The Western Express Case

by John Bandler

The Western Express case was a groundbreaking prosecution of cybercrime and virtual currency money laundering from the Manhattan DA's office. It is a thread case throughout the book Cybercrime Investigations, used to illustrate various points.

The Western Express investigation revealed that cybercrime is an enormous global illicit economy which relies upon identity theft and virtual currencies.

Western Express International, Inc. was a virtual currency exchanger located in Manhattan. This exchanger facilitated payments between U.S. based identity thieves and cybercriminals from former Soviet countries. I started investigating it in 2005, and the last defendants went to trial in 2013. During my many years investigating it and it's customers from around the country and globe, I learned a lot about these crimes and the people who commit them.

The start of the investigation

The investigation started in 2015, at the time I was a relatively junior prosecutor and had just joined the newly created Identity Theft Unit (which would eventually be renamed the Cybercrime and Identity Theft Bureau). The legendary Robert Morgenthau was the District Attorney and he realized the scourge of identity theft and the need to properly investigate and prosecute it.

This new Identity Theft Unit operated on a shoestring budget, but with excellent leadership and cooperation with other law enforcement and financial institutions. The cases it made (including Western Express but also many others) were wide ranging and hard to match.

A single report of identity theft was received, the fraudulent use of a credit card. Where criminals commit crime for profit, the reported crime is often the mere tip of the iceberg, and that was true here too. A little investigation revealed dozens of related instances of credit card fraud, Further investigation would be investigated and reveal a global sprawling cybercrime economy.

Early virtual currencies

Virtual currencies were born in 1996 with e-gold, and 1998 with WebMoney. Many are familiar with Bitcoin and cryptocurrencies, but virtual currency was the predecessor and cybercriminals were early adopters of this internet payment mechanism.

In the Western Express case, cybercriminals and identity thieves paid each other with these early virtual currencies. Part of our investigation centered around tracing these funds and identifying the source of ill gotten gains and the purpose of the payments. By gleaning voluminous records relating to Western Express International, Inc. and other sources we were able to identify, charge, and extradite some of these customers.

The investigation

The investigation technically continued for eight years, until the guilty verdicts at trial. At the start, there were many things I did not know, investigation techniques I had never done. By the end, a lot had been done, including to obtain evidence and defendants from around the United States and even from beyond.

The first indictment

The first indictment was in 2006, charging Western Express International, Inc. and their high managerial agents with illegal check cashing, illegal money transmitting, and submitting false paperwork to some of their banks to hide the true purpose of their bank accounts. Search warrants were obtained, and a mountain of computers and documents were recovered. Defendants pleaded guilty but our investigation continued.

The second indictment

Review of the computers and documents seized from Western Express plus other investigative avenues revealed that many of the exchanger's customers were cybercriminals and identity thieves, using the exchanger to obtain virtual currency to pay each other, and then launder their illegal profits.

We identified some of those cybercriminals and identity thieves, and they were charged by indictment with theft (larceny), money laundering, and other offenses. Western Express International, Inc. was also charged with money laundering. All were charged with conspiracy and Enterprise Corruption, New York's version of the federal RICO statute (Racketeer Influenced and Corrupt Organizations). New York's Enterprise Corruption statute was created from the state's Organized Crime Control Act (OCCA) of 1986.

Arrests and extraditions

In various stages, defendants were arrested and ultimately extradited to New York County (Manhattan). Arrest locations included New York (Manhattan, Brooklyn, Queens), New Jersey, Louisiana, California, Oregon, Greece, and Czech Republic.

Pre-trial litigation

There was extensive litigation prior to trial, especially concerning the Enterprise Corruption count, New York's version of the federal RICO statute. Enacted before the Internet, the focus then was traditional organization crime, like the mafia (Cosa Nostra) and how they corrupted legitimate businesses to achieve their illegal aims.

In our theory of the case, this cybercrime network of participants, with long running business ties were working together in a corrupt criminal enterprise. Ultimately, New York's highest court (the New York Court of Appeals) disagreed, ruling that New York's Enterprise Corruption statute did not apply to this type of conduct, which they felt was arms-length and capitalistic, insufficient to establish the structure required by the statute.

That was disappointing. But on the bright side, the case survived all other challenges. Every other count survived pre-trial (and post-conviction) review, including conspiracy, grand larceny, money laundering, scheme to defraud, and more.

The trial

Most defendants pleaded guilty, but three proceeded to trial. The entire investigation was put to the test, and it was our job to prove every count beyond a reasonable doubt, and to the unanimous satisfaction of all twelve jurors.

Our trial team did a fantastic job preparing and trying the case, and also protecting my sanity. For example, the court house where the trial took place has the worst elevator system in the world, with ten elevators the size of a small closet, where about half are out of service and the other half operate without any coordination, in the least efficient manner possible. Every day my co-counsel and paralegal would navigate the elevators with our trial cart, while I bypassed that annoyance and took the stairs up.

This trial lasted about four months and then went to the jury for them to decide if we had proven our case.

The verdict

Waiting for the verdict is stressful. Every good prosecutor and supervisor wants justice to win.

But it was the DANY career supervisors who were the ones who know that you can do your best, be in the right, and still lose. So they didn't wait for the verdict to come in, and they came by and said words to the effect of "Whatever happens, you did your best, put years into this, and left it all on the playing field. Good job and be proud."

The verdict came, guilty as to every defendant, every count. Eight years of exhausting and stressful work had survived the final test and come to a successful end (almost).

Sentencing

After the guilty verdicts, the case proceeded to sentencing. We (representing the People of the State of New York) recommended what we thought was fair and why. Because of the complexity of this case, my submissions were typically written, followed by oral argument in court (but most state court cases rely less on written submissions but more on verbal statements made in court). The defense recommended what they thought was fair, and ultimately the judge sentenced the defendants.

And that was (pretty much) the end of the Western Express case.

After DANY

Eventually, after over twenty years of government service, it was time for something else. My understanding of cybercrime and technology could be helpful in the private sector, preventing and investigating cybercrime. And I wrote a book on cybersecurity and started teaching. I needed a quality book to accompany my teaching and to share what I learned from this long investigation. The book Cybercrime Investigation started to take shape, and ultimately was published, with this Western Express case running throughout it as a thread case.

Conclusion

The Western Express case was one of the earliest cybercrime and virtual money laundering criminal prosecutions. Amazingly and uniquely, it was done by a local district attorney's office. Cybercrime is a pernicious and prevalent crime, tied to cybercrime, profitable and with low risk for the offenders. Organizations and individuals can play roles to protect themselves and respond to it. Government plays an important role to protect us, and needs to do better. Of course, many individuals in government are doing a great job and working as hard as they can, but I am just saying that government as a whole can and should do better.

This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.

If you are a cybercrime victim, see the resources here, and contact me if you need professional assistance.

If your organization needs help with improving its cybersecurity and identity theft protection, feel free to contact me.

Additional reading on this site

Additional external reading

This article is hosted at https://johnbandler.com/western-express-case, copyright John Bandler, all rights reserved.

This article is also available on Medium.com at NOT YET (though not kept as up to date).

Originally posted 12/31/2022, updated 8/27/2023.