The Western Express Case

by John Bandler

The Western Express case was a groundbreaking prosecution of cybercrime and virtual currency money laundering from the Manhattan DA's office. It is a thread case throughout the book Cybercrime Investigations, used to illustrate various points.

The Western Express investigation revealed that cybercrime is an enormous global illicit economy which relies upon identity theft and virtual currencies.

Western Express International, Inc. was a virtual currency exchanger located in Manhattan. This exchanger facilitated payments between U.S. based identity thieves and cybercriminals from former Soviet countries. I started investigating it in 2005, and the last defendants went to trial in 2013. During my many years investigating it and it's customers from around the country and globe, I learned a lot about these crimes and the people who commit them.

The start of the investigation

The investigation started in 2015, at the time I was a relatively junior prosecutor and had just joined the newly created Identity Theft Unit (which would eventually be renamed the Cybercrime and Identity Theft Bureau). Robert Morgenthau was the District Attorney and he realized the scourge of identity theft and the need to properly investigate and prosecute it.

This new Identity Theft Unit operated on a shoestring budget, but with excellent leadership and cooperation with other law enforcement and financial institutions. The cases it made (including Western Express) were wide ranging and hard to match.

A single report of identity theft was received, the fraudulent use of a credit card. Where criminals commit crime for profit, the reported crime is often the mere tip of the iceberg, and that was true here too. A little investigation revealed dozens of related instances of credit card fraud, Further investigation would be investigated and reveal a global sprawling cybercrime economy.

Early virtual currencies

Virtual currencies were born in 1996 with e-gold, and 1998 with WebMoney. Many are familiar with Bitcoin and cryptocurrencies, but virtual currency was the predecessor and cybercriminals were early adopters of this internet payment mechanism.

In the Western Express case, cybercriminals and identity thieves paid each other with these early virtual currencies. Part of our investigation centered around tracing these funds and identifying the source of ill gotten gains and the purpose of the payments. By gleaning voluminous records relating to Western Express International, Inc. and other sources we were able to identify, charge, and extradite some of these customers.

The investigation

The investigation technically continued for eight years, until the guilty verdicts at trial. At the start, there were many things I did not know, investigation techniques I had never done. By the end, a lot had been done, including to obtain evidence and defendants from around the United States and even from beyond.

The first indictment

The first indictment was in 2006, charging Western Express International, Inc. and their high managerial agents with illegal check cashing, illegal money transmitting, and submitting false paperwork to some of their banks to hide the true purpose of their bank accounts. Search warrants were obtained, and a mountain of computers and documents were recovered. Defendants pleaded guilty but our investigation continued.

The second indictment

Review of the computers, documents, and other investigative avenues revealed that many of the exchangers customers were cybercriminals and identity thieves, using the exchanger to obtain virtual currency to pay each other, and then launder their illegal profits. We identified some of those cybercriminals and identity thieves, and they were charged by indictment with theft (larceny), money laundering, and other offenses. Western Express International, Inc. was also charged with money laundering. All were charged with conspiracy and Enterprise Corruption, New York's version of the federal RICO statute (Racketeer Influenced and Corrupt Organizations).

Arrests and extraditions

In various stages, defendants were arrested and ultimately extradited to New York County. Arrest locations included New York (Manhattan, Brooklyn, Queens), New Jersey, Louisiana, California, Oregon, Greece, and Czech Republic.

Pre-trial litigation

There was extensive litigation surrounding the Enterprise Corruption count, New York's version of the federal RICO statute. Enacted before the Internet, the focus then was traditional organizations crime, like the mafia. In our theory of the case, this cybercrime network of participants, with long running business ties were working together in a corrupt criminal enterprise. Ultimately, New York's highest court (the New York Court of Appeals) disagreed, ruling that New York's Enterprise Corruption statute did not apply to this type of conduct which they felt was arms-length.

That was disappointing. But on the bright side, the case survived all other challenges. Every other count survived pre-trial (and post-conviction) review, including conspiracy, grand larceny, money laundering, scheme to defraud, and more.

The trial

Most defendants pleaded guilty, but three proceeded to trial. The entire investigation was put to the test, and it was our job to prove every count beyond a reasonable doubt, and to the unanimous satisfaction of every juror.

Our trial team did a fantastic job preparing and trying the case and protecting my sanity.

This trial lasted about four months and then went to the jury for them to decide if we had proven our case.

The verdict

Waiting for the verdict is stressful. Every prosecutor and supervisor wants justice to win, but the career quality supervisors at DANY were the ones who know that you can do your best and be in the right and still lose.

Waiting for the verdict, they said words to the effect of "Whatever happens, you did your best, put years into this, and left it all on the playing field. Good job."

The verdict came, guilty as to every defendant, every count. Eight years of exhausting and stressful work had survived the final test and come to a successful end (almost).


After the guilty verdicts, the case proceeded to sentencing, and the judge sentenced the defendants.

And that was (pretty much) the end of the Western Express case.

After DANY

Eventually, after over twenty years of government service, it was time for something else. My understanding of cybercrime and technology could be helpful in the private sector, preventing and investigating cybercrime. And I wrote a book on cybersecurity and started teaching. I needed a quality book to accompany my teaching and to share what I learned from this long investigation. The book, Cybercrime Investigation started to take shape, and ultimately was published, with this Western Express case running throughout it.


The Western Express case was one of the earliest cybercrime and virtual money laundering criminal prosecutions. Amazingly, it was done by a local district attorney's office. Cybercrime is a pernicious and prevalent crime, tied to cybercrime, profitable and with low risk for the offenders. Organizations and individuals can play roles to protect themselves and respond to it. Government plays an important role to protect us, and needs to do better.

This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.

If you are a cybercrime victim, see the resources here, and contact me if you need professional assistance.

If your organization needs help with improving its cybersecurity and identity theft protection, feel free to contact me.

Additional reading on this site

Additional external reading

This article is hosted at, copyright John Bandler, all rights reserved.

This article is also available on at NOT YET (though not kept as up to date).

Originally posted 12/31/2022, updated 1/18/2023.