Saturday, November 04, 2006

More and More - The Jefferson Scandal Does Appear to be a Nigerian Fraud

In late May, I did a post about the Jefferson scandal - where money was discovered in a freezer - that was allegedly "earmarked" for the Vice President of Nigeria, Abubakar Atiku.

At the time, Vice President Atiku stated "that Jefferson was name dropping and obviously committing a 419 (Nigerian Penal Code for Advance Fee) scam."

For anyone that is unfamiliar with advance fee (419):

"Nigeria is one of main sources for all sorts of Advance fee fraud (419) fraud scams. The Advance Fee scam is where a ruse is used to get a victim to part with their money (nowadays normally via wire-transfer) in anticipation of riches (or sometimes love) to come. The best known is the "Nigerian Letter," but the activity has mutated into romance, lottery, auction, check cashing, work at home and reshipping scams."

I also wondered in the post, whether or not, the EFCC (Economic Financial Crimes Commission) would investigate further. Apparently, they did with assistance from the FBI.

Brian Ross of ABC news is reporting:

Acting on information provided by the FBI, Nigerian fraud investigators have now indicted Vice President Atiku Abubakar on 14 counts of corruption, involving tens of millions of dollars allegedly diverted from government accounts.

According to Nuhu Ribadu, head of a new anti-corruption squad created by Nigeria's president, $23 million of the diverted money is still missing. Ribadu said $6.7 million of the missing funds has been traced to a U.S. company tied to Congressman Jefferson's family.

Link to Brian Ross story, here.

Meanwhile both Congressman Jefferson and Vice-President Atiku still deny everything and Mr. Jefferson -- who is running for re-election -- has yet to be charged.

In the original AP story, two of Jefferson's associates have been found guilty of bribery and admitted giving Jefferson other money to bribe African officials. The story also reports some pretty "damning" statements Jefferson made while being taped without his knowledge.

I wonder if and when he (Jefferson) will be charged - $90,000.00 in a freezer is a little hard to explain - even if it is a drop in the bucket when compared to the 6.7 million alleged by the Nigerian investigation.

The EFCC site has a lot of coverage (from a Nigerian perspective) on Mr. Atiku's woes.

Sadly enough - Congressman Jefferson is leading in the polls:

Congressman Jefferson Race Gets National Eyes And New Orleans Ayes

Of note - Jefferson has lost the support of the Louisiana Democratic Party, which seems a wise move on their part.

Nigerian fraud is legendary on the Internet - and the EFCC has had a lot of success in "taking a bite" out of it. Here is a picture of Nuhu Ribadhu, who is in charge of the EFCC and managed the Nigerian part of this investigation:

Since most fraud today has a global reach, some might argue the EFCC is stopping people from being victimized, worldwide.

You can view Mr. Ribadhu's biography, here.

FTC Smacks Zango with Civil Judgment

Paul Young "Digging a little Deeper" inspired my original post on Zango. Having had my now (Mac Techie) daughter download Kazaa a few years back - I "ran away" (fast) whenever I spotted Zango while surfing.

Now the FTC has responded (undoubtedly to massive complaints) and smacked Zango with a civil judgment.

From the FTC news release:

Zango, Inc., formerly known as 180solutions, Inc., one of the world's largest distributors of adware, and two principals have agreed to settle Federal Trade Commission charges that they used unfair and deceptive methods to download adware and obstruct consumers from removing it, in violation of federal law. The settlement bars future downloads of Zango's adware without consumers' consent, requires Zango to provide a way for consumers to remove the adware, and requires them to give up $3 million in ill-gotten gains.

"Consumers' computers belong to them, and they shouldn't have to accept any content they don't want," said Lydia Parnes, Director of the FTC's Bureau of Consumer Protection. "If consumers choose to receive pop-up ads, so be it. But it violates federal law to secretly install software that forces consumers to get pop-ups that disrupt their computer use."

FTC release, here.

To complain about issues like this to the FTC, link here.

Starbucks Joins the "Data Breach Hall of Shame" by Compromising 60,000 "Partners" (Employees)

According to the Privacy Rights Clearinghouse -- which tracks data breaches where personal and financial information was compromised -- 97,148,596 million people have had their personal information exposed since February 2005.

Now Starbucks has joined their list by compromising their "own." Four laptops have mysteriously "gone missing" from their corporate headquarters - two of them contained the information of 60,000 "partners" (employees).

My question is - what was on the other two?

In keeping with keeping these breaches as quiet as possible, it's being reported that Starbucks has been looking for the missing laptops since September.

And of course, the official spin from Valerie O'Neil, their spokesperson is, "The company has not received any reports that anyone's personal information has been compromised."

Ms. O'Neil, there might be a reason for this - Thomas Harkins - who was operations director for MasterCard International's fraud division for about twenty years (now COO of the security firm Edentify) told TopTech news:

"There's so many stolen identities in criminals' hands that (identity theft) could easily rise 20 times." "The criminals are still trying to figure out what to do with all the data."

Since "good identities" fetch a measly $10.00 (estimate) each in these carder forums, the "insider" - who is more than likely responsible for this - could make quite a bit of money for their misdeed.

Ms. O'Neil also stated that we don't have to worry about any secret recipe's being on the stolen laptops. Please note the news account stated she "chuckled" when saying this.

Does this mean that Starbucks values their recipes more than their employees? Would they leave recipes "unattended" on outdated laptops gathering dust in a closet?

Missing laptops are a common theme in data breaches and with all the previously reported breaches, the entire affair bespeaks a lack of "common sense" when it comes to security.

After all - most of these breaches we read about could have been avoided - with a little "common sense."

So far as the victims of all this - the employees compromised - the FTC has a lot of good information on what you should do to protect yourself, here.

To read the press version of this story from the AP (courtesy of the Washington Post), click on the title of this post.

Friday, November 03, 2006

FBI is Going After the Carder Forums

There have been a LOT of us (who have been frustrated and amazed) at the carder forums that openly provide a marketplace for "stolen" personal and financial information on the Internet.

Today on, I was led to an article by Brian Krebs of the Washington Post - which had (in my opinion) some great news.

Brian is reporting:

"The FBI is cracking down on an international identity theft operation that involves the trading of social security numbers; the sale of stolen credit card account information; and phishing, the practice of using e-mail to trick consumers into handing over personal information, authorities said yesterday."

"Called Operation Cardkeeper, the investigation has brought about the arrests of more than a dozen people in the United States and other countries who are members of online communities that specialize in "carding," the trafficking of stolen identities and credit card and bank account information."

Let's hope that this operation is a BIG success and more arrests are forthcoming!

Brian's report, here.

These Internet crooks have victimized a lot of people and would have no qualms about stealing your grandmother's hard earned money.

Of note, the FBI can be credited (in my humble opinion) with developing the right strategy to address a worldwide problem that reaches across borders. Here's a post, I did about this:

Does Teamwork Make Sense in the Age of Compliance

U.K. Security Experts Predict a Nasty Trend in Identity Theft

I've never completely trusted statistics - especially those quoting how many people have had their identities stolen. For one, I've never seen a worldwide estimate and with the global reach of the Internet - identity theft and cybercrime have become a "borderless" activity.

Another problem is that businesses are frequently reluctant to fully disclose breaches and many victims never report the crimes, or give up in the "frustrating process" of trying to find somewhere to report it.

Nonetheless some of the trends are scary and security experts in the United Kingdom are predicting we haven't seen the worst of it yet.

Veronique De Freitas of WebUser is reporting:

Experts have warned of a dramatic increase in online ID theft across the UK. Organised criminal gangs are using the internet to steal computer users' identities, which can be worth more than £85,000, a new study has revealed.

Identity theft experts Garlik claim that ID theft will be worth £4bn by 2010 and will affect 200,000 internet users every year, doubling the amount it currently affects.
Veronique's story, here.

I've seen other stories that "downplay" the amount of organized crime and use of technology involved in credit card fraud and identity theft, but according to Garlik:

“Our study shows organised criminals are responsible for 75 per cent of credit card fraud and are rapidly moving into identity theft. These 'identity brokers' harvest data from online sources and use the information to manufacture and steal identities for criminal misuse,” said Tom Ilube, CEO of Garlik.

CEO Steals His Employee's Identities

Here's a pretty bizarre story - the CEO of "Compulinx" used the identities of his employees to open fraudulent credit accounts.

Chris Gonsalves of VARBusiness reports:

"Federal law enforcement officials Tuesday arrested the well-known CEO of White Plains, N.Y.-based MSP provider Compulinx on charges of stealing the identities of his employees in order to secure fraudulent loans, lines of credit and credit cards, according to an eight-count indictment unsealed by the U.S. Attorney's office in White Plains."

Link to Chris' story, here.

Apparently Terrence D. Chalk (the CEO in question) and Damon T. Chalk (CEO's #1 nephew) are now facing federal charges and a substantial amount of prison time, if convicted.

This is a "sad way" to finance a business. Fortunately, for the employees "victimized," the FBI was watching.

Thursday, November 02, 2006

This Christmas - Hold on to your Receipts if You Want a Refund!

The retail industry is sending out a subtle message to the public - hold on to your receipts if you want a "problem free" refund this upcoming Christmas season!

Michele Chandler of the Mercury News is reporting:

Retailers stand to lose $3.5 billion from returns fraud during the holidays this year, according to a survey released today by the National Retail Foundation.

Criminals are increasingly taking advantage of the holiday bustle and retailers' return policies to get cash for stolen merchandise or return items for a refund after they've been used, according to the first survey on returns fraud by the industry group.

For the year, retailers could lose a total of $9.6 billion because of the practice.
Link to Mercury article, here.

I do firmly believe this is a "BIG" problem, but what isn't mentioned in these surveys and news articles is that a lot of refund fraud comes from within, or is the result of an "inside job."

Quite simply - one of the easiest ways for a dishonest employee to steal cash is to do a fraudulent refund and pocket the proceeds. That way a "cash shortage" doesn't show up in their till.

Another recent concern is the amount of personal information to issue these refunds. Storing all this information could create the risk of data breaches - and as I have written before - the insiders and professionals routinely use "other people's information" to get past all these security procedures.

Bottom line is the "message is clear from the retail industry" -- honest people better hold on to their receipts if they expect to get a refund.

I'm glad the industry is protecting themselves and hope they are taking measures to protect the customers who aren't stealing by using good judgment and protecting all the information they are maintaining in databases.

I also hope this will allow them to focus their security resources on "insiders," who might be a big part of the problem. Whenever people steal, the cost is passed on to all of us.

As for my recommendation - hold on to your receipts and be careful of what information you give out that gets stored in data bases!

On a lighter note, it might surprise you who is behind retail refund fraud, here is a previous post on someone, who surprised a lot of people:

Former Bush Advisor Arrested on Shoplifting Allegations

Wednesday, November 01, 2006

Does Microsoft's Approach to Addressing Counterfeiting Make More Sense?

A lot of companies out there are suing eBay for the sale of their counterfeit goods on the site. Microsoft is taking a different approach and going after the guilty parties involved, personally.

TechWeb did an interesting article with the specifics of Microsoft's latest legal actions, here.

In reality counterfeits are being sold on numerous auction sites, flea markets and even retail outlets. The Arizona Republic recently reported about how counterfeits are being smuggled across the border in massive amounts.

Interestingly enough, they mentioned "pirated software" being sold right on the streets:

Outside Computer Plaza, an electronics bazaar downtown, street hawkers carry binders full of pirated software. They will even help install the software on laptops. Adobe Photoshop, which costs $650 in the United States, can be bought outside Computer Plaza for 40 pesos, or $4.

Link to Arizona Republic story, here.

Getting off subject - this article mentions counterfeit "quality label" scotch being sold. I wonder if anyone has ever been poisoned, or gotten sick from consuming counterfeit goods?

Counterfeiting costs the economy and private companies billions and might cost consumers, also.

The sad truth is that although some people buy counterfeit merchandise (knowingly) - some of it looks so much like the real thing - there are a lot of people, who might actually believe they are getting the genuine product.

There is no telling what can come "bundled" in a counterfeit software package. Malware and crimeware could easily be installed in a system in this manner, along with other "problematic" software applications.

So just as one might get sick from drinking "counterfeit scotch," a computer could come down with a "nasty" virus from installing counterfeit software.

And there is something more personal to worry about -- if crimeware was to be installed in this manner -- the end result of this illness might very well be a person's financial resources and something more important, their identity.

So far as the Microsoft approach to attacking counterfeiting - it is far more realistic in my opinion (going after the source) - and (perhaps) spending financial resources doing this will be a service not only to Microsoft, but the public-at-large, also!

Tuesday, October 31, 2006

Panda Labs Detects Organized Job Scam in Progress

Fraudulent job offers on the Internet that are "too good to be true" are nothing new. Quite simply, they are an attempt by cybercriminals to get someone "else" to launder the proceeds of financial crimes (Internet fraud) for them.

A press release from Computer News is warning:

PandaLabs has detected the mass-mailing of messages with lucrative job offers, aimed at recruiting 'mules'. In Internet slang, 'mules' are people used to launder stolen money, mainly originating from phishing or other online fraud.
What is different about this attack is that it is "highly organized" and therefore dangerous:

According to data from PandaLabs, this is a large-scale attack, using at least 10 Internet domains, and at least seven Web servers in countries including Korea, the United States, Canada, Belgium and Spain.
A Panda employee sums up what could happen to a person getting involved in this activity:

According to Luis Corrons, director of PandaLabs: "Users should treat these supposed job offers with great caution, as they could have serious consequences, including jail sentences. Once the victim has forwarded the money, the trail leading to the real criminals is lost and the mule will be left as the sole accused in any proceedings."
Link, here.

I've written about this activity before if anyone is interested in learning more about it:

Answer a "Too Good to be True" Work-at-Home Ad and Take the Rap ...

Internet Criminals Love to Have Money Wired to Them

Cyber Gangs Luring Children to Launder Money

BBB Worker Takes Job Processing Fraudulent eBay Transactions

How P2P Software like Limewire Compromises Personal and Financial Information

The Denver DA's office recently discovered a lot of personal and financial information exposed by users of P2P (peer to peer) software like "Limeware."

The concern is that this information might be "easily used" to steal identities and commit financial crimes, or worse.

Other well known peer to peer networks besides Limeware are WinMX, Kazaa, Azureus, Bearshare, Zango and Morpheus.

Parents should note that a lot of times, children often are lured into downloading P2P software. My personal experience was when when my daughter downloaded Kazaa on a home computer. Unfortunately, besides music, we got a lot of adware/spyware in the "package," also.

The end result was having to pay someone to "unclog" my system.

According to Wikipedia:

P2P technology as a computer "network that relies primarily on the computing power and bandwidth of the participants in the network rather than concentrating it in a relatively low number of servers. P2P networks are typically used for connecting nodes via largely ad hoc connections. Such networks are useful for many purposes. Sharing content files (see file sharing) containing audio, video, data or anything in digital format is very common, and realtime data, such as telephony traffic, is also
passed using P2P technology.

The dangers of P2P software have been well documented and the FTC has even issued a warning about the use of it, here.

If you insist on using it -- I would highly recommend reading an article by Thomas Mennecke at Slyck News -- where he explains exactly how users are compromised and how they might avoid the problem.

In his own words:
There’s little doubt the threat of identity theft continues to plague the online world – and has become highly focused on P2P. Yet this serious security threat is also the easiest to avoid. This threat to the security of the end user occurs for one reason, and one reason alone.

Link to story about Denver DA finding personal and financial information, here.

Link to Slyck article, here.

Here is a post I did - based on another post by Paul Young (fellow blogger) - on Zango:

Prying1 - Digging Up the Dirt on Zango and Who Advertises for Them

Monday, October 30, 2006

B&B Owners on the Offensive Against Advance Fee (419) Artists

The advance fee artists on the Internet are always looking for a way to make a quick buck.

When they targeted B&B owners, they might have bitten off more than they can chew on.

Here is a warning from "Pillows and Pancakes" - a magazine covering the B&B industry:

The end goal is to get the B&B owner to send money to the scammer. Typically, the scammer will make a booking and overpay for it with either a credit card or forged check. The scammer will request the balance sent somewhere, usually by Western Union. Remember, these scammers are creative and there are many variations on the scam.
To read more on the different variations, link here.

They have listed other links to become aware and deal with this activity, also:

View Names/Aliases

Actions you can take



Unfortunately, I wasn't listed as a "resource," but here are some posts I've done on this type of Internet scam:

419 Artists Arrested and Tie to Funding Terrorists Suspected

Counterfeit Cashier's Checks Fuel Internet Crime

Counterfeit Postal Money Orders Showing Up in IScams Again

Aids Cure, Another Lure in the Internet Fraud Saga

Don't Trust a Bank to Tell You Whether a Check is Good, or Not

Advance Fee Scams with Katrina

And the most current bogus financial instrument a lot of these scammers are using is:

American Express Gift Cheques Being Circulated in Internet Scams

Please note that not even American Express has published anything on this yet - at least as far as I know?

Of course, the most extensive list of resources I've ever seen about Advance Fee (419) is the 419 Coalition Website.

On a closing note, I would like to welcome the B&B folks to this effort to rid the Internet of these "less than desirable" users!

Fraud Victim Put into Collections by Bank of America

The Miami Herald published a story of a fraud victim, who had a debit-card stolen and subsequently was sent into collections. Allegedly, the crook (who stole the card) deposited $18,412.67 in fraudulent checks into the account; then withdrew $3,659.90.

The account holder did all the right things, contacted Bank of America; filed a report with the authorities etc.

Why this wasn't noticed when the account was reported stolen is unclear? Since the total amount of $18,412.67 wasn't withdrawn, you would deduct they noticed the fraud deposits?

BofA isn't commenting, they say because of "privacy reasons."

The Miami Herald offered a pretty good resource to help anyone, who has a similar problem:

"If you have a problem with a national bank and feel like you aren't getting anywhere, contact the U.S. Treasury's Office of the Comptroller of the Currency at 800-613-6743, toll-free. Its Consumer Assistance Group investigates and works to resolve consumer complaints."

Miami Herald story, here.

Another resource is the Federal Trade Commission, who has a consumer page on how to deal with "unkind" collection practices, here.

Sunday, October 29, 2006

A Student Counterfeiting Boarding Passes is a Symptom of a Much Larger Problem

I was pretty amazed when I saw all the "buzz" about a graduate student, Christopher Soghoian, who put up a site to counterfeit boarding passes.

My first thought was Chris was using (too readily available) technology, which has made counterfeiting (too easy to do). Being a "sometimes" frequent flyer, it reminded me why I sometimes get nervous flying.

I have to admit setting up an "interactive site" to counterfeit boarding passes is questionable and could be perceived as a "publicity stunt." It also put Chris at risk of receiving some negative attention, which I hear has already happened.

Criminals, misfits and probably "political deviants" are counterfeiting all kinds of documents and using them for financial gain, or worse.

I hate to inform everyone that Chris' techniques are rather "unsophisticated" compared to what criminals, misfits and political deviants already know how to do. There are even chatrooms dedicated to counterfeiting merchandise and stealing identities and we don't see them getting shut down very quickly.

Nonetheless, Chris has reminded us that we shouldn't be so lax about our security. The truth is there is a lot of counterfeiting out there AND it might be used for something other than a financial crime.

We live in a world - where technology and the Internet - have made counterfeiting too easy and there are signs that it's getting out of control. The problem is that technology has outpaced laws to protect us -- AND even if there is a law - - it's too easy for criminals, misfits and political deviants to hide, or reside in a "rogue country" that doesn't recognize the law.

What's needed are laws combined with strict enforcement to prevent the easy abuse of technology.

Trust me, law enforcement agencies are hampered all the time by these lax laws. I'm also "pretty sure" they're very aware of the counterfeiting problem.

Here are some previous posts, I've written about this problem:

Richard Clarke's Views on Identity Theft

Mexican Organized Crime Ring is Mass Producing Fake Documents ...

If you are interested in seeing Chris' blog - with frequent updates on his adventure - link here.