
to track through e-gold. One appeared to be a high school kid in
Louisville, Ohio, judging from information gleaned from his transactions.
Jackson tracked two others to Egypt after one of them converted e-gold to
cash and had an intermediary load it onto a debit card sent to him by
courier.

Jackson identified a core group of accounts that appeared to involve
carding, and made lists of accounts that exchanged e-gold with them.
Patterns emerged. Beginning earlier this year, for example, one
account-holder in New York purchased postal orders worth about $6,000 twice
a month from three different post offices, exchanged them for e-gold and
transferred the funds to an account-holder in the Ukraine. Altogether he
purchased about 30 postal orders totaling more than $150,000.

In other accounts he found a $17,000 transaction supposedly "for beer" and
$10,000 for Louis Vuitton purses. Over two weeks last February, one
account-holder moved $29,000 worth of e-gold to purchase Sony Vaio
computers, followed two days later by $30,000 for more Sony Vaios, and
$40,000 four days after that. The recipient of the funds accumulated more
than $900,000 in e-gold over a brief period of time, more than half of
which remained parked in his account.

The timing of the transactions, last spring, corresponded with news
articles reporting a serious wave of debit card breaches across the country
that caused several banks to reissue compromised cards.

By matching other data, like time stamps, IP addresses and hashes of
passwords, Jackson could sometimes identify when one person controlled or
used different accounts. "The good ones will have a different IP address
every time they touch the internet," he says. "But every once in a while
you get one of these bad guys on one of these accounts where ... he may use
a fixed IP."

Jackson decided that law enforcement needed to know about what he'd found.

He'd received and complied with hundreds of subpoenas in the past -- from
FBI, Secret Service, Drug Enforcement Agency and international law
enforcement agencies. But this time he had trouble finding someone to work
with him. Since the Secret Service had already dismissed him, he approached
the FBI and U.S. Postal Inspection Service, but got the runaround. Jackson
said one agency wanted his company to sign an agreement stating he wouldn't
be immune from prosecution if authorities, in the process of obtaining
information from him, found something that could incriminate e-gold.

He refused to sign, but began assisting postal inspectors and other agents
voluntarily.

Jackson acknowledges some discomfort over the decision to give information
to the feds without legal process -- a move that could save e-gold from
further law enforcement aggression, while tarnishing its libertarian sheen.

His lawyers aren't bothered by the move, however. They say agents
repeatedly promised to provide Jackson with court orders since last
February but have not come through.

"You have a very strong documented relationship with these agents asking
about particular people with the promise that they are going to be
subpoenaing," says Jackson attorney Andrew Ittleman. "Just because they
never ultimately gave him a subpoena doesn't put the fault on Jackson --
it's on the agents. He was acting in good faith."

His lawyers also say that once the company discovered evidence of possible
wrongdoing, it had no choice but to hand over information to the
government. Jackson could even have been charged with aiding and abetting
money launderers under federal statutes if he didn't report the suspicious
activity.

"E-gold, because of the way in which it operates, creates the potential for
a misuse," says lead attorney Mitchell Fuerst. "And to the extent that that
can happen, I think the company has an ethical and a legal obligation to
prevent those crimes from being committed."

But the company thinks it's unlikely that anyone involved in illicit
activity would sue e-gold for blocking their account or giving their data
to law enforcement.

Kevin Bankston, staff attorney for the Electronic Frontier Foundation, says
e-gold is violating its privacy policy, which states that the company won't
hand over data except under court order. Its actions "could open it to
liability under contract violation and false advertising and unfair
competition claims," he says.

In November, Jackson began running an automated script to blacklist
accounts he identified as suspicious. The digital funds aren't frozen, and
the account holder can conceivably get the money out by transferring it to
another account he controls, or to a different e-gold customer. But then
those accounts get blocked, too.

"We're looking to make these people into vagabond zombies," he says. "They
can log into the account and send payment to someone who's willing to
accept payment from them, but at that other person's risk."

But the aggressive policing is chafing some users, who say they did nothing
wrong and were improperly banned.

Cesar Carranza runs a business called uBuyWeRush selling liquidation and
overstock merchandise online and from three California stores. He uses
e-gold for some overseas customers because, unlike credit card and PayPal
transactions, e-gold purchases are irreversible and there are no
charge-backs to the merchant.

"I am a reputable merchant," he says. "I am not a con artist or a thief."

Carranza was arrested in 2004 but never charged with anything. At the time,
he was selling MSR-206s through eBay -- devices used to encode data on the
magnetic strip of credit cards. It's not illegal to sell them, but carders
often use them to code stolen credit and debit card numbers onto blank
cards. Carranza says police accused him of selling merchandise to
terrorists. He's since sold the MSR part of his business.

Last month, e-gold blocked two of his accounts containing about $19,000,
providing little information about why. Carranza says the block hasn't hurt
his business but he'll never use e-gold again and is considering legal
action to get his funds. "I no longer trust the e-gold integrity," he says.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'