2 Winona State Students Are Suspected of Involvement in Large-Scale Cybercrimes

Two foreign-exchange students at Winona State University are suspected of participating in a major cybercrime ring based in Vietnam, according to recently unsealed court documents, the Star Tribune of Minneapolis reports.

The cybercrime ring used stolen identities to set up eBay, PayPal, and U.S. bank accounts, said the Star Tribune, in a report based on information in the unsealed court documents and an affidavit filed by an investigator from the U.S. Department of Homeland Security. The students, Tram Vo and Khoi Van, had possession of more than 180 eBay accounts and over 360 PayPal accounts and accumulated close to $1.25-million, according to those documents. Members of the crime ring are believed to use those accounts to sell costly merchandise, bought using the hijacked bank accounts, at low prices to unsuspecting buyers.

College cybersecurity experts say that it is rare for college students to be suspected of committing such large-scale crimes, though campus networks are sometimes targeted by identity thieves looking for personal information.

The two students came under suspicion during “Operation eMule,” a Homeland Security Department investigation that focused on criminal rings in Vietnam that target online businesses. A check of public records suggested that no criminal charges have been filed against Ms. Vo and Mr. Van, the Star Tribune reports.

Alisa Finelli, a spokesperson for the Department of Justice, said that suspects are not tracked by whether they are college students and that information about possible continuing investigations of college students for cybercrime could not be released.

Kenneth Janz, chief information officer at Winona State University, said he believed it was the first incident of its type to be suspected at the institution. He said that it is unclear whether university computers or network were used to commit the suspected crimes. The Department of Homeland Security, which helped coordinate the investigation, wasn’t forthcoming about the details, Mr. Janz added.

“They asked for data; we provided it. I learned more by reading the Star Tribune,” Mr. Janz said. “I didn’t know about any of the details.”

Rodney J. Petersen, senior government-relations officer at Educause and director of its cybersecurity initiative, said he is aware of very few cases of college students being involved in large-scale cybercrime.

Gene Spafford, executive director at Purdue University’s Center for Education and Research in Information Assurance and Security, said that college campuses are no more likely to be the incubators of the sorts of criminal activities suspected in this case than anywhere else. Committing cybercrime, at the scale described in the documents, almost always requires a full-time commitment, he said.

Most of the attacks on college networks come from third parties who are using a college’s resources to launch attacks on computers not associated with the college, said Mr. Petersen. In some cases, personally identifiable information is compromised as a byproduct of those attacks, Mr. Petersen said.

No Winona students have been identified as victims of the ring.