International Phishing Gang, nailed with a little teamwork!

I suppose it's big news when a phishing gang gets caught. Sadly, few of them ever seem to get nabbed, or prosecuted. Phishing is a crime that is committed across borders with the click of a mouse, or "bot," which makes investigating and prosecuting this type of crime, slightly challenging.

Saying that, the times might be changing, especially (more and more) when U.S. citizens are targeted. Besides this latest series of arrests, the FBI recently conducted a very successful operation against bot-herders in an effort dubbed "Operation Bot Roast."

Bot-herders, who run botnets are behind growing amounts of spam. Spam is the preferred method of spreading scams and other questionable activity across cyberspace.

According to the DOJ press release, 33 phishermen have been hooked, in an operation that was truly International in nature:

A federal grand jury in Los Angeles charged 33 individuals in a 65-count indictment unsealed today for their alleged participation in an international racketeering scheme that used the Internet to defraud thousands of individual victims and hundreds of financial institutions. Seven individuals were charged in a District of Connecticut indictment for their roles in an Internet phishing scheme, including two who were also charged in the Los Angeles case.

U.S. law enforcement authorities are executing nine arrest warrants in the Los Angeles area and Romanian law enforcement authorities are executing search warrants in Romania today in connection with the racketeering indictment.

Supporting the "global theory" of this activity, these phishermen operated from six different countries. They also claimed citizenship from several different countries:

The individuals named in the indictment operated from locations in the United States and abroad including Canada, Pakistan, Portugal and Romania, and include both U.S. citizens and foreign nationals. Sonny Duc Vo, Alex Chung Luong and Leonard Gonzales are U.S. citizens. Nga Ngo, Thai Hoang Nguyen, Loi Tan Dang and Dung Phan are permanent legal residents of Vietnam. Hiep Thanh Tran is a U.S. permanent resident from Vietnam. Caroline Tath is a permanent legal resident of Cambodia. Hassan Parvez is a citizen of Pakistan. Rolando Soriano is a Mexican citizen and is currently charged in Los Angeles with illegal entry by an alien following deportation. Ovidiu Ionut Nicola-Roman; Petru Bogdan Belbita; Stefan Sorin Ilinca; Sorin Alin Panait; Costel Bulugea; Nicolae Dragos Draghici; Florin Georgel Spiru; Marian Daniel Ciulean; Irinel Nicusor Stancu; Didi Gabriel Constantin; Mihai Draghici; Marius Sorin Tomescu; Lucian Zamfirache; Laurentiu Cristian Busca; Dan Ionescu; Marius Lnu; Alex Gabriel Paralescu; and Andreea Nicoleta Stancuta are Romanian citizens. An additional four individuals known only by their aliases, “Cryptmaster”; “PaulXSS”; “euro_pin_atm” and “SeleQtor” are believed to be Romanian citizens.

According to an article in PC World by John E. Dunn, stolen financial details (mostly payment card numbers) were stolen using a fake website. The stolen financial details were then sent via SMS (text) messaging to their cohorts in the United States and counterfeit payment (credit/debit) cards were produced.

After the counterfeit cards were produced, we can assume "runners" went to ATM machines and drained the accounts.

Financial institutions targeted included "People’s Bank, Citibank, Capital One, JPMorgan Chase & Co., Comerica Bank, Wells Fargo & Co., and PayPal," according to the DOJ press release. Although, not a financial institution, the DOJ press release mentioned eBay was a phishing target, also.

Two good resources, largely from the private sector that study phishing and provide a lot of relevant information about the activity are the Anti-Phishing Working Group and Artists Against 419. Besides goverment resources, there are private warriors out there dedicated to taking down phishing sites, also. The PIRT Phishing Incident Reporting and Termination Squad run by CastleCops, a site dedicated to computer and internet security, is a leader in this private effort to curb phishing. PIRT goes after phishing as it occurs in the "wild," or on the Internet.

Most of the information gathered by these groups is provided and used as intelligence by law enforcement resources. As a disclaimer, in this case, it is unknown what private resources might have contributed intelligence to this effort.

Law enforcement resources on a local, national and international level contributed to this latest series of arrests. Most experts agree that cybercrime has flourished in the past because of the inability of members of the "white side of the fence" to come together as a team. Sadly, the members of the "black side of the fence" have seemed to embrace teamwork and the result has been devastating, to say the least.

Last month, Attorney General Mukasey announced a "Law Enforcement Strategy to Combat International Organized Crime." This strategy was developed to combat a growing threat to the stability of U.S. interests posed by organized crime groups.

DOJ press release, here.

Attacks on scam fighting sites prove that they are making an impact against Internet crime!

Just got a comment on my post, Anti scammers under attack by Storm botnet from the folks at Artists Against 419 stating that their site is back up after being under a DDOS (Distributed Denial of Service) attack.

After seeing this, I ran into a good article covering the recent attacks on anti-scam sites by Erik Larkin at PC World (courtesy of InfoWorld). In the article, Eric quoted Paul Laudanski as saying:

"The criminals are in it for the money," he says. "It's a huge business for them. [But] we're in it for the feeling that we get being on the side of right."

So this assault shows that "these sites are definitely doing something right," he says, "because we've got the attention of these scammers. It gives us greater resolve."

PC World story, here.

CastleCops is a great place to learn about the sometimes murky waters of the Internet. CastleCops also runs (PIRT)-The Phishing Incident Reporting and Termination Squad, where volunteers report and take out the bad guys, who make life on the Internet a pain for the rest of us. They are always looking for volunteers to help then fry phish called "handlers," and people, who are willing to forward their phishy e-mails to them.

PIRT takes these sites down and makes sure they get reported to all the appropriate places, including law enforcement.

The Artists Against 419 state what they do on their main page:

The Internet is great, isn't it? It's a magical place, where you can buy anything you want, meet new people, find information... and lose all your money to scammers.

We've never liked that last part, so we started to fight back. Over time our art has evolved, and we now maintain the largest online repository of web sites used in internet fraud.

We offer a complete public interface for our site visitors, as well as database access through webservices which can be used for automated retrieval of fake bank entries. Web browser toolbars use our database feed to warn users that a site they visit is a fake company run by scammers. But most importantly, we continue to build better relations with other anti-fraud organizations and webhosting companies, to pursue our goal of ridding the Internet of fraudulent web sites.

Both of these organizations are run by volunteers that care. They can always use the support of the people they protect. If you get a minute, I recommend taking a look at them to see what they are doing to make the Internet a safer place.

We should all "resolve" to give these fine people our support!

CastleCops has a new online forum about the DDOS attacks, here.

Anti scammers under attack by Storm botnet

I happened to be checking out the Artists Against 419 site (one of my favorites) and discovered that the site is under a pretty nasty DDOS attack.

But apparently, it doesn't stop there. I found this on SlashDot written by capnkr and posted by CowboyNeal:

"It looks like the efforts of the anti-scammers at sites like 419eater, Scamwarners, Artists Against 419, and possibly others have become the target of the Storm botnet. Spamnation has a post about it, and as of this writing none of the above listed sites are responding. Spamnation reports that CastleCops and other anti-spam forums are being DDoSed as well.

Sounds like a massive, concerted effort against the folks who are fighting the good fight. Although I hate it for the owners and admins of the above sites, I think it shows without a doubt that their efforts to 'get back' at the scammers are working."

CastleCops has given some temporary hosting to the Artists, and has a forum discussing the current attacks, here.

The scammers have been going after CastleCops for quite awhile now, and it appears that this time, they were unable to do much damage.

Last week, I did a post about blogger accounts becoming infected by the storm worm. This phenomonen was discovered by Alex Eckelberry, CEO Sunbelt Software, who is a blogger user, also.

The sheer power of the Storm botnet is said to rival the power of the world's top super computers. Wikipedia has been keeping up on the developments regarding it, here.

Nigerian Scam Humor - At Least We Can Chuckle While They "Chop Our Dollars."

If a scammer from Nigeria offers you a bogus payment for your eBay auction item - failure to ship the merchandise to him might bring action from law enforcement authorities.

Apparently, this actually happened as reported by the Register:

"Just thought I had to share this one with you - a scammer won an ebay auction and then sent me a fake paypal receipt to try and get me to send the goods to Nigeria; I ignored them, obviously...but now they've got the police onto me!"

No one was arrested, but this does make for an amusing story. I suppose in the "electronic age," where we register our complaints to a "computer," it was a matter of time before this happened.
For the full story, link here.

Of course in a land, where popular music paints the 419 artists as heroes, it's no wonder we are seeing this. Osofia, a Nigerian musician, had a recent hit called "I Go Chop Your Dollar," which is a parody of the 419 (Advance Fee Scam).

For the video, click here.

The anti 419 folks are known to have a sense of humor, also. Here is a link to the Ebola Monkey Man and Artists Against 419. Sadly enough, it seems that there are a lot of people fed up with the fraud coming from Nigeria (and elsewhere) and trying to do something about it.

And in the recent bribery scandal rocking Congress in the United States- Nigerian Vice President Abubakar Atiku (who was the alleged intended recipient of the bribe) released a statement through a staff-member - accusing Congressman William Jefferson of Louisiana of being a 419er.

Innocent, or guilty - Vice President Atiku obviously has a pretty good sense of humor. I guess time will tell (and the court system), who is joking and who is telling the truth?

Maybe we can get Osofia and Congressman Jefferson on Saturday Night Live to do a parody? Winona Ryder's appearance during her shoplifting trial was immensely popular.

Here is an alternative view of Nigerian Fraud:

419 From the Other Side of the Fence

For more on the alleged 419 scam involving a Congressman:

Is the Latest Congressional Scandal a Nigerian Fraud