Tag Archives: Moscow

Using LinkedIn to Research Spies Like Us

image

Several of the 11 alleged Russian spies leave interesting imprints on LinkedIn, suggesting rewarding pickings for journalists.

Donald Heathfield, for example, had 74 connections.

His specialities sound like they could equally applied to espionage:

Comprehensive management of Risks and Uncertainties, Anticipatory Leadership, Building of Future Scenarios, Development and Execution of Future Strategies, Capture of Strategic Opportunities, Global Account Management

Amusing to hear the recommendations:

“Refreshing to work with him as he puts complexe initiatives together that always fits with the end goal that was laid out as our objective.” November 3, 2008

Gerard Bridi, President, Accor Services WiredCommute
was with another company when working with Don at Future Map

“Working with Don is very enjoyable. He has a pleasant style, whilst always acting professionally. Very results and solutions focused. He does not get flustered when problems occur, patiently facilitating teams to craft a way through to their end goal.” November 2, 2008

Top qualities: Great Results, Personable, Expert

image

Tracey Foley (Ann Foley), Heathfield’s wife, doesn’t have so many connections (20) but she’s a member of many groups—including four French related one and a Singapore group one. We know that Heathfield had connections in Singapore and Jakarta. Something to explore there?

Michael Zottoli appears to have a LinkedIn account, but only 10 connections and hasn’t updated it since his move from Seattle to Virginia. Patricia Mills, his wife, doesn’t seem to have a LinkedIn account.

Mikhail Semenko had 124 connections, a twitter account (10 followers, 3 tweets) and a blog about China (one post talks about the need for greater Russia China cooperation).

Richard/Cynthia Murphy NJ. Cynthia has 98 connections on LinkedIn and is a member of three groups. Christopher Metsos has no LinkedIn page that I could find.

Anna Chapman’s public profile seems to have been removed. But her main profile is still active, (you can also find it here.) and indeed, her company, PropertyFinder Ltd, has a similar name to Ann Foley’s public LinkedIn profile page: homefinder. A link there, maybe?

Her twitter feed stops abruptly on June 26 at 4.46 am (and yet wasn’t arrested until June 28. I guess she took the weekend off.) She was following a lot more people than were following her (687 vs 277, but she was really only just getting going: After tweeting first on March 13, she didn’t do much until June 16, after which she was tweeting every few hours. Could something have prompted her into more frequent updates?)

She also has a number of recommendations, from Said Abdullaev, a VP of Moscow-based Fortis Investments, who offered this:

“Anna’s entrepreneurial flair does not cease to amaze me, she sees opportunities in places were most would not think to look, and she makes them work.” November 24, 2009

More on Veronica and Fake Flirting

Courtesy of ABC Australia IT guru Paul Wallbank, the source of my chat with Veronica Sexy may have been discovered: an automated sex talk service called CyberLover.ru. Paul points to this story from Conor Sweeney of Moscow’s Reuters bureau:

A Russian website called CyberLover.ru is advertising a software tool that, it says, can simulate flirtatious chatroom exchanges. It boasts that it can chat up as many as 10 women at the same time and persuade them to hand over phone numbers.

The service, on the surface, appears aimed at guys who aren’t able to win over girls online any other way: “It’s happened – a program to tempt girls over the internet!” Reuters quotes the site as claiming. “Within half an hour the CyberLover program will introduce you to … girls, exchange photos and perhaps even a contact phone number,” it states. Woohoo. 

But is that all it does? Antivirus and software developer PC Tools says it’s much more dangerous than that. “As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” a company press release quotes Sergei Shevchenko, Senior Malware Analyst, as saying. “It employs highly intelligent and customized dialogue to target users of social networking systems.” The goal, Sergei says: to gather personal information about users and also to lure them to websites, possibly to infect them with malware (a generic terms for software that infects their computer which can then be used as what is called a bot to grab data, infect other computers or send spam.) That doesn’t sound like the Veronica I know. 

The website itself denies this, according to the Reuters report. “The program can find no more information than the user is prepared to provide,” one of the site’s employees, who gave his name only as Alexander, said in an emailed reply to Reuters questions. “It maintains a dialogue with a person, but is not engaged in hacking or any other such schemes, I think this should be obvious,” he said.

Well, there’s hacking, and there’s other stuff that comes close to it. The company or individual behind this product appears to be the same as that which runs Botmaster.Net, both of which are registered to one Alexander Ryabchenko. Botmaster sells a $450 piece of software called Xrumer, which spams websites, forums and blogs to build up a website’s profile on search engines (it claims to get past CAPTCHA screens, where users are asked to identify letters in images.) Given the name of the website is botmaster you can’t help wondering what else it does. 

So was Veronica Sexy an early prototype of of CyberLover? Well, they’re both run by Russians, but beyond that it’s not clear. I hope to find out more. What is clear, though is that SkyperSex, the website Veronica was trying to lure me to, is an affiliate of Streamray, a sex website that is one of several just bought by Penthouse Media as part of its purchase of Various Inc (for $500 million). It should make for an interesting bit of research. 

Oh, and if you’re looking for automated online chat that’s a bit more real, check out My CyberTwin.

Russian computer program fakes chatroom flirting – Yahoo! News

Meet Veronica, Sexy Skype Spammer

image

Maybe this is commonplace for others, but I’ve just got my first sex-chat-spam on Skype. It’s from someone called Veronica Sexy, whose profile indicates that it’s unlikely to be someone I’ve met and just forgotten about (as if I would):

image

Just in case you can’t read that last bit, it reads:

can’t wait to get real nasty and show off 🙂 IM REAL MISS WEB CAM!

Reply to the message and immediately you’re asked to share your contact details (a la Skype.) I didn’t risk having Veronica spam all my friends (not sure how that would work, but I’ve got some nice people on my list, and I’d hate for them to be upset.) But I did reply to her message, and her responses were quick, and, dare I say it, felt a trifle automated:

[8:53:55 AM] Veronica sexy says: Hi are U busy?
[9:03:43 AM] Jeremy Wagstaff says: hi
[9:03:50 AM] Veronica sexy says: How are u ?
[9:04:30 AM] Jeremy Wagstaff says: i’m great. who are you?
[9:04:31 AM] Veronica sexy says: I would love to chat with you, come on http://www.SkyperSex.com !!!

[9:04:36 AM] Jeremy Wagstaff says: no thanks
[9:04:37 AM] Veronica sexy says: I would love to chat with you, come on http://www.SkyperSex.com !!!

[9:04:45 AM] Jeremy Wagstaff says: i’m a bit busy. really
[9:04:47 AM] Veronica sexy says: My internet connection  is very bad come on http://www.SkyperSex.com !!!

[9:04:54 AM] Jeremy Wagstaff says: my internet connection is great!

That was the last I head of Veronica, although her scent lingers on.

The web address, by the way, is pretty much what you expect it will be — lots of alleged clips of ladies cavorting. The administrator of the website is one Alexandrof Tiberiu in Moscow, who also owns www.yourlivecams.com.

I guess what’s interesting here is that Skype don’t seem to do much policing of this kind of thing. This could be a sex site spam, or it could be something worse.

(If you want to prevent Veronica getting in touch with you, go into Skype options, Privacy settings, and click on the Show Advanced Options button. Make sure the Allow chats from… option is only people in my Contact List:

image

Chances are Veronica won’t come calling. Frankly, your life won’t be the poorer for it.

Technorati Tags: , , , , ,

Fraud For Sale

Online fraud and other forms of Internet crime is a business, openly sold over the Internet.
 
British-based Internet security company Netcraft says they’re receiving spam advertising dozens of “fraud hosting” websites that offer services and gather together those interested in such pursuits. Unsurprisingly, perhaps, most are Russian. But not all.
 
Carderportal.com resolves to Netfirms, a hosting service based in Toronto. Netcraft says carder.org “was also hosted in North America” but has since had its record removed.

What’s interesting, apparently, is how brazenly mainstream companies are hosting these sites. Nethouse in St. Petersburg “houses stalk.ru, majordomo.ru and mazafaka.ru. Nethouse, which brands its hosting unit as Majordomo.ru, is housed within the data center of Runnet, the third-largest Russian hosting provider with 11.5K hostnames,” Netcraft says.

Not all are active. One, MaZaFaKa.Ru (unless I’m much mistaken, saying it out loud gives a good idea of the reason behind the name; the website’s motto is ‘Network Terrorism’ and its copyright text is, er, nonstandard), offers everything from cracks (usually code that has broken past the anti-piracy controls on software) to scripts, viruses and other nasties. It also lists the ‘last hacked sites’ — presumably websites that its members have managed to break into — many of which are Russian. (The message left on the hacked sites is anti-US involvement in Iraq.) It even contains the original Netcraft posting on its site. Unfortunately I’m not a Russian speaker so I can’t explore more.

Agava Software Network in Moscow, Netcraft says, hosted the “Russian Carder Clan” site at carderclan.net (195.161.118.168), which ran on a shared server at Agava.net. The site has recently been taken offline, as has Carderportal.org (81.176.64.102) at epolis.ru, which also resided at Agava. Agava ”specializes in the offshore custom software development and provides the off-site consulting, development, and testing services”, and lists among its projects WebCelerator, software to speed up surfing.

Here’s a list of the domains advertised, according to Netcraft: carder.org, carderclan.net, carderportal.com, carderportal.org, the cc.ru, mazafaka.ru, lncrew.com, majordomo.ru and agava.com. Register at one of them and you can expect to be offered “Spam Hosting – from 20$ per mounth, Fraud Hosting – from 30$ per mounth, Stolen Credit Cards, Fake ID, DL’s, Spam For free (with a limited time period)”.

Here’s another one that Netcraft didn’t mention: Asechka.ru, which has recently sent spam advertising its ‘fraud and carders site’: “On our site and board you are find: Bulk, Spam and Fraud Hosting, Stolen Credit Cards for Sale, Stolen Dumps of cardholder’s for Sale, Children Porno, Sex, Erotic films…. WE ACCEPT: Western Union, WebMoney, E-GOLD.”

I’m seeking comment from some of these sites.