Daniel Rigmaiden was caught and sentenced for filing large numbers of fraudulent tax returns, but it was how he did it and how he was caught that makes this story interesting. Looking at Rigmaiden’s case, it appeared as a standard IRS tax fraud case:
On April 7, 2014, Daniel David Rigmaiden, 34, formerly of Santa Clara, Calif., was sentenced by U.S. District Judge David G. Campbellto 68 months in custody (time served) and ordered to perform 100 hours of community service during a three-year term of supervised release. Restitution of over $395,000 was satisfied by the forfeiture and abandonment of Rigmaiden’s seized assets totaling over $470,000. Immediately prior to sentencing, Rigmaiden pleaded guilty to conspiracy, mail fraud and two counts of wire fraud.
The investigation of Rigmaiden commenced in the fall of 2007 after the IRS began to detect a significant number of possibly related fraudulent tax returns. At that time, Rigmaiden’s identity and involvement were unknown. As a result, the investigation team referred to him as “The Hacker.” An undercover investigation ultimately led to his arrest and execution of search warrants in Northern California in August 2008. The searches revealed significant evidence related to a sophisticated scheme to obtain $5.2 million in tax refunds in the names of innocent third parties and deceased individuals. Rigmaiden ultimately caused the payment of approximately $1,904,321 in fraudulent refunds into accounts and debit cards controlled by him and his co-conspirators, as well as accounts controlled by undercover agents. Up until Rigmaiden’s arrest and identification through fingerprint analysis, his true identity was unknown to the investigation team. Through the team’s efforts, it was determined Rigmaiden had anonymously operated through the use of third-party computers throughout the United States, was involved in acquiring identity information of deceased and living individuals, including their social security numbers, and was using that information to conduct a complex electronic bulk tax filing scheme.https://www.justice.gov/usao-az/pr/defendant-called-hacker-law-enforcement-sentenced-68-months-and-ordered-forfeit-over
The interesting details come when Rigmaiden was caught using a Stingray cell phone tracking device, a tool available to law enforcement. Outside getting his information via the Stingray, Rigmaiden sounded like a master with false identities. He was able to keep himself anonymous with false identities:
In June 2007, an IRS e-file provider notified the IRS that a large volume of tax returns had been filed through its website by an unknown person using an automated process. IRS agents subpoenaed the subscriber information for one of the IP addresses from which a return was filed and learned that the IP address was associated with a Verizon Wireless broadband access card provided to a Travis Rupard in San Jose, California. This access card, which was used to make a wireless connection between a computer and the Internet, became a key focus in the investigation.
In March of 2008, the IRS Fraud Detection Center in Austin, Texas (“AFDC”) identified a number of recently-filed fraudulent tax returns which directed that refunds be sent to various debit cards connected with a single Meridian Bank account. Doc. 873 at 9-10. IRS agents subpoenaed subscriber information for these fraudulent filings and found that some of the IP addresses ultimately traced back to the Verizon aircard and the related account maintained by Travis Rupard. Investigators also found the name “Travis Rupard” to be a false identity – the aircard account subscriber information provided by “Travis Rupard” listed a non-existent address, and the California driver’s license number provided by “Travis Rupard” was in fact assigned to a female with a different name.
On April 17, 2008, the Hacker contacted CI-2 through a secure e-mail account and provided detailed encrypted instructions for delivering $68,000 in proceeds from the tax-refund scheme to the Hacker. The Hacker directed CI-2 to wash the $68,000 of cash in lantern fuel to avoid drug detection dogs, double vacuum seal the currency, place the sealed cash inside a stuffed animal, and mail the animal in a gift-wrapped box with a birthday card addressed to a dying child. The Hacker instructed CI-2 to send the package to “Patrick Stout” at a FedEx/Kinko’s store in Palo Alto, California. Investigators found “Patrick Stout” to be another false identity – it was traced to a post office box in Sacramento, California, opened through the use of a fraudulent California driver’s license bearing a number assigned to yet another female with a different name.
The package containing $68,000 in currency was delivered to the FedEx/Kinko’s store on May 6, 2008. The next day, at approximately 5:00 a.m., a white male wearing a dark jacket and hood entered the store, presented identification in the name of Patrick Stout, and retrieved the package. The individual opened the package outside the store, removed the cash, discarded the shipping box, and then proceeded to a nearby train station where he eluded agents who had him under surveillance. The Hacker e-mailed CI-2 on May 8, 2008, and confirmed receipt of the money.
The government obtained an order from a Federal Magistrate Judge in the Northern District of California that authorized the installation of a pen register and trap and trace device to obtain additional cell site information, and a warrant authorizing the use of a mobile tracking device to communicate with the aircard. On July 16, 2008, agents used this mobile device to track the aircard’s location to unit 1122 of the Domicilio apartment complex in Santa Clara. The government then obtained information from the apartment complex indicating that unit 1122 was rented in the name of Steven Travis Brawner. The rental application listed a fake California driver’s license bearing a number that belonged to a female with a different name, and the handwriting of “Steve Brawner” on the apartment application was found by a handwriting expert to be similar to the handwriting of “Patrick Stout” on a post office box application. In addition, “Steve Brawner” had provided a fraudulent 2006 tax return when he applied to rent the apartment. Using this and other information generated during the investigation, the government obtained a warrant to search apartment 1122.
Finally, on August 3, 2012, at approximately 4:15 p.m., agents observed a person matching the description of Steven Brawner walking near the apartment. The person began to act suspiciously when he saw the agents, and then began running to evade the agents. After a foot chase through the surrounding area, Defendant was apprehended by local police officers who happened to be on the scene. Agents searched the suspect incident to his arrest and found a set of keys in his pocket. An agent took the keys to unit 1122 and confirmed that they fit and turned the door lock. The agent waited for the arrival of other agents with the search warrant before entering the apartment.
Once in the apartment, agents found identification bearing the suspect’s photograph and the name Patrick Stout, along with many of the pre-recorded $100 bills that were part of the $68,000 delivery in May. Agents also found the aircard, a laptop computer, and computer storage devices that eventually were found to contain much incriminating evidence. Fingerprints identified the suspect as Defendant Daniel Rigmaiden.https://casetext.com/case/united-states-v-rigmaiden-7
00:00:10:00 – 00:00:12:06
Today, on eCrimeBytes nibble
00:00:12:06 – 00:00:39:20
number 53, a Stingray catches a tax fraudster. Daniel Rigmaiden was caught and sentenced for filing large numbers of fraudulent tax returns. But it was how he did it and how he was caught that makes this story incredibly interesting. And I say this because we’ve covered a lot of tax fraud on eCrimeBytes in our full episodes and in our nibbles like this.
00:00:39:22 – 00:00:46:26
But there’s a couple details about this case that make it stand out compared to all the other ones that we’ve already covered.
00:00:46:26 – 00:01:08:12
So just a little bit of background. Daniel Rigmaiden, he is formerly from Santa Clara, California. He was sentenced by a judge for 68 months in custody and that ended up being time served and ordered to perform 200 hours of community service during a three year term of supervised release.
00:01:08:14 – 00:01:25:00
The restitution was over $395,000 and that was satisfied by the forfeiture and abandonment of Rigmaiden’s seized assets totaling over $470,000.
00:01:25:00 – 00:01:32:26
Prior to the sentencing, Rigmaiden and pled guilty to conspiracy, mail fraud and two counts of wire fraud.
00:01:32:26 – 00:01:47:00
Now he was caught because the IRS did an investigation back in 2007 because there was a significant number of potentially related tax fraud or fraudulent returns.
00:01:47:05 – 00:02:25:01
They came in, they didn’t know who was. They just started calling this person the hacker. And there was an undercover investigation that was conducted to try to find this hacker, as they called him. They were real unique in that naming huh? They said that this hacker tried to make $5.2 million in fraudulent tax refunds and ultimately got about $1.9 million in refunds sent out to him in debit cards.
00:02:25:01 – 00:02:49:21
So up until Rigmaiden’s arrest, they didn’t know who he was. They were still searching for him. Like I said, they call him the hacker. They had an undercover operation in order to try to determine who is who his identity was, so that way they can arrest him for all these crimes that they know he committed. Now, this is where the story gets really interesting.
00:02:49:23 – 00:03:28:23
This is where the Stingray comes and gets involved in this case. Now, a Stingray is not I’m not talking about the fish. I’m talking about an electronic device that basically law enforcement can use that they put out there that would make your cell phone or any other cellular device pair with it thinking it’s a cell tower. And what they’re able to do is do some technical trickery behind the scenes in order to triangulate where it is that your originating from when you’re using that mobile device.
00:03:28:26 – 00:03:50:04
Now, Rigmaiden used a lot of false identities. I’m going to read you a passage here that’s going to blow your mind about all these false identities. So they didn’t know who he was. The only thing they knew is that this attacker was using an air card, which is a cellular device to get on the Internet to do what he’s doing.
00:03:50:07 – 00:04:03:17
They at some point got authorization to use this Stingray in order to identify where this hacker was existing and where the source of the activity was coming from.
00:04:03:17 – 00:04:29:27
So what they did is the IRS did an investigation and they traced the fraudulent IRS returns to an IP address that they were able to trace to a Verizon air card, which is a cellular device that you could plug into a either a computer or it’s a standalone device that’s basically like wi fi, but it would connect through cell towers.
00:04:29:27 – 00:04:49:28
So it would give you a Wi-Fi connection to cell services. And that air card was registered to an individual named Travis Rupard in San Jose, California. Now, this card became the key focus of the investigation
00:04:49:28 – 00:05:09:25
When they did an investigation on the identity of Travis Rupard, they found it was the false identity. They found that the Air Card subscriber information of Travis Rupard listed not only the false identity, but non existant address and the California driver’s license number provided by this
00:05:09:25 – 00:05:17:24
supposed Travis Rupard was, in fact, actually assigned to a female to a different name. So it was fake as well.
00:05:17:24 – 00:05:19:00
So this is interesting.
00:05:19:00 – 00:05:37:21
At some point, the hacker starts communicating with a confidential informant that’s working for law enforcement, and they’re all trying to identify this person and they’re basically sending him money and that the hacker gives them instructions on what to do with the money.
00:05:37:21 – 00:06:06:07
And this is just incredible. So I’m going to read this to you verbatim. It says on April 17th, 2008, the hacker contacted the confidential informant through a secure email account and provide a detailed encrypted instructions for delivering $68,000 in proceeds from the tax refund scheme to the hacker. So you see here that law enforcement is trying to get in the middle and catch this hacker, but you’re going to see it’s not going to work out so well.
00:06:06:07 – 00:06:36:15
It goes on to say the hacker directed the confidential informant to wash the $68,000 of cash and land turn fuel to avoid drug detection dogs, double vacuum, seal the currency, place the sealed cash inside a stuffed animal and mail the animal in a gift wrapped box with a birthday card addressed to a dying child. Because I guess a living child would just raise too much suspicions.
00:06:36:15 – 00:07:05:06
Right? So then the hacker instructed the confidential informant to send that package to Patrick Stout at a FedEx Kinko’s store in Palo Alto, California. So Patrick Stout ended up being another fake identity. It was traced to a post office box in Sacramento and opened through the use of a fraudulent California driver’s license number, bearing a number yet assigned to another female with yet another different name.
00:07:05:06 – 00:07:09:09
So definitely a fake driver’s license account or driver’s license number.
00:07:09:09 – 00:07:41:04
So this money, the $68,000, was delivered to the FedEx Kinko’s. And on May 6, 2008, the next day, May 7th, 2008, at approximately 5 a.m., a white male wearing a dark jacket and hood entered the store presenting ID in the name of Patrick Stout and took the package. Individual opened the package inside the store, removed the cash, discarded the shipping box, and proceeded to a nearby train station where he eluded agents who had him under surveillance.
00:07:41:04 – 00:07:48:23
So then the hacker emailed the confidential informant after this and said, Hey, got the money? Crazy, right? They didn’t even catch him.
00:07:48:23 – 00:08:14:29
So at this point they, meaning the investigators, get a trap and trace device to get more cell site information and they get the authorization to use a mobile tracking device to communicate with the air card. And although it didn’t say the word Stingray, when I read that and I know the technology behind it, that’s what I believe that they’re saying in the court documents.
00:08:14:29 – 00:08:42:04
This is the point where they’re able to use the Stingray. And on July 16th of 2008, agents used this mobile device, a.k.a. the Stingray, to track the air card’s location to unit 1122 of an apartment complex in Santa Clara, California. And so then they took a look at who owns this, and they found it’s rented in the name of a Steven Travis.
00:08:42:09 – 00:09:14:07
Brawner on the application. Surprise, surprise, elicit a fake California driver’s license bearing a number that belonged to a female with a different name and the handwriting of Steve Brawner on the application was found to be similar to the handwriting of Patrick Stout on the post office box application of where the money was picked up. So they’re starting to trace the two into what looked like two individuals.
00:09:14:07 – 00:09:15:25
Now they’re saying as one individual.
00:09:15:25 – 00:09:28:05
And in addition, Steven Brawner had provided a fraudulent 2006 tax return when he applied to rent the apartment, which is what this is what they’re investigating as fraudulent tax returns.
00:09:28:05 – 00:09:44:16
So eventually the government got a search warrant to apartment one, one, two, two, And on August 3rd, 2012, agents observed a person matching the description of Steven Brawner walking near the apartment.
00:09:44:19 – 00:10:10:25
He started acting suspiciously when he saw the agents and beginning to running or I’m sorry, he began to run to evade the agents. So on August 3rd, 2012, at approximately 415, PM agents observed a person matching the description of Steven Brawner walking near the apartment. The person began to act suspiciously when he saw the agents and took off running.
00:10:10:27 – 00:10:29:06
The agents chased him on foot. They caught him. They searched a suspect and they found keys in the pocket. Where do you think the keys went to? Apartment 1122. And when they went in, agents took a look around because now they have a search warrant.
00:10:29:06 – 00:10:36:18
And once inside the apartment, they found identification. And it has a suspect’s photograph, photograph on it.
00:10:36:20 – 00:10:44:01
And it says Patrick Stout. Well, that was the name back at the $68,000 FedEx Kinko’s if you remember.
00:10:44:01 – 00:11:12:08
And they also found a bunch of prerecorded $100 bills that were part of the $68,000 back in May with Patrick. So agents also found the air card that they were trying to find with the Stingray. And it wasn’t until after all this that they fingerprinted the dude and they figured out that it was defendant Daniel Rigmaiden.
00:11:12:11 – 00:11:24:10
So this whole time they had all these false identities and they didn’t even know who it was until they actually had a physical fingerprint and they were able to put identity to the person that was committing all these crimes.
00:11:24:10 – 00:11:56:14
This is a crazy story and we’re definitely going to have to do an eCrimeBytes full episode on this one because there’s a lot of stuff that I had to leave out of here and speaking of which, if you like these eCrimeBytes, this quick eCrimeBytes nibble, you’re definitely going to like one of our eCrimeBytes full episodes where we take a case like this and we go more in-depth into the crime, the technology, the technology behind the crime, the people behind the crime, how they’re caught and what happens in court and, you know, if they’re punished and what that punishment is.
00:11:56:16 – 00:12:01:05
So I hope to see you over there on one of those full episodes soon. Thanks for sticking around
00:12:01:05 – 00:12:03:13
and see you then. All right, bye.
#ecrimebytes #electronic #truecrime #podcast #humor #funny #comedy #tax #fraud #irs #stingray #cellphone