Death Star vs. Dearthy Star

Credit card security

In the Star Wars movie series, Death Star and Death Star II were the Galactic Empire’s ultimate terror weapons that could destroy an entire planet. Similarly, Justin Sean Johnson a.k.a. TheDearthStar and Dearthy Star, hacked the human resources databases of the University of Pittsburgh Medical Center (UPMC) with the intent of making lots of money from destroying the credit profiles of more than 65,000 employees. (I couldn’t resist a Star Wars analogy.)

Just as both Death Stars were destroyed by the Rebel Alliance shortly after they became operational, the U.S. Government has also shut down this 30-year-old former resident of Detroit, Mich., from committing any more aggravated identity theft.

Isn’t it ironic that Johnson went by TheDearthStar and Dearthy Star on the dark web? The word “dearth” means “a scarcity or lack of something.” (I’d say Johnson was lacking scruples, morals, and common sense.) 

Johnson carried out his identity theft scheme by stealing Personally Identifiable Information (PII) in 2013 and 2014. Then, he sold that stolen information including W-2 info, names, Social Security numbers, addresses and salary information on dark web forums. Other criminals who purchased the stolen information filed hundreds of false 1040 tax returns in 2014 using UPMIC employee PII.

Those bogus 1040 filings resulted in hundreds of thousands of dollars in false tax refunds that were converted into gift cards. Those gift cards bought Amazon merchandise that was shipped to Venezuela. In addition, Johnson stole and sold nearly 90,000 non-UPMC sets of PII to dark web buyers. (Purchasers used this info to commit more identity theft and bank fraud.) That particular scheme resulted in approximately $1.7 million in false tax return refunds, putting victims in the middle of a hot mess.

Johnson pleaded guilty to stealing and selling the PII and W2 info of tens of thousands of UPMC employees. He received 5 years in prions for Conspiracy to Defraud the U.S. and a maximum of 2 years for aggravated identity theft, or a total of 7 years behind bars.

Hopefully, Justin Johnson has received a clear message that hacking has serious consequences. (And let’s hope that those unscrupulous individuals on the dark web also got the message.) The U.S. Secret Service promises that there is no hiding place they cannot find crime lurking. (To close with another Star Wars analogy, you can be sure that “The Force” will definitely be with the U.S. Government as they seek out criminals in the darkest corners of the earth to protect potential victims from identity theft.)

Today’s Fraud of the Day comes from a Department of Justice press release, “Judge Sentences Michigan Man to 7 Years in Prison for Hacking UPMC HR Databases and Stealing Employees’ Personal Information,” dated October 18, 2021.

PITTSBURGH, PA – Justin Sean Johnson was sentenced on Friday to the statutory maximum sentence of 60 months’ incarceration for Conspiracy to Defraud the U.S., and the statutory maximum of 24 months for Aggravated Identity Theft, for a total of 84 months of incarceration, for hacking the human resources databases of the University of Pittsburgh Medical Center and stealing Personally Identifiable Information (PII) of more than 65,000 UPMC employees, Acting United States Attorney Stephen R. Kaufman announced today.

Chief United States District Judge Mark R, Hornak imposed the sentence on Johnson, aka TheDearthStar and Dearthy Star, age 30, formerly of Detroit, Michigan.





Previous articlePandemic Pie
Next articleCut and Paste

Larry Benson, Senior Director of Strategic Alliances, LexisNexis Risk Solutions - Government

Larry Benson is responsible for developing strategic partnerships and solutions for the government vertical. His expertise focuses on how government programs are defrauded by criminal groups, and the approaches necessary to prevent them from succeeding.

Mr. Benson has 30 years of experience in sales and business development. Before joining LexisNexis® Risk Solutions, he spent 12 years founding and managing two software technology startups. During the 1990s he spent 10 years as a Regional Director helping to grow a New England-based technology company from 300 employees to 7,000. He started his career with Martin Marietta Aerospace working on laser guided weapons and day/night vision systems.

A sought-after speaker and accomplished writer, Mr. Benson is the principal author of “Fraud of the Day,” a website dedicated to educating government officials about how criminals are defrauding government programs. He has co-authored WTF? Where’s the Fraud? How to Unmask and Stop Identity Fraud’s Drain on Our Government, and Data Personified, How Fraud is Changing the Meaning of Identity.

Benson holds a Bachelor of Science in Physics from Albright College, and earned two graduate degrees – a Master of Business Administration from Florida Institute of Technology, and a Master of Science in Engineering from Lehigh University.