Mario Simbaqueba Bonilla, 40, admitted in U.S. District Court in Miami to illegally installing keystroke logging software on computers in hotel business centers and internet lounges around the world. The software collected the personal information, including passwords and other personal identifying information that the victims used to access their bank, payroll, brokerage and other accounts online.
Bonilla used the data he intercepted from his victims -- mostly guests at U.S. hotels -- to steal or divert money from victims' bank, payroll and mortgage accounts into other accounts he created in the names of other victims. Then, via what the U.S. Justice Department (DOJ) called "a complex series of electronic transactions designed to cover his trail," Simbaqueba Bonilla transferred the stolen money to credit, cash or debit-card accounts and had the cards mailed to himself and others at commercial mailing addresses.
The majority of Bonilla's identity theft activity -- which he initiated from computers in Colombia -- targeted U.S. residents, including Defense Department personnel. According to the DOJ, Simbaqueba Bonilla used the stolen money to buy expensive electronics and luxury travel accommodations in various countries including Hong Kong, Turks and Caicos, France, Jamaica, Italy, Chile and the United States.
"Unfortunately, this is not an isolated case," R. Alexander Acosta, U.S. Attorney for the Southern District of Florida, said in a prepared statement. "The internet is an outstanding tool, but it is vulnerable. Criminals like Bonilla use the internet to steal our banking and personal data, and then our money. When you travel, think twice before entering personal or financial data on a public computer."
Federal agents arrested Simbaqueba Bonilla when he flew into the United States last August. The Columbian national, who flew on an airline ticket purchased with stolen funds, had a laptop purchased with stolen funds in his possession that contained the names, passwords and other personal and financial information of more than 600 people.
“It would be interesting to know if Bonilla used the unsecured, wireless, electronic transmissions of the hotel guests (unsecured wireless is often available in hotel lobbies) to also access or capture information,” R.M. Tracy, a former FBI special agent and the founder of the Privacy Trust Group, a security consultancy, told SCMagazineUS.com. “If the hotel computers were infected with keylogging programs or otherwise not effectively secured, this could have added to the problem. Why was it was mainly hotel guests who were victims? This begs more questions than it answers about what Bonilla was really doing and how he was doing it.”
“Consumers should be wary of accessing bank accounts from shared public computers that could have keystroke loggers or other malware on them,” Ed Mierzwinski, consumer program director of the U.S. Public Interest Research Group (USPRIG), a consumer advocacy organization, told SCMagazineUS.com. “Consumers should also be wary of accessing their accounts while using their own computers on unsecured Wi-Fi or other public networks.”