|By Jay Weaver, The Miami
HeraldMcClatchy-Tribune Regional News
Jan. 10, 2008 - With a willing ex-wife as his partner in crime, a Colombian engineer's clever scheme to steal thousands of dollars from unsuspecting travelers worldwide went undetected for years.
Then Mario Alberto Simbaqueba Bonilla's high-tech computer crime spree accidentally attracted the attention of the Pentagon.
In spring 2006, Defense Department officials discovered someone had hacked into the personal financial accounts of 17 U.S. soldiers and fleeced their payroll deposits along with mortgage, car, and other payments. Investigators tracked the trail of electronic evidence to Simbaqueba.
On Wednesday, Simbaqueba, 40, pleaded guilty in Miami federal court to tapping into hotel business-center computers here and in other cities to swipe personal financial information from hundreds of travelers to pay for his lavish international lifestyle. Simbaqueba stayed in first-class hotels in places such as Hong Kong, Italy and Dubai, and bought expensive electronics, jewelry and clothing for himself and his many girlfriends.
The Defense Department employees were among more than 600 people -- mostly business travelers and college students -- whose identities were found on Simbaqueba's laptop computer, seized upon his arrest last August at Miami International Airport. His total take: between $400,000 and $750,000, prosecutors say.
Dozens of companies, including Chase Manhattan Bank, E*Trade, and American Airlines, ended up covering most of the victims' financial losses.
Simbaqueba pleaded guilty to a 16-count indictment charging him with conspiracy, fraud, and identity theft before U.S. District Judge Paul Huck, who could send him to prison for seven to 10 years. A sentencing hearing is set for March 19.
Federal prosecutors said Simbaqueba's computer caper was a cautionary tale for travelers who use the Internet for everyday financial transactions at hotel business centers.
"I wish this was a complex scheme, but it was breathtakingly simple," said U.S. Attorney R. Alexander Acosta, warning that travelers are "vulnerable" to high-tech predators.
Acosta said the defendant used keystroke "spy" software -- much like what parents rely on to monitor children's Internet activities -- to mine personal financial data from unwitting victims at hotels.
According to court records, Simbaqueba checked into unnamed hotels around the United States and overseas between June 2004 and August 2007. He installed keystroke software on at least 25 computers in hotel business centers in Miami, Las Vegas and other tourist cities.
The software copied their keystrokes, which contained log-in information, passwords and other personal financial information such as payroll deposit accounts, credit-card numbers and electronic stock trades.
Later on, he logged on to a remote computer in places such as his native Bogota to download the vital personal information, using it to steal money and credit cards.
"Once he had access to the accounts, he diverted and/or transferred funds from those accounts to credit cards, debit cards, prepaid cards, bank and investment accounts he had created in his name and/or in the names of those whose personal [information] he obtained without their knowledge or approval," according to court documents.
To conceal his high-tech handiwork, he sometimes entered the e-mail accounts of his victims and deleted any e-mails from financial institutions alerting them to suspicious charges in their accounts, records show.
Simbaqueba was assisted by an ex-wife, identified in court records as Neyla Alexandra Valero, of Northbrook, Ill. Authorities say she is at large and believed to be in Colombia.
The couple opened mailboxes at commercial mailing facilities nationwide to receive unauthorized credit cards and account statements. They also used fraudulent credit cards to create cellphone accounts, which were used to impersonate the identities of victims when talking with banks and other financial institutions.
Valero helped Simbaqueba circumvent U.S.-based security systems by allowing him to connect from his home computer in Colombia to her computer in Illinois -- "thus hiding his true location."
Assistant U.S. Attorney Richard Boscovich and Justice Department lawyer William Yurek detailed the couple's criminal conduct at Simbaqueba's plea hearing Wednesday.
Simbaqueba, who studied electrical engineering in Colombia and Illinois, entered his guilty plea with little comment. He told the judge he suffered from bipolar disease and a drinking problem.
Afterward, Simbaqueba's attorney, Jay White, said his client was "extremely remorseful."
"He accepted responsibility as soon as he got off the airplane and was arrested," White said.
To see more of The Miami Herald or to subscribe to the newspaper, go to http://www.herald.com.
Copyright (c) 2008, The Miami Herald
Distributed by McClatchy-Tribune Information Services. For reprints, email firstname.lastname@example.org, call 800-374-7985 or 847-635-6550, send a fax to 847-635-6968, or write to The Permissions Group Inc., 1247 Milwaukee Ave., Suite 303, Glenview, IL 60025, USA. NYSE:AMR, NASDAQ-OTCBB:CITC,