Phishing and YouTube marijuana videos send man to jail for 13 years

Filed Under: Data loss, Law & order, Phishing, Spam

FBI logoA Los Angeles man has been sentenced to a total of 13 years in jail after being found guilty of leading an international phishing operation, and growing marijuana on an industrial scale in his house.

27-year-old Kenneth Joseph Lucas II was sentenced after judges found the Los Angeles man guilty of leading the US branch of an international phishing operation that stole banking login details through spam email and bogus websites.

In addition, Lucas found himself on the wrong side of the law for growing more than 100 marijuana plants in his home, in a set-up which included an irrigation system, fans, indoor lighting and ventilation. He was clearly proud of his industrial scale marijuana operation as he posted videos on YouTube showing off his set-up.

What a plonker.

A fish, a frying pan, a marijuana leafLucas was the lead defendant in part of a multinational investigation known as "Operation Phish Phry". The operation, which spanned the United States and Egypt, led to charges against 100 individuals in total - the largest number of defendants ever charged in a cybercrime case according to an FBI press release

As a result of Operation Phish Phry, 47 people have been convicted in federal court in Los Angeles.

Here's how Operation Phish Phry worked.

Egyptian scammers would spam out emails that claimed to be from online banks. Victims would receive the emails, click on the links, and be directed to fake websites that pretended to be the online banks and enter their passwords, account numbers and other personal identifiable information.

The victims' real bank accounts would be broken into, using the stolen information, and scammers in Egypt would transfer funds from the compromised accounts into other accounts.

Meanwhile, the US part of the phishing ring run by Lucas and two others recruited runners to set-up and use bank accounts which received the stolen funds.

The ring leaders would alert the runners through various methods (SMS, internet chat, and phone calls) to withdraw the cash and send it to them via Western Union. A portion of the money stolen was then transferred via wire services to the Egyptian gang members.

The total amount of money stolen in this way was estimated to be more than $1 million.

So, don't doubt that the threat is real - and significant amounts of money have been stolen through phishing. Banks and consumers alike need to take security seriously and make it harder for criminals to break into accounts and steal our hard-earned cash.

Sophos has published some best practice guidelines to help you avoid being phished.

, , , , ,

You might like

7 Responses to Phishing and YouTube marijuana videos send man to jail for 13 years

  1. docqualizer · 1561 days ago

    The man was an idiot for posting the plants on line and thinking he would not be caught. He was also an idiot for thinking that eventually his phishing scheme would not be found out.

    Now he gets to spend some wonderful fun filled years in the Federal Prison system.

  2. the9thfloor · 1561 days ago

    For the Phishing scam alone.. I think he should have gotten at least 25 years. No joke.
    As far as the other issue. add another depending. Since he likes to mix up his hobbies. I think he should have gotten more years for the phishing scam than the weed. It does more damage. however in this case. I seriously don't think 100 plants is for personal use. It's not the videos so much as the deeds..don't you think? Worded a bit odd or was that to catch attention for your page hits? Whatever the case. Found guilty of phishing and scamming ..then far more years should have been given out IMO.

  3. WippyM · 1561 days ago

    The guy had no shame, didn't he?

  4. "Plonker". Love the Brit slang, don't I?

  5. anon · 1561 days ago

    Seems a very lenient sentence in light of the ridiculous sentences often handed out.

  6. Guest · 1561 days ago

    These crimes were committed two plus years ago. Arrested Oct 2009.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley