Tag: scam

Lithuanian phishes two big US tech companies

A 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million.

According to the US Department of Justice, Rimasauskas  masqueraded as a prominent Asian hardware manufacturer and tricked employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries.

What is amazing about this rather bog standard phishing scam is how much cash he walked away with and the fact it was the IT industry, which should have known better.

The indictment does not name and shame the companies.  The first company is “multinational technology company, specializing in internet-related services and products, with headquarters in the United States”. The second company is a “multinational corporation providing online social media and networking services”.

Both apparently worked with the same “Asia-based manufacturer of computer hardware,” a supplier that the documents indicate was founded some time in the late ’80s.

Representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money.

Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted — each charge of wire fraud and laundering carries a max sentence of 20 years.


Nigerian scammers switch to malware

explicit_nigerian_scamsNigerian 419 scammers are moving out of targeting the terminally stupid and are coming up with malware schemes that are making them a bundle.

FireEye researchers Erye Hernandez, Daniel Regalado, and Nart Villeneuv claim scammers  are now targeting users with exploit tools and keyloggers, and are breaking into legitimate business email transactions to con buyers and sellers.

In a report “An Inside Look into the World of Nigerian Scammers” FireEye said that it discovered an active operation of a group of cybercriminals involved in multiple executions of the payment diversion scam.

“The group is composed of loosely organised individuals who use basic, but effective, tools to defraud their victims of thousands of dollars.”

So far, 2,328 victims in 54 countries have been hit. Small to medium businesses in Asia are considered soft targets because they are non-native English speakers and can’t spot the terrible spelling.

The criminals will pay $3,600 for malware tools including encryptors, builders, remote access trojans, and various info-stealers, using the tools to conn users out of cash ranging from thousands to possibly millions of dollars.

FireEye examined one Nigerian collective of at least four individuals who shared a single command and control server.

They used the popular Microsoft Word Intruder tool, and keyloggers HawkEye and KeyBase, buying the MWISTAT builder to track the effectiveness of their campaigns.

The scammers gain access on an email account and identify threads regarding business transactions. They then create spoof threads contacting buyers and sellers in a bid to obtain financial data.

Sites like Alibaba are used to identify victims residing in countries in which they have bank accounts.

Most of the hacks are through booby trapped Word documents masquerading as the kind of tailored customer inquiry a business would routinely receive and open. It is a step up from the 419 scams at least.

Courts deliver knockout blow to copyright trolls

A federal appeals court has killed off a copyright takedown scam aimed at pornography downloaders which was being run by AF Holdings, an arm of copyright troll Prenda Law.

AF hit on an idea that it would ask an ISP for IP addresses thousands of downloaders, once it had the list it would contact the account holders and threaten expensive litigation if they do not settle promptly. Faced with the prospect of hiring an attorney, often in a distant court, most subscribers-including those who may have done nothing wrong-will choose to settle rather than fight.

Circuit Judge David Tatel, writing for United States Court of Appeals for the District of Columbia Circuit, called the lawsuit “a quintessential example of Prenda Law’s modus operandi” in reversing a lower court ruling that would have forced a half-dozen ISPs to identify account holders associated with 1,058 IP addresses.

The Electronic Frontier Foundation has welcomed the ruling. EFF Staff Attorney Mitch Stoltz said. “For the defendants, it will come down to risking being named in a lawsuit over a pornographic movie, or settling for less than the cost of hiring an attorney. As a matter of law and basic fairness, a copyright plaintiff needs to show that its case is on solid ground before putting hundreds of Internet users into that kind of bind.”

AF Holdings has never actually brought a copyright case to trial, yet is reported to have “earned” $15 million over three years using the scheme.

The court’s reversal was based on an inability to demonstrate that more than a handful of 1,058 individuals it sought to identify even lived in the District of Columbia.

Cox, AT&T, and Bright House each stated that they had no subscribers at all in the District of Columbia; indeed, they do not even offer service here. AF Holdings could not possibly have had a good faith belief that it could successfully sue the overwhelming majority of the 1,058 John Doe defendants in this district.

The court also ruled that seeking the identities as part of a single lawsuit was impermissible because there was no reason to believe that the targets acted together.

EFF said that the decision is “a crushing blow for copyright trolls”.

Mother and daughter jailed for internet dating scam

A mother and daughter used an internet dating scam to diddle $1.1 million from people who thought they were helping lonely soldiers.

According to the Huffington Post, Denver-based Karen Vasseur, 63, and daughter Tracy, 42, have been jailed for 27 years.

The court heard how they would pretend to be soldiers looking for love and duped 374 victims in the US and 40 other countries.

Colorado Attorney General John Suthers said that they not only broke people’s bank accounts they “also broke hearts”.

Both women pleaded guilty when arrested last year. Tracy faces 15 years while her mum was given a 12-year sentence.

However, Tracy Vasseur received an additional four years for trying to gain control of her children’s inheritance, and for “attempting to influence a public servant”.

They were not the only ones in the scam, but others who were involved have not been caught yet.

The tactic was to target potentially vulnerable people on popular social media sites or dating services. They would pretend that they were in the US military and short of cash.

When a victim offered to help they were instructed to transfer funds to the two women who posed as “military agents”. One payment was for $59,000.

Most of the cash was spirited away to accomplices in Nigeria, but also to individuals in the UK, India, UAE and Ecuador. 

Spam scammers ape Venezuelan Chavez's buddies

Con artists immediately began tailoring mass mailouts around the death of Venezuelan president Hugo Chavez when the news broke, according to a report from Kaspersky Lab.

As soon as Chavez died, scammers started thinking of ways to exploit his death. In one instance, Kaspersky found someone claiming to be a Venezuelan official looking to recover money after sellign diesel fuel to South Sudan. Kaspersky said the first emails didn’t offer a reward – but later on, when interest was picqued, the spammer would discuss “cash”.

In another case, scammers pretended to be emailing on behalf of the head of Chavez’ security detail. The line of logic was that this trusted friend of Chavez – who does not exist – was keeping a fortune safe in the bank for Chavez’s secret lover – and this is where you help.

Recipients were told they could have 25 percent of the secret treasures for transferring the cash out of the country.

Elsewhere in its latest spam report, Kaspersky found that the US and China were battling for the questionable honour of biggest spammers – but in March, China won out, sending out a quarter of all junk email.  The US, however, set off most email antivirus alarms for the month, taking 13.6 percent of the share. Altogether, China and the US produced 43 percent of spam.

Phishing doubled over February, with social networks still the most effective model for snagging passwords. 

Forget AV. Locking up cyber-crims more effective

Researchers at the University of Cambridge have suggested that it would be much better for the UK to use the cash it spends on AV software on more resources to policing the internet instead.

The ‘Measuring the cost of cybercrime’ study by an international team of scientists led by the University of Cambridge found that the UK spends $1 billion on attack prevention and clean-up, including $170 million on antivirus. However the government only spends $15 million to internet law enforcement to finger the collar of hackers.

British people lose ten times that amount to the cybercriminals so it seems a bit light, the group argues.

Lead author Ross Anderson, professor of security engineering at the University of Cambridge’s Computer Laboratory wrote that some police forces believe the problem is too large to tackle.

But the reality is that there are just a small number of gangs which lie behind many incidents.

It would be far more effective to identify the gangs and lock them up than it would be to tell the public to fit an anti-phishing toolbar or purchase antivirus software, he report said.

Professor Anderson and his team will present their findings in four days at the Workshop on the Economics of Information Security in Berlin, Germany. But the preliminary comment can be found here. 

Fake AV scammers dialed the wrong number

One of those fake AV scammers who pose as Microsoft agents probably wished they had checked who they were calling when they phoned a security researcher at home.

According to Dark Readingthey called Sourcefire security researcher Noah Magram and claimed they were working for Microsoft – and that Magram’s computer had been sending multiple error messages to the software company and he must have some viruses and malware.

Magram wondered if he could see what their script was and see if he could find what techniques they used.

Magram says the agent on other end of the line was clueless and didn’t stray far from his script.

Magram pretended to be pulling up the event viewer on his Windows machine.

When he said he saw a couple of warnings and errors in his event viewer, a new agent came on the phone.

He urged Magram to install a remote administration tool so the agent could get a closer look at the “problem”.

So he started up a VMware virtual machine on his Windows PC and he gave them an environment they could play in while every movement could be recorded.

But they seem to had forgotten by that point that they were not Microsoft. The site they told him to visit was not Vole’s.

Magram “agreed” to a one-year subscription for a one-time $50 fee, and they pushed him a webpage using a legitimate card processing service. He typed in a test number, which rejected the transaction.

They started disabling all Windows services and said that if Magram did not renew his subscription they couldn’t be “held responsible for what happens next”.

The agent said that they were disabling malware but it was a list of Windows services.

He started to dismantle the VMware and when asked what that was the engineer, identifying himself as Victor, claimed it was malware.

Victor rebooted the machine under safe mode while the agent on the line warned that there was so much malware on the machine that they wouldn’t be responsible for what happened next. Magram knew that Victor’s actions would disable the system altogether after a reboot, but the scammers apparently were trying one last-ditch effort to get him to cough up some cash.

When he told the scammers that they were on a VM, and he was a security expert who had been stringing them along, they quickly hung up.

Magram said the approach was “so stone age” and they were using legitimate RAT tools and an unprofessional and shaky script.

Magram was able to root out that their company’s physical address, if legit, was in Utah. But he doubted that was where they were calling from.

Why he did not try and counter hack them and find out exactly where they were from we don’t know.

There is a video of the whole thing here:



Microsoft prophet gets two years jail

Microsoft prophet and soothsayer Randal Ray Seal has been jailed for two years after he was caught nicking more than a million dollars from the Vole.

Seal was supposed to look at the accounts at Vole and predict how things would go. According to AP, Seal, 54, of Shoreline, discovered a few features in the Microsoft’s system for paying vendors and diverted the cash to himself.

According to court records, Microsoft discovered the missing funds in 2009 after Seal had left the Volehill.

Seal has repaid $515,375 to Microsoft and was told by US District Court Judge James Robart to come up with another $550,380, presumably by looking down the back of his sofa.

The Judge told Seal that accountants need to learn that this kind of money laundering and fraud is not going to be permitted and the accountants of the world can end up going to jail because of it.

We are not quite sure that is right. In the US, banks who stuffed up the world in the mortgages fiasco were actually rewarded with huge piles of tax holder cash, so perhaps Seal was hoping the government might bail him out.

Seal pleaded guilty to one count of money laundering. His job at Microsoft included transmitting vendor payment information to Microsoft’s bank. He exploited a feature in Microsoft’s accounts payable procedure that allowed him to redirect funds to a bank account in the name of Seal’s dead Mum.

When Vole discovered the scheme, it reported it to the FBI. When the feds knocked on his door, Seal said he was sorry and said he wanted to repay the money. 

Court mulls if government can force you to decrypt your password

A woman accused of a mortgage scam is proving a test case to see if it is unconstitutional for the US government to punish its citizens for refusing to disclose their encryption codes.

According to CNET, the government has a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop after she refused.

It has yet to be decided if such a demand breaks the US Constitution’s Fifth Amendment, which allows Americans to shut up if they are charged. 

Fricosu’s brief, Philip Dubois, said defendants can’t be constitutionally obligated to help the government interpret their files.

The US Justice Department claims that the court order represents a simple extension of prosecutors’ long-standing ability to assemble information that could become evidence during a trial.

Failing to compel, Fricosu amounts to a concession that criminals can just encrypt files to beat coppers.

Prosecutors point out that Fricosu would be permitted to type it in and unlock the files without anyone looking over her shoulder. They only want the decrypted data and are not demanding “the password to the drive, either orally or in written form.”

Civil rights groups say that Americans can’t be forced to give “compelled testimonial communications” and want the legal shield of the Fifth Amendment to cover encryption passphrases.

The Electronic Frontier Foundation argues that the Justice Department’s request needs to be rejected because of the Fifth Amendment rights which says “no person…shall be compelled in any criminal case to be a witness against himself.” 

LCD display makers sued again

Toshiba, Sharp and 13 other makers of liquid-crystal displays have been sued by PC retailers Richard & Son and Pontiac which is furious about the outfits price fixing confessions.

Seven of the defendants have admitted to participating in the conspiracy and paid millions of dollars in criminal fines, however it looks like problems are just beginning for the outfits.

Best Buy has already sued the display makers and others are likely to join in.  While the manufacturers might have paid their fines to various government regulators, it appears that the retailers are cross that they are still out of pocket.

The Richard and Son suit claims that starting from 1996, the companies “met in person or communicated by other means to agree on LCD product prices and the amount of LCD products each would produce.”

The good thing about the Richard and Son case is that they do not really have to prove anything, as most of the players in the price fixing cartel have already put their hands up to doing it.

So far there has been no comment about the lawsuit from anyone, although Bloomberg has been trying .

What must be worrying Samsung investors, is that the outfit is involved in another price fixing scam which means it could be sued again.