Posted on

Berkshire Hathaway Says Blue Chip Law Firm Aided Fraud

FRANKFURT — Berkshire Hathaway may have found a way to get back some of the hundreds of millions of dollars it lost after buying a seemingly solid German pipe maker that turned out to be on the verge of going bust.

The conglomerate, led by Warren E. Buffett, is suing Jones Day, the law firm that represented the owners of the pipe maker when it was sold to a Berkshire Hathaway subsidiary in 2017. The lawsuit, filed late last month, accuses Jones Day of helping to trick Berkshire Hathaway into paying five times what the German company was worth.

There is not much chance that Berkshire Hathaway will recover any money from the sellers of the pipe maker, Wilhelm Schulz, which was named for its founder. The shareholders have declared bankruptcy and are facing a criminal investigation in Germany. But Jones Day is a prominent international law firm with deeper pockets.

The attempt to collect damages from Jones Day is an unexpected twist in the saga of Wilhelm Schulz, which is based in Krefeld, a city north of Düsseldorf. If the suit is successful, it will be at least a small consolation to Berkshire Hathaway shareholders after the company lost $23.3 billion in the first half of 2020. (Profits rebounded in the later part of the period, however.)

“The fraudulent transaction would never have occurred without Jones Day’s substantial assistance,” according to the lawsuit, filed in U.S. District Court in Houston on behalf of Precision Castparts, a Berkshire Hathaway subsidiary that makes components for aircraft. The lawsuit accuses Jones Day of withholding documents that would have exposed Wilhelm Schulz’s perilous financial state and calls the firm a “co-conspirator” in a “massive fraud.”

Ulrich Brauer, the partner in charge of Jones Day’s office in Düsseldorf, said the firm would not comment on a pending case.

Jones Day lawyers in Houston and Düsseldorf handled the sale of Wilhelm Schulz, which specializes in pipes for the oil and gas industries. Jones Day also represented the owners, who included Wolfgang Schulz, the son of the founder, when the case went before an arbitration panel in New York.

The panel found in April that Mr. Schulz and other managers had used false sales invoices, computer hacks and phantom customers to make Wilhelm Schulz look healthier than it was and hoodwink Precision Castparts into paying a grossly inflated price. The deal was a rare misstep for the organization run by Mr. Buffett, who is considered one of the savviest investors in the world.

The arbitrators awarded 643 million euros ($756 million) in damages to Precision Castparts, which is based in Portland, Ore. That is the difference between the €800 million that Precision Castparts paid for Wilhelm Schulz and its estimated true value of €157 million. The arbitrators’ decision was upheld in July by the U.S. District Court for the Southern District of New York.

Because the holding company controlled by Mr. Schulz is in insolvency proceedings, “it is unclear if it will pay even a fraction of the damages it caused,” according to the lawsuit on behalf of Precision Castparts, which says Jones Day should pay the arbitrators’ award instead.

German prosecutors are pursuing a criminal investigation of Mr. Schulz and others involved in the deal but have not filed any charges. A spokesman for the Düsseldorf state’s attorney’s office, citing German privacy laws, said he could not divulge any information about potential suspects. Mr. Schulz has denied wrongdoing.

Normally a law firm’s communications with clients would be considered privileged, offering a degree of protection to Jones Day. The firm has asked a Texas court to seal the case on those grounds.

But Precision Castparts argues that lawyer-client confidentiality cannot be used to cover up fraud under German or United States law.

In addition, the claims against Jones Day are based on files discovered in Wilhelm Schulz offices after the acquisition, according to the lawsuit. Finders keepers, in other words.

The suit was filed on Precision Castparts’ behalf by Reid Collins & Tsai in Austin, Texas, a law firm that specializes in suing other law firms.

Credit…Scott Morgan/Reuters

The text of the lawsuit against Jones Day has been partly redacted while a Texas judge decides whether the firm is entitled to keep some information confidential. But the central allegation is clear: that Jones Day was aware of information that would have revealed Wilhelm Schulz’s dire financial condition, but failed to disclose it to Precision Castparts.

For example, Schulz had fallen behind on repaying a €325 million loan from Commerzbank. In return for a bridge loan, the bank negotiated new terms that gave it the right to take control of Schulz if the company defaulted.

Wilhelm Schulz “was the corporate equivalent of a house about to go into foreclosure,” the lawsuit says. But Precision Castparts never knew about the revised loan agreement because Jones Day withheld it, the lawsuit contends.

Jones Day also did not disclose a report by the consulting firm KPMG, commissioned by Schulz, which concluded that the company faced an “imminent liquidity crisis,” according to the lawsuit. Nor, the suit says, did Jones Day inform Precision Castparts that a German lawyer had warned Wilhelm Schulz managers that they were legally obligated to declare bankruptcy.

“Had Precision known the truth,” the lawsuit says, “it would have never acquired the Schulz subsidiaries.”

Posted on

Unemployment Claims Fraud Exploits Weak Spots in System

The for-sale ad appeared last week in an underground internet bazaar that specializes in selling stolen accounts and data. It was for access to a filched unemployment insurance claim in California that had been approved and offered benefits worth $17,550.

The black-market sale of jobless benefits is just one sign that the unemployment insurance system — the main artery for delivering financial assistance to laid-off workers — has been besieged during the coronavirus crisis by criminal networks intent on bilking the government out of hundreds of millions of dollars.

In California, fraud was so pervasive that officials have suspended processing jobless claims for two weeks to put new controls in place and reduce a bulging backlog.

The U.S. Labor Department recently made fraud detection a priority, dedicating $100 million to combat the problem. But several state officials and cybersecurity experts say some of the efforts have been misdirected, designed to uncover workers misrepresenting their eligibility instead of large-scale identity theft.

“The focus continues to be on lying instead of stealing,” said Suzi LeVine, the commissioner of the Employment Security Department in Washington, one of the first states to be flooded with fraudulent claims.

Social service agencies have historically been preoccupied with preventing potential beneficiaries from cheating the government — individuals who lie about seeking a job or the date of their return to work.

“Anti-fraud systems are organized around that,” Ms. LeVine said. “Saying I was looking for a job when I was actually on a beach in Cabo.”

But most fraud is now being engineered by cybercriminals, some of them working together, who have stolen or bought other people’s identities and are using them to raid state unemployment systems.

Since March, Washington State has turned up nearly 87,000 impostor cases. From January 2018 to June 2019, there were 184.

Traditional fraud-prevention strategies, Ms. LeVine said, “will not help us catch these thieves.”

Think of it as the difference between an attack within and one coming from the outside. Previously the cheating came mostly from workers who were in the system and trying to get something they were not entitled to. Now “it’s people outside of the system who are impersonating other people or breaking in,” explained Roman Sannikov, director of cybercrime and underground intelligence at the cybersecurity firm Recorded Future.

Using stolen identities to steal from the government, of course, is not new. Such thefts have bedeviled programs from school loans to Medicare and disaster relief. But unemployment insurance has generally not been a ripe target because states have been reducing benefits and tightening access since the last recession and caseloads have been falling.

Credit…Recorded Future

That changed after Congress moved in March to deliver assistance to suddenly jobless workers when the coronavirus outbreak upended the economy.

“Criminals go where the money is,” said Avivah Litan, an analyst at the research and consulting firm Gartner. After Congress passed the CARES Act, the emergency relief — including the Pandemic Unemployment Assistance program and a temporary $600 weekly supplement — was where the money was.

And that is where the bulk of the fraud has been aimed. Handled by the states, pandemic jobless benefits were meant to fill gaping holes in the safety net by covering self-employed, part-time and gig workers; independent contractors; and others ordinarily ineligible for unemployment insurance.

But the desire to quickly get money to households facing eviction, hunger or financial ruin made the program vulnerable to swindlers.

In Ms. Litan’s view, the federal government has not devoted sufficient resources to secure its systems against cybercrime and identity theft.

Some of the schemes, like those that hit Washington State in the spring, were linked by federal investigators to a Nigerian-based criminal ring called Scattered Canary. The ring used stolen Social Security numbers and other identity theft, and was suspected of operating in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida.

Washington State officials shut down the unemployment system for two days in mid-May as part of an effort to halt illegitimate payments that ended up totaling $576 million. The state has recovered $346 million so far.

Parker Crucq, a senior threat intelligence analyst at Recorded Future, said the number and types of perpetrators had grown, ranging from organized networks and technological whizzes to bush-league hucksters.

“While many of these threats require knowledge of social engineering techniques, they likely do not require a degree of technical sophistication,” Mr. Crucq wrote in an assessment of unemployment insurance schemes. “This means that there is a low barrier to entry for potential scammers and criminals who are interested in getting involved with this form of fraud.”

In hacker forums and on the so-called dark web, where users can hide their identity and location, “some of these actors are specifically calling out state agencies by name, boasting that it’s quite easy to fill out applications on multiple occasions from information scraped from previous data breaches,” he said.

Over three weeks in September, the police in Beverly Hills, Calif., arrested 87 people from states as far away as Alaska and New York on charges related to unemployment insurance fraud. The accused were not working in tandem but followed a similar pattern, applying for benefits with Social Security numbers stolen from people who had died or were in prison or nursing homes, said Lt. Max Subin, a department spokesman.

Sometimes using false addresses and “mules” or intermediaries, they then picked up debit cards loaded with thousands of dollars’ worth of jobless benefits from the state’s Employment Development Department.


Credit…Beverly Hills Police Department

Those involved used the cards — often several at a time — to embark on shopping sprees, buying high-end handbags, belts, wallets, shoes and clothing or renting luxury cars, the police said.

Identify theft is a particularly insidious form of unemployment insurance fraud, frequently pre-empting benefits for those entitled to them and undermining confidence in the program.

“The thing that is so maddening about impostor fraud is that it strikes at the core of how unemployment insurance systems operate,” said Scott Jensen, director of the Rhode Island Department of Labor and Training. “If fraudsters are giving us fake information, it’s hard to verify it.”

An inaccurate Social Security number, for instance, is spotted immediately. “But if a fake Scott Jensen comes in with the real Scott Jensen’s Social Security number, then it checks out,” he said. Most of the fraud is not discovered until people get letters or checks from the agency and call to say they never applied.

For years, “this has been a weakness that has been really hard to fix,” Mr. Jensen said. “What is different now is the scale.”

Fraud linked to identity theft made up about 3 percent of all unemployment claims last year, according to government audits. With the pandemic program, that figure has skyrocketed.

Last week, Arizona said it had flagged over one million of 2.4 million claims — more than 40 percent — as potentially fraudulent. Over the summer, Connecticut found that 77 percent of Pandemic Unemployment Assistance claims were faked.

With state unemployment claims, there is a built-in verification process because employees have to submit their W-2 tax form and a document from their employer showing that they are no longer employed. Pandemic Unemployment Assistance, by contrast, depends largely on individuals’ certifying that they are unemployed because of the coronavirus outbreak.


Credit…Beverly Hills Police Department

Ms. LeVine in Washington State said that the U.S. Labor Department’s most recent directives focused more on data integrity, but that other efforts — like demanding that applicants certify their status each week — did little to catch the widespread fraud linked to identity theft.

“It’s better suited to catching people who might be lying or making sure they comply with eligibility requirements,” she said. “It will not help us fight impostor fraud.” For thieves, it’s just another box to check on an already fraudulent claim.

In response, a Labor Department representative said that “the department has been focused on ensuring program integrity” and that it provided a wide range of information, tools and resources as well as extensive technical assistance to prevent fraud and improper payments.

State and federal officials are caught between getting money as quickly and efficiently as possible to people who desperately need it and erecting roadblocks to cut off criminals from improperly collecting benefits.

“There are a lot of fraud tools,” like multifactor identification, said Mr. Jensen, Rhode Island’s labor chief, “but if you front-load the unemployment insurance system with them, then claimants can’t get through.”

Mr. Jensen contends that significant improvements and more sophisticated detection tools — including questions to verify a user’s identity, like the model of a first car — could be put in place quickly and inexpensively if unemployment insurance systems, antiquated in many states, switched to cloud-based computing.

“People are always going to try to steal money,” he said. “We have to work harder and faster and smarter to defeat them.”

Posted on

Prosecutors Target Ex-Audi Chief in First VW Emissions Trial

Ever since Volkswagen was caught five years ago using illegal software to conceal the fact that its “clean diesels” were actually rolling pollution machines, the company has insisted that the wrongdoing was the work of lower-level employees. Managers at the very top were clueless, Volkswagen’s lawyers have said.

On Wednesday, prosecutors in Munich will challenge that assertion in court for the first time. They will begin presenting evidence in the trial of Rupert Stadler, a former chief executive of Volkswagen’s Audi luxury car division. As a member of Volkswagen’s management board, he belonged to the top echelon.

The trial is the first in Germany stemming from the scandal, the culmination of an exhaustive investigation involving hundreds of witnesses and millions of documents. But the case will also test whether prosecutors can overcome the difficulties inherent in trying to convict top managers protected by layers of underlings. That is a problem that has also frustrated investigators in the United States when prosecuting corporate crime.

Mr. Stadler faces charges of fraud and false advertising stemming from accusations that Audi continued to sell diesel cars with illegal software even after U.S. authorities uncovered the cheating in 2015. Volkswagen, Audi and Porsche cars were programmed to meet air-quality standards while being tested, but they spewed copious amounts of diesel fumes in regular driving.

Mr. Stadler and three co-defendants, including Wolfgang Hatz, a former head of engine development at Audi, will be the first of dozens of former employees of Volkswagen to face trial in Germany in connection with the scandal.

Credit…Lucy Nicholson/Reuters

Mr. Stadler, who could get five years in prison if convicted, is the second-highest-ranking manager to face charges after Martin Winterkorn, a former Volkswagen chief executive, whose trial is expected next year. Mr. Stadler, Mr. Winterkorn and Mr. Hatz have denied wrongdoing.

The panel of judges in the case will hear evidence in a high-security Munich courtroom once used to try terrorists; it was chosen because it is large enough to allow social distancing. The court has scheduled more than 180 days of testimony and legal arguments lasting until the end of 2022, an indication of the complexity of the case.

Even when the corporate wrongdoing is extensive it is often difficult to prove criminal culpability among top management. There is rarely a paper trail, and executives point fingers at one another to deflect blame. Middle managers usually wind up taking the fall, or top executives walk away with civil penalties, as has often been the case with bankers accused of cheating their customers. Serious jail time is rare.

Probably for that reason, German prosecutors are focusing on Mr. Stadler’s actions after the American Environmental Protection Agency formally accused Volkswagen of emissions violations in September 2015, when he could no longer plausibly maintain that he was unaware of the cheating.

Even though Volkswagen admitted wrongdoing, Audi claimed that its diesels were legal and continued to sell them in Europe for two more years. But those cars also proved to be fitted with illegal software.

Mr. Stadler, 57, has already spent four and a half months in pretrial detention, which can be imposed if there is evidence the defendant intends to flee or interfere with the investigation.

Audi has paid a fine of 800 million euros, or $930 million, for violations of German law and is not a defendant in the trial. But the testimony will focus renewed attention on the division, Volkswagen’s cash cow, and its prominent role in the genesis of the fraud.

Audi said in a statement that it was glad that the facts of the case would be determined by a court of law. “Audi has become a different company since the diesel crisis became known,” the company said. The company has not taken a position on the charges faced by its former chief executive.


Credit…Odd Andersen/Agence France-Presse — Getty Images

Audi engineers invented the cheating software and exported it to the rest of Volkswagen, according to internal company documents previously reported by The New York Times and other news organizations.

In the early 2000s, engineers at Audi found that technology needed to make diesel models compliant with emissions standards caused the engine to run noisily when it was warming up. That would bother Audi’s affluent customers, executives thought.

So the Audi engineers devised software that could recognize when a car was undergoing an official emissions test, using parameters such as the amount of pressure on the gas pedal. Under test conditions the software, known as the “acoustic function,” optimized the emissions controls to make the car temporarily compliant. At other times the software reduced the controls to minimize noise — producing illegal amounts of poisonous nitrogen oxides as a result.

Audi employees and managers were well aware that what they were doing was illegal, according to emails and other documents seen by The Times.

“We won’t make it without a few dirty tricks,” an employee in Audi’s diesel motor development department wrote in an email to colleagues in January 2008. Audi managers and engineers bluntly discussed what was in effect a criminal conspiracy, using terms like “defeat device” or “cycle beating” that clearly connote illegal attempts to thwart regulators’ tests.

In 2006 Volkswagen engineers adapted the acoustic function software when they ran into problems developing a new diesel engine that could meet emissions standards in the United States, where the company planned a major “clean diesel” marketing campaign. The cars could not deliver on the clean diesel promise without causing excessive wear and tear on the engine.

Volkswagen engineers, with the help of the supplier Robert Bosch, refined the software developed by Audi to recognize the distinctive driving pattern that U.S. regulators used when conducting emissions spot checks. Only then were the pollution controls fully deployed. Volkswagen sold almost 600,000 cars in the United States with cheating software, including 80,000 with engines built by Audi.

Volkswagen gave up selling diesels in the United States after the scandal came to light, and has been trying to remake itself as a pioneer in affordable electric vehicles.

In line with German privacy rules, prosecutors publicly identified only Mr. Stadler among the four co-defendants because he is considered a public figure. But the names of two of the others have been widely reported. They are Mr. Hatz and Zaccheo Giovanni Pamio, 63, who was head of thermodynamics in Audi’s engine development department and is cooperating with the authorities. The fourth defendant was identified only as Henning L., a 52-year-old engineer.

Mr. Hatz, 61, rivals Mr. Stadler in prominence. He was head of engine development at Audi while the acoustic function was being devised, and was later promoted to head of engine development for all of Volkswagen. Mr. Hatz later became head of research and development at Porsche, which belongs to Volkswagen, a job that made him a celebrity among sports car buffs.


Credit…Nikita Teryoshin for The New York Times

The only Volkswagen employees to be convicted in connection with the scandal so far were apprehended in the United States.

James Liang, an engineer who worked for Volkswagen in California, received a 40-month sentence after pleading guilty in 2017 to conspiracy to defraud the United States and violating the Clean Air Act. Mr. Liang was released last November, prison records indicate.

Oliver Schmidt, who worked as Volkswagen’s liaison with American regulators, was sentenced to seven years in prison in 2017 after pleading guilty to charges that he helped cover up the wrongdoing. Mr. Schmidt was released last week, prison records indicate. The German edition of the Business Insider website reported Monday that Mr. Schmidt was transferred to Germany, where he is expected to be placed on probation.

Germany does not extradite its own citizens, so other suspects are safe from justice in the United States if they do not leave the country.

Posted on

A Job That Isn’t Hard to Get in a Pandemic: Swindlers’ Unwitting Helper

After the fitness center where Denise Newton worked closed down in April because of the coronavirus, she posted her résumé online to look for a new job. She soon got a call from a company she had never heard of.

The woman who phoned from the company, Heies, invited Ms. Newton to apply for a job as a “local hub inspector.” When she started work in May, Ms. Newton began receiving boxes with Apple watches and laptops in them. Her job was to open the boxes, check the contents and then mail them off to foreign addresses.

But something was off. The boxes were suspiciously plain, even though they included brand-name products. The name on the labels was never Ms. Newton’s. When she asked questions, her new employer stopped responding. In June, she reported Heies to the Better Business Bureau.

It turned out that Ms. Newton had become what is known in security circles as a money mule, an accomplice who, either knowingly or unknowingly, helps international criminal rings move their ill-gotten gains. In Ms. Newton’s case, swindlers appeared to be buying products in the United States with stolen money and then mailing them — using unwitting intermediaries like her to disguise their involvement — to overseas locations where the goods could be resold for cash.

“They really caught me at the perfect time,” said Ms. Newton, 24, who was living with her parents in Birmingham, Ala. “I was just one of those desperate people looking for a job.”

Since the pandemic’s onset in March, the number of criminal schemes relying on money mules has spiked, just when many people have lost their jobs and are vulnerable to exploitation. The volume of schemes has been turbocharged partly by criminals going after enticing pots of money from the U.S. government — specifically, the benefit programs that were set up to help people and businesses hurt by the pandemic-induced economic downturn, the authorities said.

In total, online human resources schemes where criminals pose as potential employers have soared 295 percent from a year ago, while schemes used for money laundering have skyrocketed by 609 percent, according to the security firm ZeroFox.


Many people who perpetrate these frauds are based overseas, authorities said, so they need to move the money to their home country. Banks and authorities have made it harder to launder money through traditional financial channels in recent years. So these criminals are now increasingly on the hunt for a larger supply of potential money mules just as many newly unemployed people look for work.

“It is something that is escalating because of the current environment,” said Robert Villanueva, a former Secret Service agent who now works on cybercrime intelligence for the security firm Q6 Cyber. “It has become hard to avoid.”

Money mules are not new, and their numbers have risen alongside online fraud more broadly over the last two decades. Some people enter the business knowing it is illegal. Advertisements looking for money mules on the so-called dark net, an anonymous corner of the internet popular with criminals, often acknowledge the illegal aspect of the work.

“Hi. I need an excellent professional bank accounts loader for long term business,” read one ad from May, which was turned up by the dark net research firm Flashpoint.

Yet seven people who became money mules during the pandemic told The New York Times that they had no inkling of what their so-called employer was up to when they began the work. Many had recently lost their jobs and needed to pay the bills. To avoid exposure to the coronavirus, they were also looking for jobs to do from home, just what many swindlers want from a money mule.

Alma Sardas, 21, had been furloughed from her job at a hotel in Fort Worth this spring when she saw a listing on the jobs site ZipRecruiter advertising a work-from-home position as a “virtual assistant” to a businessman in Hong Kong.


Ms. Sardas sat through a formal interview and spoke with a man who called himself Hermann Ziegler, who said he would be her boss. Once she was hired, she was sent a check for $4,590 to deposit into her bank account. She was told to use some of the money for her expenses and to send the rest from her account to her new employer’s vendors.

Ms. Sardas became skeptical about why the money would need to go through her bank account and called the local police. They explained that she had almost been caught in a classic money-laundering scheme.

“You make yourself so sincere and these people just take advantage of it,” she said, adding that she had shredded the check and reported the incident to ZipRecruiter. ZipRecruiter said it removed the job posting immediately.

The schemes using money mules are varied. Some people who become mules are victims of online romance frauds who make bank and wire transfers for people they believe care about them. Others, like Ms. Sardas, are asked to use their own bank accounts to make financial transactions on behalf of their new employers. Ms. Newton became embroiled in what is known as a reshipping scheme, where the fraudsters buy goods with their stolen money and then use mules to get the products overseas, where they can be resold.

Some of these operations have become well-oiled machines. William Zackery, 64, a substitute teacher in Northern California, began working with a company called SFP Shippers in May. SFP Shippers appeared to have multiple departments, a website and a custom online dashboard that he had to log in to each day.

Mr. Zackery, who was out of work, was enlisted to receive packages with expensive purses and cameras. It was his job to print new labels and ship the goods on to other places across the country. Many mule operations use multiple shipping legs to cover their tracks, security experts said.

At first, he did not think anything was amiss. “I was getting calls two or three times a day from my so-called supervisors,” he said. But when the new employer stopped communicating, “I started doing some research that I should have done at the beginning.”

Mr. Zackery ultimately reported SFP Shippers to local and national authorities; the company’s website has been taken down.

Sometimes people’s identities are used without their knowledge. Over the last few months, Scattered Canary, a Nigerian criminal operation, submitted fraudulent claims for unemployment benefits in at least 14 states and then had the money delivered to accounts that they had set up, in the names of their victims, with Green Dot, a financial services company, according to the security firm Agari.

Scattered Canary then sent the money overseas through Green Dot’s online system, all before the person whose name was used was alerted to the new account, the security firm said.

Alison Lubert, a spokeswoman for Green Dot, said the company works “around the clock and invests heavily to identify, block and address fraudulent activity.”

Jamarle Worilds, the chief of the illicit finance unit of Homeland Security Investigations, a division of Immigration and Customs Enforcement, said many people who act as money mules “don’t actually understand that they are operating in the space.” He said he had recently received text messages offering him the opportunity to work from home, which he easily spotted as an effort to recruit him as a money mule.

“I’m not sure about how they got my information, but that’s what it’s come to,” he said.

In Ms. Newton’s case, the woman from Heies who called identified herself as Carla Neely. She told Ms. Newton that the company needed “hub inspectors” to move packages for customers. Ms. Newton was pointed to a company website and went through an interview and a formal human resources process before being hired.


“Congratulations! We were impressed with your interview and would like to extend you a conditional offer for the position of Local Hub Inspector at Heies,” Ms. Neely wrote to Ms. Newton in her hiring letter.

Apart from Apple Watches and laptops, Ms. Newton said, she was also sent odd items, including a pack of sponges and a garbage disposal.

By the time Ms. Newton reported Heies to the Better Business Bureau, the numbers and emails that the company had used were dead. Its website had also been taken down. The perpetrators, who have faced other online complaints, have not been caught.

“I feel scared that I have blood on my hands because I’m in the middle of a scam and I’m also in the middle of a pandemic,” Ms. Newton said. “They pretty much just took advantage of my vulnerability.”

Posted on

Volkswagen Has Kept Promises to Reform, U.S. Overseer Says

Volkswagen completed the corporate equivalent of probation after a court-appointed monitor said Monday that the carmaker had fulfilled the conditions of a 2017 plea bargain stemming from its use of illegal software to evade emissions regulations.

The final report by Larry Thompson, a former United States prosecutor appointed to enforce Volkswagen’s promise to reform its corporate culture, noted that the German automaker had adopted measures like making it easier for employees to report wrongdoing. It is a major milestone for the company as it tries to recover from one of the biggest scandals in automotive history, one that has cost it well over $30 billion and severely damaged its reputation.

Volkswagen, the world’s largest carmaker, pleaded guilty in 2017 to conspiring to defraud the U.S. government and violate the Clean Air Act. The company had rigged its diesel-powered cars to meet air-quality standards while being tested, but they exceeded those standards in regular driving.

As part of the plea agreement with the Justice Department, Volkswagen agreed to cooperate with a court-appointed monitor whose job was to ensure that the company reformed its compliance systems and corporate culture so that similar wrongdoing would not happen again.

Mr. Thompson, the monitor, was deputy attorney general under President George W. Bush and later worked as general counsel for PepsiCo.

Mr. Thompson said Thursday that “the structures and processes are in place” to prevent future scandals of the same magnitude. “This is a starting point,” he said during a joint interview with Herbert Diess, the Volkswagen chief executive. “The company will need to be vigilant.”

The three-year project was costly and time consuming for Volkswagen, especially when the company is trying to make a transition to electric cars. The effort “was a very good investment,” Mr. Diess said.

“We had deficiencies,” he said. “The issues he pushed will make us a stronger company.”

Credit…Nikita Teryoshin for The New York Times

Mr. Thompson said he could not guarantee that there would be no other scandals at Volkswagen. “Volkswagen is such a large and complex company,” he said. “What I can certify to is that if another problem comes up, it will be handled much differently than the diesel scandal.”

Volkswagen has admitted that, after research at West Virginia University raised questions about the company’s diesel cars, executives spent more than a year deliberately misleading regulators before finally confessing in September 2015.

By coincidence, the Department of Justice on Monday announced a settlement with Daimler on accusations the company had also manipulated engine software to deceive regulators about how much pollution Mercedes cars and trucks produced during normal driving.

The settlement, which Daimler disclosed last month, will set the German company back about $1.5 billion after paying civil penalties, repairs to about 250,000 affected vehicles and other measures to compensate for the environmental damage.

The civil penalty portion of the Daimler settlement amounts to $3,500 per car, about $1,000 more per car than Volkswagen had to pay in 2017 — evidence, U.S. officials said during a news conference, that the Trump administration is tougher on polluters than it gets credit for. However, Volkswagen was required to buy back diesel cars from their owners and take other corrective measures that raised the total cost to around $15 billion.

By court order, Mr. Thompson operated largely in secret, supervising dozens of lawyers and specialists based at Volkswagen’s headquarters in Wolfsburg, Germany, who oversaw attempts by the company to reform its sprawling organization. Volkswagen employs more than 670,000 people; it produced nearly 11 million vehicles last year.

Volkswagen’s unforgiving, win-at-all-costs culture was seen as the underlying cause of the emissions scandal. In 2006, when engineers developing a new diesel engine discovered that they could not meet United States emissions standards, they devised engine software designed to deceive regulators. To admit failure would probably have meant the end of their careers at Volkswagen.

Mr. Diess said that the emissions fraud occurred because of “a combination of too much pressure and lack of a speak-up culture.”

Among other changes, Volkswagen has created a whistle-blower system so that employees can report possible wrongdoing without fear of reprisal. Volkswagen also delegated more responsibility to lower-level managers in an effort to become less hierarchical.

Court documents indicate that some Volkswagen engineers were uneasy about the illegal software, but none approached authorities until shortly before the cheating came to light in September 2015.

During official emissions tests, the software activated pollution controls so that the car appeared to be clean. During everyday driving, those controls were scaled back to protect the engine. As a result, Volkswagen diesel passenger cars spewed more harmful nitrogen oxides than a long-haul truck.

Volkswagen strives to be more ethical, but the competitive pressures in the auto industry have only become more intense. Mr. Diess acknowledged that he had to be careful not to push subordinates so hard that they crossed ethical boundaries.

“This is a crucial point,” he said. “We have to be ambitious. We have to be competitive. We have to push for results. But we have to find a balance.”

He noted that Volkswagen delayed by several months the market debut of the ID.3, Volkswagen’s first car designed to run on batteries, which is seen as a make-or-break vehicle for the company. The first deliveries to customers began this month.

The engineers who devised the illegal software in 2006 were desperately trying to make a deadline for the launch of new diesel models.


Credit…Nikita Teryoshin for The New York Times

Mr. Thompson’s final report frees Volkswagen managers in Wolfsburg from intense oversight as they try to survive a plunge in sales caused by the pandemic, and meet increasingly tough competition from Tesla, which is building a factory near Berlin.

The pandemic continues to cut deeply into sales in Latin America and some other markets, Mr. Diess said, though sales in China have largely recovered. There are still supply chain disruptions and other problems. “Things are working,” Mr. Diess said. “I wouldn’t call it normal.”

Over the past several years there were signs of friction at times between Mr. Thompson and the executives at Volkswagen, a German icon not used to being told what to do by American lawyers. Early in his tenure, Mr. Thompson pressured the company to dismiss managers who were under criminal investigation but continued to hold high-ranking positions. Volkswagen had argued that it could not fire the managers if they had not been convicted of crimes, but eventually relented.

There was also some tension over Volkswagen’s refusal to release some documents it said were relevant to pending lawsuits and therefore privileged. “We were able to work through that issue,” Mr. Thompson said.

The legal aftermath of the scandal continues to unfold. On Sept. 9, a court in Braunschweig, Germany, ruled that there was enough evidence to bring Martin Winterkorn, the former Volkswagen chief executive, to trial on charges related to the emissions cheating.

At the end of this month, a court in Munich will begin hearing evidence in the trial of Rupert Stadler, the former chief executive of Volkswagen’s Audi luxury car unit. Mr. Stadler is accused of continuing to sell cars with illegal software even after regulators in California and Washington uncovered the wrongdoing. He and several former Audi managers and engineers will be the first defendants to go on trial in Germany.

Mr. Winterkorn and Mr. Stadler deny wrongdoing.

Volkswagen continues to fight numerous legal battles stemming from the scandal. It has reached a settlement with most diesel owners in Germany, but some continue to pursue legal claims. The company also faces suits in Britain and other countries, as well as a civil complaint by the Securities and Exchange Commission in the United States.

The S.E.C. accused Volkswagen of concealing the risks it was taking when it sold corporate debt to American investors even as it was manufacturing cars with illegal software. In August, Volkswagen won a significant legal victory in that case when a federal judge in California ruled that a large share of the claims were covered by an earlier settlement with the Department of Justice.

Posted on

Unemployment Benefits Program Has Issues With Fraud and Math

Two weeks ago, shortly after she advertised an apartment for rent in the Bay Area, Barbara Lamb found five envelopes from the state’s unemployment office in the building’s communal mail slot. They kept coming, day after day, until a stack of more than 30 piled up, bulging with notices of benefit approvals, questionnaires about job status — and debit cards with money.

“They could barely get them through the mail slot, they were so thick,” she said.

But Ms. Lamb had not applied for benefits, and had never heard of the people to whom the envelopes were sent. Fearing the address of the vacant unit was being used as part of a fraud scheme to collect the money, she contacted the F.B.I.

California is at the center of increasing concerns about extensive fraud in a federal program to push unemployment benefits to freelancers, part-timers and others lacking a safety net in the coronavirus pandemic.

Credit…Jim Wilson/The New York Times

At the same time, there is growing evidence of problems keeping track of how many people are being paid through the program. The Labor Department reports about 15 million claims for benefits nationwide. A comparison of state and federal records by The New York Times suggests that total may overstate the number of recipients by five million or more.

If the number of people getting unemployment benefits is lower than officially reported, it could affect thinking about the scale of the pandemic’s economic impact. In addition, the taint of fraud could undermine support for the program, and efforts to combat abuses may make it harder for legitimate applicants to collect benefits, which are distributed by the states.

The program, Pandemic Unemployment Assistance, is part of a $2.2 trillion relief package hurriedly enacted in March. In the latest Labor Department tally, the program accounted for nearly half the total recipients collecting jobless benefits of any kind.

Those figures imply that nearly seven million people are collecting Pandemic Unemployment Assistance benefits in California alone, far more than its population would suggest. The state’s own data suggests the number may be less than two million. Experts on the unemployment system say such discrepancies seem to reflect multiple counting as states rushed out payments.

But a surge in new claims in California — where they have risen to more than 400,000 a week, twice the level in August — is attributed not to accounting, but to fraud.

“We do suspect that a big part of the unusual recent rise in P.U.A. claims is linked to fraud,” said Loree Levy, a spokeswoman for the California Employment Development Department. She said the state was investigating “unscrupulous attacks” exploiting identity theft and vulnerabilities in the system.

Pandemic Unemployment Assistance is meant to provide benefits to the self-employed, independent contractors, gig workers, part-timers and others ordinarily ineligible for state unemployment insurance. Set up to last through the end of the year, it was a major element of the CARES Act, which economists widely agree has kept the country from a far greater economic calamity. According to the Labor Department, $47 billion in pandemic unemployment benefits have been paid so far.

Fraud is not uncommon in hastily assembled disaster programs, including the Paycheck Protection Program, the component of the CARES Act that provided forgivable loans to small businesses to help weather the pandemic without layoffs.

But signs of trouble with the Pandemic Unemployment Assistance program have surfaced for months as people who did not file claims — including the governor of Arkansas — found benefits issued in their names. A growing number of states have signaled that the problems with the program go beyond the routine.

California has warned that it is cutting off recipients when it detects irregularities, like mailings stacking up at a given address. “These situations are believed to be fraud, and scammers will often try to intercept, redirect, or gather mail associated with these claims,” the state’s employment agency wrote.

Colorado said Thursday that in a six-week stretch this summer, 77 percent of new claims under the program were not legitimate.

“Nationally, it’s just presented an opportunity for criminals to take advantage of a program that doesn’t have a lot of safety measures in place,” said Cher Haavind, deputy executive director of the Colorado Department of Labor.

Citing a significant increase in fraud, the Labor Department set aside $100 million recently to help states prevent, detect and investigate misuse of Pandemic Unemployment Assistance and a smaller federal jobless benefits program. But fraud is not the only issue raising questions about the surge in recipients reflected in official data.


Credit…Bryan Woolston/Reuters

Experts on the unemployment system figured out months ago that the tallies being reported to the Labor Department were overstated in many states, most likely because of processing backlogs that led to multiple counting of individual recipients. They expected the issue to fade as backlogs cleared and job losses slowed. Instead, the overcounting issue may even have become more serious in some states.

“It’s a perfect storm,” said Stephen A. Wandner, a former top Labor Department official who is now a senior fellow at the National Academy of Social Insurance. “You’ve got insane numbers of applications compared to what the states are used to and inadequate numbers of staff to process and adjudicate claims.”

Determining the scale of the problem on a national level has proved difficult, however. Overwhelmed state employment offices have struggled to provide timely data to the federal government, and there have been several examples of outright errors making their way into the official data.

At least some of the overcounting appears to reflect the way the Labor Department collects statistics on unemployment benefits. The government does not track the number of individual people receiving benefits, but rather the total number of weeks of benefits claimed. During normal times, when claims are processed on a weekly basis, the number of recipients and the number of weeks are essentially the same — each person files for one week of benefits each week. (Further complicating matters, the department tracks claims for benefits, not all of which are approved.)

During the pandemic, however, the flood of claims overwhelmed state employment offices. Because benefits are paid retroactively, processing delays meant that by the time many people were approved for benefits, they were owed several weeks at once — so they counted as multiple “continuing claims” in a single week.

In the absence of a reliable count from the Labor Department, economists have tried to estimate the number of recipients using data from surveys, federal spending data from the Treasury Department and other sources. Those approaches yield a wide range of estimates, but most suggest that the official total overstates the true number of recipients by millions.

“It’s almost certainly lower than is being reported,” said Daniel Zhao, senior economist for the career site Glassdoor. He said it was hard to come up with a precise estimate, but that the true number was most likely below 10 million, not the nearly 15 million counted by the Labor Department.

The Labor Department did not immediately respond Friday to a query about the reporting discrepancies.

Mr. Zhao said that the counting issues did not fundamentally alter the bigger picture: Millions of Americans are still relying on unemployment benefits to pay rent and buy food, and that number has fallen only slowly over time.


Credit…Jonathan Ernst/Reuters

Pandemic Unemployment Assistance aims to capture those lacking a path into traditional state benefits and accounts for the pandemic’s particular disruptions. A college student could qualify if she interviewed for a job in February and was set to start working in March but never did. So could people with limited earnings histories, and some of those unable to work because of child-care needs arising from school shutdowns.

The minimum payment is usually half the average weekly benefit paid under a state’s regular unemployment program. The maximum for an individual ranges from $235 a week in Mississippi to $823 in Massachusetts, according to the job site ZipRecruiter.

And the claims process is streamlined compared with conventional unemployment insurance, making it more vulnerable to fraud, said Michele Evermore, senior researcher and policy analyst at the National Employment Law Project.

Before collecting state unemployment insurance, applicants usually must provide proof of past work or have state agencies contact employers. With Pandemic Unemployment Assistance, many people can start collecting the minimum with far less documentation. Then they generally have 21 days to provide evidence of lost work, like a pay stub or a 1099 form from the Internal Revenue Service.

In an emergency program like Pandemic Unemployment Assistance, Ms. Evermore said, there is a natural tension between the need to get payments flowing and the risk that some people will take advantage and fraudulently apply for benefits.

“There is a choice between denying benefits or accidentally overpaying people,” she said. “With Pandemic Unemployment Assistance, scammers may be getting money that is meant for the unemployed.”

Erica Quealy, communications director of the Michigan Department of Labor and Economic Opportunity, said the program had become the prey of “large fraud rings.” Michigan’s attorney general has conducted hundreds of investigations, and the state has appointed a special fraud adviser and brought in the consulting firm Deloitte to help.

Some schemes involve using false Social Security cards and fake driver’s licenses to apply. One man was charged with filing applications in Pennsylvania under false names, and then having benefits worth $150,000 in debit cards mailed to addresses in Michigan, according to the state attorney general. Prosecutors said he used the money to buy a $45,000 Rolex watch.

The rate of fraudulent claims in Colorado has been striking. After adding more screening measures to catch fraud, Colorado found that more than three out of four claims filed over a six-week period for jobless benefits under the federal Pandemic Unemployment Assistance program were bogus.

On Thursday, the state said it had reduced its count of new claims filed from July 12 to Aug. 22 by 48,000 because of new fraud-detection efforts. Before being discovered, though, those responsible for the fraud were able to collect $40 million during that period, said Jeff Fitzgerald, head of the state’s unemployment insurance program.

Officials estimated that the state’s screening tools had saved the federal government $750 million to $1 billion over eight weeks by halting wrongful payments or by flagging them before they were made.

“What we’re looking at is quite sophisticated,” Mr. Fitzgerald said. “It is something that a common individual would not be able to do, and really it points to orchestrated, very sophisticated, large fraud schemes. These aren’t onesies and twosies.”

The fraud detection efforts are putting an enormous burden on the states. Mr. Fitzgerald said that Colorado had assigned 60 people to investigate unemployment fraud, compared with five in normal times.

In the meantime, the mail keeps coming. Ms. Lamb, whose East Bay rental unit had been inundated with envelopes, rubber-banded them into neat stacks Thursday to send back to the state unemployment office. She had given the five addressees’ names to the F.B.I.

On Friday, two more envelopes arrived from the state, bearing a new name.

Tara Siegel Bernard contributed reporting, and Sheelagh McNeill contributed research.

Posted on

Unemployment Claims Send Another Worrisome Note

Despite some signs of economic revival, the outlook for American workers remains treacherous, with layoffs continuing to claim hundreds of thousands of jobs a week.

The weekly figures on unemployment claims from the Labor Department on Thursday showed no relief, reflecting what Michael Gapen, chief U.S. economist at Barclays, said was “a transition to a slower pace of recovery, and one that will be more uneven.”

The department reported that more than 857,000 workers filed new claims for state unemployment insurance last week, before seasonal adjustments, a slight increase from the previous week. On a seasonally adjusted basis, the total was 884,000, unchanged from the revised figure for the previous week.

In addition, about 839,000 new claims were tallied under a federal program called Pandemic Unemployment Assistance, which provides assistance to freelancers, part-time workers and others who do not ordinarily qualify for state benefits. That figure, which is not seasonally adjusted, was up from 748,000 the previous week.

“It’s a gut punch to see these numbers every Thursday with no improvement,” said Diane Swonk, chief economist at the accounting firm Grant Thornton in Chicago. “The numbers are going in the wrong direction.”

Although weekly unemployment insurance filings are down from the peak of more than 6.5 million in early spring, they remain frustratingly high. Before the pandemic, new weekly claims were typically a little over 200,000. Many economists had expected them to fall much further by now.

Initial weekly unemployment claims, both regular claims and those under the Pandemic Unemployment Assistance program

By Ella Koeze·Pandemic Unemployment Assistance extends eligibility to some workers who would not otherwise be able to apply for unemployment benefits, such as part-time and self-employed workers. Neither regular claims nor P.U.A. claims are seasonally adjusted.·Source: Labor Department

There have been some hopeful signs. The unemployment rate in August fell to 8.4 percent. Many states are moving forward with reopening businesses. Home sales are strong.

A wild card is the congressional standoff over another coronavirus relief package. House Democrats have passed a $3 trillion bill that would restore a $600 weekly unemployment benefit supplement that expired in July. A much smaller Republican package reviving the supplement at $300 a week failed to advance in a Senate vote on Thursday.

President Trump ordered a stopgap $300-a-week replacement last month through the Federal Emergency Management Agency, but it has been slow to get off the ground and has funds for only a few weeks.

Eighteen states have begun making the payments, said Michele Evermore, senior researcher and policy analyst at the National Employment Law Project. “It would have been so much easier and faster if Congress would have passed an extension,” she said.

At the same time, the Pandemic Unemployment Assistance program is drawing millions of recipients — and allegations that some are abusing it.

A California official said the state suspected that much of the recent increase in claims under the program was a result of fraud, and was investigating “unscrupulous attacks” that have taken advantage of identity theft and other vulnerabilities in the system.

The program, created as part of pandemic relief efforts enacted in March, is intended to help gig workers, part-timers, independent contractors and the self-employed. In the week that ended Aug. 22, 14.6 million people were collecting benefits under the program, and nearly half were in California, the Labor Department said.

A spokeswoman for the California Employment Development Department, Loree Levy, said the state was “aggressively fighting” fraud in the program. “We do suspect that a big part of the unusual recent rise in P.U.A. claims is linked to fraud,” she said.

Ms. Levy said the state was suspending or closing claims that match suspicious patterns and was working with local and federal authorities to expose and prosecute offenders.

“Perpetrators are often using stolen identity information from national and global data breaches, as well as exploiting expedited payment efforts,” she said.

In August, 21 current and former inmates of the main San Mateo County jail in California were charged with fraud after they successfully applied for benefits under the program while in custody. The bogus claims yielded more than $250,000 in payments.

Whatever the problems with fraud, the program provides a lifeline to many individual workers with legitimate claims.

Pedro Night, a D.J. in the Washington area, saw his livelihood fade as events and other gatherings were halted. “By April, it hit me, and I realized that we were definitely in this for the long haul,” he said.

He applied for Pandemic Unemployment Assistance, and in June he started receiving $350 each week in benefits after taxes, in addition to a $600 federal supplement.

Although the supplement ended in late July, the basic payments have continued, giving him just enough for his share of the $750 monthly rent for an apartment in Rockville, Md., his $400 car payment and his $120 car insurance bill.

Even as Congress debates extending supplemental aid to the unemployed, some find themselves struggling to do without.

Robert Rooney was furloughed as an engineer at the Bellagio Hotel in Las Vegas on March 15, and then permanently laid off on Aug. 31. After the $600 supplement ran out, Mr. Rooney was left with $423 a week in Nevada unemployment benefits after taxes.

Credit…Bridget Bennett for The New York Times

Mr. Rooney’s wife, Jennifer, is still working, but they believe they will be unable to pay the $1,200 rent for their two-bedroom house by the end of the year. They are considering selling one of their cars and have given up on buying a home, something they expected to do this fall.

They are using credit cards to pay for groceries, gas and the roughly $300 per month in medical costs for Mr. Rooney’s mother, who has a lung ailment. They are dipping into their small pot of savings for the minimum payments on their credit card bills.

Ms. Rooney hung on to the entry-level job she got last year doing data entry at a local nonprofit organization. Her wages, $12 per hour, are close to what she made 10 years ago, before earning her bachelor’s degree. She hoped to work her way up as she changed industries from her prior work in health care. But her paychecks alone are too scanty to keep the family afloat.

The couple, both 41, have had fertility challenges, and before the pandemic, they were looking into fertility treatments or adoption. Now, without Mr. Rooney’s job and with his company health insurance running out at the end of the month, they can’t afford either possibility.

“It’s really painful to think about what might have been,” Mr. Rooney said. “The pandemic has taken all of that away.”

The Rooneys are planning to move to Texas by November to take advantage of lower housing costs and in hopes that he will have more luck finding work there.

Joe Braxton has been similarly devastated by the disappearance of the $600-per-week supplemental benefit.


Credit…Ting Shen for The New York Times

For 10 years, Mr. Braxton helped brands market themselves at events like South by Southwest and Comic-Con. But after events across the country were canceled because of the pandemic, Mr. Braxton found himself out of work.

Thanks to a job early in the year at an auto show, he qualified for unemployment benefits, including the $600 federal supplement. That allowed him to keep paying the $1,200 in rent for his one-bedroom apartment in Bladensburg, Md.

When the supplement ended, he was left with $100 a week in state benefits. His landlord allowed him to pay less than the full rent each month until he could find work.

But Mr. Braxton, 40, has not been able to pay for his car loan or auto insurance — which total $860 a month — and he owes $2,700. Now he waits for his car to be repossessed.

“Every day I wake up and I’m like, did they come pick it up yet?” Mr. Braxton said. “I feel like I’m being punished by the pandemic, and it’s not even my fault.”

Some are more fortunate. Pamela Álvarez, 28, was a librarian in Chicago until the pandemic struck. She was furloughed on May 1, and then laid off permanently on July 1. Her husband continued to work, but his overtime shifts were cut back, and when she lost the $600 unemployment supplement, it was hard for them to make their $1,200 monthly rent payment.

Last week, Ms. Álvarez was offered a one-year position with a nonprofit organization that helps low-income people get their furnaces repaired and replaced. She accepted, relieved to have a job even though it paid $16 an hour, compared with her previous $23.

“I still cannot believe that I got a job after applying for over 50 positions,” she said. “It feels like a bit of a dream, and a nightmare at the same time, because now I have to work outside the home during the pandemic and I am afraid of getting sick.”

Posted on

Spotting $62 Million in Alleged P.P.P. Fraud Was the Easy Part

The criminal complaints read like catalogs of luxury bling: a diamond-laden $52,000 Rolex, a gambling spree at the Bellagio, two Lamborghinis, a pair of Cadillac Escalades, a Rolls-Royce. All that and more, law enforcement officials said, was financed through schemes to defraud the federal government’s signature coronavirus relief program for small businesses.

The Justice Department has made at least 41 criminal complaints in federal court against nearly 60 people, who collectively took $62 million from the Paycheck Protection Program by using what law enforcement officials said were forged documents, stolen identities and false certifications.

They are just “the smallest, tiniest piece of the tip of the iceberg,” said Hannibal Ware, the inspector general of the Small Business Administration, which led the program.

But with their ostentatious spending and clearly faked records, those alleged thefts have also been the easiest to spot.

The Paycheck Protection Program, a centerpiece of the CARES Act, poured $525 billion into the economy in just four months before coming to an end. More than five million businesses received loans, which could be forgiven if used for payroll and certain other expenses. Now, that hastily created and frequently chaotic program is entering its next messy stage, one that lenders and government officials expect to take years: the hunt to recapture illicitly obtained cash.

The challenge facing scores of state and federal agencies is enormous. The Small Business Administration’s fraud hotline, which received fewer than 800 calls last year, has already had 42,000 reports about coronavirus-linked graft.

But many of the cases investigators ultimately pursue will not have telltale clues like expensive watches and Italian sports cars bought by people who said their small businesses were in need of help. Future cases will be more thorny, involving owners who tried to exploit gray areas in the program’s rules or the desperation of their employees.

Several workers told The New York Times that their employers had asked them to repay a portion of their earnings or work for free in the future. That wasn’t allowed under the program’s rules.

Under the initial rules, borrowers who wanted the loans forgiven had to spend most of the money within eight weeks. Those limits frustrated many owners, and some appear to have tried to quietly break the rules, according to the workers, who asked not to be identified to protect their livelihoods.

The owners of a Pilates studio in Manhattan told employees that some instructors — who have been running virtual classes since the city shut down gyms — would be paid extra for a few weeks out of the studio’s loan but that their wages would be garnished after in-person classes resumed. Two instructors shared emails with The Times describing the plan, including an all-staff note from the owners that described the payments as “an advance on future work.”

An employee at a speech therapy clinic in Minnesota described how the owner told employees in May that she would use the clinic’s loan to pay them for a 40-hour week — but that if they didn’t have enough client bookings or other projects to fill the time, she would expect them to repay those hours with uncompensated labor later in the year. The boss backed down, the employee said, after the employee consulted a lawyer and told the boss that the plan appeared to be illegal.

And a worker at a dermatology clinic in North Carolina said her boss had used a paycheck program loan to increase the worker’s monthly pay to $7,200 in May — more than she usually made — but then, without warning, began garnishing the worker’s pay the next month. In July, she was asked to sign a document (which she shared with The Times) retroactively agreeing that the money she received had been a loan. To keep her job, she agreed to pay back $250 a month out of her earnings.

Those are among the “more complicated schemes at play,” said Mr. Ware, the inspector general. “We do know that that’s happening,” he said. He declined to discuss it in detail to avoid imperiling active investigations.

One reason those investigations will be more complicated: Congress relaxed some of the rules partway through the program, effectively penalizing borrowers who used up the money quickly to comply with the original rules.

The relief program was intended to quickly disburse billions of dollars in loans of up to $10 million. Virtually every small business in the country qualified, but the government deliberately eliminated many of the hurdles that normally accompany business loans, like a thorough lender verification of the applicant’s tax records and payroll documentation. Treasury Secretary Steven Mnuchin pushed banks to approve and fund loans in as little as a day.

That made the program an irresistible target for thieves.

“Any time you have large amounts of federal aid available, it’s going to bring out all the bad guys,” said Kathryn Petralia, a co-founder and the president of Kabbage, an online lender that handled 297,000 loans for the program.

The arrests started just weeks after the program began in April.

In one case, a Texas man with convictions for forgery and robbery sought loans from six lenders using shell companies with no employees and, in one application, the stolen identity of a wine-shop owner who died in April. He collected $1.6 million and spent hundreds of thousands of dollars on booze, nightclubs, a Rolex and a 2019 Lamborghini Urus, according to the complaint filed against him in federal court in Houston.

Other plots were more complex. In the largest criminal case so far, nine people in Florida and Ohio are accused of paying kickbacks to recruit participants in what was essentially an assembly line for fraud. At one house, investigators said, they found stacks of loan paperwork for more than 80 businesses, filled with forged documents and false claims about the size of the businesses’ payrolls. Banks rejected many of the applications, according to court documents, but at least 42 were successful, netting the defendants more than $17 million.

Lenders said the flurry of indictments were a sign that oversight was working. “The fact that a loan was funded and money was transferred did not necessarily end the scrutiny on that loan,” said David Patti, a spokesman for Customers Bank, which made $5 billion in loans for the program. “There are plenty of investigations going on with many lenders.

In addition to investigations of misused money, lawyers and lenders said, there will be investigations into companies taking loans they didn’t need — a murky area.

In its formal guidance, the Treasury Department said borrowers must be able to show that they could not get access to other loans or cash sources in a way that was “not significantly detrimental to the business.”

“It’s a really gray standard,” said Tyler Woods, a lawyer in Irvine, Calif., who has worked with corporate clients on their Paycheck Protection Program loans. He called that line “the big kicker that I think will get a lot of people out of jail.”

A Treasury spokeswoman said the Small Business Administration had 90 days to review forgiveness applications after they were submitted and would make sure that borrowers had complied with all of the program’s rules.

While all of the loans are subject to review, only those over $2 million will face a mandatory audit. Those are about 29,000 loans — a heavy demand to place on the already overwhelmed agency. The Small Business Administration did not respond to repeated requests about its audit plans.

Mr. Ware said his office, which operates independently from the Small Business Administration, was hiring additional data analysts, auditors and investigators as it braced for an extensive oversight effort.

“It’s going to take years,” Mr. Ware said of the government’s investigative work. “This will be taking up a lot of our time for the foreseeable future.”

Posted on

The Three Abductions of N.: How Corporate Kidnapping Works

A few days before Christmas 2013, Stuart Dempster hired a car to take him from Bangkok to the rural town of Ban Phai, in northeastern Thailand. Mr. Dempster, a 55-year-old track and field coach from Australia, was accompanied by a tall, burly security contractor. The two men were preparing to abduct Mr. Dempster’s daughter.

As they sped north, winding past the mountain-rimmed Lam Takhong reservoir and Khao Yai National Park, Mr. Dempster wasn’t sure what to expect. He had not seen his 5-year-old, N., in almost a year. At home in Brisbane, he had agreed to spend several thousand dollars to hire the contractor, Brad Stilla, through a company called Child Recovery Australia, one of a handful of agencies that reunite parents with children taken by estranged partners. Mr. Stilla met Mr. Dempster at a hotel in Bangkok, after flying in from China, and boasted that he knew kung fu.

Credit…Adam Dean for The New York Times

After several hours, the car pulled up outside Holy Redeemer Ban Phai School, a private Catholic academy on a busy, tree-lined street in the center of town. Mr. Dempster and Mr. Stilla walked toward the entrance — a wide, airy atrium next to a basketball court. Mr. Dempster felt a nervous sensation in his stomach, the way he often did before important races. Inside the school, he asked where he could find N., and a teacher pointed toward a classroom up a flight of stairs. He wondered whether his daughter would recognize him.

Eleven months earlier, Mr. Dempster’s wife, a Thai woman named Atchariya Chaloemmeeprasert, had taken N. to Ban Phai to visit relatives. It was an unhappy time in the marriage: With a 24-year age difference, they argued often and had been sleeping in separate bedrooms. During her trip to Ban Phai, Ms. Chaloemmeeprasert never called home. The day she was scheduled to fly back, her uncle, a Scot who ran a business in Thailand, told Mr. Dempster that she no longer wanted to speak with him. She planned to remain in Ban Phai with their daughter.

“It was difficult to think straight,” Mr. Dempster recalled. “I just thought, ‘Have I done anything wrong?’ Nobody’s perfect, and there’s no hard-and-fast rule for bringing kids up or for relationships. But I had done nothing to justify that.”

There is often little the local police or family courts can do when one parent takes a child overseas without the other parent’s permission. But in Australia, the United States and dozens of other countries, the parent who is left behind can seek the child’s return under a 1980 international treaty, the Hague Convention on the Civil Aspects of International Child Abduction. Countries that adopt the pact agree to help resolve international parental abduction cases by returning children to their “habitual residence,” where local family courts can determine custody.


Credit…Adam Dean for The New York Times

In early 2013, not long after N. vanished into Thailand, Mr. Dempster contacted the Australian attorney general’s office to seek his daughter’s return. He soon became frustrated with the process. The paperwork was complicated. His caseworker was slow to return his messages. And once the Australian government broached the issue with Thailand, local authorities claimed they could not locate Ms. Chaloemmeeprasert. “It’s a failed system,” Mr. Dempster said. “It fails us all the time.”

As the months passed, Mr. Dempster started considering another option. He had read online about bounty hunters who retrieve abducted children — an entire industry of self-proclaimed “recovery agents” who operate in legal and ethical gray zones, snatching children off the street in foreign countries.

A lawyer at the Australian attorney general’s office urged Mr. Dempster to avoid these groups, which often break the law, bribing police and smuggling children across borders. Some parents have lost tens of thousands of dollars to agents who turned out to be dishonest or inept. Even a successful “recovery” can put a child in harm’s way. “Two wrongs don’t make a right,” the lawyer told him.

But Mr. Dempster was impressed by the website of Child Recovery Australia. In late 2013, he traveled along Australia’s Sunshine Coast to meet the company’s founder, a silver-haired private investigator named Colin Chapman, who got his start tracking children for an Australian television network in the 1990s. After listening to Mr. Dempster’s story, Mr. Chapman showed him images of Ban Phai on Google Earth and explained how to obtain a new passport for his daughter.

He said he could arrange a recovery for around $14,000. He told Mr. Dempster to meet Mr. Stilla in Thailand.

When Mr. Dempster peered inside the classroom at Holy Redeemer, he immediately spotted N. at a desk by the window. He picked her up and walked out as Mr. Stilla followed, talking by phone with Mr. Chapman, who was overseeing the operation from Australia. “All right,” Mr. Stilla said, in Mr. Chapman’s recollection. “This is good.”

But the sight of two foreigners removing a small child caused alarm at Holy Redeemer. Taweerart Nilda had taught at the school since Ms. Chaloemmeeprasert and her older brothers attended decades earlier, and she followed Mr. Dempster and Mr. Stilla as they hurried out. She tried to ask what was happening, but Mr. Stilla brushed her away. “They walked in as if they had authority,” she recalled. “They did not care about anything.”


Credit…Adam Dean for The New York Times

Outside, it was a typical Thai winter day — about 70 degrees, with a clear blue sky. Some older students were playing soccer. Ms. Nilda and a few other teachers followed Mr. Dempster and Mr. Stilla through the courtyard, past a statue of Jesus underneath a red-and-white awning. By the time Mr. Dempster and Mr. Stilla reached the street, a crowd was beginning to form. The driver refused to open the car door. Ms. Nilda started pulling N. from Mr. Dempster’s arms. She recalls the girl screaming in Thai: “Help me! I can’t breathe.”

Still on the phone with Mr. Chapman, Mr. Stilla made a futile attempt to use his bulky frame to fend off the teachers and explain that N. was Mr. Dempster’s daughter. “Now what do I do?” he said into his phone.

“How much cash have you got on you?” Mr. Chapman responded. “Start waving that around.”

The confrontation was escalating. Police officers had appeared on the scene. One reached toward Mr. Dempster, who tried to elbow him away, only for the force of the crowd to push them even closer together. A group of male teachers grappled with Mr. Dempster, trying to wrest N. from his arms.

“How long can you hold onto a kid?” Mr. Dempster told me recently. “It was a tug of war, and I thought, ‘This is too much stress for her.’ So I let go.”


Credit…Adam Dean for The New York Times

When people think of kidnappers, they often imagine strangers in dark vans, luring young victims with candy. But most child abduction in the United States happens within families. In 2019, the State Department reported nearly 500 new abduction cases in which parents took their own children overseas. Partly because of its large number of cross-cultural marriages, Australia has a relatively high rate of international child abduction: Parents apply through the Hague Convention to seek the return of as many as 140 children a year.

That legal process is notoriously complex. Some countries, like India, have never signed the Hague Convention. Before Japan agreed to the pact in 2014, it had such a poor record of returning children that it became known as a “black hole” for child abduction. And even when both countries involved in a custody dispute have joined the treaty, the process can take years to unfold. In many Hague cases, countries side with their own citizens, regardless of the evidence.

It’s those weaknesses and inconsistencies that drive some parents to seek a high-stakes shortcut: snatching their children back. There is no official tally of the number of companies purporting to offer “child recovery” services, or of the number of parents who use them. But interviews with child advocacy groups, law-enforcement officials and the companies themselves suggest that the industry is small: a dozen or so agencies active over the last decade, usually executing only a handful of operations a year.

For everyone involved, the industry is fraught with dangers, from scams and scuffles to botched border crossings and international arrests, according to nearly 50 interviews with parents, psychologists, family lawyers, law enforcement officials and child abduction agents. Some agents say they work with local authorities to enforce family court orders. But often they intervene without hearing both sides of the story, sometimes bringing children back to parents who later lose custody in court or who have been accused of domestic violence. A snatchback, even a successful one, can be harmful to a child, leaving psychological scars that last into adulthood. And parents assume much of the risk: A company might conduct surveillance and plot an escape route but require the left-behind parent to physically grab the child.

“It’s an unregulated industry, and we have seen things go very wrong,” said Vicky Mayes, a spokeswoman for Reunite, a British charity that helps parents of abducted children. “It’s just a massive risk for parents to take. It’s a big financial risk, and it’s a big safety risk for themselves and for their child.”

For decades, many parents have worked with agents who have military experience, such as Gus Zamora, an ex-Army Ranger in Florida, and Michael Taylor, a former Green Beret best known for engineering the Nissan executive Carlos Ghosn’s escape from Japan. In recent years, others have turned to companies with names that evoke corporate power, like ABP World Group.

Preston Findlay, a lawyer for the National Center for Missing and Exploited Children, a Virginia nonprofit, keeps a stack of printouts about child abduction companies in a desk drawer. “Not everyone in that drawer is a straight-up concern,” Mr. Findlay said. “Sometimes it’s a group I’ve never heard of. Sometimes they pop up and change names. One group may post a picture that includes a guy who I’ve seen posted on another site.”

Typically, child retrieval groups employ few full-time employees, more often delegating on-the-ground operations to freelancers paid by the day. Many agents advertise aggressively, announcing snatchbacks on social media, granting interviews to reporters, or denigrating industry rivals in long-winded blog posts. In 2015, two operatives for Child Recovery Australia cornered a man in a shopping mall in Malaysia while his ex-girlfriend, the Australian soap opera actress Eliza Szonert, grabbed their 6-year-old son. Mr. Chapman, the company’s founder, filmed the operation, and the video circulated in the Australian media. (Eventually, the father won sole custody in an Australian family court.)

Over the years, a network of middlemen has developed within the industry — lawyers and advocacy groups who put desperate parents in touch with agents, sometimes for a fee. For more than a decade, Eric Kalmus, a Los Angeles businessman who was separated from his own child after he split up with his wife, served as a conduit between left-behind fathers and ex-soldiers who claimed to recover children. For $1,500, Mr. Kalmus would coach fathers to sweet-talk their estranged wives and, if that failed, would refer them to abduction agents in the United States or Europe. Occasionally an operation would collapse and the parent would turn on him.

“I did this because I loved helping people,” Mr. Kalmus said. “Ninety percent of the time it’s great, and then something goes wrong, and I’m the devil. For $1,500, I’m the devil.”

The agents themselves often charge much more, and for parents, the costs can be crippling. Kerry Bartlett, who works as a secretary at a hospital in the London area, sold her house to raise the roughly $60,000 she needed to extract her son and daughter from Northern Cyprus in 2017. When she returned to England with the children, she was homeless and had to move into a government hostel.

“It was my only chance to get the kids out,” Ms. Bartlett said. “I didn’t want anyone to try to dissuade me.”

Even a relatively straightforward operation can cost tens of thousands of dollars. In the spring of 2018, Keith Schafferius, a private investigator in Australia who claims to have recovered more than 100 children over several decades, was hired by an Australian father to get a kindergartner back from Lithuania. One morning, Mr. Schafferius waited outside the mother’s house until she emerged to take the child to school. “We took him off the street, and she screamed and shouted a bit, but we got back over the border,” said Mr. Schafferius, 78.

“It was a fairly simple one,” he said. “I probably cleared about $15,000 out of that.”


Credit…Adam Dean for The New York Times

Not long after the scrum at Holy Redeemer, Mr. Dempster sat in a cafe in Ban Phai, scribbling in a notebook. Once he had let go of N., the police had cut him loose. He was trying to stay positive. In the notebook, he made a list of everything that had gone well. His daughter had recognized him. He was not in trouble with the police.

On a blank page, he wrote, “Next plan for N.’s return.”

Back in Brisbane, he called Sean Felton, the founder of Abducted Angels, a British-based charity offering advice and legal assistance to the parents of kidnapped children. Mr. Felton advised him to contact an abduction agent named Adam Whittington.

A former Australian soldier who later worked as a policeman in London, Mr. Whittington runs Child Abduction Recovery International, a company based in Sweden. He has successfully extracted children across Europe and Asia, once accosting a child’s grandparents in a quiet neighborhood in Poland. At 44, bald and baby-faced, he is personable and eager to please, always prepared with a colorful anecdote about some especially complex operation.

He also has a history of embellishment. He once admitted to using stock images of photogenic children in some of his Facebook posts announcing snatchbacks, although he insisted the operations themselves were real. And four years ago, he orchestrated an abduction attempt that failed so spectacularly that it made headlines in Australia for months.

In 2016, the Australian TV network Channel 9 paid Mr. Whittington more than $70,000 to extract the two children of an Australian mother named Sally Faulkner from Lebanon, where they were with their father. One day that April, a team working with Mr. Whittington seized the children off the street in a Hezbollah-controlled neighborhood of Beirut. “We work a lot in the Middle East,” Mr. Whittington said. “There’s a lot of corruption, which works well for us.” But the Lebanon operation ended in disaster: Before the children could leave the country, the local authorities arrested Ms. Faulkner, Mr. Whittington, and a Channel 9 news crew that had come along to document the operation.

Mr. Whittington spent more than three months behind bars, until he was granted bail and allowed to return to Sweden. (Ms. Faulkner’s children remained in Lebanon with their father.) The botched recovery was embarrassing, and Mr. Whittington’s industry rivals seemed to sense an opportunity. Mr. Chapman, who had traded online insults with Mr. Whittington in the past, denounced Child Abduction Recovery International in the Australian media. “They’ve been a bit arrogant in their behavior,” he told one local journalist. “What were they thinking?”


Credit…Mikael Sjoberg for The New York Times

After leaving prison, Mr. Whittington embarked on an aggressive campaign of retaliation. In long, rambling blog posts, he accused Mr. Chapman of sabotaging the Lebanon operation and claimed that various child abduction agents had scammed desperate parents. Mr. Chapman and the others responded with outrage, claiming that Mr. Whittington has exaggerated the number of children he has retrieved, lied about his finances and forged emails to cast aspersions on rivals.

Mr. Whittington insists his critics are liars. But he freely admits that he has broken laws around the world, and brags about bribing police officers and border officials. In 2014, he was arrested during an operation in Singapore and accused of putting an elderly man in a headlock. “What we do is help kids,” Mr. Whittington said. “That’s the difference between us and criminals. Sometimes we’ll cross the line. But it’s not for a bad cause.”

For all his ire online, Mr. Whittington can be a sensitive listener. When Mr. Dempster called, he was impressed with the agent’s calm demeanor and apparent professionalism. “I felt at ease,” Mr. Dempster said. “I slept better that night.”

Before accepting a client, Mr. Whittington conducts a screening to weed out parents who are violent or abusive. He sends potential clients a detailed questionnaire, looks into their criminal histories, and asks for court orders regarding the custody of their children. Still, he acknowledges that a full background check is impossible. “We can’t pull skeletons out of people’s closets,” Mr. Whittington said. “There are many people who commit domestic violence but never get caught.”

So he also relies on instincts he says he honed during his career in policing — that “funny feeling” he sometimes gets about people. Mr. Dempster quickly passed the test. “You could tell, even by talking to Stuart on the phone,” Mr. Whittington said. “He’s just a lovely guy.”

In the beginning, Atchariya Chaloemmeeprasert also had a good feeling about Mr. Dempster. She met him on a dating website called Thai Love Link when she was in her 20s and had recently graduated college in Bangkok. Mr. Dempster, who was around twice her age and had never been married, told her he was hoping to meet women in Thailand. He was the only foreign man she knew, and at first, she exchanged messages with him mainly to practice her English. Eventually, though, their conversations turned intimate. Mr. Dempster promised to visit her family in Ban Phai, and she was impressed when he followed through.

“I thought, ‘Oh, he must be a good man,’” recalled Ms. Chaloemmeeprasert, a deeply Christian woman who goes by the nickname Tan. “We could talk and understand each other. It’s so easy to make him smile.”

The couple got engaged in Thailand, and when she was about six months pregnant, Ms. Chaloemmeeprasert went to live with Mr. Dempster in Wanganui, New Zealand, where N. was born in March 2008. The family moved periodically, first to the city of Darwin in northern Australia and later to Brisbane. Most of the time, Ms. Chaloemmeeprasert stayed home to take care of N. while Mr. Dempster coached. But they sometimes struggled financially, she said. For a while, she worked at a massage parlor and picked strawberries.

Mr. Dempster and Ms. Chaloemmeeprasert give strikingly divergent accounts of their marriage. When they lived together, she said, Mr. Dempster was different from the charming man who had visited her in Ban Phai. Sometimes, he would fly into a rage and smash dishes or chairs. He also turned on her, she said, kicking her so hard that he left marks. One day in Darwin, he threw a dish against the wall and started strangling her, she said. When his grip loosened, she picked up N. and fled to a neighbor’s house, and then a women’s shelter. Later, she said, Mr. Dempster wrote a letter asking her to come back, and she agreed. “I wanted to have a full family,” she said.

While they were living in Brisbane in 2012, she suspected Mr. Dempster was seeing other women. During one argument, she said, she waved a knife at him, and he filed a complaint with the local authorities, seeking a domestic violence order — a legal document in Australia that essentially serves as a restraining order. Not long after, she responded in kind, filing her own complaint in January 2013, with the help of a friend from church.

At the time, Ms. Chaloemmeeprasert had already scheduled a flight to Thailand with N. to visit her family. She decided not to return. When Mr. Dempster found out she was staying in Ban Phai, she said, he told her, “Do not think you win.”

“He thought it was a competition,” Ms. Chaloemmeeprasert said. “I did not think that way. I just wanted to get away from that situation.”

Mr. Dempster denies that he ever abused or cheated on Ms. Chaloemmeeprasert. He accuses her of “playacting.” When she ran out of the house in Darwin, he said, it was after a verbal argument, not a physical assault. In fact, Mr. Dempster said, he sometimes feared for his own safety, and for their daughter’s. Ms. Chaloemmeeprasert did not merely wave a knife in his direction, he said; she threw one that narrowly missed his leg.

Both Mr. Chapman and Mr. Whittington claim they spoke about elements of Ms. Chaloemmeeprasert’s allegations with contacts in the Australian police, who assured them there was no evidence of abuse. But Mr. Dempster said he often worried that neighbors and other acquaintances would accept his wife’s version of the story.

“You feel so helpless,” he said. “Because who’s going to believe the bloke?”

Mr. Whittington took Mr. Dempster’s case for around $12,000. But it was months before they could try to abduct N. In May 2014, the Thai army toppled the civilian government in a coup d’état. It seemed like an inopportune moment to sneak a child across an international border.

After the attempted abduction before Christmas, N. returned to school in Ban Phai, where she studied English as part of a bilingual program. She lived with her extended family in a white, two-story house with a balcony overlooking a tree-lined street. Meanwhile, Mr. Whittington was laying the groundwork for another snatchback. He traveled to Ban Phai and installed a tracking device on a car belonging to Ms. Chaloemmeeprasert’s mother. By January 2015, he believed he had enough information to grab N., and he and Mr. Dempster returned to Ban Phai.


Credit…Adam Dean for The New York Times

One morning that month, dressed in dark clothing, the men crept into Ms. Chaloemmeeprasert’s yard. N. was by the back door, chatting with her grandmother, who was making breakfast in an outdoor cooking area. Around 7:30 a.m., the two men sprinted toward the house.

“It was as if they emerged from the earth,” the grandmother said. As they approached, she pulled N. closer, but Mr. Dempster pushed her away and grabbed his daughter. Then he leapt over a fence and ran along a dirt road to the getaway car.

“She’s given up, mate,” said Mr. Whittington, panting behind him. “She’s given up way too soon.”

Ms. Chaloemmeeprasert was in the house getting her nephew ready for school when she heard her mother scream. She rushed outside, but Mr. Dempster and Mr. Whittington were gone. She was sure they were on their way out of Thailand. After calling the police, she began to pray. “If I didn’t find her,” she said, “I thought that my heart would have been broken to pieces.”

On a hunch, Ms. Chaloemmeeprasert took a bus to Bangkok and made her way to the New Zealand Embassy, on the 14th floor of an office building. Sure enough, Mr. Dempster and Mr. Whittington had also headed there to get N.’s passport stamped. (The embassy declined to comment on its involvement.) Ms. Chaloemmeeprasert could see her daughter inside, drawing a picture of two people holding hands, next to a cross and a little heart. Embassy officials would not let her enter, so she called the police, who surrounded the building. The standoff lasted for hours. Finally, after the embassy closed around sunset, Mr. Dempster and Mr. Whittington emerged.

“Just let her take N.,” Mr. Whittington told Mr. Dempster later, at the local police station, as he recently recalled. “We’ll get her.”

To her mother’s relief, N., who was then almost 6, did not seem particularly shaken by the ordeal; Mr. Whittington had given her snacks and toys. Hoping to strike some kind of compromise, Ms. Chaloemmeeprasert and her family agreed to meet Mr. Dempster and Mr. Whittington at a Chinese restaurant later that week. “The confidence they had in me wasn’t high,” Mr. Dempster said. But Mr. Whittington had a story ready: Mr. Dempster would move to Thailand to teach English and coach. “I don’t care about Stuart, and I don’t care about Tan,” he told the family. “What we need to sit down here right now and try and negotiate is what’s best for N.”

It was a convincing display. Ms. Chaloemmeeprasert liked the idea of N. growing up with a father. Oddly, she also trusted Mr. Whittington. He had presented himself as a couples mediator, rather than a child extraction specialist. “Adam was an OK man,” she said. “He was a smart guy.” She agreed to let her husband spend a few days a week with N., as long as he handed over his passport before each visit. “But in the end,” she said, “all the good deeds I did gave me nothing back.”

When Mr. Dempster returned to Ban Phai, he came with two passports.

In an industry in which some of the more successful figures have spent time in prison, it can be difficult to tell who is legitimate. Parents frustrated with the legal process and desperate to recover their children are vulnerable to fraud. “This is the nature of the beast,” Mr. Whittington said. “You get vulnerable parents, you’re going to have sharks and scammers.”

In March 2017, a Brooklyn man named Peter Senese was sentenced to three years in prison for defrauding the parents of abducted children. He had collected more than $70,000 from a mother in New York, claiming that he and a team of operatives were in India tracking down her son. In reality, Mr. Senese and his girlfriend were on vacation in Miami.

Walter Wright, an F.B.I. agent who investigated international child abductions during a 25-year career, arrested Mr. Senese at his parents’ home in Brooklyn. As he drove him into Manhattan, Mr. Wright recalled, Mr. Senese started bragging about rescuing children, including one he claimed to have recovered from a cage in Macau. “He’d heard about me and my reputation,” Mr. Wright said, “and he considered us peers.” When investigators examined Mr. Senese’s travel records, they found that he had not left the United States in years.

“There probably could be a lot more cases brought,” said Jaimie Nawaday, a former assistant U.S. attorney in the Southern District of New York who prosecuted Mr. Senese. “That whole industry is very shrouded in secrecy. They have to be breaking laws left and right.”

Sometimes the line between incompetence and outright fraud can be unclear. In 2017, one American father paid an abduction agent more than $55,000 to retrieve his then-3-year-old son from a country in East Asia. But the agent backed out at the last minute, according to an affidavit the father later filed with local authorities, claiming that it was too risky to take the child and that he couldn’t offer a refund because he had already spent the money paying his operatives on the ground.


Credit…David Maurice Smith for The New York Times

Other abduction agents have blamed failed snatchbacks on reckless parents. Mr. Chapman, for example, says that it was Mr. Dempster’s idea to remove N. from school before Christmas 2013 and that Mr. Stilla followed him into the building reluctantly. (Mr. Dempster denies this, and Mr. Stilla did not respond to multiple requests for comment.) But Mr. Chapman said he did not fault his contractor for agreeing to help Mr. Dempster take N.

“People have questioned me — why did Brad do it?” Mr. Chapman said. “I wouldn’t sit in a car and let the bloke do it on his own, either. I’d feel like a coward. And who wants him to do it on his own and be successful? You want to be there, just in case the prick pulls it off.”

There was no tug of war. No snatch in the garden, no sprint to a getaway car. The third time Mr. Dempster fled with his daughter, near the end of April 2015, he picked her up for one of their regular visits and handed over an expired passport to N.’s grandmother. He never retrieved it. Instead, he walked the girl to where Mr. Whittington was parked, waiting to drive them away.

After the failed abduction in January, it seemed unwise to take N. to a major Thai airport. So Mr. Whittington drove several hours to a checkpoint on the border between Thailand and Cambodia. The plan was for Mr. Dempster to fly with N. from Cambodia to Vietnam and on to Australia.

But after passing through the Thai side, Mr. Dempster and N. were turned away by Cambodian border officials, who said there was a problem with their travel documents. Stranded at the border crossing, Mr. Dempster grew flustered. He was attracting attention from locals, who glared at him and N. suspiciously. One woman asked why the girl’s mother wasn’t with them. Mr. Dempster called Mr. Whittington, and they reconvened at another spot near the border.

Mr. Whittington told Mr. Dempster to catch a domestic flight to Udon Thani, a city in northeastern Thailand near the border with Laos. There, Mr. Whittington said, they would meet a local fixer whom he knew from other operations. “Honest, Stuart,” Mr. Whittington said, “I wouldn’t trust this with anybody that I didn’t trust myself.”

At the airport, a man in shorts and sandals greeted Mr. Dempster and N. and ushered them into a Toyota Land Cruiser. “It was like something out of an espionage movie,” Mr. Dempster said. The fixer took them to a spot along the Mekong River, which forms the border between Thailand and Laos, where a flat boat was waiting to transport them. “If you get caught doing things like that, you can get slung in jail for a long time,” Mr. Dempster said. But he climbed inside anyway, his back toward Laos, with N. sitting in front of him and two suitcases perched precariously beside them. Facing backward, Mr. Dempster could not tell how much farther the boat had to travel. “It was a bit unstable,” he recalled. “Every time I would look over, it would shift the boat, so I was going, ‘Oh, God. Where’s the riverbank?’”

The boat reached land safely, and Mr. Dempster was delighted to be out of Thailand. He had always taken a dim view of the country’s culture. Laos felt different. The street signs were in French. The architecture was reassuringly Western. “I felt more at home there, or more comfortable there, because Laos had been colonized by the French, and it had done them a lot of good,” Mr. Dempster said. “Thailand has never been occupied by anyone.”

A few days later, Mr. Dempster and N. flew to Australia. Mr. Whittington sent Ms. Chaloemmeeprasert a thumbs-up emoji — a message she interpreted as a taunt. (He says he was simply assuring her that the girl had made the trip safely.) Mr. Whittington also announced N.’s return in a May 7 Facebook post, claiming that she had been living in “terrible conditions and undernourished” in Thailand.


Credit…Adam Dean for The New York Times

Ms. Chaloemmeeprasert said her daughter was always safe and well cared-for. “They insult my country,” she said. After the snatchback, she fell into a deep depression. She took down decorations in N.’s bedroom and avoided looking at photographs of her. Ms. Chaloemmeeprasert said that she has tried to get in touch with Mr. Dempster, to no avail. (Mr. Dempster said he has not heard from her.)

For a while, losing N. made Ms. Chaloemmeeprasert question her faith. “Why did God allow this to happen?” she asked. “Why didn’t God sympathize with me?” She and her mother visited a fortune teller, hoping to find some kind of spiritual anchor, but no one could make N. reappear. These days, Ms. Chaloemmeeprasert teaches kindergarten in Ban Phai and runs a business selling health supplements. She considered going to Australia to track down N., but her mother told her it would be too dangerous. Every day, she prays that her daughter is safe. “Wherever she is,” she said, “I hope angels take care of her.”

For the last five years, Mr. Dempster has raised N., now 12, on his own. At school, he told me, she recently won a public-speaking award and was invited to serve on a student leadership board. He said he does not regret circumventing the legal process to take her to Australia. “My poor daughter would be 12 and stuck in Thailand if I’d gone by the rules — the so-called rules,” he told me. “Or the right side of the law — so-called.”

Psychologists say that memories of snatches can haunt children into adulthood, making them reluctant to start serious relationships or fearful that their own children might face similar traumas. N. has seen a therapist, but Mr. Dempster said he himself avoids raising the subject of her return from Thailand. “I’d rather it came from her,” he said. “If it comes from me, it looks like I’m trying to prove a point or something.”

Still, he wants to make sure she hears his side of the story. In 2018, he set up a blog chronicling the first two snatchback attempts, as well as the collapse of his marriage to Ms. Chaloemmeeprasert and her allegations of domestic violence. “I would like N. to have the opportunity to read the stories here,” he wrote in an April 2018 post. “When she is capable, and in her own time, I would like her to make her own mind up about what happened.”

Ryn Jirenuwat contributed reporting. Isabella Kwai contributed research.

Read More

Posted on

From Minecraft Tricks to Twitter Hack: A Florida Teen’s Troubled Online Path

For Graham Ivan Clark, the online mischief-making started early.

By the age of 10, he was playing the video game Minecraft, in part to escape what he told friends was an unhappy home life. In Minecraft, he became known as an adept scammer with an explosive temper who cheated people out of their money, several friends said.

At 15, he joined an online hackers’ forum. By 16, he had gravitated to the world of Bitcoin, appearing to involve himself in a theft of $856,000 of the cryptocurrency, though he was never charged for it, social media and legal records show. On Instagram posts afterward, he showed up with designer sneakers and a bling-encrusted Rolex.

The teenager’s digital misbehavior ended on Friday when the police arrested him at a Tampa, Fla., apartment. Florida prosecutors said Mr. Clark, now 17, was the “mastermind” of a prominent hack last month, accusing him of tricking his way into Twitter’s systems and taking over the accounts of some of the world’s most famous people, including Barack Obama, Kanye West and Jeff Bezos.

His arrest raised questions about how someone so young could penetrate the defenses of what was supposedly one of Silicon Valley’s most sophisticated technology companies. Mr. Clark, who prosecutors said worked with at least two others to hack Twitter but was the leader, is being charged as an adult with 30 felonies.

Millions of teenagers play the same video games and interact in the same online forums as Mr. Clark. But what emerges in interviews with more than a dozen people who know him, along with legal documents, online forensic work and social media archives, is a picture of a youth who had a strained relationship with his family and who spent much of his life online becoming skilled at convincing people to give him money, photos and information.

“He scammed me for a little bit of money when I was just a kid,” said Colby Meeds, 19, a Minecraft player who said Mr. Clark stole $50 from him in 2016 by offering to sell him a digital cape for a Minecraft character but not delivering it.


Reached via a brief video call on Sunday from the Hillsborough County Jail in Tampa, Mr. Clark appeared in a black sleeveless shirt, his hair tumbling into his eyes. “What are your questions?” he asked, before pushing back his chair and hanging up. He is scheduled for a virtual court appearance on Tuesday.

Mr. Clark and his sister grew up in Tampa with their mother, Emiliya Clark, a Russian immigrant who holds certifications to work as a facialist and as a real estate broker. Reached at her home, his mother declined to comment. His father lives in Indiana, according to public documents; he did not return a request for comment. His parents divorced when he was 7.

Mr. Clark doted on his dog and didn’t like school or have many friends, said James Xio, who met Mr. Clark online several years ago. He had a habit of moving between emotional extremes, flying off the handle over small transgressions, Mr. Xio said.

“He’d get mad mad,” said Mr. Xio, 18. “He had a thin patience.”

Abishek Patel, 19, who played Minecraft with Mr. Clark, defended him. “He has a good heart and always looks out for the people who he cares about,” he said.

In 2016, Mr. Clark set up a YouTube channel, according to the social media monitoring firm SocialBlade. He built an audience of thousands of fans and became known for playing a violent version of Minecraft called Hardcore Factions, under user names like “Open” and “OpenHCF.”

But he became even better known for taking money from other Minecraft players. People can pay for upgrades with the game, like accessories for their characters.

One tactic used by Mr. Clark was appearing to sell desirable user names for Minecraft and then not actually providing the buyer with that user name. He also offered to sell the capes for Minecraft characters, but sometimes vanished after other players sent him money.


Mr. Clark once offered to sell his own Minecraft user name, “Open,” said Nick Jerome, 21, a student at Christopher Newport University in Virginia. The two messaged over Skype and Mr. Jerome, who was then 17, said he sent about $100 for the user name because he thought it was cool. Then Mr. Clark blocked him.

“I was just kind of a dumb teenager, and looking back, there’s no way I should have ever done this,” Mr. Jerome said. “Why should I ever have trusted this dude?”

In late 2016 and early 2017, other Minecraft players produced videos on YouTube describing how they had lost money or faced online attacks after brushes with Mr. Clark’s alias “Open.” In some of those videos, Mr. Clark, who can be heard using racist and sexist epithets, also talked about being home schooled while making $5,000 a month from his Minecraft activities.

Mr. Clark’s real identity rarely showed up online. At one point, he revealed his face and gaming setup online, and some players called him Graham. His name was also mentioned in a 2017 Twitter post.

Mr. Clark’s interests soon expanded to the video game Fortnite and the lucrative world of cryptocurrencies. He joined an online forum for hackers, known as OGUsers, and used the screen name Graham$. His OGUsers account was registered from the same internet protocol address in Tampa that had been attached to his Minecraft accounts, according to research done for The Times by the online forensics firm Echosec.

Mr. Clark described himself on OGUsers as a “full time crypto trader dropout” and said he was “focused on just making money all around for everyone.” Graham$ was later banned from the community, according to posts uncovered by Echosec, after the moderators said he failed to pay Bitcoin to another user who had already sent him money to complete a transaction.


Credit…Octavio Jones for The New York Times

Still, Mr. Clark had already harnessed OGUsers to find his way into a hacker community known for taking over people’s phone numbers to access all of the online accounts attached to the numbers, an attack known as SIM swapping. The main goal was to drain victims’ cryptocurrency accounts.

In 2019, hackers remotely seized control of the phone of Gregg Bennett, a tech investor in the Seattle area. Within a few minutes, they had secured Mr. Bennett’s online accounts, including his Amazon and email accounts, as well as 164 Bitcoins that were worth $856,000 at the time and would be worth $1.8 million today.

Mr. Bennett soon received an extortion note, which he shared with The Times. It was signed by Scrim, another of Mr. Clark’s online aliases, according to several of his online friends.

“We just want the remainder of the funds in the Bittrex,” Scrim wrote, referring to the Bitcoin exchange from which the coins had been taken. “We are always one step ahead and this is your easiest option.”

In April, the Secret Service seized 100 Bitcoins from Mr. Clark, according to government forfeiture documents. A few weeks later, Mr. Bennett received a letter from the Secret Service saying they had recovered 100 of his Bitcoins, citing the same code that was assigned to the coins seized from Mr. Clark.

It is unclear whether other people were involved in the incident or what happened to the remaining 64 Bitcoins.

Mr. Bennett said in an interview that a Secret Service agent told him that the person with the stolen Bitcoins was not arrested because he was a minor. The Secret Service did not respond to a request for comment.

By then, Mr. Clark was living in his own apartment in a Tampa condo complex. He had an expensive gaming setup, a balcony and a view of a grassy park, according to friends and social media posts.

Two neighbors said that Mr. Clark kept to himself, coming and going at unusual hours and driving a white BMW 3 Series.

On an Instagram account that has since been taken down, @error, Mr. Clark also shared videos of himself swaying to rap music in designer sneakers. He was given a shout-out on Instagram by a jeweler to the hip-hop elite, with a picture showing that Mr. Clark, as @error, had purchased a gem-encrusted Rolex.

Mr. Xio, who became close friends with Mr. Clark, said the April run-in with the Secret Service shook Mr. Clark.

“He knew he was given a second chance,” Mr. Xio said. “And he wanted to work on being as legit as possible.”

But less than two weeks after the Secret Service seizure, prosecutors said Mr. Clark began working to get inside Twitter. According to a government affidavit, Mr. Clark convinced a “Twitter employee that he was a co-worker in the IT department and had the employee provide credentials to access the customer service portal.”

For help, Mr. Clark found accomplices on OGUsers, according to the charging documents. The accomplices offered to broker the sale of Twitter accounts that had cool user names, like @w, while Mr. Clark would enter Twitter’s systems and change ownership of the accounts, according to the filings and accounts from the accomplices.


Credit…Jim Wilson/The New York Times

The hack unfolded on July 15. A few days later, one accomplice, who went by the name “lol,” told The Times that the person they knew as the mastermind began cheating the customers who wanted to covertly buy the Twitter accounts. The hacker took the money and handed over the account, but then quickly reclaimed it by using his access to Twitter’s systems to boot out the client. It was reminiscent of what Mr. Clark had done earlier on Minecraft.

When Mr. Clark’s online acquaintances learned he had been charged with the hack, several said they were not surprised.

“He never really seemed to care about anyone but himself,” said Connor Belcher, a gamer known as @iMakeMcVidz who had previously teamed up on a separate YouTube channel with Mr. Clark before becoming one of his online critics.

Susan Jacobson contributed reporting from Tampa, Fla. Sheelagh McNeil and Jack Begg contributed research.