Saturday, September 17, 2005

Katrina Fraud Far and Wide

From sea to shining sea, people who lack morals and virtue are taking advantage of the Katrina Disaster. Up until now, when posting on this subject (Fraud in the Wake of Katrina), I have focused on some of the more organized scams. Here are a series of stories from local sources, which show some of the smaller frauds being committed.

Here is a story about a woman in Wilmington, North Carolina, who posed as a victim of Katrina, received money from the Red Cross and was later arrested. The story is courtesy of WECT in Wilmington.

In another story from WFIE in Indiana, they are catching people posing as victims of Katrina. The article also states that "debit cards meant to help victims of Hurricane Katrina have been used at Victoria's Secret, Circuit City and Hooters."

Here is a story from the LA Times, who is reporting that 25 people in Houston, Texas have been arrested for claiming money they were not entitled to.,1,301513.story?coll=la-headlines-nation

Last, but not least (we needed to hit the other shining sea), Sign on San Diego is reporting the arrest of three people in Burbank, California. They were posing as Red Cross Workers and soliciting donations.

This story doesn't have anything to do with fraud, but to me it shows a total lack of justice, as well as, common decency by the New Orleans Police. A 73 year old grandmother was arrested for allegedly "looting" food from a Deli. She had taken about $65.00 worth of food to survive. The bottom line is that the food was going to spoil and I'm sure the Deli intends to file an insurance claim.

The woman was finally released after some attorneys took her case pro bono (free). Despite their assistance, this 73 year old woman was imprisoned in a correctional facility for sixteen days.

So far as looting, there were people stealing firearms, which were used to commit violent crimes and disrupt the rescue effort. It amazes me that given the problems the day after Katrina, the New Orleans Police were guarding a Deli. This is shameful and they should be held accountable for their actions!

On a lighter note, she would have probably been in real trouble if she had been caught "looting" a Donut shop.

There were also reports of the Police looting in New Orleans. Over the years, there have been numerous reports of corruption and abuses within this department.

Here is an article reporting Police involvement in the looting:

For the story from Yahoo, click on the title of this post.

Friday, September 16, 2005

He Wanted to Hack a Hilton

The teenager from Massachutetts, who allegedly admitted to hacking Paris Hilton's cell phone has been sentenced to eleven months in a juvenile facility. He was also found guilty of other misdeeds, such as making bomb threats and hacking into records of at least one Internet Service Provider.

The identity of the teen will not be revealed because he is a juvenile.

The original reports in the media stated there were several people involved in the hacking incident made infamous by Paris's cell phone. Confidential sources, who provided information to the Washington Post, stated that they tricked a T Mobile employee into providing proprietary information about T Mobile's systems. The group was then able to change the passwords of accounts and take them over. For the original story by the Washington Post, click on the title of this post.

The Washington Post admits in the article that they couldn't verify a lot of the information, however it does appear some tangible evidence was presented to them.

What the article does expose is that a lot of times (hacking), often perceived as highly technical is often accomplished with what is described as "social engineering", or in plainer language, "a good old fashioned con."

We are probably seeing one juvenile, who allegedly was part of a larger group caught and made an example of. Hacking, which often leads to financial crimes, is attractive to criminals of all types because they are unlikely to get caught and the penalties are light. Quite often, even when the crooks are identified, a victim with less clout than a Hilton has a hard time finding any law enforcement agency willing to pursue their case. One of the problems facing law enforcement is the fact that these crimes normally cross numerous juridictions, often involving international borders.

Paris Hilton's cell phone being hacked, which revealed a lot of personal information on other celebrities might seem trivial to some; however it is indicative of a larger problem. In the end, awareness seems to be the most effective protection. Perhaps the media attention given to this because it involved Paris will serve to educate more people?

Monday, September 12, 2005

Katrina Fraud Status

As the Gulf Coast starts to make progress in creating a sense of normalcy, it is apparent that the cyberscum of the world are still doing their very best to profit from the misery of others. With all the reports of fraud out there, I decided to put together a summary of what I see going on.

According to an article from SAP INFO, Christopher Faulkner of CI Host revealed that more than 1,000 domain names have been registered for Katrina and that a lot of them are either being used to set up malicious websites, or being auctioned off for as much as $50,000.00.

I wonder if any of the auction proceeds will go to the victims? I would like think so, but it's probably not very likely.

Here are some other interesting items that Faulkner says are going on:

"One particular type of spam, called fee-based spam, details information about private organizations claiming to have "rescue teams" based in Alabama, Mississippi and Louisiana. For a fee that ranges from $500 to $1,000, they would deploy their people on-site to locate lost loved ones, Faulkner said. "But they don't do anything, but take the money and run."

"Internet service providers and Web-hosting companies have taken down some of the malicious Web sites, including, and"

"CI Host has been conducting spam filter testing for Katrina-related spam e-mails and phishing activities for its 220,000-hosted Web sites. The company has been blocking between 8,000 and 10,000 Katrina-related spam or phishing e-mails per hour."

In another story from the AP, three people in a shelter in Laurel, Mississippi were caught posing as FEMA personnel. While posing as FEMA personnel, they were gathering people's personal information to use in identity theft. According to Sheriff (Larry Dykes), they will be held without bail because they are considered a flight risk. Sounds like a Sheriff, I would vote for!

Here is another updated statistic. On a post, I did a few days ago the FBI was saying there were 2300 sites related to Katrina. They are now saying there are 4,000 sites. In both estimates, they stated that 60 percent of them are coming from overseas, which is a sign that they could be fraudulent.

Please note that earlier in this post, Christopher Faulkner stated 1,000 domain names had been registered. With the FBI's report that there are now 4,000 sites, I'm not sure if Faulkner was referring to domain names registered in the United States, while the FBI was saying the number of worldwide sites? In the end, it's possible that this activity is so growing so rapidly that we are seeing conflicting reports and statistics. It will be interesting to see the final numbers.

Before I sign off, it was announced by the Red Cross (Mary Elcano, General Counsel) that they have hired a security company to monitor fraud activity related to Katrina. Any fraud they discover will be turned over to the Justice Department and the Red Cross might also seek civil damages (restitution) against those who try to wrongfully profit from this disaster.

The story from SAP INFO can be viewed by clicking on the title of this post.

Here is another post I did on people stealing FEMA uniforms and identification to commit robberies in New Orleans:

Sunday, September 11, 2005

Internet Service Providers and Spam

Steve Linford, founded the The Spamhaus Project, which is an international organization based in Great Britain dedicated to fighting Spam. Interestingly enough, he started out as a musician and has worked with Pink Floyd and Michael Jackson. After doing this, he started a small computer company and became sickened at the amount of Spam, he was seeing. Because of this, Steve founded the Spamhaus Project, which is dedicated to fighting Spam.

The Spamhaus Project also provides filtering services all over the world to prevent SPAM from reaching our mailboxes.

Spamhaus recently alleged that ISPs (Internet Service Providers) are knowingly profiting from Spam. The United Nations estimates that the current cost of dealing with Spam is 25 billion dollars a year and Spamhaus estimates that it affects 75 percent of all e-mail addresses. To view the Spamhaus Top Ten worst havens for SPAM go to: Most of them are in the United States.

Recently, they did battle and won with MCI Worldcom over hosting Spam sites. There are also news reports quoting Spamhaus as saying Yahoo is hosting some of the sites (although it isn't clear if Yahoo is to blame) or whomever is registering the domains. You can view their report, along with updates, on the problems they noted with MCI Worldcom by clicking on the title of this post.

The Spammers are now using improved versions of stealth proxy spamming software, which could increase the number of e-mail addresses being affected to 95 percent by 2006. A lot of this is being done via botnets, which are networks of PCs that have been taken over and turned into proxies. Interestingly enough, a lot of these personal PCs were taken over by software viruses put in their computer via a Spam e-mail.

Recently, I did some posts on one of the most current cases out there, which is the Zotob Case. For those who are interested this post goes into more detail on how botnets work:

According to Spamhaus, the release of a commercial spam virus, known as SoBig and it's subsequent variants have been infecting 80,000 to 100,000 PC's daily. In "spammer supermarkets" hosted in China, Russia and Florida, the spam gangs sell lists of fresh proxies (infected PCs). They also communicate with each other about techniques and which networks will turn a blind eye on their activities.

Two of the programs used to send this Spam were written by two Russians (Ruslan Ibragimov and Alexey Panov). They are known as "Send Safe and Direct Mail Sender." Both of these programs are designed to hijack 3rd Party computers to be used in illegal anonymous spamming. Coincidentally, whenever they release a new version of these programs, new versions of the "SoBig" virus begin appearing.

Spam is known to market things that are illegal. In addition to this, the proxy networks, or botnets support illegal activity. These activities include child porn, illegal drug sales and financial crimes. ISPs shouldn't tolerate any behavior associated with this and should be actively preventing it. They should be protecting their customers and other people, who might become victims as a result of Spam.

From a social perspective, it's time for ISPs to realize that it is unacceptable to turn a blind eye in their dealings relevant to this activity. Quite simply, there needs to be a zero tolerance attitude developed in dealing with this.

Laws are being enacted worldwide and many of them can be viewed on Spamhaus's website.

To report SPAM and for free filtering options, here is a good site(Spamcop):

For a previous post, I did on cybernasties and (legislation being proposed to make them illegal) go to:

There are links on the post listed above to contact your political representatives in the United States and Great Britain. To make changes in the world, we need to create laws to deal with these menaces and enforce them aggressively.