Friday, November 28, 2008

Home Equity ID Theft Ring Points to a Bigger Problem

On Monday, Federal authorities informed the public of a series of arrests where identity theft was used to steal the equity out of homes. I guess we've already lost so much money in the mortgage crisis, the identity thieves figured it wouldn't matter?

The four arrested on Monday were Derek Polk, Oluda Akinmola, Oluwajide Ogunbiyi, and Oladeji Craig. The four appeared in federal court in Los Angeles, Newark, Buffalo, and Springfield. Also arrested for home equity schemes between August and October were Daniel Yumi (Brooklyn), Yomu and Olokodana Jagunna (Queens), and Abayomi Lawal (Brooklyn).

Strangely enough — although no one in the mainstream media is saying — most of these names sound slightly foreign. Judging by the surnames my best guess is that they are originally from West Africa, probably Nigeria. Stories of Nigerian fraud are extremely popular in the media so I'm surprised no one took this opportunity to put that twist to this story.

In all fairness, in previous posts, I've lamented that fraudsters often pose as Nigerians or the media incorrectly pegs fraud as coming from Nigeria when it doesn't. There is no doubt Nigeria is known for a lot of fraud, but they didn't invent it and are not the only players in the game.

It should also be noted (out of fairness) that court documents reflect the federal authorities stating that this is the result of an investigation into a multi-national identity theft ring. There are a lot of fraud groups out there, both foreign and domestic, and many of the experts have concluded they are working together when it suits them.

The proceeds of these home equity scams were wired all over the world, including South Korea, Japan, China, Vietnam, Canada, and the United Kingdom. According to news accounts about $2.5 million was wired and the total take in the scheme was about $10 million.

Sadly — although this has been called out as a problem frequently — a lot of fodder (information) used in the scams was obtained by none other than public record searches. The public records used even contained credit applications, credit reports, and the victims' signatures, according to the FBI. BJ Ostegren — who was kind enough to give me a personal demonstration a while back — is the champion of exposing just how much of this information is out there for anyone to grab. If you want to see exactly how much information is available, her website is a good place to start.

Also mentioned in the criminal complaint was that fee-based Internet services were used to obtain some of the information. This is a huge business, which nets billions of dollars a year for the people selling it. I did notice that no one is saying which one of the services were used.

It should also be noted that information like this is bartered in forums on the Internet. Symantec just released a report showing how cheaply some of this information can be obtained. This type of activity is fairly well known and the FBI recently cracked one of the forums (Dark Market). This group allegedly racked up about $70 million in fraud, worldwide.

The individuals arrested in this scheme also used a lot of known technological fraud crutches, such as caller ID spoofing, prepaid cellular, and forwarding calls without the owner's knowledge. Tricking a phone company into forwarding calls is no problem for most fraudsters as little to no due diligence is performed before it is done. You can have your carrier block this feature, or password protect it (recommended) — however doing this is left entirely up to you. So far as caller ID spoofing — it's essentially legal — and anyone can purchase the means to do it right over the Internet.

There probably won't be any effort to change call forwarding, or caller ID spoofing as it is a lucrative income stream for telecom businesses.

You would think as long as we are in a world-class financial crisis, we might begin to wake up and smell the coffee? Although, we can't blame fraud as the cause of the entire crisis, I often wonder how much of a contributing factor it is. We've made identity theft too easy to do and hard to control. The people who committed this latest form of identity theft probably aren't the sharpest tools in the shed. They are just taking advantage of other people making a lot of money by making too much information available and not protecting it.

If you look in the mirror you might get an idea who suffers from this seeming inability to fix a growing problem. Even if you aren't victimized, we all pay for it in the end — either in an organization's expense line or in the form of a government bail-out.

I'll close with a with an interesting satire written by Phillip Maddocks, which came out in the Norwich Bulletin entitled, "Credit card fraud gangs say they can fix economy but need government loan." This satire is about the heads of several credit card gangs who are seeking a government handout to keep credit card fraud alive because it is beneficial to the economy.

Although this is a satire — it has a ring of truth to it!

Unfortunately, we allow a lot of dumb things to continue because someone thinks it's beneficial to the economy.

E-Cards with a Dangerous Twist Spotted on the Internet

(Courtesy of Websense)

With the holiday season upon us, spam campaigns of a malicious nature will start springing up bearing yuletide greetings.

Just the other day, Websense sent out an alert that malicious software authors already are using social engineering techniques with a Christmas theme to compromise your home machine. The instance they are reporting uses spam e-mails offering free animated postcards.

Those unfortunate enough to attempt to get free e-cards will download a Trojan. The spam e-mails are spoofed to appear as if they come from The fact that malware (postcard.exe) is being installed on a machine is covered up with a xmas.jpg image.

Quite simply, once installed it allows cyber-scrooges to control your machine and or steal all the personal and financial information off it. The information is then normally used to steal money.

This type of attack is nothing new and seems to surface every year at this time. The next step in these campaigns normally are more personalized spam e-mails designed to do the same thing (download malware). Please note these e-mails are normally spoofed to appear as if they come from a legitimate e-card retailer.

Last year, American Greetings put up a page on their site to educate people how to spot and avoid falling victim to this type of attack. First and foremost, they recommend that if you are suspicious at all to go to the company site and try to pick up the greeting from there. Most (if not all) of the legitimate sites offer this service. The page on their site contains additional ways to identify "e-card garbage" and is well worth a look if you are unfamiliar with how to spot malware attacks using spam e-mails.

American Greeting put up this page after an attack on their brand. In this attack, some of the e-mails appeared to come from a known (trusted) person. My guess is this happened from an already compromised machine, where a spammer gained access to an address book and sent the e-mails out. Some forms of malware do this without any human interface.

I went to the site and thus far they have no warnings about this that I could find.

While the best thing to do is to avoid clicking on spam e-mail containing malware, the second best thing is to employ solid anti-virus software and a firewall from a reputable vendor like Websense, Sunbelt, or Symantec. Most of these vendors are on top of malware being issued in the wild (on the Internet) and they even share information with each other.

Sunday, November 23, 2008

Outrageous Porn Pop-Up Case in Norwich is Over

If there were ever a modern case that could be compared to the Salem witch trials, it would be the effort to prosecute Julie Amero, a Norwich, Connecticut school teacher for (allegedly) exposing her students to pornography.

Julie was convicted on four counts of exposing kids to pornography after she turned on a spyware-infested (school-owned) machine and a flurry of porn pop-ups began appearing on the screen. Julie, who was merely a substitute teacher, didn't know what to do and the teenagers in her class witnessed the event.

Even worse, the school district had let their content filtering software expire. Computer experts later discovered the spyware infestation was caused by someone accessing a hairdressing site. Presumably, this site was accessed by a student, who wasn't aware of the spyware and didn't know the school district had let their content filtering expire.

On Friday, Alex Eckelberry, CEO of Sunbelt Software, announced that the Amero nightmare is over in his popular Sunbelt Blog. Sadly though, she still had to plead to a misdemeanor charge of disorderly conduct. The result was a $100 fine and she has had her teaching credentials revoked in Connecticut.

Considering in the initial trial she was facing a conviction on four felony counts — which could have netted her 40 years in the slammer — I suppose this is a win?

"She acquiesced to the lesser misdemeanor charge, and while it may have been a bitter pill to swallow, she can at least can move on now without this sick cloud hanging over her head. It was less than two years ago that Julie was facing felony charges with a maximum of 40 years in prison," according to Alex Eckelberry,

Alex and a host of people from the computer security industry, along with a pro bono attorney, William Dow, led the effort to expose this injustice and get Julie a new trial. The number of people who got involved in this is amazing and many of them are mentioned in Alex's blog post.

I found this case amazing since malicious and even so-called commercial sites infest unprotected machines with all kinds of "ware" on a daily basis. In this case, it was the industry that protects computers from unwanted "ware" that had to step in and educate the authorities that there was a problem with the intent in the case. Perhaps the authorities should have hired someone a little more knowledgeable in computers in the first place before attempting to prosecute Julie.

Sadly, Julie's health has been failing as a result of the stress induced by this prosecution. Even sadder, with all the real crime on the Internet, which rarely ever results in a prosecution, a lot of taxpayer money was wasted going after someone who most believe was completely innocent!

I've written a few posts about the Julie Amero story. It's ironic that Internet porn, which is allegedly controlled by organized crime, translated into a teacher being charged for turning on a computer for the first time. Even more ironic is that in those four years, very few, if any, of the people behind the actual problem have been brought to justice. Also, ironic was a WebMD survey that found that Internet porn reaches most children, including the age of the teenagers present in Julie's class that day. The truth is that most of the teenagers in the class have probably seen worse, unless they've never surfed the sometimes murky waters of the Internet.

The ironies in this case are many and in the end, history will write it that way.