Operation Phish Phry – Revisited

Like the career of a one hit wonder pop star, it started with a bang and went out with a whisper. Almost two years ago, the big news was about Operation Phish Phry. In October 2009, the FBI announced that almost one hundred people (half here in the US, half in Egypt) had been arrested for running a phishing ring. At the end of June this year, news reports announced the sentencing of Kenneth Joseph Lucas, who was the key US figure in this crime story. Convicted of 49 counts of bank and wired fraud, Lucas was sentenced to 13 years in federal prison.

Lucas is not a hacker. He ran the money mules in the US who opened accounts for the hackers in Egypt to deposit their stolen money into. The Egyptian hackers stole logins and passwords from the customers of US banks and then transferred people’s money into the accounts the money mules had set up. The money mules withdrew the money, kept a piece for themselves, and passed the rest on to Lucas. Lucas kept his share, and passed the rest on to the Egyptians. The feds say the gang raked in more than one million dollars.
If you blinked, you will have missed the news of his conviction and sentencing. It wasn’t given a lot of coverage. And, what coverage there was did not have a lot of detail. If Lucas had not also showcased his prowess in growing marijuana in a YouTube video, he may not have even gotten the couple of paragraphs of coverage he did get.
I’m glad justice was done, but I can’t help but be a little disappointed. My hope in 2009 was that Operation Phish Phry would send a message to those involved in cybercrime. So, the message is there—13 years! But, it wasn’t that loud. Front page news of the sentencing might have helped get that message out, but I’ll settle for what we got.
If anyone knows what happened to the other people that got arrested, especially the Egyptians, drop me a line or send me a tweet at @kphaley.