FBI Tracks Down Big Phish
from the about-time dept
You would think that it wouldn't be that hard to track down phishing scammers. While they do try to hide themselves, in the end, there should be some sort of money trail leading back to them. However, for all the talk of trying to track these guys down, it seemed like no one ever got anywhere. There was a ton of hype around Microsoft catching a phishing "kingpin" until you realized that it was just some kid who set up a website and never made any money. The real problem, everyone always said, was that the real phishing kingpins operated as part of organized crime in Eastern Europe -- and that made them tough to track down. Partly due to the nature of any organized crime setup, it probably wasn't that hard to nab the small fry who were the front men -- but that was useless if you wanted to catch the big phish who actually masterminded the operation. However, that doesn't mean the authorities weren't working on it. The FBI has announced that they've brought down one phishing group, arresting at least 16 people. Up to five of those arrested are American with the rest being Polish. The FBI is still trying to track down others involved, including some in Romania. While it's definitely great to see them finally bring down a big phishing group, it should suggest how big a problem this really is that it's taken this long to nab one single group. Just imagine how many more are still out there, phishing away.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
OMG! ...MAJOR FINANCIAL INSTITUTION
You would think that a major financial institution would be a little more savy than most.
And as far as trading in online forums - did the FBI monitor as the credit cards were being traded - then, they subpenoed the Host for the IP addresses of the traders and the IP addresses and emails they used when registering?
If that is the case - it explains why they were able to catch THIS ring and not the others.
Anyone dumb enough to publically trade on an online forum ...... well,...
[ link to this | view in chronology ]
Re: OMG! ...MAJOR FINANCIAL INSTITUTION
[ link to this | view in chronology ]
Phishing...
[ link to this | view in chronology ]
haha
One thing is for sure, none of these institutions will waste their money for weeks or even months or even years of traces to catch a big group or a "big fish" why? because the costs are bigger then the catch... that's why usually they catch 1 or 2 and give the whole blame to them to make them an example for others... but heh that's kinda like an cartoon movie for kids... the REAL phishers never gets caught and most of the times those 'first lead" phishers are underage kids whom gov's cannot do anything other then give them some low charges... and the next week they are doing the same thing they've done before... because like in any other crime real or cyber the kids are used as first lead and even they get caugh in most of the states on this globe they don't even go to jail for any of this... mostly they pay the charges and that's all.
Oh and let me tell you something, first scam's ever existed begin from employers whom were selling banks info's like website sources, big lists of members info's and many others like that... only after some years people started to copycat the original websites... Also if you check e-bay more then 30% of the accounts are fake.. who's fault is that? paypal employers sold 343242 times members data's.. for large amount of money... these are only some expamples...
How is possible that search engines lead to websites full of stolen personal data like credit cards/ bank accounts etc and none of them reported those?, how come you can find on google "how to make a real bomb"? How come search engines can lead to gov's websites whom have top secret or classified files and none of them are protected?
Who's fault is that? because like you can see the nowadays answer for any crime real or cyber is "Because We Can?" Why don't you waste those big amounts of money for something more helpfull, like creating more secure systems for e-commerce and money transfers... create TV shows on subjects like "how to stay safe while surfing the internet", "how to make an safe transaction over the internet", banners on walls "don't forget to change your password once a week" lol... remember if the system is secure none of these would happen in the first place... if people would know all aspects of the internet before they do anything over the internet... none of these would happen... If the institution employers would be paid a lil more i doubt they will sell those info's to live a better life doing crimes... AND if this world would be a better place i doubt any crime will ever be made.. see i'm almost dreaming... no matter what, there will always exist good and bad since they both exist in us... more or less...
Stay safe... read the news :)
Report2System
[ link to this | view in chronology ]
My bad...
[ link to this | view in chronology ]
Re: My bad...
[ link to this | view in chronology ]
re: ha ha
I can't help but wonder why they don't catch more of the top people in these phishing scams and the only answer I can come up with is that they don't want to. With all the "power" that the NSA, the CIA & the FBI seemingly have, why is it that John Q Public has to point it out, complain and try to sue before they do anything about it? It's always some guy making the headlines about how he was "taken" before anyone even knows it's around. Where is our security? It's sometimes difficult not to take a page out of a conspiracy theorist's handbook.
[ link to this | view in chronology ]
i dont get it
[ link to this | view in chronology ]
Re: i dont get it
the phishing emails are sent from botnets. a bot is a computer that is being remote controlled by someone else. bots are regular people's machines being used to send spam without the owner's knowlege or consent. a botnet may have thousands or even tens of thousand of bots.
so you use some of your bots to send emails. maybe 500 or less, maybe to 500 recipients or less. for a real time black list like spamhaus, a host that sends 500 spams won't even show up on their radar.
once the mail is sent, the bots aren't used again for weeks. most bots are people's home computers connected to broadband and in a week or so the machine will get a new IP address and the process can start over again. 500 messages to 500 recipients sounds really small time, until you mulitply that by 10,000... the number of machines in a decently sized botnet. 10,000 computers X 500 emails X 500 recipients is 2.5 billion messages.
now, lets say that one half of one percent of people actually receive, believe, and respond to a scam. that doesn't sound like very many, until you factor in those huge numbers. one half of one percent of 2.5 billion is a little over 1.2 million.
now, lets say that one half of one percent of those account details are usable for fraud. again, that doesn't sound like very many, but one half of one percent of 1.2 million is still a little over 62 thousand.
now, once you run the scam, you may only succeed with one half of one percent of your attempts, but that's still 312 people that you and your organization have managed to fleece. the whole con takes less than a week from start to finish, so one gang could conceivably pull off well over 50 scams in a year. it sounds like a lot of work for not a lot in return, but for these guys it's way safer than armed robbery or dealing drugs.
the problem with the money trail is that the stolen money ends up offshore in countries with no real extradition policy with the US. compund that with the fact that the websites and funds used in the theft are bought and verified with stolen identities and financial info and you have a very difficult trail to track.
also, take into consideration that phishing for details financial details is one form of attack. some of those spams can contain keyloggers or browserjackers or other forms of spy/malware instead of a social engineering attempt, and you have the current threat environment for the average internet user.
[ link to this | view in chronology ]
Re: Re: i dont get it
[ link to this | view in chronology ]
Re: Re: i dont get it
1. ATM (max $2000 at every 12 or 24 hours)
2. wire transfer
3. using the credit card over the net at 324324 websites buying from electronics to jewels and so on
4. going on e-bay and "supposedly" buying an yaht or a car with just an e-check
5. transfers from real currency to e-currency and then back to real currency just to wash the money
6. western union/money bookers and many others whom are doing world wide money transfer...
7. playing on "setup" online casinos
and many other ways...
well all those transfers can be made in 1 hour and that single person lost 1 milion, so basicly they don't need 50 scams... while they can do 1 and good. You will never know anything other then theory untill you see it with your own eyes.
PS: For the guy who said that it doesn't matter if the "systems" are secure or not.. i'll tell you something.. if any of the actual banks that have online banking would be more secure i bet none of these would happen, because that's the first point from where the phishers start, they check the solen data if they have an online banking account, they check if it has any money on it or not. From online banking you can do wire transfers and/or you can confirm many other processes that helps them to withdraw and steal the people's money.
[ link to this | view in chronology ]
re: i don't get it
most of it is sent from websites with automated scripts... so in effect they're actually just sending 1 email... a few million times... while they sleep.
That's just one way... there's several. There are programs that do this, then there's also exploitable websites.
Does your website have a contact form? Does it let me type in characters for my name, or email address, or subject? If so, I can spam using your website.
so your restriction would only stop the spammers or phishers who have no idea what they're doing.
[ link to this | view in chronology ]
re: myself
[ link to this | view in chronology ]
SSN
[ link to this | view in chronology ]
Hidding under your nose.
“We are sharing evidence and using sophisticated techniques like never before,” Mr. Finch said in a statement. “Cybercriminals will no longer be able to hide behind borders to conduct their illicit business. There will be no safe haven for cybercrime.”
Something very funny, 30-40% of the AOL(America Online) accounts are fake, created with stolen credit cards and used by "phishers", "carders", "crackers", "hackers" because it provides a WALL and behind that, they can easily hide and none of you would look there, first because it provides dynamic ip addresses whom don't have any real location, they are registered as virtual and when you lookup the ip addresses the results are in US even the "enduser" is located in china or australia.
That's where FBI should start the leads from, because AOL is the "NEST", they are hiding under your nose and you don't even know that.
[ link to this | view in chronology ]
Why should Phishing be easier to track than drug d
Xenia
[ link to this | view in chronology ]
Re: Why should Phishing be easier to track than dr
Mr T
[ link to this | view in chronology ]