Saturday, March 28, 2009

Counterfeit Documents Enable Dangerous Criminal Activity

For the past few weeks, the news has focused on all the blood being shed on our southern border. While there is no doubt that this activity is scary and real, these gangs have to be a little more low key when they perform their day-to-day operations.

In order to do this, they need to blend in with the rest of us. When setting up residence to operate their illegal businesses, these criminals need to appear legitimate. The way they do this is with a wide variety of counterfeit documents. These counterfeit documents enable the rest of the illegal activity to occur, which makes them a weapon that could be a lot more dangerous than an assault rifle, IED or RPG.

Although the news media is drawing attention to this problem (yet again) because of the violence on the border, the violence and resulting concerns about border security are nothing new. Neither is the use of counterfeit documents by the criminals crossing over the border and setting up residence in the United States.

A PBS Frontline story from 2001 illustrates the worst case scenario of this problem. It details how terrorists are specifically trained to use counterfeit documents to move across borders. The story states that using counterfeit documents is part of the security training of Al Qaeda operatives. This story also states that the terrorists affiliate themselves with organized criminal syndicates that smuggle humans and provide counterfeit documents to accomplish this.

If an undesirable person has documents that appear to be legitimate, it’s no problem to cross a border or set up residence in a neighborhood just about anywhere.

Because of this, the plea bargain made with Pedro Castorena-Ibarra — who allegedly masterminded the production of high quality counterfeit documents from coast to coast — is an interesting chapter in the long running border security saga. Quite simply, these counterfeit documents enable all kinds of criminal and some say, potential terrorist activity.

At one time, Pedro Castorena-Ibarra was considered one of ICE's most wanted fugitives. A five year investigation uncovered his involvement in the production of millions of counterfeit documents, which were sold to anyone with the money to buy them. The plea bargain stipulates that Castorena will testify against other people in the counterfeit documents trade. When doing the research on this, I noticed that there isn't very much public information on exactly who he is going to testify against.

One of the problems with prosecuting Castorena came about when a lead ICE agent assigned to the case, Cory Voorhis was indicted for using a government intelligence system in an unauthorized manner. While working the Castorena case, Voorhis decided to take a look at former Denver District Attorney Bill Ritter's plea bargains with illegal immigrants.

This information was subsequently used in an attack ad on now Governor Bill Ritter. The specific information used in the ad was about an illegal alien, who received one of these plea bargains after being accused of dealing heroin, and was allowed to plead guilty to trespassing. Voorhis discovered this same illegal immigrant had been previously arrested (but never convicted) on sex charges in California under a different name. How much do you want to bet he had access to counterfeit documents? Ritter called for an investigation and Voorhis ended up getting tried in federal court.

Voorhis was accused of accessing information he wasn't authorized to see in a government database (NCIC), which was later found to be incorrect. The National Crime Information Center is a database maintained by the FBI that records data on crimes. It came out in the trial that he actually used the web based link to this system instead of the TECS (Treasury Enforcement Communication System) that he was accused of accessing. This came out in testimony from a government witness and was corroborated in a FBI forensic analysis of his government computer. Because of this, it was determined that Voorhis never exceeded his authorized level of access.

Additionally, the information he accessed was in the public domain and could probably been found using other tools besides NCIC, some of which are available to anyone.

Voorhis has maintained he was trying to force change in what he considered questionable legal proceedings. There might be a few people out there that agree that it doesn't serve the best interests of justice to allow a heroin dealer to plead guilty to a trespassing charge (?). This person wasn't here legally and we might not even know his true identity.

Voorhis has since lost his job – and despite the outcome of the trial – was not allowed to testify in the Castorena trial. Many believe the attempt to prosecute Voorhis isn't much different than the much more public cases of Ignacio Ramos and Jose Compean.

In a recent article, former Congressman Tom Tancredo wrote about this, he points out that it seems to be more dangerous to be a federal officer charged with protecting our borders than to be one of the criminals crossing it. Please note that in the Ramos/Compean case, as well as, the Voorhis case — the immigrants involved were not here to find honest labor. Voorhis has a website, which has a lot of information on this case.

This includes a press release by Congressman Tancredo calling for ICE to give him his job back. The press release points out that the charges against him were found to be incorrect and he was exonerated. This would lead most of us to believe that this is a reasonable request (?). If it only took two hours to acquit Voorhis, there is a pretty good case that the prosecution's evidence in this case was pretty weak (opinion). It’s ironic that the effort to prosecute Castorena was dealt a death blow when Voorhis wasn’t allowed to testify against him even though he was found innocent.

The Voorhis site has an area, where people can donate to help him pay for the considerable legal costs incurred to defend himself. Of course, there might be another reason for making the deal with Castorena. In the world of plea bargains, deals are sometimes made to go after a bigger fish in the pond. Just who Castorena is going to testify against is open to speculation, but it might be against the Leija-Sanchez organization.

The Leija-Sanchez arm of the counterfeit documents trade operated out of the Chicago area and is reputed to be tied in with the Castorena organization. The step-daughter of the boss of this organization (Manuel Leija-Sanchez) has provided a lot of evidence on the scope and wide reach of this organization to the authorities. Please note, that like the drug cartels in the news recently, this cartel has also been found to be capable of violent activity when someone gets in their way.

Suad Leija is the step-daughter of Manuel Leija, who involved her in the counterfeit documents trade from an early age. Suad was recruited by a mysterious gentleman with obvious ties to the intelligence community, who is now her husband. The intent was to leverage the organization to identify potential terrorists, who had used their services.

The deal fell through and Suad headed north to assist the government in identifying the scope of the operation in North America. Since then there a lot of the key players in the organization have been identified and arrested, but the case is ongoing and ICE will not comment on it in public. Saud’s stated motivation in this effort is to prevent terrorists from using these documents to commit harm against the general public.

The Suad Leija story, which has been covered extensively in the mainstream media, is chronicled on her own site, Paper Weapons. If you want to see how widespread the problem of counterfeit documents is, the site is a good place to start. Suad provided a lot of the information, which tied in the Castorena branch with the Leija-Sanchez organization. The ties are pointed out on her site.

Please note that this is a very brief overview of the Suad story and if you are interested, her site covers it in great detail. The problem with counterfeit documents is a tendency to associate them with illegal immigrants trying to make a better life for themselves or teenagers sneaking into bars. The real issue is that they are sold to anyone and used by criminals who have a more sinister intent than to make a better life for themselves or sneak into a bar.

No matter where you stand on the illegal immigrant issue, the fact that the trade is controlled by criminals often leaves those with dreams of a better life open to a wide-array of abuse. This includes being enslaved and forced to commit crimes by the people, who bring them over the border.

Another common misconception is that these documents are being sold exclusively to our Hispanic neighbors to the south. The truth is they are being sold to anyone with the money to buy them. Our southern border has become the preferred route for anyone who wants to illegally enter the United States. All the resources needed to gain entry (illegally) seem to be readily available there.

On Friday, Sara Carter released an article in the Washington Times about the ties between the drug cartels on the border and Hezbollah joining forces to smuggle drugs and humans into the country. Although not mentioned in the story, these people obviously would need documents to set up shop once they cross the border. In fact, in theory at least, they might use them to cross the border.

Because, I found the story interesting, I made contact with Suad Leija’s husband, who told me that he gave this information to Carter a few years ago and pointed out that Lou Dobbs has also covered aspects of this story. Both Carter and Dobbs have covered the Suad story, and interviewed her, personally.

During this conversation, he told me that the specific information given was about an operation he proposed called “Tag.” Tag predated his involvement in the Leija-Sanchez operation and was designed to set up a means to provide documents to people illegally entering the country and then "chip" them so that specific targets could be tracked.

The original intent of the Leija-Sanchez operation was to get the cartel to cooperate in identifying and monitoring potential terrorists coming into the United States, illegally. Tag might have become part of this operation, if it had ever taken place, according to Suad's husband.

He told me the Hezbollah connection was nothing new and confirmed it comes out of the tri-border area in Paraguay, which hosts a large Islamic population. The residents in this area emigrated from Lebanon primarily in the aftermath of 1948 Arab-Israeli and the 1985 Lebanese civil wars.

He also mentioned that, according to Suad, the Islamic immigrants were paying $5,000 each to be brought across the border when the Leija-Sanchez organization was involved. Complete sets of counterfeit documents were included in the deal.

Parts of this story have surfaced before; MSBC did a story on the tri-border area of Paraguay and the Hezbollah connection. This story covers the terrorist financing aspect and potential threat to the United States. Michelle Malkin also did a post on her blog mentioning that FBI director Robert Mueller mentioned Hezbollah members crossing the border in testimony before Congress in 2006. She also mentions Mueller referring to terrorists assuming Hispanic identities and crossing the border, while in Texas in 2007. In October of last year, the Los Angeles Times did a story about Hezbollah laundering the proceeds of Colombian Drug Money. The story mentions that the cocaine being sold was going to the United States and other destinations.

Carter, who covers the border situation on a regular basis, has also done stories on the Mexican military crossing the border in support of drug smugglers and even firing shots at U.S. law enforcement. In one of the stories about this, which I saw on YouTube, Carter stated she got some of this information for the harder working illegal immigrant types. She mentioned that they hide from these groups in order to avoid being victimized by them.

Maybe these hard working illegal types are trying to tell us something?

Even more ominous, was President Obama's recent revelation that Al Qaeda was planning attacks on U.S. soil from their hideouts in the tribal belt in Pakistan. If this is true, the first thing these terrorists will need when they enter our country are counterfeit documents so they can blend in with the rest of us.

If you take a look at any aspect of the insecure situation on our border, counterfeit documents are more than likely involved in one way or another.

After all, it is a known fact that the last time a terrorist attack was carried out on U.S. soil; it was accomplished by individuals who used fake documents to enter the country to commit their dirty deeds on 9-11-2001.

Sunday, March 22, 2009

Symantec Indian Call Center Employee Selling Credit Card Details (Shocking)!

A story of an undercover investigation by the BBC shows how dishonest employees at call centers — who collect plastic payment card details on clients — might be making a little extra pocket change by selling them.

The focus of the BBC story is centered on an Indian call center employee for Symantec Security Corporation stealing payment card information. It is also centered on UK customers, which is understandable given it is the BBC, but the reality is that information is stolen then sold from countries all over the world.

Payment card details are handled by telephone at call centers in a lot of places and the calls come from all over, too. A lot of companies have different tiers (levels of personnel) handling calls, depending on the difficulty or nature of the call. At a lot of major companies, these tiers are located in different centers, which are in different countries. Any call might start in one country and, given the nature of the call, it could be transferred to another center located in another country. Given this, payment card information can be sent and then illicitly recorded over a fairly wide geographical area.

Besides that, dishonest employees are caught on a regular basis in a lot of different places. They don't all necessarily reside in India and call centers there are not the only place payment card information can be compromised. In fact, payment card information can be compromised anywhere (not just call centers) where they are used at a point of sale.

Information crooks are recruited and some think even planted anywhere financial information can be stolen. Even if they are not, payment card details are being bartered in forums on the Internet. It probably wouldn't be very hard to find a place to sell credit/debit card information when all it takes to do it is a click of a mouse.

The BBC story, which aired on video, chronicles an investigative effort by their reporters on the streets of Delhi. In the segment, it shows reporters making contact with the underground broker, who offers them payment card details from "all over the world" for $10-$12, each. It then shows a buy being made and money changing hands.

When the information was checked, it revealed that only one in seven card numbers were actually usable. They were able to trace some of the good numbers to a call center handling Symantec (Norton) products. The story stated that there has only been one successful prosecution in India for this type of crime and that it netted a non-custodial sentence. It also stated that the laws regarding the protection of data are not as stringent as they are in some places. The story mentions that Symantec's official comment was that it was an isolated incident and that the employee was removed.

Since one to seven card details turned out to be real, I guess we can assume the underground broker wasn't being completely honest. I've also seen reports of credit card details being sold for a lot less and you don't have to travel to India to find them.

In November, Symantec — the point of compromise in the story — issued a report on the underground economy, which focused on this very subject. "Credit cards are also typically sold in bulk, with lot sizes from as few as 50 credit cards to as many as 2,000. Common bulk amounts and rates observed by Symantec during this reporting period were 50 credit cards for $40 ($0.80 each), 200 credit cards for $150 ($0.75 each), and 2,000 credit cards for $200 ($0.10 each)," according to the report.

If this report is anywhere near accurate and the BBC was buying card details at $10-$12 each — if only one to seven was good in the Delhi exchange — the BBC was getting ripped off!

According to the 68-page report by Symantec, these details can be bought anywhere that has an Internet connection. Counterfeit instruments (ready to use) are often sent through the mail, too. The information is sold via IRC (Internet relay chat) channels in forums designed to market stolen financial information. Although credit/debit card details seem to dominate the scene, a lot of other information is sold that can be used to commit financial crimes and identity theft in these forums, too.

If you don't want to believe the Symantec report, the FBI took down one of these forums not very long ago. This forum known as Dark Market was responsible for about $70 million in fraud, worldwide. My best guess is that the information in the report is pretty accurate.

Although dishonest insiders are the cause of a portion of it, we should remember that hackers breaking into business systems, phishing, malicious software and even the trash can be sources of stolen information. The places targeted for information can be merchants, restaurants, goverment organizations, charity organizations, universities, medical facilities or anywhere payment card information is used at a point of sale.

Keeping up with all the points of compromise is difficult, but one place that attempts to is the DataLossDB site. Please note that the unknown data breaches are the most lucrative for the criminals behind this activity. Once a breach is discovered, measures are enacted to disable the stolen data.

It can be extremely difficult, if not impossible, to identify the point of compromise in most individual cases. The reason for this is there are too many different places where information might have been stolen from.

Maybe that's the problem, or we are storing and transmitting too much information all over the place? Since everyone is making money by transmitting information, I doubt this practice is going to stop anytime soon. So far as outsourcing, I doubt this is going to stop in the near term, either. Companies save a lot of payroll by outsourcing jobs. Payroll is a big expense for corporations and cutting payroll seems to be in vogue these days.

Nothing is going to change until laws are passed that force everyone making money from this information start doing the right things. This includes laws that prohibit people from being irresponsible (my opinion) to laws that punch the criminals stealing the information where it hurts.

Until then, the rest of us will have to batten down the hatches and weather the storm. I highly recommend making sure your information is protected as well as it can be (there are no guarantees) by protecting your own electronic transmissions. Monitoring financial activity — from your financial statements to information on your credit report and the Internet — is a good idea, too. Of course, while doing this, you need to ensure your electronic transmissions are protected by a reliable vendor and that you aren't paying for protection that you could get for free. Sadly enough, everyone claiming they can protect you isn't necessarily being completely honest, either.