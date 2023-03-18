New to the 2023 Hill Country Economic Summit held recently, the Kerrville Area Chamber of Commerce added a cyber security topic, featuring Lee McLoy, supervisory agent with the Federal Bureau of Investigations; and Luke Flores, digital forensic investigator with the Kerr County Sheriff’s Office, to highlight dangers of the internet and suggestions on how to be protected from online predators.
McLoy said when he was preparing for his presentation at the Hill Country Economic Summit, he recalled an incident with his daughter that happened years ago on a family trip to the beach.
“My daughter and I were playing in the waves. It was a beautiful day. The tide was very mild and we were having a lot of fun and were playing with a beach ball,” McLoy said. “I had my daughter in my arms. She was two years old at the time and I dropped the beach ball. I had been watching the ocean while I was playing with my daughter and I thought the conditions were fine, so I put my daughter down at my feet. I turned around and took two steps and grabbed the beach ball. What I could not see coming was a wave like I had not seen all morning. It knocked my two-year-old daughter down and she started to drift away from me. So, I grabbed my daughter and I just remember being freaked out, to be honest with you.”
McLoy said this experience is a metaphor for the dangers that citizens can’t see coming on the internet.
“That’s what I want to talk to you about today,” McLoy said.
To illustrate the unforeseen dangers lurking in cyberspace, McLoy shared details of two active cases he is working.
McLoy said the first case began with a call from a local prosecutor on a suspect convicted of cyber stalking.
“But, while the suspect was on probation, he continued to do what got him convicted in the first place,” McLoy said. “The case existed in a small community, not unlike Kerrville. He was convicted of one victim, but by the time the FBI took over the case, we found out it was 15 additional victims.”
McLoy said one of the victims was a minor.
“What the suspect was doing what not unlike what you do every day if you have a Facebook account,” McLoy said.
According to McLoy, the suspect used his true identity, as well as a fake identity, to send “friend” requests via Facebook, which all the victims accepted.
McLoy said, “Once he had access to their photos and photo library on their Facebook account, he started taking photos from their Facebook account and saved them to his computer. Once he had them saved to his computer, he would use his own software and essentially Photoshop those women into some very heinous pornographic images.”
The images were placed on other pornographic websites.
McLoy said he had to interview the victims and show them the images to confirm that they were fake.
McLoy said the suspect was convicted of the additional charges in 12 months and given a 38-year, four-month sentence, “because what he did was so offensive to the judge.”
According to McLoy, the suspect in this case was convicted in a federal court, which does not allow for parole. The suspect will serve at least 35 years, McLoy said.
“Like I said, we had to sit down with each one of these victims and look at these images. I was sitting with one victim and her fiancee. At first they seemed kind of gigglish, until they saw how bad some of the images got,” McLoy said. “The other thing we had to talk to the victims about is that we can’t pull those images off of the internet.”
He said a lot of the images were being stored on servers outside of the United States.
“Nine of the victims knew the suspect. When they accepted his friend request, they were extending trust to him,” McLoy said. “It’s important to stay vigilant on information that you are putting out on your social media sites.”
He then asked, “By a show of hands, is there anyone here that doesn’t think that something like this could happen in Kerrville?”
No one raised their hand. “That’s good, because that case did happen here.”
The second case McLoy shared details on began in August, with the suspect being indicted and currently in custody.
According to McLoy, the case involved three social media platforms, including Facebook, SnapChat and an emerging platform named Yubo.
“Through our investigation, we could see that this suspect’s behavior began in the summer of 2019, but escalated during COVID,” McLoy said. “That’s because a lot of these victims were female and a lot of them were students in high school and they were home on the internet and they were bored.”
McLoy said intially, four victims were identified, but through the course of the investigation, the case now involves potentially 80 victims.
According to McLoy, the suspect created fake profile Yubo accounts, which McLoy described as a “teenage dating app.”
“He would portray himself as a 16-17-year-old high school student,” McLoy said. “But, the reality is he is a very heavyset 25-year-old man who worked out of his home.”
McLoy said in almost every instance, the victim included their age in their online profile.
“The suspect is looking for that,” McLoy said. “He is primarily looking for teenage girls between the ages of 13 and 17.”
Although, McLoy said, some of the victims of this case were adult females as well.
“After befriending the victims, the suspect would eventually move them over to SnapChat,” McLoy said. “Once on SnapChat, the suspect knew exactly where that victim lived.”
According to McLoy, the suspect would then obtain personal information from the teenage and adult victims that would eventually incriminate them. The conversations seemed harmless to the victims, who believed they were speaking with a 16-year-old boy.
However, admissions of previously having sex or drinking became weapons for the suspect who then extorted money, “sexy selfies” and, in at least one instance, sexual favors.
“The suspect would take screenshots of the conversations and put it in a Facebook chat session that was going to be sent to the victim’s parents,” McLoy said. “This suspect had done an investigation on the victim like the FBI does in an effort to essentially create child pornography.”
McLoy said that during the course of the investigation, he was able to obtain from a 13-year-old victim’s parents that their daughter had conceded to having a sexual encounter with the suspect as payment in the sextortion case.
McLoy said the investigation was difficult for both law enforcement and the victims, saying that at least one of the victims took her own life over the incident.
“The suicide rate in these cases is very high,” McLoy said. “The lessons learned, as I see as both an agent with the FBI and a parent, is that parents are giving cell phones to their children and the children are downloading apps that the parents have no idea what the capacity is for that technology. So, the parents are putting trust in an app that they are not familiar with.”
McLoy suggested researching the apps children are using and learn how to “lock” the apps from the phone or how the children are using the apps.
Investigator Luke Flores
Flores acknowledged Kerr County Sheriff Larry Leitha and KCSO Capt. Jason Waldrip, saying they have been instrumental in helping expand the digital forensic unit within the sheriff’s office.
“The previous sheriff (Rusty Hierholzer) allowed it to begin and Sheriff Leitha has envisioned how he wants it to grow in the future,” Flores said. “My main responsibility is digital forensics. Every crime that is committed these days has some sort of digital component, whether it is a cell phone or a computer and there is evidence on those digital components that we need to get for our cases.”
Flores said that previously, KCSO administration would turn over the devices to a federal or state agency to obtain the data to be used for evidence.
“Some of these agencies right now are 16 months behind in a back log,” Flores said. “The Secret Service is behind a year. When you are talking about moving a case through the system, it’s important to get that information quickly, so that’s what our digital forensic program here allows us to do.”
Flores said his turnaround time currently is about two weeks, which he said is made possible by a commitment from Leitha, and grant funding through the United States Secret Service for the equipment and software.
In return, Flores said he also assists Secret Service agents on investigations when needed.
Flores said that recent statistics show that 847,000-plus complaints are filed on average of internet fraud cases through the FBI annually through the official complaint website of www.IC3.com. The financial loss in these complaints, Flores said, totals $6.9 billion.
“Cyber security, on a granular level, for each of you in your businesses is very important, but it is often overlooked because of limited resources and the use of outdated technology,” Flores said.
Flores urged the audience to upgrade operating systems to their computers, which Flores said is first step in remaining safe online.
“These upgrades provide patches to fix vulnerabilities in the system,” Flores said. “These hackers have nothing but time to pound away on their keyboards to break whatever it is that we are using. If they can do that, they can get in and exploit vulnerabilities. These upgrades patch those vulnerabilities.”
Flores also explained the importance of training each employee on the importance of cyber security in the work place.
“Each and every one of us are responsible for cyber security where we work, because we are the ones out there clicking on the things that shouldn’t be clicked on,” Flores said.
Flores offered the following suggestions to increase cyber security:
• Register all similar domain names that can be used for spoofing attacks;
• Create e-mail rules that flag and delineate e-mails received from unknown domains and also monitor creation of new e-mail rules within the e-mail server environment;
• Authenticate all financial transactions through use of dual factor authentication methods;
• Confirm all changes in payment methods with source using trusted authentication methods;
• Know the habits of those with whom financial transactions are conducted;
• Educate employees, clients, vendors, etc. on business e-mail compromise;
• Conduct a business e-mail compromise drill similar to anti-phishing exercises.
Within the last year, Flores said, an e-mail phishing scam was successful with a local resident concluding a real estate transaction by wiring $400,000.
The victim received an e-mail with new instructions on wiring the funds via an e-mail that was from a scammer.
The victim wired the money and then learned of the error and contacted KCSO. Flores and federal agents were ultimately able to recover the money, but not all victims are as lucky, Flores said.
He explained that phishing criminals have generally already hacked an e-mail account and are monitoring it regularly for an opportunity to steal money, such as with the real estate transaction.
“Once they see the opportunity, they will create similar looking e-mail templates with official looking logos and letterhead to send instructions for wiring the money,” Flores said. “They will also create very similar e-mail addresses to send the fake e-mail from.”
Flores urged citizens to be vigilant in looking for clues within any email asking for money, such as verifying the e-mail is from the real person they have been communicating with, or even calling to confirm instructions for monetary transactions.
