International Phishing Gang, nailed with a little teamwork!

I suppose it's big news when a phishing gang gets caught. Sadly, few of them ever seem to get nabbed, or prosecuted. Phishing is a crime that is committed across borders with the click of a mouse, or "bot," which makes investigating and prosecuting this type of crime, slightly challenging.

Saying that, the times might be changing, especially (more and more) when U.S. citizens are targeted. Besides this latest series of arrests, the FBI recently conducted a very successful operation against bot-herders in an effort dubbed "Operation Bot Roast."

Bot-herders, who run botnets are behind growing amounts of spam. Spam is the preferred method of spreading scams and other questionable activity across cyberspace.

According to the DOJ press release, 33 phishermen have been hooked, in an operation that was truly International in nature:

A federal grand jury in Los Angeles charged 33 individuals in a 65-count indictment unsealed today for their alleged participation in an international racketeering scheme that used the Internet to defraud thousands of individual victims and hundreds of financial institutions. Seven individuals were charged in a District of Connecticut indictment for their roles in an Internet phishing scheme, including two who were also charged in the Los Angeles case.

U.S. law enforcement authorities are executing nine arrest warrants in the Los Angeles area and Romanian law enforcement authorities are executing search warrants in Romania today in connection with the racketeering indictment.

Supporting the "global theory" of this activity, these phishermen operated from six different countries. They also claimed citizenship from several different countries:

The individuals named in the indictment operated from locations in the United States and abroad including Canada, Pakistan, Portugal and Romania, and include both U.S. citizens and foreign nationals. Sonny Duc Vo, Alex Chung Luong and Leonard Gonzales are U.S. citizens. Nga Ngo, Thai Hoang Nguyen, Loi Tan Dang and Dung Phan are permanent legal residents of Vietnam. Hiep Thanh Tran is a U.S. permanent resident from Vietnam. Caroline Tath is a permanent legal resident of Cambodia. Hassan Parvez is a citizen of Pakistan. Rolando Soriano is a Mexican citizen and is currently charged in Los Angeles with illegal entry by an alien following deportation. Ovidiu Ionut Nicola-Roman; Petru Bogdan Belbita; Stefan Sorin Ilinca; Sorin Alin Panait; Costel Bulugea; Nicolae Dragos Draghici; Florin Georgel Spiru; Marian Daniel Ciulean; Irinel Nicusor Stancu; Didi Gabriel Constantin; Mihai Draghici; Marius Sorin Tomescu; Lucian Zamfirache; Laurentiu Cristian Busca; Dan Ionescu; Marius Lnu; Alex Gabriel Paralescu; and Andreea Nicoleta Stancuta are Romanian citizens. An additional four individuals known only by their aliases, “Cryptmaster”; “PaulXSS”; “euro_pin_atm” and “SeleQtor” are believed to be Romanian citizens.

According to an article in PC World by John E. Dunn, stolen financial details (mostly payment card numbers) were stolen using a fake website. The stolen financial details were then sent via SMS (text) messaging to their cohorts in the United States and counterfeit payment (credit/debit) cards were produced.

After the counterfeit cards were produced, we can assume "runners" went to ATM machines and drained the accounts.

Financial institutions targeted included "People’s Bank, Citibank, Capital One, JPMorgan Chase & Co., Comerica Bank, Wells Fargo & Co., and PayPal," according to the DOJ press release. Although, not a financial institution, the DOJ press release mentioned eBay was a phishing target, also.

Two good resources, largely from the private sector that study phishing and provide a lot of relevant information about the activity are the Anti-Phishing Working Group and Artists Against 419. Besides goverment resources, there are private warriors out there dedicated to taking down phishing sites, also. The PIRT Phishing Incident Reporting and Termination Squad run by CastleCops, a site dedicated to computer and internet security, is a leader in this private effort to curb phishing. PIRT goes after phishing as it occurs in the "wild," or on the Internet.

Most of the information gathered by these groups is provided and used as intelligence by law enforcement resources. As a disclaimer, in this case, it is unknown what private resources might have contributed intelligence to this effort.

Law enforcement resources on a local, national and international level contributed to this latest series of arrests. Most experts agree that cybercrime has flourished in the past because of the inability of members of the "white side of the fence" to come together as a team. Sadly, the members of the "black side of the fence" have seemed to embrace teamwork and the result has been devastating, to say the least.

Last month, Attorney General Mukasey announced a "Law Enforcement Strategy to Combat International Organized Crime." This strategy was developed to combat a growing threat to the stability of U.S. interests posed by organized crime groups.

DOJ press release, here.

DOJ charges 11 in pump and dump stock spamming operation

The Department of Justice has just announced the arrests of 11 spammers involved in a pump and dump stock spam scheme.

Pump and dump schemes victimize people -- lured by the expectation of too good to be true money -- who buy the stocks at artificially inflated prices. They normally lose money when the value suddenly drops because the people behind the scheme sell off their artificially inflated shares.

One of those arrested, an Alan Ralsky is considered one of the biggest spammers around by Spamhaus, which is an organization dedicated to tracking spam.

From the press release:

A federal grand jury indictment was unsealed today in Detroit charging 11 persons, including Alan M. Ralsky, his son-in-law Scott K. Bradley, and Judy M. Devenow, of Michigan, and eight others, including a dual national of Canada and Hong Kong and individuals from Russia, California, and Arizona, in a wide-ranging international fraud scheme involving the illegal use of bulk commercial e-mailing, or "spamming."

This investigation was conducted over a three year period conducted by the FBI, Postal Inspectors and the Internal Revenue Service. The people involved used all the standard spam diversions including falsified domains and e-mail headers, social engineering lures and good old false advertising.

The release also states that they (tried?) to use botnets to send the spam:

The indictment also alleges that the defendants tried to send their spam by utilizing a cybercrime tool known as a “botnet,” which is a network of “robot” computers that have been infected with malicious software code that in turn would instruct the infected computers to send spam. The indictment charges that the defendants earned profits when recipients responded to the spam and purchased the touted products and services. Hui’s primary role in the scheme was to act as a conduit for Chinese companies who wanted their stocks pumped by the scheme. Ultimately, investigators estimate that the defendants earned approximately $3 million during the summer of 2005 alone as a result of their illegal spamming activities.

Recently, the FBI arrested a lot of Internet misfits in what they termed Operation Bot Roast and Operation Bot Roast II.

Botnets have become a major vehicle in which spam is circulated using zombie computers taken over using spam e-mail containing malicious software. Because the owner of the computer normally isn't aware their computer has been turned into a "spam spewing zombie," it also confuses investigative efforts to track the spam to it's source.

It should also be noted that here again, we see another "Chinese connection" in cybercrime. It's pretty interesting that publically held Chinese companies were working with these spammers to have the price of their stock artifically inflated.

Russian nationals were also arrested in this recent case. Eastern European types seem to be heavily involved in the world of cybercrime.

Here are a list of the laws the government is using to bring the spammers to justice:

The 41-count indictment covers three distinct, but interrelated, conspiracies to capture this evolution in their business practices. The indictment charges the defendants with the commission of several federal criminal offenses, including conspiracy, fraud in connection with electronic mail (CAN SPAM), computer fraud, mail fraud, wire fraud, and money laundering. It also charges the defendants with criminal asset forfeiture, as well as charging one defendant with making false statements to law enforcement.

Sadly enough, spammers have been bold enough to spoof all three investigative agencies involved in this case in the recent past. These spamming incidents normally are what are known as phishing attempts, where the intent of the spammer is to steal personal and financial information using social engineering techniques or malicious software.

The FTC released a report on spam a few days ago. One of the findings was that the people behind this activity are best addressed by agencies that have go after criminal activity.

This action and Operation Bot Roast indicate that these actions are already underway.

On the DOJ site right below the header on this press release is a warning about the DOJ itself being impersonated (spoofed).

A lot of people view spam as an annoying phenomenon in their inbox. If you really examine it, spam is the vehicle for just about every annoying and illegal activity on the Internet.

The full press release, including all the names of the spammers being charged can be seen, here.

Task Force puts child predator away for 10 years

There is nothing that disgusts me more than crimes against children, or crimes against the elderly. The anonymous nature of the Internet has made it easier for criminals to distribute child pornography, as well as, for child predators to have access to our young.

I happened to see a Department of Justice (DOJ) press release about one of these predators getting 10 years in prison for being involved in child pornograpy.

On Jan. 3, 2007, Thomas Lane pleaded guilty in U.S. District Court for the Southern District of Indiana in Indianapolis to one count of possession of child pornography. The government's evidence showed that the defendant possessed images and binders with photos of children engaged in sexually explicit conduct. The majority of the images, printed out and organized in the binders, also contained links to Internet Web site addresses. Lane had been previously convicted in 1998 for receipt of child pornography.

DOJ press release, here.

This was accomplished (investigated and prosecuted)by the Internet Crimes Against Children Task Force (ICAC).

Apparently, it was brought about as a result of Project Safe Childhood, which was put in place by Attorney General Alberto R. Gonzales in 2006.

Besides investigating this type of crime, they have a pretty good (my opinion) educational resource to educate all of us on this problem.

The DOJ website can be viewed, here.

Child pornography has been tied into organized crime, identity theft and payment card (credit/debit) card fraud. Here is a previous post, I did about how this occurs:

British citizens accused of child porn found to be fraud victims

In case you haven't seen it, the To Catch a Predator series (Dateline) made a lot of people aware of how serious a problem child predators are. Chris Hansen, who hosts the show, has a blog about the series, here.

If you suspect a crime against a child, it can be reported, here.

Phishermen impersonate DOJ in spam e-mail

DOJ logo. The press release mentions that the e-mail contains their official logo. Copying graphics is extremely easy to do. Internet criminals do this to make their spam e-mails look more official, or even to create totally spoofed (impersonated) websites.

Recently, Internet Phishermen have spoofed the IRS, FTC and the FBI to trick people into giving out personal/financial information. Of course, they spoof a lot of other organizations, also.

Apparently, the e-mail even contains the DOJ logo on it. This isn't very hard to do because copying graphics takes very little technical skill. To demonstrate, I will copy the DOJ logo and place it at the top of this post.

Because this is so easy to do, a lot of fake websites (mostly financial institutions) are all over the Internet.

From the DOJ press release dated June 27th:

The Department of Justice has recently become aware of fraudulent spam e-mail messages claiming to be from DOJ. Based upon complaints from the public, it is believed that the fraudulent messages are addressed "Dear Citizen." The messages are believed to assert that the recipients or their businesses have been the subject of complaints filed with DOJ and also forwarded to the Internal Revenue Service. In addition, such email messages may provide a case number, and state that the complaint was "filled [sic] by Mr. Henry Stewart." A DOJ logo may appear at the top of the email message or in an attached file. Finally, the message may include an attachment that supposedly contains a copy of the complaint and contact information for Mr. Stewart.

Although most phishing attempts are designed to trick people into giving up their personal/financial information, malware (crimeware) automates the process. Here is what the DOJ has to say about that:

Computers may be put at risk simply by an attempt to examine these messages for signs of fraud. It is possible that by "double-clicking" on attachments to these messages, recipients will cause malicious software – e.g., viruses, keystroke loggers, or other Trojan horse programs – to be launched on their computers.

Press release with links of where to report these phishy e-mails, here. There are also some links to government sites designed to educate the public on Internet crime on the news release, also.

If you would like to see how easy it is to copy graphics and make a fraud website look like a legitimate one, Artists Against 419 has a lot of actual examples on their site (see Lad Vampire link), here.

The Anti Phishing Working Group compiles statistics on spam and phishing. Every time they issue a new report (monthly), a new record seems to be set. APWG site, here.





Graphic illustration of what might happen to your computer after "double clicking" on an e-mail attachment from the Phishermen (courtesy of the FBI)!

It appears even the FBI has a sense of humor! Great picture (my opinion).

E Gold accused of being a money laundering vehicle for financial fraudsters and child pornographers

To anyone familiar with crime on the Internet, allegations of criminals using, or manipulating E Gold are nothing new. Like wire transfers, E-Gold gives their customers the ability to transfer the value of gold, electronically. To transfer the gold's value, all anyone needs is a e-mail address, account number and password.

Because of this, the accounts can be prone to phishing, and or crimeware (malware) attacks, using keylogging software. When this happens, the phishermen clean out the account and transfer it, elsewhere. E-Gold's terms of service stipulate that once a transfer is done, it cannot be reversed.

It should be noted that Internet criminals use wire transfer services (MoneyGram, Western Union) for the same reason -- they provide a lot of anonymity.

Apparently a task force from the Department of Justice has been looking into the money laundering angle, and is charging E Gold with several federal charges.

Here is a summary of the action against E Gold from the DOJ press release:

A federal grand jury in Washington, D.C. has indicted two companies operating a digital currency business and their owners on charges of money laundering, conspiracy, and operating an unlicensed money transmitting business, Assistant Attorney General Alice S. Fisher of the Criminal Division and U.S. Attorney for the District of Columbia Jeffrey A. Taylor announced today.

The basis of the DOJ charges are:

The indictment alleges that E Gold has been a highly favored method of payment by operators of investment scams, credit card and identity fraud, and sellers of online child pornography. The indictment alleges that the defendants conducted funds transfers on behalf of their customers, knowing that the funds involved were the proceeds of unlawful activity; namely child exploitation, credit card fraud, and wire (investment) fraud; and thereby violated federal money laundering statutes. The indictment further alleges that the defendants operated the E Gold operation without a license in the District of Columbia or any other state, or registering with the federal government, and thereby violated federal and state money transmitting laws. The indictment alleges that this conduct occurred at various times from 1999 through December 2005.

It appears a lot of different federal agencies worked on this investigation:

The case is being investigated by the U.S. Secret Service with the assistance of the IRS and the FBI. The case is being prosecuted by the U.S. Attorney’s Office for the District of Columbia and the Computer Crime and Intellectual Property Section of the Criminal Division. Assistance is also being provided by the Child Exploitation and Obscenity Section and the Asset Forfeiture and Money Laundering Section of the Criminal Division.

Full DOJ press release, here.

Besides allegedly being used to launder money, E Gold is often used in advance fee and auction scams, which trick people into sending their hard earned cash to fraudsters. I've written about the auction, secret shopper, romance, lottery and job variations of advance fee scams on this blog, frequently.

Like the problems with accounts being phished, or their value being drained because of crimeware, little can be done once the gold (converted to a monetary value) has been transferred.

When password details can be stolen, accounts can be taken over, also. This happens happens frequently on auction sites; when trusted accounts are compromised, then used for fraudulent purposes.

Wikipedia has an extensive article about Advance Fee (419), here.

It will be interesting to see how this plays out!

Virtual Task Force Nets 565 Cyber Criminals

An international (virtual) task force dubbed "Operation Global Con" has netted 565 cyber criminals that have victimized approximately 3 million people.

Attorney General Alberto Gonzalez, who was joined by FTC Chairman Deborah Majoras, Chief Postal Inspector Lee Heath and Costa Rica's Attorney General Francisco Dall’ Anese Ruiz issued a prepared statement:

Over the past 15 months, United States and foreign law enforcement agencies have targeted international fraudulent mass-marketing schemes in the largest enforcement operation of its kind. The results of Operation Global Con have been dramatic – with 565 arrests, both here and abroad.

We all know the annoyance of phone calls, junk mail, and spam and pop-up ads that bombard us with seemingly incredible financial offers. For millions of Americans, these intrusions have been more than a nuisance.

Operation Global Con targeted international mass-marketing schemes. These criminals used telemarketing, the Internet, and mass mailings, to cheat unsuspecting people through bogus investments, fake lotteries and sweepstakes schemes, phony credit cards, and tax frauds.

In Miami, Florida, for instance, two defendants allegedly duped investors in the United States and Europe for more than $3 million dollars. Investors in Discovery Capital believed it to be legitimate because the defendants would occasionally use funds received from new investors to send out purported interest and dividends. Allegedly, the rest of the money went to fancy cars and million-dollar homes for the defendants.

Link to prepared statement, here.

The effort was done with the partnership and support of several countries, including Canada, Costa Rica, Spain, the Netherlands, the United Kingdom, New Zealand and Nigeria.

Also released on the DOJ site was a fact sheet, which gives more detail on this operation.

This is positive news, but my best guess (based on extensive study of the subject) is that there are plenty more cyber-criminals still in business out there. The positive part of it is the fact that we are now seeing signs of "international cooperation" into what has been dubbed a "borderless" problem.

If you think you have spotted one of these scams - or are a victim - the best thing to do is report it.

Here are some good places to do so:

Federal Trade Commission

Internet Crime Complaint Center

If you are Canadian, Phonebusters is the place to go to report activity, or seek help.