Saturday, December 31, 2005

Who is Watching Us

I found this story on Lycos by Ann Harrison about activisim in Europe directed towards having our movements recorded on video.

"BERLIN -- When the Austrian government passed a law this year allowing police to install closed-circuit surveillance cameras in public spaces without a court order, the Austrian civil liberties group Quintessenz vowed to watch the watchers.

Members of the organization worked out a way to intercept the camera images with an inexpensive, 1-GHz satellite receiver. The signal could then be descrambled using hardware designed to enhance copy-protected video as it's transferred from DVD to VHS tape.

The Quintessenz activists then began figuring out how to blind the cameras with balloons, lasers and infrared devices." For the full story read: Hackers Rebel Against Spy Cams.

Not only are there concerns with government agencies, but with all the digital cameras (including a vast array of hidden ones available over the internet), it is becoming very easy for anyone to spy on whomever they want. For anyone interested in viewing any of these products, here is a place to see them, Private Investigators Mall.

Digital cameras inside devices like telephones are also creating a privacy issue.

In December, Alex Eckelberry (CEO, Sunbelt Software) and author of the Sunbelt BLOG did a post on UK Government to track every vehicle.

His comment was "Gulp" and a quote from George Orwell:

“On each landing, opposite the lift shaft, the poster with the enormous face gazed from the wall. It was one of those pictures which are so contrived that the eyes follow you about when you move.” —Orwell

There is a tremendous amount of privacy issues that stem from this technology, which seems available to anyone. Additionally, anyone who has actually used this technology to solve crime could tell you that the criminals and it seems (hackers) already know how to cover their tracks. This can simply be done with rudimentary disguise techniques and as stated in Ann Harrison's article (hacking methods), which leave the recordings useless.

With the technology readily available, it is also being used to assist the criminal element in their illicit endeavors. From wireless devices being attached to ATM machines, which include (hidden cameras) to clerks using their camera phones to record credit card numbers, this technology is already providing new ways to victimize the innocent.

Here is a previous post I did on skimming debit card information, ATM Machines That Clone Your Card.

I'm not questioning the fact that video technology has it's uses, but as usual, we must consider what the abuse implications of this technology. Time and time again, it seems that laws to protect the innocent, can't keep up with the rapid pace in which technology grows in the world today.

Loyal Wife Pays Bill for Husband's Sexual Addiction

Here in the West, a man caught spending too much money in "hostess bars" (roughly the same as gentleman's clubs) would probably be in a "helluva" lot of trouble with his better half. Here is a odd story from Japan, where a Keiko Kawaida's wife (Kazuo) not only didn't seem to mind her husband's behavior, but actually stole about 1 billion yen from her employer to pay for his "recreational" activities.

Yoshihito Kawami of the The Asahi Shimbun reported:

"Faced with mounting debts from her husband's visits to hostess bars, a middle-aged bank clerk allegedly cooked up an embezzlement scheme that netted almost a billion yen over the next 12 years, according to police.

Until the arrests of Keiko Kawaida, 55, in November and her husband, Kazuo Kawaida, 57, earlier this month, the couple went on a decade-long spree, making overseas trips and squandering hundreds of millions of yen at the racetrack, according to police."

For the full story by Yoshihito Kawami read Police: Clerk skims 1 billion yen to pay off husband's debts. Here is what Wikipedia has to say about Hostess Bars: Hostess bar - Wikipedia, the free encyclopedia.

Here is a well known (some consider odd) page on the internet, Sam Sloan's Home Page. Sam often writes about the virtues of his numerous Asian wives. Perhaps, I can get him to leave a comment on my blog?

Oh well, I'd better get back to the more serious task of informing the public on Fraud, Phishing and Financial Misdeeds.

Tuesday, December 27, 2005

NabloadU Steals Information Without a Keylogger

Here is an alert from the Panda Software site regarding a new Trojan (NabloadU) that is circulating. Apparently, it steals information without the use of a Keylogger, which seems to be a new development in the world of information theft.

Currently, the attacks target Spanish speakers, however as with anything new, it has the possibility of mutating into other attacks.

"12/26/05.- This new Trojan combines social engineering distribution through Messenger, and uses the techniques of spyware and phishing.Its target is online bank users in Spanish-speaking countries. Once it acquires the password, the Trojan attempts to send the email to its author.TruPrevent Technologies are able to detect and block Banker.bsx.

A new Trojan, Nabload.U, which is distributing itself through Messenger, has appeared a few hours ago. This Trojan downloads another Trojan, called Banker.bsx, which is currently the number one detected piece of malware from Panda’s ActiveScan. Its objective is to obtain the passwords of certain banks that it has stored in its code primarily from Spanish-speaking users.
The most unusual aspect of this Trojan is its ability to capture the information without the use of a traditional key logger. The user will be unaware that this is occurring. Banks that use virtual keyboards to avoid keyloggers won’t be protected from this Trojan.

Once the author has the keys, he can commit banking fraud with the accounts.

According to Luis Corrons, PandaLabs director: “This Trojan is an example of a hybrid virus that mixes different techniques. Once the user clicks on the URL, it is able to download a Trojan and use techniques similar to some spyware and phishing attacks. It is, without a doubt, a Trojan designed to steal data quickly, and without leaving any tracks.”

This Trojan only captures the information from the addresses below:

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at"

For the full alert from Panda, please read: ORANGE ALERT: New Trojan that could steal online. banking passwords.

Monday, December 26, 2005

Scammers Posing as Victims?

Lately, we have seen a surge of fraudulent financial instruments circulated through the internet. Daily, there are alerts by the FDIC on counterfeit cashier checks (FDIC: Special Alerts) and other alerts on counterfeit postal money orders, counterfeit money orders in general and counterfeit Qchex items (checks mailed to your e-mail).

These counterfeit instruments are often (as you will see maybe not always) used to commit Advance fee fraud, where the goal is to get someone to wire money (normally overseas) after cashing one of these instruments. There are many versions of these scams and victims are harvested off of job, dating, auction and lottery sites.

Thus far, it seems that law enforcement has had little success in prosecuting these advance fee crimes because the people passing the fraud checks are considered victims and since the money is wired to some faraway locale, the senders are also hard to go after.

While there are millions of victims out there, we are starting to see the criminal element take advantage of a general apathy in prosecuting these crimes by posing as victims.

Here is a story out of Montana from the AP (Man admits depositing bad check), where a man opened an account with one of these checks, drained it and never wired the money back to Nigeria. In this story, the culprit admitted, he felt it was a scam and didn't really think the bank would honor the check.

I doubt if he communicated his concerns to the bank!

The key to spotting these counter-scams is that no wire transfer takes place. Even when a wire transfer takes place, the person passing these items is sometimes getting money for something they sold in addition to (normally) a "little extra" for negotiating the item. Another key-factor indicating collusion is when the passer suffers no personal financial liability for doing so. Many of these items are passed at institutions that cash checks for a fee, which include grocery stores and even Walmart.

These institutions often bear the initial and often final costs of accepting the item when the passer tells their collection department that they no longer have any of the money. Of course, maybe they are just claiming to no longer have the money?

I've recently seen evidence (sent to me by readers) in the form of e-mail correspondence that advance fee scammers are directing people to these establishments, partially because the banks are becoming wiser and these businesses often offer wire transfer services, also.

When these people collect a substantial amount of money, plus a "tip" and then claim they can't pay it back without being able to show money being wired; serious consideration should be given towards further investigation.

This is especially true in the case of auction scams. In most cases, the advance fee scammer isn't interested in the money and only the cash, which is wired to them. In theory, the auctioneer (who never sent the merchandise and cashed the check) could very well be laughing all the way to the bank. Some of these counter-scammers could doing this over and over again and if they are confronted, they cry "victim."

After all, most of the auction sites flash a warning about this type of scam when people are posting to sell something. It make one wonder how many people could be posing as a victim out there?

This leads me to believe that although we must protect the victims, we also need to take a hard line on those attempting to take financial advantage of the situation. The bottom line is that pretending to be a victim, or even attempting to pass an item that one suspects to be fraud makes the person making the fraud claim as guilty as the person, who sent it to them.

What is needed is more through screening of fraud claims, making it mandatory to produce evidence that money was wired and in cases (where the passer suffered no personal financial liability) that everything makes sense and they never received any financial gain from it. There should also be mandatory reporting of these incidents from which data bases could be created that would identify "repetitive victims." One of the reasons this activity continues to grow is the continuing lack of reporting and investigation when it occurs. In the long run, failure to get aggressive on this matter will only inspire more of it, which makes all of us victims.