Sunday, May 28, 2006

Is the Latest Congressional Scandal a Nigerian Fraud

The AP is now reporting the possible involvement of Nigerian Vice President Abubakar Atiku in the bribery scandal involving Congressman William Jefferson of Louisiana.

To try to get some commentary on this, I went to Congressman Jefferson's site. The only thing I found "interesting" was a message to the "Katrina Victims." Unfortunately, Katrina has now - ALSO - proven to be a fraud-ridden event.
Now the AP is briefly mentioning that the Vice President of Nigeria was the intended recipient of the bribe and the African Press is discussing it in more detail.

As reported by the AP:

While the name of the intended recipient of the $100,000 is blacked out, other details in the affidavit indicate he is Abubakar Atiku, Nigeria's vice president. He owns a home in Potomac, Maryland, that authorities have searched as part of the Jefferson investigation.

For the full story from the AP, courtesy of W-TOL in Toledo, Ohio, link here.

Nigeria has received a lot of bad press for being the "point of origin" for fraud schemes that have victimized people worldwide. In the past few years, President Olusegun Obasanjo has come down hard on fraud and with the help of his EFCC (Economic Financial Crimes Commission) prosecuted a lot of high profile cases, which were well publicized.

Here is a description of Nigerian fraud that I wrote in an earlier post:

"Nigeria is one of main sources for all sorts of Advance fee fraud (419) fraud scams. The Advance Fee scam is where a ruse is used to get a victim to send them money (nowadays normally wire-transfer) in anticipation of riches (or sometimes love) to come. The best known is the "Nigerian Letter," but the activity has mutated into romance, lottery, auction, check cashing, work at home and reshipping scams."
While the fraud that is exported from Nigeria is what we read about all the time, there is considerable evidence that fraud in Nigeria (at least historically) exists at all levels. The current President (Obasanjo) has led a very public campaign against corruption within Nigeria and is credited with making great strides in this area.

It will be interesting to see if the EFCC investigates the Vice President. is reporting the story, which quotes Atiku as saying Jefferson was name dropping and obviously committing a 419 (Nigerian Penal Code for Advance Fee) scam. In all fairness, most of the money was still in Congressman Jefferson's freezer, and he did indicate to the "informant" that the money had reached the intended recipient.
Please note that other fraudsters impersonating Nigerian fraud is nothing new. In the past, I've seen other groups do scams - which were made to look as if they came from Nigeria.
However, wrote an article about the "mysterious" mansion in Potomac, and it's (legal) owner, Jennifer Douglas. According to BiAfra Nigerian World, the mansion was purchased after Atiku became Vice-President and Jennifer Douglas - who they describe as one of Atiku's many wives - is a student with no verifable income. Their article states that Ms. Douglas has left the United States and returned to Nigeria. The AP article states that this mansion, if they are one and the same, belongs to Atiku and makes no mention of Ms. Douglas.
BiAfra Nigerian World has a link to Maryland Property records showing Jennifer Douglas as the owner.
Another item mentioned in all the artices was a telecommunications deal with Nigeria, where the owner of the U.S. company in question has already pled guilty to giving Congressman Jefferson $400,000.00 to seal deals with Nigeria and "other African countries.
Link to the story from, here.
The AP doesn't seem to come to any conclusions and the FBI isn't commenting yet, which could mean the matter is still under investigation.
The FBI recently added a page to their website, where the public can report government fraud.
Considering the recent activity with Tom Delay, Randy (Duke) Cunningham and now this investigation, they seem to be pretty busy in this arena.

Here are some previous posts, I've done on Nigerian Fraud:

419 From the Other Side of the Fence

Hard Drives for Nigeria

Nigerian Vice President Abubakar Atiku

Saturday, May 27, 2006

Catching Child Predators by following the Money Trail

The Internet can be a dangerous place, especially for children. You never know what may lurk behind a "screen name" and the Internet is used by those involved in child pornograghy to distribute their immoral and illegal material.

Now a coalition between the financial services industry, ISP's, law enforcement and a child advocacy group will use a time-tested method of resolving Internet crime, which is if you want to find the culprit(s); follow the money.

USA Today is reporting:

"The financial institutions will report child porn sites they discover on the Web to a central tip line, slated to expand next month to receive the information. The companies will block transactions for online child porn or, if law enforcement opens an investigation, help track sellers and buyers."

"The Financial Coalition Against Child Pornography represents a new phase in the war against what has become a multibillion-dollar, international business. Internet service providers, including AOL, already report child porn sites they find."

For the article by USA Today, link here.

The intent of this effort will be to identify offenders, shut down sites and hopefully bring some of the people to justice.

This new tool was brought about with some hard work by the National Center for Missing and Exploited Children and Sen. Richard Shelby, R-Ala.

The National Center for Missing and Exploited Children has a cyber tipline, as well as, a link where anyone can report a sighting of a "missing child." This site also has a lot of valuable information for children and parents how to be Internet smart and is well worth a visit.

Hacking the Paparazzi

I've never been much of a fan of "paparazzi" types. Their whole goal in life is to invade "people's personal domains" for no other reason than to satisfy the public's need for gossip.

Now, it appears, they are using technology to spy on each other and the FBI is taking action.

As reported in the LA Times:

"Federal agents want to know whether one of the owners of Sunset Photo and News attempted to learn what stories the staff at US Weekly, a Hollywood gossip magazine, was working on, said the sources, who spoke on the condition of anonymity."

Please note that the FBI isn't commenting.

Link to LA Times story, here.

Another story, from was a little more specific and claims that Charlie Sheen was the target of the alleged "hacking" exploit. The "person of interest" at the Sunset Photo and News (Jill Ishkanian) is allegedly good friends with Heidi Fleiss, who has claimed that the "hacking allegations" are untrue.

Not sure how credible this is, but Heidi allegedly knows Charlie quite well.

All kidding aside, hacking and a legal "Spy Industry" threaten a lot of people's privacy and now that the "Stars" are being targeted -- perhaps we can get George Clooney, Sean Penn, Barbara Streisand, and maybe Charlie's father (Martin) to speak out on this issue.

The Federal Trade Commission is taking notice and recently went after a bunch of Private Investigators, who had people's personal telephone records for sale.

Now, I'm not sure, but I might guess that some of these people are "outraged" about the telephone companies giving information to the NSA. As I've said before, the NSA is only using the best information out there - which has been gathered for years - from the private sector.

The Information Industry is big business and has been buying and selling our personal information for years.

Personally, I'd rather have my telephone records with the NSA than sold to, "whomever."

As technology continues to grow and laws fail to keep pace with it, we are all at risk. Recently, "hacking kits" were being sold on the Internet via dubious sources and if you need advice on how to do it, there are plenty of Internet groups that thrive on this subject.

Not only are there shady "Internet" sources, but you can also buy a lot of "neat" technological devices to invade people's privacy and no one will ever ask you what it's intended use is.

Industrial and personal espionage is a real problem and needs to be addressed by going after the root causes, which seem to be perfectly legal. Until we do this, our personal privacy will be out there for whoever wants to buy it.

Friday, May 26, 2006

Why Should We Allow Eastern Europe to Export Cyber Crime

I just got finished reading an article from Business Week called "Meet the Hackers." It highlighted a trend that could very well be what's behind some of the massive "information breaches," we see on almost a weekly basis.

Here is an excerpt from the article:

The picture that emerges is of organized gangs of young, mostly Eastern European hackers who are growing ever more brazen about doing business on the Web. They meet in underground forums with names like and to trade tips and data and coordinate scams that span the globe. (Those and other Web sites and organizations named by investigators did not respond to e-mails, instant messages, or phone calls seeking comment.) "Financial payment fraud has evolved tremendously," says John Corbelletta, a former police officer who is director of fraud control for Visa U.S.A. Inc. "Most of the cases I investigated when I was a cop involved people who had their cards stolen out of their purse. We didn't even think of counterfeiting cards."

One of them, a young man from the Ukraine (Dimitry Ivanovich Golubov) was recently arrested, and then released with the help of some highly placed friends in the Ukranian government. This was someone, who our government was interested in prosecuting and allegedly a "godfather" type in the cyber crime circles.

Why is it so easy for these sites to exist? Obviously the writer was able to send them messages "seeking comment?" The sad truth is it is far too easy to set up rogue sites, and all we need do is look at the volume of "phishing" activity that is out there. Whether they set up with foreign IPS providers, or hack into an existing site, they seem to have no problem getting a Internet address.

They have stolen so much information, it has become pretty cheap on these "carding" sites. In fact, they are becoming so brazen; they are now selling "how to kits" with everything a "budding" fraudster needs to get started.

With 82 million identities floating around (the amount compromised recently), it shouldn't surprise us that our "identities and personal information" are so cheap. Quite simply, there is a surplus of information out there for sale.

For an interesting article from the Washington Post on how cheap our information is being sold for, link here.

Eastern European organized crime is a worldwide issue and they aren't only involved in cyber crime. They are also involved in guns, prostitution, extortion, car theft, black market, drugs and the "human flesh" trade.

Here are some interesting statistics from the United Nations:

"The number of known criminal groups in Russia increased between 1990 and 1997 from 785 to an astronomical 9,000, with a combined membership of more than 100,000, according to the country's Interior Ministry. In Moscow, some 189 criminal organizations were active in 1996, of which 23 had branches abroad."

"The Ministry estimates that about 40,000 Russian businesses are controlled by organized crime. Among these are law firms, banks and other businesses that can launder money. Many have global links."

In another UN report about Russian Organized Crime in the United States, it said:

"Russians have recently become the principal purveyors of credit card fraud in the U.S., supplanting the West Africans."

It appears that cyber crime isn't the only thing they are involved in that is a threat to human decency. Sadly enough, some of the greatest victims are their own citizens - many of whom - are sold into slavery in some of this criminal activity.

There is also increasing evidence of collusion amongst the various organized crime factions of the world, and some say terrorist factions. Al Qaida teaches it's minions to survive via credit card fraud. Recently, the RCMP (Royal Canadian Mounted Police) made a pretty good argument for this.

With the sheer amount of data breaches and evidence of the information being sold (pretty cheaply) over the Internet, a financial disaster could be in the making. It also seems that whenever it is traced, it goes back (largely) to Eastern Europe.

I decided to check out the recent (highly publicized) arrest, where 565 cyber criminals were caught and discovered that none of the arrests, or law enforcement support seem to come from these Eastern European countries.

Since I'm certain that this is not because of a lack of effort on the part of law enforcement, perhaps we would make greater headway if our politicians took some action. If Eastern European governments are failing to cooperate, maybe our governments should put some "economic" sanctions in place designed to make them see the "light."

Ironically enough, 26.5 million veterans, many of whom trained to protect us from a perceived threat from this part of the world during the "Cold War," might be having their identities sold (cheaply) over some of these "carding" sites somewhere in the near future.

My message to Eastern Europe is that they need to stop exporting their problems to the rest of us and should they fail to do so, we should exercise our combined political voice to stop their personal attack on millions of innocent people.

Thursday, May 25, 2006

Lay and Skilling Guilty, Aunt Millie Finally Sees Some Justice

Kenneth Lay and his Kenneth Skilling have been found guilty of conspiracy to commit securities and wire fraud. Sentencing is scheduled for September 11 and Lay and Skilling - considering their ages - are potentially facing life sentences.

A lot of us can now reflect that maybe "Aunt Millie" has finally seen a little justice.

Here is a "tidbit" from a previous post, I wrote:

"Enron was illegally manipulating energy costs by faking plant failures etc. California suffered the brunt of it with outrageous bills and blackouts. In taped conversations between the traders at Enron, poor old Aunt Millie (a grandmother from San Diego on a fixed income) was brought up and it was (jokingly) suggested that she use candles."

Link, here.

Please note that Aunt Millie was facing electrical bills of close to $1,000.00 a month on a fixed income, while Lay and Skilling reaped enormous personal benefits. These "fine fellows" ripped off their investors, employees, the State of California and many others for billions of dollars.

Even now - that justice has been served - the victims in all of this will probably never be made whole. Proposed settlements in the civil portion represent pennies on the dollar and are unlikely to reach anyone individually.

Additionally, it appears they still have a lot of financial resources and a "full scale" effort towards appealing these verdicts is yet to come. While "Aunt Millie" and all the other victims in this case might have seen a little justice, Lay and Skilling still have the "means" to mount a formidable defense.

Hopefully - when this is all said and done - their "means" will have been returned to those they have victimized.

For another post, I did adressing Ken Lay's defense effort, link here.

For the Houston Chronicle's blog on the trial, link here.

Wednesday, May 24, 2006

The VA Data Breach is a Symptom of a Bigger Problem

26.5 million identities of our veterans have been compromised, and the official spin is that the risk of identity theft is minimal.

The waters are still "murky" and I'm not sure what other valuables were at this mid-level computer analyst's home, but the media is reporting that the equipment - consisting of a laptop, external hard drive and some disks - were the only items taken.
Being that I'm one of the 26.5 million compromised - on a personal level - I'm worried. To me, it doesn't make sense that the only things taken were the very items that had "information potential."
It is also now being reported that it took two weeks for the Veterans Administration to report the incident to the FBI. If this is true, is it incompetence; or a deliberate attempt to cover-up the facts?
But, should we be blaming the VA for not reporting this for two weeks? After all - in the recent debit-card breach - Visa and Mastercard knew of the problem a couple of months before it was disclosed. Even now, the information that was reported (by those breached) seems to be the bare minumum.
According to the Privacy Rights Organization, which has monitoring these breaches, almost 82 million Americans have had their identities compromised. You can view their chronology, here.
Note that in some of the breaches, the number was unknown, therefore the actual number of people compromised might be higher.
Meanwhile, the House Commerce Committee is rushing to vote on the Financial Data Protection Act of 2006 and the House Judiciary Committee is scheduling a vote on the Cyber Security Enhancement and Consumer Data Protection Act.
There are a few flaws (my opinion) in the current legislation. The new laws will allow companies, institutions and organizations to decide - via an internal investigation - whether disclosure is warranted, and gives them 45 days to report it if there is a "reasonable risk" of identity theft.
If we look at this from a historical perspective (organizations reporting themselves), we are in a lot of trouble.
Critics claim this federal legislation has been "watered down" by special interest groups. Rushing this legislation through might not serve the best interests of the people. In fact, some might speculate that those (who watered it down) are using the "VA breach" to push it through before the public sees the flaws.
82 million people might send a powerful message to our "elected officials" in the upcoming election. The message is there are a lot of us tired of seeing millions of people victimized and nothing (effective) being done about it.
To my fellow veterans, who have been compromised, here is a link from the Privacy Rights Organization about this compromise and where to get help.

Tuesday, May 23, 2006

26.5 Million Veterans Compromised in Data Breach

Data breaches seem to be a weekly occurrence. Now we can add 26.5 million veteran's personal information to the list.

With as many times as this has happened, it never ceases to amaze me that much of this information isn't compromised by criminals with advanced "technical knowledge." In this case - as in many others - it appears the information was on a laptop and was stolen by a home burglar. In other words, 26.5 million people, who served their country have been compromised by a petty criminal.

The Privacy Rights Clearinghouse keeps track of these ongoing data breaches, which can be viewed, here. When you add them all up, it's pretty scary.

Here is the statement from the Department of Veterans Affairs:

The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of our policies.

This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. Importantly, the affected data did not include any of VA's electronic health records nor any financial information. The employee's home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation.

Appropriate law enforcement agencies, including the FBI and the VA Inspector General's office, have launched full-scale investigations into this matter. Authorities believe it is unlikely the perpetrators targeted the items because of any knowledge of the data contents. It is possible that they remain unaware of the information which they posses or of how to make use of it. However, out of an abundance of caution, the VA is taking all possible steps to protect and inform our veterans.

The VA is working with members of Congress, the news media, veterans service organizations, and other government agencies to help ensure that those veterans and their families are aware of the situation and of the steps they may take to protect themselves from misuse of their personal information. The VA will send out individual notification letters to veterans to every extent possible. Veterans can also go to as well as to get more information on this matter. The firstgov web site is being set to handle increased web traffic. Additionally, working with other government agencies, the VA has set up a manned call center that veterans may call to get information about this situation and learn more about consumer identity protections. That toll-free number is 1-800-FED INFO (333-4636). The call center will be open beginning today, and will operate from 8 am to 9 pm (EDT), Monday-Saturday as long as it is needed. The call center will be able to handle up to 20,000 calls per hour (260,000 calls per day).

Recently, I did a post, where another laptop (government) was compromised:

Laptop Loss Exposes U.S. Marines

It amazes me that in the "Age of Compliance," our information isn't better protected. Another thing that amazes me is that "experts" are assuring the public that there is a very small chance this information will be used for identity theft. I supposed that this is based on the premise that the "crook" merely wanted to steal the laptop.

My thoughts are that either the crook stole the laptop for the information, or has now likely discovered (via all the attention this has raised) exactly what they have.

Virtual Task Force Nets 565 Cyber Criminals

An international (virtual) task force dubbed "Operation Global Con" has netted 565 cyber criminals that have victimized approximately 3 million people.

Attorney General Alberto Gonzalez, who was joined by FTC Chairman Deborah Majoras, Chief Postal Inspector Lee Heath and Costa Rica's Attorney General Francisco Dall’ Anese Ruiz issued a prepared statement:

Over the past 15 months, United States and foreign law enforcement agencies have targeted international fraudulent mass-marketing schemes in the largest enforcement operation of its kind. The results of Operation Global Con have been dramatic – with 565 arrests, both here and abroad.

We all know the annoyance of phone calls, junk mail, and spam and pop-up ads that bombard us with seemingly incredible financial offers. For millions of Americans, these intrusions have been more than a nuisance.

Operation Global Con targeted international mass-marketing schemes. These criminals used telemarketing, the Internet, and mass mailings, to cheat unsuspecting people through bogus investments, fake lotteries and sweepstakes schemes, phony credit cards, and tax frauds.

In Miami, Florida, for instance, two defendants allegedly duped investors in the United States and Europe for more than $3 million dollars. Investors in Discovery Capital believed it to be legitimate because the defendants would occasionally use funds received from new investors to send out purported interest and dividends. Allegedly, the rest of the money went to fancy cars and million-dollar homes for the defendants.

Link to prepared statement, here.

The effort was done with the partnership and support of several countries, including Canada, Costa Rica, Spain, the Netherlands, the United Kingdom, New Zealand and Nigeria.

Also released on the DOJ site was a fact sheet, which gives more detail on this operation.

This is positive news, but my best guess (based on extensive study of the subject) is that there are plenty more cyber-criminals still in business out there. The positive part of it is the fact that we are now seeing signs of "international cooperation" into what has been dubbed a "borderless" problem.

If you think you have spotted one of these scams - or are a victim - the best thing to do is report it.

Here are some good places to do so:

Federal Trade Commission

Internet Crime Complaint Center

If you are Canadian, Phonebusters is the place to go to report activity, or seek help.

Monday, May 22, 2006

Salvation Army Sued by Illegal Immigrants

Here is an interesting item, illegal immigrants are suing the Salvation Army. As reported from the AP via Yahoo:

A half-dozen illegal immigrants are suing the Salvation Army and two of its former local officials for consumer fraud, claiming the leaders took their money under false promises of helping them gain legal status.

The lawsuit, filed Friday in state Superior Court, claims the Rev. Enoc Tito Sotelo told his mostly Latino congregation at Plainfield's Salvation Army church that he would help them become Americans if they each paid $4,000 and donated $500 to the church.

The Salvation Army isn't commenting, but said they recently "terminated" the staff members involved.

Link, here.

This case will raise some interesting questions, such as how can anyone justify people who are "illegal" using tax money to hear a fraud case in civil court?

On the other hand, if fraud was committed, why is the case being heard in a civil court?

Perhaps, this case should be moved to a criminal court. Both "fraud" and "illegal immigration" are criminal offenses and (if found guilty) the former Salvation Army employees should go where they belong, or jail. The Judge could then order "civil restitution" and forward it to the "illegal immigrants" in the country, where they have been deported to.

Of course, before doing this, perhaps deductions should be made from the "civil restitution" amount for social services used (including those of the Salvation Army) before forwarding a single penny.

Daily, we read of government and charitable programs having financial difficulties. It's not fair to the rest of us - who haven't broken any laws - when we have to "financially support" (in the form of tax dollars) people who have broken the law seeking to profit from their illegal activity.

Illegal immigrants are routinely victimized by criminals, but you don't see them, or their attorneys suing the gangs that bring them across the border. Since this is the case, then why is OK to sue the Salvation Army, which is supported by charity?

Criminal activity needs to be addressed in criminal courts and people committing a crime (no matter how noble they think it is) shouldn't be financially rewarded.

Saturday, May 20, 2006

Counterfeit Postal Money Orders Showing Up in IScams Again

If someone you know over the Internet asks you to cash a money order -- or offers it you as a form of payment -- it's probably best to remember the old legal term "Caveat emptor, or "Buyer Beware."

As reported by readers and other sources, the Internet market is (again) being flooded with counterfeit U.S. Postal Money Orders. After not being around for awhile, these items are raising their ugly head again.

The U.S. Postal Inspectors have speculated in the past that these items are being counterfeited in Western Africa and Eastern Europe. For an interesting article from the NY Times about this, link here.

This is probably the best article, I've read on this subject.

The Postal Inspectors also have a page on how to identify counterfeit money orders.

Yes, counterfeit Postal Money Orders are making a come back, but the core activity has never stopped. The Internet is full of counterfeit methods of payment and the best way to avoid becoming a victim is to recognize the social hook the criminal uses, or "something too good to be true."

While we thought counterfeit Postal Money Orders were a thing of the past, they were replaced with counterfeit items from other money order issuers and legitimate money orders, which were altered.

Of course, there are also those counterfeit cashiers checks, which have been done from so many different financial institutions, it seems impossible to keep up with.

Internet fraud artists are constantly mutating their methods to confuse their victims.

In a recent post on Internet scams, I wrote:

"Thus far, these money orders are showing up mostly in Advance fee fraud (419) scams.
The Advance Fee scam is where a ruse is used to get a victim to send them money (nowadays normally wire-transfer) in anticipation of riches (or sometimes love) to come. The best known is the "Nigerian Letter," but the activity has mutated into romance, lottery, auction, check cashing, work at home and reshipping (as mentioned below) scams.
In a lot of the more recent Advance Fee activity, the victim is tricked into involving themselves in criminal activity, whether it be forwarding stolen merchandise, or negotiating bogus financial transactions and sending the funds elsewhere."

When someone from a Internet source offers free money, romance, or to pay more than something is worth - you are probably dealing with a fraudster.

Anyone, who does this for them, ends up with a huge loss. Even if you can convince the authorities you are a victim, the civil responsibility will still fall on you.

To make matters worse, a lot of petty criminals are getting in on the action, also. They get on the Internet, impersonate victims, get the instruments and then cash them with no intention of sending money back to the crook that sent them the item.

I predict, it's going to get harder and harder to convince the authorities that the person cashing them is totally innocent. Recently - in a "Judge Judy" episode - her "honor" chewed a defendant up and down for cashing a bunch of counterfeit money orders (through her sister's account) and claiming to be "totally innocent." In less than a minute, Judge Judy was easily able to establish that this victim had benefited financially from her transaction and had in fact never wired any money anywhere.

Best bet for all of this is to learn how to spot this activity and when we do, run away from it as fast as we can!

Of course, reporting it and making other's aware can help, also.

India Seeing a Problem with Cloned Payment Cards

Skimming, cloning, counterfeiting of debit/credit cards (lately debit seems to be preferred) has been a major problem in North America and Europe. India (a new giant in the technology field) is now seeing this type of criminal activity hit home.

IBN is reporting:

One swipe is all it takes. When you hand over your credit card to make a payment in a shop or insert it into an Automated Teller Machine (ATM), you could run the risk of being the next victim of an international crime called "skimming".

And this could drain your account of all your money. Skimming is the latest fraud that has hit India hard.

The cyber crime cell of the Chennai Police recently arrested four people for withdrawing money from ATMs through forged credit cards. The police recovered 160 fake international credit cards through which they had planned to withdraw Rs 15 crore.

Link, here.

Interestingly enough, the authorities are blaming this activity as being tied into a gang from the UK, which uses a device (easily available on the Internet) known as a "skimmer."

If this activity continues to grow in India, we are likely to see "skimming devices" attached to ATM machines, likes the ones, reported in other countries.

Card skimming is growing at alarming rates, seems to be highly organized and now the evidence shows that it is becoming a global problem. It will continue to grow as long as the cards can be easily counterfeited with legal devices, which anyone can purchase.

Here is an earlier post on why technology crimes have become too easy:

Are We Addressing Cyber Crime from the Wrong End

Sunday, May 14, 2006

Mounties Lack Resources to Fight Organized Crime and Cite Ties to Terrorism

The Canadian Press is reporting:

The head of the RCMP says his agency is increasingly concerned about evidence that organized crime groups are helping to fund terrorist gangs.

Giuliano Zaccardelli's observations Monday may come as a shock to some, but not to those who monitor trends in law enforcement.
Almost every conceivable type of organized crime helps to finance terrorist groups whose chief goal is killing Westerners, said one expert in the field.
That can mean the proceeds from hashish baggies being peddled on street corners, cocaine trafficking, prostitution, pick-pocketing, knock-off designer items and credit card fraud.
Zaccardelli wasn't quite that specific during his appearance before a Senate committee Monday. But he said the evidence is clear, and continually mounting.
Here are some specific examples backing up this claim made by John Thompson of the Mackenzie Institute, which is a Toronto Think Group:
Almost all terrorist groups around the world use organized crime to pay for their operations.
Al-Qaeda and Osama bin Laden are no different.
The bombers who blew up Madrid's rail system in 2004, injuring 192 people and wounded 2,050, financed their operation by selling hashish.
Hashish from the Middle East, heroin from...Afghanistan and Pakistan, cocaine, it all at some point goes through the hands of terrorists on its way down to the street.
The basic training for al-Qaeda recruits includes at least four major components: handling firearms, making bombs, ideological reinforcement, and supporting yourself through credit-card fraud.
He points to ex-Montrealer Ahmed Ressam, who was convicted of trying to blow up Los Angeles airport on New Year's Eve 1999.
Ressam also planned to set up a side business to help fund his terrorist jihad.
"He was going to try and set up a shop so they could access people's credit cards and start counterfeiting them.''

Link to full story, here.

The saddest part of all this is that the RCMP, who are known for "getting their man" are admitting they only have the resources to address about one-third of this activity.

For another article by the National Post on current RCMP resources and their border problem, link here.

Perhaps, we in the United States should take notice - while we focus on the border to the South - here is another reason, "We Can No Longer Allow Criminals to Control Our Borders."

It seems the Canadians are coming to the same conclusion.

Here is a previous post, I did on this problem:

Do Financial Crimes and Internet Fraud Fund Terrorism

Chip and PIN, Another Chapter in the Attack on Debit Cards

The Daily Mail is reporting that Lloyds is admitting that there is a flaw in chip and PIN technology. The flaw is that the cards can still be remotely encoded and used in ATM's that accept older versions of debit cards.

The article states that the reason criminals are using the cards in other countries is because it takes longer for transactions to post and therefore escapes the "fraud detection" systems already in place.

Also contained in the article are a lot of reader comments, which are very enlightening.

The bottom line is that chip and PIN works, but only in machines that are set up to deal with the technology. This means that until we can create a "global" effort to curtail debit card fraud, newer technologies are going to have a limited effect.

Link to the article by the Daily Mail, here.

As a "Yank," I'm impressed with the fact that Lloyds is being up front with the problem. It's also refreshing to see the mainstream media working with the banks to get the word out.

Financial institutions in the United States haven't been as forthcoming with information. Even to this day, they still aren't admitting to the root causes of recent debit card breaches over here.

They might claim "zero liability" and offer free "identity theft monitoring," but they are in the business of making money. The cost of all of this is ultimately passed on to the customer.

Even though, there were many in the press and from blogs like Boing Boing that were getting the word out, the sources seemed to have either been victims, or confidential. I keep hoping to discover that the reason for this was an "investigation" that put a lot of the culprits -- where they belong -- or behind bars.

The bottom line is that the criminals seem to be very aware of the flaws that allow this to happen. Being up front about the flaws they are exploiting only serves to protect the public, who through their awareness, might spot the activity and report it.

Awareness might also help people from becoming victims, which is the best argument out there for laws forcing this activity to be "disclosed" to the public.

Saturday, May 13, 2006

FBI Site to Report Corrupt Civil Servants

The FBI is tired of corruption in government. It's hard to blame them with the amount of it recently reported in the news.

In their own words from the FBI site:

Public corruption is one of the FBI’s top investigative priorities—behind only terrorism, espionage, and cyber crimes. Why? Because our democracy and national security depend on a healthy, efficient, and ethical government. Public corruption can impact everything from how well our borders are secured and our neighborhoods protected…to verdicts handed down in courts of law…to the quality of our roads and schools. Here you can find more information on how we investigate cases of corruption across all levels of government and details on our strong national program to address these crimes.

To go directly to where you can report public corruption, link here.

You can also report dishonest "public sector" activity with a simple telephone call. A list of telephone numbers can be obtained, here.

On their main site, there a a list of stories referencing the prosecution of corrupt civil servants. These can be viewed by clicking on the title of this post.

Remember that when someone in the government steals, it's our tax money that is being abused and with looming deficits, we need every dollar going where it is supposed to.

After all, tax money is for the good of the people and that is all of us!

Wednesday, May 10, 2006

Are We Addressing Cyber Crime from the Wrong End

Deb Radcliff is a noted author on cybercrime and it's implications. Recently, Deb did a very enlightening post suggesting that our current problems with cybercrime are caused by approaching security "Ass Backwards."

Please note that she got this perspective from someone, who knew little or nothing about the world of cyber crime or fraud. Although fraud has been around since the beginning of time, there is little doubt that technology is enabling it to grow more quickly than ever before. There is also little doubt that the Internet, which provides a lot of anonymity is a enabling factor, also.

Here is the "thought process" Deb and her friend came to:

Oh I see what you're saying! It's like we've got two ends of the same business working against each other," I said as I grabbed a notepad and started writing things down. "On the back end, we've got all these information security experts working their tails off trying to close the vulnerabilities. But on the front end, we've got systems that are laying bare our financial identities."

For example, why, after all these years in not-present mediums, are the credit card issuers unable or unwilling to unequivocally vet new applicants to ensure they're issuing the card to a real person with a legitimate identity? Why, at the very least, is the application not tied to a customer phone number for verification?

So now I'm looking at the bigger financial identity framework and I'm seeing all kinds of gaps.

Let's start with the credit reporting agencies who are responsible for our credit ratings and yet they prevent us from getting the information we need to protect our ratings by not alerting us to new accounts opening under our identities. The reporting agencies have the system in place to do this. But they've made it so hard for consumers to order this service (and when they do, they can only get it for 90 days unless they can prove fraud). Why? Because they make much more money processing our financial identities in real-time than they would if they imposed wait times to get approvals.
For the rest of the post on Deb's blog (On line Crime Bytes), link here.

For more on Deb and where you can read her articles, link here.

When we look at too good to be true Internet crime schemes, greed is always one of the factors a fraudster uses to hook a victim. Could it be possible that it isn't only individual(s), who are guilty of letting greed cause a large part of the problem with cybercrime?

To take this thought process further, could the criminals be taking advantage of "corporate greed," which values profit over the people being victimized? After all, up until now, these companies have been able to pass the cost of fraud on to their customers and make a tidy profit.

Forget the "zero liability" public relations programs, we are being sold. The fact is fraud losses are being added into the "cost of the product." These companies are in the business of making a profit and wouldn't be operating otherwise. They are even trying to add to their income streams by pushing "identity theft products," which some consider a little "questionable," also.

I'm always amazed to note that many of the same companies, who have lost massive amounts of information are marketing identity theft insurance. Some of them probably helped create the need for this service.

Until the financial, information and now even retail sectors are forced to take action, I fear the criminals will continue to take advantage of an "Ass Backward" approach to protecting information.

Bruce Schneier, another well-known security expert echoes this sentiment and has an interesting perspective on what is needed to address cyber crime. He recently wrote:

Push the responsibility -- all of it -- for identity theft onto the financial institutions, and phishing will go away. This fraud will go away not because people will suddenly get smart and quit responding to phishing e-mails, because California has new criminal penalties for phishing, or because ISPs will recognize and delete the e-mails. It will go away because the information a criminal can get from a phishing attack won't be enough for him to commit fraud -- because the companies won't stand for all those losses. If there's one general precept of security policy that is universally true, it is that security works best when the entity that is in the best position to mitigate the risk is responsible for that risk. Making financial institutions responsible for losses due to phishing and identity theft is the only way to deal with the problem. And not just the direct financial losses -- they need to make it less painful to resolve identity theft issues, enabling people to truly clear their names and credit histories. Money to reimburse losses is cheap compared with the expense of redesigning their systems, but anything less won't work.

For more on Bruce Schneier and his work, link here.

Let's face it, cybercrime by all estimates continues to grow. The criminal element seems to be very adept at beating current security systems and are beating new measures, daily.

Until some "forward thinking" is applied to address this problem, we will never find an effective solution.

Tuesday, May 09, 2006

Fraudster Gangs Deal a Blow to Chip and PIN

Picture of ATM skimming device using a hidden camera.

While North America was under attack in the Debit Card breach a few months ago, Britain rolled out Chip and PIN technology. At the time, the experts promised "Chip and PIN" cards would stop fraud dead in it's tracks.

Criminals are already beating this technology with skimming devices, which are mounted on ATM machines. AND it gets even scarier, the latest devices don't need cameras to record a PIN and can be built from parts ordered over the Internet.

Wikipedia already has an extensive section on Chip and PIN. I was amazed to discover that they were very up to date regarding potential security issues.

Chip and PIN is the name given to the initiative in the UK but countries worldwide are launching their own initiatives based on the EMV standard, which is a group effort between Europay, MasterCard and VISA. By the end of 2004, 100 countries will be using compatible systems based on this standard, and France aims to migrate its existing systems to be compatible with the new cards.

Sean Poulter of the Daily Mail reports on the recent Chip and PIN fraud:

Cloned cards belonging to Britons have been used to withdraw more than £1million in cash from machines in the UK, Paris, Sri Lanka, India and Hong Kong.

One card holder is believed to have lost as much as £25,000.

The police and banks have suggested that the problems at Shell petrol stations, which have centered on Surrey, emerged over the last eight weeks.

However, one Daily Mail reader from that area said his card details were cloned - he believes at a Shell outlet - in July last year.

Other readers believe their card details, including PINs, were stolen at garages operated by other companies, including BP and Esso. Cards have also been cloned at cash machines on at least one Total forecourt and at Tesco stores.

Full story, here.

Reading this, I had to reflect on the recent Debit Card breaches in North America. Early in the story, skimming devices were brought up a potential source. As the compromise spread across the continent, we heard rumors (still never confirmed) that retail systems were hacked. In the end, a few people were arrested and the story faded away.

Quite simply, it seems that the financial industry isn't commenting.

Whether the intention of not commenting is to protect the public, or the financial industry; it is clear that something needs to be done about this in the near term. Hopefully, the lack of information being released on these cases is because a strong investigative effort is underway.

It will be interesting to see what information is released on this latest case and how many more victims this latest caper will claim.

Here is a previous post, I did on the Debit Card breach:

Debit Card Breaches, A Growing Problem

Sunday, May 07, 2006

Internet Crimes are On the Rise and Deadlier than Ever

Panda Software recently issued it's quarterly report, which comes to the frightening conclusion that 70 percent of all malware they detected in the first quarter of 2006 is related to cyber crime. Activity also seems to have hit record numbers!

Here is their summary:

This report confirms the new malware dynamic based on generating financial returns. Spyware, Trojans, bots and dialers were the most frequently detected types of malware between January and March 2006. Trojans accounted for 47 percent of new malware examples during the first quarter of 2006.

Seventy percent of malware detected during the first quarter of 2006 was related to cyber crime and more specifically, to generating financial returns. This is one of the conclusions of the newly published PandaLabs report, which offers a global vision of malware activity over the first three months of the year. Similarly, the report offers a day by day analysis of the most important events in this area. This report can be downloaded, free of charge, here.

Since this statistic interested me, I jumped over to the Anti-Phishing Working Group's page to see what they had to say. Please note that Panda, along with Websense and MarkMonitor share information with the APWG. They confirmed Panda's report that crime on the Internet seems to be at an all time high.

Here is a tickler from their report:

The total number of unique phishing reports submitted to APWG in March 2006 was 18,480, the most reports ever recorded. This is a count of unique phishing email reports. March 2006 continues the trend of more phishing attacks and more phishing sites. The IRS phishing attack doubled in volume in March as compared to February (in the USA, the tax filing deadline was April 17 in 2006, as the usual April 15 deadline fell on a weekend this year.)

Link, here.

Two of the most concerning forms of malware being used are Keyloggers and Redirectors. Keyloggers are a form of spyware, which record all the strokes on a computer and transmits them to back to the person (criminal), who installed the malware. They are normally used to steal financial information, used in identity theft schemes.

Sadly enough, Keyloggers are legal and easily bought anywhere, including the Internet. They allegedly have legitimate uses like spying on other people?

Perhaps, the FTC should go after some of these vendors like they recently did with the Private Investigators selling telephone records?

Redirectors are a trojan, which once installed on a computer, redirect the user to malicious sites, where their financial information is stolen. The sites are also known to download more malware (crimeware) on systems. Redirectors are extremely dangerous because there is little indication you are being hijacked.

The Anti-Phishing Working Group has some excellent educational information on this subject, including what to do if you become a statistic:

How to Avoid Phishing Scams

What To Do If You've Given Out Your Personal Financial Information

Too many people (who know what to look for) ignore and delete phishing attempts. There are a lot of places you can report activity and make an impact. In most cases, it only takes a minute or two to do so.

You can report phishing activity to the APWG, here. Activity can also be reported to PIRT, which is a joint venture by Sunbelt Software and CastleCops.

Another resource to report activity is the Internet Crime Complaint Center, which is associated with the FBI. You can report it a lot of places, but it is important to report it. If everyone took the time to report one phishy email a day, it would probably have a significant impact.

By reporting the activity that we see and taking advantage of the mostly volunteer efforts to fight it, we might make the Internet a safe place for everyone again. As access becomes cheaper and more widespread, the number of potential victims is growing at a record rate.

Continuing to ignore all those "Phishy" e-mails will only encourage the Phishermen to move forward with greater frequency. Additionally, the attacks are becoming more sophisticated and "how to kits" are being sold on how to do these dirty deeds. This will undoubtedly bring more and more Phishermen to the (already) murky waters of the Internet.

Of course, we can also take the time to educate newer users, also. In fact, awareness protects people more effectively than anything I've seen, thus far.

Saturday, May 06, 2006

Retailers Find their Stolen Merchandise for Sale on eBay

Shoplifting costs retailers billions of dollars a year and we all pay for it in the form of higher prices. On the low end, you have teenagers and opportunists "boosting" merchandise. Moving up the retail theft food chain you have people supporting drug habits and even organized gangs, who steal from retailers on a larger scale.

A common misconception is that the majority of losses stem from individuals stealing items for their own use. In fact, the majority of stolen goods are converted into cash.

With the increased focus on the traditional means of converting stolen merchandise into cash, such as refunding, common and professional "boosters" are flocking to eBay to accomplish their primary goal.

This was a matter of concern raised at the Retail Fraud Conference held in London recently. Penelope Ody of the Retail Bulletin reports:

Retailers at this week's Retail Fraud conference in London (May 4) had a new preoccupation adding to the usual concerns over dishonest cashiers, sweethearting and back door delivery thefts-eBay. According to Boots head of loss prevention and security, Robert Jennings, this is now in the top five areas of concern as retailers increasingly see their merchandise offered in bulk on the web auction site.

Link, here.

Note that the Jennings is saying for "offered in bulk," which would lead one to speculate that this isn't being done by the "opportunists" and is more likely the work of organized gangs.

Interestingly enough, there has been a lot of buzz recently on organized gangs involved in shoplift activity. Margaret Pressler of the Washington Post recently wrote:

Retailers and theft experts say criminals have discovered that large profits can be made relatively easily, and without much risk, by stealing merchandise from crowded, understaffed stores. They say the most stolen items tend to be high-priced, widely used products that are routinely sold in chain stores: over-the-counter medicines, razors, film, CDs and DVDs, baby formula, diapers, batteries, hair-growth and smoking-cessation products, hardware, tools, designer clothes and electronics.

Link, here.

AND another recent viewpoint from might lead one to believe that organized retail crime has ties to illegal immigration and terrorisim.

Liz Mart'nez wrote:

According to CIS Robert W. Nolen, a lead trainer in a course developed with Bureau of Justice Assistance grant money called "Understanding, Combating, and Surviving Terrorism," many criminals from terrorist countries specialize in the re-sale of stolen consumer goods. The profits from these enterprises are used to fund terrorist activities.

In many cases, men and women from El Salvador, Honduras and Mexico travel together, doing the actual stealing. Each person in the crew has a particular area of expertise, whether it be distracting store employees, doing the actual boosting, or driving the get-away vehicle. These professional thieves often earn $3,000 a week.

Link, here.

Although not stated in the article, if illegal immigrants are doing the stealing and criminals from terrorist countries are selling the goods, it makes me wonder how close their relationships could be?

Another issue, retailers have had with eBay is the sale of gift cards on the site. Whether purchased with bogus financial instruments, or issued as refunds (which could be a direct result of shoplifting), gift cards are another means of converting stolen proceeds into cash.

In another interesting article, again from the Washington Post, Ariana Cha wrote:

The shoplifters discovered some stores would allow them to return the goods without receipts for store credit or gift cards. They then sold those vouchers on the giant online marketplace. It was easy, instant and anonymous. The money flowed in -- they got 76 cents per dollar of stolen merchandise, a huge takeaway considering that shoplifters traditionally net 10 percent or less of the retail value of the items. The group made more than $200,000 in 10 months.

This is yet another example of many, where crimes of all sorts are occurring in the Internet auction world (particularly eBay). We can't hold auction sites accountable for being in collusion with criminals, but we can hold them accountable for not providing a safe shopping environment.

After all, how long would one of these retailers survive if they allowed the amount of crime to occur within their four walls with people walking around? My guess is that they would be out of business pretty quickly.

The same standard needs to be applied to the Internet and if this "business model" is to survive, the auctioneers needs to wake up and smell the coffee. Thus far, eBay has been able to blame everyone, but themselves; however as corporations become victims, the stakes are likely to grow.

Corporations have money and can afford a lot of lawyers.

Tiffanys might have already started this trend with it's pending litigation regarding the sale of counterfeit merchandise on eBay.

Thursday, May 04, 2006

PI's Get a Black Eye from the FTC for Selling Phone Records

In the information age, our personal information has been gathered, sold and indexed for profit. Unfortunately, all too often, this information isn't protected properly and used by people, who have no right to it.

Criminals, Snoops and Stalkers delight in being able to get their hands on people's personal information AND this results in people becoming victims of a lot of different crimes.

Recently Private Investigators of the Internet sort have been offering personal telephone records for sale. Since the information is being sold over the Internet, we can assume, it is being sold to anybody and everybody. The FTC is sending a message that this is illegal and some of these Internet PI's are probably going to end up with a "black eye."

Here is a press release from the FTC:

FTC Seeks Halt to Sale of Consumers’ Confidential Telephone Records

The Federal Trade Commission has filed federal court complaints charging five Web-based operations that have obtained and sold consumers’ confidential telephone records to third parties with violating federal law. The agency is seeking a permanent halt to the sale of the phone records, and has asked the courts to order the operators to give up the money they made with their illegal operations.

“Trafficking in consumers’ confidential telephone records is outrageous,” said Lydia Parnes, Director of the FTC’s Bureau of Consumer Protection. “It robs consumers of their privacy and exposes them to everything from snoops to stalkers. We intend to put a stop to it.”

In congressional testimony last February, the FTC said it was investigating companies that advertised on the Internet that they would obtain and sell telephone records. The testimony said that FTC staff had surfed the Web to locate companies that offered to sell consumers’ phone records, identified targets, and completed undercover purchases of the phone records. FTC staff followed up with warning letters to operators of 29 Web sites that continued to advertise the sale of phone records to the public.

The Telecommunications Act of 1996 states that customers’ phone records are their private property and can only be disclosed to the customer or with the approval of the customer. According to the FTC complaints in these cases, the defendants advertised on their Web sites that they could obtain the confidential phone records of any individual, including lists of outgoing and incoming calls, and make that information available to their clients for a fee. “The account holders have not authorized the defendants to obtain access to or sell their confidential customer phone records. Instead, to obtain such information, defendants have used, or caused others to use, false pretenses, fraudulent statements, fraudulent or stolen documents or other misrepresentations, including posing as a customer of a telecommunications carrier, to induce officers, employees, or agents of telecommunications carriers to disclose confidential customer phone records,” the FTC complaints state. The defendants then sold the records to third parties. According to a Commission complaint, one of the defendants, Integrity Security & Investigations Services, Inc., based in Yorktown, Virginia, also advertised, obtained and sold consumers’ financial records, including credit card information.

The agency charged that the practices violate the FTC Act and has asked the courts to permanently bar the illegal practices and order the defendants to give up their ill-gotten gains.

The FTC brought these cases with the invaluable assistance of the Federal Communications Commission. The FTC also acknowledges the assistance of Cingular Wireless LLC, Sprint Nextel Corp., and Verizon.

The defendants in these cases are: 77 Investigations, Inc., and Reginald Kimbro, based in Upland, California, and using mailing addresses in Jacksonville, Florida, Broomfield, Colorado, and Nashville, Tennessee; AccuSearch, Inc., doing business as, and Jay Patel, based in Cheyenne, Wyoming; CEO Group, Inc., doing business as Check Em Out, and Scott Joseph, based in Fort Lauderdale, Florida; Information Search, Inc., and David Kacala, based in Baltimore, Maryland; and Integrity Security & Investigation Services, Inc., Edmund L. Edmister, Tracey Edmister, and F. Lynn Moseley, based in Yorktown, Virginia, with a mailing address in Laguna Beach, California.

The Commission vote to file the complaints was 5-0.

Link, here.

If you spot this type of activity, here is where you can report it:

To file a complaint in English or Spanish (bilingual counselors are available to take complaints), or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form.

For a previous post, I did about private companies selling your information, link here.

BIN (Buy it Now) Scams on eBay

Fraud on eBay has victimized a lot of people AND eBay rarely admits fault, or takes effective action against the fraudsters. The latest activity seems to be BIN (Buy it Now) scams.

Ina Steiner of AuctionBytes reports:

"Over the past month, eBay sellers on U.S. discussion boards have been discussing the problem of Chinese "BIN bandits" on eBay. The problem described by posters is that newly registered, zero-feedback members from China are buying BIN (Buy It Now) items from eBay sellers in a systematic fashion, and not following through on the transactions."

It seems the intent of these BIN (Buy it Now) scams is to get the merchandise shipped (0ff-eBay) and pay for it via a payment scam. This might be done with fraudulent cashiers checks (rampant in the world of internet fraud), or with one of the fraudulent debit/credit card numbers (sold in Internet Relay Chat) chatrooms OR even with one of the counterfeit money orders that are flooding the world of Internet scams.

Another problem with this scam is eBay refunding the fees to sellers when one of these BIN bandits backs out of a transaction. There seems to be a lot of "negative feedback" regarding eBay's process to get the fees refunded. Allegations are that the process is full of red tape and it often is difficult to get a refund.

Ms. Steiner stated in her article:

"One seller alleges that in a previous BIN bandit episode that lasted over 7 months, eBay only took action when sellers flooded the California and New York Attorneys General's offices with complaints."

Another speculation from the article is:

"Some eBay sellers have speculated that the BIN bandits might be members of eBay's affiliate program who receive generous compensation for sending new bidders to In the U.S., affiliates can earn between 40 - 70 percent of eBay's revenue on winning bids or Buy It Now transactions within 7 days of an affiliate action. Affiliates also earn between $12 and $20 for each new active confirmed registered user (ACRU) driven to eBay ("

Link to article from AuctionBytes, here.

eBay is taking limited action, but only the sort that won't limit their profits. For one, they suggest only using PayPal (which they own and profit from) and there are a lot of people out there, who prefer other methods of payment.

The article refers to a lot of this coming from China, but other points of compromise could be Nigeria, Singapore and those Eastern European nations. "Buy it Now" fraud seems to be the latest mutation of Auction fraud, which sometimes includes Advance Fee scams.

When reading the AuctionBytes article, I came across a great site dedicated to fraud on eBay (eBayMotorsSucks). The site is very up-to-date and a great resource to protect people. I highly recommend it.

Here are some previous posts, I've done on Auction fraud:

Do It Yourself Hacker Kits

25 Ways to Avoid Auction Fraud From a Seller's Perspective

eBay's Fraud Hall of Shame

Wednesday, May 03, 2006

A Case of the Fox Watching the Henhouse

The head of a Medicaid fraud unit has been stripped of her responsibilities stemming from testimony she gave two years ago about committing fraud. Since she was testifying against her boss, the Governor, prosecutors made a deal with her that allowed her to continue working for the people of Connecticut.

Apparently, Kristine Ragaglia, head of Connecticut's Medicaid fraud unit, is being assigned to administrative duties after the new governor (M. Jodi Rell) reopened the case.

Even now, she can't be fired immediately.

When the investigation came to a head against former Governor (John Rowland), she left her post as head of the child protection agency, did a brief stint in the attorney general's office and then was hired to run the Medicaid fraud unit.

This all happened after she admitted to a grand jury of committing fraud.

For the full story from the Associated Press, link here.

This illustrates what's wrong with a lot of our social programs and the legal system. In my opinion, further investigation should also occur into everyone, who allowed this to happen.