Saturday, May 24, 2008

China earthquake and Burma (Myanmar) cyclone inspire another round of charity fraud!

(Photo courtesy of IslamicReliefUSA at Flickr)

Last weekend, I lamented that the Western media wasn't reporting the expected fraud activity in the wake of the China earthquake and the Burma (Myanmar) cyclone.

Most of the scam activity, associated with the earthquake, was being reported out of China.

Having been extremely busy in my day job, I didn't get the chance to follow-up and see if this trend would continue. It did not and as expected, inboxes are being targeted with come-ons designed to take away from those, who would really benefit from our charitable impulses.

As expected, we are now seeing fraudsters, using their favorite technique (spam) to trick people out of their hard-earned money and (possibly) their personal and financial details.

The reason, I mention personal and financial details being stolen (identity theft) is because malware is being dropped on systems when unsuspecting people click on a link regarding a plea for financial assistance. Sadly, this more technical means of stealing information is becoming more and more commonplace. Not very intelligent criminals (my opinion) can easily buy all the software necessary to do it -- which sometimes comes with technical support -- right over the Internet.

Of course, identity theft, might not be the only intent in dropping the malware. Frequently, the intent is to take over your system and turn it into a member of a botnet so it can be used as a spam spewing zombie. Most of the time, the owner isn't aware their computer (zombie) is being used to flood cyberspace with spam e-mails.

Internet security firms are reporting suspicious e-mails asking for help and marketable domain names are fetching premium prices.

Sophos went on record that they had detected malicious software attached to some of these spam mails. McAfee also reported malware attached to electronic documents referencing the earthquake. The FBI issued an alert on this subject, also.

As a discaimer, at first sight, it can be hard to determine if a request for a donation is legitimate or not. Charity is a often practiced social-engineering ploy used by fraudsters and associated internet ghouls to steal money.

Besides using the Internet, charity fraudsters also use the telephone, snail mail, or even go door to door. Text messaging is another tool being used to commit charity fraud, also. This surfaced in the activity reported in China last week.

The best thing to do -- before handing over your hard earned money for an honorable cause -- is to make sure the entity receiving it is legitimate. Taking the time to check things out will help ensure the money goes where it is supposed to.

It might also be wise to give directly to an organization. Besides fraudsters, a lot of telemarketing types sell their services to charities and take a cut of the action. Simply stated, this means that less money will reach the people you are trying to help.

Listed below are some places, where you can cut out the middle-man, or avoid handing over your money to a scam artist. Please note, these organizations, might or might not be involved in the current earthquake and cyclone efforts. Current events often dictate the disaster come-on currently being used by fraudsters.

The United Way,, 800 272-4630.

American Red Cross,, 800-HELP-NOW

Salvation Army,, 800-SAL-ARMY

Network for Good,

Habitat for Humanity,, 800-HABITAT.

Samaritan’s Purse,, 800 665-2843.

Save the Children,, 800 728-3843.

Humane Society of America,, 888 259-5431.

Feed the Children,, 800-525-7575.

America’s Second Harvest,, 800 771-2303.

Additionally, if you are interested in charities that do a lot of work in Asia, here is another list:

Doctors without Borders
Mobilizing to provide medical assistance, blankets, water, sleeping mats and tents.

International Federation of Red Cross and Red Crescent Societies
Dispatching teams to assess damages and the needs of victims.

International Rescue Committee
Assessing immediate needs on the ground and preparing emergency response.

Mercy Corps
On the ground providing emergency relief, including water and tents.

On the ground assessing the response effort and responding to victims.

Sending emergency staff to distribute aid and make further assessments of the damage.

In more general terms, there are some excellent sites to check out, whether a charity is legitimate or not:

Better Business Bureau Wise Giving Alliance,

Charity Navigator,

American Institute for Philanthropy,

Last, but not least - I would like to provide some resources to report suspected fraud activity.

If it is cyber related, report it to the Internet Crime Complaint Center.

For more general complaints, fraud can be reported to the Federal Trade Commisssion, here.

International Phishing Gang, nailed with a little teamwork!

I suppose it's big news when a phishing gang gets caught. Sadly, few of them ever seem to get nabbed, or prosecuted. Phishing is a crime that is committed across borders with the click of a mouse, or "bot," which makes investigating and prosecuting this type of crime, slightly challenging.

Saying that, the times might be changing, especially (more and more) when U.S. citizens are targeted. Besides this latest series of arrests, the FBI recently conducted a very successful operation against bot-herders in an effort dubbed "Operation Bot Roast."

Bot-herders, who run botnets are behind growing amounts of spam. Spam is the preferred method of spreading scams and other questionable activity across cyberspace.

According to the DOJ press release, 33 phishermen have been hooked, in an operation that was truly International in nature:

A federal grand jury in Los Angeles charged 33 individuals in a 65-count indictment unsealed today for their alleged participation in an international racketeering scheme that used the Internet to defraud thousands of individual victims and hundreds of financial institutions. Seven individuals were charged in a District of Connecticut indictment for their roles in an Internet phishing scheme, including two who were also charged in the Los Angeles case.

U.S. law enforcement authorities are executing nine arrest warrants in the Los Angeles area and Romanian law enforcement authorities are executing search warrants in Romania today in connection with the racketeering indictment.
Supporting the "global theory" of this activity, these phishermen operated from six different countries. They also claimed citizenship from several different countries:

The individuals named in the indictment operated from locations in the United States and abroad including Canada, Pakistan, Portugal and Romania, and include both U.S. citizens and foreign nationals. Sonny Duc Vo, Alex Chung Luong and Leonard Gonzales are U.S. citizens. Nga Ngo, Thai Hoang Nguyen, Loi Tan Dang and Dung Phan are permanent legal residents of Vietnam. Hiep Thanh Tran is a U.S. permanent resident from Vietnam. Caroline Tath is a permanent legal resident of Cambodia. Hassan Parvez is a citizen of Pakistan. Rolando Soriano is a Mexican citizen and is currently charged in Los Angeles with illegal entry by an alien following deportation. Ovidiu Ionut Nicola-Roman; Petru Bogdan Belbita; Stefan Sorin Ilinca; Sorin Alin Panait; Costel Bulugea; Nicolae Dragos Draghici; Florin Georgel Spiru; Marian Daniel Ciulean; Irinel Nicusor Stancu; Didi Gabriel Constantin; Mihai Draghici; Marius Sorin Tomescu; Lucian Zamfirache; Laurentiu Cristian Busca; Dan Ionescu; Marius Lnu; Alex Gabriel Paralescu; and Andreea Nicoleta Stancuta are Romanian citizens. An additional four individuals known only by their aliases, “Cryptmaster”; “PaulXSS”; “euro_pin_atm” and “SeleQtor” are believed to be Romanian citizens.

According to an article in PC World by John E. Dunn, stolen financial details (mostly payment card numbers) were stolen using a fake website. The stolen financial details were then sent via SMS (text) messaging to their cohorts in the United States and counterfeit payment (credit/debit) cards were produced.

After the counterfeit cards were produced, we can assume "runners" went to ATM machines and drained the accounts.

Financial institutions targeted included "People’s Bank, Citibank, Capital One, JPMorgan Chase & Co., Comerica Bank, Wells Fargo & Co., and PayPal," according to the DOJ press release. Although, not a financial institution, the DOJ press release mentioned eBay was a phishing target, also.

Two good resources, largely from the private sector that study phishing and provide a lot of relevant information about the activity are the Anti-Phishing Working Group and Artists Against 419. Besides goverment resources, there are private warriors out there dedicated to taking down phishing sites, also. The PIRT Phishing Incident Reporting and Termination Squad run by CastleCops, a site dedicated to computer and internet security, is a leader in this private effort to curb phishing. PIRT goes after phishing as it occurs in the "wild," or on the Internet.

Most of the information gathered by these groups is provided and used as intelligence by law enforcement resources. As a disclaimer, in this case, it is unknown what private resources might have contributed intelligence to this effort.

Law enforcement resources on a local, national and international level contributed to this latest series of arrests. Most experts agree that cybercrime has flourished in the past because of the inability of members of the "white side of the fence" to come together as a team. Sadly, the members of the "black side of the fence" have seemed to embrace teamwork and the result has been devastating, to say the least.

Last month, Attorney General Mukasey announced a "Law Enforcement Strategy to Combat International Organized Crime." This strategy was developed to combat a growing threat to the stability of U.S. interests posed by organized crime groups.

DOJ press release, here.

Sunday, May 18, 2008

Chinese Red Cross Site hacked to steal donations!

Whenever a disaster occurs, there are always dishonest people trying to steal the proceeds of charitable contributions.

This is always sad because it takes away from the people, who are in need.

Heike over at the Dark Visitor is reporting that a Red Cross site has been hacked with the intent of "electronically" removing money intended to help the earthquake victims in China:

Verified by the Ministry of Public Security, a section of the official Red Cross website has been illegally hacked. According to the report, criminal elements gained access to the section of the website that held the special accounts for earthquake disaster relief donations.

An individual named Li Bujiu, had opened four fraudulent bank accounts to steal the funding.

Full story with more details from the Dark Visitor Site (Inside the World of Chinese Hackers), here.

Thus far, we haven't seen the flood of phishing, fake charity websites and the like come about as the result of the earthquake in China, or the cyclone in Myanmar reported in the West? Even this story isn't up on Google News yet.

Reuters did recently report that fraud is occurring inside China as a result of the earthquake disaster:
Police issued a warning after a flurry of text messages hit mobile phones, soliciting disaster assistance in emotional appeals, only asking that funds be deposited in private accounts.

The Reuters story -- which does mention that the Red Cross was shut down because of too many vistors (?) and had a page listing bank accounts to contribute to (??) -- can be seen, here.

The story in Reuters references the site,, which as of this writing appears to be up and running.

Not sure why more news on disaster fraud from China isn't being seen? It could be attributed to the "Great Firewall of China," or the fact that hacking and committing fraud carries far more serious consequences in China than it does here in the West.

Generally, if caught, offenses like hacking can mean the death penalty in China. In 2006, China carried out ten times more executions than the next country who still uses captial punishment. Generally, they use one round from an assault rifle (hollow-point) to the back of the head.

Of course, that doesn't mean that there isn't a lot of hacking coming from China. We see stories all the time about Chinese hackers committing corporate and government espionage. The Dark Visitor is an excellent site, run by a former intelligence type, about the mysterious world of hacking in the People's Republic.

I guess the difference on whether you get a bullet in the head, or not depends on whether certain authorities approve of your activity (my opinion). Of course, they are not beyond setting an example from time to time if certain political conditions exist.

Last year, China executed their former food and safety chief (Zheng Xiaoyu) for taking bribes in the wake of all the news stories about defective and dangerous products being exported from China.

With all the humans rights violations, fraud, hacking and deception that occur in the People's Republic, it's amazing that so many companies in the West continue doing business with them.

Sadly enough, some believe this has been at the expense of many people in their own countries. Given the human rights violations, it is also at the expense of a lot of Chinese people, also!

Perhaps, I'm old fashioned, but I sometimes wonder when people will come first?

Sadly enough, greed often gets in the way of this concept.