PINDROP BLOG

Steal 54 Identities, Get 334 Years in Prison

Civil rights advocates and security researchers for years have been decrying the penalties that result from prosecutions under the United States’ Computer Fraud and Abuse Act (CFAA), saying they often are too harsh. But those sentences pale in comparison to what a Turkish man is facing after his second conviction for hacking and identity theft.

Onur Kopçak, a 26-year-old who had been convicted of stealing credit card information belonging to 11 victims, was sentenced on Sunday to 135 years in a Turkish prison. The conviction resulted from a scheme in which Kopçak and a number of accomplices built Web sites that looked like legitimate bank sites and then drove victims to them in order to steal their banking credentials.

This is the second time Kopçak has been convicted in this kind of scheme. Three years ago, he was convicted of similar crimes for stealing credit card details belonging to 43 victims. His sentence in that case: more than 199 years in prison.

The most-recent conviction brings Kopçak’s total prison sentence to more than 334 years.

Identity theft comes in a lot of shapes and forms, from the old-school version that uses information stolen from paper documents, to phone-based scams that prey on victims’ fears of the IRS, to the more automated schemes like the ones perpetrated by Kopçak and his cronies. Many countries have enacted legislation to criminalize most aspects of identity theft, but other tools, including caller ID spoofing, remain legal in most places.

Image from Flickr stream of Krystian Olszanski.