Hacking Ring Allegedly Stole Americans’ Identities, Rented Them to Gig Workers

The U.S. Department of Justice announced the indictment and arrest of several Brazilian nationals accused of stealing people identities and using them to create fraudulent rideshare and food delivery accounts.

May 19 2021, 4:10pm
On the Clock is Motherboard's reporting on the organized labor movement, gig work, automation, and the future of work.

Federal agents have arrested 14 Brazilian citizens in the U.S., accusing them of running a scheme to steal the identities of U.S. citizens in order to use these identities to sign up for rideshare and food delivery jobs. They then allegedly sold or rented out those accounts to people who would otherwise not be eligible to work in the United States. 

Last week, the Department of Justice announced the indictment of 24 Brazilian nationals in Massachusetts and California, of which 14 have been arrested. 

Advertisement

"These individuals are accused of executing a nationwide con in which they dragged thousands of innocent people into their scheme by stealing their identities," Acting U.S. Attorney for the District of Massachusetts Nathaniel R. Mendell said in a press release. 

The alleged criminals set up several accounts with different ridesharing and food delivery companies using stolen information from victims’ driver’s licenses and Social Security numbers. The feds say they then sold these accounts to other people, allowing them to circumvent the company's requirements to be hired, game the companies' referral bonus system, use bots to increase the income of the people they sold the fraudulent accounts to, and get the companies to generate IRS forms, according to the authorities. 

The federal complaints do not list the specific rideshare and food delivery companies that were targeted, but the arrests help explain a string of broken, hacked, and deactivated accounts and theories that rideshare and grocery shopping gig workers have had over the last year. On private Facebook groups during the pandemic, theories about how undocumented workers from Latin America were hacking Instacart and Amazon Flex accounts, scooping up bundles of orders using bots, and stealing credentials ran rampant. 

For a time, workers complained that it was impossible to get lucrative orders on many of the apps, but it is likely much of this was due to the rapid mass hiring of gig workers on many platforms during the pandemic. 

Advertisement

Many of the social media posts were blatantly racist, and divided gig workers along political lines, as some called out racism and xenophobia. . 

"There is a video circulating on the web of Brazilian hackers taking orders and Instacart does nothing," an Instacart shopper posted on Facebook last year. "They are people who in the great majority cannot work for the company because they do not have the necessary documents and still fuck with those who want to work honestly."

"I’m seeing so much racism and xenophobia being disguised as 'oh no [sic] the bots.' It’s seriously fucking disgusting," another Instacart shopper wrote on Facebook last year. "I’m sure bots exist but I’m not buying that they’re this massive conspiratorial problem whatsoever.

Do you have any information about any similar scams or hacks? We'd love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, on Wickr at lorenzofb, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com. You can contact Lauren Kaori Gurley by email lauren.gurley@vice.com or securely on Signal 201-897-2109.

The arrests also speak to the desperation undocumented immigrants can feel; finding work as an undocumented immigrant can be difficult and precarious. During the pandemic,most undocumented immigrants who lost their jobs did not receive unemployment benefits or stimulus checks the govenment gave out those legally allowed to work in the United States, and needed alternative sources of income. In this case, the people actually using these stolen accounts were paying this ring of alleged criminals for access to them; the complaint explains that some of the alleged criminals were charging between $200 and $350 per week to "rent" the accounts. One of the alleged fraudsters was receiving recurring Zelle transfers from more than 100 individuals. 

In California, the scheme began in 2018 with rideshare companies but then shifted during the pandemic in March 2020 to food delivery platforms as the Covid-19 pandemic sparked a rapid increase in demand for food and grocery delivery, according to the press release. 

Advertisement

The fraudsters are also accused of using GPS spoofing apps to "cut the line" for rides and food deliveries or to make trips appear longer than they were with the goal of collecting more money, according to court documents. 

Terrence Dupont, one of the agents who investigated the alleged crimes said in his affidavit submitted to the judge that the authorities obtained search warrants that allowed them to get bank records, text messages, and WhatsApp chats—which were backed up and stored on iCloud—between the co-conspirators. Dupont said that the alleged criminals obtained the documents and personal information of the victims "from various sources including the DarkNet."

A photo of a dark web forum where the alleged fraudsters purchased stolen documents. The photo was sent by one of the alleged criminals to one of their co-conspirators. (Image: Department of Justice.)

"The conspirators had templates of various states’ driver’s licenses, in which they edited victims’ information and customers’ photos," Dupont said in his affidavit. 

The agent also recommends the court to authorize law enforcement to force one of the accused to unlock their phone with their fingerprint. 

Authorities said they believe the group of fraudsters stole the identities of more than 2,100 victims. 

During the pandemic, many gig workers have had their accounts stolen and hacked, which resulted in them getting their hard-earned cash stolen. Instacart workers have been targeted by hackers too, prompting the company to deactivate their accounts, compounding the damage by locking them out of their income for days or weeks. 

The scam ring dismantled by the feds last weekk used different techniques. But this case underlines how gig workers have become a preferred target for criminals and scammers.

"Today’s arrests are the first strike back on behalf of those victims," acting U.S. Attorney Randy Grossman said in a press release. 

Tagged:

cybersecurity, labor, scams, gig economy, ridesharing, On the Clock, Instacart, worldnews

More
like this
"We Are Devastated": Instacart Is Deactivating Workers and They Don't Know Why
Instacart Workers Are Asking Users to #DeleteInstacart
Scammers Are Hacking Target’s Gig Workers and Stealing Their Money
The Twitch Hack Is Worse for Streamers Than for Twitch
Chinese Hackers Hid Hacked Data Inside a Donald Trump Picture
NYC Gig Workers Are Organizing Against Rampant E-Bike Theft and Assault
Google Blocked Russian Government Phishing Emails Targeting 14,000 Users
How the Mafia Is Pivoting to Cybercrime