A Department of Justice filing calls out five known defendants, including one former Department of Army civilian, in a military benefits fraud scheme that stole millions from service members and the U.S. government. Over the course of five years, Frederick Brown, a civilian medical records technician at the 65th Medical Brigade at Yongsan Garrison, South Korea, copied and transmitted service members’ personal information, including names, social security numbers, Department of Defense ID numbers, and other personal information.
Over the course of multiple years, Brown is alleged to have taken photos of service member and dependent PII with his smartphone. The indictment doesn’t indicate the number of service members affected, but does highlight that Brown took advantage of a specific feature that allowed him to view the records of 10 service members at once. Given the length of time the scam was perpetuated, and the focus on stealing volumes of data, the number affected could be significant.
eBenefits: Easily Lifted
The stolen PII was used to compromise Department of Defense Self-Service Logon (DS Logon) accounts. the DS Logon system is maintained by the Defense Manpower and Data System. It allowed service members to access more than 70 non-public websites using a common username and password. Some of the websites that could be accessed contained personal and financial data. The DS Logon could be used to alter the bank accounts were salary, pension and disability payments were paid. The DS Logon site required PII and security questions – not the dual-factor CAC login that is required by many military websites.
Using the DS Logon site, the individuals accessed and stole funds from the personal bank accounts of service members. The theft wasn’t just directed at defrauding the government of benefits, but was directly aimed at the pocketbooks of service members. Beyond that, the defendants specifically targeted older veterans who would be less likely to use the DS Logon site themselves, as well as disabled veterans more likely to receive more sizable benefits.
The Department of Justice filing included details on the lengths to which the defendants took to defraud the individual service members, including calling bank institutions claiming to be the service member, initiating wire transfers from accounts and when that fraud was identifying, using the DS Logon site to change the banking institutions where future payments would be made. One of the victims mentioned in the filing was a 76-year old 100% service disabled veteran and prisoner of war. The defendants specifically targeted the former prisoner of war, with one screenshotting a picture of his eBenefits page and sending the message, “Have Big money. may be…” according to the DoJ filing.
The five defendants, including the Army civilian employee, two other U.S. citizens, a South Korean citizen and an Australian citizen, are charged with multiple counts of conspiracy, wire fraud, and aggravated identify theft.
“These defendants are alleged to have illegally defrauded some of America’s most honorable citizens, our elderly and disabled veterans and servicemembers,” said Attorney General William P. Barr in a statement. “Through today’s action, the Department is honoring our pledge to target elder fraud schemes, especially those committed by foreign actors using sophisticated means, and to protect the veterans of our great country.”
The case points to the depths malicious actors will go to perpetuate fraud, the callousness, and also the benefit of an insider. It’s unclear how Brown was able to take pictures of PII undetected over such an extensive period of time, but it’s a reminder of the damage that can be done by an individual with the right access.