Dismantling the Internet mafia: RICO's applicability to cyber crime.

Author:Salvador, W. Joseph
  1. INTRODUCTION II. THE DEVELOPMENT OF THE RICO ACT A. The Origins of the RICO Act B. The Construction of the RICO Act C. RICO in Action III. THE EMERGENCE OF CYBER CRIME IV. RICO ACT AND CYBER CRIME: OBSTACLES AND SOLUTIONS A. Morrison Limitations on RICO Jurisdiction B. Misapplication of Morrison to RICO 1. Congressional Intent of RICO 2. Dodd-Frank Act C. CFAA as a RICO Predicate V. CONCLUSION I. INTRODUCTION

    In 1970, the United States Congress enacted the Racketeering Influenced and Corrupt Organizations Act ("RICO") to facilitate prosecution aimed at destroying the mafia. (1) RICO provides both criminal and civil causes of action against parties involved in racketeering. (2) After reaching its pinnacle in combating the mafia throughout the 1980s and 1990s, the number of civil RICO claims filed by private parties against legitimate corporate entities grew exponentially. (3) The growth of private actions, in association with antitrust cases, has caused RICO's potential to combat modern organized crime to be forgotten.

    There are billions of dollars of illicit profits made annually since the advent of cyber crime. (4) The potential profits and the anonymity that the Internet provides has attracted traditional organized criminal syndicates to online ventures. (5) Additionally, cyberspace has spawned a new type of criminal that specializes purely in crimes committed via the Internet. They profit through identity theft, fraud, and even cyber bank heists. (6) The cyber crime epidemic is so severe that the White House National Security Council believes it to be a national security priority because it "threatens sensitive corporate and government computer networks[] and undermines worldwide confidence in the international financial system." (7)

    Recently, Microsoft used an innovative approach to the civil RICO statute by applying it to cyber crime. (8) Additionally, an individual was convicted for the first time ever under criminal RICO charges in relation to organized cyber crime. (9) After successful utilization of the RICO statute in the United States District Courts to target Internet crimes, there exists precedent in which the courts recognize organized criminal cyber activities as mechanisms advancing a criminal "enterprise" as defined under RICO. (10) The RICO statute has the potential to protect private businesses from the growing onslaught of illegal Internet schemes, as well as assist law enforcement in prosecuting criminal cyber syndicates. However, RICO's applicability to cyber crime is novel and several roadblocks must be addressed in order to best utilize the statute.

    Cyber crime is extremely transnational in nature. (11) Frequently, criminals in one country use web-hosting devices located in a second country to reach victims across the world. After the 2010 Supreme Court ruling in Morrison v. National Australia Bank, civil RICO cases with numerous foreign parties or substantial racketeering activities that occurred overseas are determined to be outside the jurisdiction of the United States courts. (12) Since the RICO statute is silent as to extraterritoriality, the Morrison ruling has the potential to obstruct prosecutions of cyber criminals abroad. (13)

    Congress enacted RICO over four decades ago, covering particular crimes that were frequently committed by traditional organized criminal syndicates at that time. However, organized criminals evolve and adapt to best take advantage of opportunities that present themselves. Cyber crime is committed through a different medium than previous crimes, and the enumerated violations of racketeering in the RICO Act do not cover the current varying degree of crimes being committed globally via the web. Members of Congress recognize that RICO has the potential to fight cyber crime, but Congress has not succeeded in passing new legislation to better facilitate RICO's applicability. (14)

    In March 2012, Microsoft's Digital Crimes Unit and U.S. Marshalls raided web-hosting facilities in Scranton, Pennsylvania, and Lombard, Illinois. (15) Microsoft seized servers and took possession of Internet domain names that were used to spread Zeus botnets. (16) A botnet is a network of computers running malware and, once installed onto an unsuspecting user's computer, it is capable of communicating code and instructions to and from other computers within the botnet network. (17) The Zeus botnet was spread through an email that downloaded malware onto a recipient's computer by clicking on links in the body of the message. (18) Usernames, passwords, and financial information were stolen by recording the keystrokes made on a recipient's computer. (19)

    The Microsoft Digital Crimes Unit, partnered with the Financial Services--Information Sharing and Analysis Center and the Electronic Payments Association, obtained a federal warrant for the seizure of the web devices by utilizing the civil section of RICO. (20) The plaintiffs applied the RICO Act by arguing that the botnet was "de facto an activity of a criminal organization." (21) This represented an innovative approach to addressing cyber crime. However, its incorporation into Microsoft's Zeus botnet case enabled the plaintiffs to pursue a consolidated civil case against everyone involved or associated with the Zeus botnet operation. As a private party harmed by such activities, Microsoft was able to seize the property causing the harm. (22) This was the first action in which a plaintiff successfully argued that a botnet was an activity of a criminal enterprise under RICO. (23)

    The initial success of utilizing RICO in addressing cyber criminal activity against the Zeus Botnet led to a second operation, again headed by Microsoft's Digital Crimes Unit. (24) This time the target was the Citadel Botnet, a global scheme that steals banking account information and is estimated to have caused losses of up to $500 million worldwide. (25) Again using the civil section of the RICO statute, Microsoft filed a complaint that led to a civil seizure warrant on June 5, 2013. (26) The warrant led to an FBI seizure of over 1,462 Citadel botnets in North Carolina, Pennsylvania, and New Jersey. (27) The seizure of the Citadel botnets in these three states was a major blow to cyber criminals' ability to infect unsuspecting users' computers within the United States.

    In December of 2013 in the District Court of Nevada, a federal jury made the first RICO conviction of a defendant involved in cyber crime. (28) The defendant was involved in an organization that called itself "Carder.su," based in the former Soviet Union, with upwards of 5,500 members. (29) Prosecutors were able to seek enhanced sentencing, as well as seizure and forfeiture of the website, through the utilization of the RICO statute. (30) Furthermore, prosecutors hoped the gravity of the sentencing that RICO carries would encourage other members of the organization to reach plea deals rather than face indictment under RICO. (31)


    The recent approach by Microsoft's Digital Crimes Unit and federal prosecutors illustrates RICO's potential to successfully combat online criminals and limit the tools they utilize to carry out their crimes. The civil section of RICO allowed the district court to fashion an appropriate remedy, a warrant, to protect businesses and commerce by seizing property that was used in furtherance of a criminal enterprise. (32) Similarly, federal prosecutors used RICO to forfeit a website and charge a member of an online criminal cartel for racketeering activity. (33) Nevertheless, the current language and interpretation of the RICO statute is not as well suited as it could be to fight cyber crime. In order to mitigate its shortcomings, it is necessary to understand RICO's origins, history, and construction.

    A. The Origins of the RICO Act

    In 1963, Joseph Valachi testified before the Senate's Permanent Subcommittee on Investigations. (34) In the nationally broadcasted Senate hearing, Valachi revealed the existence of "La Cosa Nostra," the Italian-American mafia crime families located in major metropolitan areas throughout the country. (35) He detailed the criminal activity, structural hierarchy, and inner-workings of the mafia. (36) His testimony identified individuals who were bosses and high-ranking members of various mafia "crime families." (37) Valachi highlighted the level of rampant corruption with public officials and even went as far as to call the mafia a "second government." (38)

    Prior to Joseph Valachi's testimony at the Senate, there was no formal government recognition of Italian-American organized crime syndicates. (39) For years, the Director of the Federal Bureau of Investigations, J. Edgar Hoover, repeatedly denied the existence of the mafia. (40) Valachi's nationally televised testimony revealed the mafia to the American public, but it also alerted Congress, in front of their constituents, to the full extent of the American mafia's crime and corruption across the country. The government could no longer ignore the existence of these criminal enterprises, and Congress immediately sought to fashion a weapon to facilitate prosecuting the mafia.

    B. The Construction of the RICO Act

    Congress responded to the Mafia by enacting the Organized Crime Control Act of 1970 ("OCCA"), which included RICO. (41) The bipartisan consensus concerning the need to address organized crime was evidenced by its 73 to 1 Senate approval. (42) The RICO Act was designed as a new legal weapon that would bring about the demise of the American Mafia by targeting "enterprise criminality" as opposed to the prosecution of illegal activities committed by an individual. (43) Congress believed the law would suppress organized crime's influence on interstate commerce, foreign commerce, and legitimate businesses. (44) The new legislation enumerated four crimes, making it unlawful 1) for any person with income derived from a "pattern of racketeering...

To continue reading