Wednesday, July 06, 2005

McAfee Study on Organized Crime and the Internet

McAfee just released a study on the impact organized crime is having on internet fraud. The report states that cybercriminals now use the internet for extortion, fraud, money laundering and theft. The report states that only 5 percent of the cybercriminals ever get caught. The very nature of the internet (borderless reaches) makes detection, investigation and prosecution difficult.

Besides information and identity theft, companies or government platforms could be sabotaged and some of the criminals are even extorting money for not shutting systems down.

Although these crimes require a level of technical knowledge, once the technical part is done, the crimes can be easily maintained through social engineering. Social engineering takes little technical knowledge and entails tricking people to install hidden programs on their computers and or give out personal information. A single criminal with little technical knowledge has the ability to launch a million e-mails and the law of statistics is that they will find hundreds of computers that aren't properly protected from their misdeeds.

This report indicates that the goal of many of the cybercriminals is to infect thousands of computers and turn them into a network of devices that attack in unison, which is known as a bot-net. Quite simply a bot-net is a collection of computers, already compromised by worms, or viruses. Some of them even have their own server and are being rented out to cybercriminals for as little as $200.00 to $300.00 an hour. Bot-nets are allegedly becoming the tool of choice in all sorts of internet (cyber) scams.

Also covered, is increased involvement by organized crime and that more of the known groups are becoming involved.

One FBI report estimated the cost of cybercrime at 400 billion a year. If not dealt with this could have a severe impact on the way we live. Cybercrimes are borderless and can impact anywhere in the world.

The sources of information in putting this report together are international. Included are some of the most well known law enforcement and security experts in the world. We all need to be aware of this criminal activity and support their efforts to combat this growing menace.

The full report can be viewed by clicking on the title.

Sunday, July 03, 2005

Insurance Fraud and the Military

No matter where you stand on the Iraq War, this report (click on title) from the GAO (Government Accounting Office) is disgraceful. Service members are now returning to combat for the third time in a single enlistment and face death daily. To protect their families, they are taking out additional life insurance policies. There are allegations that they are being sold insurance that they do not need, or will do them little good by unethical agents.

The report states that base commanders need to be responsible for reporting violations and that a searchable database should be instituted to identify unethical agents/companies. It also states that implementation of reporting procedures must be made to notify state regulators and DOD officials of fraud.

Representative Marty Meehan, Democrat-Mass recently said "It is inexcusable for the Defense Department to be so remiss in dealing with the con artists prowling our nation's military installations. Countless soldiers have been left in financial distress because life insurance scams on military bases have gone unchecked."

Here is a copy of the letter sent to Secretary of Defense Donald Rumsfield by Congressman Meehan. http://www.house.gov/apps/list/press/ma05_meehan/NR050630Rumsfeld.html

It is refreshing to see that the government is protecting those who are put in harm's way. I would like to see further disclosure (to the public) regarding the insurance companies involved so we can all send them a strong message (our business) that will hurt their bottom lines. It would also be nice to see criminal prosecution (when warranted) and possible some class action law suits to recover any of the money already lost by our service members.

Reporting Fraud

Frequently, while surfing the internet, I have noticed a that there are a lot of scam baiters out there. While this frustrates the fraudster on an individual basis, it does little more than waste their time unless reported to the proper authority.

If you were to talk to anyone involved in the investigation of scams, they would tell you that all too often, nothing is reported until someone is victimized and in most cases, the trail is cold and resolution is impossible.

Quite simply, the fraudsters method of operation is to change identities and even scams frequently to confuse anyone who might come after them. The best intelligence, we can pass on is fresh information that is useful to investigative agencies.

Scam baiters can be a very valuable resource to those who take legal action. Often they have the fresh information that could be valuable to a law enforcement agency.

There is a great (all inclusive website) from a Mr. Anthony Elsop, which lists where you can report just about anything related to internet crime.

Click on title of this post to view.

Laws are being considered all over to make this crime more dangerous and (hopefully) allocate more resources to prosecute those who commit it. Take the time to identify your political representatives and let them know how you feel.

Saturday, July 02, 2005

Investigating Fraud

Investigating computer crimes poses many problems for law enforcement. It isn't easy to investigate crimes that cross jurisdictions and borders, especially given how rapidly technology is advancing.

In the recent CardSystems case, it is still unknown whether the stolen information is being used, although there is a report out of Japan that about 1 million dollars in fraudulent credit card charges may be linked to it. Of course, CardSystems isn't commenting.

The point of compromise could very well be an insider, or an insider planted by organized crime. Recently, a case was solved at Teledata Communications Inc., where an insider at their help desk, who had access to banking information was responsible for causing 50-100 million in losses. Insider involvement in these scams is a common denominator. Here is a recent post, I did.

http://fraudwar.blogspot.com/2005/06/plants-by-organized-gangs.html

Congress is planning to look into this problem as the public becomes increasingly frustrated. Senator Bill Nelson (Democrat-Florida) and some of his peers have asked for a study about how terrorists could use information obtained in these data intrusions.

Choice Point, a data broker who was compromised, has recently stated they will not give out sensitive personal information unless it is requested by the person, or a government entity. Hopefully other data brokers will tighten restrictions also, but the fact remains that a lot of this information can be freely obtained through the internet and or via software programs that are marketed as a means of conducting your own personal investigations.

Laws must be enacted to protect the innocent, awareness raised and resources allocated to go after the criminals. You can take action by writing your political representative and reporting any potential crimes to the appropriate authority. All too often, we fail to do this when an obvious scam crosses our path.