Thursday, March 13, 2008

London e-crime conference suggests that hackers are becoming more organized and politically motivated

In the past several years, we've seen a lot of corporate and government systems compromised by hackers. With corporate systems, we assume the intent is financial, however more and more, we hear the term, "corporate espionage" being used. In the global economy, information is often worth more than money.

With regards to government systems being hacked, it's hard to speculate that the attack was financially motivated.

Mandy Clark of Voice of America wrote an interesting article on this subject, while covering an International e-crime congress in London:

British opposition lawmaker David Davis warned an e-crime conference in London that the danger of cyber terrorism is real.

"In America, hackers have already broken into the Pentagon's computer systems; in India, into government ministers' files; in Germany, into the chancellor's," Davis said. "Such attacks could be designed to compromise safety systems, critical national infrastructure, to overwhelm communication systems, or even to cause a run on the bank."

Included in the VOA article is a video containing a lot of commentary from experts from both the government and private sectors:

Cyber Threat report / Broadband - Download (WM)

Cyber Threat report / Broadband - Watch (WM)

Unfortunately, many consider this type of activity open to speculation, or point out that it might be mere propoganda. In the end -- IF this activity is caused by organized crime or those with more political intentions -- it's going to be hard to get the people behind it to comment.

Political misfits, criminals, spies and hackers normally want to keep their activity confidential because transparency often compromises whatever goal they are trying to achieve.

Nonetheless, a lot of experts and lay people agree that we are seeing more of this type of activity and that it is becoming a lot more sophisticated than it used to be.

VOA article by Mandy Clark, here.

United Press International covered this story from a NATO cyber warfare perspective, here.

The Dirty Dozen Tax Scams of 2008

The IRS has been in the news recently because it's name has been impersonated (spoofed) to phish personal and financial information from people tricked into believing the IRS was going to send them money.

Another recent phishing lure spoofing the IRS name was the upcoming economic stimulus package being promised to the tax paying public. In this case, (too good to be true) promises of money were being sent out by spam spewing zombie computers before the details were finalized in the halls of Congress.

These spam spewing zombie computers are part of a botnet. Botnets are controlled by bot-herders, who are known to rent their services to a wide variety of Internet misfits. Bot-herders often use their botnets to commit criminal activity themselves, also.

Zombie computers are created after their owner clicks on a link in a spam e-mail containing malicious software engineered to take control of their system. In the recent past, there have even been examples of malware being injected into a system after just visiting an infected site.

Please note that most of these phishing ploys are designed to clean out your bank account, run up your credit cards, and or allow a criminal to use your good name to obtain additional lines of credit. The fact that they often turn your computer into a zombie is considered an add-on value to the criminal, who can then use your system to deliver spam (scams) to other unsuspecting people.

Today, the IRS issued it's yearly Dirty Dozen Tax Schemes. Since Internet scammers have been so fond of using the IRS's name, I thought this would be a good subject to blog about.

Please note that from time to time, I get anonymous inquiries about where to report tax fraud in the comments section. I've included information oh how to do this at the bottom if this post.

The IRS is sometimes willing to pay a reward for information leading to the successful resolution of an investigation. Your identity is protected if you choose to remain anonymous, also.

From the press release:

The Internal Revenue Service today issued its 2008 list of the 12 most egregious tax schemes and scams, highlighted by Internet phishing scams and several frivolous tax arguments.

Topping this year’s list of scams is phishing, which encompasses numerous Internet-based ploys to steal financial information from taxpayers. New to the “Dirty Dozen” this year is a scheme, which IRS auditors discovered, that relates to unreasonable and/or excessive fuel tax credit claims.

Here is the Dirty Dozen hot off the official press release:

1. Phishing

Phishing is a tactic used by Internet-based thieves to trick unsuspecting victims into revealing personal information they can then use to access the victims’ financial accounts. These criminals use the information obtained to empty the victims’ bank accounts, run up credit card charges and apply for loans or credit in the victims’ names. Phishing scams often take the form of an e-mail that appears to come from a legitimate source. Some scam e-mails falsely claim to come from the IRS. To date, taxpayers have forwarded more than 33,000 of these scam e-mails, reflecting more than 1,500 different schemes, to the IRS. The IRS never uses e-mail to contact taxpayers about their tax issues. Taxpayers who receive unsolicited e-mail that claims to be from the IRS can forward the message to a special electronic mailbox,, using instructions contained in an article titled “How to Protect Yourself from Suspicious E-Mails or Phishing Schemes.” Remember: the only official IRS Web site is located at

2. Scams Related to the Economic Stimulus Payment

Some scam artists are trying to trick individuals into revealing personal financial information that can be used to access their financial accounts by making promises relating to the economic stimulus payment, often called a “rebate.” To obtain the payment, eligible individuals in most cases will not have to do anything more than file a 2007 federal tax return. But some criminals posing as IRS representatives are trying to trick taxpayers into revealing their personal financial information by falsely telling them they must provide information to get a payment. For instance, a potential victim is told by phone or e-mail that he or she is eligible for a rebate but must provide a bank account number (or similar information) to get the payment. If the target is unwilling, the victim is then told that he cannot receive the rebate unless the information is provided. Individuals should remember that the only way to get a stimulus payment is to file a 2007 tax return. The IRS urges taxpayers to be extra-vigilant. The IRS will not contact taxpayers by phone or e-mail about their stimulus payment.

3. Frivolous Arguments

Promoters of frivolous schemes encourage people to make unreasonable and unfounded claims to avoid paying the taxes they owe. Most recently, the IRS expanded its list of frivolous legal positions that taxpayers should stay away from. Taxpayers who file a tax return or make a submission based on one of these positions on the list are subject to a $5,000 penalty. The most recent update of the list of frivolous positions includes: misinterpretation of the 9th Amendment to the U.S. Constitution regarding objections to military spending, erroneous claims that taxes are owed only by persons with a fiduciary relationship to the United States, a nonexistent “Mariner’s Tax Deduction” related to invalid deductions for meals and the misuse of the fuel tax credit (see below). The complete list of frivolous arguments is on the IRS Web site at

4. Fuel Tax Credit Scams

The IRS is receiving claims for the fuel tax credit that are unreasonable. Some taxpayers, such as farmers who use fuel for off-highway business purposes, may be eligible for the fuel tax credit. But some individuals are claiming the tax credit for nontaxable uses of fuel when their occupation or income level makes the claim unreasonable. Fraud involving the fuel tax credit was recently added to the list of frivolous tax claims, potentially subjecting those who improperly claim the credit to a $5,000 penalty.

5. Hiding Income Offshore

Individuals continue to try to avoid paying U.S.taxes by illegally hiding income in offshore bank and brokerage accounts or using offshore debit cards, credit cards, wire transfers, foreign trusts, employee leasing schemes, private annuities or life insurance plans. The IRS and the tax agencies of U.S. states and possessions continue to aggressively pursue taxpayers and promoters involved in such abusive transactions.

6. Abusive Retirement Plans
The IRS continues to uncover abuses in retirement plan arrangements, including Roth Individual Retirement Arrangements (IRAs). The IRS is looking for transactions that taxpayers are using to avoid the limitations on contributions to Roth IRAs. Taxpayers should be wary of advisers who encourage them to shift appreciated assets into Roth IRAs or companies owned by their Roth IRAs at less than fair market value. In one variation of the scheme, a promoter has the taxpayer move a highly appreciated asset into a Roth IRA at cost value, which is below annual contribution limits even though the fair market value far exceeds the amount allowed.

7. Zero Wages

Filing a phony wage- or income-related information return to replace a legitimate information return has been used as an illegal method to lower the amount of taxes owed. Typically, a Form 4852 (Substitute Form W-2) or a “corrected” Form 1099 is used as a way to improperly reduce taxable income to zero. The taxpayer also may submit a statement rebutting wages and taxes reported by a payer to the IRS. Sometimes fraudsters even include an explanation on their Form 4852 that cites statutory language on the definition of wages or may include some reference to a paying company that refuses to issue a corrected Form W-2 for fear of IRS retaliation. Taxpayers should resist any temptation to participate in any of the variations of this scheme.

8. False Claims for Refund and Requests for Abatement

This scam involves a request for abatement of previously assessed tax using Form 843, “Claim for Refund and Request for Abatement.” Many individuals who try this have not previously filed tax returns. The tax they are trying to have abated has been assessed by the IRS through the Substitute for Return Program. The filer uses Form 843 to list reasons for the request. Often, one of the reasons given is "Failed to properly compute and/or calculate Section 83-Property Transferred in Connection with Performance of Service."

9. Return Preparer Fraud

Dishonest tax return preparers can cause many problems for taxpayers who fall victim to their schemes. These scam artists make their money by skimming a portion of their clients’ refunds and charging inflated fees for return preparation services. They attract new clients by promising large refunds. Some preparers promote the filing of fraudulent claims for refunds on items such as fuel tax credits to recover taxes paid in prior years. Taxpayers should choose carefully when hiring a tax preparer, especially one who promises something that seems too good to be true.

10. Diguised Corporate Ownership

Some people are going as far as forming domestic shell corporations in certain states for the purpose of disguising the ownership of a business or financial activity. Once formed, these anonymous entities can be used to facilitate underreporting of income, non-filing of tax returns, engaging in listed transactions, money laundering, financial crimes and even terrorist financing. The IRS is working with state authorities to identify these entities and to bring the owners of these entities into compliance.

11. Misuse of Trusts

For years, unscrupulous promoters have urged taxpayers to transfer assets into trusts. They promise reduction of income subject to tax, deductions for personal expenses and reduced estate or gift taxes. However, some trusts do not deliver the promised tax benefits. As with other arrangements, taxpayers should seek the advice of a trusted professional before entering into a trust.

12. Abuse of Charitable Organizations and Deductions

The IRS continues to observe the misuse of tax-exempt organizations. Misuse includes arrangements to improperly shield income or assets from taxation, attempts by donors to maintain control over donated assets or income from donated property and overvaluation of contributed property. In addition, IRS examiners are seeing an upturn in instances where taxpayers try to disguise private tuition payments as contributions to charitable or religious organizations.

As promised above, here is how you can report one of these scams:

Suspected tax fraud can be reported to the IRS using IRS Form 3949-A, Information Referral. Form 3949-A is available for download from the IRS Web site at The completed form or a letter detailing the alleged fraudulent activity should be addressed to the Internal Revenue Service, Fresno, CA 93888. The mailing should include specific information about who is being reported, the activity being reported, how the activity became known, when the alleged violation took place, the amount of money involved and any other information that might be helpful in an investigation. The person filing the report is not required to self-identify, although it is helpful to do so. The identity of the person filing the report can be kept confidential.

Whistleblowers also could provide allegations of fraud to the IRS and may be eligible for a reward by filing Form 211, Application for Award for Original Information, and following the procedures outlined in Notice 2008-4, Claims Submitted to the IRS Whistleblower Office under Section 7623.

Full press release on the 2008 Dirty Dozen Scams, here.

Sunday, March 09, 2008

When will we realize how serious the problem of counterfeit devices has become?

On March 6th, Queens District Attorney, Richard Brown announced a series of indictments against a major counterfeiting ring. Although based in New York City, the group was operating nationwide. The ring was obtained skimmed card information from hackers in China. Subsequent news reports have stated that skimmed information was obtained from hackers in the Ukraine, also.

From the press release:

Queens District Attorney Richard A. Brown, joined by Police Commissioner Raymond W. Kelly, today announced that a forged credit card and identity theft ring based in Queens County and with roots in the Far East has been successfully dismantled following the indictment this week of thirty-eight individuals. The ring was allegedly responsible for stealing the personal credit information of scores of American consumers and costing these individuals, financial institutions and retail businesses more than $1 million in losses over the past year.
Counterfeit identification documents to match the counterfeit financial devices were being produced, also.

DA Brown explains why this is of greater concern than mere financial crime:

Many of the defendants charged today are accused of going on nationwide shopping sprees, purchasing tens of thousands of dollars worth of high-end electronics, handbags and jewelry with forged credit cards that contained the account information of unsuspecting consumers. Particularly disturbing is the fact that, in a number of cases, the defendants are charged with using bogus documents to purchase airline tickets and then using those documents as identification to board commercial aircraft. In the hands of terrorists such documents could have easily undermined the efforts of homeland security and other law enforcement officials intent on keeping our borders and citizens safe.

Given that the scope of this crime potentially crosses three continents, it probably demonstrates different organized crime groups are working together. The potential these items might be sold to people with twisted political and or religious motives isn't too far a stretch.

It has been reported that Al Qaeda training manuals teach their minions to use credit card fraud as a means of financing their activities.

I doubt if most of these criminals could care less, who they are selling them to. Even if they did, the full intent of the purchaser might not be readily apparent.

Suad Leija -- who has been providing information on a major counterfeiting cartel to the government -- says that this was the reason she turned on her family members running the cartel.

This latest example shows that despite a lot of focus on security to prevent terrorist attacks, counterfeit documents are a clear threat to all of us.

Prior to Suad turning against her family, her husband says he tried to get the cartel to let the government use their database as a tool to identify potential terrorists, who might have already crossed our border.

I'm sad to report that the database was never accessed and that the criminal case against the cartel is facing some serious challenges at the present time.

This series of indictments also shows how the Internet is being used to fence a lot of stolen merchandise. Normally, we hear about it happening on auction sites, such as eBay or Craigslist; however in this instance this group had an e-commerce website of their own. This website,, is still up and running at the time I am writing this.

I decided to run the domain through "Whois" and it’s registered right here in the United States.

Maybe it’s just me, but it appears that we need to take the counterfeiting problem a little more seriously. They appear to be easy to produce and are available to too many people.

They are a gateway for criminals, or worse to commit all sorts of illegal activity. I would love to ask the political candidates running in the current election what they think about this problem.

Unfortunately, my guess is that no one is going to ask them and that this is an issue they would rather not talk about.

Queens District Attorney press release on this, here.

Girl Scouts get scammed with fake $100 bill

(Courtesy of the Pasco County, Florida Sheriff's website)

If you are like me, you've already bought too many cookies from the Girl Scouts. Everywhere I go, there is a table selling them and it's hard for me to say no to them.

After all, supporting organizations like the Girl Scouts has long been considered an honorable endeavor.

It's sad to say that at least one scammer has ripped them off with a fake (counterfeit) $100.00 bill in front of a local Walmart in Texas.

Marianne Martinez Lewisville (CBS 11 News) reports:

The girls were selling cookies in front of the discount store on Wednesday evening when a man said he wanted to buy two boxes. He promptly gave a 100-dollar-bill to the mother of one of the children. After getting his $93 in change, the man left without getting his cookies.

Realizing the man had left his purchase the girls tried to find him, but were unable to. In the meantime, the mother realized the bill was fake but it was too late.

Police say the crook bleached a $5-bill and printed over it to make it look like a $100-bill. Officers say at first glance the bill looks real. "It's the real paper used by the Department of Treasury. Ya know, it has the appearance of a real bill," said Lewisville Police Department Captain Kevin Deaver.
This particular counterfeit $100.00 bill version has been making the rounds for the past few years. Although, it defeats some of the anti-counterfeiting detection devices out there -- largely because the paper is real -- it can be easily caught by the human eye.

These bills are actually $5 bills that have been washed and reproduced as $100 bills. Although at first glance they look and feel legitimate, the way to spot them is by their security features. On the washed (fake) bill the hologram on the right side -- seen by holding the bill up to light -- is Abraham Lincoln. On a real $100 bill, the image is Benjamin Franklin. Additionally, the embedded strips on either side of the bill will say they are $5 bills instead of $100 bills.

Criminals do this by bleaching the bills, then photocopying the $100 bill over it. Unfortunately, portable printing and photocopying technology has made it easy for all sorts of documents to be counterfeited.

For additional ways to determine real money from fake money, the United States Secret Service has an excellent page about it, here.

Another good resource is:

Both of these sites offer training materials for businesses. Using them might be a good option for charitable organizations, also.

Although, no date is set yet, the government plans to issue redesigned $100 bill sometime in the near future. News reports indicate the reason for the redesign is directly related to how many of these washed bills have been seen in recent years.