Saturday, March 11, 2006

Hard Drives for Nigeria

Nigeria is one of main sources for all sorts of Advance fee fraud (419) fraud scams. The Advance Fee scam is where a ruse is used to get a victim to send them money (nowadays normally wire-transfer) in anticipation of riches (or sometimes love) to come. The best known is the "Nigerian Letter," but the activity has mutated into romance, lottery, auction, check cashing, work at home and reshipping (as mentioned below) scams.

In a lot of the more recent 419 activity, the victim is tricked into involving themselves in criminal activity, whether it be forwarding stolen merchandise, or negotiating bogus financial transactions and sending the funds elsewhere.

419 is the criminal code for Advance Fee in Nigeria and they call their victims, Mugus. According to Wikipedia, 'Mugu' is a Nigerian Pidgin term which means 'fool'.

In fact in Nigerian popular music, a musician called Osofia has even done what is considered their anthem "I Go Chop your Dollar." Here are some of the lyrics:

"419 is just a game, you are the losers, we are the winners.

White people are greedy, I can say they are greedy White men, I will eat your dollars, will take your money and disappear.

419 is just a game, we are the masters, you are the losers."

For the video, click here.

419 (Advance Fee) is now done primarily via the internet via e-mail, instant messaging and in chat rooms. The fraudsters reportedly operate out of internet cafes in Nigeria.

Here is an interesting report involving Nigerian Fraud activity and shipping hard drives to Nigeria.

Can't say for sure, but I could speculate that they would be used in the 419 industry over there.

Hilary Bothma of the Oakland Tribune reports:

"A team of Oakland police officers, Secret Service agents and investigators from Hewlett Packard have recovered approximately $12,000 in hard drives that were about to be shipped to Nigeria as part of a package-forwarding scam.

Oakland police said they were contacted last week by HP's global security department about hard drives bought from the company with a stolen credit card and shipped to three Oakland addresses.

Oakland officers who contacted one of the recipients of the hard drives said he was "stunned" to find that his Nigerian friend, whom he met in a Yahoo chat room, was really a scam artist.
Police said the man, who preferred not to be identified, turned over two boxes of hard drives immediately and called them Wednesday to report that he wanted to return 10 more boxes.

According to police, the man's "friend" had used a stolen American Express account to purchase 120 desktop hard drives, with a value of about $100 each. The Oaklander was persuaded to receive the goods, reportedly told by his friend that shipping electronics directly to Nigeria would be risky and expensive.

The Oakland man, who works in a local Christian bookstore, planned to relabel the boxes and ship them to Nigeria himself, unaware that the parts were bought with a stolen credit card and that he risked being held liable.

Police said they do not suspect any of the three people who received the hard drives of any deliberate wrongdoing."

Here is the full story from the Oakland Tribune:

Hard drive-mailing scam cracked

419 Advance Fee activity has inspired an internet community dedicated to fighting their efforts. Many of the sites can be viewed courtesy of the 419 Coalition (US) on their links page.

If you have been a victim, or merely want to report activity, the 419 Coalition main page (linked above) is a wealth of information on how to do it anywhere in the world.

Former Bush Advisor Arrested on Shoplifting Allegations

WBAL, Channel 11, Baltimore is reporting that:

"A former domestic policy adviser to President Bush has been charged with theft for allegedly receiving phony refunds at department stores."

"Claude Alexander Allen, 45, was arrested Thursday by Montgomery County police for allegedly claiming refunds for more than $5,000 worth of merchandise he did not buy, according to county and federal authorities."

"Allen was the No. 2 official in the Health and Human Services Department when Bush nominated him in April 2003 to the 4th U.S. Circuit Court of Appeals in Richmond, Va. Bush nominated to the court again a year later, but Allen never received a Senate vote."

"During his confirmation hearing, Allen was questioned about his use of the word "queer" when he was a press aide to Sen. Jesse Helms, R-N.C., in 1984. Allen said he didn't intend it as a slur against gay people."

He recently resigned (abruptly) because he wanted to spend more time with his family. I wonder if there was anything else involved?

Per the Washington Post, "White House spokesman Scott McClellan said last night that if the allegation is true, "no one would be more disappointed, shocked and outraged" than the president. McClellan said Allen had told White House Chief of Staff Andrew H. Card Jr. and White House counsel Harriet Miers that the matter was a misunderstanding."

Here is the full story by WBAL:

Former White House Adviser Arrested

Here is the full story (more detail) by the Washington Post:

Former Top Bush Aide Accused of Md. Theft

Refund fraud is a serious problem for retailers. According to a National Retail Security Survey authored by University of Florida criminology professor Richard C. Hollinger, the retail industry lost about $16 billion to theft activities in 2003.

It appears that this crime truly spans all age groups and backgrounds. Allen, by no means is as famous as Winona Ryder, but they might both soon share something in common (the stigma of being a convicted shoplifter).

How Dangerous is China

David Perera of wrote an interesting piece deducting that Chinese hackers might be more interested in hacking our logistic systems than more classified systems that the military uses.

David Perera writes:
For Americans today, war evokes images of roadside bombs and hidden snipers in the Middle East. But Defense Department planners who are paid to think about future wars worry about the People's Republic of China. Rising powers long have challenged dominant countries for primacy - it's an old story. And now, nobody is more powerful than the United States.

Logistics information literally is the bread and butter of the military. Track the supply lines of materiel and personnel and you'll know where troops are headed. Disrupt that supply line, and you will have created a barrier to getting there quickly. Amateurs study tactics, professionals study logistics, goes the Pentagon cliché. Yet great chunks of logistics information flow across the unclassified Defense Department system, the Nonsecure Internet Protocol Router Network, or NIPRNet. The Pentagon maintains a separate network for secret information, but the NIPRNet is its daily workhorse.

The world's largest network once was one built from flagstone-paved roads extending 53,000 miles in Roman antiquity. The roads were designed as a tool for policing an empire, and also for trade and communications. Unfortunately for the Romans, barbarians found them equally useful for their own purposes - attacking legionnaires - and eventually the Roman Empire was no more.
Full story, here.

Last November, I wrote about, US Military Hacked, Sober Worm Goes Worldwide, What Next?

"The Chinese (who seem to be behind the most recent attack on the military) have been suspected of selling technology (including nuclear) to governments, who might be dangerous to world peace. All one has to do is read the story of AQ Khan, who developed nuclear weapons for Pakistan and admitted selling secrets to North Korea, Libya and Iran. There is a lot of speculation that he obtained a lot of his knowledge from the Chinese, who were caught stealing nuclear secrets from us during the Clinton Administration, Online NewsHour: Spies Among Us -- June 9, 1999."

There is also a lot of other evidence that the Chinese are heavily involved in cyber-espionage activities. The FBI Computer Crime Survey stated that China was responsible for 23.9% of the cyber attacks in their survey.

Of course, the United States is still the number one source, but one has to consider that the internet is heavily censored in China. This would lead a logical person to come to the conclusion that certain activities are being tolerated by those, who censor it.

In fact, some have dubbed it the "Great Firewall of China."

Another factor to consider is organized criminal activity of Chinese origin:

Chinese Criminal Enterprises - US Department of State

One of the activities, they are actively involved in is "illegal immigration," which could provide a conduit for planting spies in the industrial and financial sectors.

Patrick Devenny of recently wrote a story, where he quoted Sun Tzu from the Art of War:

Foreknowledge cannot be gotten from ghosts and spirits, cannot be had by analogy, cannot be found out by calculation. It must be obtained from people, people who know the conditions of the enemy.

In his article, he writes:

The list of additional recent Chinese espionage cases is long and disturbing. It includes, among others, the theft of Blackhawk helicopter engines and optical devices by a South Korean man arrested last year. A Chinese-American couple in Wisconsin was arrested in 2004 for sending over $500,000 worth of computer parts to the Chinese government that can be used to improve missile guidance systems.

Statements from officials such as Szady hint that cases like these are just a small sample of the overall secret Chinese war against America. Indeed, in the words of one unnamed senior FBI source, “the Chinese are stealing us blind, the 10 year technological advantage we had is vanishing.”

Daily, we read of the threat from Terrorism. While this isn't an issue to be ignored, we can't afford to ignore what seems to be an ongoing and calculated threat from China.

AND there could be more ominous implications. One of the biggest threats today is the possibility of Iran becoming a nuclear power.

Guess who has been providing them with technology that could have stolen from us-China (courtesy of NTI).

Friday, March 10, 2006

Are Hackers Framing iBill

iBill is claiming that they are being framed. Wired News (Quinn Norton) is now reporting:

"I'm the first person that would have taken this to the FBI and the first person to have gone on 60 Minutes to say 'we screwed up,' if that were the case," said iBill President Gary Spaniak Jr.

"Spaniak says iBill cross referenced the 17 million transaction database against its own on Wednesday, and that only three e-mail addresses matched between the two."

"Additionally, some entries in the stolen databases were identified as purchases on Diner's Club cards, which iBill says it has never accepted in its nine year history. Spaniak says iBill recently passed a security audit that found its databases well secured."

"Wired News found that entries from the smaller cache of one million consumers are listed as mortgage leads on a spammer community site, A Google search turns up scores of offers on for purported iBill databases, one of them advertising "20mill ibill list w/Full data from 2003" for $300. But in one message, a spammer slams an underground vendor for selling him a fake iBill list."

"Other offers on the site purport to sell data from competing internet billing firm CCBill, which says that it isn't aware of having been breached either."

What scared me the most was a statement issued by the FBI regarding this:

"An FBI spokeswoman says the bureau wouldn't investigate the breach unless the source of the leak comes forward to make a complaint."

Here is the full story by Quinn Norton:

Porn Biller Says It Was Framed

I did check the website and it does exist.

Pretty scary that this site is up and going AND selling people's personal information.

Perhaps, Paul Young of prying1 said it best when he wrote "Online Porn Addicts Be Aware of this."

With sites like and all the recent data breaches, we all need to Be Aware. Even if the information doesn't come from iBill, it appears people's information is being sold there.

I wonder if anyone at the FBI is investigating "" If they aren't, they should be!

Thursday, March 09, 2006

iBill (Adult Services Payment Processor) Latest Financial Services Company to be Breached

Quinn Norton of Wired News and Boing Boing are reporting that one of the major processors for "adult services" has compromised millions of their customer's personal information.

"Seventeen million customers of the online payment service iBill have had their personal information released onto the internet, where it's been bought and sold in a black market made up of fraud artists and spammers, security experts say."

"The stolen data, examined by Wired News, includes names, phone numbers, addresses, e-mail addresses and internet IP addresses. Other fields in the compromised databases appear to be logins and passwords, credit-card types and purchase amounts, but credit-card numbers are not included."

Porn Billing Leak Exposes Buyers

Sunbelt Software discovered the initial breach of about one million customers, about a month ago. Their CEO does an excellent blog, which I recommend:

Alex Eckelberry's Sunbelt Blog

iBill (in keeping with tradition) isn't revealing very much about the breach.

This list of breaches (compiled by the Privacy Rights Clearinghouse) is quickly becoming in need of an update.

A Chronology of Data Breaches Since the ChoicePoint Incident

Unfortunately, new (major) breaches are being uncovered all the time.

Unfortunately a federal bill (S.1789) is still in the Judiciary Committee. Here's the bill summary. This might be the first step in forcing companies, who have been breached, to do a little "explaining" to their customers.

Wednesday, March 08, 2006

U.S. Citizenship and Immigration Services Probed for Fraud

A "whistleblower" has brought forward allegations of fraud at USCIS (U.S. citizenship and Immigration Services). With all the recent concerns about the security of our borders, this could be a concern.

Erica Werner of the AP reported:

"The allegations range from employees skipping required fingerprint checks on applicants and issuing duplicate green cards, to more serious accusations of bribery and undue influence by foreign governments. Many of the complaints originated with a whistleblower who took them to Sen. Charles Grassley (news, bio, voting record), R-Iowa."

The new USCIS Director Emilio Gonzalez is acknowledging there might be fraud and has asked that the matter be investigated.

If this turns out to be true, it illustrates that unless internal security is kept under control at organizations, both private and public, fraud will always be a possibility.

This will be an interesting story to follow.

For the full report by Erica Werner, click on the title of this post.

Sunday, March 05, 2006

Boing Boing Reports Citibank Under Fraud Attack

Boing Boing has scooped the press by reporting Citibank is under some sort of fraud attack.

AND in keeping with what seems to be a growing trend, it appears debit cards are being targeted.

Jake Appelbaum, who is currently in Toronto with a useless debit card, wrote:

"The supervisor identified herself as a manager named Carla ID#CRU194. I identified myself as an upset customer whose account was locked for some unknown reason. She asked me a few questions about my location, my issue and then informed me that my card was suspected of fraud."

"Naturally, I perked my ears up and asked for details of any fraud. She informed me that there had been no direct fraudulent transactions on my account. Rather, she informed me that the ATM networks of Canada, Russia and the United Kingdom have been compromised. I used the term class break as a question and she repeated that there has been a class break of the ATM networks in those countries. The ATM network in Canada has been compromised and as a result, using my ATM card over the Canadian network locked my account automatically. She informed me that this has been an ongoing issue for the last two weeks. When I asked why there was no media attention, she said she wasn't sure. I said it was a pretty big deal and she agreed."

"She informed me that I would have to return to the United States to change my pin number before my card would be valid and in a usable state again. When I informed her that I would be traveling outside of the United States for at least a few months, possibly up to six, she repeated that I would have to re-enter the United States to fix the problem."

Poor Jake, stuck in Toronto with no way to get cash and he will have to cross the border to get his PIN number fixed. A testament on how fraud victims are treated, which from what I hear is a frustrating experience for all.

I did some checking and Carla ID#CRU194 was right. This doesn't seem to have hit the mainstream media. I probably should let the people at Boing Boing know that the company (bank), who has been breached tends to be very tight lipped about it.

Maybe if they provided better customer service to Jake, it still would be a deep dark secret.

Interestingly enough, here is a post, I wrote a couple of days ago:

Debit Card Breaches, A Growing Problem

The Privacy Rights Clearinghouse tracks data breaches, the number and velocity of them are pretty scary:

A Chronology of Data Breaches Since the ChoicePoint Incident

Here is my rant on the lack of sophistication in some of these data breaches:

Stealing Data Shouldn't be so Darned Easy

For the full post by Jake and Boing Boing, click on the title of this post.