Cybercrime stories

[Al-khiyal]

U.S.-Egypt smash cyber 'phishing' ring

LOS ANGELES, October 8, 2009 -- Investigators in the United States and Egypt have smashed a computer "phishing" identity theft scam, officials said Wednesday. The Federal Bureau of Investigation said 33 people were arrested across the United States early Wednesday while authorities in Egypt charged 47 more people linked to the scam. A total of 53 suspects were named in connection with the scam in a federal grand jury indictment, the FBI said. Authorities said the sophisticated identity theft network had gathered information from thousands of victims which was used to defraud American banks. Wednesday's arrests were the culmination of a two-year probe involving U.S. and Egyptian officials dubbed "Operation Phish Phry." A series of raids early Wednesday resulted in arrests in California, Nevada and North Carolina. A 51-count U.S. indictment accuses all defendants with conspiracy to commit wire fraud and bank fraud while various defendants are charged with aggravated identity theft and conspiracy to commit computer fraud. "The sophistication with which Phish Phry defendants operated represents an evolving and troubling paradigm in the way identity theft is now committed," FBI Los Angeles acting assistant director Keith Bolcar said. "Criminally savvy groups recruit here and abroad to pool tactics and skills necessary to commit organized theft facilitated by the computer, including hacking, fraud and identity theft, with a common greed and shared willingness to victimize Americans." According to an unsealed indictment, Egyptian-based hackers obtained bank account numbers and personal information from bank customers through phishing, and then hacked into accounts at two unidentified banks. Once compromised accounts had been accessed, hackers in Egypt contacted conspirators based in the United States via text messages, phone calls and Internet chatrooms to arrange transfer of cash to fraudulent accounts. "This international phishing ring had a significant impact on two banks and caused huge headaches for hundreds, perhaps thousands, of bank customers," acting U.S. Attorney George Cardona said in a statement. The investigation comes hard on the heels of a security breach targeting thousands of Microsoft Hotmail accounts. Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free Web-based email service into revealing account and access information, according to the U.S. technology giant.

[Al-khiyal]

Hackers target Guardian jobs site

October 25, 2009 -- The Guardian has emailed "up to half a million" users of its UK-based Jobs website to tell them that some of their personal data may have been compromised by "a sophisticated and deliberate hack" on Friday night. A Guardian spokesperson said the site has about 10 million unique users per year, and that "the hack was stopped before it was completed". "As soon as we were alerted to the fact that there was a problem, we dealt with it, in line with the information commissioner's guidance on data protection," said the spokesperson. "We felt it was important to be transparent and alert our users as soon as possible."

Yesterday , the Guardian put a security notice on its jobs site, which said: "The supplier who runs the site has identified the manner in which it was hacked and taken steps to prevent a recurrence." User accounts were not hacked, so there is no need for site users to change their passwords. The compromised data could include the person's name, email address, covering letter and CV, but "we have no reason to believe that any financial or bank data was compromised," said the Guardian's email. Some of the data was up to two years old.

The user data is not held on the web but stored on separate databases run for the Guardian by third parties. In the UK, it is reportedly run by Madgex. A Guardian technology director said: "We will have final numbers of real users and the type of data in the next few days, once we strip out duplicates, false emails and so on." He said he was unable to provide any technical details of the hack, as these were part of a police investigation by the central e-crime unit at Scotland Yard.

Jobs site user Chris Gittner said that at first he thought the email was a hoax, and "all of this wasn't helped by finding out about it late on Saturday evening when there was no one official around to talk to." Kate Waugh, a user from Staffordshire, said: "I'm quite worried about the repercussions of my sensitive data falling into the wrong hands: I've had enough experience already of card fraudsters so I know how easily you can fall victim to these things. I'm going to take the steps recommended by the Guardian, but it's one more worry I could do without. I have to say the Guardian's reassurance that it won't happen again doesn't help."

The Guardian's email passed on police recommendations for "precautionary measures" such as contacting a credit reference agency - Callcredit, Equifax or Experian — and using Cifas, the UK's fraud prevention service . Cifas also runs The UK fraud jobs jobsite tailored specifically for fraud professionals and recruitment specialists. Another user, Simon Anthony, said "we probably will" register with Cifas but "it costs £12 each person. Will the Guardian pay for this?" He said he objected to paying for security that he should not need.

Job sites are regularly attacked by hackers and via email "phishing" attacks, as they provide a rich source of data for those interested in identity theft. Job seekers who simply circulate their CVs directly to potential employers, or post them on the web or on Facebook, are also increasing their level of risk. Job sites may still be the safer option. The Guardian's U.S.-based jobs site was not affected.

[Al-khiyal]

Two held in global PC fraud probe

November 18, 2009 -- Two suspected computer hackers have been arrested in Manchester in a major inquiry into a global internet scam designed to steal personal details. The trojan program is believed to have infected thousands of computers around the world, said the Metropolitan Police, which is leading the inquiry. A man and woman, both aged 20, have been questioned and bailed until March 2010 pending further inquiries. Police revealed the arrests were the first in Europe as part of the inquiry.

The investigation focused on the ZeuS or Zbot trojan - "a sophisticated malicious computer program", said police. The malicious software records online bank account details, passwords and credit card numbers to steal cash with the information accessed. It also copies passwords for social networking sites before causing each computer to forward the data to servers under the control of the hackers. It has emerged in several guises, including a false Facebook page that encouraged users to download a software update.

The pair being questioned were arrested on 3 November under the 1990 Computer Misuse Act and the 2006 Fraud Act. Details of the arrests have only just emerged. Detective Inspector Colin Wetherill said: "The ZeuS Trojan is a piece of malware [malicious software] used increasingly by criminals to obtain huge quantities of sensitive information from thousands of compromised computers around the world. The arrests represent a considerable breakthrough in our increasing efforts to combat online criminality."

One IT security expert described Zbot as one of the most notorious pieces of malware seen recently. Graham Cluley, senior technology consultant for security firm Sophos, said: "It's not just a single piece of malicious software. It's a family with many different members, all adopting different disguises in their attempt to infect users, and steal information that could allow hackers to break into your bank account and social networking profiles. Once the bad guys have your bank account details they can raid your finances, if they have grabbed your Facebook or MySpace password they can use your account as a springboard for sending out more attacks to your friends and family."

[Al-khiyal]

Cyber criminal gets six months in jail for job hoax

Dubai, November 20, 2009 -- A visitor has been jailed for six months after he promoted a teacher's job in the Education Ministry on a hoax website and defrauded a London-based teacher. Convicting the 25-year-old Nigerian, Presiding Judge Hamad Abdul Latif Abdul Jawad of the Dubai Court of First Instance, said the accused, U.E. will be deported after the completion of his jail term. The fraudster had earlier denied the charge of indulging in a cyber crime, which involved designing a hoax website claiming it to be that of the UAE's Education Ministry, promoting a teaching job and defrauding $4,100 (around Dh15,100) from a London-based Slovakian teacher. The Public Prosecution charged the Nigerian with promoting a non-existent job vacancy which he posted on what records described as a bogus website titled "UAE Ministry of Education Language Studies".

"I am innocent… I didn't do anything wrong. I have no relation to what happened at all," U.E. said in his defence in court earlier. Prosecutor Salem Bin Khadem earlier asked the jury to impose the toughest punishment applicable. Public prosecution records showed that the teacher, V.N., informed the UAE embassy in London that she applied for the teacher's job posted on the hoax website. She allegedly claimed that she was referred to an e-mail address which belonged to U.E., whom she accused of pocketing her money. Prosecutors said the accused and an unidentified number of suspects (who are still at large) advertised a job application as being issued by the Labour Ministry and promoted the Education Ministry's teaching job. U.E. and the escapees were charged with committing a cyber crime by abusing the internet and defrauding and swindling V.N.'s money.

The accused convinced the teacher that she had been hired as an English language teacher after he e-mailed her the forged job application. Records said the claimant wired money to a Dubai-based money exchange house. Pleading innocence in court earlier this month, U.E. stated in his defence: "They accused me of something I didn't do. A person asked me to collect the money from an exchange house and that's what I did before handing the money to him." An Emirati lieutenant from Dubai Police's section combating cyber crime testified that they tracked down the e-mail of the accused before they arrested him.

[Al-khiyal]

Police shut 1,200 scam shopping websites

December 3, 2009 -- UK police this week shut down more than 1,200 scam websites that claimed to be selling designer clothes and jewellery, in what is thought to be the biggest single swoop of its kind in the world. The 1,219 websites purported to sell items ranging from Ugg boots and Tiffany & Co jewellery to GHD hair straighteners. Police said the fact the sites had ".co.uk" web addresses meant innocent British shoppers were duped into making what appeared to be bargain purchases, but they received either counterfeit products or nothing at all. The websites are thought to have generated millions of pounds for organised criminal gangs, which could then be used to fund other illicit activities, the Metropolitan Police's Central e-crime unit (PCeU) said. Victims also ran the potential risk of the criminals stealing their identities and credit card and banking details for misuse elsewhere.

The clampdown, dubbed Operation Papworth, was instigated by the PCeU to target the "criminal misuse" of UK domain names with the aim of preventing harm to British consumers and making it safer to trade online. A spokesman said that as a result, "Christmas shoppers stand a better chance of avoiding online fraud this festive season". Intelligence showed that the vast majority of the sites were registered in China and other countries in Asia, mostly using false or misleading details. That meant it was almost impossible for victims to complain about poor quality counterfeit items or goods never arriving. It also made it difficult for trading standards and other law enforcement agencies to take action. One online security source said the operation was ground-breaking in its scale and in the way it attempted to protect the UK system. The source said this was thought to be the biggest mass "deregistration" of scam counterfeit goods websites anywhere in the world. It is understood other designer brands targeted by the criminals include jewellery firm Links of London and clothing labels Vivienne Westwood and Ed Hardy.

Too good to be true

Detective superintendent Charlie McMurdie, head of the PCeU, said: "Fraudsters target the victim's desire to buy designer goods at reduced prices, particularly at this time of year. The risk begins when your desire to purchase blinds your judgment or leads you to illegal websites. If it looks too good to be true, it probably is."

The unit worked in partnership with Nominet, the body responsible for UK domain name registrations. As a result, all the sites have been taken down at the registry level to prevent re-registration. Lesley Cowley, chief executive of Nominet, said: "We received clear instructions from the PCeU to take down the .co.uk domain names, which have been under investigation for criminal activity. We worked closely with the police and our registrars to quickly carry out the instruction to shut down access to these sites."

Consumer Direct, Trading Standards officers, the Office of Fair Trading and manufacturers also helped to identify the fraudulent websites. Consumer Direct said that if consumers have bought from one of these sites, and the goods have not arrived but their credit or debit card has been charged, they should contact their card company to see if they can get their money back. Further advice can be found at Get Safe Online and the Metropolitan Police's fraud alert website.

[Al-khiyal]

FIFA World Cup related scams

December 9, 2009 -- It should be universally know by now that hot news and big events are almost always used by spammers, phishers and peddlers of scareware to reach the widest audience possible. The FIFA World Cup that takes place in South Africa next year is no exception. McAfee Labs warns users about a couple of scams that are already present.

The first one is a fake lottery, purportedly held by the South African Football Association. You are, of course, asked to pay "processing fees" or "transfer charges" so you can receive your winnings. We have already seen innumerable scams like this - one wonders is there is anyone who still falls for such a scheme. But, obviously some people still do, because scammers wouldn't bother with it if there were no results. In the second one you are offered to watch live games online. The insult is double: not only do you pay to download a player, but when you do, you don't actually get a player, but scareware.

Another thing you have to be really careful with is the process of buying tickets for the games online. As McAfee advises: "Go to fifa.com, use a reputable travel agent, or contact your football/soccer association directly. Don’t assume unsolicited online offers are genuine." There will be a lot of fakes sites out there, and they will try to relieve of your hard-earned cash. FIFA warns that they are the only ones who will be selling tickets, and that only a few other companies will sell authorized packages.

[Al-khiyal]

Russian hacker gang who 'stole millions from Citibank' under investigation

December 22, 2009 -- The FBI is investigating the activities of a notorious Russian internet gang amid accusations that it stole tens of millions of dollars from U.S. banks. The hackers, known as the Russian Business Network, had been quiet for two years after masterminding a string of hi-tech crimes including identity theft, fraud, spam and child pornography. But the gang could be back in action, according to a report in the Wall Street Journal which suggested that Citigroup was the focus of a federal investigation linked to the Russian group. It claimed that an attack believed to have been orchestrated by the network netted large sums of money after targeting Citigroup's computer systems.

Reports of the cyber attack came as the White House today named its head of cyber security as Howard Schmidt, who had a similar role for several years under George W Bush. He will co-ordinate U.S. government, military and intelligence efforts to repel hackers. There has been a string of reports about hacking attacks on the U.S. government in recent months, as well as the theft of more than £5 million from systems belonging to the Royal Bank of Scotland. The threats led President Obama to declare that defence against internet attacks was a "national security priority" – a shift which culminated in Schmidt's appointment.

Citigroup, the world's largest financial services company, has rejected suggestions that the FBI is investigating an incident at the bank, and denied that a raid of such proportions had taken place. "We had no breach of the system and there were no losses, no customer losses, no bank losses," said Joe Petro, managing director of Citigroup's security and investigative services. "Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true." Instead, a spokesman said, the company is aware of one customer whose account was drained of more than $1 million after being hacked.

While the nature of the attack remains contested, the reports mark a significant comeback for one of the internet's most high-profile crime groups. The organisation disappeared from view in 2007 after moving its operations from St Petersburg to China. The extended absence had left some wondering whether it had disbanded, but experts familiar with the network's activities suggested that its influence on organised crime was still strong. "All signs point to a dramatic rise in cyber crime," said Anton Chuvakin, a computer security expert based in San Jose. "The strategy is pretty much the 'blue ocean' one, with a lot of unexplored opportunity and a low barrier to entry."

It would not be the first time that Citigroup, which is based in New York, or its customers had been targeted by computer criminals. Earlier this year Albert Gonzalez, a 28-year-old hacker from Florida, was charged by U.S. prosecutors with being the mastermind behind a series of computer attacks that netted millions over the course of several years. Citibank was among the groups targeted by the strikes, which also hit computers belonging to payment processing company Heartland and resulted in more than 45 million credit card numbers being stolen from the retailer TJX. Gonzalez, who faces 15 to 25 years in prison, was once linked to another well-known group of internet gangsters known as Shadowcrew.

In the U.S., the announcement of Schmidt's appointment came as the final step in a much-criticised seven-month search for a candidate. The continuing lack of an appointment had caused some concern in Washington – while officials said that delays in making an appointment were merely part of the process, reports suggested a number of candidates had turned the job down. Last weekend, it emerged that the Russian military had been meeting Washington officials to discuss potential collaboration over internet security and cyber defence. Such a move would mark a breakthrough in the often frosty relations between the two countries over their activities online. Rod Beckstrom, the former director of the U.S. Cyber Security Centre, told the Guardian that he had met with Russian officials too – and had encouraged such collaborations while working for the government. "We do see international collaboration improving," he said. "We are pleased to hear superpowers such as Russia and the U.S. addressing these topics."