Identity Theft, Account Takeover, And Impersonation Crimes
🧩 PART I — Understanding the Crimes
1. Identity Theft
Definition:
Identity theft occurs when someone steals another person’s personal information (e.g., Social Security number, credit card, bank account) to commit fraud or other crimes.
Key Elements:
Unauthorized access to personal information
Intent to defraud or gain economic advantage
Use of stolen identity for financial transactions, loans, or accounts
Legal Basis (USA Example):
Identity Theft and Assumption Deterrence Act (1998) – federal law making identity theft a crime.
Computer Fraud and Abuse Act (CFAA) – addresses unauthorized access to online accounts.
2. Account Takeover
Definition:
Account takeover occurs when an attacker gains control of a victim’s online accounts (banking, email, or social media) and misuses them.
Key Techniques:
Phishing or spear-phishing
Credential stuffing
Malware/keylogging
Social engineering
Consequences:
Financial loss
Data breach
Fraudulent transactions
3. Impersonation Crimes
Definition:
Impersonation crimes involve pretending to be someone else to deceive victims, companies, or institutions.
Forms:
Online impersonation (social media, email)
Government ID or document fraud
Corporate executive impersonation (CEO fraud, business email compromise)
Legal Basis:
Criminal statutes against fraud, forgery, and identity theft.
Cybercrime laws under CFAA and state cyber laws.
⚖️ PART II — Landmark Cases
Case 1: United States v. Vladimir Drinkman (2015 – Identity Theft & Account Takeover)
Facts:
Drinkman led a cybercrime ring that stole 160 million credit card numbers from retailers in the USA and Europe.
Investigation:
Tracked hacking activity, malware, and server logs
Used forensic evidence from compromised databases
Judgment:
Convicted of conspiracy to commit wire fraud and access device fraud
Sentenced to 12 years in prison
Significance:
Largest identity theft case at the time.
Demonstrated the global scale of digital identity theft.
Case 2: United States v. Albert Gonzalez (2008 – Account Takeover & Data Breach)
Facts:
Gonzalez hacked TJX Companies, Heartland Payment Systems, and others, stealing millions of credit card accounts.
Investigation:
Forensic analysis of hacked networks
Tracing malware, IP addresses, and stolen data transactions
Judgment:
Convicted of wire fraud, identity theft, and conspiracy
Sentenced to 20 years in prison
Significance:
Showed that cybercriminals can profit massively from account takeover.
Highlighted importance of network security and forensic evidence.
Case 3: Facebook Impersonation & Fraud – Jane Doe v. Facebook (2018)
Facts:
A victim’s identity was stolen to create fake social media accounts, defaming her and soliciting money from her contacts.
Investigation:
IP logs and email records traced the perpetrator
Cooperation with law enforcement led to account takedowns
Judgment:
Perpetrator arrested for identity theft and online impersonation
Victim received civil damages for defamation and fraud
Significance:
Illustrates social media impersonation and fraud.
Shows the role of platform cooperation in identifying offenders.
Case 4: United States v. Edward Majerczyk (2019 – Netflix Account Takeover & Email Phishing)
Facts:
Majerczyk obtained thousands of usernames and passwords from phishing campaigns, including Netflix and other subscription services.
Investigation:
Forensic tracking of phishing emails and IP addresses
Recovered stolen credentials and linked them to the defendant
Judgment:
Convicted of wire fraud and identity theft
Sentenced to 5 years in federal prison
Significance:
Demonstrated that even low-value account takeovers have criminal liability.
Reinforced prosecutorial ability in cyber-fraud cases.
Case 5: United States v. Kelly (2013 – IRS Impersonation & Tax Fraud)
Facts:
Kelly impersonated IRS officials to convince victims to pay fake tax debts.
Investigation:
Traced phone calls, email communications, and bank deposits
Forensic accounting confirmed fraudulent transactions
Judgment:
Convicted of wire fraud, mail fraud, and identity theft
Sentenced to 10 years in prison
Significance:
Example of impersonation combined with financial fraud.
Highlighted need for public awareness and IRS verification.
Case 6: United States v. Roman Seleznev (2016 – Account Takeover & Credit Card Fraud)
Facts:
Seleznev stole over 1.7 million credit card numbers via malware installed on point-of-sale systems.
Investigation:
International coordination (FBI, local police)
Cyber-forensic recovery of stolen card data
Judgment:
Convicted of wire fraud and identity theft
Sentenced to 27 years in prison
Significance:
Largest financial cybercrime sentence in U.S. history.
Demonstrated severity of penalties for digital identity crimes.
Case 7: United States v. Tyler Raj Barriss (2017 – Impersonation & Swatting)
Facts:
Barriss made fake emergency calls (“swatting”), impersonating victims and causing law enforcement to respond violently.
Investigation:
Tracked IP addresses and call logs
Linked perpetrator to deadly swatting incident
Judgment:
Convicted of wire fraud, conspiracy, and involuntary manslaughter
Sentenced to 20 years in prison
Significance:
Example of impersonation leading to physical harm or death.
Emphasized the criminal consequences of digital impersonation.
🧠PART III — Key Takeaways
Identity theft, account takeover, and impersonation crimes are increasingly digital.
Cyber-forensics—IP tracking, malware analysis, email logs—is central to investigations.
Victims suffer financial and reputational harm, requiring both legal and technical remedies.
Penalties are severe, often decades in prison for large-scale crimes.
These cases show the global nature of cybercrime and need for cross-border cooperation.
âś… Summary Table of Cases
| Case | Year | Jurisdiction | Crime Type | Outcome / Significance |
|---|---|---|---|---|
| U.S. v. Vladimir Drinkman | 2015 | USA | Identity theft | 12 years prison; 160M credit card numbers stolen |
| U.S. v. Albert Gonzalez | 2008 | USA | Account takeover | 20 years prison; TJX & Heartland breach |
| Jane Doe v. Facebook | 2018 | USA | Online impersonation | Civil damages & arrest; social media fraud |
| U.S. v. Edward Majerczyk | 2019 | USA | Account takeover | 5 years prison; phishing & credential theft |
| U.S. v. Kelly | 2013 | USA | IRS impersonation | 10 years prison; tax fraud & identity theft |
| U.S. v. Roman Seleznev | 2016 | USA | Account takeover | 27 years prison; POS malware fraud |
| U.S. v. Tyler Barriss | 2017 | USA | Impersonation / swatting | 20 years prison; deadly impersonation |
These cases illustrate how identity theft, account takeover, and impersonation intersect with cybercrime, financial fraud, and even physical danger.
RELATED Blog
comments