Thief used burner iPhones and Apple Pay to purchase luxury goods, Bitcoin, and diamond-enc...

Posted:
in General Discussion edited July 2021
Using stolen credit cards and Apple Pay, one identity thief was able to purchase more than $600,000 in luxury goods and nearly $100,000 of Bitcoin.

Image Credit: Apple
Image Credit: Apple


After purchasing more than 500 stolen credit-card numbers from the dark web, Atlanta resident Aaron Laws found himself at the center of an elaborate scheme that would land him in federal prison for three years.

Laws entered the stolen credit card numbers into burner phones equipped with Apple Pay, allowing him to make purchases without presenting a physical card. According to MarketWatch, Laws also enlisted several co-conspirators, including his childhood friends, Dennison Ellis and Jeffrey Mayfield.

Between February 2017 and December 2018, Laws and his co-conspirators purchased more than $600,000 in luxury goods, including MacBooks, iPhones, a $35,000 Rolex watch, and a diamond-encrusted medallion shaped like a Bitcoin symbol. They targeted several locations, including the Apple Store and Best Buy, as well as jewelry stores across eight states.

Laws' diamond-encrusted Bitcoin medallion | Source: U.S. Attorney's Office
Laws' diamond-encrusted Bitcoin medallion | Source: U.S. Attorney's Office


On August 23, 2017, Laws purchased $93,000 worth of Bitcoin. At the time, Bitcoin was worth around $4000 per Bitcoin. In today's market, Laws' purchase would be worth nearly $745,000, assuming a price of $32,000 per Bitcoin.

Laws pleaded guilty, noting that he had "clearly made many poor decisions in this case." Laws struggled with depression and substance abuse after a knee injury prevented him from playing college basketball.

Laws was sentenced to three years in federal prison and ordered to pay $624,000 in restitution.

Laws' co-conspirators, Ellis and Mayfield, also pleaded guilty. Ellis was sentenced to six months in prison and ordered to pay $283,000 in restitution. Mayfield also was sentenced to jail time and ordered to pay $181,000.

Recently, a rash of iPhone thefts in Brazil served as yet another cautionary tale for users who store passwords in an unsecured location on their device.

Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.

Comments

  • Reply 1 of 12
    crowleycrowley Posts: 10,453member
    I can't remember from when I set up Apple Pay, it was a long time ago, but surely you need more than just the credit card number?
    watto_cobra
  • Reply 2 of 12
    Rayz2016Rayz2016 Posts: 6,957member
    crowley said:
    I can't remember from when I set up Apple Pay, it was a long time ago, but surely you need more than just the credit card number?
    You set up the phone and the bank confirms usually through SMS. 

    It could be that an extra check is needed: the mobile phone that the SMS is being sent to has the same number your bank keeps on file 
    bshankwatto_cobra
  • Reply 3 of 12
    lkrupplkrupp Posts: 10,557member
    Three years in prison is just a slap on the wrist. He’ll be out in 18 months and free to continue his work. Crime does pay after all. And how will the government make these perps pay the restitution they were ordered to pay? 
    watto_cobra
  • Reply 4 of 12
    XedXed Posts: 2,519member
    Rayz2016 said:
    crowley said:
    I can't remember from when I set up Apple Pay, it was a long time ago, but surely you need more than just the credit card number?
    You set up the phone and the bank confirms usually through SMS. 

    It could be that an extra check is needed: the mobile phone that the SMS is being sent to has the same number your bank keeps on file 
    That's the main reason I don't like SMS for 2FA. Spoofing a phone number isn't that hard for the motivated individual..

    lkrupp said:
    Three years in prison is just a slap on the wrist. He’ll be out in 18 months and free to continue his work. Crime does pay after all. And how will the government make these perps pay the restitution they were ordered to pay? 
    I agree. He's a nonviolent offender, but this sentence seems far too light.
    watto_cobra
  • Reply 5 of 12
    Rayz2016Rayz2016 Posts: 6,957member
    Xed said:
    Rayz2016 said:
    crowley said:
    I can't remember from when I set up Apple Pay, it was a long time ago, but surely you need more than just the credit card number?
    You set up the phone and the bank confirms usually through SMS. 

    It could be that an extra check is needed: the mobile phone that the SMS is being sent to has the same number your bank keeps on file 
    That's the main reason I don't like SMS for 2FA. Spoofing a phone number isn't that hard for the motivated individual..

    Seems to me that there’s some kind of biometric check missing here. It contacts the card issuer, the card issuer sends back a request for recognition, the phone responds with “yeah, that’s him.”  

    But there still needs to be some proof it’s you at the bank’s end. 
    watto_cobra
  • Reply 6 of 12
    crowleycrowley Posts: 10,453member
    I wonder what happens to the Bitcoin profit he made.  Surely that should get seized as the proceeds of a crime?
    watto_cobra
  • Reply 7 of 12
    netroxnetrox Posts: 1,415member
    "Laws pleaded guilty, noting that he had "clearly made many poor decisions in this case." Laws struggled with depression and substance abuse after a knee injury prevented him from playing college basketball."

    Millions have abused substances and had knee injuries but don't steal a million worth of stuff. His excuses are lame. 
    watto_cobra
  • Reply 8 of 12
    sflocalsflocal Posts: 6,092member
    Laws pleaded guilty, noting that he had "clearly made many poor decisions in this case." Laws struggled with depression and substance abuse after a knee injury prevented him from playing college basketball.

    This constant brushing off of responsibility gets really old.  This punk was obviously smart enough to know how to use technology and profit from it.  Imagine if he used his own money (though honest work of course) and did the exact same thing with Bitcoin?  No... he made a conscious decision to break laws.  Screw him and his childish excuses.  Countless people battle depression and substance abuse and still do their darnedest to walk an honest path.

    Laws was sentenced to three years in federal prison and ordered to pay $624,000 in restitution.

    I'm curious how the fine actual works for this person.  He stole money, bought bitcoin and profited handsomely from it.  Does he forfeit the profits made on bitcoin, and then be fined the $624K on top of that?  Or does he simply play the fine with all the profits and essentially starts at zero again?
    watto_cobra
  • Reply 9 of 12
    hentaiboyhentaiboy Posts: 1,252member
    sflocal said:
    Laws pleaded guilty, noting that he had "clearly made many poor decisions in this case." Laws struggled with depression and substance abuse after a knee injury prevented him from playing college basketball.

    This constant brushing off of responsibility gets really old.  This punk was obviously smart enough to know how to use technology and profit from it.  Imagine if he used his own money (though honest work of course) and did the exact same thing with Bitcoin?  No... he made a conscious decision to break laws.  Screw him and his childish excuses.  Countless people battle depression and substance abuse and still do their darnedest to walk an honest path.

    Laws was sentenced to three years in federal prison and ordered to pay $624,000 in restitution.

    I'm curious how the fine actual works for this person.  He stole money, bought bitcoin and profited handsomely from it.  Does he forfeit the profits made on bitcoin, and then be fined the $624K on top of that?  Or does he simply play the fine with all the profits and essentially starts at zero again?
    I suspect the credit card companies would like a piece of that. 
    watto_cobra
  • Reply 10 of 12
    MicDorseyMicDorsey Posts: 100member
    Xed said:
    Rayz2016 said:
    crowley said:
    I can't remember from when I set up Apple Pay, it was a long time ago, but surely you need more than just the credit card number?
    You set up the phone and the bank confirms usually through SMS. 

    It could be that an extra check is needed: the mobile phone that the SMS is being sent to has the same number your bank keeps on file 
    That's the main reason I don't like SMS for 2FA. Spoofing a phone number isn't that hard for the motivated individual..

    lkrupp said:
    Three years in prison is just a slap on the wrist. He’ll be out in 18 months and free to continue his work. Crime does pay after all. And how will the government make these perps pay the restitution they were ordered to pay? 
    I agree. He's a nonviolent offender, but this sentence seems far too light.
    Nonviolent?!?!? Who cares? These offenders need to serve actual jail time of 3 years minimum, plus a bonus of 1 year per $100K thereafter. And pay restitution. Or, as @lkrupp says, it amounts to a slap on the wrist. And while we're at it, how about some serious punitive sentences for perpetrators of malware and ransomware? It's not like they, oops, made a little boo-boo.
    watto_cobra
  • Reply 11 of 12
    XedXed Posts: 2,519member
    MicDorsey said:
    Xed said:
    Rayz2016 said:
    crowley said:
    I can't remember from when I set up Apple Pay, it was a long time ago, but surely you need more than just the credit card number?
    You set up the phone and the bank confirms usually through SMS. 

    It could be that an extra check is needed: the mobile phone that the SMS is being sent to has the same number your bank keeps on file 
    That's the main reason I don't like SMS for 2FA. Spoofing a phone number isn't that hard for the motivated individual..

    lkrupp said:
    Three years in prison is just a slap on the wrist. He’ll be out in 18 months and free to continue his work. Crime does pay after all. And how will the government make these perps pay the restitution they were ordered to pay? 
    I agree. He's a nonviolent offender, but this sentence seems far too light.
    Nonviolent?!?!? Who cares? These offenders need to serve actual jail time of 3 years minimum, plus a bonus of 1 year per $100K thereafter. And pay restitution. Or, as @lkrupp says, it amounts to a slap on the wrist. And while we're at it, how about some serious punitive sentences for perpetrators of malware and ransomware? It's not like they, oops, made a little boo-boo.
    The courts typically do. If you rob a person at gunpoint to get access to steal an identity and credit card numbers it's much worse than simply stealing that info without ever putting the person's life in danger.
    Alex_Vwatto_cobra
  • Reply 12 of 12
    uraharaurahara Posts: 733member
    It seems that they still made some profit (in financial terms) if we take into account the bitcoin price development. 
    watto_cobra
Sign In or Register to comment.