Travon Williams, 33, was sentenced by the District Court for the Eastern District of Virginia to 9 years in jail for his role in a credit card fraud and identity theft scheme.
For more than two years, Williams led a gang that purchased thousands of stolen credit and debit card numbers from the dark web. The numbers were then encoded onto fraudulent cards and used to purchase merchandise such as gift cards and cigarette cartons. The cigarettes were sold on to buyers from New York City, who drove down to Northern Virginia to transport the cigarettes.
Williams is one of 12 defendants arrested in August 2017. He obtained $415,000 in proceeds from his crimes.
All 12 defendants have pleaded guilty for their roles in the scheme. Williams is the sixth to have been sentenced. The remaining six are due to be sentenced in February and March.
One day earlier, Thursday, Jan. 25, the DOJ announced that Jonathan Powell had been sentenced to six months in jail, 2 years supervised release and a restitution payment of $278,855 for computer fraud. He had obtained access to more than 1,000 email accounts from a New York City university in order to download sexually explicit photos and videos.
Powell had earlier pleaded guilty to the charge on August 9, 2017 in Manhattan federal court.
“Jonathan Powell used his computer skills to breach the security of a university to gain access to their students’ personal accounts,” said U.S. Attorney Geoffrey S. Berman. “Once Powell had access, he searched the accounts for compromising photos and videos.”
Specifically, he used the password reset utility to change email account passwords. He then used control over the email accounts to request password resets for the victims’ online accounts such as iCloud, Facebook, Google, LinkedIn and Yahoo. “POWELL then logged into the Linked Accounts and searched within the Linked Accounts, gaining access to private and confidential content stored in the Linked Accounts,” reports the DOJ announcement. “In one instance, POWELL searched a University-1 student’s linked Gmail account for digital photographs and for various lewd terms.”
Subsequent analysis of logs showed that Powell had accessed the password reset utility approximately 18,640 times between October 2015 and September 2016, attempting 18,600 password changes in connection with more than 2000 unique email accounts — succeeding in making 1378 changes to 1035 unique accounts.
After his arrest, he admitted to compromising email accounts at other educational institutions in Arizona, Florida, Ohio and Texas.
Related: Unpatched WordPress Password Reset Flaw Disclosed
Related: Facebook Password Reset Flaw Earns Researcher $15,000