Industry News

Huge 20-year prison sentence for US cyber-crook


Does cybercrime pay? Do you think the rewards of ID theft, computer malware and online fraud are worth the risk of capture?

Well, if you do, consider the case of David Ray Camez, who has been sentenced to a 20 year prison sentence and ordered to pay $20 million restitution for his involvement with the organized crime website.

22-year-old Camez, who called himself “Bad man” and “doctorsex” online, was just one of over 5500 members of the which is said to have been responsible for criminal losses of approximately $50 million.’s business was the large-scale traffic of compromised credit card data, as well as money laundering and share knowledge of various types of cybercrime. If identity theft and cybercrime was your thing, was a one-stop-shop.

What the participants of didn’t realise, however, is that the authorities hadn’t turned a blind eye, and an undercover special agent had assumed the identity of a member of the criminal outfit when it was in its infancy.

Calling himself “Bad man” and “doctorsex” when participating on the organised crime website, Camez was in the business of buying and selling counterfeit Nevada and Arizona driver’s licences – little realising that one of the people he was dealing with was secretly working for the authorities.

During a subsequent search, the authorities discovered counterfeit credit cards, equipment used to manufacture counterfeit credit cards, counterfeit US currency and counterfeit identification documents. In addition, Camez’s computer contained software used to encode counterfeit credit cards and stolen identity information.

Fascinatingly, Camez was technically found guilty of participating in a racketeer influenced corrupt organization (RICO), the same legislation that has previously been the downfall of the likes of the Gambino Mafia crime family.

As The Verge explained at the time of Camez’s conviction last December:

With RICO, law enforcement can prosecute members of an organized crime organization, even if they aren’t found to have directly committed a crime. In this case, prosecutors argued that members of the web forum “” were part of a type of organized crime group, as they were required to go through a vetting process and to meet a number of security standards that would protect the forum from law enforcement.

In other words, it doesn’t matter anymore if you’re just a small part of a much larger criminal community – the US authorities are prepared to throw the book at you.

Camez is 22 years old. He has now been sentenced to spend 20 years in prison for his part in I don’t think I have ever heard of a cybercriminal receiving a tougher punishment.

You have to wonder – was it really worth it?

And Camez is not the last in the sights of the US crime-fighting authorities. He was just one of 39 charged in an indictment in January 2012. Seven others have already pleaded guilty, and two are scheduled for trial in June, and the rest are fugitives.

A further sixteen defendants have also been charged in the scheme, and 14 have pleaded guilty to date.

Cybercrime doesn’t pay folks. If you have any brains you will direct your skills, talent and entrepreneurial spirit to positive ends rather than risk spending the best part of your life behind bars.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.