Saturday, March 26, 2011

Kingpin by Kevin Poulson of WIRED

I love to read, but it's been quite a long time since I had one of those "books I can't put down" evenings. Tonight was one of those nights. I had been delaying the start of reading "KINGPIN: How one hacker took over the billion-dollar cybercrime underground" not because I thought it would be a book I couldn't put down, but because honestly, I thought I knew the story already.

If you were interested in the hacking scene around the turn of the millenium, you would definitely know the name Max Butler. Max made a name for himself in the IDS world, helping with the earliest days of Snort, and running a database for IDS signatures called arachnIDS. I remember when Max went to jail the first time, chatting with my friend Dan Clemens of PacketNinjas, LLC, who was also into IDS systems and snort in a heavy way, about the arrest. It was troubling to see someone running a website called "WhiteHats.com" and ending up in jail. The version of the story I thought I knew was that Max had been asked by the Feds to help them patch their systems from the BIND bug that was so popular in 1998-1999, but that Max couldn't resist the urge to
put a back door into the patch.

White Hat Hacker in Court - April 13, 2000 - "Open source hacker "Max Vision" aided the FBI while allegedly cracking the Pentagon."

Max Vision: FBI Pawn? - May 8, 2001 - "FBI agents called him 'the Equalizer': a security expert and confessed hacker who infiltrated the electronic underground to help the Bureau. When he drew the line at bugging a friend, they threw the book at him."

Max Vision Begins 18-Month Term - July 5, 2001 - "Intrusion detection guru joins a growing hacker population in federal stir."

All of those stories are by Kevin Poulsen, who has "owned" this story from the very beginning.

The popular theory at the time was that Max had been sent to DefCon and was only charged with his crimes after refusing to be a snitch for the Feds at DefCon. See for instance this conversation thread from 2001, Max Butler AKA Max Vision-Iceman-Aphex Now Retired.

I've spoken to investigators at extremely large companies who actually used Max Butler to test the security of their systems as a Penetration Tester, only learning later that he was actually stealing from them at the same time!

In addition to remembering the story very well from the "old days," I also know the story as a friend of the NCFTA who has had the chance to meet and work with FBI Special Agent Keith Mularski. Keith's work, announced by the FBI in their October 20, 2008 press release, 'Dark Market' Takedown -- Exclusive Cyber Club for Crooks Exposed lead to the arrest of more than 50 cyber criminals who were in the credit card stealing and trading business. (More details on DarkMarket arrests are available from WIRED: Dark Market ring leader pleads guilty in London.

Like the more recent arrest of Albert Gonzales AKA Segvec Max has a long story of helping the Feds and working against them at the same time. Gonzales was a US Secret Service informant against the ShadowCrew, while simultaneously breaching the Heartland Payments systems, TJX, and many other places.

The difference though, was that while Gonzales was a two-timing crook who was playing the system, Max started off as a troubled soul who wanted desperately to be the hero, but couldn't resist the thrill of the hack.

Like I said, I thought I already knew the story. Reading Kevin's book brought out so many details I couldn't possibly have known though. Kevin did a great job getting into the early life of the characters, and exploring the formation of their personalities and motivations. As Kevin reels out the lives of the characters, its clear to see that there were several types of criminals in the stories. His ability to create a sympathetic protagonist out of a criminal who caused $80 Million in credit card fraud is a feat in itself.

This book belongs on the shelf next to Steven Levy's Hackers. If you haven't read it yet, pick a rainy Saturday and start early in the day, you aren't going to be able to stop until you get to the last page.


Order Kingpin from Amazon


Be sure to read more stories by Kevin at WIRED by following his Author Page at Threat Level and elsewhere.

Monday, March 14, 2011

Federal Reserve Spam

Last week the big malware-spreading spam claimed to be from NACHA and warned about problems with an ACH money transfer. The same bad guys are at it again, this week pretending to be the Federal Reserve bank.

The UAB Spam Data Mine has received more than 3500 copies of the spam email messages, primarily using the subject lines:

Wire Transfer #12976271232523 (a random number on each email)
Wire transfer 0430972006146 was canceled (a random number on each email)
Wire transfer was canceled
Wire transfer was rejected
Your Wire fund transfer
Your Wire Transfer
Your Wire Transfer #2491786220489 (a random number on each email)
Your Wire Transfer, ID544349843700 (a random number on each email)

The senders of the email message varied between one of five choices:

alert@federalreserve.gov
alerts@federalreserve.gov
fedwire@federalreserve.gov
info@federalreserve.gov
information@federalreserve.gov

As before, someone with a Yahoo email address had their account used on GoDaddy to register ".info" domains to be used in this campaign. This time, we have spam samples for 487 of them.

Both GoDaddy and Afilias have excellent abuse staffs, and the domains in question were quickly terminated.

count | machine
-------+----------------------------------
8 | A-WIREBLOG.INFO
8 | AWIRE.INFO
5 | A-WIRENOW.INFO
6 | A-WIREONLINE.INFO
11 | A-WIRESHOP.INFO
4 | A-WIRESITE.INFO
7 | A-WIRESTORE.INFO
8 | A-WIRETODAY.INFO
4 | BESTA-WIRE.INFO
10 | BESTD-WIRE.INFO
9 | BESTFEDERALWIRE.INFO
6 | BESTFEDWIRE-B.INFO
2 | BESTFEDWIRE-E.INFO
8 | BESTFEDWIRE-M.INFO
8 | BESTFEDWIRE-N.INFO
9 | BESTFEDWIRE-O.INFO
5 | BESTFEDWIRE-Q.INFO
10 | BESTFEDWIRE-R.INFO
4 | BESTFEDWIRE-T.INFO
14 | BESTFEDWIRE-U.INFO
7 | BESTFEDWIRE-Y.INFO
9 | BESTI-WIRE.INFO
5 | BESTP-WIRE.INFO
6 | BESTU-WIRE.INFO
8 | BESTWIREORGANISATION.INFO
4 | BESTWIREREPORTTRANSFER.INFO
5 | BESTWIRETRANSFERMONEY.INFO
6 | BESTX-WIRE.INFO
4 | BESTZ-ACH.INFO
7 | BESTZ-WIRE.INFO
11 | COPPER-WIRE-ORGANISATION.INFO
6 | COPPERWIREORGANISATION.INFO
8 | COPPER-WIRE-REPORT-TRANSFER.INFO
8 | COPPERWIREREPORTTRANSFER.INFO
5 | COPPERWIRETRANSFERMONEY.INFO
3 | CUSTOMWIREORGANISATION.INFO
13 | D-WIREBLOG.INFO
7 | DWIRECABLE.INFO
10 | DWIRECLOTH.INFO
10 | DWIREDIAMETER.INFO
8 | D-WIRE-FENCE.INFO
5 | DWIREFENCE.INFO
8 | DWIREFORMING.INFO
5 | D-WIRE.INFO
7 | DWIREMANUFACTURER.INFO
12 | D-WIRENOW.INFO
7 | D-WIREONLINE.INFO
3 | DWIRESHELF.INFO
9 | D-WIRESHOP.INFO
11 | D-WIRES.INFO
9 | D-WIRESITE.INFO
10 | D-WIRESTORE.INFO
9 | DWIRESUPPLIERS.INFO
6 | DWIRETECH.INFO
8 | D-WIRETODAY.INFO
7 | ELECTRICALWIRETRANSFERMONEY.INFO
9 | FEDERALWIREBLOG.INFO
8 | FEDERALWIRECABLE.INFO
7 | FEDERALWIRECLOTH.INFO
8 | FEDERALWIREDIAMETER.INFO
8 | FEDERAL-WIRE-FENCE.INFO
6 | FEDERALWIREFENCE.INFO
9 | FEDERALWIREFORMING.INFO
9 | FEDERAL-WIRE.INFO
6 | FEDERALWIRE.INFO
7 | FEDERALWIRENOW.INFO
5 | FEDERALWIREONLINE.INFO
6 | FEDERALWIRESHELF.INFO
6 | FEDERALWIRESHOP.INFO
6 | FEDERALWIRES.INFO
5 | FEDERALWIRESITE.INFO
8 | FEDERALWIRESIZES.INFO
8 | FEDERALWIRESTORE.INFO
9 | FEDERALWIRETECH.INFO
9 | FEDERALWIRETODAY.INFO
8 | FEDWIREANDBLUE.INFO
8 | FEDWIREANDSAVE.INFO
8 | FEDWIREANDSILVER.INFO
4 | FEDWIREANDSONS.INFO
12 | FEDWIREANDSOUL.INFO
2 | FEDWIREANDSTYLE.INFO
7 | FEDWIREANDTRAVEL.INFO
10 | FEDWIRE-BBLOG.INFO
8 | FEDWIRE-BE-CONNECTED.INFO
6 | FEDWIREBECONNECTED.INFO
10 | FEDWIRE-BE-COOL.INFO
7 | FEDWIREBECOOL.INFO
11 | FEDWIRE-BE.INFO
10 | FEDWIREBE.INFO
7 | FEDWIRE-B.INFO
8 | FEDWIREB.INFO
6 | FEDWIRE-BNOW.INFO
7 | FEDWIRE-BONLINE.INFO
8 | FEDWIRE-B-RICH.INFO
7 | FEDWIREBRICH.INFO
7 | FEDWIRE-BSHOP.INFO
3 | FEDWIRE-BS.INFO
7 | FEDWIRE-BSITE.INFO
6 | FEDWIRE-BSTORE.INFO
8 | FEDWIRE-BTODAY.INFO
5 | FEDWIRE-EBLOG.INFO
6 | FEDWIRE-E.INFO
8 | FEDWIREE.INFO
5 | FEDWIRE-E-MINOR.INFO
7 | FEDWIREEMINOR.INFO
6 | FEDWIRE-ENOW.INFO
9 | FEDWIRE-EONLINE.INFO
4 | FEDWIRE-ESHOP.INFO
9 | FEDWIRE-ES.INFO
10 | FEDWIRE-ESITE.INFO
5 | FEDWIRE-ESTORE.INFO
4 | FEDWIRE-ETODAY.INFO
11 | FEDWIRE-M-BASKETBALL.INFO
6 | FEDWIREMBASKETBALL.INFO
10 | FEDWIRE-MBLOG.INFO
4 | FEDWIRE-M.INFO
12 | FEDWIREM.INFO
13 | FEDWIRE-MNOW.INFO
4 | FEDWIRE-MONLINE.INFO
7 | FEDWIRE-MSHOP.INFO
3 | FEDWIRE-MS.INFO
3 | FEDWIRE-MSITE.INFO
3 | FEDWIRE-MSTORE.INFO
12 | FEDWIRE-MTODAY.INFO
6 | FEDWIRE-M-WARD.INFO
7 | FEDWIREMWARD.INFO
12 | FEDWIRE-NBLOG.INFO
9 | FEDWIRE-N.INFO
3 | FEDWIREN.INFO
5 | FEDWIRE-NNOW.INFO
4 | FEDWIRE-NONLINE.INFO
4 | FEDWIRE-N-SCALE.INFO
16 | FEDWIRENSCALE.INFO
6 | FEDWIRE-NSHOP.INFO
3 | FEDWIRE-NS.INFO
5 | FEDWIRE-NSITE.INFO
4 | FEDWIRE-NSTORE.INFO
11 | FEDWIRE-NTODAY.INFO
6 | FEDWIRE-OBLOG.INFO
5 | FEDWIRE-O-HENRY.INFO
7 | FEDWIREOHENRY.INFO
8 | FEDWIRE-O.INFO
5 | FEDWIREO.INFO
6 | FEDWIRE-ONOW.INFO
13 | FEDWIRE-OONLINE.INFO
11 | FEDWIRE-OSHOP.INFO
9 | FEDWIRE-OS.INFO
11 | FEDWIRE-OSITE.INFO
4 | FEDWIRE-OSTORE.INFO
8 | FEDWIRE-O-TICKET.INFO
5 | FEDWIREOTICKET.INFO
7 | FEDWIRE-OTODAY.INFO
9 | FEDWIRE-Q-AUDIO.INFO
5 | FEDWIREQAUDIO.INFO
9 | FEDWIRE-Q-AWARDS.INFO
10 | FEDWIREQAWARDS.INFO
7 | FEDWIRE-QBLOG.INFO
9 | FEDWIRE-Q-CELL.INFO
5 | FEDWIREQCELL.INFO
9 | FEDWIRE-Q-FEVER.INFO
9 | FEDWIREQFEVER.INFO
6 | FEDWIRE-Q.INFO
5 | FEDWIRE-Q-MAGAZINE.INFO
6 | FEDWIREQMAGAZINE.INFO
8 | FEDWIRE-QNOW.INFO
5 | FEDWIRE-QONLINE.INFO
8 | FEDWIRE-QSHOP.INFO
9 | FEDWIRE-QS.INFO
5 | FEDWIRE-QSITE.INFO
6 | FEDWIRE-QSTORE.INFO
12 | FEDWIRE-QTODAY.INFO
5 | FEDWIRE-RBLOG.INFO
5 | FEDWIRE-R.INFO
5 | FEDWIRER.INFO
8 | FEDWIRE-R-KELLY.INFO
3 | FEDWIRERKELLY.INFO
13 | FEDWIRE-RNOW.INFO
7 | FEDWIRE-RONLINE.INFO
3 | FEDWIRE-RSHOP.INFO
11 | FEDWIRE-RS.INFO
7 | FEDWIRE-RSITE.INFO
8 | FEDWIRE-RSTORE.INFO
5 | FEDWIRE-RTODAY.INFO
7 | FEDWIRE-TBLOG.INFO
6 | FEDWIRE-T-CELLS.INFO
12 | FEDWIRETCELLS.INFO
7 | FEDWIRE-T.INFO
9 | FEDWIRET.INFO
8 | FEDWIRE-T-MAGAZINE.INFO
6 | FEDWIRETMAGAZINE.INFO
4 | FEDWIRE-TNOW.INFO
9 | FEDWIRE-TONLINE.INFO
6 | FEDWIRE-T-PAIN.INFO
8 | FEDWIRETPAIN.INFO
8 | FEDWIRE-TSHOP.INFO
6 | FEDWIRE-TS.INFO
5 | FEDWIRE-TSITE.INFO
5 | FEDWIRE-TSTORE.INFO
14 | FEDWIRE-TTODAY.INFO
4 | FEDWIRE-UBLOG.INFO
11 | FEDWIRE-U.INFO
9 | FEDWIREU.INFO
12 | FEDWIRE-UNOW.INFO
12 | FEDWIRE-UONLINE.INFO
10 | FEDWIRE-USHOP.INFO
10 | FEDWIRE-US.INFO
5 | FEDWIRE-USITE.INFO
10 | FEDWIRE-USTORE.INFO
3 | FEDWIRE-UTODAY.INFO
7 | FEDWIRE-YBLOG.INFO
6 | FEDWIRE-Y-CAMP.INFO
7 | FEDWIREYCAMP.INFO
10 | FEDWIRE-Y.INFO
9 | FEDWIREY.INFO
6 | FEDWIRE-YNOW.INFO
7 | FEDWIRE-YONLINE.INFO
7 | FEDWIRE-YOU-CANT.INFO
8 | FEDWIREYOUCANT.INFO
6 | FEDWIRE-YOU.INFO
9 | FEDWIREYOU.INFO
9 | FEDWIRE-YOU-ROCK.INFO
10 | FEDWIREYOUROCK.INFO
2 | FEDWIRE-YOU-SAVE.INFO
4 | FEDWIREYOUSAVE.INFO
12 | FEDWIREYOUTUBE.INFO
5 | FEDWIRE-YSHOP.INFO
5 | FEDWIRE-YS.INFO
7 | FEDWIRE-YSITE.INFO
7 | FEDWIRE-YSTORE.INFO
8 | FEDWIRE-YTODAY.INFO
4 | FREEA-WIRE.INFO
7 | FREED-WIRE.INFO
9 | FREEFEDERALWIRE.INFO
8 | FREEFEDWIRE-B.INFO
7 | FREEFEDWIRE-E.INFO
9 | FREEFEDWIRE-M.INFO
5 | FREEFEDWIRE-N.INFO
7 | FREEFEDWIRE-O.INFO
2 | FREEFEDWIRE-Q.INFO
5 | FREEFEDWIRE-R.INFO
8 | FREEFEDWIRE-T.INFO
13 | FREEFEDWIRE-U.INFO
14 | FREEFEDWIRE-Y.INFO
7 | FREEI-WIRE.INFO
5 | FREEP-WIRE.INFO
8 | FREEU-WIRE.INFO
5 | FREEWIREORGANISATION.INFO
9 | FREEWIREREPORTTRANSFER.INFO
4 | FREEWIRETRANSFERMONEY.INFO
8 | FREEX-WIRE.INFO
7 | FREEZ-ACH.INFO
6 | FREEZ-WIRE.INFO
5 | GAUGEWIREORGANISATION.INFO
5 | GAUGEWIRETRANSFERMONEY.INFO
7 | I-MOBILE-WIRE.INFO
8 | IMOBILEWIRE.INFO
5 | IRONWIREORGANISATION.INFO
5 | IRONWIREREPORTTRANSFER.INFO
7 | IRONWIRETRANSFERMONEY.INFO
6 | I-WIREBLOG.INFO
10 | IWIREHOMES.INFO
8 | I-WIRE.INFO
7 | I-WIRE-INTERACTIVE.INFO
5 | IWIREINTERACTIVE.INFO
10 | IWIRENETWORKS.INFO
10 | I-WIRENOW.INFO
11 | I-WIREONLINE.INFO
7 | I-WIRESHOP.INFO
2 | I-WIRES.INFO
7 | I-WIRESITE.INFO
8 | I-WIRESTORE.INFO
14 | I-WIRE-TECH.INFO
5 | IWIRETECH.INFO
11 | I-WIRETODAY.INFO
7 | METALWIREORGANISATION.INFO
6 | METALWIREREPORTTRANSFER.INFO
6 | METALWIRETRANSFERMONEY.INFO
6 | MYA-WIRE.INFO
3 | MYD-WIRE.INFO
8 | MYFEDERALWIRE.INFO
12 | MYFEDWIRE-B.INFO
5 | MYFEDWIRE-E.INFO
13 | MYFEDWIRE-M.INFO
8 | MYFEDWIRE-N.INFO
10 | MYFEDWIRE-O.INFO
4 | MYFEDWIRE-Q.INFO
11 | MYFEDWIRE-R.INFO
11 | MYFEDWIRE-T.INFO
10 | MYFEDWIRE-U.INFO
11 | MYFEDWIRE-Y.INFO
7 | MYI-WIRE.INFO
6 | MYP-WIRE.INFO
5 | MYU-WIRE.INFO
12 | MYWIREORGANISATION.INFO
7 | MYWIREREPORTTRANSFER.INFO
9 | MYWIRETRANSFERMONEY.INFO
5 | MYX-WIRE.INFO
9 | MYZ-ACH.INFO
7 | MYZ-WIRE.INFO
4 | NEWA-WIRE.INFO
6 | NEWD-WIRE.INFO
5 | NEWFEDERALWIRE.INFO
12 | NEWFEDWIRE-B.INFO
5 | NEWFEDWIRE-E.INFO
12 | NEWFEDWIRE-M.INFO
7 | NEWFEDWIRE-N.INFO
7 | NEWFEDWIRE-O.INFO
8 | NEWFEDWIRE-Q.INFO
10 | NEWFEDWIRE-R.INFO
5 | NEWFEDWIRE-T.INFO
11 | NEWFEDWIRE-U.INFO
5 | NEWFEDWIRE-Y.INFO
6 | NEWI-WIRE.INFO
7 | NEWP-WIRE.INFO
18 | NEWU-WIRE.INFO
12 | NEWWIREORGANISATION.INFO
9 | NEWWIREREPORTTRANSFER.INFO
8 | NEWWIRETRANSFERMONEY.INFO
3 | NEWX-WIRE.INFO
6 | NEWZ-ACH.INFO
10 | NEWZ-WIRE.INFO
11 | PRECISIONWIREORGANISATION.INFO
3 | P-WIREBLOG.INFO
10 | PWIRECABLE.INFO
8 | PWIRECLOTH.INFO
4 | PWIREDIAMETER.INFO
8 | P-WIRE-FENCE.INFO
3 | PWIREFENCE.INFO
7 | PWIREFORMING.INFO
2 | P-WIRE.INFO
11 | PWIRE.INFO
9 | PWIREMANUFACTURER.INFO
8 | P-WIRENOW.INFO
9 | P-WIREONLINE.INFO
7 | PWIRESHELF.INFO
6 | P-WIRESHOP.INFO
7 | P-WIRES.INFO
12 | P-WIRESITE.INFO
7 | P-WIRESTORE.INFO
6 | PWIRESUPPLIERS.INFO
4 | P-WIRETODAY.INFO
6 | RESISTANCEWIRETRANSFERMONEY.INFO
7 | RIDINGTHEWIRE.INFO
12 | ROME-X-WIRE.INFO
9 | SILVERWIRETRANSFERMONEY.INFO
10 | SPOT-I-WIRE.INFO
11 | SPOTIWIRE.INFO
4 | STEEL-WIRE-ORGANISATION.INFO
9 | STEELWIREORGANISATION.INFO
3 | STEEL-WIRE-REPORT-TRANSFER.INFO
9 | STEELWIREREPORTTRANSFER.INFO
5 | STEELWIRETRANSFERMONEY.INFO
7 | THEA-WIRE.INFO
7 | THEDETROITWIRE.INFO
7 | THED-WIRE.INFO
3 | THEFEDERALWIRE.INFO
11 | THEFEDWIRE-B.INFO
5 | THEFEDWIRE-E.INFO
8 | THEFEDWIRE-M.INFO
7 | THEFEDWIRE-N.INFO
5 | THEFEDWIRE-O.INFO
7 | THEFEDWIRE-Q.INFO
6 | THEFEDWIRE-R.INFO
9 | THEFEDWIRE-T.INFO
3 | THEFEDWIRE-U.INFO
12 | THEFEDWIRE-Y.INFO
9 | THEI-WIRE.INFO
7 | THEP-WIRE.INFO
4 | THERIDEWIRE.INFO
2 | THEU-WIRE.INFO
11 | THEWIREDOGS.INFO
6 | THEWIREGUYS.INFO
6 | THE-WIRE.INFO
5 | THEWIREORGANISATION.INFO
14 | THEWIREREPORTTRANSFER.INFO
1 | THEWIRETRANSFERMONEY.INFO
10 | THEX-WIRE.INFO
10 | THEZ-ACH.INFO
6 | THEZ-WIRE.INFO
6 | TRAVEL-A-WIRE.INFO
10 | TRAVELAWIRE.INFO
12 | U-WIREBLOG.INFO
7 | UWIRECABLE.INFO
11 | UWIRECLOTH.INFO
9 | UWIREDIAMETER.INFO
7 | U-WIRE-FENCE.INFO
9 | UWIREFENCE.INFO
9 | UWIREFORMING.INFO
9 | U-WIRE.INFO
9 | UWIREMANUFACTURER.INFO
4 | U-WIRENOW.INFO
8 | U-WIREONLINE.INFO
9 | UWIRESHELF.INFO
7 | U-WIRESHOP.INFO
8 | U-WIRES.INFO
8 | U-WIRESITE.INFO
8 | U-WIRESTORE.INFO
5 | UWIRESUPPLIERS.INFO
6 | UWIRETECH.INFO
3 | U-WIRETODAY.INFO
6 | WALKINGTHEWIRE.INFO
12 | WIREORGANISATIONBLOG.INFO
10 | WIRE-ORGANISATION.INFO
5 | WIREORGANISATION.INFO
5 | WIREORGANISATIONNOW.INFO
9 | WIREORGANISATIONONLINE.INFO
6 | WIREORGANISATIONSHOP.INFO
5 | WIREORGANISATIONS.INFO
3 | WIREORGANISATIONSITE.INFO
9 | WIREORGANISATIONSTORE.INFO
6 | WIREORGANISATIONTODAY.INFO
7 | WIREREPORTCARDSTRANSFER.INFO
6 | WIRE-REPORT-CARD-TRANSFER.INFO
7 | WIREREPORTCARDTRANSFER.INFO
4 | WIREREPORTTRANSFERBLOG.INFO
11 | WIRE-REPORT-TRANSFER.INFO
6 | WIREREPORTTRANSFER.INFO
4 | WIREREPORTTRANSFERNOW.INFO
6 | WIREREPORTTRANSFERONLINE.INFO
4 | WIREREPORTTRANSFERSHOP.INFO
10 | WIREREPORTTRANSFERS.INFO
6 | WIREREPORTTRANSFERSITE.INFO
2 | WIREREPORTTRANSFERSTORE.INFO
7 | WIREREPORTTRANSFERTODAY.INFO
5 | WIRETRANSFERMONEYBLOG.INFO
13 | WIRE-TRANSFER-MONEY.INFO
7 | WIRETRANSFERMONEY.INFO
7 | WIRETRANSFERMONEYNOW.INFO
7 | WIRETRANSFERMONEYONLINE.INFO
7 | WIRETRANSFERMONEYSHOP.INFO
9 | WIRETRANSFERMONEYS.INFO
6 | WIRETRANSFERMONEYSITE.INFO
10 | WIRETRANSFERMONEYSTORE.INFO
1 | WIRETRANSFERMONEYTODAY.INFO
7 | WIRETRANSFERSTATIONMONEY.INFO
3 | X-CABLE.INFO
4 | XCIRCUITBOARDS.INFO
6 | X-CIRCUIT.INFO
7 | XCIRCUIT.INFO
5 | X-CONNECTION.INFO
6 | XELECTRICALCONDUCTOR.INFO
6 | X-FILAMENT.INFO
7 | XFILAMENT.INFO
8 | X-WIREBLOG.INFO
6 | XWIRE.INFO
10 | X-WIRENOW.INFO
11 | X-WIREONLINE.INFO
8 | X-WIRESHOP.INFO
3 | X-WIRES.INFO
2 | X-WIRESITE.INFO
6 | X-WIRESTORE.INFO
2 | X-WIRETODAY.INFO
13 | Z-ACH-ACCOUNTS.INFO
5 | ZACHACCOUNTS.INFO
10 | Z-ACHBLOG.INFO
8 | Z-ACH.INFO
9 | Z-ACHNOW.INFO
16 | Z-ACHONLINE.INFO
6 | Z-ACH-PAYMENT.INFO
10 | ZACHPAYMENT.INFO
5 | Z-ACH-PAYMENTS.INFO
6 | ZACHPAYMENTS.INFO
5 | Z-ACHSHOP.INFO
4 | Z-ACHS.INFO
8 | Z-ACHSITE.INFO
6 | Z-ACHSTORE.INFO
4 | Z-ACHTODAY.INFO
4 | Z-ACH-TRANSACTIONS.INFO
10 | ZACHTRANSACTIONS.INFO
5 | ZCABLE.INFO
9 | ZCIRCUITBOARDS.INFO
9 | ZCIRCUIT.INFO
6 | ZCONNECTION.INFO
5 | ZFILAMENT.INFO
10 | ZLINESEGMENT.INFO
3 | ZLINETRAINS.INFO
3 | ZLINK.INFO
4 | Z-WIREBLOG.INFO
7 | Z-WIRE-INTERACTIVE.INFO
9 | ZWIREINTERACTIVE.INFO
6 | Z-WIRENOW.INFO
8 | Z-WIREONLINE.INFO
11 | Z-WIRESHOP.INFO
7 | Z-WIRES.INFO
13 | Z-WIRESITE.INFO
15 | Z-WIRESTORE.INFO
7 | Z-WIRETODAY.INFO
(487 rows)

Saturday, March 12, 2011

UK Government counts the Cost of Cybercrime

The British government has released a report on the annual cost of cybercrime to the United Kingdom. The study mechanism seems greatly flawed, in that it relies almost exclusively on published reports and expert opinions, rather than on any structured gathering of information from victims.

The news was announced in the press this week, for example in the Independent.

They came up with a 2010 annual cost of cyber crime of £27 billion (or $43 billion US Dollars). If the costs were projected evenly from the $2.2 trillion UK economy to the $14.1 trillion US economy, that would estimate our own costs of cybercrime at $275 billion (roughly 6.4 times larger economy.) There is no basis to believe that projection is accurate, but the scale is probably similar.

The study was paid for by the OCSIA, the Office of Cyber Security and Information Assurance. It was conducted by Detica, a BAE Systems company.

The full 32 page report is available from the Cabinet Office

They place costs at:

£3.1 billion to citizens with
£1.7 billion in Identity Theft
£1.4 billion to online scams.

£2.2 billion to the government

£21 billion businesses of which:

£9.2 billion in Intellectual Property theft
£7.6 billion in industrial espionage
£2.2 billion in extortion
£1.3 billion from direct theft
£1 billion in costs related to lost customer data

The Intellectual Property theft was certainly not evenly distributed. They put the most likely industries as:

£1.8 billion = pharmaceuticals & biotech
£1.7 billion = electronic & electrical material
£1.6 billion = software & computer services
£1.3 billion = chemicals
£800 million = automobiles & parts
£800 million = non-profits
£400 million = aerospace & defence

The greatest risk in Intellectual Property theft was believed to be untrustworthy insiders who fell to the pressure of bribery.

The Espionage Impact was largely in three areas:

£2.1 billion = financial services
£1.6 billion = mining
£1.3 billion = aerospace and defence
£900 million = software & computer services

Friday, March 11, 2011

More ACH Spam from NACHA

While we wait for the Japanese Earthquake scams to begin, we noticed another on-going spam campaign. We wrote about the ACH Transaction Rejected spam back in February, but another round is active, with another 350+ freshly registered domains.

The body of the email this time around reads:

The ACH transfer (ID: 65388185980), recently sent from your checking account (by you or any other person), was cancelled by the other financial institution.

Please click here (link) to view details

If you have any questions or comments, contact us at info@nacha.org. Thank you for using http://www.nacha.org.

/This messages is intended for use by addressee only and may contain privileged and confidential information. If you are not the intended recipient, dissemination of this communication is prohibited. If you have received this communication in error, please delete all copies of the message and attachments and notify the sender immediately. /



The spam has one of the following ten subject lines:

ACH payment canceled
ACH payment rejected
ACH transaction canceled
ACH Transfer canceled
ACH transfer rejected
Rejected ACH payment
Rejected ACH transaction
Rejected ACH transfer
Your ACH transaction
Your ACH transfer

Each claims to be from "nacha.org" - the National Automated Clearing House Association - the people who handle electronic payments between banks.

The from addresses are:

ach@nacha.org
admin@nacha.org
alert@nacha.org
alerts@nacha.org
info@nacha.org
payment@nacha.org
payments@nacha.org
risk@nacha.org
risk_manager@nacha.org
transactions@nacha.org
transfers@nacha.org


Here are the domain names we are seeing this time around. I haven't checked all of them, but the ones I checked were GoDaddy. (GoDaddy and Affilias have been notified, and many of the domains are already disabled.)


machine
-----------------------------------
ACHDESCRIBES.INFO
ACH-DETAILS-EMERGE.INFO
ACHDETAILSEMERGE.INFO
ACH-DETAILS.INFO
ACHDETAILS.INFO
ACH-DETAILS-MAGAZINE.INFO
ACHDETAILSMAGAZINE.INFO
ACHDETAILSNOW.INFO
ACHDETAILSONLINE.INFO
ACHDETAILSSHOP.INFO
ACHDETAILSSITE.INFO
ACHDETAILSSTORE.INFO
ACHDETAILSTODAY.INFO
ACHELEMENTS.INFO
ACH-INFORMATION-ARCHITECTURE.INFO
ACHINFORMATIONASSURANCE.INFO
ACHINFORMATIONBLOG.INFO
ACH-INFORMATION.INFO
ACHINFORMATION.INFO
ACHINFORMATIONLITERACY.INFO
ACHINFORMATIONNOW.INFO
ACHINFORMATIONONLINE.INFO
ACH-INFORMATION-SCIENCES.INFO
ACHINFORMATIONSCIENCES.INFO
ACH-INFORMATION-SHARING.INFO
ACHINFORMATIONSHARING.INFO
ACHINFORMATIONSHOP.INFO
ACHINFORMATIONS.INFO
ACHINFORMATIONSITE.INFO
ACHINFORMATIONSTORE.INFO
ACHINFORMATIONTODAY.INFO
ACHINFORMATIONWARFARE.INFO
ACHINFORMS.INFO
ACHREPORTBLOG.INFO
ACH-REPORT-CARD.INFO
ACHREPORTCARD.INFO
ACH-REPORT-CARDS.INFO
ACHREPORTCARDS.INFO
ACH-REPORT-COVERS.INFO
ACHREPORTCOVERS.INFO
ACH-REPORT.INFO
ACHREPORT.INFO
ACHREPORTNOW.INFO
ACHREPORTONLINE.INFO
ACHREPORTSHOP.INFO
ACHREPORTS.INFO
ACHREPORTSITE.INFO
ACHREPORTSTORE.INFO
ACHREPORTTODAY.INFO
ACHREVIEW.INFO
ATRANSFERADMISSION.INFO
ATRANSFERAGENT.INFO
ATRANSFERAPPLICANTS.INFO
A-TRANSFERBLOG.INFO
ATRANSFERFILES.INFO
ATRANSFERGUIDES.INFO
ATRANSFER.INFO
A-TRANSFERNOW.INFO
A-TRANSFERONLINE.INFO
ATRANSFERPRICING.INFO
ATRANSFERREQUEST.INFO
A-TRANSFERSHOP.INFO
A-TRANSFERS.INFO
A-TRANSFERSITE.INFO
A-TRANSFER-STATION.INFO
ATRANSFERSTATION.INFO
A-TRANSFERSTORE.INFO
A-TRANSFERTODAY.INFO
B-ACH-ACCOUNTS.INFO
BACHACCOUNTS.INFO
B-ACHBLOG.INFO
B-ACH.INFO
B-ACHNOW.INFO
B-ACHONLINE.INFO
B-ACH-PAYMENT.INFO
BACHPAYMENT.INFO
B-ACH-PAYMENTS.INFO
BACHPAYMENTS.INFO
B-ACHSHOP.INFO
B-ACHS.INFO
B-ACHSITE.INFO
B-ACHSTORE.INFO
B-ACHTODAY.INFO
B-ACH-TRANSACTIONS.INFO
BACHTRANSACTIONS.INFO
BESTACHDETAILS.INFO
BESTACHINFORMATION.INFO
BESTACHREPORT.INFO
BESTA-TRANSFER.INFO
BESTB-ACH.INFO
BESTD-PAYMENT.INFO
BESTG-PAYMENT.INFO
BESTP-ACH.INFO
BESTQ-ACH.INFO
BESTQ-PAYMENT.INFO
BESTQ-TRANSFER.INFO
BESTR-TRANSFER.INFO
BESTT-TRANSFER.INFO
BESTV-ACH.INFO
BESTW-ACH.INFO
BESTZ-PAYMENT.INFO
D-PAYMENTBLOG.INFO
D-PAYMENT.INFO
DPAYMENT.INFO
DPAYMENTMETHOD.INFO
DPAYMENTMETHODS.INFO
D-PAYMENTNOW.INFO
D-PAYMENTONLINE.INFO
DPAYMENTOPTION.INFO
DPAYMENTPROCESSING.INFO
DPAYMENTPROCESSOR.INFO
D-PAYMENTSHOP.INFO
D-PAYMENTS.INFO
D-PAYMENTSITE.INFO
DPAYMENTSOLUTION.INFO
DPAYMENTSOLUTIONS.INFO
D-PAYMENTSTORE.INFO
DPAYMENTTERMINAL.INFO
D-PAYMENTTODAY.INFO
DPAYMENTTRANSACTION.INFO
ELECTRONIC-ACH-DETAILS.INFO
ELECTRONICACHDETAILS.INFO
ELECTRONIC-ACH-REPORT.INFO
ELECTRONICACHREPORT.INFO
FREEACHDETAILS.INFO
FREEACHINFORMATION.INFO
FREEACHREPORT.INFO
FREEA-TRANSFER.INFO
FREEB-ACH.INFO
FREED-PAYMENT.INFO
FREEG-PAYMENT.INFO
FREEQ-ACH.INFO
FREEQ-PAYMENT.INFO
FREEQ-TRANSFER.INFO
FREER-TRANSFER.INFO
FREET-TRANSFER.INFO
FREEV-ACH.INFO
FREEW-ACH.INFO
FREEZ-PAYMENT.INFO
G-PAYMENTBLOG.INFO
G-PAYMENT.INFO
GPAYMENT.INFO
GPAYMENTMETHOD.INFO
GPAYMENTMETHODS.INFO
G-PAYMENTNOW.INFO
G-PAYMENTONLINE.INFO
GPAYMENTPROCESSING.INFO
GPAYMENTPROCESSOR.INFO
G-PAYMENTSHOP.INFO
G-PAYMENTS.INFO
G-PAYMENTSITE.INFO
GPAYMENTSOLUTIONS.INFO
G-PAYMENTSTORE.INFO
GPAYMENTTERMINAL.INFO
G-PAYMENTTODAY.INFO
GPAYMENTTRANSACTION.INFO
MASTER-P-ACH.INFO
MASTERPACH.INFO
MYACHDETAILS.INFO
MYACHINFORMATION.INFO
MYACHREPORT.INFO
MYA-TRANSFER.INFO
MYB-ACH.INFO
MYD-PAYMENT.INFO
MYG-PAYMENT.INFO
MYP-ACH.INFO
MYQ-ACH.INFO
MYQ-PAYMENT.INFO
MYQ-TRANSFER.INFO
MYR-TRANSFER.INFO
MYT-TRANSFER.INFO
MYV-ACH.INFO
MYW-ACH.INFO
MYZ-PAYMENT.INFO
NEWACHDETAILS.INFO
NEWACHINFORMATION.INFO
NEWACHREPORT.INFO
NEWA-TRANSFER.INFO
NEWB-ACH.INFO
NEWD-PAYMENT.INFO
NEWG-PAYMENT.INFO
NEWP-ACH.INFO
NEWQ-ACH.INFO
NEWQ-PAYMENT.INFO
NEWQ-TRANSFER.INFO
NEWR-TRANSFER.INFO
NEWT-TRANSFER.INFO
NEWV-ACH.INFO
NEWW-ACH.INFO
NEWZ-PAYMENT.INFO
P-ACH-ACCOUNTS.INFO
PACHACCOUNTS.INFO
P-ACHBLOG.INFO
P-ACH.INFO
P-ACHNOW.INFO
P-ACHONLINE.INFO
P-ACH-PAYMENT.INFO
PACHPAYMENT.INFO
P-ACH-PAYMENTS.INFO
PACHPAYMENTS.INFO
P-ACHSHOP.INFO
P-ACHS.INFO
P-ACHSITE.INFO
P-ACHSTORE.INFO
P-ACHTODAY.INFO
P-ACH-TRANSACTIONS.INFO
PACHTRANSACTIONS.INFO
Q-ACH-ACCOUNTS.INFO
QACHACCOUNTS.INFO
Q-ACHBLOG.INFO
Q-ACH.INFO
QACH.INFO
Q-ACHNOW.INFO
Q-ACHONLINE.INFO
Q-ACH-PAYMENT.INFO
QACHPAYMENT.INFO
Q-ACH-PAYMENTS.INFO
QACHPAYMENTS.INFO
Q-ACHSHOP.INFO
Q-ACHS.INFO
Q-ACHSITE.INFO
Q-ACHSTORE.INFO
Q-ACHTODAY.INFO
Q-ACH-TRANSACTIONS.INFO
QACHTRANSACTIONS.INFO
Q-PAYMENTBLOG.INFO
Q-PAYMENT.INFO
QPAYMENTMETHOD.INFO
QPAYMENTMETHODS.INFO
Q-PAYMENTNOW.INFO
Q-PAYMENTONLINE.INFO
QPAYMENTOPTION.INFO
QPAYMENTPROCESSING.INFO
QPAYMENTPROCESSOR.INFO
QPAYMENTSCHEDULE.INFO
Q-PAYMENTSHOP.INFO
Q-PAYMENTS.INFO
Q-PAYMENTSITE.INFO
QPAYMENTSOLUTION.INFO
QPAYMENTSOLUTIONS.INFO
Q-PAYMENTSTORE.INFO
QPAYMENTTERMINAL.INFO
Q-PAYMENTTODAY.INFO
QPAYMENTTRANSACTION.INFO
QTRANSFERADMISSION.INFO
QTRANSFERAGENT.INFO
QTRANSFERAPPLICANTS.INFO
Q-TRANSFERBLOG.INFO
QTRANSFERFILES.INFO
QTRANSFERGUIDES.INFO
Q-TRANSFER.INFO
QTRANSFER.INFO
Q-TRANSFERNOW.INFO
Q-TRANSFERONLINE.INFO
QTRANSFERPRICING.INFO
QTRANSFERREQUEST.INFO
Q-TRANSFERSHOP.INFO
Q-TRANSFERS.INFO
Q-TRANSFERSITE.INFO
Q-TRANSFER-STATION.INFO
QTRANSFERSTATION.INFO
Q-TRANSFERSTORE.INFO
Q-TRANSFERTODAY.INFO
RTRANSFERADMISSION.INFO
RTRANSFERAGENT.INFO
RTRANSFERAPPLICANTS.INFO
R-TRANSFERBLOG.INFO
RTRANSFERFILES.INFO
RTRANSFERGUIDES.INFO
R-TRANSFER.INFO
RTRANSFER.INFO
R-TRANSFERNOW.INFO
R-TRANSFERONLINE.INFO
RTRANSFERPRICING.INFO
RTRANSFERREQUEST.INFO
R-TRANSFERSHOP.INFO
R-TRANSFERS.INFO
R-TRANSFERSITE.INFO
R-TRANSFER-STATION.INFO
RTRANSFERSTATION.INFO
R-TRANSFERSTORE.INFO
R-TRANSFERTODAY.INFO
TERMINAL-B-ACH.INFO
TERMINALBACH.INFO
THEACHDETAILS.INFO
THEACHINFORMATION.INFO
THEACHREPORT.INFO
THEA-TRANSFER.INFO
THEB-ACH.INFO
THED-PAYMENT.INFO
THEG-PAYMENT.INFO
THEP-ACH.INFO
THEQ-ACH.INFO
THEQ-PAYMENT.INFO
THEQ-TRANSFER.INFO
THER-TRANSFER.INFO
THET-TRANSFER.INFO
THEV-ACH.INFO
THEW-ACH.INFO
THEZ-PAYMENT.INFO
TTRANSFERADMISSION.INFO
TTRANSFERAGENT.INFO
TTRANSFERAPPLICANTS.INFO
T-TRANSFERBLOG.INFO
TTRANSFERFILES.INFO
TTRANSFERGUIDES.INFO
TTRANSFER.INFO
T-TRANSFERNOW.INFO
T-TRANSFERONLINE.INFO
TTRANSFERPRICING.INFO
TTRANSFERREQUEST.INFO
T-TRANSFERSHOP.INFO
T-TRANSFERS.INFO
T-TRANSFERSITE.INFO
T-TRANSFER-STATION.INFO
TTRANSFERSTATION.INFO
T-TRANSFERSTORE.INFO
T-TRANSFERTODAY.INFO
V-ACH-ACCOUNTS.INFO
VACHACCOUNTS.INFO
V-ACHBLOG.INFO
V-ACH.INFO
V-ACHNOW.INFO
V-ACHONLINE.INFO
V-ACH-PAYMENT.INFO
VACHPAYMENT.INFO
V-ACH-PAYMENTS.INFO
VACHPAYMENTS.INFO
V-ACHSHOP.INFO
V-ACHS.INFO
V-ACHSITE.INFO
V-ACHSTORE.INFO
V-ACHTODAY.INFO
V-ACH-TRANSACTIONS.INFO
VACHTRANSACTIONS.INFO
W-ACH-ACCOUNTS.INFO
WACHACCOUNTS.INFO
W-ACHBLOG.INFO
W-ACH.INFO
W-ACHNOW.INFO
W-ACHONLINE.INFO
W-ACH-PAYMENT.INFO
WACHPAYMENT.INFO
W-ACH-PAYMENTS.INFO
WACHPAYMENTS.INFO
W-ACHSHOP.INFO
W-ACHS.INFO
W-ACHSITE.INFO
W-ACHSTORE.INFO
W-ACHTODAY.INFO
WACHTRANSACTIONS.INFO
WARRENGPAYMENT.INFO
ZPAYMENTARRANGEMENT.INFO
Z-PAYMENTBLOG.INFO
ZPAYMENTCARD.INFO
ZPAYMENTCARDS.INFO
ZPAYMENTDATES.INFO
ZPAYMENTDEADLINE.INFO
ZPAYMENTDEFINITION.INFO
ZPAYMENTINSTRUMENTS.INFO
ZPAYMENTLOCATIONS.INFO
Z-PAYMENTONLINE.INFO
ZPAYMENTPLATFORM.INFO
ZPAYMENTPROTECTION.INFO
Z-PAYMENTSHOP.INFO
Z-PAYMENTS.INFO
Z-PAYMENTSITE.INFO
Z-PAYMENTSTORE.INFO
Z-PAYMENTTODAY.INFO

Thursday, March 10, 2011

ENISA on Botnets - Ten Tough Questions

Yesterday was the beginning of the "Workshop on Botnet Detection, Measurement, Disinfection & Defence" in Cologne, Germany. ( agenda here )

The tracks for Wednesday were "Anti-Botnet Policy Initiatives" and "Legal and Regulatory Issues" both featuring panelists from the Council of Europe and NATO.

Today's tracks included "Anti-Botnet Policy Initiatives Part 2," "State of the Art on Measurements, Countermeasures, and Botnets," "Industry View on Fighting Botnets," "Research and Academia on Fighting Botnets." Some great speakers are on the agenda, including Peter Kruse and Dennis Rand from CSIS Security Group, Mikko Hypponen from F-Secure, and Vitaly Kamluk from Kaspersky.

Two significant documents were released at the conference this morning that pretty much need to go on the Must Read list for anyone interested in Botnets:

Botnets: Detection, Measurement, Disinfection & Defence



After a keynote address by Professor Dr. Udo Helmbrecht, the executive director of ENISA (European Network and Information Security Agency), Daniel Plohmann and Dr. Giles Hogben shared a presentation of ENISA's 154 page document called "Botnets: Detection, Measurement, Disinfection & Defence", editor Dr. Giles Hogben, which you may find on their website here:

http://www.enisa.europa.eu/act/res/botnets/botnets-measurement-detection-disinfection-and-defence

The document calls attention to the highest priorities that we should collectively address:
- Mitigation of existing botnets
- Prevention of new infections
- Minimizing the profitability of botnets and cybercrime

In the first of these, there is a call for a new model of engaging, encouraging, and incentivizing Internet Service Providers to be an asset in the botnet fight. Current business models and in some cases current laws both reduce the effectiveness of ISPs in helping to fight botnets. Other MITIGATION issues encourage improved botnet identification and monitoring, increased information sharing, and bringing cybercrime laws into harmony internationally. Other advice had to do with making sure the entire botnet can be killed before attempting a "partial shutdown."

Under the PREVENTION category, public awareness, and improvements to software defenses are encouraged.

Under the PROFITABILITY category, it is necessary to improve anti-fraud mechanisms, and to address the social level of the crimes rather than only the technological level, by increasing deterrence through tougher prosecution and sentencing of offenders.

Specific guidance is provided for Regulators, End-users, Research Institutions, and
any information holders.

With regards to the Research Institutions, the recommendation was that they should be "more strongly integrated, and where appropriate, empowered in the fight against botnets. Research should focus on techniques which can be implemented in large-scale operations environments subject to typical cost constraints. They should be supported in studying methods for the detection of botnets and the analysis of malware, in order to provide efficient tools to reduce the reaction time when dealing with complex and sophisticated malware threats. As the results of research may be of interest for ongoing investigations, the process of publishing these results should reflect the responsibility associated with them." (extracted from the Executive Summary, p. 7)

Towards that end, I want to mention that the Anti-Phishing Working Group is trying to encourage this level of interaction between Researchers, Law Enforcement, and Industry through events such as next week's "eCrime Researchers Sync-Up." My colleague, Kent Kerley, and I will be attending from the University of Alabama at Birmingham to work on building these international relationships, not just among EU nations, but around the world. APWG sponsors the eCrime Researchers Summit, the eCrime Operations Summit, and now the eCrime Researchers Sync-up to try to encourage exactly the types of interactions described in this report. To learn more about APWG events, visit the APWG eCrime Research page.

Botnets: Ten Tough Questions


Second, ENISA's document called "Botnets: 10 Tough Questions" which is an 18 page summary of some of the major issues facing us regarding Botnets.

Botnets: Ten Tough Questions.

The Ten Tough Questions document is described as a document that "distills the major issues which need to be understood and addressed by decision-makers in all groups of stakeholders."

Here's a list of the Questions to whet your appetite. I highly recommend consuming both documents!

Q1. How much trust to put in published figures?

Q2. What are the main challenges associated with jurisdiction?

Q3. What should be the main role of the EU/National Governments?

Q4. Which parties should take which responsibilities?

Q5. Where to invest money most efficiently?

(HINT! EDUCATION AND RESEARCH!!)

Q6. What are key incentives for cooperative information sharing?

Q7. What are key challegnes for cooperative information sharing?

Q8. Are there unseen/undetected botnets?

Q9. Which aspects are still missing in the fight against botnets?

Q10. What are future trends?

Wednesday, March 09, 2011

Ghostmarket Carders Sentenced in UK

Back in November we ran a story Schoolboy Hackers steal $18 Million regarding the case against the operators of the online credit card trading forum known as Ghostmarket. Today's post is just a quick follow-up to share details of their sentences from New Scotland Yard.



The defendants had harvested more than 130,000 compromised credit card numbers, and had successfully installed Zeus on more than 15,000 computers in 150 countries, gathering more than 4 million lines of data from the compromised computers.

The Metropolitan Police of London sentenced the Ghostmarket criminals on March 2, 2011, as they share in this Press Release.

An audio clip by Detective Inspector Colin Wetherill explains the accomplishment.


[A] Gary Paul Kelly, 21 (14.04.89) unemployed of Clively Avenue, Clifton, Swinton, Manchester -- sentenced to Five Years

Kelly was arrested on November 3, 2009 as a result of a search warrant of his home. Detectives were able to build a working copy of the GhostMarket forum from the database files recovered from Kelly's PC.



[B] Nicholas Webber, 19 (10.10.91) a student of Cavendish Road, Southsea; -- sentenced to Five Years


[C] Ryan Thomas, 18 (8.7.92) a web designer of Howard Road, Seer Green, Beaconsfield, Herts; -- sentenced to Four Years

Webber and Thomas were arrested on October 12, 2009 while partying in a five star London hotel, paid for with stolen credit cards. A big hint that they may be associated with the crime of carding and the GhostMarket website was that both were in possession of GhostMarket business cards in their name, calling the site "A new era in virtual marketing" and stating "I'm a carder, ask about me..."

After being released on bail, the pair were rearrested at the Gatwick airport on January 29, 2010 as they returned from a trip to Palma, Majorca.


[D] Shakira Ricardo, 21 (14.11.89) unemployed of Flat 13, J Shed, Kings Road, Swansea SA1; -- sentenced to 18 Months.

A fifth defendant, Samantha Worley, pleaded guilty earlier and received a sentence of 200 hours community service.

Full details of the charges against the five are available from The Metropolitan Police of London