Wednesday, August 31, 2005

Addressing Qchex Fraud

One subject, I've received a lot of comments on is Qchex. Qchex allows people to receive checks through the internet. Their site warns the prospective consumer that they accept no liability and will not investigate anything regarding the checks they send out.

They seem to have become a fraudster's best friend.

Criminals across the world quickly took advantage of the service Qchex offers in Nigerian Letter, Lottery and Auction (Advance Fee) scams. In these scams, an unsuspecting person is promised a large amount of money from a lottery winning, or for helping foreign royalty etc. They are then sent a Qchex item, allegedly to cover a tax or tariff and are told to cash it and wire the money (normally overseas). In auction variety of this scam, Qchex are used to purchase high ticket items, which are normally shipped overseas, or they are sent an amount over the purchase price and asked to kindly wire the excess money. In the end, the check returns and they are held financially and in some cases, criminally responsible.

The banks do not always detect the fraud and more victims are created when their accounts are drained through the use of Qchex. In these instances, since the money is normally reimbursed, if the bank can't return it to someone, they themselves become the victim.

Please note that many other financial instruments are used in these scams, primarily counterfeit items. With QChex, it made the process easier since it takes skill and resources to produce quality counterfeit items.

The good news is that the FDIC and the Privacy Rights Clearinghouse have officially complained. Qchex is claiming that they have now come up with a solution that will verify that the right person is using the account in question. According to Qchex, their new controls are reducing the number of complaints.

Quite frankly, due to Qchex's initial lack of response to the problem, I'm going to wait and see if they have truly taken a bite out of the criminal activity their service supports. I checked their security disclosure at today. It still has the disclosure of what I term as (no accountability), along with some ludicrous examples of how they enhance your security by doing business with them. The most amusing was "Registering your bank accounts with Qchex ensures no one else can setup or access your account numbers on the Qchex system." I guess that means if you do business with them, they will catch on if the criminals try to use your account at Qchex?

I would ask anyone, who is aware of any recent fraud with Qchex to click on the title of this post, which will take you to a site where you can complain to the FDIC.

You can also make the Privacy Rights Clearinghouse aware of any recent activity by visiting their site at:

In many of the replies, I've received about Qchex, people were so angry they suggested suing them. There are attorneys out there that deal in fraud litigation. Here is a link to a simple search listing some of them on Yahoo.

I'm not an attorney, but after dealing with some of the victims on this, it is clear that they have been damaged financially.

More Arrests in Zotob Case

E Week is reporting that 16 more fraudsters have been arrested in Turkey as a result of the recent Zotob case. Allegedly these 16 individuals are tied into a credit card and identity theft ring. There is more information forthcoming, but these individuals are said to run botnets.

Botnets are frequently used to steal information and spread SPAM. There are reports that the owners of these networks rent them out to organized crime. Organized gangs use botnets to install spyware, or a Trojan horse to gather financial, or personal information, which are used in fraud schemes. This is normally done through the use of keyloggers. Keyloggers log keystrokes and place them in a file, normally encrypted, that can be extracted remotely.

Please note that so-called legitimate marketing firms use spyware, normally downloaded from freeware, or peer to peer programs) that gather information on people. A lot of this technology is legal and can easily be purchased over the internet, often being touted for reasons such as spying on your employees, or spouse.

According to Wikipedia, "Botnet" is a jargon term for a collection of software robots, or bots, which run autonomously. A botnet's originator can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes.

A botnet can comprise a collection of cracked machines running programs (usually referred to as worms, Trojan horses, or backdoors) under a common command and control infrastructure. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet owner community.

Microsoft's Internet Security Team is being given credit for developing a lot of the intelligence, which the FBI and international authorities used to resolve these cases.

For more information on the original arrests of Farid Essebar from Morocco and Attilla Ecici from Turkey go to:

For the original article from EWeek, click on the title of this post.

Saturday, August 27, 2005

Air Force Files Hacked

According to an article by Abe Levy (Associated Press) someone hacked into a military database. The database had personnel information (including Social Security Numbers) for about 33,000 Air Force personnel.

Thus far, no identity theft has been reported and all personnel affected have been notified. According to the article, the information was obtained by someone who had a password to the system. It doesn't seem that a lot of skill went into this and probably was the result of an insider gone bad.

In the past year, we have seen a multitude of large data intrusions in the private sector. Here is a link to one of several posts, I've done on this subject.

This is another indicator that these data intrusions, which seem to be rampant recently, need to be paid attention to. Besides threatening the financial stability of the free world, they could even lead to a National Security threat.

To read the article from the AP, click on the title of this post.

Zotob Hackers Caught

The FBI has apprehended two men, who unleashed the Zotob worm. Farid Essebar from Morocco and Attilla Ecici from Turkey will be charged and prosecuted in their homelands for unleashing the Zotob worm.

Allegedly Essebar developed the code and sold it to Ecici.

Microsoft's Internet Crime Investigation Team is being credited for passing on a lot of information to the FBI, which resulted in the quick apprehension of the two suspects. This was accomplished by monitoring the attack in real time, which gave them the ability to follow the electronic trail back to it's source.

It's refreshing to see some quick action. The Microsoft Internet Investigation Team and the FBI deserve to be commended for their quick action and quality investigative work.

For a direct link to my original post and further links to worm removal products from Microsoft and Symantec, click on the title of this post.

Sunday, August 21, 2005

Attack of the Worms

In the past week, the mainstream news media has been awash with speculation that cybergangs are having a turf war by unleashing worms and malware all over the internet. The reason security experts are speculating that a bot war is going on is that some worms are undoing versions of other worms that were previously in place on infected computers.

These worms contain bot code that allows criminals to remotely control a computer. The infected computers are organized into networks, which are rented out to fraudsters. The bot networks are then used in phishing, pharming, and a host of other computer crimes designed to steal financial or personal information (identity theft).

The first worm (Zotob) appeared last Sunday then disappeared. After that several Zotob variants appeared and a another new worm (Bozori) appeared. In addition to this newer versions of already identifed worms began showing up (Rbot, Sdbot, Codbot and IRCbot).

Even CNN, ABC and the New York Times were compromised in this series of attacks, along with computers all over the world.

To protect yourself against this attack (Microsoft 2000 users are the most vulnerable) go to Microsoft's malware removal tool, which is free. Symantec Zotob Removal Tool is another free option to see if there is any damage to your system, along with options for repair/removal.

My theory is that awareness and communication, along with some old fashioned prosecution and political action are cures for the current outburst of financial and cyber crimes. If you want to help, always report any known attempts to law enforcement. Here is a good resource for doing this:

You might also pass on the removal tools to anyone you know that might have been compromised. Perhaps, we can take a bite out of this activity ourselves?

If you are interested in previous posts, I have done on gangs involved in financial and cyber crimes, here are links to them:

Saturday, August 20, 2005

Government Job Assistance Scams

Quite often on job sites and in classified advertising, there are ads stating they can get you U.S. Government jobs. For a fee these ads claim they can guarantee a position.

In most instances, people are directed to a toll free number, where someone tries to sell them study materials for a fee. These fraudulent services have also been known to lie about the availability of specific jobs in an area to reel in a customer (victim).

Many of these services will not give you any better chance of obtaining the job than if you applied for it yourself.

If you have been the victim of one of these scams call the Federal Trade Commission: 1-877-FTC-HELP (382-4357) or visit their website at and file a complaint. You can also complain to your state attorney general, or the Better Business Bureau.

Free information on government jobs can be found at The bottom line is that information on civil service employment is in the public domain and no one should be charging for it.

Here is a link to an earlier post on identity theft occurring on job sites:

To view the Federal Trade Commission's Alert on this activity, click here.

Friday, August 19, 2005

Opt Out From Becoming a Victim

For years, big businesses and specifically marketing gurus have been selling your personal information. Not only does this provide opportunities for criminals to steal your identity, but the offers (themselves) can be pretty darned annoying. There is now a service sponsored by the major credit bureaus in the United States, which gives you the opportunity to stop them from selling your information.

Just go to and tell them to stop selling your information. You can also call 1-888-5-OPT-OUT.

It's a small step and won't stop all the junk mail from coming to your address, but it will help simplify your life and minimize your risk of becoming a victim of identity theft.

Another great resource in the era of Fraud, Phishing and Financial Misdeeds is the Federal Trade Commission's "Do Not Call List." They now accept cell phone numbers, also:

Saturday, August 13, 2005

More Allegations of Fraud in Iraq

In the middle of July, I did a post on fraud involving $300 million in arms deals in Iraq.

In an updated article put out by Knight Ridder, the total amount of the fraud has grown to over 500 million in weapons deals arranged by "middlemen, who reneged on promises after being paid or took huge kickbacks."

The total of the contracts being investigated total over 1.3 billion.

"The Iraqi Board of Supreme Audit, in a report reviewed by Knight Ridder, describes transactions suggesting that senior U.S.-appointed Iraqi officials in the Defense Ministry used three intermediary companies to hide the kickbacks they received from contracts involving unnecessary, overpriced or outdated equipment."

Although, the report states that no U.S. advisors were involved, the contracts were under the supervision of the embassy. The report also indicates that several american diplomats are extremely angry and feel they were duped, although the report is also questioning how american advisors could have been so close to the process and not noticed.

The Board of Supreme Audit published the following findings:

"-Multimillion-dollar contracts were awarded to favored weapons suppliers without a bidding process and without the required approval from the prime minister's office. Investigators wrote that the chief procurer went "beyond his authority" in purchasing equipment.

-Senior Iraqi officials kept little or no record of major purchases, sometimes noting lucrative deals in "undated and unnumbered" memos. Nearly all purchases contained a clause - unusual in international contracting of this magnitude - that required the contract's full value to be paid up front in cash.

-Instead of buying directly from a foreign company or government, Iraqi arms procurers hired third-party companies to negotiate the contracts. When Iraqi leaders later complained about unfulfilled contracts, they discovered they had no recourse to demand a refund because the payments were made to Iraqi middlemen who vanished after receiving the millions. "The undertakings make no obligation ... toward the Iraqi Ministry of Defense," according to the report.

-The sole beneficiary on 43 of the 89 contracts was a former currency-exchange operator, Nair Mohamed al-Jumaili, whose name doesn't even appear on the contracts. At least $759 million in Iraqi money was deposited into his personal account at a bank in Baghdad, according to the report. Internal records incorrectly "indicated that the Ministry of Defense signed contracts with Poland, Arab countries, the United States and Europe, but we discovered that all contracts were signed and executed with Iraqi suppliers," the report said."

Again, allegations, such as these, will do nothing, but inspire the lunatics professing "jihad." Our sons and daughters are in harm's way and some are making the ultimate sacrifice, daily. We owe it to them to ensure that this is investigated and that the people attempting to profit through fraudulent means are brought to justice and severely punished.

For more details on this, click on the title of this post.

How Much Do We Trust Government Agencies?

A lot of us are worried about our privacy, especially in post 9-11 environment. The Ponemon Institute recently did a survey of about 6300 citizens about how much they trust federal agencies with our personal information. The results show that we trust the U.S. Postal Service with our personal information more than the CIA, Department of Homeland Security and the Department of Justice.

According to the study, 83 percent of the people surveyed said that protecting their personal information is important to them. Is there an opportunity for some agencies to show the people they serve that they are trustworthy?

For a copy of the full report you can request it at

For the full article by Dr. Larry Ponemon go to:

Tuesday, August 09, 2005

Sunbelt Security Discovers a Major Data Theft Case

There are reports of a spyware ring that has been able to access the IT systems of approximately 50 banks, as well as, PayPal and E-Bay information. According to the security firm, Sunbelt Software, the result is that social security numbers, credit card numbers, bank account numbers and account information have been compromised.

Also reported at risk are a large number of personal computers.

Sunbelt Software's president wrote in the company blog that it discovered the identity theft operation while doing research on (CoolWebSearch). Allegedly, the spyware downloads with CoolWebSearch.

Discovered were thousands of computers "pinging" back to a domain in the United States that is registered to an offshore entity. Apparently, this is a very sohisticated attack, which isn't detected by most anti-malware programs. Windows XP users, who have not downloaded the Service-2 pack are considered the most vulnerable.

The spyware/malware (trojan) virus is being compared to the one designed by Michael Haephrati, arrested last month in London. Haephrati designed a trojan virus that enabled private investigators (hired by large companies) to spy on their competitors. Thus far, 18 people have been arrested, including officers of large companies.

Here is a post, I did on this story:

The FBI is investigating, but here again is another clear indicator that the way access to financial accounts and sensitive information is "authenticated" needs to be improved. It will be interesting to see how this story progresses.

For Sunbelt's Blog, which has a lot of interesting information on this subject, please click on the title of this post. Please note that they list a lot of free resources to determine, whether or not, your computer might be at risk. I highly recommend reading this blog!

Sunday, August 07, 2005

Retail Crime Becoming Wired

I just read an article from Business Week on the state of refund fraud.

According to the article, retail organizations allegedly lost $16 billion to bogus returns in 2003. This figure was presented to the author of the article by King Rogers International, a loss prevention firm catering to the retail industry.

The $16 billion in fraudulent returns allegedly represents about 9 percent of all returns. These statistics are from 2003, which is the latest data available and represents a 23% increase from previous years. Please note that the article is not specific on how these statistics were obtained.

My guess is that these statistics were gathered via a survey. Estimating the root cause of retail losses is very difficult. This is because losses are primarily determined by how much of their physical inventory is missing. Physical inventories at most retail organizations are conducted once, or twice a year. Other major contributing factors like customer theft, employee theft and even poor operational controls contribute to losses. Due to the complexity of a retail business, one can normally only make an educated guess as to which category caused what percentage of loss.

An additional problem with these statistics would be that one shoe doesn't fit all. I would imagine that there are varying reasons at different retailers for losses depending on how they operate, the quality of people they hire and their business controls.

Another expert cited in the article was Read Haynes of the Loss Prevention Research Council at the Universtity of Florida. According to Read Hayes, there are web sites that sell unexpired receipts, which are often used in refund fraud schemes. Hayes also says that gift cards, which are given for returns are often sold on auction sites.

Recently, E-Bay was lobbied by the Retail Industry Leader's Association after performing a study on gift cards tied to fraudulent refunds. E-Bay sellers are now limited to selling one card per week at a maximum of $500.00. Here is another article from E-Pay news on gift card fraud.

Gift Cards May Be A Vehicle For Returns Fraud

Unfortunately, there are other auctions sites and chat rooms, where gift cards are still being sold without regulation. We also need to take into account that a lot of gift cards are purchased with bogus financial instruments, such as checks and credit cards. My guess is that a lot of these circulate via the internet also. There is a link from the article listed above on this very subject.

Regarding the problem of counterfeit receipts, which are used to perform fraudulent refunds. A lot of major retailers now tie receipts to a transaction. This means they have to mirror a transaction in order to be valid for a refund, normally via a transaction number. In the article, Hayes is quoted as stating the reason for the higher losses is that return policies are becoming more generous within the retail industry.

I find this statement odd because as a consumer, I have noted return policies becoming tougher in recent years. The few times I have had to refund anything, I had to provide identification (which was recorded electronically), if I didn't have a receipt. If memory serves me correctly, even with a receipt, my personal information was sometimes recorded. Counterfeit receipts were supposed to be stopped in the late nineties by making them correspond (mirror) a transaction. If these scams are flourishing again, perhaps the cause is an increase in technological prowness of the fraudsters involved?

A very important issue to consider is when personal information is electronically kept, it could be used for identity theft. I would speculate that the professional criminals involved in this are probably very adept at identity theft. They probably already are defeating the systems in place by using multiple identities in addition to counterfeit receipts.

There is also the issue of privacy to be considered for the 91 percent of honest people (based on the statistics cited) of how their personal information might be used. Most people return merchandise because it is defective, or they were sold the wrong item. At a minumum, the cost of obtaining customer satisfaction could be their information being sold to information brokers. At a maximum, the system could be hacked, or even accessed by a trusted insider and their personal information could be used in criminal activity.

If counterfeit receipts are flourishing again, it might be for other reasons. Data theft (intrusions) and insider information obtained by plants seem to be happening everywhere. Retail organizations, which already gather personal information for marketing purposes probably aren't immune to this. The proverbial question is where is the information being obtained that these receipts use and how can repeat offenders be identified if they are using multiple identities?

Also mentioned in the articles is that the National Retail Federation (NRF) is setting up a database to track retail crimes and bar-code data. The Retail Industry Leaders Association is also testing a web database that tracks retail criminal activity. This information will be provided to law enforcement and retailers, who are members. It remains to be seen how effective these measures will be, but it is a start.

The internet is cited in the article as the new flea market, which is true. The difference is that with the internet, the reach is much farther and because of this, more deadly to the bottom line.

It's amazing how a lot of the different scam activities, (retail theft, refund fraud, check fraud, credit card fraud, phishing, pharming, auction fraud, identity theft, or collectively financial misdeeds) tie into so many business sectors of the world economy. There are recurring themes to be considered.

The criminal, who commits these types of crimes, counts on mutating and moving their activity in order to avoid detection. Since it would be safe to assume that their ultimate goal is money, they also might be hitting several different business sectors at the same time. The key to protecting people and business community is awareness, communication and a combined effort by all the different sectors to resolve the loopholes that allow these crimes to flourish.

For the original article in Business Week, click on the title of this post.

Chevron Accused of Tax Avoidance in Nigeria

Chevron Nigeria Limited is being accused of avoiding $10.8 billion in taxes. The allegations are being made by an accounting firm (ABZ Integrated Limited), who are tax consultants to Nigeria's Economic and Financial Crimes Commission.
ABZ is charging that Chevron denied Nigeria $2.7 billion in taxes and should pay this and a fine of $8.1 billion dollars. Chevron is denying the allegations and says it welcomes any investigation.

Interestingly enough, this story is getting little play in the North American, or European press.

The Nigerian government announced a crack down on fraud three years ago and founded the Economic and Financial Crimes Commission (EFCC) in 2002. Since then, this agency has recovered more than 700 million dollars and arrested more than 500 suspects. Currently, there are 100 cases on trial.
The press on the EFCC has been both bad and good. Some are applauding their actions and others are saying that it is a small drop in the bucket with the amount of fraud coming out of Nigeria. Here is a recent article on this:

Here are a list of charges from an article on OnlineNigeria:

"•In1998 and 1999, the companies diverted $75 million government tax revenue through dividends.

•Evaded tax through claims to unmerited capital allowances, based on fictitious qualifying capital expenditure by $190 million.

•Evaded tax through claims to unmerited tax credits, such as Reserve Additional Bonus (RAB) and Intangible Drilling Cost (IDC) by $222 million.

•Through conspiracy, the companies were assessed to lower amount of tax than expected by $95 million.The tax consultants further claim that Chevron may have been involved in money laundering during the period under investigation because it did not provide details of debtors and creditors amounting to $260 million in each of the years, in its audited accounts, as required by the Companies and Allied Matters Act of 1990.The consultants also alleged that during their defence of the initial reports submitted to the EFCC, very critical issues were raised bordering on.

•Non payment of monthly Petroleum Profit Tax installments. Chevron Oil Nigeria Limited was expected to make 104 installments for eight years to year 2002. The company failed to make 42 installments, while its partner, TOPCON, failed to pay 24 installments. This denied the nation of several millions of dollars.

•Some payments claimed to have been made by the companies were not traceable to the Federal Reserve Bank account for the domiciliation of PPT revenue.

•Use of illegal revisions of their PPT estimates to manipulate their tax liabilities. These were revisions made beyond the statutorily permitted accounting year of December 31 of each year.

•Manipulation of revenue from royalties for which DPR is responsible for determination of liabilities but ironically does not issue receipt to the oil companies for payment; instead, the office of the Accountant-General of the Federation usurped the responsibilities even though it is not a government revenue generating agency.

•Conspiracy between revenue officers and Chevron which led to replacement of Assessment Notice for a higher amount of $21,838,977 with that of $12,005,455. The difference of $9,833,492 denied the federation has been established to be a fraud actualised by duplicating an expense on licences and miscellaneous taxes in 1996.

•There were cases where FIRS credited Chevron with payments which it never made. An example was the $22,400,000 vide Treasury receipt No. PP036337 of August 14, 1997. This suggests fund diversion.The tax consultants also said in their report that in 2002, Chevron claimed to have spent $25.5 million on community development while in actual fact only $249,000 was spent."

According to the article, Chevron has repaid $6.516 million and nothing is being heard from the EFCC, who had earlier threatened to shut down their operations if these charges were found to have merit.

Although, Nigeria is one of the biggest oil producing countries in the world, the general population remains very poor and sees relatively little of the profits spent on improving their lives.

Here is an interesting link to a report from Human Rights Watch on the status of Nigeria and information on how little of the oil profits are used to improve the daily lives of the poor. It cites that the foreign companies making a lot of the money from oil profits bear some of the responsibilty.
The article from OnlineNigeria can be read by clicking on the title of the post.

There are a lot of foreign companies making a lot of money in Nigeria. There is also obviously a very small minority in Nigeria getting very rich, while many of their citizens live in poverty. Perhaps this is one of the root causes for all the fraud that comes out of Nigeria?

Wednesday, August 03, 2005

Rumor of a Partnership Between Organized Fraud Gangs and Terrorists?

There is a report out of Germany that organized fraud gangs and terrorist organizations are joining forces to commit financial crimes (fraud). The Federal Audit Court of Germany issued a report stating that these groups have cost the taxpayers of Germany 17.6 billion euros, which equates to 23 billion dollars, or 12 billion british pounds at today's exchange rates.

It is alleged that the groups involved in this are extremely organized and employ accountants, auditors and even law firms.

The specific fraud cited was sophisticated value-added tax (VAT) fraud, where phantom purchases were used to obtain refunds on high end items. In one case cited, groups in China, Israel, the UK and Dubai were able to claim VAT refunds of 1.15 billion Euros.

The report stated that terrorist organizations are involved in this activity and that they are taking advantage of a lack of communication between tax, judicial and law enforcement agencies in Europe.

This article demonstrates the importance of communication and partnership between the free countries of the world. For many years, it has been known that terrorist organizations were funding themselves through the drug trade, particularly in Afghanistan. In theory this would bring them in partnership with criminal organizations. If the allegations in this report are true, it is entirely possible that they are branching out in their activities to fund their terrible causes.

Here is an earlier post on the recent McAfee study on the impact of organized crime on the internet.

For the article by Bertrand Benoit, please click on the title of this post.

Tuesday, August 02, 2005

ATM/Debit Card Fraud on the Rise?

There are a series of articles circulating in the press stating that ATM/Debit Card Fraud is on the rise. A recently published report claims that about half the banks fail to check security codes when processing transactions.

The report by Gartner Inc., claims that fraudsters took $2.75 billion from consumer accounts in the past year. Gartner claims that about 70 percent of these losses could have been avoided if the security information imbedded in the magnetic strip had been checked rather than relying on account numbers and pin numbers. Another problem cited is the relative ease with which a pin (personal identification number) can be changed by telephone, or over the internet.

A lot of this has been caused by a noted increase in phishing. For more information on the increase in this activity, please read:

Another, old-fashioned means, not reported in these articles is when a encoding device is attached to a point of sale (register) system and card information is downloaded to a remote computer (normally a laptop). A hidden camera is then placed above the pin pad and the pin is recorded. This can easily be avoided by hiding your pin number when inputting it on a pad.

The same thing can be accomplished when a fake ATM Machine is set up, which copies the information off the magnetic strip and a hidden camera records the pin. Again, it is recommended that you always conceal your pin number when entering it.

No matter how the information is obtained, fraudsters normally create a cloned card and then are able to use it at ATM machines and or retailers accepting ATM cards. Although, in most instances, the money is returned to the victim by their bank, it causes a harship for the person going through the process. I would also guess that the true cost must be passed on to the consumer in the form of increased fees in order for the financial institutions to stay profitable.

The report was based on a survey of 5,000 consumers in May and discussions with professionals in the industry. The banks are questioning this, but the report is backed up by a prominent member of the Anti-Phishing-Working-Group. Their website is:

For one of the articles by Reuters, click on the title at the top of this post.