Wednesday, September 30, 2009

Cybercrime Threat Rising Sharply All Over The World - - Experts Warned


They called for a new system to tackle well-organised gangs of cybercriminals.

Online theft costs $1 trillion a year, the number of attacks is rising sharply and too many people do not know how to protect themselves, they said.

The internet was vulnerable, they said, but as it was now part of society's central nervous system, attacks could threaten whole economies.

The past year had seen "more vulnerabilities, more cybercrime, more malicious software than ever before", more than had been seen in the past five years combined, one of the experts reported.

But does that really put "the internet at risk?", was the topic of session at the annual Davos meeting.

On the panel discussing the issue were Mozilla chairwoman Mitchell Baker (makers of the Firefox browser), McAfee chief executive Dave Dewalt, Harvard law professor and leading internet expert Jonathan Zittrain, Andre Kudelski of Kudelski group, which provides digital security solutions, and Tom Ilube, the boss of Garlik, a firm working on online web identity protection.

They were also joined by Microsoft's chief research officer, Craig Mundie.

To encourage frank debate, Davos rules do not allow the attribution of comments to individual panellists

Threat #1: Crime

The experts on the panel outlined a wide range of threats facing the internet.

There was traditional cybercrime: committing fraud or theft by stealing somebody's identity, their credit card details and other data, or tricking them into paying for services or goods that do not exist.

The majority of these crimes, one participant said, were not being committed by a youngster sitting in a basement at their computer.

Rather, they were executed by very large and very well-organised criminal gangs.

One panellist described the case of a lawyer who had realised that he could make more money though cybercrime.

He went on to assemble a gang of about 300 people with specialised roles - computer experts, lawyers, people harvesting the data etc.

Such criminals use viruses to take control of computers, combine thousands of them into so-called "botnets" that are used for concerted cyber attacks.

In the United States, a "virtual" group had managed to hijack and redirect the details of 25 million credit card transactions to Ukraine. The group used the data to buy a large number of goods, which were then sold on eBay.

This suggested organisation on a huge scale.

"This is not vandalism anymore, but organised criminality," a panellist said, while another added that "this is it is not about technology, but our economy".

Threat #2: the system

A much larger problem, though, are flaws in the set-up of the web itself.

It is organised around the principle of trust, which can have unexpected knock-on effects.

Nearly a year ago, Pakistan tried to ban a YouTube video that it deemed to be offensive to Islam.

The country's internet service providers (ISPs) were ordered to stop all YouTube traffic within Pakistan.

However, one ISP inadvertently managed to make YouTube inaccessible from anywhere in the world.

But in cyberspace, nobody is responsible for dealing with such incidents.

It fell to a loose group of volunteers to analyse the problem and distribute a patch globally within 90 minutes.

"Fortunately there was no Star Trek convention and they were all around," a panellist joked.

Threat #3: cyber warfare

Design flaws are one thing, cyber warfare is another.

Two years ago, a political dispute between Russia and Estonia escalated when the small Baltic country came under a sustained denial-of-service attack which disabled the country's banking industry and its utilities like the electricity network.

This was repeated last year, when Georgia's web infrastructure was brought down on its knees during its conflict with Russia.

"2008 was the year when cyber warfare began.. it showed that you can bring down a country within minutes," one panellist said.

"It was like cyber riot, Russia started it and then many hackers jumped on the bandwagon," said another.

This threat was now getting even greater because of the "multiplication of web-enabled devices" - from cars to fridges, from environmental sensors to digital television networks.

The panel discussed methods that terrorists could use to attack or undermine the whole internet, and posed the question whether the web would be able to survive such an assault.

The real problem, concluded one of the experts, was not the individual loss.

It was the systemic risk, where fraud and attacks undermine either trust in or the functionality of the system, to the point where it becomes unusable.

What solution?

"The problems are daunting, and it's getting worse," said one of the experts. "Do we need a true disaster to bring people together?," asked another.

One panellist noted that unlike the real world - where we know whether a certain neighbourhood is safe or not - cyberspace was still too new for most of us to make such judgements. This uncertainty created fear.

And as "the internet is a global network, it doesn't obey traditional boundaries, and traditional ways of policing don't work," one expert said.

Comparing virus-infected computers to people carrying highly infectious diseases like Sars, he proposed the creation of a World Health Organisation for the internet.

"If you have a highly communicable disease, you don't have any civil liberties at that point. We quarantine people."

"We can identify the machines that have been co-opted, that provide the energy to botnets, but right now we have no way to sequester them."

But several panellists worried about the heavy hand of government. The internet's strength was its open nature. Centralising it would be a huge threat to innovation, evolution and growth of the web.

"The amount of control required [to exclude all risk] is quite totalitarian," one of them warned.

Instead they suggested to foster the civic spirit of the web, similar to the open source software movement and the team that had sorted the YouTube problem.

"Would a formalised internet police following protocols have been able to find the [internet service provider] in Pakistan as quickly and deployed a fix that quickly?" one of them asked.

Conference Organized By The Council of Europe - - Europe Ready to Face The Cyber-crime Threat


Organised by The Council of Europe, the conference aims to unite European nations behind its controversial cyber-crime convention.

This treaty tries to unify working methods for the different national law enforcement agencies tackling net-based crimes.

Unanimity is vital. The fear is that if just one country fails to sign up to the convention, it could make a hole big enough to sink it.

What everyone is struggling to deal with, says Isabelle Rorive, Professor of Law at the Free University of Brussels, is the net's lack of borders.

"The sovereignty of a state stops with its borders," she says. "With the internet, all of that is abandoned."

Bernhard Otupal, from Interpol's Financial and Hi-tech Crime Unit, suggests: "What we, of course, would need is one legal system that can be used everywhere in the world, so that not only the attackers can work on a global basis, but the police can as well."

Wild frontiers

The internet's reputation for lawlessness means that WWW could stand for the World's Wild West - and it appears to be getting wilder.

There are viruses, spam, spyware and our personal details can be "phished" and we are all vulnerable to identity theft.

Criminals are attracted to cyberspace not just because of its vast reach and the seemingly limitless number of potential victims.

Cyber-crime is also relatively low risk. The internet is anonymous and makes it easy for us to hide exactly who we are.

This is particularly true of paedophiles who, posing as children, have been able to groom their victims before eventually meeting up with them.

Child welfare organisations say the net's anonymity has led to an explosion of child pornography and the abuse that goes with it.

Isabelle de Schrijver, from the Belgian association Child Focus, says: "The internet gives child abusers the opportunity to meet each other, to talk to each other, to exchange pictures, to produce pictures.

"It is a medium where child molesters get to know each other and make pictures a lot more than before."

Fears about cyber-terrorism are growing too.

"It has not happened yet and I think there is a chance that it will not happen in the near future, but we do have to prepare," says Dr Marco Gercke, of Munich's Ludwig-Maximilians University, who co-wrote the Council of Europe's report on cyber-crime.

"On the one hand we prepare physically by protecting power plants from the crash of a plane. We set up physical barricades.

"But this is just the one strategy and we have to ensure that the little cable that is going into the power plant that gives the company control over the power plant is also protected."

Maintaining cyber-rights

Some worry, however, that the right balance has not been struck between police powers and individual cyber-rights.

The issue of racist websites is a case in point. Some believe only a zero-tolerance policy to hate-speech is possible and want to wipe it from the web. Others say that the freedom to say what you think and feel is too valuable a principle to do away with.

"The major division in relation to race web-sites or hate-speech websites is that some countries have constitutional blocks from allowing them to stop people from accessing these websites," says Cormac Callanan of the association of Internet Hotline Providers (Inhope).

"Specifically what I am referring to is the United States, where they have the First Amendment rights of free speech."

But Suzette Bronkhorst, of the Netherlands-based INACH, the International Network Against Cyber Hate, adds: "American business providers are not restricted and they can remove what they like.

"They do remove stuff, because, for instance, the free providers depend on advertisers, not on people who put websites up, and advertisers do not want to be connected to racist materials."

Some see racist websites as a problem because they are reaching out beyond the immediate crowd of people who agree with the views espoused on such sites.

"They've created websites that are not obviously blatant, that are not obviously bad in many cases, and that's what makes them even more difficult to ban," says Mr Callanan. "They are often targeting children. They often have nice games to attract people in."

Differing opinions

But banning is unlikely to be wholly effective, and some believe it would be better to teach people how to read the web and trust them to decide what they agree with or not.

"There is a large body of opinion that says: 'Let's not ban it. Let's do the opposite and get out there and make the message clearer,'" says Mr Callanan.

But Suzette Bronkhorst is not convinced. "That would be beautiful in the world - and we could all stand in a circle and hold hands for world peace."

She says: "By getting websites removed and in some cases launching a prosecution... [this] sends out a clear signal that this is not okay."

Albert Gonzales - - A Culprit For Cyber Crime in Eastern Europe???


Albert Gonzales may be taking the majority of the heat (and rightly so), and the full force of U.S. Law Enforcement prosecution, but he is only the tip of the proverbial iceberg.

There is an entire Eastern European organized criminal operation that is further along in this food chain.

In case you haven’t heard, Gonzales and his co-conspirators are responsible for hacking into TJX, Heartland Payment Systems, Dave & Buster’s, and other retailers and payment processors, to steal credit & debit card account numbers.

As Kim Zetter reports on the Wired “Threat Level” Blog, there are multiple Eastern European connections to known organized criminal operations in Russia, The Ukraine, and Latvia (and elsewhere), some of which Trend Micro threat researchers have been tracking for several years now.

Besides these direct hacks of businesses and credit card processors, we have seen a very robust growth in malware which directly targets banking institutions, banking login credentials, malware that piggy-backs banking sessions, etc., ad nauseum, in an effort to steal money. Period.

In fact, the largest growth of malware that we have seen in 2009 has virtually all been geared towards stealing credentials of one sort or another.

This is organized cyber crime at it’s most base form, and it is actually getting worse.

There is a rather long, and twisted history here — especially involving Gonzales and other individual involved in similar crimes, but the real interesting connections lead back to Eastern Europe, especially Russia and The Ukraine.

While I’m not trying to make this incident any more shocking than it already is, the real issues are not being discussed in the mainstream media — luckily, Wired has dug into the background of these issues a bit, and so has Brian Krebs at The Washington Post.

Make no mistake, these issues are very complicated — all “good” criminals make sure that they are hard to track. But not all tracks are invisible.

Trend Micro researchers, including myself, have been tracking this specific criminal activity in Eastern Europe for several years now, and we intend to first, protect our customers, and secondly, try to work with law enforcement and others to identify the criminals.

Trend Micro researchers are hard on the trails of these malicious activities, and when we identify sites that are designed to victimize you, we ensure that they get blocked by the Trend Smart Protection Network.

Make sure you are protected.

Trend Micro researchers not only ensure that our customers are protected, but we also actively work work with International Law Enforcement to identify the criminal actors behind these crimes.

Be ware! It's a Cyber World. Don’t be victimized.


Tuesday, September 29, 2009

INTERNET FRAUD IN NIGERIA…A COLOSSAL UPHEAVAL! - - Internet Fraud In Nigeria and Africa... What do u think?


At the start of fraudulent activities in Nigeria, little was it known that its effect would be this immense and adverse? As a matter of fact, I grew up experiencing the activities of fraudulent practices; corruption was just being birthed and some sector of the populace had caught the ´´bug´´ and were ´´cashing in´´ (permit me to use such phrase). We had cases of foreigners and even Nigerians becoming victims in the hands of people known as ´´419ers´´ stirring up an abysmal level of insecurity and mistrust amongst Nigerians both Home and Abroad. Insecurity that marred the image of the Nigerian state and Nigerians had to be exceptional in their quest to be relevant in Global platforms.

The advent of agencies and institutions specifically created to contain challenges of that sort reached an appreciable length but was not good enough as a new trend sprung up and caught like wildfire. When I first heard about ´´yahoo-yahoo´´, – a phrase generally used by Nigerians to generalise the practise of scam activities on the internet, I never in my imaginations thought it would get to this point… a point where the image of my dear Nation, Nigeria, is on the retrogressive slide creating obstacles to factors that could ensure economical, social, and infrastructural growth. Factors such as the influx of foreign investors to Nigeria, business opportunities between Nigerians and Her counterparts in the Diaspora and so on. The internet, supposed to be a great tool for global exchange and development has now become one of our greatest worry in this side of the Africa.

Why is it that almost anything that´s got to do with financial scams has something to do with a Nigerian? As a Nigerian, the phrase yahoo-yahoo shouldn´t be new to you as it has become an inherent resident in our society. Sometimes I wonder what the reason is. Why would people opt for such a despicable form of lifestyle or should I say livelihood? Why people would rejoice at the expense of others (victims)? One thing I do know as a constant is the law of Karma… What goes around definitely comes around. These people do not aspire to be Doctors, Lawyers, or Engineers like their parents may desire but rather out of laziness, or sheer envy and greed, long to have ´´quick money´´ in order to show off among their peers. They assume exorbitant lifestyles far beyond their possible reach, spending lavishly on their friends and cohorts in what seems to be a competition among them in a bid to get acknowledged and noticed probably by the opposite sex. The ´´yahoo-yahoo boys´´ as they are also known, drive expensive cars that even their parents cannot afford with no substantial proof to show legitimate acquisition. Obviously obnoxious, is the fact that even most parents, aware of such unhealthy practises do nothing to contain their wards as some of them also benefit from the ´´fruits of THAT labour´´. INCREDIBLE!

PREY

The victims of this plague, are usually sincere foreigners with the aim of doing business internationally but end up in the jaws of predators who would have lured them with so many tactics for days, weeks and even months – of course they don´t get bored waiting for a response from their ´´magas´´ (what the victims are usually called) as they have so many on their list. These days, even fellow Nigerians are becoming victims. Oblivious of the antics of these culprits, sincere and honest Nigerians (the few left) willing to do business are unfortunate to have such encounters as the Y-Y boys operate with false identities mostly those of foreigners.

Then I wonder… how do they successfully go into the banks and retrieve this money without being caught? Until recently I found out they do with fake Drivers license and international passports bearing fake names and I ask; can´t anything be done about this? Developments like this have a huge negative impact on the youths of a nation like this where a large sector of the economy struggle to have a three square meal. We are still struggling to deal with youth restiveness especially in the Niger Delta; Abduction and Militancy- an overwhelming standard to deal with, fuel crisis, outrageously epileptic power supply and so on…now THIS? The role of the youth in the development of Nigeria in our quest to attain the desired status Nigeria has since lost as the Giant or Pride of Africa cannot be over- emphasised but will not be achieved with this kind of lackadaisical and lacklustre approach to this menace. Think for a second… what if this problem is dealt with? What becomes of the people who practise it? Of course they would find it difficult to settle for less. I mean white-collar jobs that pay far less than what they have been used to and that Is for those qualified enough to even get a job interview. For those who shunned school for a more speedy way of wealth acquisition, they would resort to other ills like robbery, kidnapping or maybe both.

THE WAY FORWARD

Furthermore, these activities – if not checked will eventually put our Image as a Nation in Jeopardy (more than it already is) and hard to recover from. If you ask me or if the Government and those with immediate responsibility to dealing with this situation called yahoo-yahoo, I think there are some ways this crime can be eradicated but I have an idea on one or two ways. Take for instance, the case of the drivers´ licenses, I learnt since being one of the easy ways with which they get their money, many of them now hold multiple licenses with all bearing different names. I think the government should unequivocally make their claims towards flushing out unscrupulous activities of this sort by starting first with the respective parastatals like the VIO, FEDERAL ROAD SAFETY CORPORATION, and the IMMIGRATION SERVICE, responsible for the manufacture and issuance of drivers´ licenses and international passports. If these government organisations are put under intense scrutiny and all the processes reviewed making it rather impossible to have more than one drivers´ license or a passport at a time and also ensuring that the ones´ given out contain genuine details and information making it easier to trace the practitioners of this crime, the rate of internet fraud will reduce appreciably. You might wonder how possible it is for someone to have more than one of these documents in their possession. Imagine the cost of applying for a drivers´ license at 5000 then somebody offers double that price (of course we all know NOT everybody with a drivers´ license in Nigeria was tested and approved qualified). So I think measures should be in place to check these excesses.

Another aspect is the banking sector. This is another avenue where a lot of work needs to be done as this is the ´´final bus stop´´ or ´´the collection point´´. I also recently discovered that the y-y boys now have insiders in the banks whom are bankers themselves - more like agents to ensure that the ´loots´ are delivered to their respective clients – rather shameful! I cannot stand to see my dear country go down in shame… It´s time for us to stand up from our state of ennui and fight for a necessary course. These are some of the ways we could stop the continued growth of this evil trend and my own way of showing displeasure and disapproval. Let us make our Nation a better place like we all want it to be. Remember, ´´IF WE CAN´T GET IT RIGHT, THE NATION WON´T GET IT RIGHT´´.

"Free Cheese In The Rats' Trap Only" - - The Nigerian Advance Fee Scam


The Nigerian Advance Fee Scam has been around for quite awhile, but despite many warnings, continues to draw in many victims. In fact, the Police receives approximately 100 telephone calls from victims/ potential victims and 300-500 pieces of related correspondence per day about this scam! The Nigerian Advance Fee Scam has been around for quite awhile, but despite many warnings, continues to draw in many victims. In fact, the Police receives approximately 100 telephone calls from victims/ potential victims and 300-500 pieces of related correspondence per day about this scam!

Indications are that the advance fee fraud grosses hundreds of millions of dollars annually and the losses are continuing to escalate. The Nigerian Advance Fee Scheme (also known internationally as "4-1-9" fraud after the section of the Nigerian penal code which addresses fraud schemes) is generally targeted at small and medium sized businesses, as well as charities. This global scam (recently seen in India ,Russia, Southeast Asia, Australia, and New Zealand, as well as the US) involves the receipt of an unsolicited letter purporting to come from someone who claims to work for the Nigerian Central Bank or from the Nigerian government. (The Central Bank of Nigeria denies all connection to those who promote this scheme.)

In the letter, a Nigerian claiming to be a senior civil servant will inform the recipient that he is seeking a reputable foreign company into whose account he can deposit funds ranging from $10-$60 million which the Nigerian government overpaid on some procurement contract.

The goal of the scam artist is to delude the victim into thinking that he or she has been singled out to participate in a very lucrative—although questionable—arrangement. The intended victim is reassured of the authenticity of the arrangement by forged or false documents bearing apparently official Nigerian government letterhead, seals, as well as false letters of credit, payment schedules and bank drafts. The scam artist may even establish the credibility of his contacts, and thereby his influence, by arranging a meeting between the victim and "government officials" in real or fake government offices.

Once the victim becomes confident of the potential success of the deal, something goes wrong. The victim is then pressured or threatened to provide one or more large sums of money to save the venture. For example, an official will demand an up-front bribe or an unforeseen tax or fee to the Nigerian government will have to be paid before the money can be transferred. Each fee paid is described as the very last fee required. The scheme may be stretched out over many months.

Here is a sample of a letter a victim may receive: (Note: The letter that is sent is all in capital letters.)
LAGOS, NIGERIA.

ATTENTION: THE PRESIDENT/CEO

DEAR SIR,

CONFIDENTIAL BUSINESS PROPOSAL

HAVING CONSULTED WITH MY COLLEAGUES AND BASED ON THE INFORMATION GATHERED FROM THE NIGERIAN CHAMBERS OF COMMERCE AND INDUSTRY, I HAVE THE PRIVILEGE TO REQUEST FOR YOUR ASSISTANCE TO TRANSFER THE SUM OF $47,500,000.00 (FORTY SEVEN MILLION, FIVE HUNDRED THOUSAND UNITED STATES DOLLARS) INTO YOUR ACCOUNTS. THE ABOVE SUM RESULTED FROM AN OVER-INVOICED CONTRACT, EXECUTED COMMISSIONED AND PAID FOR ABOUT FIVE YEARS (5) AGO BY A FOREIGN CONTRACTOR. THIS ACTION WAS HOWEVER INTENTIONAL AND SINCE THEN THE FUND HAS BEEN IN A SUSPENSE ACCOUNT AT THE CENTRAL BANK OF NIGERIA APEX BANK.

WE ARE NOW READY TO TRANSFER THE FUND OVERSEAS AND THAT IS WHERE YOU COME IN. IT IS IMPORTANT TO INFORM YOU THAT AS CIVIL SERVANTS, WE ARE FORBIDDEN TO OPERATE A FOREIGN ACCOUNT; THAT IS WHY WE REQUIRE YOUR ASSISTANCE. THE TOTAL SUM WILL BE SHARED AS FOLLOWS: 70% FOR US, 25% FOR YOU AND 5% FOR LOCAL AND INTERNATIONAL EXPENSES INCIDENT TO THE TRANSFER.

THE TRANSFER IS RISK FREE ON BOTH SIDES. I AM AN ACCOUNTANT WITH THE NIGERIAN NATIONAL PETROLEUM CORPORATION (NNPC). IF YOU FIND THIS PROPOSAL ACCEPTABLE, WE SHALL REQUIRE THE FOLLOWING DOCUMENTS:


(A) YOUR BANKER’S NAME, TELEPHONE, ACCOUNT AND FAX NUMBERS.
(B) YOUR PRIVATE TELEPHONE AND FAX NUMBERS—FOR CONFIDENTIALITY AND EASY COMMUNICATION.
(C) YOUR LETTER-HEADED PAPER STAMPED AND SIGNED.

ALTERNATIVELY WE WILL FURNISH YOU WITH THE TEXT OF WHAT TO TYPE INTO YOUR LETTER-HEADED PAPER, ALONG WITH A BREAKDOWN EXPLAINING, COMPREHENSIVELY WHAT WE REQUIRE OF YOU. THE BUSINESS WILL TAKE US THIRTY (30) WORKING DAYS TO ACCOMPLISH.


PLEASE REPLY URGENTLY.
BEST REGARDS

Be careful. This scam can be physically dangerous as well as dangerous to your finances. Victims are almost always requested to travel to Nigeria or a border country to complete a transaction. Victims are often told that a visa will not be necessary to enter the country. The Nigerian scam artists may then bribe airport officials to pass the victims through Immigration and Customs. Because it is a serious offense in Nigeria to enter without a valid visa, the victim’s illegal entry may be used by the scam artists as leverage to coerce the victims into releasing funds. Violence and threats of physical harm may be employed to further pressure victims. In June of 1995, an American was murdered in Lagos, Nigeria, while pursuing a 4-1-9 scam, and numerous other foreign nationals have been reported as missing.

Recommendation:

Avoid these scams like the plague! Don’t let promises of large amounts of money impair your judgment?
How does the fraud work?
The bait is the fictional millions of dollars described in each one of these letters. The goal is to get you to come up with money for the "expenses" required to transfer those millions to you. The victim thinks, a few hundred or a few thousand dollars is trivial when $31 million is at stake. Each demand for more money is claimed to be the very last obstacle before the big money is released. Sometimes, the victim is lured to Nigeria, where even worse things happen.

How did they get my email address?

Exactly the same way all spammers get your email address. Spammers "harvest" email addresses mentioned on web sites. Others run "dictionary attacks" — programs which query mail servers if they have an address AAA100, AAA101, AAA102, etc. That’s why you get tons of unsolicited commercial email even if you’ve kept your email address a secret. And spammers sell each other CD’s with millions of addresses. Remember that practically all spam email is fraudulent anyway Why is it called "Nigerian Fraud"? Regardless of the country or countries mentioned in the letter—even countries located outside of Africa—the fraudsters are usually Nigerian.

Ghana is Ranked Among the World's Top 10 Countries in Cyber Crime


Ghana is faced with a huge task to fight the global menace posed by cyber fraudsters, literally known as internet fraud (Sakawa). According to latest report Ghana is ranked among the world's top 10 countries in cyber crime and poses a threat as well as a disincentive to investment in the country's ICT sector.

As an immediate step to remedy the situation Government is considering setting up an emergency Cyber Crime Response Team, to review existing legislature governing the Information Communication and Technology (ICT) activities and strengthen the country's cyber security.

It is however believed such bold initiative could deal with the growing incidence of reported cases of cyber crime, popularly known as “Sakawa”. Ghana's security agencies should also go beyond merely dealing with the criminals and search for other collaborators who may aid and abet cyber fraud.

The Minister of Communications, Mr Haruna Iddrisu who expressed worry that use of credit cards in the country is restricted because of the growing incidence of cyber fraud, added that the act is endangering the safety, use and growth of ICT in Ghana.

On the possible negative social impact of cyber crime, Mr Raymond Codjoe, a legal practitioner, cautioned that if the situation is not properly addressed, software and computer viruses may in the future mutate data and alter Internet Protocol addresses in the same manner that AIDS does to the human immune system.

“This would result in emails being misdirected, web sites being relocated and the internet infrastructure being compromised radically,” he said.

He called for capacity building for the appropriate organs of state as well as international co-operation for investigation and prosecution of cyber crime.

Mr Codjoe suggested that the Electronic Transactions Act (ACT 2008) and regulations made under the Act, should be implemented and its provisions enforced to deal with cyber fraud.

Mr Jimmy Allotey, an Information Technology Security Manager of Ghana Community Network Services Limited, observed that many of the victims of the Sakawa reported cases include vulnerable lonely youths who search for marital relationships and resort to get-rich-quick schemes.

He cautioned against unsolicited lotteries and wager messages, which according to him are some machinations of perpetrators of cyber crime, intended to lure greedy victims to dupe them.

Mr Allottey called for increase and strict vigilance on operations of banks and other financial institutions that deal with money transfer in order to track down on activities of fraudsters who transact businesses with such institutions.

He called for strict enforcement of Article 141 of the Electronic Transaction Act (ACT 2008) that mandates the security agencies to confiscate accesses of cyber fraudsters.

China Outlaws Cyber Crime - - China Has Finally Made it Illegal to Take Control of PCs And Use Them For Criminal Activities


China has finally made it illegal to take control of PCs and use them for criminal activities. This is done with botnets (PCs that are secretly controlled by the criminals). These are primarily owned by criminal organizations. There's big money in botnets, which can be used to spew spam, launch a widespread search for secret files, or shut down websites (with a DOS, or Denial of Service) attack. China has long been pressured to outlaw many Internet based crimes, and to go after the many Internet criminals operating out of China.

About a quarter of the 4-5 million PCs worldwide, that have been infiltrated by hackers, turned into "zombies" are Chinese. This has become a big business, with each PC in a botnet producing $300-$500 a year, or more, for those who control them. Botnets of 100,000 or more PCs are not unusual, and many of them are for rent.

Five years ago, the Chinese found that, while their own Cyber War forces were capable of launching attacks over the Internet, their own computers are already overrun with viruses and worms. A government survey found that, in 2003, 87.9 percent of Chinese PCs connected to the Internet were infected, and most were still infected in 2004. While the United States is regarded as the one nation most dependant on the Internet, it is also the country with the largest amount of effort dedicated to protecting it’s PCs from infection by “malware” (viruses, worms, Trojans and the like.)

China caused the problem because of an outlaw mentality when it came to software. So most users have pirated operating systems and applications on their machines. While there are pirated versions of anti-virus software available, using this kind of protection is not popular. China is trying to get around this by using Linux, a free operating system that is far less vulnerable to attack via the Internet. But Linux does not have as much software available for it, and users are reluctant to abandon Windows, and all the neat games and other software that only runs on Windows powered computers. The Windows based games, it turns out, are a major obstacle in getting many users, even business users, to switch. It seems that playing games on company computers after hours is a valuable fringe benefit for workers, and costs the company little. No one likes to talk about this form of compensation, but there it is.

The most serious aspect of all this is the number of government computers that are using Windows, and are infected. The government has found that switching to Linux is difficult, as there are not enough computer experts to carry this out. Microsoft Windows is much easier to install, and maintain, than Linux. While many more Chinese computer manufacturers are now shipping PCs with Linux installed, Microsoft has a huge head start, and less than ten percent of the PCs shipped in China have Linux on them.

China is trying to fix this by subsidizing Linux training for Chinese engineers and computer technicians. The government also subsidized the development of the Unix based server software, and desktop versions of Linux that do everything a business needs, but are more secure than Microsoft software.

Chinese hackers (mainly the Internet gangsters the government tolerates) are the source of many of the viruses and worms that rapidly spread worldwide. But these nasty little concoctions have, in the past, done more damage, proportionately, in China than they do in the United States. With Linux software, China hopes to develop defenses, and rid the country of much of the pirated software that still runs most of the economy.

===============================================================

For Latest Sports Updates Click Here

For Latest Trends and Styles Click Here

For Traveling/Tourism Information of Pakistan Click Here

For Latest Finance Updates Click Here

Russian's Organized Crime Heritage Paved Way For Cybercrime - - Revealed By Dmitri Alperovitch During a BlackHat 2009 Presentation


Russia's longstanding history with organized crime has nurtured a current crop of sophisticated cybercrime organizations dedicated to information stealing and political "hacktivism."

During a BlackHat USA 2009 presentation, Dmitri Alperovitch, McAfee Internet threat researcher, said that Russia's history of organized crime has paved the way for the emergence of highly sophisticated cybercrime organizations that have spearheaded the emergence of Internet worms, botnets, spamming, phishing and credit card forums.

But fundamentally, there is little difference between cybercrime and other types of crime. "At the end of the day, it's about the money," he said.

Alperovitch said that the current security environment is ripe for cybercriminals. Unlike other types of crime, cybercrime has low barriers to entry, there is little prevention and few enforcement mechanisms, and the returns are "enormous." The "ease of doing business" has facilitated a reported 275,000 incidents in 2008 which translates to about $265 million lost in the U.S. alone, he said.

And that's just the tip of the iceberg, Alperovitch said.

Russia, in particular, has a long history of organized crime, he said. Organized crime emerged during Lenin/Trotsky era. Russian prisons, known as Gulags, housed criminals who formed a distinct organization known as "Thieves and Law."

"Out of these places evolved sophisticated organizations," Alperovitch said.



Members of these organizations were required to abandon their existing families and commit solely to the organizations, using tattoos as a language to communicate their rank and the crimes they have committed.

"Violations of this code were punishable by physical mutilation and even death," Alperovitch said. "They viewed crime as a way of life. They were willing to live and die for their organization."

Initially, Russian cybercrime had its roots in software piracy. However, cybercrime took off following a 1994 Citibank hack linked to St. Petersburg, which allowed attackers to access more than $10 million via the telephone system. Much of that money was never recovered.

"It was difficult to prosecute," Alperovitch said. "What was clear was that this was not a one-man operation."

In the late 1990s, Russian cybercriminals were an integral part of the creation and the monetization of botnets and Internet worms, Alperovitch said, which paved the way for organized crime organizations built around spamming and phishing.

"They realized early on there is a lot of money to be made in spamming and phishing," he said.

But the attacks were motivated by more than just money. Russian cybercriminals realized that cybercrime efforts could be used for political activism, or "hacktivism," which was reflected in denial of service attacks on Estonia in 2005 and on the Georgian government and news Web sites in 2008.

By mid-2000, these organizations were full-fledged businesses. One cybercrime organization, known as CarderPlanet, specialized in the theft and sale of credit cards and identifying information.

As they developed, these organizations operated like corporations, and assigned jobs to members to buy, sell and trade stolen information. "This is about business. This is all about money. These guys are businessmen. They pay for advertising," said Keith Mularski, an FBI cyber division special agent.

They also created Web forums in which they could communicate with other hackers in the cyber underground.

Incrementally, law enforcement began to catch up to some of the Russian cybercrime organizations. Among those recently arrested was Maxim Yastremsky, a hacker partly responsible for the 2006 TJX breach and Roman Vega, mastermind behind credit card dump sites and carding forums.

Mularski described a deep undercover operation over a three-year time span in which he posed as a cyber criminal on the DarkMarket forum. The sting resulted in the arrest of 56 indivduals worldwide, more than $70 million in potential economic loss prevented, and recovery of 100,000 compromised credit cards, he said.

When people think of cybercrime -- this is the first thing I thought of -- everybody is a geek," Mularski said. "Really, the cybercrime out there is highly organized."

Sunday, September 27, 2009

Spam Control Tip - - Don't Reply to Spam


Feel like giving that obnoxious and irritating spammer a piece of your mind? That's not surprising, but resist the urge to reply to a spam message. By replying, you are simply letting the spammer know that you email address is active and that you actually open spam messages. This makes you a prime target, and the amount of spam you receive is likely to increase.

Besides, a scum of the earth spammer is not likely to take much notice of your criticism even if it is couched in the most unflattering terms you can come up with. At best, her/him/it will probably just find it amusing; don't give em the satisfaction!

Microsoft, Yahoo, Google Lottery Scam - - New Attack of Cybercriminals



Email claims that the recipient has won a large sum of money in a lottery draw organized by Microsoft, Yahoo and Google (Full commentary below).

===============================================================

Subject; Winner Microsoft Yahoo Google Lottery Promotion

MICROSOFT YAHOO GOOGLE LOTTERY PROMOTION North London Business Park (NLBP) Oakleigh Road South, London, N11 1NP United Kingdom.

Dear Lucky Winner,

We happily announce to you the result of the Microsoft, Yahoo and Google Lottery draws held on Saturday 12th of September 2009, Lotto 6/49 in Essex, United Kingdom. All participants were selected randomly from World Wide Web site through computer draws system and extracted from over 100,000.00 companies and personal e-mail addresses.

Your e-mail address attached to Ticket number: B9564 7560 with serial number 046560 drew the winning numbers 6 7 14 16 17 27 Bonus 32. You have therefore been approved to claim a total sum of 500,000.00 (FIVE HUNDRED THOUSAND POUNDS STERLING) in cash credited to file EAAL/9080118308/08.

To file for your claim, please contact your corresponding Fiduciary Claim Agent (Mr. Michael Walker) immediately you get this message for quick and urgent release of your fund.

Contact information is as follow:

Mr. Michael Walker
Email: michael.walker@micro.lt
Tel: +44-7024031703

Endeavour to submit the below information’s as stated below to enable Mr. Michael Walker process your winning.
1. Full Name:................................
2. Full Address:.............................
3. Marital Statue:...........................
4. Age:.......................................
5. Sex:.......................................
6. Nationality:...............................
7. Tel. Number:..............................
8. Country of Residence.....................

***Due to possible mix up of some numbers and email contacts, we ask that you keep this award strictly from public notice until your claim has been processed and your money remitted. This is part of our security protocol to avoid double claiming or unscrupulous acts by some participants of this program. ***

Congratulations once more from all members and staff of this Lottery program.

Yours Sincerely,
Microsoft, Yahoo and Google Lottery Promotion **Customer Service**

===============================================================

Be Ware! It's a Cyber World.

For Latest Sports Updates Click Here

For Latest Trends and Styles Click Here

For Traveling/Tourism Information of Pakistan Click Here

For Latest Finance Updates Click Here

Friday, September 25, 2009

Google AdSense Pay Per Click Program - - AdSense Click Fraud in India: How The Whole System Works?



A recent report on Click Fraud suggests that the maximum number of invalid clicks on Pay Per Click ads originate from India. And this is not the first time – its widely believed there there exists a large “work from home” crowd in India who want to generate “quick cash” by clicking Google AdSense ads.

During a recent trip to Google Hyderabad for BarCamp, I met someone who explained me the whole modus operandi of these secret ad clickers.

Pick any issue of Deccan Chronicle newspaper (the English Daily of Hyderabad) and open the Classifieds section – you will see dozens of ads that promise you regular Google AdSense income while working from home. (see this newspaper clipping on the right).

You basically create a website and then write a few articles to get accepted into the official Google AdSense program. Once you become an AdSense publisher, you join any of these “bogus” AdSense network and are introduced to other members who are in the same boat as you.

Now Google would quickly ban your AdSense account if you click Ads on your own website so what these networks do is ask members to click on Ads appearing on websites of other members. So it like a reciprocal behavior – you click my ads and I will click yours.

Do members of such local AdSense networks make money? I have doubts. They may make a few dollars before Google discovers the click fraud activity, bans the account and returns the accumulated earnings to advertisers.

But in any case, the fraudulent clicks have been generated and added to the global “Click Fraud Index”. No wonder, India tops the chart.
A recent report on Click Fraud suggests that the maximum number of invalid clicks on Pay Per Click ads originate from India. And this is not the first time – its widely believed there there exists a large “work from home” crowd in India who want to generate “quick cash” by clicking Google AdSense ads.

During a recent trip to Google Hyderabad for BarCamp, I met someone who explained me the whole modus operandi of these secret ad clickers.

work at home google cashPick any issue of Deccan Chronicle newspaper (the English Daily of Hyderabad) and open the Classifieds section – you will see dozens of ads that promise you regular Google AdSense income while working from home. (see this newspaper clipping on the right).



You basically create a website and then write a few articles to get accepted into the official Google AdSense program. Once you become an AdSense publisher, you join any of these “bogus” AdSense network and are introduced to other members who are in the same boat as you.

Now Google would quickly ban your AdSense account if you click Ads on your own website so what these networks do is ask members to click on Ads appearing on websites of other members. So it like a reciprocal behavior – you click my ads and I will click yours.

Do members of such local AdSense networks make money? I have doubts. They may make a few dollars before Google discovers the click fraud activity, bans the account and returns the accumulated earnings to advertisers.

But in any case, the fraudulent clicks have been generated and added to the global “Click Fraud Index”. No wonder, India tops the chart.

Another Face of Cybercrime - - Fake Tickets of 2010 FIFA World Cup, in South Africa, Are Sold On Internet

As the excitement surrounding the 2010 FIFA World Cup South Africa gains momentum, tickets have been in high demand all over the world. While genuine tickets are sold online exclusively via the official website FIFA.com, unscrupulous individuals are taking advantage of the great appeal of this event by trying to use the internet to sell tickets they do not possess. A special team from FIFA's Legal Affairs Division is working closely with international authorities to monitor the internet for such illegal offers and to take action to combat them.

FIFA and its ticket handling partner MATCH are warning consumers about any unauthorised ticket sales and the risk of purchasing fake tickets, which would result in the buyers not being able to access the stadium. FIFA would like to recall that one of the measures taken to prevent forgery will be to print the official match tickets only a few weeks before the event in South Africa in 2010.

One example of the cooperation between FIFA and the authorities is the great support received from the Police Central e-Crime Unit of New Scotland Yard in the UK in the fight against unauthorised ticket resellers operating via the web. As part of a major operation orchestrated by the Police Central e-Crime Unit targeting all unauthorised online football ticket resellers, New Scotland Yard is shutting down websites selling unauthorised 2010 FIFA World Cup match tickets in violation of UK anti-touting laws.

"Our work with New Scotland Yard is yet another example that we are taking serious steps to stop unauthorised entities from selling 2010 FIFA World Cup tickets. We applaud the work of New Scotland Yard in its efforts to ensure that our common goal to target and shut down illegitimate and unauthorised ticket sellers is achieved. We simply cannot accept that true fans are being cheated in this way," remarked FIFA Secretary General Jérôme Valcke.

Many unauthorised operators are exploiting the popularity of the FIFA World Cup to lure unsuspecting fans across the world into purchasing illegitimate or unauthorised tickets and/or ticket-inclusive travel packages. FIFA is committed to supporting all fans in their efforts to purchase authentic tickets and ticket-inclusive travel packages through safe and legitimate sources.

Fans who are set to travel to South Africa can obtain tickets via FIFA.com, through inclusive travel packages from Participating Tour Operators selected by FIFA, and by buying FIFA-approved hospitality packages. MATCH Hospitality is the only entity which can offer guaranteed match tickets coupled with stadium hospitality benefits.

Wednesday, September 23, 2009

Internet Fraud Case–Vladimir Levin: Hacking Genius

Vladimir Leonidovich Levin, born on March 11, 1971, a biochemistry graduate of St. Petersburg's Tekhnologichesky University in mathematics, led a Russian hacker group in the first international bank robbery over a network.

Vladimir, who worked for AO Saturn, a trading company in St. Petersburg, befriended a former St. Petersburg bus driver who had turned entrepreneur in San Francisco, according to recently unsealed court documents. Levin allegedly told his new friend he had found out how to wire-transfer money out of the bank's computer system. Twice already, he allegedly bragged, he had squirreled substantial amounts into his own account in Finland. Court documents say Levin's colleague became a partner in what would become a multinational hacker ring.

Just a few weeks later, transfers were made to BankAmerica accounts held by Primorye (roughly translated as "Shoreland" in Russian) Corp. and Shore Corp., both of San Francisco. The companies were owned by Levin's friend Jevgenij Korolkov. By this time, the bank officials had begun to suspect foul play and started questioning Korolkov. Korolkov left the country but apparently was not deterred. Instead, the two pressed on and recruited new partners around the globe, authorities say. By October 1994, he broke into the bank's computerized cash management system and attempted forty illegal transactions to California, Israel, Germany, Holland, and Switzerland.

Vladimir was allegedly using his office computer at AO Saturn, a computer firm in St. Petersburg, Russia, to break into the bank's computers and then obtained a list of customer codes and passwords. In July 1994 customers complained of $400,000 mysteriously "disappearing" from two bank accounts. the bank's security system flagged two transfers in August 1994, one for $26,800 and another for $304,000. Bank officials then contacted the FBI, who tracked Levin as he trespassed on the bank's system and made more illegal transfers. He logged on 18 times over a period of few weeks and between June and October 1994 transferred more than $10 million in funds from three corporate customers of the bank to bank accounts through wire transfers to accounts his group controlled in the United States, Finland, Netherlands, Germany, and Israel.

Court documents allege he accomplished the illegal transfers by dialing into the bank's cash management system. The bank indicated that Levin gained access to the company’s cash management system through valid accounts that weren’t protected by encryption. There has been speculation that someone inside the bank served as Levin’s accomplice. The bank, however, denies such claims and evidence to the contrary never surfaced. The system allows The bank's customers to initiate their own fund transfers to other banks; daily turnover is about $500 billion. Authorities say that to avoid causing suspicion, Levin dialed in from his house in Russia late at night. Conducting transactions during New York business hours would less likely raise alarms. Levin apparently used valid user IDs and passwords of other banks, among them Banco del Sud in Argentina and Bank Artha Graha in Indonesia. How he got those passwords, given the bank's extensive security, is unclear. Inside help seems likely, but the bank claims that no employees were involved.

When the bank noticed the transfers, they contacted the FBI authorities, who working with the bank tracked Levin making illegal transfers. They were further assisted by Russian telephone company employees, who helped them trace the source of the transfers to Levin’s employer in St. Petersburg, Russia. Levin was finally arrested at Heathrow airport, London in March 1995 as he stepped off an incoming flight from Moscow. Thirty months later in 1997, he was extradited to New York - the extradition and the actual charges underscore the legal problems encountered with the multi-jurisdictional nature of cyber-crime. Vladimir fought extradition for 30 months, but lost, and was transferred to the US for trial.

When Levin was extradited to the U.S. in 1997, he was described in the newspapers as the mastermind behind the Internet's first-ever bank raid. Some security experts dispute that claim, however. Levin, they say, used telecommunications systems, not the Internet, to break into the bank. He was able to intercept the bank's customers' phone calls and, as the customers authenticated their accounts by punching in their account numbers and PINs, obtain the information he needed to commit the fraudulent transactions.

Levin pleaded guilty in January 1998 and admitted using passwords and codes stolen from the bank's customers to make transfers to his accounts. The bank was able to recover all but $400,000 of the $10 million that was siphoned from its accounts. Finally, in February 24, 1998 a U.S. judge sentenced Levin to three years in prison, and ordered him to pay the bank $240,015. Four members of Levin's group pleaded guilty to conspiracy to commit bank fraud, and served various sentences.

While the bank's spokespeople have indicated that Levin gained access to the company's cash management system through valid accounts that weren't protected by encryption, there has been speculation that someone inside The bank served as Levin's accomplice. The bank denies such claims and evidence to the contrary has never surfaced.

Other Little-known facts:

  1. 1. Levin claimed that one of the lawyers assigned to defend him was actually an FBI agent.
  2. 2. The bank reportedly lost 20 top clients, who thought that the bank’s systems were not secure enough.
  3. 3. The sentence of 3 years was strangely less than the one given to Kevin Mitnick captured in 1995, who had stolen 20000 credit card numbers.
  4. 4. In the UK at the extradition hearing Levin’s lawyer claimed that no computers in the US were used to access The bank’s accounts and extradition was unwarranted. When plot failed Levin’s US attorney argued that none of the transactions technically passed through New York, where Levin was being tried as The bank’s computer is over the river in New Jersey.

2. Other issues relating to Case

This case was not only a serious embarrassment for the perceived integrity of global banking systems but more pertinently for the bank itself. The bank said it was the first time its payment system had been successfully compromised – but they deserve praise for the way in which they both reported it to the authorities and took the resultant adverse publicity on the chin. Turning potentially damaging publicity to their advantage the bank said the only reason $10 million was transferred from the New York accounts was because the bank cooperated with US authorities investigating the scheme. After the first $400,000 was stolen, the bank said, other illegal transactions were allowed to occur so an electronic trail could be laid that would identify all of the conspirators.

Yet there was a critical gap in security procedures at the bank that also helped allow the crimes to be committed. Before a corporate transaction is finally approved, most banks require users to swipe a credit-card-like pass smart card through a terminal. The card is encoded with an electronic signature unique to the user and if the signature isn’t present the transaction is voided. The bank didn’t make these cards available to clients before Vladimir Levin penetrated the bank’s network, although it said it has done so since the crime was discovered.

All the accounts that were hit by Levin are known as Cash Management Systems, designed for use by corporate customers who can transfer money between their accounts. Further, all the accounts targeted were not encrypted, giving Levin easy access to the money. The bank took immediate action so this event would not occur for a second time. The bank has since implemented a security system known as the Dynamic Encryption Card. The card looks like a pocket calculator. The user turns the card on and enters a personal identification number. The card then generates a password to enable users to log into the system. The password can only be used once, heightening security and taking away the responsibility of customers to frequently change their password. As far as The bank is aware, it is the only financial organization using such a system.

The bank said that no current or former employees of the bank were involved in the scheme, but some bankers speculated that someone with inside knowledge of the bank’s security procedures helped perpetrate the crime.

Issues for discussion

1.What do you think was the weakest link in the security, which caused the hacking to take place?

2.What in your view helped the bank to recover almost the entire amount?

3.Considering the fact that 20 clients left the bank and that the bank was sure that it would not


loose more that $400,000, do you think it was right for the bank to go to FBI?

4.What do you think could have helped US to seek extradition of hackers and what do you think are the lessons for us to draw?

Feature Story Microsoft Security Expert Knows Who Can Steal Your Identity


In 1986, the U.S. Senate got in touch with Martin Biegelman. As an expert on identity theft, Biegelman’s testimony was of interest to The Permanent Subcommittee on Investigations, which had invited the then U.S. postal inspector to its first hearings on what was being dubbed “the crime of the ’80s.”

Biegelman brought along a cooperating defendant who discussed the fraud he had committed over the years. “It’s so easy to do. I’m surprised more people aren’t doing this crime,” the defendant told members of Congress.

Biegelman worried that more people would do just that. Even in 1986, he had already seen dozens of lives ruined when criminals hijacked personal information for financial gain. “I testified to Congress years ago that I feared this crime would evolve and create even more untold damage,” he said. “Unfortunately, I was right.”

When he appeared before the Senate, the term “identity theft” didn’t exist. Today, most people are familiar with it. According to think tank Javelin Strategy & Research, identity theft increased 22 percent in 2008, affecting nearly 10 million Americans.

An Evolution in Online Fraud

Biegelman has worked for six and a half years at Microsoft, where he tracks fraud as part of the company’s Financial Integrity Unit. The cases that cross the group’s desks deal with everything from financial issues to asset misappropriation and corruption.

Biegelman has seen criminal methods evolve during his 30-year career battling fraud. Years ago, criminals went dumpster-diving for carelessly tossed bank statements or credit card offers. Now they employ sophisticated technology to get that information from the Internet. “Online, your life is now an open book to the world,” Biegelman says.

Originally, Biegelman wanted to jail every fraudster he came across. He quickly learned that for every criminal he arrested, another popped up. He embraced prevention as the best tool to combat identity theft, and for years he’s shared his expertise. His latest effort is a new book called “Identity Theft Handbook: Detection, Prevention and Security” (US$60; Wiley Publishing). The new book draws upon his long career; covers the past, present, and future of identity theft; and details how people can best protect themselves and their organizations from this global problem.

Biegelman’s battle against identity theft started in New York in 1978. He began hearing from other U.S. postal inspectors that criminals were stealing personal information such as Social Security numbers, dates of birth, and employment history for a variety of crimes, including credit card fraud. At the time, local police didn’t know much about it, but federal agents began to pay attention. By 1981, Biegelman was on an investigative team that worked full-time on mail theft and credit card fraud.

Plenty of Business for Crime Team

The team didn’t suffer from a lack of cases. Biegelman recalls a case from 1985, where he helped execute search warrants at eight safe houses in Brooklyn. Criminals were using the apartments to receive fraudulent credit cards. At one apartment, Biegelman and the other agents found a spiral notebook that had “Borough of Manhattan Community College” on the cover. The first 20 or so pages had business administration and accounting course notes, but the lead agent kept flipping through the book. Buried amid notes on, ironically enough, business law and crimes and tort claims, were pages and pages of names, Social Security numbers, dates of birth, and other personal information. The names didn’t mean anything until the agent got to one: Walter Cronkite, the legendary newsman and broadcaster. Turns out the criminal got a job at CBS News as a security guard. On one of his graveyard shifts, he went into an unlocked personnel office and copied information on dozens of employees.

A more recent case involving famous individuals illustrates how criminals have combined low tech with high tech and widened the pool of potential victims. In 2001, Abraham Abdallah was arrested after fleecing members of Forbes’ 400 Richest People in America list. He used Web-enabled cell phones, virtual voicemail, and library computers to dupe credit reporting companies such as Equifax into providing detailed credit reports on his victims. When he was arrested in New York, Abdallah had a copy of the Forbes magazine with the list of his victims, who included Warren Buffett, Paul Allen, and Steven Spielberg.

At the time, Biegelman was no longer a federal agent, but he was working as an investigative consultant. As he took the Long Island Rail Road into work one day, someone across from him was reading the New York Post. On the cover was Abraham Abdallah. Biegelman recognized the face. He had crossed paths with Abdallah back in 1985, when the criminal was 17 years old and had just been arrested for credit card fraud. At the time, Abdallah promised the judge he had learned his lesson and would go straight.

Taking Steps to Protect Your Identity

When criminals like Abdallah find identity theft so easy to perpetrate, how can people protect themselves? Biegelman admits that today so many people have your personal information that much is out of your control. But there are opportunities to protect onself, he said. Check credit reports regularly, and get a shredder. Even though criminals have gone high tech, dumpster diving is still prevalent. “Anything that leaves your house with personal information should be shredded,” Biegelman says.

After decades of fighting identity theft, Biegelman knows that fraud will be around as long as we are. But education and awareness can help people protect their identities. When he first started speaking publicly at conferences during the mid-’80s, he always asked people to raise their hands if they had been victims of identity theft. Very few raised their hands. Now, virtually everyone knows someone who has been a victim. He hopes with education and awareness, more Americans will be able to protect themselves from the fraudsters worldwide trying to get their hands on money and personal information.

“It’s all about prevention and protection,” Biegelman said. “I always say, if it sounds too good to be true, it usually is.”

Source: Microsoft.com

Tuesday, September 22, 2009

CONGRATULATION ===== YOU HAVE WON !!! - - Lottery Scam Named "SHELL LOTTERY INTERNATIONAL ONLINE PROMO PROGRAMME"


The latest mail I received only yesterday using the name of SHELL LOTTERY INTERNATIONAL ONLINE PROMO PROGRAMME

"Dear Winner, Congratulation we are pleased to inform you today 21st/09/2009 of the result of the winners of the SHELL LOTTERY INTERNATIONAL ONLINE PROMO PROGRAMME, All participants for the online version were selected randomly from World Wide Web sites through computer draw system and extracted from over 100,000 unions, You have therefore been approved for a lump sum pay out of $1,000,000.00 (One Million United State Dollars), in cash credited to file XYL/26510460037/06. To file for your claim, please contact our claims agent; Shell Award Department. Contact Name: Sir Johnson Brown(Services Manager) Tel:+234-807-892-8440 Email: -------------------------- You would be required to send down the following informations: 1.Full Name:................ 2.Address:.................... 3.Sex:................ 4.Age:........................5.Marital Status:........................... 6.Occupation:..............................7.Telephone Number:................ 8.City:..............................9.Nationality:..................... 10.Country:.......... You may wish to establish contact via e-mail or phone call with the particulars presented above citing the batch and reference numbers to this letter. Congratulations once more from all members and staffs of this program. Yours Truly,Online Co-Ordinator Mrs. Rosemary Cole

If you also received this message and you want to try your luck; then just inform me the outcome. But my advice is "Be Ware! It's a Cyber World."

Real Story of Empployment Scam Victim - - Duluth woman victim of job scam


Charletta Key, 46, said she spotted an advertisement for secret shoppers about a month ago and decided to apply. The seasonal tax preparation worker hoped to parlay a love of shopping into IFP Management Services Inc. The letter directed Key to cash the check at her bank, take $400 for her pay and use another set amount to shop at a selection of four stores. Key was supposed to send the remainder of the money to an address in Canada.

Moments after Key presented the check at the bank, bank employees summoned Duluth Police. They arrested Key on a felony charge of first-degree forgery.

“They were looking at it as if I was the responsible party,” Key said. “They did not see that I was being the victim of a scam.”

Key’s 20-year-old daughter sent an email to Gwinnett County Sheriff Butch Conway pleading with him to investigate the situation. Deputies questioned Key and examined the letter. Conway then allowed Key to be released from jail Wednesday on her own recognizance.

“He realized she was more than likely a victim here,” said the Sheriff’s spokeswoman, Stacey Bourbonnais.

A spokesman for the Duluth Police Department did not return a call seeking comment on Friday.

There has been a significant uptick in Internet-based fraud over the past 16 months. The number of complaints about online crime hit a record high of 275,284 in 2008, up from 206,884 the previous year, according to the Internet Crime Complaint Center, which is a partnership between the FBI and the National White Collar Crime Center.

Craig Butterworth, a spokesman for the National White Collar Crime Center, said job scams in particular are preying on an increasingly desperate pool of victims.

“When times are flush, people may be a lot more cautious, but people are desperate now and they are latching on to anything that may present itself as a hopeful alternative,” Butterworth said.

There are ways to avoid becoming an unwitting accomplice to fraud. Never deposit or accept wire transfers or checks into your bank account from sources you’re not familiar with, said Butterworth.

He also urged job hunters to investigate any opportunities they find online by checking to see if the company has a legitimate website and a brick-and-mortar location. He also recommended checking the Better Business Bureau for complaints.

Payment Transfer Job Scam Emails



Scammers are using unsolicited email "job offers" to trick recipients into falling for payment transfer scams. The victim is promised a percentage of the payments transferred. However, the scheme is usually a method of "laundering" stolen money and victims may be unwittingly participating in illegal activities (Full commentary below).

"Subject: PART-TIME JOB OPPORTUNITY

Dear Sir,Madam,

We are small new firm engaged in export of goods to overseas outside my country.We have won various small exports contract at one time or the other, recently we were (engaged) contracted to supply financial programs for market analyzing, management project software in USA which was successfully done.

Unfortunately we have faced some difficulties while receiving payment for our software in our country as need 10-30 days to get a payment from your country. We do not have so much time to accept wire transfers and can't accept cashiers checks and money orders as well. So we need your help to accept this payments in your country faster. If you are looking to make additional profit we will accept you as our representative in your country. You will keep 10% of each deal we conduct.

Your part is very important to accept funds and forward it to us. It is not a full time work but a very convenient and fast additional income. We therefore solicit your assistance to help remit this money , I would want you to submit to us via mail to [Address removed] the following information which includes
1 Your Full Name
2 Your Contact Address
3 Telephone number/Fax
4.Yahoo or MSN ID.
Your country of living

Please respond ASAP and you will get additional details on how you can become our representative. Joining us and starting business today will cost you nothing, just some extra income for you.

Thanks for your vivid co-operation.

Manager,
SMITH BAMI
Director of ENFOSOFT Marketing Dept."

Monday, September 21, 2009

Chinese Cyberattacks Target Media Ahead of Anniversary


BEIJING (Reuters) - Foreign media in China have been targeted by emails laden with malicious computer software in attacks that appear to be tied to the run-up to the National Day military parade on October 1.

While spam and viral attacks are not uncommon, the latest wave is part of a pattern of increasingly sophisticated emails tailored to tempt foreign reporters, rights activists and other targets to open infected attachments.

On Oct 1, the Communist Party is celebrating 60 years of rule over mainland China with a military parade. Beijing has tightened security ahead of the anniversary, with armed paramilitary troops at subway exits during rehearsals and neighborhood residents recruited to watch over the streets.

"There is definitely a pattern of virus attacks in the run-up to important dates on the Chinese political calendar," said Nicholas Bequelin of Human Rights Watch in Hong Kong. He noted that non-government organizations are also favorite targets.

"Whether the government is behind it, closes its eyes to it, supports it or has nothing to with it is unclear. There are also patriotic hackers, so there is no way to know for sure who is behind it."

While poor English used to be a giveaway, new techniques include mimicking a known and trusted sender, or resending legitimate emails from activist organizations with a fake, malware-laden attachment.

The impersonating emails require more effort by the mystery senders but they are also more likely to be opened than easily identifiable, anonymous spam.

Chinese employees working for foreign news organizations in Beijing and Shanghai got identical emails on Monday, each with an attachment carrying malware meant to exploit Adobe Acrobat software, a common application used to read PDF files.

The email, which appeared to be from an economics editor named Pam Bouron, was a polite request for help lining up interviews during an upcoming visit to Beijing. It was tailored so that "Pam" appeared to work for each news organization.

The clue was that Reuters does not have an economics editor named Pam Bouron. Others who received the "Pam Bouron" email include the Straits Times, Dow Jones, Agence France Presse, and Italian news agency Ansa.

Similar emails carrying viruses, also attacking foreign news agencies and non-government organizations, were common ahead of the Beijing Olympic Games last year. In March this year, researchers at Infowar Monitor in Canada found widespread cyber-infiltration of the Tibetan government in exile.

The "Pam Bouron" emails on Monday targeted Chinese news assistants, whose names often do not appear on news reports and who must be hired through an agency that reports to the Foreign Ministry.

They were followed by two suspicious emails on Tuesday morning received by many foreign reporters in Beijing.


Courtesy: Reuters.com

Anti-Cyber Crime Efforts By Governments


What are governments doing to ensure that critical online operations remain operational when under attack from cyber criminals? FutureGov asked senior civil servants in Taiwan, Hong Kong, China and the Philippines to reveal how they are preparing their defences against hackers.

Hsiang-Chen Li, Director of Computer Centre, National Police Agency of Taiwan
Hacking in Taiwan gets more serious by the year. In 2008 the National Police Agency detected more attacks than in any other year – 4664, which is around three to four hacks a day. It is interesting to note that the age range of hackers in getting younger too. Almost one half of the hackers we know about in Taiwan are between the age of 12 and 17 years old, while the rest are between 18 and 23. The problem is allowed to get worse – and it will, most likely – because more people are using the internet in their daily and working lives. The average length of time Taiwanese spend on the internet is at least two hours each day, which leaves a lot of time for hackers to steal confidential information. They then sell it to criminal gangs, commit fraud or intimidate people with it. We started tackling the problem back in 1996. We created a Computer Crime Squad within the police department, and two years later all law enforcement units – including the district attorney – had a task force to handle internet crime. Also, the government established N-CERT and N-SOC in 2001 – initiatives to protect information infrastructure. We are also trying to connect with other countries since most hack attacks were launched from abroad.

Pang Yandong, Director of Information Industry Office, Government of Maoming City, China Information dissemination through web sites as a mean of promoting openness in government affairs is becoming increasingly important in China. And government portals are becoming a key platform for communication between government and citizen. But these platforms are magnetic for hackers. Our administrative web site in Maoming City has received many attacks at escalating cost in terms of disruption and down time. And they are using a variety of methods. Hackers hack into operating systems and expose vulnerabilities in control servers. They have been able to crack the system password, launch denial-of-service attacks, take over the server upload process and tamper with databases and page codes. We have been tackling the problem in the following ways. The first is to strengthen the information security system. Second, to increase user awareness of information security. This involves training network administrators regularly, so that we know how to cope with an attack. We also ensure that we have the most up-to-date security settings and that users change their passwords regularly. And in the event of an attack we record precisely how the hacker got through our system, and make notes on how we rectified the system – and how we might do it better next time.

Stephen Mak, Deputy Government Chief Information Officer, Government of Hong Kong Hacking remains one of the major threats that users and providers of IT should guard themselves against. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) monitors info-security threats in the community. According to them, there is no evidence of a growing trend in the number of hacking activities in Hong Kong, as compared to last year. On the other hand, web defacement and botnets are two of the major security threats. In April 2009, the Conficker worm caused a major threat to users by infecting victims’ computers and turning them into members of a global Botnet, without the users’ knowledge. In collaboration with the HKCERT, we have closely monitored the possible effects of the Conficker worm on Hong Kong and promptly advised computer users of its existence and how to protect against it. We monitor all incoming network traffic and carry out analysis of incidents. On discovering suspected attacks, appropriate action will be initiated. Government departments have implemented technical security measures, such as anti-virus software and intrusion detection system to monitor, detect and block potential attacks. We also keep systems up-to-date by applying the necessary patches and fixes. And we have also established incident response and business continuity plans to prepare for attacks.

Ray Roxas-Chua, Chairman, Commission on Information and Communications Technology, The Philippines Cyber attacks are increasing in sophistication and government can only try to keep up. One of our challenges in the Philippines is our lack of cybercrime laws to apprehend and prosecute cybercriminals. The Commission on Information and Communications Technology is pushing for the passage of an Anti-Cybercrime Bill patterned after the Convention on Cybercrime by the Council of Europe. We hope this can be passed prior to the presidential elections next year. The CICT, with help from the South Korean government, is in the process of setting up a National PKI (public key infrastructure) to ensure safer, more secure, reliable and trustworthy online transactions. It is a joint undertaking of the CICT, through the National Computer Center, and others. We hope that by setting up the PKI will help spur the growth of e-commerce and e-government applications by making Filipinos feel safer online.


Related Posts Plugin for WordPress, Blogger...