Tag Archives: bar code

The Phisher King Goes To Jail

Another phisher jailed, and another example, if any were needed, of the Russian gravitional pull to such tricks. But there’s a backstory to this that all accounts have ignored. Here’s the meat, first, from The Register:

An American who masterminded the UK part of a multi-million pound ID theft scam was yesterday jailed for six years. Douglas Havard, 24, was sentenced on Monday at Leeds Crown Court after pleading guilty to conspiracy to defraud and conspiracy to launder money. His accomplice, Lee Elwood, 25, of Glasgow, was jailed for four years after pleading guilty to the same offences in June 2004.

The court heard the duo were integral to a phishing scam that netted an estimated £6.5m. The duo operated the UK end of an international operation that tricked consumers into handing over their banking credentials to bogus websites. The pair used credit cards obtained under false names, money raided from compromised bank accounts and the illicit purchase and sale of goods online to finance a lavish lifestyle.

According to a report on kvue last year, Havard was allegedly just one of

15 global middlemen linked to the hackers, who systematically stole from hundreds of bank accounts daily, one of Mr. Havard’s former associate says.

But it’s the Douglas Havard guy who is most interesting, and an example of the kind of people getting drawn into the phishing world: Check out this long and fascinating account from the Dallas Observer three years ago, when Havard was still on the run. One particular episode caught my eye:

Take the bar code scam, which allegedly began during Havard’s sophomore year at Winston. Havard bought a special printer and high-gloss paper precut in the shape of price stickers, with adhesive on one side. The equipment and materials were specialized, but not exotic; he could buy all he needed at an office supply store.

Havard went to Target and purchased, say, a box of Legos for $17. He duplicated the bar code on the Legos and then went back to the store. As he browsed through the toy department, he’d slap a bar code sticker reading $17 onto a box of MindStorm Legos that sell for $200 a box.

At the checkout, Havard paid $17 for the Legos. He later returned the Legos to the store, getting a cash refund or store credit for $200. Profit: $183. He’d then go back and buy two more expensive boxes for $17 each. Profit: $366. Investment: $17, plus the printer and sticky paper.

Havard’s research revealed that Target wouldn’t investigate until the sixth return, so he would do the con a total of five times in his own name, then use a fake drivers license and do it five times in another name. He then pulled in other people to repeat his performance five times each in various names, also using fake identities. After calculating how many Target stores were in the Dallas-Fort Worth region, he sent out his minions with handfuls of forged bar code stickers.

Havard was making up to $15,000 a day from the scam, according to the Observer. From there he graduated into credit card scams. And others:

He and a buddy started cruising the parking lots at NorthPark, looking for expensive SUVs loaded with fancy accessories like front grilles. They’d write down the license plate numbers, drive home and look up the addresses of the owners on the Internet. Late at night, they’d drive by the houses, steal the grilles and sell them on eBay.

It’s all quite a tale. Phishing in Leeds was perhaps the easiest scam Havard ever did.

More On Camera Phones As Bar Scanners

Here’s more on a subject I looked at in December (and then promptly forgot about): Using your camera phone as a bar code scanner. Wired says there are at least four software companies that have released applications that let you take a photo of a bar code, which will then trigger the download of coupons, reviews and other information about that product.

Not a bad idea. As the article points out, most phones have inbuilt browsers, so in theory it’s possible to check out competing prices and more information about a product you’re looking at. But who actually does that?

This is what the folk at trendwatching.com call SEE-HEAR-BUY: “the capability to buy everything you see or hear, wherever you are.”

Wired also takes a glimpse at the bit that worries me: The destruction of the small time retailer. If people are just wandering into shops, taking a snap of a product and then wandering off again, how helpful is that going to be to their business? Either they ban camera phones in their shops, or they try to find a way to make it work for them, perhaps by creating ways to make alternative recommendations for a product the customer is viewing. And of course, the edge the bricks and mortar folk have always had: Their extensive knowledge, onsite, online and delivered in human packaging.

News: Barcodes Fight Back

 I love this idea. The New York Times reports that James Patten, a graduate student in the Massachusetts Institute of Technology’s Media Lab, has come up with a digital tool that can scan the bar code printed on nearly any product, and indicate whether its corporate pedigree is blemished. The Corporate Fallout Detector “combines a bar-code reader with an internal database of pollution complaints and ethics violations packed in a casing resembling a cold-war-era Geiger counter”.
Marc Smith, a research sociologist at Microsoft, has meanwhile “been developing a similar device, combining a bar-code scanner, a hand-held computer and wireless Internet access. In a grocery store near a cafe that was promoting a Wi-Fi hot spot, he tested a box of cereal by scanning the bar code and letting the computer nose around on the Internet. It turned out that the cereal had been recalled because its label failed to mention the presence of nuts, a potential hazard to people with allergies.”
Both great ideas, but why stop there. You could use barcodes — or their more powerful successors, RFID tags — to hook up with data such as other consumer comments, cheaper products elsewhere, or whatever. Suddenly the tags and barcodes that empower retailers may end up empowering the consumer…

Column addon: RFID

  Further to my column in today’s FEER (subscription required) about the possibilities and pitfalls of Radio Frequency Identification, or RFID, here’s the full text of answers from Alan Melling, Symbol Technology’s Senior Director, of EPC Solutions.
What are the real benefits of this technology? 
Without a doubt, the ability to achieve 100 percent real-time asset visibility without the cost of human intervention to perform tracking activities. This visibility and the information it generates translates directly into supply chain efficiencies – such as lower stock-out rates and fewer rush orders – that go directly to both the top and bottom lines of traditional retailers.

Inventory tracking/retail behaviour/product theft/non-retail fields?
Inventory tracking at the pallet and carton level are almost certain to be the applications that “prime the pump” for RFID in retail. There are a lot fewer pallets than individual items, less cost sensitivity – and pallets have no privacy concerns.
Once the tags make it to the item level, their primary function will still be for inventory control – quickly detecting that a particular brand of shampoo is out of stock, for example.
However, the technology can also be used in the store for theft detection and identifying shopping patterns, but consumers will first need to be educated on the benefits TO THEM of the technology when used this way. For example, if RFID could be used to let you know when you pass your favorite brand of peanut butter in the supermarket aisle, and it is on sale, would that perceived as plus? For some consumers yes, and for others no. The key to success will be to put the control where its belongs – in the hands of the consumer.

What’s your view on privacy concerns about RFID? 
Privacy is a very real issue. To a certain extent the fears expressed to date are somewhat overblown – the technology simply does not support doomsday scenarios such as the government scanning the books you just purchased from a truck in the street – the tags just are not capable of it. What is very real, however, is every consumer’s right to understand and be comfortable with technologies applied to products they may buy. Everyone involved in the RFID industry understands and respects this – which is why the most popular tags – EPC tags – have an in-built “Kill” command that can and will be used to render them inoperative before they leave the store.
Are there issues which have not been addressed?
There are many issues that are still in the process of being addressed. Standards need to be finalized, costs need to come down further, reading equipment and systems need to be made more reliable, more RFID software solutions need to be developed, and privacy concerns need to be addressed to name a few. However, with the emergence of a strong new standard for retail and supply chain applications – EPC (Electronic Product Code) – the general tone of converstion has switched from “if” to “when” the technology will make its mark in retail. There is a general sense that the remaining issues are all very solveable, and that it just a matter of time.
How do you see the future of this technology?
The future of RFID in retail and supply chain applications is a bright one, but one that will perhaps be slower and more incremental in approach than many suppose today. In particular, some have positioned RFID as an immediate “replacement” for bar code. The reality is that it is not designed as a one-for-one bar code replacement – it does more than a bar code, but also costs more than a bar code. The companies that benefit from RFID will be those that successfully integrate RFID and bar code technologies – using each where it is the most cost effective.
Almost certainly, the first broad applicatiions of RFID will be in the backroom of stores and distribution centers – on relatively unglamorous items such as pallets, crates, cartons, and plastic containers. Over time it will become more visible on individual items on the retail floor, but this will take time – years – and will require that concerns about privacy are effectively addressed.