Riddhi Desai misconduct - update February 24, 2008
[See the e-mails describe in this article - links at bottom of page]
What a difference a month can make! Since the last update, I've found a new job, bought a replacement car, worked out arrangements for my mortgage and other bills, caught up the child support, and have begun the slow process of re-building my credit. There are still many problems left to solve, but law enforcement and other agencies have stepped up and helped. Throughout it all my relationships with both Jennifer and Sophia have strengthened, and we're beginning to look ahead further into the future than just the next paycheck.
As for Riddhi Desai, her problems are deep to the bone (what was it my grandfather said? "You can't make a silk purse out of a sow's ear, even if you give the pig a law degree"), and so that situation goes on as it did. There was a short lull in her thefts of my identity just before the update I published January 28th, 2008. Suddenly, around February 5th there was an onslaught of online purchases, memberships, and appointments made in my name (see the images below) from IP addresses belonging not only to Riddhi Desai, but to some of her friends and associates (see more about IP addresses below).
Based on the information we've gleaned, it appears that there were two motivations for the latest activity - anger on the part of Riddhi Desai in response to the update I posted, and an attempt to make it appear that the identity theft was coming from more than one source (Riddhi Desai's actions to this point have been nothing if not transparent).
Looking at the list of e-mails in the next web page, those of you who are really mad at someone and under the age of twelve, or who think Brittany Spears is a classy lady, might also think that these kinds of immature antics are funny, or even something you'd engage in if you thought you wouldn't get caught. Hey, there's no accounting for taste - that's why IQ numbers include values under 100.
Certainly, I hope all readers would agree that if you did something that immature, you wouldn't want everybody in world to know what you did. That would be especially true (I would think) if you were a lawyer or other professional. To avoid embarrassing yourself or even losing your career, here's some friendly advice from someone who has made his living programming computers for twenty years: Learn something about the Internet before doing anything as stupid as what Riddhi Desai and her friends have done!
First, at any moment in time in the entire world, only one computer can be logged on to the Internet using a particular IP address - that IP address sends a message to another computer using a specific and detectable route (called "hops") through servers than have known physical locations and store information about the computers they serve. This information is available to law enforcement, other agencies, and certain private entities. If you know what time a particular IP address was used on the Internet, it is possible to identify the computer that sent the message as well as its geographic location (more about this later).
Therefore, don't to Gmail or Hotmail to register for an e-mail account in some other name to hide your identity or pretend to be someone else (and don't believe for a moment you are the first to think of that idea!). When you sign up for such an account, information about your IP address and other information is recorded, along with whatever false information you are providing thinking you are clever - as concise and complete a smoking gun as there could possibly be. Side-by-side with your real IP address and logon time are the phoney credentials and information you provided.
And certainly don't go ordering items in someone else's name when you can't provide a credit card or checking account information - about twenty percent of the world's population are absolute morons, and every one of them that has access to a computer has tried this to get back at someone. Therefore, Web sites that accept orders under those circumstances are well prepared and record everything about the computer placing the order. When a fraud is attempted, those companies are very cooperative with the person whose identity has been stolen, and will provide that information to them. Once an accomplished computer programmer has your IP address and the knowledge you've committed a crime against him or her, well... let's just say you've put yourself at the mercy of someone who knows what you did and how to correct the problem in ways that are not going to make you happy. If he or she is real mean about it, he or she won't even tell you that you've been caught.. imagine the fun he or she could have in the meantime with all of the stuff that's stored on your computer.
That's the situation I am in. I can exact more satisfaction from the criminals who stole and abused my identity by not revealing everything I know - about them, about what's on their computers, about their own identities. You see, as luck would have it I happen to be the inventor of a product called ScreenSender (www.ScreenSender.com) I've been working on for about a year now. ScreenSender has the express function of sending information about a computer to another computer covertly! Its purpose is perfectly honorable - it is intended to monitor and thereby protect teenagers, employees, and loved ones from bad behaviors (by them or by others) on a computer. It is also intended for law enforcement and other authorities to install on and protect public computers, to monitor computer activity by criminals, and to record visual and keyboard computer activity for playback and education. It is, therefore, the perfect tool to explore and expose an identity thief whose IP address I happen to know. Oh, and by the way, I forgot to mention the nature of my new job - I am a software engineer and manager-in-training for a company that does electronic data discovery for lawyers. 'Electronic data discovery' is the process of extracting documents and other material from a computer's hard drive for the discovery process leading to trial.
Again, I am going to keep to myself some of the information I've obtained about the computers used by Riddhi Desai and her friends and associates to steal and abuse my identity. But as an illustration to show the validity of what I've stated above, I will share one real example from the harassing activities an associate of Riddhi Desai's engaged in. This is the message as I received it from About.com:
In this case, the web site was suspicious about the nature of the subscription, and voluntarily provided the IP address in its confirmation message (usually you have to ask them for it, though many are now bouncing back the information to the e-mail address the identity thief provided). Now that we have the IP address and know the approximate time (these e-mails are generated automatically immediately after an online transaction, and so are accurate nearly to the minute), what can we do with it?
I have access to more sophisticated tools through a friend, but for the purposes of demonstration we'll use a web site that's publicly available (http://www.networldmap.com) to provide a map to our identity thief's location:
A more sophisticated tool tells me the specific address, but telling you the address now ruins the suspense (smile) - for the purposes of this demo, we'll pretend we don't have an exact address, or we don't know who or what is at that address. We do know our identity thief is in Sugar Land, so let's see who owns the block of IP addresses that includes the identity thief's. We'll use the free public ARIN lookup database (there are several others, as well):
This confirms that the address my first tool gave me, which was One Fluor Daniel Drive, Sugar Land, TX 77478-3899 U.S.A., is accurate. OK, now we know that our identity thief works for Fluor Daniel in Sugar Land (and in addition to being an identity thief, this person steals company resources to cruise the Internet on company time - the activity that this e-mail was responding to occurred at 8:21 in the morning on a Wednesday). When someone is so dumb they use a computer where they work to break the law, catching them winds up being easy - all we have to do is contact Fluor Daniel, show them the e-mail, and have them tell us who was assigned to that machine at that time (employers hate being sued for identity theft, and will willingly provide the information). From that, we know their relationship to Riddhi Desai, and so on.
There are many other ways to get information from an IP address and a logon time. Tools like VisualRoute 2008 will tell you who the network provider for the identity thief is (in this case, AT&T), and from that point you can get the person's identity from private investigators or law enforcement through the physical location, IP address, and internet provider, or wait until you catch the offender online (via continuous traceback) and use VisualRoute 2008 to identify them (here I've hidden the identity of the offender):
Here's yet another way we can catch our identity thief - Simply Google or Yahoo! Search the IP address itself. In the demo here, you'll find that our Sugar Land Fluor Daniel employee surfs the Internet a LOT on company time - we have him going to a Baltimore Sun website checking out an article on the Baltimore Police department, rendering opinions on whether a 302 blower is sufficient for the 351 Ford engine, a Jesus-freak site (what kind of a Christian steals identities?) and this item where we can get his e-mail address (the red rectangles were added by me) as fishjjhunt@sbcglobal.net:
Apparently, this rocket scientist enjoys doing really stupid things when he thinks he's anonymous - he trashed his own company's Wikipedia entry by adding brown-nosing glop:
So we have ourselves a real pud-pounder here, the kind of a guy who drives a 6-year-old gas-guzzling pickup but never hauls anything but the lard on his butt, and who probably wears a hat indoors (for what? to protect his head from the snow falling inside here in Houston?). We learn that his first name is Bill from this website:
More than likely, this is a shared computer or a wirelss connection used by several people (all surfing the Internet on company time), possibly in shifts. Several people using different names all had nothing better to do than post jokes on-line using that computer (these were posted in the evening, the previous ones during the day at the same time the identity-theft e-mails were sent):
From this point, we Google and Yahoo! Search the e-mail address, and so on... Because we know this is a company computer (and the company was more than likely not at fault) we're not going to install any monitoring software on their machine. Instead, we'll write a letter and let Fluor Daniel management and the Sugar Land Police sort it all out:
Had this been an individual (especially one who was violating a public trust - don't you just hate when that happens?) we would handle it differently, as we have for some of the other identity thieves. It is a little more work to get the connection information from a public wireless connection, dialup connection, or private computer on a DSL or cable connection than it is when you're dealing with a company computer, but the tradeof is that once you have that information you can accurately identify a single user without assistance. It is very easy when the company and the person are the same or the company has few employees, as with a law office.
It should be obvious to you that from an IP address I can find you. Let me sum it up for you - identity theft is a crime, and if you use the Internet to perpetrate it, you will be caught. And in case you think any of this is funny, or you think this is a minor crime for an attorney to be engaged in (or as an attorney, you've done worse), you should consider what else has been going on while Riddhi Desai has been playing childish games:
1. The information in this article, as well as additional information about perjury committed by Riddhi Desai and Yi Jian in documents put before the USCIS, has been forwarded to USCIS (the federal immigration and naturalization service);
2. An identity theft complaint has been filed against Riddhi Desai with the Federal Trade Commission;
3. A complaint has been filed with the Federal Bureau of Investigation regarding fraud caused by the identity theft committed by Riddhi Desai;
4. Products have been ordered, invoiced, delivered and returned as a result of the identity theft practiced by Riddhi Desai - this has left a thorough paper trail of each incident;
5. A complaint has been filed with the Texas Bar Association regarding Riddhi Desai's identity theft and other illegal and unethical activities.
6. A complaint has been added to an existing Sugar Land police report on Riddhi Desai's involvement in a bank fraud that resulted from her identity theft activities.
Additionally, I will persist in seeking justice for my family and myself until I am satisfied that all persons who participated in, covered up, or profited in any way by these crimes are held accountable. Those who know me understand this is not a statement you should dismiss. I have a long history of eventual success in pursuing these kinds of things.
Finally, in the next page is a sampling of some of the latest round of e-mails resulting from identity theft by Riddhi Desai and/or her friends and associates (these include everything from membership in clubs for menopausal women, to to loan applications for cars, to orders for DVDs and magazines - she even threw in an AARP identity-theft handout request!). For the record, I am not a smoker, already bought a car two months ago, I don't use a mobility scooter, I would never do plastic surgery, my house is already clean, the only identity thief I've ever known (Riddhi Desai) has already done her damage, I am not menopausal or female, I am not diabetic, I need no medical services, I have enjoyed a passionate, supportive, and healthy relationship with Jennifer for over two years now (in other words, I'm not looking for a date), I burn any DVDs I want myself, I read any magazines I want on-line, I don't own a cat (or dog), and I'm not a Hillary Clinton supporter. I've responded to each of the e-mails in the next page with a stock response that goes something like this:
I ordered no magazines from you - these are being ordered by an identity thief by the name of Riddhi Desai in my name without my permission. See http://www.babystealer.com for the details.
Please take the subscription out of my name and send all bills to the identify thief herself:Riddhi Desai
riddhidesai@msn.com
7322 Southwest Fwy #2020
Houston, TX 77074
(713) 779-9898Regards,
Scott DeaverSee the February 24, 2008 Update E-mails
See March 3, 2008 Update (Identity Thief Caught!)
Return to the January 28, 2008 Update