Internet Changes Everything: Online crime Archives

Category Archive

December 08, 2006

UK Net Boffins Targeted

Sky News: Net Crime Gangs Using 'KGB Tactics'

Updated: 08:56, Friday December 08, 2006

Internet crime gangs are using "KGB-style" recruitment tactics to snare talented computer students from British universities.

Security technology company McAfee also said children as young as 14 are being drawn into cybercrime by the promise of "celebrity status" among their peers.

The company's second annual report on internet organised crime included input from the FBI and European hi-tech crime units.

It suggested gangs were approaching top students and graduates from leading academic institutions to provide vital IT skills.

These tactics echo those of Russia's KGB and other countries' intelligence agencies during the Cold War.

"Cybercriminals are actively approaching students and graduates of IT technology courses to recruit a fresh wealth of cyber skill to their ranks," said the report.

It indicated cybercrime had won a "cult" following among hackers, with some online offenders reaching almost celebrity status.

McAfee security analyst Greg Day said: "Cybercrime is no longer in its infancy, it is big business."

December 8, 2006 at 10:45 PM in Online crime | Permalink | Top of page | Blog Home

September 10, 2006

Suspicions and Spies in Silicon Valley

Scandal at HP: The Boss Who Spied on Her Board - Newsweek Business - MSNBC.com

In a business saga, how Pattie Dunn's obsession with trying to root out the source of press reports ended with the covert tracking of directors' phone records.
By David A. Kaplan
Newsweek

Sept. 18, 2006 issue - It was supposed to be an easygoing celebration of a coronation. In early 2005, after Mark Hurd had been chosen to be Hewlett-Packard's new chief executive officer, he and his wife joined chairman of the board Patricia Dunn and her husband at the Marin County home of director Tom Perkins. Sitting on a lush hilltop overlooking the Golden Gate, they dined and wined in honor of what they hoped would be a new era for HP, an icon of Silicon Valley that had been through much recent turmoil, including the ouster of high-profile CEO Carly Fiorina. After dinner, they moved to the huge living room. Before a blazing hearth, looking out at the stunning view of San Francisco Bay, Dunn wanted to talk shop with Hurd. As Perkins tells the story—Dunn declined to comment—the spouses were bored silly. So was Perkins. He went off to his study to get his prized radio-controlled helicopter, and proceeded to buzz Dunn's head. The spouses were in stitches. Perkins circled the toy helicopter for another mischievous pass. Dunn just kept on talking about regulatory issues and other arcana of management. "Pattie!" Perkins asked: "Didn't you just hear something zooming over your head?" Her answer: "I just thought it was the dishwasher running."

The funny little vignette suggested to Perkins that he and the chairman had entirely different MOs. Little did he realize that about a year later their styles and priorities would collide to create a boardroom scandal that would shake the company that was once lionized in the Valley. At the same time, it would mezmerize corporate America, as other business leaders wondered how HP could have been involved in activity the California attorney general calls "colossally stupid," no matter how well intentioned, and may well result in criminal charges.

HP has now admitted to spying on its own directors' personal phone records in order to root out a leaker. It did so by using private investigators who engaged in "pretexting"—calling up phone companies and impersonating directors seeking their own records. HP late last week additionally admitted to spying on the phone records of nine journalists, including at The New York Times and Wall Street Journal, some of which date to 2005. HP's Dunn stands accused of orchestrating the investigation. Perkins quit in a rage over the surveillance and wants Dunn out as chairman; HP is painting him as an angry traitor with a vendetta against Dunn. Lying, spying, name-calling, finger-pointing—all of it is a tragicomedy that Shakespeare might've penned had he gotten an M.B.A.

Perkins and Dunn surely are contrasting archetypes in the rich backstory of Silicon Valley. At 74, he's the nonpareil behind-the-scenes venture capitalist with a larger-than-life array of extracurriculars. His Kleiner Perkins Caufield & Byers firm is the Medici of the Valley, bankrolling such home runs as Genentech, Google, Netscape and Amazon. He performs the financial alchemy of converting millions to billions when start-ups go public, in the process making VCs like himself centimillionaires. Out and about, he was the fifth husband of romance novelist Danielle Steel. He's just launched the 287-foot Maltese Falcon, the largest and most expensive private sailboat ever built; last year he wrote his own bawdy novel, "Sex and the Single Zillionaire"; in 1996 he was convicted of involuntary manslaughter for his involvement in a sailing collision off the coast of France that resulted in the death of another regatta participant (he paid a $10,000 fine and individuals on the other boats were convicted as well).

Dunn, 53, is less prominent in the Valley's Zeitgeist, yet is a success story in her own right, as well as a profile in courage for her fight against cancer. She was raised in Las Vegas, where her father did bookings for casinos. Her mother was a showgirl at the Copacabana. While Dunn met the rich and famous, her family didn't have a lot of money. Her father died when she was 12, her mother had emotional problems, and Dunn and her sister basically raised their younger brother after they moved to the Bay Area. Dunn majored in economics and journalism at Berkeley, and—your punch line here—hoped to become an investigative reporter, her sister Debbie Lammers says. Dunn eventually wound up as a temp typist at an investing firm that was later acquired by Barclays, at which Dunn began her career climb.

In recent years, as vice chairman of a division of Barclays, she has become wealthy enough to own property in the East Bay and Hawaii, as well as a Shiraz vineyard in Australia. But in the midst of her Barclays and HP duties, she has faced repeated health crises. She was diagnosed with breast cancer in 2000 and melanoma two years later. Those struggles have been widely reported, but Dunn confirms that she was diagnosed with Stage IV ovarian cancer in 2004. Last month, after doctors discovered a malignant tumor in her liver, she underwent extensive surgery. Dunn says she has kept the HP board apprised of her health, and her sister says she marvels at Pattie's "willpower" and ability to "survive beyond doctors' expectations." Six weeks after her 2004 surgery, Dunn kept a promise to her family to hike across the Sydney Harbor Bridge in Australia. Before her most recent surgery, she stopped at her vacation home in Kona and played 27 holes of golf.

Dunn is demonstrably tough. Whether she was wise is a different question. "If I did anything stupid, it's not because I have cancer or was receiving chemotherapy," she tells NEWSWEEK. Perkins himself calls her "nobody's fool"—deft at running annual meetings and a tough questioner. Early in their time together on the HP board, Perkins and Dunn got along and were actually allies: they were part of the team that lured Hurd to HP from NCR. But their different outlooks as directors could not help but emerge. Perkins, the venture capitalist, thought in broad strategic strokes, preferring to leave the details to others. Dunn thought the core of her job was to dot the I's and cross the T's—to keep her board process-driven rather than personality-driven. It drove Perkins nuts. It kept making him think of that helicopter. He recalls a meeting in his office with her in which he wanted to discuss how to compete better with Dell, IBM and others. According to Perkins, she was fixated instead on her discovery that there were inconsistencies between HP's bylaws and the Corporate Directors Handbook. Those inconsistencies then occupied hours of discussion at subsequent board meetings. "Intel might be kicking the crap out of us," Perkins says, "but that didn't seem to matter."

That's an overstatement. In the new world of corporate governance after Enron and other business implosions, good corporate governance isn't just a swell idea, but a legal requirement. And corporate watchdogs give the HP board high marks for independence. The chairman deserves credit for the high marks. Meanwhile, the company's profits have risen, and its stock price has soared. The supreme irony now, of course, is that being a stickler for proper procedures doesn't seem to have worked out so well for Pattie Dunn. An obsession with leaks to reporters could have happened at any company, especially at one with all the intrigue HP had faced during Carly Fiorina's tenure. It's not a function of Silicon Valley and it's got nothing to do with the details of corporate minutiae. The Dunn-Perkins mess is about what drives most conflict: human emotions.

The HP board of directors has long been a leaky ship. During the embattled reign of Fiorina—HP's flashy CEO who was forced out nearly two years ago—a blow-by-blow account of a board retreat, held off-site to discuss the company's most sensitive problems, appeared in The Wall Street Journal. Furious, Fiorina laid down the law to board members: the leaks had to stop. For a time it appeared that the leakers, whoever they were, had gotten the message.

But then, in January 2006, the online technology site CNET published an article about HP's long-term strategy. While the piece was upbeat and innocuous, it quoted an anonymous HP source and contained information that could've come only from a director. It was the last straw for Dunn, who by then had been elected non-executive chairman of the board. Dunn was incensed that the drip-drip-drip of information out of the boardroom continued. She wanted to know the leaker's identity, but she would not supervise an investigation herself.

Dunn referred the matter to HP's general counsel. In turn, that office contracted out the investigation to security experts who recruited private investigators who then took the extraordinary step of spying on the phone records of all the directors (including Dunn), as well as journalists (including the CNET reporter). These were not the records of calls from HP offices, but the records of calls made from personal accounts—like Perkins's home in Marin County. It was classic data mining: HP's consultants weren't actually listening in on calls—all they had to do was look for a pattern of contacts.

It is not uncommon for companies to monitor the phones and computers of their employees. Indeed, in the wired age, most employees don't realize how much privacy they sacrifice. But pretexting goes a step beyond. The investigators use your ID—typically, the last four digits of your Social Security number—to obtain your phone records from unwitting phone companies. Last week California Attorney General Bill Lockyer said he has decided a crime was committed, though he hasn't concluded by whom.

In an interview with NEWSWEEK, Dunn says she was aware HP was obtaining the phone records of suspected leakers as long ago as 2005. But she says she didn't know about the pretexting until late June, when she saw an e-mail to Perkins from HP's outside counsel, Larry Sonsini. "I was told it was all legal," she says. She now acknowledges that HP's tactics were "appalling" and "embarrassing," but says the current "brouhaha" grew out of a personal dispute between her and Perkins.

Dunn insists Perkins was just as eager to learn the identity of the leaker as she was. "Tom was the most hawkish member of the board for plugging the leaks, which he thought were coming from management. He advocated the use of lie-detector tests." Perkins disagrees. He tells NEWSWEEK that Dunn brought up the idea of lie-detector tests and that he volunteered to take one. "I thought it would be a kick—great for my next novel," he says. But he pointed out that if word leaked out an HP director had to take a lie-detector test, it would be a "catastrophe."

It remains unclear exactly what Dunn knew and when she knew it. The California attorney general will want to know if Dunn intentionally avoided knowing about the details, like a head of state who wants "plausible deniability" while ordering an assassination plot. (An ancient model, cited by old CIA hands, is Henry II. When he wanted to get rid of the Archbishop of Canterbury, he simply muttered in front of his knights, "Will no one rid me of this troublesome priest?")

In any case, Dunn sprang the identity of the leaker at a meeting of her fellow directors on May 18, at HP headquarters in Palo Alto, Calif. Meeting in the nondescript first-floor boardroom, Dunn laid out the surveillance and pointed out the offending director, who acknowledged being the CNET leaker. He was 66-year-old George (Jay) Keyworth, a science adviser to President Reagan and the longest-serving HP director. Thunderstruck, Keyworth apologized but said to the board, "I would have told you all about this. Why didn't you just ask?" Keyworth was asked to leave the room and did so. Close to 90 minutes of discussion followed. Hurd, the CEO, reportedly was asked by one director how he would handle a leak by an employee. "I would have no choice but to fire him," Hurd replied.

Other directors were noncommittal, according to Perkins. They included Larry Babbio, the president of Verizon—the phone company that has aggressively sought to protect the privacy of its customers' records. (Babbio, through a spokesman, declined to comment.) Perkins says he was the only director who rose to take Dunn on directly. Perkins told the directors he was enraged at the surveillance, which he called illegal, unethical and a misplaced corporate priority. "Pattie, you betrayed me," he says he railed at Dunn. "You and I had an agreement that if we found out who did this, we would handle it offline without disclosing the name of the leaker."

Dunn now charges that Perkins was just trying to protect his friend Keyworth. "He's angry that I stood in his way to cover up the results of our investigation and the identity of the leaker." Perkins dismisses the charge as a red herring—corporate spin to obscure larger issues. There may indeed be deeper issues at work. Dunn tells NEWSWEEK that Perkins has been agitating to vote her out as chairman for a while. At times, he had been. Inevitably their styles just clashed. Perkins is used to being king of the hill, even though he's never been a CEO. Venture capitalists routinely call the shots from behind the scenes in Silicon Valley, and Perkins is the most powerful VC of them all.

Whatever Perkins's motivations, he acted as if he were onstage in a melodrama. After a divided board, by secret written vote, passed a motion demanding that Keyworth resign, Perkins picked up his papers, grabbed his briefcase, walked out and zoomed off in his Porsche Carrera GT. "I quit!" he said as he stalked out. "I'll not be party to this. I'm resigning." Keyworth re-entered the room and learned he was being told to leave. He refused, saying it was up to shareholders to make such a decision. "We can ask him, but we can't make him," Ann Baskins, HP's general counsel, told the board. (Keyworth remains on the board even now, though HP announced last week it would not recommend him for re-election by shareholders come March; he declined to comment for this article.) After Perkins left the room, the rest of the board's agenda was scrapped and the meeting was thrown into chaos.

When Perkins returned to his office, he soon got a call from Sonsini, the best-known, most powerful lawyer in Silicon Valley. Baskins had called Sonsini at his nearby office and asked him to rush over. As Perkins tells it, Sonsini asked him, "How can I characterize this, Tom? May I say you're resigning for personal reasons?"

"No, Larry, you cannot."

"May I say it's a disagreement with Pattie?"

"Sure, but don't you dare say I resigned to spend more time with my children."

In media mentions a few days after the May 18 meeting, Perkins's resignation was noted, but without explanation or any indication that his exit was a form of protest. This began nearly four months of warfare between HP and Perkins about whether the surveillance would ever come to public light. Any time a director resigns from a public corporation, federal law requires the company to disclose it in an SEC filing. If the director quits because of a major "disagreement" with the company, the reason has to be disclosed as well. HP reported Perkins's resignation but not the reason for it. It was the Perkins-Sonsini phone call, according to HP, that allowed the company to give the SEC no explanation. "I gave them the opening not to disclose," Perkins now says. "I'm no SEC lawyer." Sonsini did not return calls from NEWSWEEK.

A few days later, Perkins was off to south Florida to promote his bawdy novel. His publisher had set up a contest with Romantic Times magazine, with the lucky winners getting a chance to have dinner with bachelor Tom. From Daytona Beach he was off to Istanbul, where he was preparing his superyacht for its sail trials in the Mediterranean. He fumed that the reason for his resignation had not yet come out, and he felt constrained from going public himself. Over time, in e-mails with Sonsini and communications with the board, he escalated his attempts to force SEC disclosure, as well as to get federal and state officials to investigate HP's spying on personal phone records; the FTC, FCC and federal prosecutors have now begun investigations. Perkins hired his own lawyer, Viet Dinh, a former Bush administration lawyer who had helped draft the Patriot Act.

Perkins had concluded that Dunn had to go. He even e-mailed her so. According to Perkins, she told him no. (Dunn recalls only that "Tom wrote to disinvite me from the launch party of his boat" on the Italian Riviera in mid-July.) But Perkins was hardly all-consumed with the battle. The day before his $100 million sailboat departed for its maiden voyage, the government of Turkey threw him a reception at the Imperial Palace. Perkins decked out the Falcon with signal flags adorning the deck from bow to stern, across the tops of the three 190-foot masts. The playful message spelled out in nautical-speak: "Rarely does one have the privilege to witness vulgar ostentation displayed on such a scale."

Perkins came to learn more about HP's use of pretexting. He discovered that he himself was hacked. In an Aug. 11 letter to Perkins that he demanded, an AT&T attorney explained that Perkins was a victim of pretexting in January 2006, just at the time Dunn decided to find the leaker. The AT&T letter explains that the unnamed pretexter who got details about Perkins's home-telephone usage was able to provide the last four digits of Perkins's Social Security number, and that was sufficient identification for AT&T. The impersonator then persuaded a customer-service rep to send the records electronically to an e-mail account, mike@yahoo.com, that on its face had nothing to do with Perkins. Records for Perkins's long-distance AT&T account were similarly obtained, but it was by redsox9855@yahoo.com. Both e-mail accounts are registered to the same Internet Protocol address, but AT&T says it doesn't know the identity of the user.

In mid-June, according to a letter Perkins sent to the full HP board, Perkins contacted Sonsini and asked him to look into the Dunn investigation. In an e-mail to Perkins obtained by NEWSWEEK, Sonsini acknowledged that Dunn's security consultants "did obtain information regarding phone calls made and received by the cell or home numbers of directors" and that it was "done through a third party that made pretext calls to phone-service providers." That was the first time Perkins had heard the word "pretexting."

Sonsini's e-mail emphasized that the consultants engaged in "no electronic surveillance," "no phone recording or eavesdropping" and "no recording, review or monitoring of director e-mail." His initial legal defense of pretexting was that it is "apparently a common investigatory method" and that "there was no 'secret spying,' i.e., no electronic gear, listening devices, etc." In its SEC filing last week, HP stated that the outside counsel had concluded that the use of pretexting "was not generally unlawful," but that counsel "could not confirm that the techniques" used by pretexters in the HP investigation "complied in all respects with applicable law."

Sonsini's legal tiptoeing intrigued Perkins for two reasons: it seemed to raise so many non-issues in Perkins's mind, and Perkins had also never heard of the pretexting that Sonsini admitted to. But it was only after he says HP then refused his repeated requests to take action that he eventually decided to approach a host of government agencies, as well as prosecutors in California and New York. By early September, HP scrambled to go on the offensive, and made a filing last week to the SEC, laying out the pretexting story for public consumption. The story exploded in the press (first in a piece on NEWSWEEK.com). Dunn called an emergency board meeting, which—by the time this story appears—may have called for her resignation. Dunn, interviewed by NEWSWEEK on Saturday, was philosophical. "My goal in this job was to help the board overcome its conflicts. I was unsuccessful. I wanted to show that two people at opposite ends of the spectrum could work together. That was naive."

Next week Dunn is scheduled to be inducted into the Bay Area Business Hall of Fame. Perkins is already a member. Maybe the two adversaries can reconnect at the induction ceremony—and exchange phone numbers.

With Karen Breslau, Brad Stone, Nadine Joseph, Daniel McGinn and Dana Gordon

Update: A source close to Hewlett-Packard tells Newsweek that HP's emergency board meeting was adjourned late in the afternoon on Sunday (ET) without any decision being reached on the possible resignation of Patricia Dunn as chairman. The source, who requested anonymity because of the confidentiality of internal board proceedings, said the HP board would reconvene late Monday afternoon.

Editor's Note: David A. Kaplan is writing a book for HarperCollins about Perkins's superyacht.

URL: http://msnbc.msn.com/id/14736379/site/newsweek/

September 10, 2006 at 10:56 PM in Online crime | Permalink | Top of page | Blog Home

August 06, 2005

Internet Scammers Keep Working in Nigeria

Internet Scammers Keep Working in Nigeria - Yahoo! News

By DULUE MBACHU, Associated Press Writer 1 hour, 6 minutes ago

LAGOS, Nigeria - Day in, day out, a strapping, amiable 24-year-old who calls himself Kele B. heads to an Internet cafe, hunkers down at a computer and casts his net upon the cyber-waters

Blithely oblivious to signs on the walls and desks warning of the penalties for Internet fraud, he has sent out tens of thousands of e-mails telling recipients they have won about $6.4 million in a bogus British government "Internet lottery."

"Congratulation! You Are Our Lucky Winner!" it says.

So far, Kele says, he has had only one response. But he claims it paid off handsomely. An American took the bait, he says, and coughed up "fees" and "taxes" of more than $5,000, never to hear from Kele again.

Festac Town, a district of Lagos where the scammers ply their schemes, has become notorious for "419 scams," named for the section of the Nigerian penal code that outlaws them.

In Festac Town, an entire community of scammers overnights on the Internet. By day they flaunt their smart clothes and cars and hang around the Internet cafes, trading stories about successful cons and near misses, and hatching new plots.

Festac Town is where communication specialists operating underground sell foreign telephone lines over which a scammer can purport to be calling from any city in the world. Here lurk master forgers and purveyors of such software as "e-mail extractors," which can harvest e-mail addresses by the million.

Now, however, a 3-year-old crackdown is yielding results, Nigerian authorities say.

Nuhu Ribadu, head of the Economic and Financial Crimes Commission, says cash and assets worth more than $700 million were recovered from suspects between May 2003 and June 2004. More than 500 suspects have been arrested, more than 100 cases are before the courts and 500 others are under investigation, he said.

The agency won its first big court victory in May when Mike Amadi was sentenced to 16 years in prison for setting up a Web site that offered juicy but phoney procurement contracts. Amadi cheekily posed as Ribadu himself and used the agency's name. He was caught by an undercover agent posing as an Italian businessman.

This month the biggest international scam of all — though not one involving the Internet — ended in court convictions. Amaka Anajemba was sentenced to 2 1/2 years in prison and ordered to return $25.5 million of the $242 million she helped to steal from a Brazilian bank.

The trial of four co-defendants is to start in September.

Why Nigeria? There are many theories. The nation of 130 million, Africa's most populous, is well educated, and English, the lingua franca of the scam industry, is the official language. Nigeria bursts with talent, from former NBA star Hakeem Olajuwon to Nobel literature laureate Wole Soyinka.

But with
World Bank studies showing a quarter of urban college graduates are unemployed, crime offers tempting career opportunities — in drug dealing, immigrant-trafficking, oil-smuggling, and Internet fraud.

The scammers thrived during oil-rich Nigeria's 15 years of brutal and corrupt military rule, and democracy was restored only six years ago.

"We reached a point when law enforcement and regulatory agencies seemed nonexistent. But the stance of the present administration has started changing that," said Ribadu, the scam-busting chief.

President Olusegun Obasanjo is winning U.S. praise for his crackdown. Interpol, the
FBI and other Western law enforcement agencies have stepped in to help, says police spokesman Emmanuel Ighodalo, and Nigerian police have received equipment and Western training in combating Internet crime and money-laundering.

Experts say Nigerian scams continue to flood e-mail systems, though many are being blocked by spam filters that get smarter and more aggressive. America Online Inc. Nicholas Graham says Nigerian messages lack the telltale signs of other spam — such as embedded Web links — but its filters are able to be alert to suspect mail coming from a specific range of Internet addresses.

Also, the scams have a limited shelf life.

In the con that Internet users are probably most familiar with, the e-mailer poses as a corrupt official looking for help in smuggling a fortune to a foreign bank account. E-mail or fax recipients are told that if they provide their banking and personal details and deposit certain sums of money, they'll get a cut of the loot.

But there are other scams, like the fake lotteries.

Kele B., who won't give his surname, says he couldn't find work after finishing high school in 2000 in the southeastern city of Owerri, so he drifted with friends to Lagos, where he tried his hand at boxing.

Then he discovered the Web.

Now he spends his mornings in Internet cafes on secondhand computers with aged screens, waiting "to see if my trap caught something," he says.

Elekwa, a chubby-faced 28-year-old who also keeps his surname to himself, shows up in Festac Town driving a Lexus and telling how he was jobless for two years despite having a diploma in computer science.

His break came four years ago when the chief of a fraud gang saw him solve what seemed like "a complex computer problem" at a business center in the southeastern city of Umuahia and lured him to Lagos.

He won't talk about his scams, only about their fruits: "Now I have three cars, I have two houses and I'm not looking for a job anymore."

August 6, 2005 at 01:57 PM in Online crime | Permalink | TrackBack (82) | Top of page | Blog Home

July 30, 2005

Elderly Americans lose millions to Internet scams

Elderly Americans lose millions to Internet scams - Yahoo! News

hu Jul 28,10:09 AM ET

WASHINGTON (Reuters) - Scams involving Internet auctions, as well as identity theft, lotteries, prizes and sweepstakes, top the list of fraud complaints by older Americans, who lost $152 million to con artists last year, U.S. officials told a Senate panel on Wednesday.

Internet-based scams are growing and now account for about 41 percent of fraud complaints the Federal Trade Commission receives from people over 50, Lois Greisman of the FTC's consumer protection division told the Senate Committee on Aging.

"This figure is all the more dramatic when one considers that Internet-related fraud represented only 33 percent of all fraud complaints from this age group in 2002," she said.

Older consumers reported being defrauded of more than $43 million last year through Internet scams, with on-line auctions topping the complaint list, she said.

But more old-fashioned scams continue to take their toll. Lottery and sweepstakes frauds, in which victims are asked to pay "taxes" or other fees to claim prizes, cost older Americans $35 million last year, Greisman said. People over 70 are particular targets of that kind of scam, she added.

Another popular scam involves fake credit card protection or discount drug services, she said. Others involve scam artists saying they need bank account information for
Social Security or Medicare benefits.

"What is most disturbing is that these scams routinely top the FTC's annual list of consumer frauds in the nation," said Sen. Gordon Smith (news, bio, voting record), an Oregon Republican who chairs the Senate Aging Committee. "It seems that even though we are aware of their use, scam artists remain successful in pitching old scams to new victims, perpetuating a cycle of victimization."

Anthony Pratkanis, a psychology professor at the University of California who has been on a team of researchers examining elderly fraud, said con artists steal using the weapon of "social influence" to create a sense of trust rather than a gun or knife.

Research shows that not just the "frail and lonely" fall victim to scams, he said. Active people who are leaders in their communities can also fall prey.

"We find that con criminals profile their victims' psychological and other characteristics to find their Achilles' heel ... to construct the exact pitch that is likely to be most effective," he said.

In one example, con artists told a potential victim that to ask questions or hang up the phone while they were trying to verify account information was against the law.

Pratkanis said his research group was developing tools to help the elderly defend themselves against fraudulent pitches.

U.S. Postal Service inspector Zane Hill said scam artists know that many elderly people feel isolated and a telephone call from anyone is welcomed.

"Experienced con artists understand elderly citizens' vulnerabilities and know what buttons to push when they have them on the telephone," he said. ((CONGRESS-SCAMS, editing by Americas Desk; Washington Newsroom, 202 898 8300)

July 30, 2005 at 08:36 PM in Online crime | Permalink | TrackBack (18) | Top of page | Blog Home

July 21, 2005

The bombers' money trail

BBC NEWS | Business | The bombers' money trail

By Jeremy Scott-Joynt
BBC News business reporter

Credit card
Changes in spending could help track the bombers' supporters

The identities of the four London bombers are now known.

But now comes the even harder part: trying to identify those who were responsible for sending them on their murderous mission.

According to Metropolitan Police anti-terrorist branch chief Peter Clarke, all the exhaustive work to date is just the start of the long task of identifying those responsible for sending the four to London.

"There are a number of things we need to establish," he told reporters. "Who supported them? Who financed them? Who trained them? Who encouraged them?"

Where to start?

Of these questions, the second could well prove to be the key to cracking the network open.

No-one can exist in the UK in the long term without leaving some kind of a financial trace behind.

Because of this, the fact that the bombers were British - however disturbing it may be - could at least make following the money a little easier, experts say.

One such is Dennis Lormel, who retired from the FBI in 2004 after almost three decades at the agency and is now a senior vice-president at Corporate Risk International in the US.

You build as comprehensive a financial profile as possible, and take it back as far as you can
Dennis Lormel, former head of the FBI's Terrorist Finance Operations Section

After years as a money laundering specialist he was the man who, on 12 September 2001, was charged with setting up the FBI's Terrorist Finance Operations Section to conduct the investigation into the finances of the 9/11 attackers.

"The first priority is the concern of whether there are going to be secondary attacks," he says.

That, he argues, is where financial investigations come into their own - particularly when you can start with known individuals.

"You build as comprehensive a financial profile as possible, and take it back as far as you can. Then connect it to communication records and so on, and you can put together a chronology.

"Between phones and finances, you'll see a lot of links to other people."

Among the raw data will be bank account details, credit card transactions - at least one of the bombers is believed to have been involved with credit card fraud, a common feature in recent bombings - corporate registry and charity records, as well as data from electoral rolls and police records.

And from that will emerge a spider's web of connections between the bombers on the one hand and people who have financed, supported or trained them on the other, generating a whole new set of leads for traditional investigations to take forward.

Some of what comes out of such an investigation will be innocent, Mr Lormel acknowledges. "But there should be enough intersects with those people who may be involved that something's going to stand out."

Focus on finance

On several occasions in the UK recently, this kind of probe has been the factor which has moved a suspect from being overlooked as a casual acquaintance to becoming a focus for the security services.

Plastic sheeting around the wreckage of the destroyed bus near Russell Square
Financial evidence is just as important as physical evidence

Following the money is now a priority and is the responsibility of the UK's National Terrorist Finance Investigative Unit (NTFIU).

Set up after 9/11 within Special Branch, the arm of the police which works most closely with MI5 on security matters, the NTFIU is now the branch's fastest-growing unit.

It has been feverishly training financial investigators: those with the skills to pore over bank statements, corporate or charity accounts, ATM records and put them side by side with other information to draw up a "financial footprint" of their targets.

Increasingly, it has looked outside the police, bringing in people from the private sector to buttress the traditional investigative skills it already has.

All hands on deck

And elsewhere in law enforcement, it seems likely that the National Criminal Intelligence Service (NCIS), too, has thrown its staff into the hunt for the funding behind the bombers.

The NCIS has a small terrorist finance team, which develops intelligence for the NTFIU to exploit.

Far more numerous are its regular financial intelligence staff. They are responsible for the thousands of reports from banks, building societies, accountants, lawyers and even estate agents and casinos which are filed each week, warning of potentially suspicious transactions.

But on the day of the London bombings, the organisation's website carried a warning that NCIS Financial Intelligence was "redirecting many of its staff to other essential duties".

Some may have been put straight onto the investigation; others are believed to be digging through NCIS' huge backlog of suspicious activity reports (SARs) to check that nothing was missed.

"They'll have been told: we've got this huge stack of stuff," says Nick Kochan, author of several books on money laundering and terrorist finance.

"We can't be caught out if there's the slightest hint of a lead in there."

For Dennis Lormel, NCIS is simply doing what he would do.

"For at least the initial time, you are going to want to put every asset you have to contributing to the analytical product," he says.

Many of the records which need to be examined are on paper, or in incompatible formats. "It all needs to be put into databases - then you can start drawing out the connections."

This is the first feature in a series of three on the money trail which could lead to the London bombers' supporters. The others are to be published later this week.

July 21, 2005 at 08:03 PM in Online crime | Permalink | TrackBack (42) | Top of page | Blog Home

July 06, 2005

Cybercrime follows the money, study says

TheStar.com - Cybercrime follows the money, study says

Crooks attracted by online transactions

RACHEL ROSS
TECHNOLOGY REPORTER

Online crime isn't child's play anymore. Experts say it's now the work of sophisticated criminals.

A report on the evolution of cybercrime released yesterday by the anti-virus software company McAfee Inc. found that increasingly, Internet crooks are highly knowledgeable programmers out for money, not fame.

They are lured, experts say, by the increase in online transactions.

"As the money goes, the criminals will follow," said James Lewis, author of the report and director of the technology and public policy program at the Centre for Strategic and International Studies in Washington, D.C.

The report was largely a summary of trends in online crime over the last decade.

Five years ago, corporations feared teenage hackers who would break into and deface websites purely for bragging rights.

"The goal really wasn't financial. It was social," Lewis said.

Many hackers have recently come to realize that they can make money off their skills, often by hiring themselves out.

"They are essentially guns for hire," said Jimmy Kuo, a McAfee fellow who works with the company's Anti-Virus Response Team (AVERT) in Los Angeles, Calif.

They might take a job from a fellow criminal to infect 1,000 machines with software called a bot, Kuo said. Once infected, the bot can be used to launch attacks against other computers.

The computers controlled by the hacker are often referred to as zombie machines, because they do the hacker's bidding automatically.

The owner of the computer often doesn't even know his machine is being used for criminal purposes.

Kuo said the amount of malicious software (a.k.a. malware) released has increased substantially as well.

Two years ago, AVERT received 300 new malicious programs per month. Today, the team sees 2,000 a month.

"Somewhere between 80 and 90 per cent of malware today is written for profit," he said. "Most are bots."

According to the report, some hackers rent out their network of infected computers for as much as $300 an hour.

Lewis said hackers differ from traditional members of organized crime groups because they typically come together only as needed in informal, amorphous communities that lack a geographic centre. In some ways, these hacker groups have more of an impact than traditional organized criminals, Lewis said, because they have such a negative effect on consumer confidence in online shopping.

Mobile devices such as cell phones will become a bigger target for hackers as consumers start using their phones as tools for shopping and banking.

People who make phone calls online using Voice over Internet Protocol should also be wary, as those conversations are not encrypted and consequently would be relatively easy to tap, Lewis said.

Jack Sebbag, vice president and general manager of McAfee Inc. in Canada, reiterated his message at yesterday's press conference that consumers need more than just antivirus software to stay safe.

Consumers should consider buying software to thwart spyware: malicious programs that secretly infiltrate computers and send information about the user — including passwords they use online — to a hacker.

Consumers also need to stay alert to possible phishing scams, which are on the rise and becoming increasingly crafty, where crooks pose as financial institutions and ask for account information.

"Banking passwords should never be shared," Sebbag said.

July 6, 2005 at 07:16 AM in Online crime | Permalink | TrackBack (18) | Top of page | Blog Home

March 17, 2005

Report of the UKERNA Computer Security � Protecting Computers conference held at the Royal Geographical Society, London on 22 November 2000

Minutes of a meeting of the Security Liaison Group, held in Room 115 of Claremont Tower, Newcastle University on Wednesday 24 November 1999

An audience derived from many academic institutions in the United Kingdom and Ireland attended the conference. In spite of the travel difficulties both on land and in the air (Heathrow being fogbound) over 100 attendees were present. This delayed the start, which meant the introductory welcomes were cut short, without affecting the timing of the actual talks.

Report of the UKERNA Computer Security � Protecting Computers conference held at the Royal Geographical Society, London on 22 November 2000

What is the Threat by Darren Watts, DERA � an interesting talk, which at times more resembled a salesman at the Quayside Market on a Sunday than an exposition on security threats. His main thrust was to make sure in looking at security issues we look at the whole picture, taking in a holistic view of the threat. He advocated (being from DERA � Defence Evaluation and Research Agency) the need for an in-depth study of the issues whilst co-operating with other bodies in a common defence against attack. A network attach requires the handling of three distinct phases �

o Reconnaissance
o The actual attack
o Comprehending the affects of the attack

Ideally any attack should be detected soon as possible. Co-operation allows the spotting of a given attack on a site being part of a more global attack on an agency. The examples of the solar sunrise and moonlight maze attacks on the US defence network were cited. These had been preceded by attacks on various institutions to provide camouflaged launch pads for the main attack. He felt that the UK Academic Community was a primary source for such launch pads, with their open networks running a large number of systems, a number of which were not tightly screwed down with the latest security updates.

Security for Unix Systems by Andrew Cormack, UKERNA � This was an interesting presentation as the speaker showed how an off the shelf linux system could be hardened in a relatively small umber of steps to make the system less vulnerable to attack from a hostile source. He advocated the basic principles for configuring any system of-

o Run only what was needed
o Configure those services securely
o Restrict Access and privilege

o Only then should the system be connected to the network

A example of how to configure a linux Web Server was shown � disabling unwanted start-up scripts, wrapping and enabling services, verifying that the relevant daemons are the latest version from the relevant supplier etc. This was a well thought out presentation and a similar exercise may well be useful on campus, showing system administrators a series of easily followed steps to make their systems more secure. This would be a move towards a preventative approach for campus security rather than the current largely curative measures.

Securing NT4 � by Alan Hood, DERA � The speaker tried to follow a similar approach to Andrew Cormack, using NT4 as a platform. Maybe he was trying to cover a wider set of problems, but the use of a poor visual display diluted the impact of his talk. There is clearly a need for a similar set of hardening steps for NT4 (along with other Microsoft Operating Systems). The talk covered the following dangers-

o Using bootable floppy drives to modify files on the hard disk
o SMB password vulnerabilities
o Registry weaknesses
o Port 139 information gleaning
o Dangerous utilities, including the NT resource kit tools
o Trojans and Backdoors

IP Filtering � George Ross, Edinburgh University � The speaker presented the benefits and disadvantages of the use of the TCP wrapper and the use of IP Filters/Chains in protecting networked systems. He outlined how filtering was used to improve system protection, with minimal (claimed) impact on system performance. The system was now in production use, having overcome initial sceptical user reaction. The speaker felt that wrappers and filters were largely exclusive tools, and that their combined use would increase a site�s security protection. Neither tool though gives any protection when access is gained to a vulnerable daemon on a given system.

Detecting intrusions � Andrew Blyth, Glamorgan � The final talks was perhaps surprisingly the most informative of the day. The speaker outlined how he was using the "snort" Intrusion Detection System to monitor network activity on both Unix and Microsoft OS platforms. The package is available for a number of operating systems and has an active user community, which is coming up with new signature files to detect newer types of probes as the hackers start using such probes. The package (which is freeware) can also handle logging to a number of different logging systems.

The speaker shows a log of the system running on his office PC, which highlighted the varied nature of campus wide probes. His system is an office PC, which provides no services as such either on of off campus. He quoted a probe that snort had detected as sourcing from Estonia. He had contacted the Estonian CERT and received a response the next day indicating that the offending system had been taken off the network and that the operator was now in police custody!

Michael Ellison

28th November 2000

March 17, 2005 at 08:07 AM in Online crime | Permalink | TrackBack (15) | Top of page | Blog Home

Moonlight Maze

The Moonlight Maze of secret cyberwar gossip.

As we approach the end of 1999, dear reader, you cannot help but notice that secret cyberwars aimed at the Pentagon seem to be occurring every day. Although the average citizen sees no trace or serious bad effect from them, they are there, claim our national security mandarins.

Russian hackers, Chinese hackers, French hackers -- all are or could be in merciless combat against the electronic forces of the Pentagon, looting ill-defined precious national secrets from under the noses of our guardians.

And the loud trumpet of terror this month is Moonlight Maze.

But first, we'll go back a bit in time, to the first quarter of 1999, to see how it started.

In the first half of March, Deputy Secretary of Defense John Hamre claimed the United States was in a cyberwar -- under attack by hackers.

In a story in the March 1 issue of Defense Week, reporters John Donnelly and Vince Crawley wrote that John Hamre had revealed to Congressman Curt Weldon the "details" of an on-going cyberattack.

"We are at war right now. We are in a cyberwar," John Hamre was said to have claimed. The secret cyberwar was dubbed Moonlight Maze.

Although information was vague then, as it is now, the activity which caused the Pentagon reaction was a slow, extended series of probes seemingly aimed at an Air Force Information Warfare Center (AFIWC) server in San Antonio, Texas. AFIWC -- like most military sites -- is a high profile target for hackers, mostly because of the continuing publicity surrounding the agency's efforts in information warfare.

In addition, the alarms appeared very similar in nature to warning announcements made by SHADOW, a somewhat publicity hungry Navy computer security operation with a fancy acronym in Dahlgren, Virginia, in September of 1998. SHADOW's leader at the time, computer security administrator Stephen Northcutt, has since been associated with the private sector and appears from time to time to announce the approach of various Net menaces. (Most recently Northcutt has appeared as a pitchman for a computer security company's services in detecting boobytrapped software allegedly installed by programmers and the enemies of democracy under the cover of Y2K remediation. The cynics among the readership may notice four similar characteristics between Moonlight Maze and the dread menace of Y2K programmers sapping and impurifying our bodily fluids with software boobytraps: (1) unknown foreigners -- usually ex- or unreconstructed commies -- are involved; (2) more anonymous sources than you can shake a stick at; (3) Congressional hearings which say nothing; (4) shills for computer security vendors employing both as advertisements.)

All of this information on Moonlight Maze was in the public domain by the end of the first quarter of 1999.

Seeing potential enemies everywhere in cyberspace, Hamre also turned the glare of the professional paranoid on his own: "We are increasingly concerned about those who have legitimate access to our networks -- the trusted insider," he said for Defense Week.

And in a gesture that resembled the rumblings of the "Un-American Activities" hysteria of the Fifties, when citizens were asked to staunchly proclaim that were loyal to America, Hamre said he was now instituting "an oral attestation" in which DoD people who have access to Top Secret material or compartments affirm "they will conform to the conditions and responsibilities imposed by that access."

David Kennedy of the International Computer Security Association reflected in a memo to Crypt News, "[Some] details seem to be ignored in all the [current] 'Pentagon Hacks' reporting:"

"[Detection of an attack] is a function of one's ability to observe. [The Pentagon] has dramatically improved its ID capabilities and [it is] now able to observe what was in all likelihood, already there."

"Finally, for two years running Deputy Secretary Hamre has made dramatic announcements of the Pentagon being under attack just as budget submissions are going in," wrote Kennedy. "Last year it was Feb 25, 1998 -- three teenagers and 'the most organized and systematic' attack DoD had seen."

"So far, none of the [mainstream] reports I've seen have considered the possibility DoD is social engineering the Congress, media and public to bolster their Fiscal Year 2000 budget request."

(Note: Coincidentally, on October 8 the Pentagon ran a dog-and-pony show in Norfolk, Virginia, in which a number of DoD bigwigs including the chairman of the Joint Chiefs of Staff and Secretary of Defense William Cohen ballyhooed the opening of a new US military center for "cyberwar" to be headquartered at Colorado Springs. "To combat the expanding threat of cyberwarfare, the Pentagon established a new center on Thursday to defend the United States from hackers and to plot ways to attack an enemy's computer network," read one account of it which ran in the New York Times. "In future wars, U.S. cyberwarriors will try to disable air defense systems, upset logistics and infect software [with computer viruses] . . . according to [an anonymous] Pentagon official.")

After a spate of news stories piggybacking on the Defense News revelations in March of this year, Moonlight Maze died away for awhile.

Then, in a London Sunday Times piece published on July 25, Hamre's "we're in a cyberwar" quote was resurrected once again to ring the bell for "electronic Pearl Harbor" in a story that implied Russian hackers were stealing US information treasure via the Internet.

Entitled "Russian Hackers Steal US Weapons Secrets," the article breathlessly proclaimed: "The intelligence heist, that could cause damage to America in excess of that caused by Chinese espionage in nuclear laboratories, involved computer hacking over the past six months."

However, it was apparent even then that a significant part of the US military devoted to computer security operations was either ignorant of the Moonlight Maze secret "cyberwar" or not particularly interested in it.

In an article that ran in Defense Daily, a trade publication, two days after the London Sunday Times piece, Navy Captain Bob West, deputy commander of the Pentagon's Joint Task Force on Computer Network Defense said: "The odds of the U.S. being attacked on line by a foreign nation state in some kind of cyberwar in the near future are probably pretty low."

The Sunday Times story was pumped up by a great deal of anonymous government and military sources uttering baleful warnings. It maintained: "Besides military computer systems, private research and development institutes have been plundered in the same operation. Such institutes are reluctant to discuss losses, which experts claim may amount to hundreds of millions of dollars."

The London Sunday Times wrote that secret documents had been stolen but that the US military could not determine what was in them or which ones, precisely, had been stolen -- which would seem to constitute a somewhat ludicrous contradiction in terms.

Further, this information -- claimed the Times -- had been revealed at a private computer security conference by an employee of the Space and Naval Warfare Systems Command (SPAWAR).

The Times article speculated that either Russia or China could be behind the "cyberwar" that only the Pentagon can see because: ". . . Russia's relations with America have reached their lowest ebb since the cold war because of NATO's intervention in Yugoslavia. Relations with China have also suffered. An offensive in cyberspace may be their one way of retaliating without getting into a shooting war."

The London paper also speculated that Russian organized crime might be behind Moonlight Maze, and that: "China, Libya and Iraq are developing information warfare capabilities and, according to one White House official, 'we see well-funded terrorist groups that also have such capabilities'."

The London Sunday Times piece set a hallmark by which subsequent stories in the US media on Moonlight Maze could be judged:

That is -- Moonlight Maze stories are recognizable by their almost complete reliance upon gossip and speculation; their complete lack of definition in the who, what and where categories; and a stupefying preponderance of anonymous sources from the Pentagon, intelligence agencies, and/or the private computer security industry speculating or expostulating for journalists.

Throughout the latter part of the summer, reporters from the mainstream media contacted Crypt Newsletter about Moonlight Maze. The story had taken on a life of its own even though there was a complete lack of substantive evidence to go by. It was clear that Moonlight Maze was going to enjoy a second lifetime in the news and, indeed, a media cascade resulted in the second week of October, mostly built upon a wave of copycat reporting and inconclusive statements about the affair made in a Congressional hearing that week.

All of the reporters contacting Crypt Newsletter for comment had one thing in common.

They were all working from the exact same script. In addition to being inspired by the London Sunday Times piece, they all said or wrote that one "anonymous" source in "the Pentagon" was telling them that "Russian hackers" working off of the "Russian Academy of Sciences'" Internet domain were "involved."

This being the case, one could not totally rule out the possibility that someone within, connected to or formerly connected with the Pentagon or Department of Defense was attempting to pump this story into the mainstream U.S. media for the usual "cyber-scare" purposes.

On September 13, Newsweek's Gregory Vistica "We're In The Middle Of A Cyberwar" rolled out the old quote attributed to Hamre from the first quarter of the year.

Vistica's article reported nothing new from the London Sunday Times, but did republish, unattributed, much of its quote, tone and phraseology.

"Russian hackers may have pulled off what could be the most damaging breach ever of U.S. computer security . . ." writes Vistica.

"This was, Pentagon officials [anonymous, of course] say flatly, 'a state-sponsored Russian intelligence effort to get U.S. technology' -- as far as is known, the first such attempt ever by Russia," wrote Newsweek.

In response to the growing media hubbub created by Vistica's article, Michael Vatis, the head of the National Infrastructure Protection Center, was questioned about it in a Congressional subcommittee meeting on technology and terrorism on Wednesday, October 8.

Articles immediately resulted from the New York Times, the Los Angeles Times and Reuters. None reported anything that hadn't been written about from earlier in the year. All repeated the same nebulous quote. All, to varying degrees, attempted to make the case that Moonlight Maze had resulted in the loss of unspecified national security treasure to unspecified parties.

On October 6, "Cyber Blitz Traced To Russia, FBI Says," was a story issued by Reuters.

"A major effort to pierce U.S. government and private-sector computer networks seems to have originated in Russia, a top U.S. law-enforcement officer told Congress Wednesday," wrote Reuters.

In Moonlight Maze, Vatis said intruders had stolen ``unclassified but still-sensitive information about essentially defense technical research matters.''

This was a quote, the substance of which would be repeated in every subsequent story on Moonlight Maze.

``About the furthest I can go is to say the intrusions appear to originate in Russia,'' Vatis said.

A Pentagon public relations officer "said the Defense Department knew of no classified information that had been jeopardized in the Moonlight Maze intrusions."

On October 7, the New York Times checked in with a story entitled "Computer Intruders Apparently From Russia, Senate Panel Is Told."

"Intruders who stole sensitive information on Defense Department weapons during a widespread series of attacks on government and private computer networks are apparently based in Russia, an FBI official told a Congressional panel . . ." wrote the Times, referring to NIPC's Michael Vatis.

Lost in much of the overheated coverage on Moonlight Maze was Vatis testimony before Congress that most computer security breakdowns can be traced to insiders.

"Senator Robert F. Bennett, a Utah Republican who is chairman of a special Senate committee that is overseeing Year 2000 efforts . . . [said] 'The challenge of information warfare will be the No. 1 security issue for the next administration," wrote the Times.

Bennett, wrote the Times, proposed an "electronic FEMA" to combat cyberterror.

This was completely unremarkable. Over the years, stories about secret cyberwars and hackers plundering our national treasure tend to be chock full of suggestions for creating new law enforcement or military agencies designed to protect us from them.

Also on October 7, the Los Angeles Times filed a front page story entitled "Yearlong Hacker Attack Nets Sensitive US Data."

The LA Times' story, while lengthy, was par for the course in that it produced no new information on Moonlight Maze.

It did state, however, that Wednesday marked "the first public confirmation of Moonlight Maze." This was, as we have read, flat-out wrong.

The Los Angeles Times article was, however, quite notable for its excessive reliance on anonymous sources passing on innuendo, speculation, hypotheses and half-baked theories on the matter.

Some excerpts:

" . . . circumstantial evidence points heavily toward a Russia-based intelligence gathering operation, officials said."

"'There are strong indications and it's our belief, that it's coming from Russia and that it may be a sponsored activity,' a senior Energy Department official said."

"Another computer security expert called Moonlight Maze 'the longest-running and most widespread attack we've seen. It's not been stopped . . . It's not even clear why. But the consequences are potentially huge."

"One US intelligence veteran, now a Senate staff member, said that the Internet has created huge new opportunities, as well as frightening vulnerabilities, for spy agencies around the world. 'Think of it . . . You can sit anywhere in the world now and run a spy operation.'"

"A senior White House official said that the evidence so clearly points to Russia that it almost seems like a deliberate diversion."

"Other intelligence experts argued that skilled hackers hired by Russian organized crime elements may be probing for commercially valuable information."

"Some experts suggested that France, a longtime proponent of economic espionage, may be the ultimate customer. That theory also remains unproved, however . . . "

Which would seem indisputable.

Crypt Newsletter asks the reader to pose these questions: Why are all the "sources" on Moonlight Maze anonymous? Why does the mainstream media persist in giving them a free ride? Why cannot anyone say what, precisely, has been stolen? Since when does a theory or hypothesis about unknown "hackers" constitute evidence of what is happening? Why can it not be said precisely what national security interests have been damaged, if this is so serious? And why has this news story been repeated from March in the year with no substantial addition of information?

There has been one doubting Thomas in the media with regard to Moonlight Maze.

On September 27, 1999, Federal Computer Week published a story on "Moonlight Maze" by reporter Dan Verton. Entitled "Russia hacking stories refuted," the piece stated flatly, "DOD sources say U.S. military secrets were not compromised."

Bias disclosure: Crypt Newsletter was a quoted source in this article.

". . . Pentagon officials and security experts refute claims that the Russian government officially took part in a computer break-in that reportedly resulted in the theft of sensitive naval codes and missile-guidance data," wrote FCW.

". . . a DOD spokesperson called recent media coverage of [Moonlight Maze] 'a combination of outright fabrications, distortions and incorrect quotations,' adding that military secrets were not compromised."

One of the anonymous sources peddling the story of Moonlight Maze through the summer, "who works for a major Internet domain registration firm, said he found copies of DOD duty rosters, network maps and photographs of DOD facilities residing on servers belonging to [the alleged attackers]," wrote FCW.

"As far as the pictures of DOD facilities and other materials that sources claim to have found on Russian systems, [Crypt Newsletter] said that type of material can be found in many places on the Internet."

" 'Portions of DOD are prone to yell cyberwar at just about any potential misuse of cyberspace,'" CN added.

A sampling of the incongruity in reporting on Moonlight Maze:

From Newsweek reporter Greg Vistica: "This was, Pentagon officials say flatly, 'a state-sponsored Russian intelligence effort to get U.S. technology' -- as far as is known, the first such attempt ever by Russia."

From Federal Computer Week: ". . . Pentagon officials and security experts refute claims that the Russian government officially took part in a computer break-in that reportedly resulted in the theft of sensitive naval codes and missile-guidance data."

From Federal Computer Week: ". . . a DOD spokesperson called recent media coverage of [Moonlight Maze] 'a combination of outright fabrications, distortions and incorrect quotations,' adding that military secrets were not compromised."

From the London Sunday Times:

"The intelligence heist . . . that could cause damage to America in excess of that caused by Chinese espionage in nuclear laboratories, involved computer hacking over the past six months."

From Reuters: ". . . the Defense Department knew of no classified information that had been jeopardized in the Moonlight Maze intrusions."

From The LA Times: "'There are strong indications and it's our belief, that it's coming from Russia and that it may be a sponsored activity,' a senior Energy Department official said."

Also from The LA Times: Some experts suggested that France, a longtime proponent of economic espionage, may be the ultimate customer."

From the London Sunday Times: "The computer assaults have given fresh impetus to measures ordered by [President] Clinton more than a year ago to protect the country's electronic infrastructure. Alerted to the threat of Moonlight Maze, the president has called for an extra $600 [million] to help fund a variety of initiatives, including [boosted investment in the National Infrastructure Protection Center] . . ."

Other relevant links. No -- you are not seeing double when you read them. The previous analysis was excerpted from Crypt Newsletter reports over the last nine months. Caution: May be annoying to national security mandarins, Congressional fear-mongers and computer security industry marketing types.

The genesis of Moonlight Maze: Read about how Pentagon info-warriors claimed we were in the secret cyberwar earlier this year.

The big Kahuna of "electronic Pearl Harbor" reportage: Crypt Newsletter's archive of media excerpts on the topic.

NIPC analyst sees foreign programmers polluting our precious bodily fluids in assorted Y2K plots aimed at subverting computer software.

The men who started Moonlight Maze in the press: The Pentagon's John Hamre and politician Curt Weldon.

Solar Sunrise: Read about how Pentagon info-warriors claimed we were in yet another secret cyberwar last year, too.

Read about how the Army wishes to disconnect from the Internet because of the danger of secret cyberwar.

Or read about Eligible Receiver.

London police foil huge bank raid

BBC NEWS | UK | London police foil huge bank raid

Police in London say they have foiled one of the biggest attempted bank thefts in Britain.

The plan was to steal �220m ($423m) from the London offices of the Japanese bank Sumitomo Mitsui.

Computer experts are believed to have tried to transfer the money electronically after hacking into the bank's systems.

A man has been arrested by police in Israel after the plot was uncovered by the National Hi-Tech Crime Unit.

Unit members worked closely with Israeli police.

The investigation was started last October after it was discovered that computer hackers had gained access to Sumitomo Mitsui bank's computer system in London.

They managed to infiltrate the system with keylogging software that would have enabled them to track every button pressed on computer keyboards.

Cyber warning

From that they could learn account numbers, passwords and other sensitive information.

Yeron Bolondi, 32, was seized in Israel after an attempt to transfer �13.9m into an account there.

He has been charged with money laundering and deception, but police say their investigation is continuing. His relationship with the gang who tried to break into the network is unknown.

They have issued a warning for banks and businesses to watch out for cyber criminals.

The National Hi-Tech Crime Unit was launched in April 2001 with responsibility for tracking down the growing range of criminals who operate in cyberspace.

Takashi Morita, head of communications at Sumitomo Mitsui in Tokyo, said the company had not suffered any financial loss as a consequence of the robbery attempt.

He said: "The case is still in the middle of investigation so we cannot comment further.

"We have undertaken various measures in terms of security and we have not suffered any financial damage."

March 17, 2005 at 07:53 AM in Online crime | Permalink | TrackBack (15) | Top of page | Blog Home

March 15, 2005

Dusting for digital fingerprints

Economist.com | REPORTS

Mar 10th 2005
From The Economist print edition
Forensic computing: As criminals and crime-fighters go digital, analysing clues from computers is a growing field

EVERY new technology leads to new forms of crime. As a Chicago policeman once put it: �No other section of the population avail themselves more readily and speedily of the latest triumphs of science than the criminal class.� He was speaking in 1888, about the electric telegraph. But he could just have easily been speaking about computers and networks today. As criminals adopt new technologies, crime-fighters must follow suit, devising new ways to gather and analyse evidence. In the case of modern digital technology, the result is the growing field of �forensic computing�.

The scope for using technology in criminal ways, and the complexities of catching people who do so, are illustrated by the case of a 42-year-old Maryland man who pleaded guilty last October to attempted extortion after sending threats and demands by e-mail, and was sentenced to 63 months in prison. For more than two years the man had sent sexually explicit e-mails to the clients of a patent firm using a forged e-mail address which made it appear as though the messages came from the company's own executives. Analysis of the company's computers ruled out the possibility of a malicious insider. Instead, further analysis of the e-mails revealed that they actually originated from multiple homes in a suburban area just outside of Washington, DC. The real culprit successfully created this confusion by driving around with a laptop and an antenna that could detect unsecured Wi-Fi wireless networks. Having found a network, he could then use it to send untraceable e-mails from his car.

The investigators used clinical psychologists to create a profile of the person behind the extortion attempts, and found that the home owners from whose networks the messages had originated did not match the profile. The man was also sending messages from several local university computer laboratories, using false or stolen accounts. The investigators responded to one of his messages, embedding tiny invisible graphics called �web bugs� in their replies in an attempt to determine the network address of the recipient's machine. But he spotted their ruse.

Finally, he issued a $17m extortion demand in an e-mail that contained personal details consistent with a primary suspect who had, by this time, been identified by the psychologists. The suspect was followed as he drove to one of the university computer laboratories from which incriminating e-mails had been sent. He was then arrested, and a search of his house produced evidence of his campaign against the patent firm, along with hand-grenade components and ingredients for the deadly toxin ricin.

This kind of computer-based investigative work, which involves tracing the digital footprints left by criminals on machines and networks, is becoming ever more important. In 1999, America's Federal Bureau of Investigation helped to launch the first Regional Computer Forensics Laboratory (RCFL) to support federal, state and local law-enforcement agencies. There are now six such labs across the country, and seven more will open by the end of this year. Last year the labs processed 107.9 terabytes of data, roughly equivalent to more than 4.5m boxes of paper filled with text. Douglas Schmidtknecht of the RCFL National Programme Office says the amount of data being analysed is growing exponentially.

While the public perception of computer crime is that it is carried out by malicious hackers and �script kiddies�, the greatest threat is often from within. �There's a huge rise in the number of cases of intellectual-property theft,� says Gordon Stevenson, managing director of Vogon International, a forensic-computing and data-recovery firm based in Bicester in England. Most of Vogon's forensic work involves conducting investigations for corporations that suspect employees of wrongdoing�and half of these cases concern intellectual-property theft. Mr Stevenson points out that employees can easily make copies of crucial data, from corporate databases to product blueprints. �They can e-mail it to themselves at home,� he says.

Tools of the trade

Forensic computing, like traditional forensic science, relies on a range of tools and techniques. Special software is used to gather evidence from storage devices and to apply cryptographic tags to verify that it has not been tampered with during the investigation. There are specialist search tools, e-mail scanning tools and disk-analysis tools; tools to gather information over a corporate network when investigating internal incidents; tools that monitor network traffic for suspicious behaviour; administrative tools to keep track of evidence from multiple cases, to plot events on timelines for analysis, and to generate reports. The leading vendor of forensic-computing tools is Guidance Software of Pasadena, California. Its EnCase software, which bundles together these sorts of features in various combinations, has 14,000 government and corporate users worldwide and is used by over 90% of America's law-enforcement agencies.

The first step in most investigations is to make a copy of the original evidence, typically by removing the hard disk from a computer and making a perfect copy of its contents without altering the original. To do this, the source disk is copied to a target disk using a tool known as a �write blocker� which only permits a one-way flow of information. The resulting stream of data can then be reconstructed into its original files (which are usually sprinkled in chunks across the disk) by consulting the disk's directory, a table that lists the locations of the constituent chunks of each file. Further analysis can reveal leftover chunks from deleted files, or previous versions of documents.

�Evidence can be gathered from hard disks, networks, and devices such as mobile phones.�

Similar tools are available to consumers to recover data from corrupted disks or �undelete� lost files. But forensic investigators can go one step further, using �spin stand testers��devices normally used by disk-drive manufacturers to test their products. These rely on the fact that modern disks generally store information in narrow, concentric circles on each disk, along a track about 400 nanometres (billionths of a metre) wide. Since the track is so narrow, new data do not always get written directly on top of old, slivers of which remain at the track's edges. By picking up this information, it is sometimes possible to reconstruct files that have been deleted or deliberately overwritten.

Network traffic can also be used as the basis of an investigation. Recording all the data flowing across a network is impractical, but it is possible to monitor patterns of traffic, types of traffic, attempts to access particular machines or parts of a network, and so on. So-called �intrusion-detection systems� do just that, sounding an alarm when something suspicious happens. The logs generated by such systems can therefore reveal telling details about network activity. Other network tools examine the contents of data packets zipping across the network, and record selected streams of data for subsequent playback and analysis. Such systems can capture e-mails to or from specified people, reconstruct instant-messaging conversations and even record and replay voice-over-internet phone calls.

As well as gathering evidence from hard disks and network traffic, investigators must also stay abreast of the rapid evolution of portable devices. Data can be copied on to a music player or keychain flash drive, or hidden on the memory card of a digital camera. These devices provide new sources of evidence, but also create new challenges for investigators, says Eoghan Casey of Stroz Friedberg LLC, a computer-security and forensic consultancy that took part in the investigation that followed the collapse of Enron, an energy company, in 2001. �The fact that many handhelds are connected to networks increases the amount of data they generate,� says Mr Casey, who also edits Digital Investigation, a quarterly journal.

Making the case

When presenting digital evidence in court, investigators must be able to demonstrate its integrity and provenance. �You don't just walk into the court and say �Here's a hard drive',� says Mark Pollitt, the former head of the FBI's RCFL network who is now an independent security consultant. As with physical evidence, which must be stored and handled appropriately, this can involve procedures (such as timestamping) to ensure that digital evidence has not been tampered with or mixed up. The need to take these extra steps has not discouraged people from introducing digital evidence. Mr Pollitt notes that five years ago, a motion for electronic discovery in a civil lawsuit was the exception rather than the rule. Now, he says, virtually every lawsuit involves this type of request.

A decade ago, companies offering forensic-computing and data-recovery services dealt mostly with government requests. But these days they are often called on directly by businesses and lawyers investigating intellectual-property theft or inappropriate use of corporate systems by insiders. A common complaint from specialist investigators in such cases, however, is that investigations by incompetent staff can contaminate the evidence. �What they don't realise is that they've muddied the water,� laments Nouman Mir, a forensic-computing specialist at Data Recovery UK, a British firm.

That companies are unaware how to handle digital evidence is not surprising, since such cases are generally hushed up. That, in turn, causes the scale of the problem to be underestimated. But there are ways around this. Britain's National High-Tech Crime Unit (NHTCU) lets companies provide details about security breaches in confidence. This contributed to a five-fold increase in the number of firms participating in the NHTCU survey last year, compared with 2003. Better data, ever more elaborate tools and greater awareness will be needed if the crime-fighters are to keep up with the criminals.

March 15, 2005 at 09:31 PM in Online crime | Permalink | TrackBack (27) | Top of page | Blog Home

February 06, 2005

FBI Unable to Launch New Computer Program -Audit

Yahoo! News - FBI Unable to Launch New Computer Program -Audit

By Deborah Charles

WASHINGTON (Reuters) - The FBI (news - web sites) has squandered $170 million on a failed computer system agents can use to instantly share information, and seems to know neither how long it will take nor how much it will cost to build one, a Justice Department (news - web sites) audit showed on Thursday.

In a harsh criticism of the FBI's efforts to fix a shortfall identified after the Sept. 11, 2001, attacks, Inspector General Glenn Fine said the bureau still relies on an antiquated case-filing system that hampers agents' ability to properly do their jobs.

"After more than three years, multiple missed deadlines, and a price tag of $170 million, the FBI still does not have an investigative case management system to replace the antiquated ... system," Fine said in a statement to the Senate Appropriations Committee submitted along with his report.

"Further, we are not confident that the FBI has a firm sense of how much longer and how much more it will cost to develop and deploy a usable system," he said.

Parts of the audit were reported last month and the FBI acknowledged then that it might not be able to salvage the computer program.

In a hearing before the committee to discuss the problems with the program, FBI Director Robert Mueller said he was frustrated and disappointed with the delays. He took responsibility for some of the setbacks and for the bureau's failure to properly control the project.

Senators in the committee appeared exasperated with news that the program would likely be scrapped.

"I'm ready to tear out what little bit of hair I have left," said Sen. Patrick Leahy (news, bio, voting record), a Democrat from Vermont, who called the FBI's efforts to revamp its computer system a "train wreck in slow motion."

Failure of the Virtual Case File software is the latest glitch in the bureau's effort to overhaul its computer system -- one of Mueller's priorities in the agency's reorganization after the Sept. 11 hijackings.

FBI'S WORK AFFECTED

Fine said if the new software system -- which allows agents to directly input reports and share information instantly -- is not implemented, the FBI cannot do its job.

"In sum, we believe the FBI's ability to perform its important functions effectively, including counterterrorism, counterintelligence and criminal law enforcement, will be significantly affected by its ability to implement a modern case management system," Fine wrote in the report.

He said the FBI disagreed with his conclusion that there were national security implications if the FBI continued to rely on its old system.

Mueller said that, although the Virtual Case File appears likely to be scrapped, the FBI had made other substantial information technology improvements to help support its counterterrorism mission.

He said the pace of technological innovation had overtaken the FBI's original vision for the Virtual Case File software. The bureau will likely end up using commercially available programs to create a new automated case file system.

Mueller said the FBI hoped to recoup about $65.5 million in reusable services and equipment from the $170 million spent on the Virtual Case File, commissioned from Science Applications International Corp. of San Diego in 2001 but delayed repeatedly before being delivered in December 2004.

Mueller said Science Applications International was partially responsible for failing to deliver the system as promised. He said the Justice Department was looking into whether it could recover some of the funds paid to them.

February 6, 2005 at 01:34 AM in Online crime | Permalink | TrackBack (37) | Top of page | Blog Home

November 14, 2004

Greek, British Police Break Illegal Software Ring

Yahoo! News - Greek, British Police Break Illegal Software Ring

Fri Nov 12,10:43 AM ET
ATHENS (Reuters) - Greek and British police in a joint operation cracked a multi-million illegal software sales ring, arresting two people and seizing thousands of pirate high-tech software programs, Greek police said on Friday.

They said they had arrested a Greek citizen and a Briton who pirated and sold an expensive computer software program for the car and aeronautic industry, charging only about 700 euros.

"The copyrights to the program belong to a multinational software development company that lost $360 million because of the illegal distribution," police officials said in a statement.

They did not name the company involved but said the man and his British accomplice in London were selling the program to buyers through the Internet.

Police in Athens also found dozens of copies of the software as well as 7,000 CDs containing "every kind of program on the world market."

Officers also confiscated documents of bank accounts, orders, a computer and three hard drives.

November 14, 2004 at 10:50 AM in Online crime | Permalink | TrackBack (14) | Top of page | Blog Home

November 10, 2004

Cyber Crime Tools Could Serve Terrorists -FBI

Yahoo! News - Cyber Crime Tools Could Serve Terrorists -FBI

By Michael Christie

MIAMI (Reuters) - The hacking and identity theft tools now earning big money for mainly eastern European organized crime could be used by terrorists to attack the United States, an FBI (news - web sites) official said on Wednesday.

FBI Deputy Assistant Director Steve Martinez said cyber crime was no longer the domain of teenage geeks but had been taken over by sophisticated gangs.

"Tools and methods used by these increasingly skilled hackers could be employed to cripple our economy and attack our critical infrastructure as part of a terrorist plot," Martinez told a conference in Miami on Internet security.

People had to assume, he said, that terrorists would seek to hire hackers to "raise money, aid command and control, spread terrorist propaganda and recruit more into their ranks and, lastly and most ominously, attack at little risk."

The seminar in Miami, hosted by Florida International University, focused on the growing incidence of "phishing," in which hackers send computer users e-mails to convince them to enter financial data or passwords in fake Web sites.

Victims can compromise their credit cards, bank accounts and even their identities.

Martinez, acting head of the FBI's Cyber Division, said the agency had not seen traditional organized crime in the United States migrate to the Internet but that eastern European gangs had embraced cyber crime with enthusiasm.

"They're targeting your money, access to your personal information, identity. They're doing it on a massive scale. The price of a credit card number is dropping into the pennies now," he said.

The FBI was trying to convince foreign law enforcement agencies to crack down on the culprits, he said.

In many former Soviet republics, laws covering cyber crimes were inadequate and the U.S. Justice Department (news - web sites) was working with foreign governments to fill the legal gaps, he said.

In the meantime, he said the risk of cyber terrorism post-Sept. 11, 2001, should not be ignored.

The Internet could allow attackers to remain anonymous, to strike at multiple targets from a distance, and escape detection. Critical infrastructure such as water, power and transportation systems remained vulnerable, Martinez said.

"In the future cyber terrorism may become a viable option to traditional physical acts of violence," he said. "Terrorists have figured out that we have a technological soft underbelly."

November 10, 2004 at 10:57 PM in Online crime | Permalink | TrackBack (17) | Top of page | Blog Home

November 06, 2004

US Secret Service busts 28 ID fraudsters

SecurityFocus HOME News: US Secret Service busts 28 ID fraudsters

By John Leyden, The Register Oct 29 2004 7:59AM
Adblock
A US-led operation targeting ID fraud crooks has led to the arrest of 28 people across seven countries this week.

The arrests follow an undercover operation headed by US Secret Service agents that successful infiltrated gangs that traded sensitive personal information and tips on ID fraud and forgery through online groups called Shadowcrew, Carderplanet and Darkprofits. The organisations were described by the US Justice Department as running a "one-stop marketplace for identity theft".

Operation Firewall identified a group of suspects investigators reckon collectively stole over 1.7 million credit card numbers as well as forging driving licenses, birth certificates and passports. Losses to banks through credit card fraud because of the gang's activities are estimated at $4.3m. The suspects face identity theft, computer fraud, credit card fraud and conspiracy charges.

"These suspects targeted the sensitive and private information of ordinary citizens as well as the confidential and proprietary information of companies," said Secret Service director W Ralph Basham. He added that the early arrest of the suspects prevented losses that could have run into hundreds of millions of dollars.

Operation Firewall began in July 2003 as an investigation in access device fraud before expanding into an investigation of global credit card fraud and identity theft fraud. The US Secret Service singled out the UK's National Hi-Tech Crime Unit, the Royal Canadian Mounted Police and Europol for praise in supporting the investigation.

In a statement the US Secret Service said Operation Firewall had led to the arrest of suspects in "eight states and six foreign countries" this week. Which foreign countries isn't specified. But since US authorities worked with their counterparts in the UK, Canada, Bulgaria, Belarus, Poland, Sweden, Ukraine and the Netherlands we can deduce that the suspects came from one or other of those countries or the US. �

November 6, 2004 at 10:15 AM in Online crime | Permalink | TrackBack (7) | Top of page | Blog Home

Online fraud tutorials... from the Secret Service?

SecurityFocus HOME News: Online fraud tutorials... from the Secret Service?

By Kevin Poulsen, SecurityFocus Nov 5 2004 10:54AM
Adblock
Until Wednesday one of the best public sources of information on how to use a stolen credit card number, forge a drivers license, defeat a burglar alarm or silence a firearm was a website under the control of the U.S. Secret Service.

As a jaunty flourish in its high-profile roundup of fraudsters and forgers last Thursday, the agency took over Shadowcrew.com, a New Jersey-based online crime bazaar that sits at the center of the government's "Operation Firewall" investigation. Officials locked out the user accounts and swapped in a new front page featuring a Secret Service banner, an image of a prison cell, and a list of federal charges against some site members.

The new page struck the Shadowcrew tag line, "For Those Who Like to Play in the Shadows," and posted a new motto: "You Are No Longer Anonymous!!"

But even as media attention surrounding the busts drove a new and wider audience to Shadowcrew.com, the accumulated knowledge of Shadowcrew's denizens remained on public display on the site's message board, which was linked prominently from the substituted home page.

Among the content that was available on the now-government operated site: a tutorial on credit card fraud; a wiki that tracks which state I.D. cards are forgeable; a how-to on defeating passive infrared alarm sensors; and exchanges on such disparate matters as handgun silencers and polyester laminating films.

The U.S. government's unlikely embrace of the Information Wants to Be Free meme wasn't lost on Shadowcrew's former user base, busily regrouping on another underground site called Stealth Division. "Someone backup the sc database," one member urged. "There is a wealth of information there."

The message board remained accessible until Wednesday, when officials finally shut it down without comment. An archive of older material was still accessable Friday.

Secret Service deputy assistant director Bruce Townsend said Thursday he couldn't discuss the government's stewardship of Shadowcrew.com because it could expose investigative sources and methods.

Hardware, Drugs and Microsoft Certs
Gartner analyst John Pescatore, a former Secret Service agent, says the agency may have made the message board public to make a point.

"My informed speculation would be that they let this stay up, because in general, law enforcement doesn't think that this problem is being taken seriously enough," says Pescatore. "From their point of view it would be good to get the word out: look at this, this is really nasty stuff, and we better increase our enforcement budget to do something about it."

The exposed message board revealed Shadowcrew.com as a bustling marketplace of ideas and credit card numbers.

The 4,000 Shadowcrew members were participants in an underground economy capable of providing a dizzying array of illicit products and services. The most active commodities were "dumps" of credit card account data, fake physical cards to go with the dumps ($50 blank, $70 embossed, in bulk), and expertly forged identification to help pass the plastic at the local consumer electronics store. Credit reports, hacked online bank accounts, and names, birthdates and social security numbers of potential identity theft targets were also for sale in bulk.

Each product had its own specialists, and every vendor had to be reviewed by a trusted site member before they were allowed to sell. Disputes were handled judiciously, "rippers" selling bunk products quickly exposed and banned from the site. In one case a vendor who owed another member money was allowed to continue selling only on the condition that his future illicit earnings would be garnished until his debt was repaid..

Members of the community even traded in tangible items like ATM skimmers, prescription drugs, and cocaine, and services like DDoS for hire and malware customization. One well-reviewed vendor offered a test-taking service that promised to get customers technical certifications within days. He was permitted to vend after earning the reviewer a Microsoft MCP certification under an alias.

All that commerce came to an end last Thursday, when the Secret Service and the Justice Department announced 28 arrests around the world, and the indictment of nineteen Shadowcrew founders, moderators and members for trafficking in stolen identity information and documents, and stolen credit and debit card numbers. Shadowcrew allegedly moved at least 1.7 million stolen credit card numbers and caused total losses in excess of four million dollars.

November 6, 2004 at 10:14 AM in Online crime | Permalink | TrackBack (24) | Top of page | Blog Home

October 30, 2004

Secret Service Busts Internet Organized Crime Ring

Yahoo! News - Secret Service Busts Internet Organized Crime Ring

Fri Oct 29, 4:00 PM
Dan Verton, Computerworld

In what it called an "Information Age undercover investigation," the U.S. Secret Service announced the arrest of 28 people from eight states and six countries allegedly involved in a global organized cybercrime ring.

Charges filed against the suspects include identity theft, computer fraud, credit card fraud, and conspiracy.

The investigation, code-named Operation Firewall and announced Thursday, resulted in what the Secret Service described as a significant disruption of organized criminal activity online that was targeting the financial infrastructure of the United States. The suspects are alleged to have collectively trafficked in at least 1.7 million stolen credit card numbers.

Financial institutions have estimated their losses associated with the suspects targeted by the investigation to be more than $4.3 million.

"Led by the Secret Service Newark Field Office, investigators from nearly 30 domestic and foreign Secret Service offices and their global law enforcement counterparts have prevented potentially hundreds of millions of dollars in loss to the financial and hi-tech communities," said Secret Service Director W. Ralph Basham in a statement. "These suspects targeted the personal and financial information of ordinary citizens, as well as the confidential and proprietary information of companies engaged in e-commerce."
Multinational Cooperation

Operation Firewall began in July 2003 and quickly evolved into a transnational investigation of global credit card fraud and online identity theft. The underground criminal groups have been identified as Shadowcrew, Carderplanet, and Darkprofits. The organizations operated Web sites used to traffic counterfeit credit cards and false identification information and documents. The groups allegedly used the sites to share information on how to commit fraud and sold the stolen information and the tools needed to commit such crimes.

International law enforcement organizations that took part in the investigation and arrests included the United Kingdom's National Hi-Tech Crimes Unit, the Vancouver Police Department's Financial Crimes Section, the Royal Canadian Mounted Police, and Europol.

Officials in Bulgaria, Belarus, Poland, Sweden, the Netherlands, and Ukraine also were involved.

October 30, 2004 at 01:41 AM in Online crime | Permalink | TrackBack (6) | Top of page | Blog Home

October 09, 2004

FBI busts alleged DDoS Mafia

SecurityNewsPortal.com - Latest Breaking Security, Hacking and Virus News

Feds calling it the first criminal case to arise from a DDoS-for-hire scheme
08-27-2004 09:57:31 AM CST -- By Kevin Poulsen, SecurityFocus

A Massachusetts businessman allegedly paid members of the computer underground to launch organized, crippling distributed denial of service (DDoS) attacks against three of his competitors, in what federal officials are calling the first criminal case to arise from a DDoS-for-hire scheme. Jay Echouafni, 37, is a fugitive from a five-count federal indictment in Los Angeles charging him with aiding and abetting computer intrusion and with conspiracy. As CEO of the online satellite TV retailer Orbit Communication Corp., Echouafni allegedly paid a business associate to recruit members of the computer underground to cripple three online stores, resulting in long periods of downtime and an estimated $2 million in losses to the businesses and their service providers. Paul Ashley, 30, of Powell, Ohio, is named in a separate criminal complaint as Echouafni's go-between in arranging two of the attacks. Ashley was the network administrator of the Web and IRC hosting company CIT/FooNet, run from his home, which was shuttered sometime after being raided by the FBI last February. Three other Americans and one U.K. citizen are charged with actually carrying out the attacks.

"This is an example of a growing trend: that is, denial of service attacks being used for either extortionate reasons, or to disable or impair the competition," says FBI supervisory special agent Frank Harrill. "It's a growing problem and one that we take very seriously, and one that we think has a very destructive impact and potential."

According to an FBI affidavit filed in the case, Echouafni was a client of CIT/FooNet's hosting services when he made a deal with Ashley, then the owner, in October of last year. Echouafni allegedly paid Ashley $1,000 to snuff out two competing websites that he claimed had stolen some of his content and were staging DDoS attacks against his company.

Ashley in turn used his connections in the underground, and in at least one case the promise of free CIT/FooNet server, to recruit three associates to do the dirty work: Joshua Schichtel, Jonathan Hall, and Lee Walker, known online as "Emp," "Rain," and "sorCe" respectively. Each of the three apparently had sizable "botnets" at their disposal, meaning they could each command thousands of compromised PCs to simultaneously attack a single host -- Walker alone had control of between 5,000 and 10,000 computers through a customized version of the Agobot worm, according to the FBI affidavit. Schichtel's network of 3,000 zombies was more modest, and he quietly subcontracted the job to Richard "Krashed" Roby, who allegedly took the assignment in exchange for a free shell account.

The attacks began on October 6th, with SYN floods slamming into the Los Angeles-based e-commerce site WeaKnees.com, crippling the site, which sells digital video recorders, for 12 hours straight, according to the FBI. The company's hosting provider, Lexiconn, responded by dropping WeaKnees.com as a client, sending the company to more expensive hosting at RackSpace.com.

RackSpace fought back, but the attackers proved determined and adaptive. In mid-October the simple SYN flood attacks were replaced with an HTTP flood, pulling large image files from WeaKnees.com in overwhelming numbers. At its peak the onslaught allegedly kept the company offline for a full two weeks. (The company declined to comment on the case).

RapidSatellite.com, which sells satellite TV receivers, was hit at the same time and with similar results. The company responded by quickly moving their electronic storefront to the distributed content delivery services of Speedera, only to be crippled three days later by an attack on that provider's DNS servers, which for an hour also blocked access to other Speedera-hosted sites, including Amazon.com and the Department of Homeland Security, according to the FBI affidavit. RapidSatellite then moved to Akamai, but were out again within a week when the attackers switched to an HTTP flood attack, running massive numbers of queries through RapidSatellite.com's search engine.

Behind the scenes Ashley was allegedly micromanaging the assault. A chat log recovered from Schichtel's hard drive shows Ashley admonishing his subordinate to stay on top of his portion of the attack: "u gotta keep ane [sic] eye on it...cuz they could null route the ip and change the dns...and it would be back up." When Schichtel asks, "what did they do to you?," Ashley replies with an answer fit for Tony Soprano. "[F]---ing with us...well, a customer."

"Operation Cyberslam"
In December, the alleged DDoS conspirators' informal relationship became more corporate, when Echouafni purchased CIT/FooNet from Ashley, and kept Ashley on as network administrator at $120,000 a year salary. Ashley, in turn, formally hired Hall to perform "security" for the company -- which the FBI suggests was a euphemism for launching more DDoS attacks against Echouafni's enemies.

In Feburary, Echouafni -- now the boss -- phoned Hall directly to order an attack on a new target, according to the government: another satellite T.V. retailer called Expert Satellite. Hall dutifully launched a SYN flood against the new victim, but the results didn't please his CEO; Echouafni contacted Hall repeatedly to inform him that the site had resurfaced, and to express his disappointment. "Echouafni also implied that [Hall] would be fired if he did not launch the attacks," reads the affidavit

By then, law enforcement was making progress on the investigation they code named "Operation Cyberslam."

FBI cyber crime agents had spotted what appeared to be reconnaissance for the HTTP flood attacks in WeaKnees.com's October log files, originating from a shell hosting company called Unixcon. Unixcon traced the activity to an account that had been established with a stolen credit card number, but an FBI source, whose identity is protected in the affidavit, fingered U.K. resident and Unixcon administrator Lee "sorCe" Walker as the culprit.

Walker was already known to the FBI from an investigation earlier in the year, when one of Walker's IRC enemies complained that Walker had DDoSed him. The Bureau even had Walker's home address. An FBI agent traveled to the U.K. in February to accompany London police as they raided Walker, who admitted to the WeaKnees.com and RapidSatellite.com attacks, and fingered Ashley as his handler, according to the affidavit.

The Bureau raided Ashley's home on Valentine's day. Before they hauled away CIT/FooNet's servers -- an act that would briefly cause controversy in the hosting community -- Ashley allegedly admitted to the attacks, and named all three of his cyber button men and Echouafni. Echouafni was arrested in Massachusetts, and released on $750,000 bail secured by his house. "We've alleged in the indictment that Echouafni was the manager, organizer and leader of the group," says assistant U.S. attorney Arif Alikhan, head of the Los Angeles computer crimes section, who's prosecuting the case.

He's also missing. According to court records, last month Echouafni's attorney won a motion to permit Echouafni's wife and children to "travel freely within and outside of the United States of America," and to have their passports returned. That was Echouafni's last action in court: the government says he's disappeared, and officials believe he's likely in Morocco. "He's a native of Morocco, and he was arrested in March as he returned from Morocco into the U.S.," says the FBI's Harrill. Echouafni's attorney did not return a phone call.

The Echouafni investigation was one of a handful of cases specifically cited Thursday by U.S. Attorney General John Ashcroft in announcing what the Justice Department called "Operation Web Snare" -- a tallying of over 150 recent and ongoing federal criminal cases relating to computers or identity theft. Ashcroft said the case illustrates "the increased use of the Internet to damage rival businesses and communicate threats for commercial advantage."

"I think it's the first case of its kind involving a DDoS for commercial advantage or for hire," says Alikhan. "There are DDoS attacks all the time organized on IRC, but this is certainly the first case where you have a corporate executive who was using the services of another person to launch attacks against competitors."

October 9, 2004 at 09:32 AM in Online crime | Permalink | TrackBack (15) | Top of page | Blog Home

August 27, 2004

103 arrests for Internet fraud, related crimes since June: US

WASHINGTON (AFP) - US authorities arrested at least 103 suspects and filed 117 criminal complaints since June 1 in a crackdown on various forms of online fraud, Attorney General John Ashcroft said.

Ashcroft said the effort dubbed Operation Web Snare "is the largest and most successful collaborative law-enforcement operation ever conducted to prosecute online fraud, stop identity theft, and prevent other computer-related crimes."

The law enforcement effort targeted schemes including hacking, selling counterfeit software and "phishing," a technique directing Internet users to fake sites to steal personal or financial data.

Ashcroft said authorities investigated more than 160 cases involving some 150,000 victims and losses of at least 215 million dollars.

"Last year alone, nearly 10 million Americans had their identities stolen," he said. "Identity theft costs the nation's businesses nearly 50 billion dollars a year in fraudulent transactions and often involves coordinated criminal conduct."

In one case, the chief executive of a California communications company and five other individuals were charged for allegedly using "denial of service" attacks against their online competitors, Ashcroft said.

In another case, a Ukrainian national was extradited from Cyprus to charges of credit-card trafficking and wire fraud after obtaining from Internet chat rooms numbers illegally obtained from sources around the world.

Ashcroft said US and Nigerian authorities were also cooperating on the so-called Nigerian e-mail fraud scheme, in which messages pledge to provide large sums of money for an advance "fee."

August 27, 2004 at 07:22 AM in Online crime | Permalink | TrackBack (15) | Top of page | Blog Home

August 25, 2004

Dragging the Net for Cyber Criminals

Yahoo! News - Dragging the Net for Cyber Criminals

Wed Aug 25,11:45 AM
By Cynthia L. Webb, washingtonpost.com Staff Writer
In an attempt to stem the growing tide of online scams, identity theft and the proliferation of junk e-mail, the Justice Department (news - web sites) and state law enforcement officials have initiated what seems to be the largest dragnet yet against spammers, so-called "phishers" and other Internet con artists.

The Washington Post and New York Times both reported today that Attorney General John D. Ashcroft is expected to announce details about a far-reaching cybercrime crackdown in a news conference on Thursday.

The effort "will include arrests, subpoenas and property seizures ... according to law enforcement and industry sources" and "some of the more than 100 enforcement actions" will go on through tonight, The Washington Post reported. The New York Times said federal and state officials "have quietly arrested or charged dozens of people ... in recent weeks, according to several people involved in the actions." The Times report also put the crackdown's scope in perspective. The announcement "is meant to highlight several different government actions related to computer crime. The department has conducted a handful of similar operations in the past, calling them cyber sweeps, but the crackdown to be disclosed this week is thought to be the biggest by far."
� The Washington Post: Justice Dept. to Announce Cyber-Crime Crackdown (Registration required)
� The New York Times: Dozen Charged In Crackdown On Spam and Scams (Registration required)

A number of the cases involve spam, the pesky junk that clogs e-mail inboxes and saps productivity and IT costs. Meanwhile, The Post explained, more than half the targets are scam artists such as phishers, who send out e-mails that look legitimate, often carrying a company logo and other details. The scams lead to bogus Web sites and e-mail addresses that entice computer users to divulge financial data and other personal details. The information is then used for identity theft and other crimes.

In advance of Ashcroft's news conference, Robert Wientzen, head of the Direct Marketing Association, told The Post: "It's a large number of cases." The DMA, a trade group, is involved because bona fide marketing efforts have taken a hit as consumers get inundated with spam and phony online offers. "The FBI (news - web sites), with help from the DMA, launched Operation Slam Spam a year ago, with technical operations at a field office in Pennsylvania. Wientzen said his organization provided financial and technical help. The actions to be announced Thursday will be the first fruits of the effort, though it is unclear how many of the cases involve formal charges or indictments. But Wientzen said he expects a second round of actions in the fall," the paper said.

The New York Times provided more details on the operation, which the DMA helped bankroll, the article said. "Many of the cases were developed by an unusual investigative team that combined federal law enforcement officials and executives from industries that do business through the Internet. Nearly two dozen investigators work in an office in Pittsburgh operated by the National Cyber-Forensics and Training Alliance, a nonprofit organization with close ties to the [FBI]," the paper said. More from the article: "The operation has built a database of known spammers, drawing from law enforcement agencies and from private companies that are investigating and bringing civil suits against some of the biggest users of junk e-mail messages. It has also deployed online decoys to catch spammers and has purchased products advertised in spam messages so that the financial records can be traced to the ultimate source of the message."

Fighting Spam

Officials are hoping the crackdown will make a dent in spam and other online problems, mirroring the expectations of federal lawmakers. "Congress passed a law last December criminalizing fraudulent and deceptive e-mail practices. The law subjects spammers to fines and jail terms of up to five years," the New York Times reported. "So far, the law has had little noticeable effect. Spam represents 65 percent of all e-mail, up from 58 percent when the law was passed, according to Symantec, a company that makes a widely used spam filter."

PC World has more numbers that are equally depressing: "In early August, the nonprofit group Consumers Union reported that in a survey of 2,000 e-mail users, 47 percent said spam had increased since the federal antispam law took effect in January. Sixty-nine percent said at least half the e-mail they receive is spam. This corresponds to a Commtouch Software study, which reports a 42 percent increase in the first half of 2004," the publication said Monday.
� PC World: The Fog of Spam War

The United States is the breeding ground for most spam, according to anti-virus firm Sophos. The company said yesterday that "roughly 43 percent of spam sent around the globe originates from the United States, which enacted the federal Can-Spam Act in January to criminalize e-mail fraud. That percentage dwarfs the junk e-mail coming from South Korea (news - web sites) and China, the second- and third-largest sources, respectively. South Korea accounts for 15 percent of the world's spam and China, 12 percent, according to a report from Sophos released Tuesday. Brazil is the fourth-largest ... at 6 percent," CNET's News.com reported. Agence France-Presse also picked up the report.

Graham Cluley, senior technology consultant for Sophos, said in a statement: "Several measures have been suggested to tackle spam - from charging to send e-mail to sender authentication mechanisms - but these alone will not solve the problem. Only a combination of technology, international legislation and user action will put a stop to spam."
� CNET's News.com: U.S. Cooks Up Most Spam
� Agence France-Presse via Australian IT: U.S. Largest Exporter of Spam

Sophos's helpful information page offers ways to avoid and deal with spam and The Washington Post recently published a how-to list for spotting spam and other online scams.

Meantime, spam-fighting technologies continue to be at the forefront of the spam battle, as do Internet service providers, including America Online, Earthlink and Yahoo, who have rolled out spam filters and other spam-fighting efforts. "This month, the Internet Engineering Task Force (IETF) reviewed several e-mail authentication proposals, agreeing to fast-track a submission from Microsoft known as Sender ID. The group also reviewed submissions for signature-based authentication from companies such as Cisco Systems and Yahoo and recommended the authors combine and resubmit those proposals together," CNET's News.com reported. "A timeline has yet to be set for reviewing and approving these proposals. But the attention on e-mail authentication standards is a welcome sign of progress, according to anti-spam experts, who said the technology promises what current anti-spam solutions can't yet offer -- the chance to drive up costs for spammers."

BBC News Online today reported about a novel spam-fighting approach, which uses DNA-style analysis to target spam. The BBC said "computational biologists at IBM's TJ Watson Research Center have devised an anti-spam filter based on the way scientists analyse genetic sequences. Called after Feng Shui character Chung-Kwei, the formula automatically learns patterns of spam vocabulary and has proved to be 96.5 percent efficient. In tests, the filter only misidentified one message in 6,000 as spam."
� BBC News Online: 'DNA Analysis' Spots E-mail Spam

While spam continues to be a thorn in the side of Internet users, phishing attacks are growing in popularity too. Just last week, two of Germany's largest banks were hit, IDG News Service reported. "Until recently, most phishing attacks have been aimed at customers of banks in English-speaking countries. ... But 'over the past few weeks, we've seen a shift to countries like Brazil and now Germany,' said Mikko Hypponen, director of antivirus research at F-Secure Corp. in Helsinki, Finland," the article said.
� IDG News Service via Computerworld: Big German Banks Hit By Phishing Attacks

The Courier-Journal of Louisville, Ky., reported today that phishing attacks "are growing about 52 percent a month, according to the latest report from the AntiPhishing Working Group, an informal organization that includes computer security companies, banks and law-enforcement agencies. It said there were 1,422 unique attacks in June and that 92 percent relied on e-mail. The most-targeted companies in June, it found, were Citibank, eBay, U.S. Bank and PayPal. Attacks also were reported involving Bank One and BB&T"
� The Courier-Journal: Phishing Scams Spread on Internet

Online Recruitment Magazine's Web site published a list yesterday of the top five ways to spot a phishing attack. "We are starting to see more and more phishing sites which are not targeting specific financial institutes, but are targeting general e-commerce. We have seen 'fake' online banks, sporting good stores, and pharmacies, demonstrating that the attacks are becoming more dangerous to a greater number of businesses," according to Dan Hubbard, an Internet security expert at the British company Websense Inc., the report said.

Disconnect for Phone Industry

Phone service and other technology innovations by cable, wireless and Internet players are hurting traditional phone company business, the Wall Street Journal reported in a front-page article today. For example, "[Verizon Communication Inc.'s] traditional phone lines are down by 9 million, or 16 percent, since the end of 2000, according to research firm Precursor Group," the article said. "Across the nation, the business models that have worked for decades for Verizon and other phone giants are showing signs of unraveling. The cable industry's push into the phone business and a torrent of innovations such as Internet calling and advanced wireless technology are threatening the foundations of the nation's $300 billion telecom industry."
� The Wall Street Journal: Phone Industry Faces Upheaval as Ways of Calling Change Fast (Subscription required)

The International Herald Tribune ran its own telecom trend piece today, focusing on the growth of international telecom business on the heels of trouble with U.S. telecom companies. An excerpt: "Billions of dollars worth of global telecommunications networks bought or built under U.S. direction and used to transport much of the world's Internet traffic now belong to Chinese, Indian and other non-U.S. companies that snapped them up for a small fraction of their original cost less than four years after the telecom bubble burst," the article said. "The shift in the balance of power has both political and economic consequences. For one, the international components of a nation's communications infrastructure, considered a strategic and defensive holding, may now be controlled by those who don't share the nation's interests. But another consequence is that such diversification of ownership contributes to competition and thus helps keep prices down."
� International Herald Tribune: U.S. Telecom Pain Is World's Gain

Getting the FCC (news - web sites)'s Attention

In more telecom news, Verizon and Qwest Communications International Inc. want the FCC on their side. They "have asked a federal court to throw out a set of temporary regulations banning giant regional phone companies from raising the wholesale rates they charge competitors for at least six months. The legal action comes after the Federal Communications Commission (news - web sites) issued the temporary rate freeze on Friday. The rivals, including AT&T Corp. and MCI Inc., have no local network of their own and depend on the regulated rates to offer their own brand of local phone service," The Washington Post reported. The Financial Times picked up on a telling quote from the Baby Bells, from their filing: "It is simply inexcusable for the FCC to flout a binding judicial determination yet again, and to extend those never-lawful requirements for nearly another year," the companies said.
� The Washington Post: Verizon, Qwest Seek to Overturn FCC Rate Freeze (Registration required)
� Financial Times: Verizon and Qwest Ask Court to Block FCC Rules

Search Satisfaction Getting More Hits

Researchers have found that Americans are happier with search engines and news sites, according to a Dow Jones Newswires article on a University of Michigan study. "Search engines led the pack in customer satisfaction, with Google Inc. scoring 82 out of 100 on the American Customer Satisfaction Index, a national economic indicator of customer evaluations of the quality of products and services, which is updated quarterly. Satisfaction for the e-business category, which includes search engines, portals and news sites, rose to 72.5 from 71.4 last year but the score is still lower than the Index's cross-industry average of 74.4."
� Dow Jones Newswires via The Wall Street Journal: Attitudes Improve Toward Search Engines, News Sites (Subscription required)

EU After Microsoft Again

Microsoft can't catch a break with antitrust regulators across the pond. "The European Commission (news - web sites) on Wednesday launched an in-depth investigation of plans by Microsoft Corp. and Time Warner Inc. to acquire joint control of ... ContentGuard Holdings Inc.," Reuters reported. The wire service said the deal evenly splits ownership of the U.S. technology company, which protects digital files from illegal copying. "The European Union (news - web sites) executive [body], which regulates mergers and takeovers, said a preliminary review had revealed that the deal could create or boost a dominant position by Microsoft in the market for so-called Digital Rights Management," the article said. The Associated Press also reported the news, noting the "world's largest software company and the world's biggest media concern aim to develop new industry standards in the rapidly expanding market for Internet distribution of electronic media. Other partners include Japanese giant Sony Corp (NYSE:SNE - news) (news - web sites)., but they also face industry pressure to make any Microsoft-backed standards compatible with as many devices and online stores as possible."
� Reuters: EU Probes Microsoft/Time Warner Venture
� The Associated Press: Microsoft-Time Warner Deal Faces In-Depth EU Review

Filter is designed for hard-core techies, news junkies and technology professionals alike. Have suggestions, cool links or interesting tales to share? Send your tips and feedback to cindyDOTwebbATwashingtonpost.com. (Yes, those spammers have been having a lot of fun with my e-mail address lately.)

August 25, 2004 at 11:34 PM in Online crime | Permalink | TrackBack (28) | Top of page | Blog Home

August 18, 2004

Internet Virtual Classroom for Al Qaeda Supporter

Yahoo! News - Internet Virtual Classroom for Al Qaeda Supporter

Thu Aug 12,11:02 AM ETAdd Technology - Reuters Internet Report to My Yahoo!

By Jon Boyle
PARIS (Reuters) - Al Qaeda has turned the Internet into a virtual classroom for its supporters around the world after U.S. troops drove Osama bin Laden (news - web sites)'s followers from training bases in Afghanistan (news - web sites), security experts say.

The Internet played a key role in al Qaeda's planning and coordinating for the Sept. 11, 2001, attacks on U.S. landmarks. In the years since, the Web has taken on an even greater role in recruiting, spreading fear and propaganda, and executing attacks, according to the security experts.

"The Internet is even more dangerous than it was in the past," said Rita Katz, director of the SITE Institute, in a telephone interview from Washington.

"Whatever you had in Afghanistan in the training camps, you have today on the Internet," said Katz, whose nonprofit organization tracks militant Islamic sites and counts the U.S. government and major U.S. corporations among its clients.

"Some of the manuals (posted on the Web) are the actual manuals from Afghanistan ... some written by Saif al-Adel, one of the most wanted military commanders of (Al Qaeda) who has not been captured. He's on the FBI (news - web sites) most-wanted list," she said.

A recent posting detailed how to use a mobile phone in a bomb attack, a method used to kill 191 people in March in coordinated blasts on Madrid commuter trains.

"It was step-by-step, and to make sure you get the picture they had a video to demonstrate it. It's scary," Katz said.

A month before a wave of kidnappings in Iraq (news - web sites) and Saudi Arabia, she said, manuals appeared on Jihad Web sites with precise instructions on how to seize hostages.

One was posted by Abu Hajer, who later kidnapped U.S. engineer Paul Johnson and assassinated him, she said.

"I was asking myself, 'Why are we getting so many warnings?' Maybe the answer is that this way they communicate with other members, saying look, this is our agenda."

Jonathan Schanzer, research fellow at the Washington Institute, said: "After 9/11, I don't think Al Qaeda can be seen as much as an organization as a movement, and that sharing of information among this movement is incredibly critical.

"It's increasingly crucial, not so much for recruitment but in terms of communications, sending encrypted messages, coded messages, maintaining data bases, etc."

CYBER THREAT

Gabriel Weimann, senior fellow with the Washington-based U.S. Institute of Peace, said the Internet threat had been widely misunderstood due to a misplaced focus on the "exaggerated threat of cyber attacks."

It is the use of the Internet for more routine purposes -- not attacks on the network itself -- that is worrying.

In a 6-year-old study of militants' use of the Internet, Weimann's group details routine ways militants use the Web, including psychological warfare, propaganda, fund-raising, recruitment, data mining and coordinating attacks.

The Internet's role was highlighted this month with news of the secret arrest in July of Mohammad Naeem Noor Khan, a computer expert used by Pakistan to track down al Qaeda militants in Britain and America.

Security agencies are developing other ways to pierce Al Qaeda's veil of secrecy, including electronic surveillance of communications and secret messages embedded in apparently innocuous Web sites.

But Western intelligence must increase the resources devoted to studying the network and be far more flexible if it is to take the cyber trail to track down militants, analysts say.

"I think it's going to take them a while to be able to monitor the Internet in a way that will enable us to be on the right trail before something happens," Katz said.

Schanzer welcomed improved monitoring of "chatter" on militant Web sites, but disinformation and small-time braggers masked the tiny number of genuine operatives planning attacks.

"The question is not so much whether we have the technology, but whether intelligence gathering organizations have the flexibility ... are able to adapt as quickly as Al Qaeda."

(Additional reporting by Dan Williams in Jerusalem)

August 18, 2004 at 03:12 PM in Online crime | Permalink | TrackBack (7) | Top of page | Blog Home

July 22, 2004

Internet Extortion Foiled

Thursday, July 22, 2004. Page 3.
Internet Extortion Foiled
By Bernhard Warner and Oliver Bullough
Reuters Hard-pressed police forces have scored a significant victory in the battle against Internet crime by smashing a Russian extortion racket preying on British businesses and betting web sites.

A multinational investigation culminated with the arrest this week of the suspected ringleaders -- three men aged between 21 and 24, police said Wednesday. They were held after raids in St. Petersburg and the Saratov and Stavropol regions. Further arrests may be pending.

Police said the gang had unleashed digital attacks over the Internet on dozens of occasions.

"These were the main people behind the organization. They were coordinating it and laundering the money," said a source at the British Embassy in Moscow.

They are accused of threatening to shut businesses down with a massive barrage of data -- a denial-of-service attack -- if they did not pay up. The gang often demanded sums of $10,000 or $20,000 from owners of betting web sites and struck on the eve of big sporting events like Britain's Grand National horse race.

Protection rackets have sprung up over the past few years preying on e-commerce businesses of all sizes.

Investigators around the globe have been building a profile of the culprits -- typically, crooked programmers from Eastern Europe. But until now they have had little luck in tracking them.

The suspects are thought to be part of a larger group. Last November, police arrested 10 members of the group in Latvia -- a breakthrough that eventually led to this week's swoops, police said.

Following a complex trail of wire transfers and e-mail correspondence, police tracked the trio to their hometowns. One, a 21-year-old from the Saratov region, was a part-time student who worked in a computer shop.

"Two of the suspects were technically proficient. The third was the money man," said a spokeswoman from Britain's National Hi-Tech Crime Unit.

The three men could be charged under new federal computer crime and extortion legislation, officials said. The British police spokeswoman said it was unlikely Britain would seek extradition.

July 22, 2004 at 07:22 PM in Online crime | Permalink | TrackBack (28) | Top of page | Blog Home

NHTCU and Russian police foil online extortion racket

finextra news: NHTCU and Russian police foil online extortion racket

21 July 2004 - Key members of a Russian gang suspected of running a global extortion racket targeting online bookmakers have been arrested in a joint operation between the UK's National Hi-Tech Crime Unit (NHTCU) and its counterparts in the Russian Federation.

NHTCU says three men were arrested in a series of raids in St Petersburg and in the Saratov and Stavropol regions of southwest Russia.

Bookies in the UK have been subject to attacks and demands for money since October 2003. The extortions, amounting to hundreds of thousands of pounds, took place following denial of service (DOS) attacks on servers and Web sites. The gang then sent e-mails demanding to be paid to stop the attacks for one year, when they would then return for more.

Cash was being transferred by a number of money transfer agencies, which gave information over to the NHTCU.

In Russia, the NHTCU worked closely with computer crimes specialists from the Ministry of Internal Affairs (MVD) to identity the criminals.

Detective Chief Superintendent Len Hynds, head of the NHTCU, says: "The success of this operation is built on the foundation of international partnerships between law enforcement and business...Thanks to the response of all the parties involved, we have helped to dismantle a determined group of organised criminals."

As part of the investigation, 10 members of the gang were arrested in Riga, Latvia, in November last year. NHTCU says, through these arrests officers were able to identify the financial trail which led to the gangsters arrests.

July 22, 2004 at 07:36 AM in Online crime | Permalink | TrackBack (10) | Top of page | Blog Home

July 20, 2004

Anatomy of a 419 scam

Anatomy of a 419 scam [printer-friendly] | The Register

By Team Register (press.releases at theregister.co.uk)
Published Friday 9th July 2004 13:06 GMT
Exclusive Regular readers will be familiar with our ongoing coverage of variations on the 419 advance fee fraud scam. Occasionally, we report on people who have been suckered by the promise of riches beyond the wildest dreams of avarice - and duly fleeced for their trouble.
Two oft-posed question from readers are "how could they be so stupid?", and "surely everyone is aware of these scams by now?" Indeed, we have been accused in the past of carrying too much 419 coverage.

Sadly, though, it's clear that the 419ers continue to operate with considerable success. The following is an account of how one US citizen (we have called him DG) recently lost $1,000 to a UK-based 419 outfit who used a combination of plausible correspondence, phone calls and a fake bank website to reel in their victim. We have appended the full email correspondence between DG and the 419 gang to the end of this article.

On 22 June 2004, DG transferred his last $1,000 via Western Union to an unknown location within the UK. He believed that the money would be used to set up an account with United Mercantile Credit & Investment Bank (UMCIB) in London into which $8m would then be transferred.

The illicit funds were courtesy of one Moser Gilmore, who had sadly died intestate and left the booty sitting around in a European bank, just waiting for a willing partner to claim his share of the loot. The 419ers initially contacted DG purporting to be investigators looking for Gilmore's relatives - a classic approach.

DG took the bait and offered himself as a willing accomplice in the transfer of the funds. Inconveniently, though, UMCIB required an initial deposit of $8,000 to activate DG's account. DG could not himself raise the required funds but - believing that one of his "partners" - was willing to make up the difference - he duly parted with $1,000.

Shortly thereafter, DG received confirmation from his personal "Relationship Manager" at UMCIB - James Cole - that the $8m was resting in his account. All he now had to do was access it .

DG found this rather more difficult than he had expected, since he was unable to log in to UMCIB's e-banking system. And no wonder, because UMCIB is, of course, a bogus bank. Its website (http://www.umcib.com/) gives 232 Great Eastern Street, London EC2 as its location. The Royal Mail lists no such address and our man on the spot confirms that the street numbers end at 82. Neither is UMCIB registered with the Financial Services Authority (http://www.fsa.gov.uk/register/).

The bank's blurb (http://www.umcib.com/About.htm) makes entertaining reading:

About UCMIB

Since 1994, UMCIB has constantly shown an ability to work as a financial partner and confidante to Heads of States, Diplomats, Businesses, Prominent Individuals, Companies, Conglomerates and Governments worldwide.

Using our specialised London offices and various affiliate offices across Europe, we are well equipped and positioned to meet the international banking needs of our clients offering them utmost confidentiality and privacy for both personal and tax purposes.

Clients interests are our paramount concern.

Clients of UMCIB, do not require authorisation under the Financial services and Markets Act 2000 and as such are entitled and qualify for the Financial services Compensation scheme. Copies of the banks last audited reports are available to clients only and are sent to you via secure courier in your welcome pack containing your account information cards, pin and cheque books.

We offer our clients the use of our exclusive debit cards and ATM cards in over 50 Countries worldwide and access to over 50,000 ATM machines globally.

Credit facilities may be provided but are subject to status and available to customers/account holders only.

We would only deal with a nominated attorney/next of kin of our clients, we do not entertain third party discussions on or about our clients from any Individual or organisation.

All very reassuring.

Interestingly, www.umcib.com is registered to one "Simon Williams" at an address in an Edinburgh housing block (pictured left). The contact mobile phone number for a "Simon Williams" is continually engaged. Local sources confirm that there is no Simon Williams officially registered as a tenant at the address.

The site appears to be hosted in California. We emailed the hosts for their comments but they have not as yet replied to our query.

Calls to UMCIB's number as listed on its website are met with an answerphone. We left a message for Mr Cole asking if he would be interested in handling a large sum of cash we had acquired from an arms deal in Sierra Leone, but he did not return our call.

We therefore decided to ring Mr Cole on his personal mobile and enquire about DG's $1,000 dollars. Cole asked us: "What does he want? Does he want his money back?" When we replied that he would probably welcome that, Cole said: "Ask him to put any complaints down in writing and I will consider it."

We then asked Cole where DG should send his complaint, since the address for UMCIB was clearly false. Cole expressed surprise, but quickly became somewhat frosty when we suggested that UMCIB did not exist at all and was, in fact, nothing more than a front for a Nigerian 419 fraud in which he was a key player. At this point Cole insisted: "I don't know what you're talking about," and rather rudely hung up.

We rang the UK's National High-Tech Crime Unit to get its feedback on the scam, but were told that it does not deal with 419 frauds - these are handled by local forces. In this case, however, since there are neither real premises nor any clue as to where DG's cash was collected, it's difficult to say which local force might be appropriate.

At the time of publication, an email to the Metropolitan Police's SCD6 Economic and Specialist Crime OCU (http://www.met.police.uk/fraudalert/index.htm) outlining the details of the case remains unanswered.

In conclusion, we'd like to reiterate what the Met's site says: "If it sounds too good to be true, then it is!" DG has been taken for $1,000 dollars he can ill afford and has no chance of ever seeing again. He allowed his desire for riches to suck him into a scheme that - even if true - he must have known to be illegal. He has no recourse to law and the 419ers are laughing all the way to their bogus London bank.

July 20, 2004 at 11:45 AM in Online crime | Permalink | TrackBack (26) | Top of page | Blog Home

July 08, 2004

Over a million UK shoppers hit by online fraud

finextra news: Over a million UK shoppers hit by online fraud

08 July 2004 - Over a million UK consumers have been victims of security breaches while shopping via the Internet, according to a survey by online research company Tickbox.net for LogicaCMG.

More than one in 20 consumers experienced attempted or actual theft of financial or personal details whilst shopping on the Internet.

The research shows that almost a quarter (24%) of those affected defected to an alternative online brand while 23% decided not to buy anything from that company again.

Nearly three quarters of consumers (73%) say security is more important than price, quality or convenience when shopping online and 70% would boycott a Web site even if they only had word of mouth evidence that the brand had been involved in a security scare.

When asked if they would continue to use a Web site if their financial data was stolen, 79% claimed they would stop shopping online, while two thirds (65%) said they would stop shopping with the company altogether - both online and at high street stores. One in five would need to be more convinced by retailers that financial details are secure in order to carry on using the service.

Dave Martin, principal security consultant, LogicaCMG, says the figures demonstrate that consumers will vote with their feet if they lose trust in brands: "With online sales from British consumers predicted to be �17 billion this year and 20 million UK consumers shopping online, these findings will make businesses aware of how costly a security failure can be to its brand."

Citing statistics from IT securiy organisation The Honeynet Project, Martin says there are many recorded instances where a new Web site has been successfully attacked within 15 minutes of it being launched.

However, almost half of those surveyed (47%) claimed they would feel more concerned about using wireless channels to make purchases than using the Internet.

July 8, 2004 at 08:06 AM in Online crime | Permalink | TrackBack (52) | Top of page | Blog Home

June 20, 2004

Britain is light years ahead in fighting child porn

TheStar.com - Britain is light years ahead in fighting child porn

JENNIFER WELLS

A bilious sensation rises in the throat. Representatives of the business caste known as "Internet service providers" meet the media and say, well, hey, we're not the Internet police

Not much we can do about them there child porn pictures of the execrable type scrutinized by Michael Briere, say the ISPs. We are the "innocent carriers." The repulsive, illegal cargo? Not really our problem.

Next question.

All right, here's one. How is that the United Kingdom is light years ahead of Canada on this issue?

How is it that the U.K.'s Internet Watch Foundation has been in the business of cracking down on Internet crap for more than seven years and we have yet to establish its comparator?

How is it that the same foundation is funded, in part, by proactive ISPs who loudly and publicly proclaim their desire to help stamp out kiddie porn on the Net?

The Internet Watch Foundation was established in 1996. The following year it reported that 18 per cent of potentially illegal Internet content was "hosted" by U.K. Internet service providers. Today the federation claims that the figure has been reduced to 1 per cent.

How did that happen?

The fast answer is a broad coalition of co-operation and a shared determination to stop the Net-fed sexual exploitation of children.

The specific tools include an Internet hot line of the type advocated recently by Ontario Attorney-General Michael Bryant. In its most recent annual report, released in March, the IWF says that in 2003 it processed 20,000 reports of potentially illegal content. It also reported the grim statistic that of the 99 per cent of child abuse images traced to outside the U.K., 55 per cent were sourced in the United States, where, it notes, "very few" Internet service providers have registered with the U.S. equivalent of the IWF.

Lucky for the Brits, the IWF's hotline works closely with a national high tech crime unit, created in 2001, trained specifically to shut down illegal Net activities, including the dissemination of criminally racist material.

Greater luck: a "receptive and amendable" ISP community offers swift response via an effective notice and "take-down" system.

The IWF is highly visible, and posts the names of newly joined funding members. A company called Telewest Communications joined in April. Those who fail to join will become notable by their absence. An astute public can now choose a service provider based on whether they're in or they're out.

Movements such as these grow organically. Earlier this month, British Telecom announced the pilot launch of its so-called Cleanfeed project. The IWF reports illegal sites to the communications giant, which in turn blocks users from accessing the blacklisted sites.

The test has further drawn the battle lines between the "freedom first" Net believers and the "safety first" proponents who believe in the greater good of working to keep our children safe.

It's not web censorship. For web censorship, see, oh, Iran, where Internet service providers block web sites that purvey material critical of that country's human rights record and/or its political agenda. To repeat, Cleanfeed blocks illegal sites.

In May, British Telecom released a report prepared for it by London-based Futerra, a communications firm that works with the largest U.K. companies on issues of sustainable development. A key recommendation of the report was that ISPs take a commanding role in fighting the spread of child pornography on the Internet.

There have been repeated government proclamations here at home to do, well, something about this cancer. Most recently, the speech from the throne in February made a pledge to implement a strategy to counter sexual exploitation on the Internet.

The template is already there in the form of the U.K. initiative. And there are localized initiatives here that could fit into a broad national strategy. Cybertip.ca is one such. Established by Child Find Manitoba, Cybertip.ca is a tip line for individuals reporting the online sexual exploitation of children.

An aggressive national strategy has to come next. And who better to lend their support to such a project than powerful national communications companies? Come on down, Bell Canada.

There is, by the way, an answer as to why the U.K. is light-years ahead on this issue. The Brits have done exceedingly well in setting the pace for corporate social responsibility. Sadly, Canadian companies too often take their cue from the American counterparts who, and let's be exceedingly polite here, have been laggards. Sadly, this issue has not proved the exception.

June 20, 2004 at 04:28 PM in Online crime | Permalink | TrackBack (64) | Top of page | Blog Home

June 11, 2004

Company secrets for sale

Just buy old laptops

By Nick Farrell: Thursday 10 June 2004, 09:05

CORPORATE SPIES interested in lifting company information should not bother with trying to hack systems, they should just wait until their target sells off its old laptops.
According to Reuters, Stockholm-based Pointsec Mobile Technologies said that shed-loads of sensitive data had fallen into its paws after it bought more than 100 laptops from internet and public auctions in the past two months.

Pointsec is a security company and it bought up the laptops as a publicity stunt to show how insecure data was on ancient laptops.

The Pointsec spinsters said that the little exercise demonstrated that lost or stolen laptops that wind up at auction every day have hard drives with little security, giving identity thieves and fraudsters easy access.

Apparently the company techies found sensitive details from 70 of the 100 machines it bought. An eBay auction netted it data that apparently once belonged to one of Europe's largest insurance companies.

It included customers' pension plans, payroll records, personnel details, login codes and administration passwords for the company's Intranet. On other laptops were found excel spreadsheets and lots of personal data.

Some companies thought they had wiped the hard drives, but in most cases the data was completely recoverable.

A Pointsec spokesman said that unclaimed laptops which were lost on the train or at the airport, proved to be the biggest goldmine. Such a sale at Gatwick Airport netted one laptop which could be opened using a fairly basic password recovery program.

June 11, 2004 at 09:28 AM in Online crime | Permalink | TrackBack (13) | Top of page | Blog Home

June 04, 2004

Keylogging Internet worm on the loose

finextra news: Keylogging Internet worm on the loose

03 June 2004 - Anti-virus firm F-Secure is warning of the spread of a keylogging Internet worm designed to steal online passwords and credit card numbers from infected computers.

The worm, known as Korgo, exploits the LSASS vulnerability to auto-infect Windows systems that haven't applied the MS04-11 patch issued by Microsoft in April.

F-Secure's Mikko Hypponen says the worm is spreading actively, and aggressively stealing user information from infected machines.

"It does this via a keylogger which specifically collects user logins for online banks (the ones which do not use one-time passwords)," he says. "It also logs everything the user types to any Web form - this will collect lots of credit card numbers, passwords etc."

Information culled from machines is sent to one of 11 geographically distributed Internet Relay Chat (IRC) servers.

Hypponen advises anyone infected by Korgo to change their passwords and cancel their credit cards. "Especially the ones you've used during last week. This is not a joke."

June 4, 2004 at 08:29 AM in Online crime | Permalink | TrackBack (21) | Top of page | Blog Home

May 26, 2004

Police Go Back to Class to Catch Internet Crooks

Yahoo! News - Police Go Back to Class to Catch Internet Crooks

By Bernhard Warner, European Internet Correspondent
LONDON (Reuters) - Police are heading back to the classroom as a new breed of criminals turns to the Internet to prey on unsuspecting victims. Across Europe and beyond, cyber investigators are being trained in computer forensics -- a crime-fighting technique that is part science, part sleuthing

Investigators comb through seized computer hard drives, looking amid countless disguised files for evidence the machine was used in a crime.

The clues could be elaborate computer programs designed to hijack a victim's PC, or e-mail and Web browsing logs revealing the identity of conspirators.

"It's akin to auto mechanics," said Dan Haagman, head of training for 7Safe Ltd, a Cambridge-based firm that instructs police and civilians in computer forensics.

"You rule out things early on. You search for signs that give you a picture of a particular security breach," he added.

The same techniques can be used to trace or at least build a profile of a criminal suspect from a hacked PC or computer network, he said.

AS VALUABLE AS DNA

As criminals turn to high-tech gadgets and the Internet to commit crimes ranging from extortion to drug dealing, computer forensics is rapidly becoming as crucial to an investigation as DNA evidence, police say.

"I expect new staff to have an absolute minimum of computer and software forensics before they even walk in the door," said Marc Kirby, detective inspector for the computer forensics section at Britain's National Hi-Tech Crime Unit.

In addition to training local police in cyber-sleuthing techniques, Kirby's 55 investigators also hunt criminals.

Earlier this month, the NHTCU arrested 12 people in a case in which a Russian crime gang is accused of using an e-mail scam known as "phishing" to defraud UK bank customers out of hundreds of thousands of pounds.

In another success, a string of globe-spanning pedophilia stings has determined the identities of thousands of suspects who use the Internet to trade and collect pornographic images.

But police forces around the world remain a step behind.

In the UK, home to some of Europe's most advanced cybercrime fighting forces, just 1,000 of the country's 140,000 police officers are trained to handle digital evidence. Fewer than 250 have high-level computer forensics skills, says European information security lobby group EURIM.

Efforts have been ramped up across Europe to close the gap.

BACK TO CLASS

Earlier this month, British police toiled in the reflection of their computer screens. They were hunting the deep recesses of a computer for traces of an increasingly popular cybercrime weapon known as "malware" in a 7Safe training session.

Malware is malicious computer code programmed by an underworld of hackers, virus writers and sometimes spammers to commit all manners of crime.

In the training exercise, investigators discovered in a deep corner of the hard drive a nasty piece of malware known as a "Trojan" installed on the machine without the user's knowledge.

Criminals use "Trojans" and "backdoors" to infect PCs. An army of vulnerable machines can then be programmed to execute a digital denial-of-service attack on a Web retailer or flood the Internet with dubious e-mail messages aiming to defraud users out of their bank details in a typical phishing expedition.

The prospect of stopping zombie PC attacks from every corner of the globe is a new criminal threat.

As always, the only way for an investigator to catch a cyber criminal is to learn their tricks. "To truly understand malware they have to use it. To understand hacking they have to do it," Haagman said.

May 26, 2004 at 11:40 AM in Online crime | Permalink | TrackBack (14) | Top of page | Blog Home

April 06, 2004

UK Sends Nigerian '419' Scammer to Prison

They got one of these ba@#%rds!!

allAfrica.com: Nigeria: UK Sends Nigerian '419' Scammer to Prison

Posted to the web April 6, 2004
Lagos
A Nigerian based in Wales, United Kingdom has been jailed for 20 months by a Welsh court, for tricking people into handing over money and personal data in expectation of receiving a huge windfall.
Peter Okoeguale, 33, who was arrested in Wales while in the process of committing one such advance fee fraud, '419', scam, also faces deportation from the UK at the end of his sentence.

When arrested, Okoeguale was found in possession of headed notepapers and forged documents, all created for the purposes of duping gullible victims and making them believe he was in charge of a large fortune which needed to be laundered through a Western bank account.

In sentencing the fraudster, Judge John Rogers QC said: "You had in your possession a substantial amount of equipment and carefully drafted fraudulent documents with the intention that they should be used to fool gullible people."

Handing out the custodial sentence Rogers said "only a period of imprisonment is appropriate" for a crime which amounted to "international fraud".

Police investigating the case have tracked down 11 victims of Okoeguale. One individual in Scotland lost oe20,000 to the scam, according to police.

Although sympathy is often thin on the ground for victims of the scam, who fall foul to their own greed and gullibility, the National Criminal Intelligence Service said the organised crime rings behind them still need to be cracked because the money raised by perpetrating such frauds often funds far more serious criminal activities such as the trafficking of drugs and people.

At the time of his arrest, Okoeguale was based in Ireland where he was living with his wife and children.

April 6, 2004 at 01:51 PM in Online crime | Permalink | TrackBack (77) | Top of page | Blog Home

March 27, 2004

Focus: Closing the net

Times Online - Sunday Times

Credit-card providers face growing pressure to disavow profits made from online porn, says John Burns

In September 1999, the FBI raided the home of Thomas and Janice Reedy in Fort Worth, Texas. Inside they found the largest child pornography business ever, one which had 250,000 subscribers, including 100 in Ireland.

Operating as Landslide Productions, the Reedys were earning up to $1.4m (�1.2m) a month selling child porn images over the internet. For a monthly fee of about $30, the likes of Tim Allen, the celebrity chef from Cork, could access websites with titles such as Child Rape containing images of four-year-olds being sexually abused.

Many of the paedophiles used credit cards to pay for the images, and that was how they were caught.

Professor Max Taylor from Copine, a child-porn research unit in Cork, reckons that credit-card companies made up to $3m a year from Landslide�s tawdry trade, based on their 4% to 6% commission on each transaction.

�There is a social problem here � pornography � and people are benefiting from it,� says Taylor. �Barclaycard made a profit of �3.8 billion (�5.7 billion) last year, and American Express made $6 billion. It is not unreasonable to say that a fraction of that may come from what people would see as being unsavoury if not illegal.�

Credit-card companies are coming under increasing pressure to disavow this money. While it is difficult for consumers who object to pornography to have a direct impact on those who produce it � they are already boycotting the �product� � they are now realising they can influence banks that enable its finance.

�If companies have been identified as having links with the pornography industry, then people should act by taking their business elsewhere,� says Joanna McMinn, director of the National Women�s Council.

This threat will be taken more seriously by Irish financial institutions after a campaign by the women�s group shamed Bank of Ireland two weeks ago into promising to get out of a deal with a UK pornography magazine firm.

The bank had offered a �7m loan to Remnant Media to purchase 45 top-shelf titles, such as Asian Babes, from Richard Desmond, joint owner of the Irish Star with Independent News & Media, and owner of Express Newspapers in Britian. The women�s council urged members to close their Bank of Ireland accounts in protest. Surprisingly, it worked.

�It was customer comment that swayed our decision,� admitted a bank official. �We didn�t lose any business but we did move quickly in response to the threat.�

The women�s council is understandably chuffed. Now it has identified this new target � the link between credit-card companies and pornographic websites. �Women have moved into the labour market and a lot more of them have credit cards. They should use them to have an influence. It is easy to change credit card,� says McMinn.

But can it score a second success, and do Irish banks even have a case to answer?

THE business of EuroConex, a company based in Arklow, Co Wicklow, is to check out businesses that want to receive payments by Visa, Mastercard, American Express, Diner�s Club, Laser in Ireland and Switch in Britain. It considers new clients from a credit and an ethical point of view.

�Three types of businesses are prohibited,� says Willie Byrne, head of sales and marketing. �Adult entertainment, child pornography, and sexual-encounter firms such as escort agencies. We will not sign up any of these people.�

Of course, websites that plan to sell pornography do not show up at the bank with names like MegaBoobs.com. Some present themselves as sellers of lingerie or even more innocuous products.

�As part of our signing-up process, we do a full review of the website addresses to make sure it is a legitimate e-commerce business, and we also look at associated sites and links,� says Byrne.

In the Irish market, this is a relatively straightforward procedure and involves tens of applications per week rather than hundreds. EuroConex has a staff of about 15 involved in processing applications from merchants, and checking out websites is just a part of their duties.

�Occasionally something slips through the net,� says Byrne. �Big business is involved in these pornographic sites and they tend to be resourceful. It�s a bit like fraudsters. Even the most scrupulous acquirers will be compromised from time to time.

�This hasn�t happened to EuroConex, but if we did find a site with adult pornography we would disable it on our system. If we found something illegal, we would report it to gardai.�

The Irish Payment Services Organisation, which represents banks who issue credit cards in Ireland, says none of them knowingly process transactions for any porn sites. AIB�s credit-card centre, for example, says it has an unambiguous policy in relation to applications from merchants involved in trading in pornography: �We do not accept business from such companies.�

Visa says it employs a company, Intercap, to scan the web looking for child porn websites that use the Visa sign. Any they find are reported to police.

There is a key distinction to be drawn here. Every right-thinking person would approve of credit-card firms doing all they can to eradicate child porn. But adult porn is a much more difficult ethical issue simply because, as Visa notes, it is legal.

�We have 21,000 member banks from very different parts of the world and there are some very different views on that sort of thing (adult porn),� says a Visa spokesman. �If something is legal, that�s as far as we can go.

�Visa is owned by banks � those are our customers. The card-holders are customers of the banks, so if people want to put pressure on the banks, that�s fine.�

One thing the banks say they will not do is to snoop in customers� accounts to check who is making payments to MegaBoobs and the like.

�We are not doing Big Brother,� said a Bank of Ireland official. �There are so many millions of transactions anyway.�

Most websites that use credit-card facilities erase the details of each transaction once it�s completed anyway, points out Evan Ryder, a computer services technologist with University College Galway. The Data Protection Act in Ireland stipulates that such details cannot be retained by credit-card companies.

�I don�t think companies like Visa will do much more, because the only extra action they could take if a card-holder attempted to purchase pornography online would be to report the card number or refuse to complete the transaction,� says Ryder. �Both approaches are probably illegal in some countries and would involve expensive changes to the credit-card company�s or bank�s systems. It would also require a database of blacklisted businesses to be maintained continuously.�

But this is the extra mile Taylor feels credit-card companies should travel. �I don�t know how to solve it technically, but they have a responsibility to solve it,� he insists.

Credit-card providers have no difficulty telling their customers they have exceeded their credit limit, no matter what part of the world they may be in, argues Taylor, so why can�t they stop porn sites using plastic to sell smut? �Commercial companies that make money out of pornography have a responsibility to society, and I don�t think it�s enough for them to say, �We�re doing all we can�. I want them to look at re-designing their systems so that they can clearly identify website owners that carry porn, and stop money going to them.�

Some in the banking industry privately admit they sympathise with this argument. �There are credit-card companies that take a very commercial view and say to themselves, �These porn sites will find an acquirer somewhere, so it may as well be us�,� said one industry source.

�In Britain, there are mainstream adult websites with top-shelf magazine stuff. Companies like Barclays and Royal Bank of Scotland are acquirers for these sites.�

The very least such companies could do, says Taylor, is make a donation to charity equivalent to the profits they make from the sale of sex images. �If they agree that porn is reprehensible, how about giving Women�s Aid $2m a year?� he wonders.

Without a credit line, a lot of internet porn would be out of business. Those operating child-porn sites are not, Taylor believes, sexually interested in children. They are usually criminals and in it for the money. �If you shut down the money, you shut down the sites,� he says. �They would go and do something else.�

He doubts that any Irish financial institution is knowingly involved in anything inappropriate, but feels that the Bank of Ireland case could be a watershed of sorts.

�What was important was that people expressed their view and the bank listened,� he says. �Big organisations only think about these things when it hits their pockets.

�There was a sadder side to that case too, though. It showed that there is a very well-organised women�s voice; but there�s no organised children�s voice.�

ACTUALLY, Copine is that voice. The team of six, based at University College Cork and led by Taylor, is the only child porn research group in the world. Its budget, of almost �200,000 a year, comes mostly from the European Union. Success for Copine is when, like last week, a paedophile they detect posting children�s images on the net in America is arrested.

Cutting the credit lines won�t solve the problem itself. Paedophiles get around the payment system by swapping images online, usually by posting pictures anonymously to newsgroups, of which there are about 50,000. But if credit-card companies need inspiration, they could draw it from internet search engines that do not address paedophile queries any more. Although, as Taylor admits wearily, there are ways around that too. �The internet is an anarchic place,� he says. And a lucrative one.

March 27, 2004 at 11:29 PM in Financial Services, Online crime | Permalink | TrackBack (27) | Top of page | Blog Home

March 22, 2004

U.S. Shuts Down Internet 'Phishing' Scam

Yahoo! News - U.S. Shuts Down Internet 'Phishing' Scam

Mon Mar 22, 2:10 PM ETAdd Technology - Reuters Internet Report to My Yahoo!

By Andy Sullivan
WASHINGTON (Reuters) - The U.S. government said on Monday it had arrested a Texas man who crafted fake e-mail messages to trick hundreds of Internet users into providing credit card numbers and other sensitive information.

Zachary Hill of Houston pleaded guilty to charges related to a "phishing" operation, in which he sent false emails purportedly from online businesses to collect sensitive personal information from consumers, the Federal Trade Commission said.

According to the FTC, Hill sent out official-looking e-mail notices warning America Online and Paypal users to update their accounts to avoid cancellation.

Those who clicked on a link in the message were directed to a Web site Hill set up that asked for Social Security (news - web sites) numbers, mothers' maiden names, bank account numbers and other sensitive information, the FTC said.

Phishing has emerged as a favorite tool of identity thieves over the past several years and experts say it is a serious threat to consumers.

Hill used the information he collected to set up credit-card accounts and change information on existing accounts, the FTC said. He duped 400 users out of at least $75,000 before his operation was shut down on Dec. 4, FTC attorneys said.

Hill will be sentenced on May 17, according to court documents.

A lawyer for Hill was not immediately available for comment.

Scam artists have posed as banks, online businesses and even the U.S. government to gather personal information, setting up Web pages that closely mirror official sites.

FTC officials said consumers should never respond to an e-mail asking for sensitive information by clicking on a link in the message. "If you think the company needs your financial information, it's best to contact them directly," FTC attorney Lisa Hone said.

Those who believe they may be victims of identity theft should visit (http://www.consumer.gov/idtheft), she said.

America Online is a division of Time Warner Inc . Paypal is owned by eBay Inc. .

March 22, 2004 at 06:13 PM in Online crime | Permalink | TrackBack (15) | Top of page | Blog Home

March 20, 2004

Spoofed Fleet Bank email which leads you to a duplicate of the Fleet Bank Online home page which captures your account log in data...

Fleet HomeLink Online Banking and Investing Email

This spoof Fleet Bank email (see image below) leads the ususpecting recipient to a near precise copy of the Fleet HomeLink Online Banking home page, but which is hosted in someone else's web space (see image below).

The bogus page does not employ any tactics to conceal its URL - http://netbsd.torun.org.pl/~ice/cgi-bin/webscr/fleethomelink/data/ - which resolves to Polish web space.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

March 20, 2004 at 10:34 PM in Online crime | Permalink | TrackBack (44) | Top of page | Blog Home

March 17, 2004

Experts Fear 'PhatBot' Trojan Could Lead to New Wave of Spam or Denial-of-Service Attacks

Hackers Embrace P2P Concept (TechNews.com)

Hackers Embrace P2P Concept

By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, March 17, 2004; 6:23 AM
Computer security experts in the private sector and U.S. government are monitoring the emergence of a new, highly sophisticated hacker tool that uses the same peer-to-peer (P2P) networking abilities that power controversial file-sharing networks like Kazaa and BearShare.

By some estimates, hundreds of thousands of computers running Microsoft's Windows operating system have already been infected worldwide. The tool, a program that security researchers have dubbed "Phatbot," allows its authors to gain control over computers and link them into P2P networks that can be used to send large amounts of spam e-mail messages or to flood Web sites with data in an attempt to knock them offline.

The new hacker threat caught the attention of cyber-security officials at the U.S. Department of Homeland Security, prompting the agency to send an alert last week to a select group of computer security experts. In the alert, the agency warned that Phatbot snoops for passwords on infected computers and tries to disable firewall and antivirus software.

A copy of the DHS alert was made available to washingtonpost.com by two sources at different companies who asked that their identities not be used because they did not want to risk losing access to future government alerts. Officials at the department and US-CERT -- a government-funded cyber-security monitoring agency -- confirmed that the message was genuine.

Phatbot is "a virtual Swiss Army knife of attack software," said Vincent Weafer, senior director of security response at Cupertino, Calif.-based Symantec Corp.

Joe Stewart, a researcher at the Chicago-based security firm Lurhq, has catalogued Phatbot's many capabilities in an online posting. Those capabilities include: the "ability to polymorph on install in an attempt to evade antivirus signatures as it spreads from system to system"; "steal AOL account logins and passwords"; "harvest emails from the web for spam purposes" and "sniff [Internet] network traffic for Paypal cookies."

Phatbot is a kind of "Trojan horse," a type of program named after the legendary stealth attack because it let hackers take quiet control of unsecured computers. Security firms have catalogued hundreds if not thousands of Trojan horse programs in recent years, but Phatbot has raised substantial concern because it represents a leap-forward in its sophistication and is proving much harder for law enforcement authorities and antivirus companies to eliminate.

Like traditional Trojan horse programs, Phatbot infects a computer through one of several routes, such as through security flaws in Microsoft's Windows operating system or through "backdoors" installed on machines by the recent "Mydoom" and "Bagle" Internet worms.

But because Phatbot links infected computers into a larger network, hackers can issue orders to the infected machines through many routes, and cyber-security officials can only effectively shut down a Phatbot attack if they track down every infected computer.

"The concern here is that the peer-to-peer like characteristics of these 'bot networks may make them more resilient and more difficult to shut down," said a cyber-security official at the Department of Homeland Security who asked not be identified because the agency is still considering whether to issue a more public alert about Phatbot.

"With these P2P Trojan networks, even if you take down half of the affected machines, the rest of the network continues to work just fine," said Mikko Hypponen, director of F-Secure, an antivirus software company based in Finland.

Most major antivirus products detect Phatbot, but as soon as the Trojan infects computers it disables many antivirus and firewall software tools.

Roger Lawson, director of computing and information technology at the University of Vermont in Burlington, said he quarantined more than 200 computers -- more than 5 percent of the machines on the school's network -- because of Phatbot infestations. None of the school's antivirus programs detected the Trojan, and attempts to delete it caused Phatbot to recreate and restart itself, he said.

Phatbot's ability to disable computer security software means that the estimated number of infected computers could rise to as high as "several hundred thousand," said F-Secure's Hypponen.

A few computer experts said the rate of infection is much higher.

Igor Ybema, a network administrator at the University of Twente in Enschede in The Netherlands, put the number between 1 million and 2 million computers. His conclusion was based on a Phatbot command that forces infected computers to test their Internet connection speed by sending a file to one of 22 specifically selected Web servers around the world -- one of them at Twente.

He said Twente began monitoring traffic from computers running the tests in mid-February, about the time that rival hacker gangs began an online turf war that resulted in a volley of new worms like Bagle and "Netsky." By early last week, Ybema said he was tracking an average of 200,000 to 300,000 Internet addresses running the speed test every day. Ybema believes such traffic indicates that attackers who have previously relied on less advanced remote-access Trojans are now using Phatbot.

The majority of the infections appeared to come from home user broadband connections and from colleges and universities in the United States and the Asia-Pacific region, he said.

Earlier this month, computer network engineers at University of California, Santa Cruz monitored the same type of speed testing traffic as Twente's Ybema observed. Mark Boolootian, the network engineer who discovered the activity, said one reason infected computers may be conducting the speed tests is to give Phatbot authors an idea of which infected computers would be the fastest in sending out large amounts of spam or data aimed at overwhelming a major Web site.

Security experts are divided on whether a full-force phatbot attack will result in ruin or simply a ruinous headache.

"If there are indeed hundreds of thousands of computers infected with Phatbot, U.S. e-commerce is in serious threat of being massively attacked by whoever owns these networks," said Russ Cooper, a chief scientist at Herndon, Va.-based TruSecure Corp.

There are several incidents in the past several years that show how hackers used multiple ensnared computers to cause damage. In February 2000, a Canadian juvenile commandeered high-speed computers at University of California, Santa Barbara to knock Amazon, eBay, CNN.com, and a host of other Web sites off-line for hours. In October 2002, hackers used an army of commandeered computers to assault the 13 root servers that serve as the roadmap for Internet traffic.

But Lurhq's Stewart said his analysis of Phatbot indicates that the Trojan is designed to link computers into groups no larger than 50 computers, which would significantly limit the Trojan's effectiveness as a denial-of-service tool.

As a result, he said, Phatbot infected-PCs will more likely be used as highly effective spamming machines.

washingtonpost.com Staff Writer David McGuire contributed to this article.

March 17, 2004 at 09:11 AM in Online crime | Permalink | TrackBack (20) | Top of page | Blog Home

Net Crime Gangs Try to Cash in on UK Horse Festival

Yahoo! News - Net Crime Gangs Try to Cash in on UK Horse Festival

Tue Mar 16, 3:27 PM

By Paul Majendie and Bernhard Warner
CHELTENHAM, England (Reuters) - Britain's William Hill (WMH.L) is the latest victim of a cyber extortion wave targeting gambling Web sites, this time hitting the bookmaker on the eve of this week's Cheltenham horse race festival.

Britain's second-biggest betting chain was hit by a barrage of data which disrupted its gambling Web site on March 11.

"We were targeted, but were able to take the appropriate action to minimize the nature of the disruption," Graham Sharpe, a William Hill spokesman said on Tuesday.

Police and computer security experts say organized crime is behind the growing crime wave, which typically intensifies in the days leading up to the biggest sports events of the year.

The culprits targeted a variety of sites before American football's Super Bowl in January, each time demanding money or threatening to take out the sites with a crippling data barrage.

And gambling sites have been on red alert with Tuesday's start of the three-day Cheltenham horse festival, kicking off one of Britain's biggest betting weeks of the year.

Police call it the age-old protection racket with a cyber twist. And, the crime wave is getting worse, authorities said.

"The level of intensity is higher than any we've seen before. They are increasing the force and frequency and sophistication in these attacks," said Richard Starnes, director of incident response for Cable & Wireless (CW.L), one of the largest Internet service providers (ISPs) in Britain.

Many ISPs are working with victimized sites and law enforcement to track down the culprits as larger and larger sites have been taken out for longer periods, experts said.

Both police and security experts believe gangs in Eastern Europe and Russia could be behind some of the attacks.

DEMAND FOR CASH

William Hill's Sharpe added that after last week's attack the company received an email the following day demanding $10,000 to avoid a repeat.

"We had and continue to have no intention of dealing with demands made by blackmailers," he said.

He added the extortion demand made no mention of the Cheltenham festival as a reason for the attack. He added, to his knowledge, it was the first time the site was hit.

The race festival attracts big-hitting gamblers who fearlessly take on the bookmakers with bundles of cash. On the course alone, two million pounds are bet on every race.

On the Net, betting fever is just as high. Online betting has been an important new growth area for high street gambling firms such as William Hill and Ladbrokes (HG.L), plus a wave of new dot-coms that have emerged to pounce on the market.

Betfair.com, one of the world's largest online gambling operations, takes in more than 50 million pounds per week in betting volume. "This is probably our biggest week," spokesman Hugh Taggart said of the meeting, which starts on Tuesday.

A sustained outage could cripple a young betting site's business operation for the year, and deflate a multi-billion-pound business sector still trying to establish the public's trust.

"We are aware of the threat to the online industry," said Betfair spokesman Taggart. "At such a critical moment, we are taking every precaution to ensure the security of the site and the security of customers' funds."

The crime wave, which dates back at least three years, has yet to yield any arrests.

However, police see a ray of hope. Cyber extortion attempts, once the industry's dirty little secret, are now being reported to the police with greater frequency and thus increase the odds of arrests.

March 17, 2004 at 08:29 AM in Online crime | Permalink | TrackBack (68) | Top of page | Blog Home

March 13, 2004

Easier Internet Wiretaps Sought

Yahoo! News - Easier Internet Wiretaps Sought

Sat Mar 13,12:00 AM ETAdd Technology - washingtonpost.com to My Yahoo!

By Dan Eggen and Jonathan Krim, Washington Post Staff Writers
The Justice Department (news - web sites) wants to significantly expand the government's ability to monitor online traffic, proposing that providers of high-speed Internet service should be forced to grant easier access for FBI (news - web sites) wiretaps and other electronic surveillance, according to documents and government officials.

A petition filed this week with the Federal Communications Commission (news - web sites) also suggests that consumers should be required to foot the bill.

Law enforcement agencies have been increasingly concerned that fast-growing telephone service over the Internet could be a way for terrorists and criminals to evade surveillance. But the petition also moves beyond Internet telephony, leading several technology experts and privacy advocates yesterday to warn that many types of online communication, including instant messages and visits to Web sites, could be covered.

The proposal by the Justice Department, the FBI and the Drug Enforcement Administration could require extensive retooling of existing broadband networks and could impose significant costs, the experts said. Privacy advocates also argue that there are not enough safeguards to prevent the government from intercepting data from innocent users.

Justice Department lawyers argue in a 75-page FCC (news - web sites) petition that Internet broadband and online telephone providers should be treated the same as traditional telephone companies, which are required by law to provide access for wiretaps and other monitoring of voice communications. The law enforcement agencies complain that many providers do not comply with existing wiretap rules and that rapidly changing technology is limiting the government's ability to track terrorists and other threats.

They are asking the FCC to curtail its usual review process to rapidly implement the proposed changes. The FBI views the petition as narrowly crafted and aimed only at making sure that terrorist and criminal suspects are not able to evade monitoring because of the type of telephone communications they use, according to a federal law enforcement official who spoke on the condition of anonymity.

"Lawfully-authorized electronic surveillance is an invaluable and necessary tool for federal, state and local law enforcement in their fight against criminals, terrorists, and spies," the petition said, adding that "the importance and the urgency of this task cannot be overstated" because "electronic surveillance is being compromised today."

But privacy and technology experts said the proposal is overly broad and raises serious privacy and business concerns. James X. Dempsey, executive director of the Center for Democracy & Technology, a public interest group, said the FBI is attempting to dictate how the Internet should be engineered to permit whatever level of surveillance law enforcement deems necessary.

"The breadth of what they are asking for is a little breathtaking," Dempsey said. "The question is, how deeply should the government be able to control the design of the Internet? . . . If you want to bring the economy to a halt, put the FBI in charge of deploying new Internet and communications services."

Jeffrey Citron, chief executive of Internet phone provider Vonage Inc., said the FBI is overreaching. He said that he and other providers cooperate fully with law enforcement, and that if the FBI has ongoing concerns, it should strive to change the law governing wiretaps.

The FCC is in the midst of a wide-ranging review of how to regulate the fledgling Internet telephone industry. Chairman Michael K. Powell, responding to complaints from the FBI and other law enforcement agencies, said last month that the FCC will also pursue a separate review of wiretapping rules.

The Communications Assistance for Law Enforcement Act (CALEA), enacted in 1994, required telecommunications companies to rewire their networks so police could have access for wiretaps and other surveillance measures. But law enforcement officials and privacy advocates have argued fiercely in recent years about whether, and to what extent, the law should apply to such newer-generation technologies as Internet telephone and broadband services.

The Justice proposal asserts that "CALEA was intended to protect the capacity of law enforcement to carry out authorized surveillance in the face of technological change, and CALEA contains no exemption for telephony services provided through broadband access."

Stewart Baker, a Washington lawyer and former general counsel at the National Security Agency, said the petition ignores the intent and letter of the CALEA law, which specifically exempts "persons or entities insofar as they are engaged in providing information services." The Justice Department and FBI argue that Congress nine years ago had in mind simple data-storage services, and did not envision the kind of Internet-based communications technologies available today.

The problem the FBI faces is that it cannot identify and break down information that travels as packets of data over the Internet. Phone calls placed over the Internet are changed from voice signals into data packets that look much like other data packets that contain e-mail or instructions for browsing the Internet.

CALEA does not require telecommunications providers to break down and identify which is which, or to decode data that might be encrypted. The FBI wants Internet providers to be forced to do so, experts said.

Justice and FBI lawyers also asked the FCC to "permit carriers to have the option to recover some or all of their CALEA implementation costs from their customers." The petition argues that the actual costs to individual customers would be minimal, although no estimates are provided.

Internet service providers yesterday reacted with caution. Many said they had not yet studied the FBI petition, and want to be viewed as cooperating with law enforcement whenever possible.

David Baker, vice president for public policy at Internet provider EarthLink Inc. in Atlanta, said the FBI appears to be going beyond concerns over voice communications technology on the Internet and is instead "seeking to apply CALEA to all information services."

March 13, 2004 at 09:39 AM in Online crime | Permalink | TrackBack (25) | Top of page | Blog Home

February 21, 2004

Online Fraud Losses Hit $437M

By Ryan Naraine | January 23, 2004

Online scammers robbed Americans of more than $437 million in 2003, mostly using stolen identities, fake Internet auctions and fraudulent shop-at-home schemes, the Federal Trade Commission (FTC) reported.
In its year-end Consumer Fraud and ID Theft Report, the FTC said it received more than half a million consumer complaints during 2003, a 40 percent jump over complaints in 2002. More than 40 percent of all complaints related to identity theft perpetuated through "phishing" [define] and other Web-related scams.

Even with those startling statistics, the FTC conceded the actual number of victims and losses may be must higher because the data only relates to formal complaints received from consumers. In fact, according to the FTC report, more than 60 percent of those who filed FTC complaints did not make a report to the police.

The most common identity theft complaints related to credit card fraud. Other reports in 2003 included phone or utility fraud, bank fraud, employment-related fraud, government document or benefit fraud and loan fraud.

Excluding identity theft reports, swindlers running Internet auctions accounted for 15 percent of consumer losses in 2003 while shop-at-home schemes and catalog sales accounted for 9 percent.

The median loss was reported at $228 and, surprisingly, the Web-savvy 18-39 age group was tops among victims, accounting for a whopping 54 percent of all losses in 2003.

Internet-Related Fraud Complaints by Consumer Age, 2003
19 and under	4%
20-29	23%
30-39	27%
40-49	25%
50-59	16%
60-69	5%
70 and over	1%
Note: Percentages are based on the total number of Internet-related fraud complaints for the year whereconsumers reported their age (115,433)
Source: FTC

The report said victims of Internet fraud (excluding ID theft) reported losses of almost $200 million, with the median loss in the range of $195. Internet related fraud accounted for 55 percent of all fraud reports, up from 45 percent in 2002.

Top Products/Services for Internet-Related Fraud Complaints, 2003
Internet auctions	48%
Shop-at-home/Catalog sales	20%
Internet access services	8%
Internet info and adult services	6%
Foreign money offers	4%
Computer equipment/software	2%
Business opportunities	2%
Note: Percentages are based on the total number of Internet-related complaints for the year (166,617)
Source: FTC

Making it clear that higher reporting of fraud does not necessarily indicate a higher overall incidence, the FTC said consumers in Washington, D.C., Seattle, WA., and San Diego, Calif. reported the highest per capital rates of fraud reports.

The major metropolitan areas with the highest per capita rates of ID theft included Phoenix/Mesa, Arizona; Los Angeles/Long Beach, Calif.; and Riverside/San Bernardino, Calif.

February 21, 2004 at 11:22 PM in Online crime | Permalink | TrackBack (14) | Top of page | Blog Home

February 04, 2004

Preparing for Cyberterrorists

Preparing for Cyberterrorists | csmonitor.com

The early Internet days were much like early humans living in caves: no doors, no locks, and a frolicking sense of freedom that came with a variety of vulnerabilities to predators.

This week saw yet another reason to build more cyberwalls and digital checkpoints into a system that's become a critical information pipeline for both commerce and national security.

A clever hacker designed a computer virus dubbed "MyDoom" to shut down one company's website on Sunday and is expected to hit Microsoft Tuesday - yes, even mighty Microsoft, which offered a $250,000 reward to anyone exposing the prankster.

This virus is more dart than dynamite, and it seems aimed only at companies vying against the open operating system Linux. It also relies on the gullibility of e-mail users to open attachments from strangers. Nonetheless, it's a reminder of the need to move faster to protect the Internet from cyberterrorists who could try to do catastrophic damage to the nation's core functions, such as electric grids or stock markets.

Many companies are investing in "intrusion detection" software, firewalls, backup systems, power units, and other security measures. In fact, the growing cybersecurity industry has become a big job generator.

The federal government's primary role in this rush to secure the Internet is to lead but not to dictate. Last week, for instance, the Department of Homeland Security announced that anyone can sign up with its cybersecurity division and be sent an e-mail alert when a computer threat is detected. Like weather alerts, this new system provides a neutral source of information. But also like weather alerts, they could be late or even wrong.

Cybersecurity needs a public-private partnership to block the Internet's holes. That requires a delicate dance between the public's need for security and each company's calculation on the level of risk and financial viability of investments in cybersecurity.

Are companies doing enough, and is government aggressive enough in pushing cybersecurity? The answer is probably no on both, but until there's an actual cyberattack, it's difficult to know for sure. In December, private industry was warned by federal officials it must do more in cybersecurity or face regulations. "We know the enemies of freedom use the same technology that hackers do, that we do," said Homeland secretary Tom Ridge. "And we know that they are looking to strike in any manner that will cripple our society."

Some regulations, such as requiring companies to conduct regular security audits and disclose problems, seem reasonable. But mandating technological fixes would be risky in the fast-moving cybersecurity industry.

The trick is to find a balance between demands for security in the marketplace and demands for national security that works for both.

February 4, 2004 at 12:56 AM in Online crime | Permalink | TrackBack (11) | Top of page | Blog Home

January 29, 2004

Net Crime Hits Gambling Sites on Super Bowl Eve

Yahoo! News - Net Crime Hits Gambling Sites on Super Bowl Eve

By Bernhard Warner, European Internet Correspondent
LONDON (Reuters) - Organized crime gangs are shaking down Internet betting sites on the eve of American football's Super Bowl, threatening to unleash a crippling data attack unless they pay a "protection" fee, police and site operators said.

Britain's National Hi-Tech Crime Unit (NHTCU) told Reuters it is investigating a series of attacks and threats of attacks on companies in the United Kingdom.

But security experts say sites based in the Caribbean and continental Europe have also been targeted.

"These are not groups of amateur hackers -- great deals of money are changing hands," said an NHCTU spokesman. "These are for-profit crimes and all intelligence suggests that organized crime is involved."

One such target is Curacao-based VIP Management Services, which runs seven gambling sites including www.VIPSports.com and www.Betgameday.com.

"We were first targeted in September and have been under intermittent attack ever since," said Alistair Assheton, managing director of the privately held six-year-old firm.

E-XTORTION ARTISTS

The so-called denial-of-service attacks, which can disable a corporate data network with a barrage of bogus data requests, are a standard tool for hackers aiming to knock out a site.

Lately, police say, crime gangs have adapted it to extort businesses. Security experts and police said they believe the gangs are based in Eastern Europe and Russia, taking advantage of the region's weak cyber crime laws and its legions of savvy programmers.

Assheton said that on Monday he received the latest threat via e-mail. It was a demand for $30,000 to be wired via Western Union to the extortionist's account or risk being hit. "They essentially said 'pay up or you will go down for the Super Bowl,"' he said.

Police sources said this type of cyber "protection racket" has grown in recent months. The risk of being knocked offline by a digital attack on Super Bowl weekend, one of the busiest betting periods of the year, could doom a gambling site.

Jeffrey Weber, who writes an online news letter dedicated to the industry, called www.Alltopsportsbooks.com, estimated an outage of a few hours is costly. "That's $500,000 to $1 million dollars worth of action wiped out in one shot," he said.

PAY UP -- OR ELSE

Reuters obtained a copy of an e-mail extortion threat distributed earlier this month. It demanded sites pay $15,000 for six months' worth of protection.

"If you wait to make a deal with us when the attacks start, it will cost you $25,000 for six months protection and the lost revenues as your site will stay down until the $25,000 is received," the e-mail threat said.

Weber said a number of small sites have paid up, calculating it would be cheaper than going dark during a busy period. "It's almost like the criminal elements of the neighborhood bookmakers has merged with the world of online bookmakers," he said.

Noting the relatively small sums demanded -- to ensure the victim does not go out of business and can continue to pay up -- security and law enforcement sources said they believe this is the work of gangs with experience in such shakedown schemes.

"This is very professional," said one security expert.

The Net crime wave is not exactly new. Extortionists and crime groups have targeted businesses of all sizes since the early days of e-commerce.

Law enforcement has been hampered because until recently companies were reluctant to report the incidents for fear of hurting their business reputation. Police hope a recent spirit of cooperation will help their cause.

January 29, 2004 at 10:51 AM in Online crime | Permalink | Top of page | Blog Home

December 31, 2003

Are you sophisticated enough to recognize an Internet scam?

Mercury News | 12/19/2003 | Are you sophisticated enough to recognize an Internet scam?

Computer attacks have moved into the third wave, named by Bruce as "semantic" attacks. ie attacks against the user, whereas the first two waves were against computers and systems.

By Bruce Schneier
Posted on Fri, Dec. 19, 2003
MercuryNews.com

Recently I have been receiving e-mails from PayPal. At least, they look like they're from PayPal. They send me to a Web site that looks like it's from PayPal. And it asks for my password, just like PayPal. The problem is that it's not from PayPal, and if I do what the Web site says, some criminal is going to siphon money out of my bank account.

Welcome to the third wave of network attacks, what I have named ``semantic attacks.'' They are much more serious and harder to defend against because they attack the user and not the computers. And they're the future of fraud on the Internet.

The first wave of attacks against the Internet was physical: against the computers, wires and electronics. The Internet defended itself through distributed protocols, which reduced the dependency on any one computer, and through redundancy. These are largely problems with a known solution.

The second wave is syntactic: attacks against the operating logic of computers and networks. Modern worms propagate and can infect millions of computers worldwide within hours. Traditional computer security has focused on this second wave, which aims to exploit programming errors in software products. It would be a lie to say that security experts know how to protect computers absolutely against these kinds of attacks, but we're getting better. Better software quality, more pro-active patching capabilities and better network monitoring will give us some measure of security in the coming years.

But this new wave of semantic attacks targets the way people assign meaning to content.

Many worms arrive as e-mail attachments. A user receives an e-mail message from someone he knew. It has an enticing subject line and a plausible message body. Of course a recipient is going to click on the attachment. And that's exactly what causes the infection.

People tend to believe what they read. How often have you needed the answer to a question and searched for it on the Web? How often have you taken the time to corroborate the accuracy of that information, by examining the credentials of the site, finding alternate opinions or other means?

People have long been taking advantage of others' naivete. Many old scams have been adapted to e-mail and the Web. Unscrupulous stockbrokers use the Internet to fuel their ``pump and dump'' strategies. In 1999, a fake press release circulated on the Web caused the stock of the Emulex Corp. to temporarily drop 61 percent. More recently, we've seen newspaper archives on the Web changed and fake Web sites purporting to be something they're not.

Against computers, semantic attacks become even more serious, simply because the computer cannot demand all the corroborating data that people instinctively rely on. Despite what you see in movies, real-world software is incredibly primitive when it comes to what is known as simple common sense. Ever increasing numbers of sensors and data collection devices are on the Internet. What happens when hackers realize that these devices can be fed bad data?

People have long been the victims of bad statistics, urban legends and hoaxes. Any communications medium can be used to exploit credulity and stupidity, and people have been doing that for eons. The difference is the scale. A single forged e-mail, a single fake press release, can affect millions.

Current computer security technologies are largely irrelevant against semantic attacks. These attacks aim directly at the human-computer interface, the most insecure portion on the Internet. Defending against them will take more than technology -- it will take education, experience and skepticism. Too many Internet users don't have enough of those three qualities.

BRUCE SCHNEIER is the chief technical officer of Counterpane Internet Security Inc. in Mountain View. His new book, ``Beyond Fear: Thinking Sensibly About Security in an Uncertain World,'' was published this fall. He wrote this column for the Mercury News.

December 31, 2003 at 02:34 AM in Online crime, Security, Virus | Permalink | Top of page | Blog Home

December 05, 2003

Yahoo! News - HSBC Reports Fake Web Site in Hong Kong

Spoof sites are not going to go away. There is a fundamental issue here which has the potential to re-shape the web.

HSBC Reports Fake Web Site in Hong Kong
Fri Dec 5, 4:39 PM ET

HONG KONG (Reuters) - A Web site made to look like the Hong Kong home page of global banking giant HSBC Holdings Plc asked customers to type in their User ID and password, the bank said on Friday.

The site, which was no longer accessible on Friday evening, is the latest in a string of bank-related scams to hit Hong Kong in recent months.

"The fraudulent Web site attempts to replicate the personal financial services pages of HSBC's Hong Kong Web site," HSBC said in a statement.

The portal's address, www.hkhsbc.com, was similar to that of HSBC's Hong Kong Web site, www.hsbc.com.hk.

Sporting "HSBC" and the bank's logo at the top, the site included a hyperlink to a logon page asking customers to type in their online banking User ID and password.

An HSBC spokeswoman told Reuters the bank had received no reports from customers of losses because of the site.

The Hong Kong Monetary Authority, the territory's de facto central bank, and Hong Kong police were looking into the case.

"As the Web site is hosted overseas, the HSBC and the HKMA are liaising with the relevant overseas authorities to take appropriate action," an authority spokesman said, declining to reveal the host of the site.

It was not clear whether authorities had blocked the Web site or its owner had withdrawn it.

Bank frauds in the city in recent months have included fake Web sites and cash dispenser cards.

December 5, 2003 at 10:37 PM in Online crime | Permalink | TrackBack (30) | Top of page | Blog Home

December 03, 2003

Nigeria recovers 'fraudster' cash

It seems I was too quick to assume Nigeria would do nothing. But its sounds like they are still only paying lip service to the huge amount of crime which comes out of that country.

Nigeria has recovered some $200m from conmen in the past eight months, its anti-corruption commission says.
Nigeria is rated the world's second most corrupt country and has become notorious for its fraudsters.

They send out letters and e-mails offering to deposit millions of dollars in bank accounts but instead they use the bank details to make withdrawals.

President Olusegun Obasanjo last week set up a special panel to fight economic crimes on the internet.

The Economic and Financial Crimes Commission (EFCC) was set up earlier this year specifically to tackle the advance fee fraud, known in Nigeria as the "419 scam".

Its chairman Nuhu Ribadu also said that 200 suspects had been arrested and 40 cases were in court.

He also said that the commission had reduced the scale of oil smuggling in the past two months.

"We are going after them and we will smoke them out to face the full wrath of the law," he said.

Nigeria is one of the world's major oil producers but the price of petrol is much lower than in neighbouring countries, so there is a huge black market in oil.

December 3, 2003 at 01:57 PM in Online crime | Permalink | TrackBack (21) | Top of page | Blog Home

November 26, 2003

Nigeria to tackle internet fraud

BBC NEWS | Africa | Nigeria to tackle internet fraud

Don't hold your breathe for Nigeria to fix this problem, which I am sure we have all seen, in emails written pleading for help to free millions of dollars/ pounds from some poor defenseless/ widowed/ whatever Nigerian, pretending to write proper english in a style which went out with Dickens.

Turns out this is the 3rd/5th largest exchange earner for Nigerian Governement. Who says crime doesnt pay!!

November 26, 2003
BBC NEWS | Africa | Nigeria to tackle internet fraud
Nigeria is to launch an inquiry into internet fraud and will examine the existing laws covering the problem.
The "419" swindle - named after the penal code that outlaws it - will be targeted in particular.

In the scam, people overseas are promised a share of non-existent riches in return for details of their bank account - which is then emptied.

"The government will step up measures against these criminal activities," President Olusegun Obasanjo said.

Currency earner

He said the inquiry will also consider establishing a new agency to deal with the crime.

The 419 scam has been so successful in the past 20 years that experts say it is now the third to fifth largest foreign exchange earner in Nigeria.

But BBC world affairs correspondent Mark Doyle says the government is keen to stamp out the fraud as it is giving Nigeria a bad name.

The country's anti-fraud squad has arrested more than 200 people, including a federal lawmaker, since May for alleged involvement in computer fraud.

The alleged perpetrators of the biggest ever 419 swindle, a $180m fraud that brought down a Brazilian bank, are among those facing prosecution.

"I am convinced that your recommendations would assist government to design appropriate policies to block all the loopholes... and stamp out all forms of 419 from society," President Obasanjo said at the ceremony to launch the commission.

The committee, which is headed by President Obasanjo's security adviser, has two months to submit a report.

November 26, 2003 at 05:06 PM in Online crime | Permalink | Top of page | Blog Home

November 13, 2003

Zombie Machines Fueling New Cyber-Crime Wave

Yahoo! News - Zombie Machines Fueling New Cyber-Crime Wave

The proliferation of home networks with hi speed connections, provides a rich source of computing capability for DDoS (Distributed Denial of Service) attacks. These "nuisance" attacks are now quite prevalent, with WorldPay (royal Bnak of Scotland) the latest big one after they were knocked out for three days.

My observation of home networks is that 60 - 70% +/- have encryption disabled. The network equipment providers do a terrible job with identical default SSID's & passwords, and encryption turned off as the default. Then they make it horrendously difficult to understand how to administer the router and make changes.

Yahoo! News - Zombie Machines Fueling New Cyber-Crime Wave

Wed Nov 12, 9:39 AM ET
By Bernhard Warner

LONDON (Reuters) - The rapid growth of broadband home computer connections may be inadvertently fueling what police suspect could be the start of a new crime wave -- cyber-blackmail.

As more homes connect to faster delivery systems, their computers are becoming vulnerable to hackers and virus writers who can turn them into "zombie" machines, ready to carry out any malevolent command.

Favorite targets for the extortionists -- many thought to come from Eastern Europe -- have been casinos and retailers, but one recent high-profile victim was the Port of Houston.

"At the end of the day, this is old-fashioned protection racket, just using high-tech," said a spokeswoman for Britain's Hi-Tech Crime Unit.

On Wednesday, British cyber crime cops made a plea to companies to report attacks against their Internet businesses following a recent string of incidents with the blackmailing trademark.

Police have seen an increase in the number of distributed denial of service (DDoS) attacks targeting online businesses.

In some cases, the attacks, which can cripple a corporate network with a barrage of bogus data requests, are followed by a demand for money. An effective attack can knock a Web site offline for extended periods.

HITTING THE SLOTS

Online casinos appear to be a favorite target as they do brisk business and many are located in the Caribbean where investigators are poorly equipped to tackle such investigations.

In 2001, cyber forensics expert Neil Barrett told Reuters that his company, Information Risk Management, was working with Internet casinos to shore up their defenses against a spate of DDoS attacks.

At the time, he said the denial-of-service barrages were followed by demands to pay up or the attacks would continue. He said the attacks appear to have come from organized criminal groups in Eastern Europe and Russia.

Police said because of a lack of information from victimized companies, they are unsure whether these are isolated incidents or the start of a new crime wave.

Whatever the motive, DDoS attacks are on the rise, coinciding with the proliferation of broadband deployment in homes. Security experts believe the increasing number of unsecured home PCs may be a major culprit.

New Internet- and e-mail-borne computer infections are hitting home computers, turning them into zombie machines that can be controlled by outsiders without the owner's knowledge, security experts say.

Such infected machines can be told to send e-mail spam or even be used to initiate or participate in a denial of service attack against another computer.

"Home broadband computers are going to be the launching point for a majority of these," said Richard Starnes, director of incident response for British telecoms company Cable & Wireless and an adviser to Scotland Yard's Computer Crime Unit.

Last week, the online payment service WorldPay admitted to suffering a major DDoS attack that lasted three days. WorldPay, owned by the Royal Bank of Scotland, has been fully restored.

The NHTCU spokeswoman said the investigation into the WorldPay incident is ongoing.

November 13, 2003 at 09:47 PM in Online crime | Permalink | Top of page | Blog Home

Yahoo! News - Intelligence Experts Comb Web for Terror Clues

The web is a powerful tool. Its interesting that the bad guys often are the ones to harness that power early on. Web shopping first "success" was pornography. Now we have terrorists levering the power of collaberation, and asyncronous communication techniques, all behind a veil of security and secrecy.

Yahoo! News - Intelligence Experts Comb Web for Terror Clues

Wed Nov 12,10:11 AM ET Add Technology - Reuters Internet Report to My Yahoo!

By Bernhard Warner, European Internet Correspondent

LONDON (Reuters) - Cyber investigators are scouring the World Wide Web for clues on any future suicide bomb attacks, deploying satellites and other high-tech wizardry to hone in on suspicious Web surfing activity.

Intelligence officials had warned some kind of attack would occur in Saudi Arabia before Sunday's suicide bomb blast in Riyadh after finding evidence on anonymous postings on Arabic Web sites and other forms of Internet chatter. The strike killed at least 18 people and wounded 120 others.

"The Internet is a very useful open source for investigators. But as with any unattributable piece of information, tips must be corroborated and verified, and only then can they be added to the overall intelligence mix," a British cyber investigator told Reuters.

Intelligence experts say they have evidence extremist groups are using the Web and e-mail for a variety of purposes ranging from recruitment and fund-raising to spreading propaganda and scouting out potential targets.

Investigators probing the Saudi blast will be combing the Web for disguised, or encrypted, e-mails and statements on Internet discussion forums that drum up anti-Western sentiments, the intelligence experts said.

But they also said it is rare to find information which might point to a specific target.

There is also scant evidence subversive groups are using the Net to launch digital attacks on a country's critical national infrastructure, computer networks that control everything from police emergency response hotlines to power grids.

GROWING ROLE OF WEB

But all signs point to the ever growing role the Web is playing in spy games.

The Echelon satellite system used for eavesdropping on mobile phones has a Net cousin -- Internet monitoring software capable of siphoning up vast bits of Web traffic that, in theory, can trace suspect Web activity.

In the United States, the technology is referred to as the DCS-1000, or Carnivore. A host of Western countries are believed to be deploying similar technology, said Ira Winkler, former intelligence and computer system analyst with the U.S. government agency, the National Security Agency.

Meanwhile, intelligence watchers point out that intelligence agencies are deploying the classic spy tactic of setting up so-called "honey pots" with a high-tech twist -- in this case, setting up a bogus Web site to attract the very people they are trying to monitor.

And their targets are engaging in a similar spin war.

"If terrorists think they are being monitored, they could release chatter just to screw with people's minds. Creating fear and uncertainty is what they do," said Winkler, who is now chief security strategist for PC maker Hewlett-Packard .

Investigators and security experts are quick to point out that despite the influx of high-tech gadgets, the art of intelligence gathering has not changed, and is certainly no more precise.

"X almost never marks the spot in intelligence gathering," said Richard Starnes, director of incident response for British telecoms firm Cable & Wireless and an adviser to Scotland Yard's Computer Crime Unit.

"The only time you are going to get an X-marks-the-spot-scenario is if you have inside information, a person inside that is verified as being accurate in the past. That will always be highest level of intelligence. If you get it wrong, you can get people killed. If you get it right, you can save lives," he added.

November 13, 2003 at 09:38 PM in Online crime | Permalink | Top of page | Blog Home

November 11, 2003

Paying Bills Online Fights Fraud - maybe ...

Paying Bills Online Fights Fraud: Report

Nothing like a good offence to take on detractors. I kind of like this report, but having read this review, found its not that well thought through in parts.

The conclusions are that use of internet will reduce opportunities for fraud. Two ways are listed:

1) payment of bills online means less paper in the mail box, so less opportunity for identity theft. I dont buy this one - few billers have turned off the paper for those customers who pay bills online.

2) use of online banking, means customers check their accounts more frequently and with greater diligence, so fraud is noted and reported sooner, thus reducing the cost of the fraud. This one has some merit.

All in all, a catchy headline, but firmly in the "nice try" category.

Story

November 11, 2003 at 01:25 PM in Financial Services, Online crime | Permalink | Top of page | Blog Home

October 22, 2003

Airlines, Hotels Said Cheated by Fake Web Sites

Yahoo! News - Airlines, Hotels Said Cheated by Fake Web Sites

Not quite the same as web site spoofing, but similar, and all this makes for confusion amongst consumers, so from their perspective its not much different than spoofing. How do you know which site you are at?

Its a safe bet that this will hit banks in a the future as the bad guys get better at it.

Yahoo! News - Airlines, Hotels Said Cheated by Fake Web Sites: "Wed Oct 22,11:27 AM ET

By Robert Evans
GENEVA (Reuters) - The United Nations (news - web sites) trademark and copyright agency WIPO on Wednesday revealed the existence of a raft of fake Web addresses which divert customers of airlines, hotels and car hire firms to a site selling cheap travel deals. "

The revelation came in a report from the agency on a ruling from its Internet dispute settlement center that one of the phony sites -- airfranceairlines.com -- should be closed down for infringing the rights of French flag carrier Air France.

Air France, which operates the largest medium-haul network in Europe in terms of daily flights and uses airfrance.com as its main site, argued in its complaint to WIPO that its name was being used to produce business for rival airlines.

The report listed nine other sites including holidayinnhotels.org, hilton-hotel-reservation.com and marriot-hotels.com to us-airways.net, lufthansa-airlines.net and british-air-ways.com as operating in the same way.

The other three were twaairlines.org, qantas-airlines.com and al-italia.com.

All the sites, and others using names of car hire companies as well as airlines and hotels already ordered closed by WIPO, were registered by a Patrick Ory with residences in the Netherlands and Cancun, Mexico, according to the report.

Travelers surfing the Web for well-known brands and assuming the look-alike addresses are genuine find themselves linked to a site operated by Cheap Travel Network where they can compare prices over a range of offers.

The WIPO report said the Web engine at the phony Air France site -- as well as the others -- was powered by a company named QIXO.COM which offers webmasters the chance to earn commission from sales they bring.

DISCOUNT TRAVEL SPECIALIST

The Network's own site is also powered by QIXO, which itself runs a similar cheap travel site at qixo.com and describes itself as a worldwide specialist in discount airline travel, hotels, car rentals and vacation packages.

Over the past three years, WIPO has handled over 5,000 cases of so-called "cybersquatting" by firms or individuals who register sites with well-known names -- including football clubs and film stars -- with which they have no connection.

Many of these were set up with the aim of selling them at a profit to their more obvious owners, or to attract business to Internet shopping -- and sometimes to pornographic sites.

Nearly all of the sites involved have been closed after rulings by WIPO arbitrators, although Bimbo S.A., a Spanish confectionery maker, was told by the agency that it could not lay exclusive claim to the use of its name in Web addresses.

WIPO said that the owner of the phony sites could earn three to five U.S. dollars per ticket sold simply from creating traffic to Cheap Travel Network and QIXO.COM -- the default addresses to which any hit on them is redirected.

Ory failed to file any response to the complaint, or to earlier complaints in which he was involved over sites like holidayinnhotels.com and europe-car.com, said the arbitrator for WIPO, the World Intellectual Property Organization.

Therefore, the arbitrator ruled, "he registered the domain name at issue -- and many other infringing domain names -- with the clear intention of diverting Internet users to a Web Site that competes with (Air France's) services for...personal gain."

October 22, 2003 at 03:16 PM in Online crime | Permalink | Top of page | Blog Home

October 08, 2003

Virus Writers Probed for Terror Ties Cyber Cop

Yahoo! News - Virus Writers Probed for Terror Ties Cyber Cop

I've been hearing rumblings about this, and now its public. Terror ties seem possible between the latest virus/ trojans, and the terror organisations. There is quite a bit of information online now about the various criminal syndicates, and in particular for online, those from Eastern Europe are particularly prevalent.

If these ties are proven, the potential exists that the money being stolen through identity theft ( First Bank spoof in Canada) is finding its way to fund the Middle East terror organisations too.

October 8, 2003 at 08:44 AM in Online crime | Permalink | Top of page | Blog Home

October 04, 2003

How to be reassured about security online

Microsoft Security Bulletin MS03-040

I've been thinking about how to reassure customers who come to a secure web site, with simple language, yet effective instructions. This instrucution contained in a weekly MS critical flaw report provide some clues.

Problem is that the crooks will figure out to drive hapless consumers to seemingly innocent sites (non-bank/ non security required sites) to place their code and keyboard loggers, then when that consumer visits their bank site, the damage is already done.

Consumers will have to be wary all the time not just when they visit bank sites.

"To exploit these flaws, the attacker would have to create a specially formed HTML-based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit these vulnerabilities. The attacker would then have to persuade a user to visit that site."

October 4, 2003 at 10:21 AM in Online crime | Permalink | Top of page | Blog Home

October 03, 2003

Russian gang activity in financial fraud

Guardian Unlimited Shopping | News and views | Net accounts for only 3% of card fraud:

This from the Guardian. I decided to search for internet fraud perpetrated by Russian gangs, and looks like I will get lots of coverage.

"In February it was found that waiters in London, employed by Russian gangs, were stealing account information by 'skimming'. After the bill is paid the card is reswiped through a magnetic strip reader costing £50 and the details transferred to a magnetic strip on a fake card. "

October 3, 2003 at 11:26 PM in Online crime | Permalink | Top of page | Blog Home

October 02, 2003

LloydsTSB latest target for fraudulent e-mails

finextra.com: "25 September 2003 - LloydsTSB has posted a security notice on its Web site warning customers to beware of a new fraudulent e-mail scam.

The e-mails point customers in the direction of a fake Lloyds TSB site where they are encouraged to enter their Visa debit card details.
The latest scam follows a similar assault on Barclays Bank, which was forced to reduce payment transfer limits after some customers were duped into inputting their personal data at a bogus site.
LloydsTSB says it is aware of only one customer who divulged their details. The copycat site was shut down this morning following an all-night trawl by the bank and the National High Tech Crime Unit."

October 2, 2003 at 07:16 AM in Online crime | Permalink | Top of page | Blog Home

September 23, 2003

Study - Net Piracy Has Five More Years of Growth

Study - Net Piracy Has Five More Years of Growth
Yahoo! News - Study: Net Piracy Has Five More Years of Growth
By Bernhard Warner, European Internet Correspondent

LONDON (Reuters) - The ever-expanding market for pirated music will continue to haunt music executives for at least another five years, outstripping growth for the industry's own fledgling online businesses, a new study said on Monday.

The report by Informa Media said global Internet music sales, which includes sales of CDs from retail Web sites such as Amazon.com and song downloads from services such as Apple Computer Inc.'s iTunes, will reach $3.9 billion by 2008, up from $1.1 billion in 2002.

But the value of lost sales due to CD-burning and downloading free songs off so-called peer-to-peer networks such as Grokster and Kazaa will rise to $4.7 billion in the same period from $2.4 billion this year, the British research firm said.

"The reason we're so downbeat is we think the peer-to-peer problem is going to only get worse. In 2008, broadband will be prevalent around the world," said Simon Dyson, the report's author.

The roll-out of faster broadband connections has made it more convenient for Internet users to download free music off the Web. Millions of Internet users around the globe regularly log on to the peer-to-peer network to obtain all manners of copyright-protected materials from Eminem (news - web sites) songs to films.

The industry has responded with fee-based download services of its own, but consumer uptake has been slow.

This one-step-forward-two-steps-back scenario is hardly comforting for the major music labels which blame Net piracy for triggering a sharp decline in global music sales in the past three years.

Dyson said a host of Internet file-sharing services are now beginning to appear in languages such as Russian and Chinese, potentially dashing the industry's hopes of building a loyal customer base in these emerging markets.

"This is where the industry's growth is supposed to come from," Dyson said.

On a positive note, online sales will account for nearly 12 percent of the entire global music market by 2008, up from 4.5 percent this year. The larger share is due to the industry's recent push to make more products available for download.

It's a rare bit of promising news for an industry that's been ravaged by new technologies.

The music trade body, the International Federation of Phonographic Industry (IFPI), reported in July the sale of pirated compact discs -- a problem that has dogged the industry for the past decade -- has more than doubled in the past three years as costs of CD-burning devices plummet.

The IFPI represents scores of independent and major music labels including EMI, Sony Music, Warner Music, Universal Music, and Bertelsmann's BMG.

September 23, 2003 at 08:18 PM in Internet evolution, Online crime, Security | Permalink | TrackBack (235) | Top of page | Blog Home

September 16, 2003

Poor spelling gives fraud artist away

TheStar.com - Poor spelling gives fraud artist away

Once the bad guys figure out how to spell, this type of fraud will be quite a problem, and add to my conviction that email is dead as a marketing medium. Email serves as a useful means to communicate for business and sharing information, but in terms of trusted transactions involving financial affairs its credibility will be even less useful than junk mail.

Poor spelling gives fraud artist away
TheStar.com - Poor spelling gives fraud artist away

Visa cardholders beware: a semi-literate scam artist somewhere in cyberspace is trying to trick you into handing over your account number, expiry date and personal identification number.

That's enough data to allow a fraudster to get cash advances and make purchases on your card.

"Hopefully, the majority of people who get this will realize it's a scam,'' said privacy expert Paul Wing.

The request comes in an official-looking e-mail headed with the Visa logo and pictures of sunflowers but quickly becomes suspect — mainly because of poor spelling and the lack of a padlock icon indicating the message is being encrypted.

The e-mail began circulating last week and explains Visa has been having problems with its computer server, causing a major loss of data and requiring customers to click on a link to type in their account data.

Aside from the fact that companies like Visa have mirror systems to regularly back up data, the first clue to the scam comes with the salutation "Dear visa customer" (no capital V) and continues with the line "we want to apologies to our customers for this inconvenience."

That should be "apologize," not "apologies."

Visa said it was alerted to the problem on Saturday and hoped to have the offending Web site shut down by tonight with help from law enforcement agencies.

"Cardholders should keep in mind that Visa does not solicit personal information and they should not respond to e-mails soliciting such information,'' said Visa Canada spokesperson Terrie Twaddle.

"Such e-mail requests should be treated as fraudulent and immediately brought to the attention of Visa for action."

The suspicious e-mail is obviously aimed at a wider audience than Canada. Recipients are asked to click on a verification icon that takes them to a site that appears to be Visa U.S.A., with an option to click again for a Spanish version.

Twaddle said Visa is not aware of any fraudulent card activity from the scam.

Wing, co-author of Protecting Your Money, Privacy and Identity from Theft, Loss and Misuse, said it might be too early to rule that out altogether.

"What we never know about these things is whether anyone has fallen for them. We know a certain number will get fooled, as they would by any con artist."

Given that Visa was alerted more than two days ago, Wing said he was surprised the fake Web site was still running yesterday.

"A weekend is a long time with people's credit card numbers," he said.

Twaddle said Visa cardholders are protected against fraud through the company's zero liability program.

Anyone who has responded to the bogus e-mail should immediately contact the financial institution that issued his or her Visa card so the account can be closely monitored.

Consumers can easily protect themselves from similar e-mail or telephone scams by "never responding to something like this where you didn't initiate the contact,'' said Wing.

Visa would not comment on the source of the suspicious e-mail, saying that it could compromise the investigation.

September 16, 2003 at 07:20 AM in Online crime | Permalink | Top of page | Blog Home

September 10, 2003

Spoofing

Having seen this firsthand now, it really brings home the danger in this, and the prospect of alienating an already sceptical general public. It strikes me again, as it does every couple of years, that we really need digital identities which are crypto safe, and attached to a device/ source which is irrefutable, such as a smart card. This will be inconvenient, and add cost to internet, and access, but no choice.

September 10, 2003 at 09:28 PM in Online crime | Permalink | Top of page | Blog Home

First bank spoof in Canada

Today I saw firsthand the first big email spoof of Canadian Financial Institutions. In this situation the criminal sent out emails with a link to a bogus FI site which looked like the real FI site.

If innocent people follow that link they could get a trojan virus, a keyboard logger, which will pass over any information they type into the web page, to the criminals.

It just highlights the need for individuals to be wary, and careful before following embedded email hyperlinks & completing forms online.

This has been a big problem in Australia, and looks like we have got it in Canada now.

Net scam targeted bank customers
Net scam targeted bank customers (Globe and Mail)
Bank of Montreal, Caisses Desjardins Web sites cloned by hackers to steal data

By Sinclair Stewart

Police are investigating an elaborate Internet scam that cloned the Web sites of Bank of Montreal and Mouvement des Caisses Desjardins in order to trick customers into providing their personal account information.

Hackers posing as representatives from the two banks circulated spam e-mails this week, inviting people to click on an Internet link for a chance to win $500.

Instead of taking customers to the home pages of BMO or Desjardins, however, the link whisked them to look-alike Web sites where they were asked to enter their bank card numbers and passwords.

The e-mail also contained what it known as a "Trojan Horse" virus, which is activated once people click on the Internet link. The virus essentially enables hackers to take control of an infected computer and access files and personal data.

Staff Sgt. Paul Marsh, a spokesman for the Royal Canadian Mounted Police, said the Mounties are investigating the incident in conjunction with international law enforcement agencies. He declined to discuss details of the probe, but said this appears to be the first time hackers have cloned Web sites in Canada in an attempt to defraud banking customers.

"It's the first time I'm aware of this particular scenario," he said, adding that Internet cloning has typically been used for identity theft.

BMO learned of the hoax after receiving a call from one of its customers on Wednesday morning, and managed to shut down the fraudulent Internet site a few hours later. Ian Blair, a spokesman for the bank, said between 50 and 55 on-line clients contacted BMO to say they had received the e-mail. Of these, only five actually visited the phony Web Site and shared their private information.

The bank has already changed the passwords of these customers, and so far it seems none of the accounts have been tampered with. Mr. Blair said the bank is still trying to determine whether other customers have visited the fake Web site and surrendered information.

Security officials at the bank are still uncertain who is behind the scam, but Mr. Blair said early indications suggest it began somewhere in the western United States. It appears as though hackers used a screen capture of the bank's Web site, and posted the image at a different Internet address. The text on the site was altered, and it urged customers to log into the system with their passwords in order to participate in the contest.

André Chapleau, a spokesman with Desjardins, said he immediately knew something unusual was afoot after customers reported they were receiving e-mails in English from the Montreal-based financial services co-operative.

"We had about 10 or 12 calls from our members who were first of all surprised that they had received an English e-mail from Desjardins," he said. "To start with, it was a little boo-boo from the hoaxers."

Mr. Chapleau said Desjardins traced the e-mails to a server in Pennsylvania on Wednesday, and had the site shut down. The phony site resurfaced a few hours later, but was taken off line for good that evening. As far as Desjardins is aware, none of its customers gave up their passwords to the hackers, although the bank is still probing the matter.

Both banks, meanwhile, insisted it is safe for customers to continue with their on-line banking, so long as they access the Web sites the way they normally do: by punching in the Internet address.

"It's still safe to bank on-line," said Mr. Blair, who suggested banking customers should get in the habit of changing their passwords frequently as a security measure.

"Any on-line banking customers should be vigilant when receiving an e-mail claiming to be from their financial institution," Mr. Marsh added.

September 10, 2003 at 09:22 PM in Online crime | Permalink | Top of page | Blog Home