Friday, December 08, 2006

IT Students Aren't the Only Human Resources that Internet Criminals Desire

In the past couple of days, I've seen a lot of articles about IT (Information Technology) students being taken to the dark-side (recruited) by organized crime.

Reuters is quoting a McAfee report released in the past couple of days.

Although, hiring IT students seems to be the latest story going around, recruiting people to commit Internet crime is nothing new. As the article aptly states, organized crime has the money to recruit whatever experts they need.

And IT students aren't the only ones being recruited.

Starting with the fall of the (Soviet Union) "evil empire" and the rise of Eastern European organized crime, there have been a lot of "technical experts" being used for nefarious purposes. The Reuters article mentions that the tactics being used are the same ones used by the KGB to recruit spies.

In fact many experts speculate that Eastern European crime has a lot of "highly placed" former KGB types in their ranks.

In 1997, FBI Director Louis Freeh stated before Congress:

The Russian syndicates conduct the most sophisticated criminal operations ever seen in the United States, based on their access to expertise in computer technology, encryption techniques and money-laundering facilities that process hundreds of millions of dollars.

According to Freeh, part of that expertise is said to be provided by "former KGB officers working directly with some of those organized crime groups, and that poses an additional level of threat and sophistication.
Story courtesy of Risk Assessment Services, here.

And Russian organized criminals aren't the only players out there.

Dr. Phil Williams, a visiting CERT (Computer Emergency Readiness Team) scientist wrote about this a few years ago:

In recent years, there has been a significant increase in the sophistication of organized crime and drug trafficking groups. Colombian drug trafficking organizations, for example, have followed standard business practices for market and product diversification, exploiting new markets in Western Europe and the former Soviet Union. Criminal organizations and drug traffickers have increasingly hired financial specialists to conduct their money laundering transactions. This adds an extra layer of insulation while utilizing legal and financial experts knowledgeable about financial transactions and the availability of safe havens in offshore financial jurisdictions. Similarly, organized crime does not need to develop technical expertise about the Internet. It can hire those in the hacking community who do have the expertise, ensuring through a mixture of rewards and threats that they carry out their assigned tasks effectively and efficiently.
Dr. Williams full essay, here.

Although, I'm sure IT students are being recruited -- they probably aren't the first -- or the only type of experts being hired.

And there are a lot of disorganized criminals recruiting people, also.

Here are a some previous posts, I've done on so-called "disorganized criminals," who recruit other people to do their "dirty work."

Work at Home Scams

Cyber Gangs Luring Children to Launder Money

BBB Worker Takes Job Processing Fraudulent eBay Transactions

The Hurricane Disasters are a Sad Commentary on Society

During the Katrina and Rita disasters, I blogged frequently about what appeared to massive amounts of fraud going on. Reuters is now reporting that the dollar loss has topped 1 Billion dollars, here.

From government employees to fake charities, it appears a lot of people took advantage of those less fortunate than them in their "time of need."

And not very much of the money seems to have been recovered despite well publicized efforts.

Sadly enough, the public awareness of all the fraud is also likely to make it harder for victims in future disasters. The bottom line is that people - who take advantage of others in their time of need - should suffer severe consequences.

Perhaps, a lack of consequences (common in fraud schemes) is the reason this occurred? To prevent this from happening in the future, we need to make sure there are severe consequences for those committing the fraud, as well as, those who enable it by a lack of oversight.

After all, we were in a state of emergency, when these disasters occurred.

I'm afraid the amount of fraud we've seen come out of these disasters - which affected a lot of innocent people - is a sad commentary on our society as a whole.

Let's hope we do a little better next time.

To read my previous posts on this matter, link here.

Thursday, December 07, 2006

Walmart Employee Scams Customers via Electronic Checks

Processing checks electronically is becoming a standard practice, brought about the Check 21 law, or ACH (Automated Check House) processes.

Electronic checks save businesses a lot of money in processing costs.

Walmart is one business taking advantage of electronic checks - and when a check is written to Walmart - it's scanned in their point-of-sale system - then returned to the customer. From there, everything is handled "electronically."

I read a story put out by KRTK Houston about a Walmart employee, who scammed a customer by keeping the check (supposed to be returned), then used it to purchase merchandise and gift cards numerous times.

KRTK Houston story with video presentation, here.

When the customer noticed the fraudulent transactions on her account, she reported it to the Walmart and the employee was arrested.

The story also indicates that there are other victims out there that haven't been identified yet.

According to the story, the customer isn't being made whole by her bank because she didn't discover the transaction within thirty days and Walmart isn't refunding her money, either.

When check fraud occurs, victims are normally made whole by their bank, who goes after the business by charging them back for the transaction. If a business refunds the customer for their losses, the customer might be able to have the transactions charged back to them, also.

My guess is that Walmart isn't refunding the money because the bank still might charge-back the transactions to them?

Of note, it's probably not completely fair that Walmart is the only one being mentioned in the article. There is no mention of what bank is involved. I hope Walmart and the bank have since sorted this whole thing out and taken care of the people, who were victimized as a result of this.

After all - it only makes sense to do so - processing checks electronically saves them a lot of money by not having to process paper and if more stories surface (like this one), it's likely to affect "consumer trust."

I read consumer tips all the time that we should use our credit cards versus debit cards because they offer better protection in the case of fraud.

Tom Fragala (CEO of Truston) wrote a great post about this, here.

Wednesday, December 06, 2006

Store Detective Discovers Traveling Credit Card Ring

I came across an interesting story about how a store detective at Target caught a group of traveling credit card fraudsters in Washington.

The store detective noted suspicious behavior - customers purchasing large amount of gift cards and did a little checking. When he did, he discovered that the cards being used were counterfeits.

When the merry trio was arrested at a bank down the street, police discovered maps to area retailers, a lot of counterfeit credit cards and - of course - gift cards.

After being identified, the authorites determined that the fraudsters had traveled to Washington from California.

The fraudsters claim that they were using the gift cards to buy things for themselves. Let see, they travel from California to Washington and use numerous counterfeit credit cards to obtain merchandise for themselves?

And the authorities aren't buying their story either -- they are being charged with "leading organized crime."

My guess is that they were going to find a way to convert the gift cards to cash. I recently wrote about the problems associated with gift card fraud and how they are being fenced on auctions all over the Internet:

Why Buying Gift Cards on Auction Sites isn't a Good Idea

Normally - I write from a broader perspective - but this story illustrates how we might be rubbing elbows with some fairly sophisticated "criminal types," while out doing our Christmas shopping.

Jeremy Palowski of the Olympian wrote the story, which attracted my attention to this, here.

Sunday, December 03, 2006

An Identity Theft Protection and Recovery Service Based on Trust

The new identity theft protection and recovery service by Truston is live. The service is unique because it doesn't require you to give up your personal information, which could be stored in a database, and used to commit identity theft if it falls into the wrong hands.

In case you've missed the weekly stories, databases are being compromised all the time and according to the Privacy Rights Clearinghouse (which is keeping tabs), 97,326,222 people in the United States have been compromised by data-breaches since February, 2005.

I probably need to make a disclaimer that this number might grow before I publish this post. Nonetheless, here are the ugly statistics as of this writing.

Tom Fragala, who is the CEO and a former identity theft victim himself did a great post on his blog describing the service:

myTruston is a web-based service that protects you from identity theft. It is simple and safe.

How simple? One minute sign up. And myTruston works by providing you a recipe-like format, one task at a time, for dealing with identity theft. That goes for both prevention and recovering from fraud.

Why is it safe? Because our members never send us any confidential personal information. All we need is your email address to help you. Every other prevention and recovery service requires you to give them your name, address, SSN, and even power of attorney.

What does it cost? Our prevention services will always be free! And our recovery services are free until January 2007.

We’re getting some nice kudos from people. You can see an updated list here. One example:

"Very slick. You're a genius for coming up with something so simple yet effective & helpful. I'll definitely spread the word." - Jed Tucker, myTruston member

The bottom line is that finally we have a resource where someone can protect themselves and recover (if they are victimized) without putting themselves at additional risk.

And even I had no problem "navigating" it!

Here's the previous post, I did about myTruston:

Truston - An Identity Theft Service I Trust

If you would like to check out myTruston, link here.