Saturday, September 22, 2007

Is the Internet a Prosecution-Free Zone?

Jörg Ziercke, the chief of the Bundeskriminalamt (BKA) in Germany, was quoted in a
press release on the BFK website, following a simultaneous phishing raid in Bad Homburg, Düsseldorf, Köln, Frankfurt and Elmshorn. His words lay down an interesting challenge:

"This case shows once more: Criminal organizations are increasingly using the Internet in order to make enormous profits with an allegedly low risk of discovery." He said that prosecutors are constantly facing new challenges regarding Cyber Crime, but that "the Internet cannot develop into a prosecution-free zone."

That's exactly what's at risk. We have to decide whether the Internet is going to be patrolled and prosecuted just like the streets and alleys of our cities, or whether we are going to allow crime to occur unabated there.

In the BKA case, two women, aged 22 and 23, and six men, aged from 20 to 36 years old, have been imprisoned pending their court appearance. Two others are also charged but were not taken into custody.

Sounds good, and congratulations to the BKA! But what about all the other phishers? So far in September, we've made positive confirmation on more than THREE THOUSAND phishing sites in UAB's Computer Forensics Research lab. We can't continue to allow it to take 18 months before a phishing investigation leads to charges.

The more evidence we gather, and the more relationships we find between phishing campaigns, the greater the chance that we can get some law enforcement action.

Remember, if you hear of someone who has been a victim of Identity Theft, Phishing, or any other Cyber Crime, please make sure they fill out a complaint at the Internet Crime and Complaint Center,

Also, if there has not been a financial loss, phishing sites still need to be reported! When you receive a phishing email, please help by sending it to:

or by using the webform at:

Let's make sure the Internet doesn't become a "Prosecution-Free Zone".

Tuesday, September 04, 2007

TJX: From Florida to the Ukraine?

Last week the media lit up with speculations that 24 year old Ukrainian hacker, Maksym Yastremskiy, who had been arrested in Turkey on August 2nd, may be behind the TJX Credit Card hack. The Boston Globe's Ross Kerber may have had the best coverage with his story "Suspect
named in TJX credit card probe"
on August 21. The story quoted Greg Crabb of the US Postal Inspection Service's global investigations division. Crabb said Maksym was "likely the largest seller of stolen TJX numbers". TJX, the financial company in the TJ Maxx conglomerate, believes that as many as 45.7 million credit cards were stolen during a breach during 2005 and 2006, which captured credit card transactions all the way back to 2003.

How's your Turkish? This August 2nd article , "Antalya'da yakalanan Ukraynalı hacker 80 bin kişiyi dolandırmış", interviews Turkish police officer, Feyzullah Arslan, who arrested Maksym after a sting in a luxury night club in Kerem, Turkey.

Using a "follow-the-money" investigative technique, the investigation began with 10 guilty pleas in Florida back in March from a crew of careless cyber criminals who had racked up millions of dollars of purchases from Wal-Mart and other Florida retailers using stolen credit cards that tracked back to TJX. The Florida investigation actually started when Gainesville police were contacted regarding two local Wal-Mart stores who had made individual gift-card sales in the amounts of $18,000 and $24,000. HINT: IF SOMEONE WANTS $24,000 IN WAL-MART GIFT CARD, THERE MAY BE A CRIME LYING ABOUT.

Those cards were used at a Sam's Club in Miami, along with many other cards, to buy large quantities of electronics and jewelry. At that time, the cards were all tracked back to TJX, and an estimate of the loss from the database hack was released in the news -- Gainesville police Sergeant Ray Barber revealed "They estimate the loss from that hack job to be around $8 million", although this particular crew had only rung up $1 million in charges so far. (See, for example: "Florida police make arrests in TJX, Winners credit card theft".

The first six, arrested March 19, were:

Irving Jose Escobar, 18
Reinier Camaraza Alvarez, 27
Julio Oscar Alberti, 33
Dianelly Hernandez, 19
Nair Zuleima Alvarez, 40
Zenia Mercedes Llorente

All ten, including the additional:

Erick Fernandez Rodriguez
Hector Alfaro Rodriguez
Alexis Arcia
Armando Ochoa

have Mugshots posted on

In a USA Today story a map of Irving Escobar's shopping spree, where he bought as many as 60 $400 gift cards in a single location, and then spent the money from November 1st to January 18th, is mapped out.

The big break in this first case came when an alert Wal-Mart employee followed the gift card purchases out of the store and recorded their license plate number. (For more, see the March 24, 2007 Boston Globe story by Ross Kerber, quoted here: Scam May Be Tied to Stolen TJX Data

A second Florida-based TJX gang plead guilty in late June. This group was charged with possessing 172,000 sets of credit card data, which had been used to make at least $75 Million in bogus credit card charges. Arrested in this scam were:

Miguel Alegria, 46, of Hialeah, FL
Raynier Pupo, 22, of Miami, FL
Ariel Montero, 32, of Aventura, FL
Javier Padron-Bravo, 35, of Aventura, FL
Julio Lopez, 30, of Hialeah, FL
and Anett VIllar, 26, of Hialeah, FL

Alegria, Pupo, Montero, and Padron-Bravo plead guilty to conspiracy in exchange for a plea agreement that included cooperation.

The Nashville Secret Service ran the investigation as "Operation Blinky" named for the first suspect's online name, which they co-opted as an undercover identity. For more see: TJX, Polo Data Surfaces In Another Credit Card Bust.