ICE agents nab almost $15 million from software pirate's Swiss bank account

U.S. Immigration and Customs Enforcement agents traced and seized about $15 million from sales of counterfeit antivirus software to a fugitive's Swiss bank account by relying on footwork and phone calls -- a nice break from cyber forensics, ICE investigators said on Friday.

Witnesses tipped off ICE's Homeland Security Investigations Directorate to suspect Shaileshkumar "Sam" Jain in 2007, according to federal officials. Through conversations with the informants, agents learned the former Bay Area man was selling bogus Symantec computer security software on numerous Internet websites, including discountbob.com, gito.com and winantivirus.com, according to a March 26 indictment.

"We used good, old-fashioned investigative techniques on this case, working with our overseas offices" and reading financial statements, said Joseph Vincent, assistant special agent in charge for ICE HSI in San Jose, Calif. "It was kind of refreshing, actually."

By May 31, the Swiss government had transferred all $14.8 million to the U.S. Treasury, pursuant to a federal seizure warrant.

When Jain fled the country three years ago after first being indicted for trafficking in counterfeit goods, among other things, ICE agents contacted partners in Buenos Aires, Argentina; Brasilia, Brazil; and Bern, Switzerland; to find out where he was hiding the proceeds. Through those and other domestic sources, U.S. officials discovered Jain had created a shell company called Rivonal Corp. and a pseudonym, Claudio Ferreira Dos Santos, to open accounts in Florida, New York, Switzerland and Connecticut, according to the March indictment.

While U.S. officials conducted most of their investigation offline, Jain depended on, and continues to depend on, the ambiguity of the Web to carry out his crimes. Photos of the goods -- Symantec's Norton AntiVirus and SystemWorks software -- in online advertisements almost looked like they had been cut and pasted directly from Symantec's website, Vincent said.

The indictment stated, "Consumers interested in purchasing genuine Symantec computer security software were either contacted by one of Jain's Internet-based companies through unsolicited email advertising, known as 'spamming,' or lured to those websites owned and operated by Jain, through 'pop-up' Internet advertising offering the sale of genuine Symantec products."

The items shown bore the registered trademark of Symantec and the software discs shipped to unsuspecting customers also displayed what looked like authentic Norton and Windows markings, Vincent said. They carried the imprint, "Copyright 2002 All Rights Reserved Symantec," he added.

In some instances, the victims did not know they were using fake software, Vincent said. The only apparent difference between the imitation and the real deal was the lower price of Jain's offering, $39.95, compared to the roughly$50 retail price.

Jain initially surrendered to ICE agents in May 2008, but then failed to appear for two January 2009 hearings in San Jose that were related to the case.The U.S. Attorney's Office for the Southern District of New York last month also indicted Jain on domestic and international money laundering charges.

Investigators are trying to locate Jain for extradition to the United States so he can face all charges.

Jain continues to leave a trail online through Twitter and Wikipedia.