- Email: [email protected]
Dutch police snare 419 scammers
NEWS
Editorial office: Elsevier Ltd PO Box 150 Kidlington, Oxford OX5 1AS, United Kingdom Tel:+44 (0)1865 843695 Fax: +44 (0)1865 843971 E-mail: [email protected] Editor: Sarah Hilley Editorial Advisors: Silvano Ongetta, Italy; Chris Amery, UK; Jan Eloff, South Africa; Hans Gliss, Germany; David Herson, UK; P. Kraaibeek, Germany; Wayne Madsen, Virginia, USA; Belden Menkus, Tennessee, USA; Bill Murray, Connecticut, USA; Donn B. Parker, California, USA; Peter Sommer, UK; Mark Tantam, UK; Peter Thingsted, Denmark; Hank Wolfe, New Zealand; Charles Cresson Wood, USA; Bill J. Caelli, Australia Production/Design Controller: Russell Purdy Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, email: permissions@elsevier. com. You may also contact Global Rights directly through Elsevier’s home page (http:// www.elsevier.com), selecting first ‘Support & contact’, then ‘Copyright & permission’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (+1) (978) 7508400, fax: (+1) (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) (0) 20 7631 5555; fax: (+44) (0) 20 7631 5500. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and e-mail addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by:
Mayfield Press (Oxford) Limited
2
Computer Fraud & Security
Editorial This month saw the BBC (British Broadcasting Corporation) question the validity of Operation Ore – an intensive investigation that saw police forces around the country sift through terabytes of data since 2002. As a result of police work, 2300 people have pleaded guilty to using the nefarious US-based Landslide Inc website and molested children have been found. The broadcaster raised the issue that 2000 suspects could have been falsely labelled child porn users as they may have been– wait for it – credit card theft victims. Surely this is tarnishing a very worthwhile police operation for what seems like an investigation matter. The point of all court cases is to establish whether a suspect is guilty or not – which is what happened during Operation Ore. The police have argued that no one who could possibly have been a victim of credit card is in jail. Even expert witness Peter Sommer who worked on the case dismisses the claims as “unfounded.” The successful outcome of Operation Ore speaks for itself – and the huge effort channelled into it should be commended.
Anti-spam company sues harvesters
A
n anti-spam company has filed a lawsuit under the US CAN SPAM Act in a bid to identify email harvesters behind millions of spam messages.
Project Honey Pot, part of Unspam Technologies LLC, filed the suit in the US District Court in Alexandria, Virginia. The company is representing about 20,000 users of its anti-spam software. Project Honey Pot monitors users’ Web pages for harvesters visiting to steal email addresses for spamming. The Honey Pot records the harvester’s IP address, date and time of visit. It gives the harvester a unique email address hosted within the project’s distributed network. When the unique email receives mail, investigators can correlate people harvesting addresses and spammers. John Doe has been listed as the defendant because Unspam will need the court’s permission to get records of accused harvesters from ISPs.
So far 175 honey pots in Virginia have sent 36, 402 email addresses to identified harvesters around the globe. Unspam has found that John Doe spammers have used 111 harvester IP addresses in Virginia to harvest 848 Project Honey Pot member email addresses. And the John Doe spammers have also allegedly used 20,778 spam server IPs located in Virginia to send 60,143 messages to Project Honey Pot member email addresses. According to reports the leading attorney for Unspam will be Jon Praed, founder of Virginia-based Internet Law Group, who has successfully represented ISPs against spammers in the past. Praed has collected nearly $40 million from spammers on behalf of his clients.
War drivers arrested
T
wo people in the UK have been arrested for war driving in two separate instances.
Residents in Redditch, Worcestershire became suspicious after seeing a man parked in a car nearby. They contacted West Mercia police who arrested and cautioned the man. The wi-fi trespasser was cautioned for dishonestly stealing another user’s network connection without payment. A woman was also arrested for a similar offence earlier in April when her behaviour alerted residents in the early morning. She had put cardboard up around the windows in her car, but they spotted the light of her computer through the back window. Last year, a man from London was fined £500 and sentenced to 12 months conditional discharge for surfing on another user’s wireless broadband connection.
Dutch police snare 419 scammers
D
utch police have arrested five 419 scammers involved in an international ring.
The fraudsters were awaiting extradition to the US at the time of writing where they could face up to 20 years in prison.
May 2007
NEWS The fraudsters, who are being held the Netherlands, could be charged for counts of wire and mail fraud when they reach the US. The scammers allegedly duped victims in the US, Norway, India and Greece with fake promises of riches according to fraud investigation firm Ultrascan. The fraud ring had affiliates in the Netherlands, Belgium, Germany, Greece, Spain, England, France, Italy, Canada and Nigeria and posed as Internet banking security deposit companies. The company said the scam ran from March 2003 and caused losses in the tens of millions of dollars. Ultrascan said arrests couldn’t be guaranteed in all these countries, as law enforcement may not see 419 Advance Fee Fraud as a priority.
The Court acknowledged that the Regulation of Investigatory Powers Act (RIPA), which came into effect in 2000 may have given the monitoring more ground. But the outcome only applies to private use of business systems, while RIPA applies to business use. Copland was awarded €3,000 in damages and £6,000 in costs.
UK Gov fined for employee monitoring by European court
It will be established in Hoover, Alabama and is to be developed by the Secret Service and funded by the National Cyber Security Division. The US Department of Homeland Security (DHS) said in a statement that the level of training for state and local police departments is not consistent. Eighteen full-time US Secret Service agents will teach trainees and staff between the centre. The DHS is pouring $9 million into the new facility while the State of Alabama is investing $3 million. The facility will have high-tech classrooms, a computer forensic lab, and public education exhibit space. The building should be completed by January 2008. However, it is expected that training will start in July of this year. The training will be based on the current US Secret Service curriculum which covers basic electronic crimes investigation, network intrusion investigation and computer forensics. “Today’s high tech environment presents new challenges to law enforcement as cybercriminals exploit computers and the Internet to threaten our banking, financial and critical infrastructures,” said Secret Service Deputy Director Brian Nagel. “As a result, law
T
he European Court of Human Rights has ruled that a publicly funded Welsh college, which monitored an employee’s email, phone and Internet use, had violated her human rights.
Lynette Copland took the case against the UK Government to the European Court claiming her email traffic, Internet usage and telephone calls were monitored by the deputy principal of Carmarthenshire College and other staff. The Government put forward that the monitoring was necessary to discover if Copland was using college resources for excessive personal use. Copland’s case was based on Article 8 of the European Convention on Human Rights. The Court found the Government’s argument “unpersuasive” that the college was authorized to do what was needed. Copland says the snooping took place for about 18 months before November 1999. The college did not have a policy stating employee’s communications could be subject to monitoring.
May 2007
New forensic training unit to debut in US
A
national training unit is to be set up in the US to educate 900 state and local police officers, judges and prosecutors in digital forensics every year. The National Computer Forensic Unit will also provide police with tools.
enforcement has been propelled into technologically non-traditional terrain requiring highly specialised skills and innovative applications of traditional investigative strategies. It is imperative to address the changes in technology by providing training on cyber-investigative techniques and by sharing current expertise among federal, state and local officers.” Alabama Governor Bob Riley said: “This centre…will become America’s institution of excellence in the fight against cybercrimes.”
In brief PURDUE STUDENTS RECORDS REVEALED Students, who studied at Purdue University, have been told their social security numbers and names have been inadvertently published on the Internet. Search engines Yahoo and Google picked up the 175 affected students’ records. The page was reported to the University, which immediately removed it and got the search engines to stop indexing and caching it. TJX FACES BANK LAWSUIT A group of banks is suing TJX Companies to recover the costs of having to issue new credit and debit cards in the wake of the massive hack on the firm. The Massachusetts Bankers Association (MBA) said there has been “dramatic costs” incurred by banks as they try to protect cardholders after the 45 million card breach. INTERNET SNOOPING STOPPED IN GERMANY Intelligence agencies in Germany have halted covert Internet monitoring of suspected criminals’ computers. The German Interior Minister, Wolfgang Schauble, supports Internet snooping but has to wait for a legal judgement on the practice. TEENAGER CHARGED WITH HACKING AOL A teenage boy has been accused of hacking into AOL networks and databases between 24 December, 2006 and 7 April, 2007. The teenager allegedly deployed malware to hijack personal customer records. The New York youth has been charged with accessing systems containing bill records, infecting AOL computers with malware, compromising 49 AOL Instant messenger accounts belonging to the company’s staff and launching a phishing attack against them.
Computer Fraud & Security
3
Editorial office: Elsevier Ltd PO Box 150 Kidlington, Oxford OX5 1AS, United Kingdom Tel:+44 (0)1865 843695 Fax: +44 (0)1865 843971 E-mail: [email protected] Editor: Sarah Hilley Editorial Advisors: Silvano Ongetta, Italy; Chris Amery, UK; Jan Eloff, South Africa; Hans Gliss, Germany; David Herson, UK; P. Kraaibeek, Germany; Wayne Madsen, Virginia, USA; Belden Menkus, Tennessee, USA; Bill Murray, Connecticut, USA; Donn B. Parker, California, USA; Peter Sommer, UK; Mark Tantam, UK; Peter Thingsted, Denmark; Hank Wolfe, New Zealand; Charles Cresson Wood, USA; Bill J. Caelli, Australia Production/Design Controller: Russell Purdy Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, email: permissions@elsevier. com. You may also contact Global Rights directly through Elsevier’s home page (http:// www.elsevier.com), selecting first ‘Support & contact’, then ‘Copyright & permission’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (+1) (978) 7508400, fax: (+1) (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) (0) 20 7631 5555; fax: (+44) (0) 20 7631 5500. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and e-mail addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by:
Mayfield Press (Oxford) Limited
2
Computer Fraud & Security
Editorial This month saw the BBC (British Broadcasting Corporation) question the validity of Operation Ore – an intensive investigation that saw police forces around the country sift through terabytes of data since 2002. As a result of police work, 2300 people have pleaded guilty to using the nefarious US-based Landslide Inc website and molested children have been found. The broadcaster raised the issue that 2000 suspects could have been falsely labelled child porn users as they may have been– wait for it – credit card theft victims. Surely this is tarnishing a very worthwhile police operation for what seems like an investigation matter. The point of all court cases is to establish whether a suspect is guilty or not – which is what happened during Operation Ore. The police have argued that no one who could possibly have been a victim of credit card is in jail. Even expert witness Peter Sommer who worked on the case dismisses the claims as “unfounded.” The successful outcome of Operation Ore speaks for itself – and the huge effort channelled into it should be commended.
Anti-spam company sues harvesters
A
n anti-spam company has filed a lawsuit under the US CAN SPAM Act in a bid to identify email harvesters behind millions of spam messages.
Project Honey Pot, part of Unspam Technologies LLC, filed the suit in the US District Court in Alexandria, Virginia. The company is representing about 20,000 users of its anti-spam software. Project Honey Pot monitors users’ Web pages for harvesters visiting to steal email addresses for spamming. The Honey Pot records the harvester’s IP address, date and time of visit. It gives the harvester a unique email address hosted within the project’s distributed network. When the unique email receives mail, investigators can correlate people harvesting addresses and spammers. John Doe has been listed as the defendant because Unspam will need the court’s permission to get records of accused harvesters from ISPs.
So far 175 honey pots in Virginia have sent 36, 402 email addresses to identified harvesters around the globe. Unspam has found that John Doe spammers have used 111 harvester IP addresses in Virginia to harvest 848 Project Honey Pot member email addresses. And the John Doe spammers have also allegedly used 20,778 spam server IPs located in Virginia to send 60,143 messages to Project Honey Pot member email addresses. According to reports the leading attorney for Unspam will be Jon Praed, founder of Virginia-based Internet Law Group, who has successfully represented ISPs against spammers in the past. Praed has collected nearly $40 million from spammers on behalf of his clients.
War drivers arrested
T
wo people in the UK have been arrested for war driving in two separate instances.
Residents in Redditch, Worcestershire became suspicious after seeing a man parked in a car nearby. They contacted West Mercia police who arrested and cautioned the man. The wi-fi trespasser was cautioned for dishonestly stealing another user’s network connection without payment. A woman was also arrested for a similar offence earlier in April when her behaviour alerted residents in the early morning. She had put cardboard up around the windows in her car, but they spotted the light of her computer through the back window. Last year, a man from London was fined £500 and sentenced to 12 months conditional discharge for surfing on another user’s wireless broadband connection.
Dutch police snare 419 scammers
D
utch police have arrested five 419 scammers involved in an international ring.
The fraudsters were awaiting extradition to the US at the time of writing where they could face up to 20 years in prison.
May 2007
NEWS The fraudsters, who are being held the Netherlands, could be charged for counts of wire and mail fraud when they reach the US. The scammers allegedly duped victims in the US, Norway, India and Greece with fake promises of riches according to fraud investigation firm Ultrascan. The fraud ring had affiliates in the Netherlands, Belgium, Germany, Greece, Spain, England, France, Italy, Canada and Nigeria and posed as Internet banking security deposit companies. The company said the scam ran from March 2003 and caused losses in the tens of millions of dollars. Ultrascan said arrests couldn’t be guaranteed in all these countries, as law enforcement may not see 419 Advance Fee Fraud as a priority.
The Court acknowledged that the Regulation of Investigatory Powers Act (RIPA), which came into effect in 2000 may have given the monitoring more ground. But the outcome only applies to private use of business systems, while RIPA applies to business use. Copland was awarded €3,000 in damages and £6,000 in costs.
UK Gov fined for employee monitoring by European court
It will be established in Hoover, Alabama and is to be developed by the Secret Service and funded by the National Cyber Security Division. The US Department of Homeland Security (DHS) said in a statement that the level of training for state and local police departments is not consistent. Eighteen full-time US Secret Service agents will teach trainees and staff between the centre. The DHS is pouring $9 million into the new facility while the State of Alabama is investing $3 million. The facility will have high-tech classrooms, a computer forensic lab, and public education exhibit space. The building should be completed by January 2008. However, it is expected that training will start in July of this year. The training will be based on the current US Secret Service curriculum which covers basic electronic crimes investigation, network intrusion investigation and computer forensics. “Today’s high tech environment presents new challenges to law enforcement as cybercriminals exploit computers and the Internet to threaten our banking, financial and critical infrastructures,” said Secret Service Deputy Director Brian Nagel. “As a result, law
T
he European Court of Human Rights has ruled that a publicly funded Welsh college, which monitored an employee’s email, phone and Internet use, had violated her human rights.
Lynette Copland took the case against the UK Government to the European Court claiming her email traffic, Internet usage and telephone calls were monitored by the deputy principal of Carmarthenshire College and other staff. The Government put forward that the monitoring was necessary to discover if Copland was using college resources for excessive personal use. Copland’s case was based on Article 8 of the European Convention on Human Rights. The Court found the Government’s argument “unpersuasive” that the college was authorized to do what was needed. Copland says the snooping took place for about 18 months before November 1999. The college did not have a policy stating employee’s communications could be subject to monitoring.
May 2007
New forensic training unit to debut in US
A
national training unit is to be set up in the US to educate 900 state and local police officers, judges and prosecutors in digital forensics every year. The National Computer Forensic Unit will also provide police with tools.
enforcement has been propelled into technologically non-traditional terrain requiring highly specialised skills and innovative applications of traditional investigative strategies. It is imperative to address the changes in technology by providing training on cyber-investigative techniques and by sharing current expertise among federal, state and local officers.” Alabama Governor Bob Riley said: “This centre…will become America’s institution of excellence in the fight against cybercrimes.”
In brief PURDUE STUDENTS RECORDS REVEALED Students, who studied at Purdue University, have been told their social security numbers and names have been inadvertently published on the Internet. Search engines Yahoo and Google picked up the 175 affected students’ records. The page was reported to the University, which immediately removed it and got the search engines to stop indexing and caching it. TJX FACES BANK LAWSUIT A group of banks is suing TJX Companies to recover the costs of having to issue new credit and debit cards in the wake of the massive hack on the firm. The Massachusetts Bankers Association (MBA) said there has been “dramatic costs” incurred by banks as they try to protect cardholders after the 45 million card breach. INTERNET SNOOPING STOPPED IN GERMANY Intelligence agencies in Germany have halted covert Internet monitoring of suspected criminals’ computers. The German Interior Minister, Wolfgang Schauble, supports Internet snooping but has to wait for a legal judgement on the practice. TEENAGER CHARGED WITH HACKING AOL A teenage boy has been accused of hacking into AOL networks and databases between 24 December, 2006 and 7 April, 2007. The teenager allegedly deployed malware to hijack personal customer records. The New York youth has been charged with accessing systems containing bill records, infecting AOL computers with malware, compromising 49 AOL Instant messenger accounts belonging to the company’s staff and launching a phishing attack against them.
Computer Fraud & Security
3