Tag Archives: Crimes

Former Soviet Bloc, Allies, Under Lurid Attack

Trend Micro researchers David Sancho and Nart Villeneuve have written up an interesting attack they’ve dubbed LURID on diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in the former Soviet bloc and its allies. (Only China was not a Soviet bloc member or ally in the list, and it was the least affected by the attack.)

Although they don’t say, or speculate, about the attacker, it’s not hard to conclude who might be particularly interested in what the attacks are able to dig up:

Although our research didn’t reveal precisely which data was being targeted, we were able to determine that, in some cases, the attackers attempted to steal specific documents and spreadsheets.

Russia had 1,063 IP addresses hit in the attacks; Kazakhstan, 325; Ukraine, 102; Vietnam, 93; Uzbekistan; 88; Belarus, 67; India, 66; Kyrgyzstan, 49; Mongolia, 42; and China, 39.

The campaign has been going for at least a year, and has infected some 1,465 computers in 61 countries with more than 300 targeted attacks.

Dark Reading quotes Jamz Yaneza, a research director at Trend Micro, as saying it’s probably a case of industrial espionage. But who by? ”This seems to be a notable attack in that respect: It doesn’t target Western countries or states. It seems to be the reverse this time,” Yaneza says.

Other tidbits from the Dark Reading report: Definitely not out of Russia, according to Yaneza. David Perry, global director of education at Trend Micro, says could be out of China or U.S., but no evidence of either. So it could be either hacktivists or industrial espionage. Yaneza says attackers stole Word files and spreadsheets, not financial information. “A lot of the targets seemed to be government-based,” he says.

My tuppennies’ worth? Seems unlikely to be hactivists, at least the type we think of. This was a concerted campaign, specifically aimed to get certain documents. Much more likely to be either industrial espionage or pure espionage. Which means we might have reached the stage where groups of hackers are conducting these attacks because a market exists for the product retrieved. Or had we already gotten there, and just not known it?

Either way, Russia and its former allies are now in the crosshairs.

More reading:

Massive malware attacks uncovered in former USSR | thinq_

Cyberspy attacks targeting Russians traced back to UK and US • The Register

The Big Ring

Good piece today by my WSJ colleague Cassell Bryan-Low on the Douglas Havard case which I mentioned a week or so back: As Identity Theft Moves Online, Crime Rings Mimic Big Business (subscription only, I suspect):

Most identity theft still occurs offline, through stolen cards or rings of rogue waiters and shop clerks in cahoots with credit-card forgers. But as Carderplanet shows, the Web offers criminals more efficient tools to harvest personal data and to communicate easily with large groups on multiple continents. The big change behind the expansion of identity theft, law-enforcement agencies say, is the growth of online scams.

Police are finding well-run, hierarchical groups that are structured like businesses. With names such as Carderplanet, Darkprofits and Shadowcrew, these sites act as online bazaars for stolen personal information. The sites are often password-protected and ask new members to prove their criminal credentials by offering samples of stolen data.

Shadowcrew members stole more than $4 million between August 2002 and October 2004, according to an indictment of 19 of the site’s members returned last October by a federal grand jury in Newark, N.J. The organization comprised some 4,000 members who traded at least 1.5 million stolen credit-card numbers, the indictment says.

The organizations often are dominated by Eastern European and Russian members. With their abundance of technical skills and dearth of jobs, police say, those countries provide a rich breeding ground for identity thieves. One of Carderplanet’s founders was an accomplished Ukrainian hacker who went by the online alias “Script,” a law-enforcement official says. As with many of its peers, the Carderplanet site was mainly in Russian but had a dedicated forum for English speakers.

Well worth a read as it details how Havard’s UK operation worked.

A Glimpse Of A Tentacle From The Phishing Monster

Gradually the tentacles of the Russian gangs behind phishing are appearing. But we still have no idea how it really works, and how big the beast is.

The Boston Herald reports today on the arraignment of a “suspected Russian mobster” on multiple counts of identity fraud, having allegedly obtained personal information from more than 100 victims by phishing emails.

Andrew Schwarmkoff, 28, was ordered held on $100,000 cash bail after being arraigned in Brighton District Court on multiple counts of credit card fraud, identity fraud, larceny and receiving stolen property. He is also wanted in Georgia on similar charges, and is being investigated in New Jersey.

What’s interesting is that clearly phishing is tied in, as if we didn’t know, with broader financial fraud. Schwarmkoff — if that is his real name, since investigators are unsure if they have even positively identified him — was found with “$200,000 worth of stolen merchandise, high-tech computer and credit card scanning equipment, more than 100 ID cards with fraudulently obtained information and nearly $15,000 in cash,” the Herald says.

That would at least indicate that phishing is not just an isolated occupation, and that the data obtained is not necessarily just used to empty bank accounts, but to make counterfeit cards, ID cards and all sorts of stuff. What’s also clear is that the Russians (or maybe we should say folk from the former Soviet Union states) are doing this big time. The Herald quotes sources as saying “Schwarmkoff is a member of the Russian mob and has admitted entering the country illegally. “We know some things that we don’t want to comment about,” a source said, “but he’s big time.”

Schwarmkoff, needless to say, isn’t talking. “‘Would you?’ the Herald quotes the source as saying. “Schwarmkoff,” the Herald quotes him as saying, “is more content to sit in jail than risk the consequences of ratting out the Russian mob.” That probably tells us all we need to know.

Police Now A Phisher’s Target?

Wiltshire’s finest are now onto phishing scams, thanks to the head of the county’s fraud squad receiving one himself.

World Entertainment News Network (no URL available) Sunday quoted Detective Inspector Paul Ginger of the Wiltshire police as saying : “I was amazed to receive one of these messages on my work email”, adding: “You have to admire their cheek but it just goes to show that no one is safe. Let’s make sure that nobody in Swindon or Wiltshire becomes a victim of these scams.” He does not say whether he fell for the scam.

And, in a pithy statement that pretty much sums up the advice folk should be giving out to would-be victims: “The police said that no bank or company would ask for these details as they already had them.”

Meet The Mule, Or Correspondence Manager

Here’s how Russians and other scammers are getting their illicit gains back home.

The BBC website reports on a scam where (probably Russian) scammers are posting job ads claiming to be charities looking for people to forward donations made by hi-tech firms. Those responding to the job ads — usually for something like a “correspondence manager” — are then used as mules to forward goods probably obtained through fraudulent credit card usage online.

The BBC says this “re-shipping” or “correspondence manager” con has been seen in the US and is included in the FBI’s ongoing Operation Cybersweep investigation that targets hi-tech crimes. In some cases, the BBC says, the bank accounts of those who fall for the job ads are used to funnel cash from auction sales of stolen goods to the criminals.

The reason for all this? Many online commerce sites are reluctant to ship to Eastern Europe and Russia because of fraud. (The same thing has been true for the past couple of years in places like Indonesia, where many sites simply do not accept business from. In these cases, fraudsters would simply cite their normal address, but with a different country, hoping the outlet would not be smart enough to figure it out, and the courier would be , and then forward it to the right country. It usually worked.)

News: ID Theft Is A Problem. It’s Official

 The Federal Trade Commission is now wise to the reality: identity theft is a problem. Nearly one in eight U.S. adults has had their credit card hijacked, identity co-opted or credit rating pockmarked by identity thieves over the past five years, Reuters quoted the Federal Trade Commission as saying. The FTC surveyed some 4,000 adults this spring to come up with the most comprehensive picture yet of the fast-growing crime.
 
Amid the grim statistics, the agency found a silver lining: After nearly doubling for two to three years, new incidents of identity theft are growing more slowly and tend to involve less money. That’s because banks are wising up to the problem, making it more difficult for scam artists to set up fraudulent credit cards, and consumers are spotting suspicious activity on their accounts earlier, said Howard Beales, director of the FTC’s consumer-protection division.