Last week the anti-spam community was abuzz with the news that Igor Gusev, the CEO of DespMedia, and the man behind GlavMed and SpamItDotBiz had been charged in absentia for running an unregulated internet company. The New York Times had an excellent story on the potential impact on spam.
At the end of this Russia Today article the author suggests "Glavmed partners are preparing to join a new pharmaceutical partnership program if the current one is shut down. Then it will be business as usual."
Where might they be going? Based on what we are seeing in the spam there are a few obvious choices. Most of the spam we have been receiving at the end of last week and through the weekend - more than 20% of our total spam volume - points us to domains that look like this:
Although "US Drugs" has had many look and feels, the thing that ties together this affiliate program is the phone number (800) 998-7978
This phone number is on many different pharma websites, some of which have harder narcotics, such as Vicodin, Percocet, and Hydrocodone such as "buy--viagra.net". These websites are often hosted on a Russian ASN belonging to Galant Ltd, but one of the spam campaigns is currently on Moldovan site AS49544, Complife, which we have seen hosting 1,783 distinct spammed pharmaceutical domains since October 19th on the IP 194.0.221.4 (click for list).
Another of the pharm sites that also uses the telephone (800) 998-7978 looks like this:
This group is currently hosted in Romania, on the IP address 86.55.211.152 (click for list) which has hosted 641 pharma domains since October 26th! prior to that, 2,271 times these domain names were hosted on 86.55.243.102 (click for list).
That leading group is followed by a close second, also almost 20% of our spam volume - for Pharmacy Express:
One of the main locations of this spam campaign's websites has been 188.95.159.61 (click for list) which has hosted 1,060 pharma domains since September 21st! Going back further, there were OEM Software sites and Casino spam sites hosted on the same IP.
Those two prominent spam affiliate programs are followed by a host of also-rans, including:
MediTrust
Acai News
Sunday, October 31, 2010
Wednesday, October 27, 2010
Work From Home Scams: IC3 Advisory
This past week the Internet Crime & Complaint Center (IC3.gov) in conjunction with the FBI, the US Secret Service, and the Financial Services ISAC (FS-ISAC)released a Fraud Advisory regarding Work From Home scams. In particular, they are trying to raise awareness of many schemes which lead to individuals serving as Money Mules for organized crime.
We've shared several examples of Money Mule recruitment scams in the past, including:
- Sep 4, 2008: Work At Home...for a Criminal? - several scams, including money mule scams, were described
- Sep 19, 2008: CareerBuilder Scams - scroll down for a "Walker & Sons" position as a "Financial Coordinator"
- Dec 8, 2008: Fake UMB Bank - scroll down for a "Regional Financial Representative" position at "BMS" to be described
- July 24, 2009: From Russia With Love - scroll to the bottom of the article to see a Mule Recruitment site called "Angle Protective" hiring "Customer Service Specialists"
- Nov 19, 2009: Running out of Money Mules? - ABC Web Design claims to be hiring "Financial Managers" who are actually laundering money.
- July 3, 2010: Stealing $10 Million 20 cents at a Time - where US citizens were recruited to open businesses to receive fraudulent credit card payments - another form of money muling.
On October 1, 2010 the FBI Announced "Operation Trident BreACH" which described money mules used to steal more than $70 Million! In this case the Money Mules were Russian and Moldovan students working in the New York area on J1 Student Visas. The point of the new advisory is that most Money Mules working in the US are actually American citizens who have been recruited through these Work From Home emails to use their checking accounts to move money out of the country.
Here are a few of the scams we are seeing in the UAB Spam Data Mine recently.
CareerBuilder reply
This email arrives with a graphical layout that tries to invoke CareerBuilder.com:
The body of the email is a classic mule recruitment ad - promising huge earnings for tiny amounts of work - and mentioning email and finances:
We've shared several examples of Money Mule recruitment scams in the past, including:
- Sep 4, 2008: Work At Home...for a Criminal? - several scams, including money mule scams, were described
- Sep 19, 2008: CareerBuilder Scams - scroll down for a "Walker & Sons" position as a "Financial Coordinator"
- Dec 8, 2008: Fake UMB Bank - scroll down for a "Regional Financial Representative" position at "BMS" to be described
- July 24, 2009: From Russia With Love - scroll to the bottom of the article to see a Mule Recruitment site called "Angle Protective" hiring "Customer Service Specialists"
- Nov 19, 2009: Running out of Money Mules? - ABC Web Design claims to be hiring "Financial Managers" who are actually laundering money.
- July 3, 2010: Stealing $10 Million 20 cents at a Time - where US citizens were recruited to open businesses to receive fraudulent credit card payments - another form of money muling.
On October 1, 2010 the FBI Announced "Operation Trident BreACH" which described money mules used to steal more than $70 Million! In this case the Money Mules were Russian and Moldovan students working in the New York area on J1 Student Visas. The point of the new advisory is that most Money Mules working in the US are actually American citizens who have been recruited through these Work From Home emails to use their checking accounts to move money out of the country.
Here are a few of the scams we are seeing in the UAB Spam Data Mine recently.
CareerBuilder reply
This email arrives with a graphical layout that tries to invoke CareerBuilder.com:
The body of the email is a classic mule recruitment ad - promising huge earnings for tiny amounts of work - and mentioning email and finances:
Hello,
Hope this email will find you at your best.
I came across your resume on CareerBuilder and I am contacting you in regards to an excellent job opportunity. Your skill sets and experiences appear to align well with the position I am looking to fill.
I've attached the job description details below. Please take a look and let me know if you would be interested in pursuing this further.
Job Description & Requirements
Check e-mail three times per day.
Preparing brief summary reports, and weekly financial reports.
Proficiency in using Microsoft Office.
Good communication skills in English (both verbal and written)
Possess good interpersonal skills.
Self-motivated and capable of working independently.
US Citizen, GC Holder
We offer
Salary plus commissions: $85,000-$95,000 per year
401(k) plan
Employment type: full-time/part-time
If you interested, planning to make a change, or know of a friend who might have the required qualifications and interest, please email me. In considering candidates, time is of the essence, so please reply to this email ASAP.
Thank you.
Note: I chose to contact you because your resume had been posted to one of the Internet job sites to which we subscribe. If you are not currently seeking employment, or if you would prefer I contact you at some later date, please indicate your date of availability so that I may honor your request. If you are not interested in receiving our e-mails then please reply with a "REMOVE" in the subject line. We truly apologize for the inconvenience caused.
Hiring Department
You are receiving this employment opportunity email because you uploaded your resume on CareerBuilder. If your employment status has changed or you no longer wish to receive these emails, you can update your privacy and communication preferences from your resume by logging onto CareerBuilder.com or you can block this employer from viewing your resume and sending you candidate emails.
This email was sent from Account ID F893KIO989343KOA2 and by this logged in User OKDYW93499
You are currently subscribed to receive "CareerBuilder.com Customer Messages".
© CareerBuilder.com 5550-A Peachtree Parkway, Suite 200 | Norcross GA 30092
Monday, October 04, 2010
Is Russia Joining the Zeus Hunt?
Although its too early to know if this is Zeus related, Department "K", the Interior Ministry's Computer Crimes unit in Russia, released a press statement today about arrests which occurred over the weekend that sound suspiciously like the rest of the world-wide Zeus hunt. While there are really not enough details to proclaim this to be Zeus, its still praise-worthy action by the Russian government against criminals who are harming American interests over the Internet.
The headline on the official MVD website read Управлением «К» МВД России пресечена деятельность международной преступной группы, in English, Department K of the MVD suppresses the activity of an international criminal group.
The story details that a cybercrime group, lead by a Ukrainian national living in Russia, had stolen more than 20 million rubles from 17 different Russian banks between January and June 2010.
The criminal group, which consisted of at least 50 suspects, consisted of Russians, Ukrainians, and Armenians. They would use false passports to fool bank employees and establish bank accounts in assumed names. They used information stolen online to create fake credit cards which were used to steal further funds from online businesses based in the United States and the United Kingdom.
The story does not make clear how many were actually arrested, where the arrests took place, or whether all fifty suspects have been apprehended.
Those apprehended are being punished with "detention". The specific violations listed are дела по ч.2 ст.187 и ч.4 ст.159 УК РФ, parts 2 and 4 of section 187 of article 159 of the criminal code(?). According to the CyberPol.ru website, 159 is their "Fraud" statute, and 187 is the statute regarding "the manufacture or sale of counterfeit credit or payment cards and other payment documents."
The story has thus far only been seen in Russian speaking press, including stories in Kuban.kp.ru, Rian.ru, BFM.ru, and Rusnovosti.ru.
(image from BRM.RU)
While most of the stories do little more than echo the official story, BFM.ru adds the fact that the ring leader was a Ukrainian, and that SBERBANK had previously Issued a warning to their customers about a new form of fraud. In that warning, they quoted UniCreditBank director Alexander Vishnyakov warning them to never provide their PIN to anyone. Sberbank had seen an outbreak of SMS messages being sent to mobile phone numbers telling them their card was going to be blocked unless they replied with their PIN number, Expiration date, and Security Code. They also quoted HCFB's Vlad Guzhelev who said that "The amount of losses from illegal activity is very high." (Сумма потерь от противоправной деятельности очень высока. - ХКФБ Влад Гужелев.)
Congratulations to Department K! I hope they will continue to press against Cybercrime. We must all work together so that there are NO safe havens for cybercriminals.
The headline on the official MVD website read Управлением «К» МВД России пресечена деятельность международной преступной группы, in English, Department K of the MVD suppresses the activity of an international criminal group.
The story details that a cybercrime group, lead by a Ukrainian national living in Russia, had stolen more than 20 million rubles from 17 different Russian banks between January and June 2010.
The criminal group, which consisted of at least 50 suspects, consisted of Russians, Ukrainians, and Armenians. They would use false passports to fool bank employees and establish bank accounts in assumed names. They used information stolen online to create fake credit cards which were used to steal further funds from online businesses based in the United States and the United Kingdom.
The story does not make clear how many were actually arrested, where the arrests took place, or whether all fifty suspects have been apprehended.
Those apprehended are being punished with "detention". The specific violations listed are дела по ч.2 ст.187 и ч.4 ст.159 УК РФ, parts 2 and 4 of section 187 of article 159 of the criminal code(?). According to the CyberPol.ru website, 159 is their "Fraud" statute, and 187 is the statute regarding "the manufacture or sale of counterfeit credit or payment cards and other payment documents."
The story has thus far only been seen in Russian speaking press, including stories in Kuban.kp.ru, Rian.ru, BFM.ru, and Rusnovosti.ru.
(image from BRM.RU)
While most of the stories do little more than echo the official story, BFM.ru adds the fact that the ring leader was a Ukrainian, and that SBERBANK had previously Issued a warning to their customers about a new form of fraud. In that warning, they quoted UniCreditBank director Alexander Vishnyakov warning them to never provide their PIN to anyone. Sberbank had seen an outbreak of SMS messages being sent to mobile phone numbers telling them their card was going to be blocked unless they replied with their PIN number, Expiration date, and Security Code. They also quoted HCFB's Vlad Guzhelev who said that "The amount of losses from illegal activity is very high." (Сумма потерь от противоправной деятельности очень высока. - ХКФБ Влад Гужелев.)
Congratulations to Department K! I hope they will continue to press against Cybercrime. We must all work together so that there are NO safe havens for cybercriminals.
Sunday, October 03, 2010
Sir Paul Speaks the Truth: Cyber Law Enforcement is a Good Investment
In this morning's BBC News, Metropolitan Police chief Sir Paul Stephenson is the focus of their story, Met police chief warns on internet crime. We would do well in the United States to listen to the points he is making.
Sir Paul told the BBC "If British crime gangs take up e-crime as enthusiastically as we fear, we must match the skills at their disposal." He says that for too long the attitude of the public, and presumably the funding agencies, has been "Leave cyber-crime to the banks and retailers to sort out." Sir Paul calls this a "fundamentally misguided argument."
In England and Wales there are 385 law enforcement officers dedicated exclusively to cybercrime, but 85% of those are dealing with human trafficking and child pornography issues, leaving only 60 officers to fight bank fraud. Last year the Metropolitan Police had an e-crime unit budget of only £2.75 million pounds. Yet Sir Paul says "It has been estimated that for every £1 spent on the virtual task force, it has prevented £21 in theft."
We have a very similar situation in the United States. Sir Paul says that losses in online fraud and theft reached £52 billion globally in 2007 ($82 billion USD). (Note, this is a far more reasonable number than the $1 Trillion recently fed to the Senate Commerce Science and Transportation commmitee by the AT&T CSO Edward Amoroso (6 page PDF). For more on the mythical $1 Trillion figure, please see John Leyden's Cybercrime Mythbusters story at The Reg.)
I'm totally ok with the $82 Billion figure, because I can get there with real data from scientifically based studies. For instance, the FTC's Identity Theft Survey in 2006 found that we had more than 8.3 million victims (3.3%) in the United States. Javelin Strategy's 2010 Identity Theft Survey put the number at 11.1 million US citizens, losing an average of $4,841 per person for $54 Billion in US losses. (For comparison, Javelin found 8.4 million US victims in 2006 while FTC found 8.3 million. I believe that shows their methodology is sound, and that we can accept their current numbers as well.) The losses per person average seems high when compared with actual losses reported in the FTC's annual Consumer Sentinel Report (101 page PDF) where losses were $2,721 per person for 630,604 actual reported losses, but I'm willing to accept the difference for now. Either way, lets agree that US losses for 11 million victims would be in the range of $30 to $50 Billion.
Think about those numbers another way. In 2006 we had 8.3 (or 8.4) million victims of identity theft, mostly via cyber crime means. In 2009 we had 11.1 million victims of identity theft. So the crime has increased by nearly 33% in three years. One would think this would mean we have dramatic increases in our budget to FIGHT cyber crime as well. But that is sadly not true.
Despite both the broadly held public perspection and the facts that cyber crime is increasing through the roof, the FBI's budget is only increasing by 4%. The budget states that the number of FBI Agents being requested in the FY 2011 budget is 14,169, an increase of 347 agents from the FY2010 budget. An increase of 408 Intelligence Analysts (across FBI, DEA, and ATF) is also requested raising the number of Intelligence Analysts across those three agencies to 4,558.
Similarly, despite overwhelming evidence that our court systems are overworked and underfunded, especially in their ability to prosecute cyber crime, we are only seeing a 5.5% budget increase request for FY11 for the US Attorney's offices.
What is being done to fix this? Clearly we need a dramatic increase in the number of agents and tools available to fight cyber crime. But a review of the FBI's FY 2011 budget request to congress shows that they are planning to add "Computer Intrusion" responsibilities to 163 personnel, resulting in an increase of 81 "Full-Time Equivalent" additional people to fight Computer Intrusion. (See: FY11 FBI Budget Summary (Excel spreadsheet).
These numbers are further broken down in the "Program Increases by Decision Unit" tab of the spreadsheet Exhibits: Salaries & Expenses which shows that within those 163 personnel, only 63 are agents, of which 32 are tasked to Counter Terrorism Counter Intelligence and 31 are tasked to Criminal Enterprises and Federal Crimes.
Despite the fact that the FBI is the primary law enforcement body for responding to many of the crimes passed by the Congress, the FBI does not consider crime fighting their primary responsibility. When we review their entire FY11 budget, we see that they have their mission broken down into two broad goals, and their budget divided between those goals:
This makes it difficult to tell how much money is actually being spent on Cyber crime, since it has now been lumped in with Public Corruption, Fraud, and Economic Crime, but it would be nice to think that a large part of that line item was cyber.
Does that line up with the FBI's stated priorities? At a risk of mixing church and state, a pastor I know is fond of saying "Show me a man's checkbook and I'll show you his priorities."
According to the FBI's National Security Priorities page, their top priorities, in order, are:
1. Counterterrorism (51.2% of budget)
2. Counterintelligence (9% of budget)
3. Cyber Crime (14.1% of budget - true number masked by combining #3,4,7)
4. Public Corruption (combined with #3,4,7)
5. Civil Rights (1% of budget)
6. Organized Crime
7. White Collar Crime
8. Major Thefts / Violent Crime (14.8%)
Its easy to see from the budget above that Counter Terrorism has swallowed the FBI. Yes, its their #1 priority, and that shows. But is Cyber really their #3, when, combining Cyber, Organized and White Collar Crimes together still gives them only 14.1% of the budget, while Major Thefts/Violent Crime gets 14.8%?
The argument could be made that not all Computer crime falls into the category of Computer Intrusion, but we seem similar tiny increases elsewhere. The FBI is requesting only $15 Million to improve its "Combat International Organized Crime" effort, which will only add 18 positions, including 3 agents and 7 attorneys. (See: Combatting International Organized Crime.
The President's FY 11 Budget request directs that the Law Enforcement Components of the entire US Department of Justice be increased from $12.6 Billion to $13.2 Billion. An additional cyber-related increase is not for crime fighting per se, but to increase the security of the DOJ's own computer systems and upgrade their technology.
Here is a graph from the President's budget for the Department of Justice outlining new hires:
click for larger version. Extracted from DOJ Budget Presentation.
$300.6 million to strengthen national security and fight terrorism
$234.6 million to restore confidence in our markets - with a $100 million for economic fraud enforcement and $100 million for infrastructure improvements
$121.9 million to reduce the threat, incidence, and prevalence of violent crime and drug trafficking
Did you notice it too? The absence of the big increase in funding and personnel to fight cyber crime?
The FBI FY11 budget asks for 13,057 personnel in the category "Criminal Investigative Series (1811), which is an increase in 276 Special Agents.
The FBI FY11 budget asks for 3,165 personnel in the category "Intelligence Series" (0132), which is an increase in 187 Intelligence Analysts.
In keeping with Sir Paul's comments about Cyber Crime in the UK, I'd like to suggest that someone should study the above numbers, study our cyber crime laws in America and the size of the problem, and then make a determination about whether we should adding 1,000 new Cybercrime agents instead of a mere handful.
In the meantime, States need to serious study this problem as well. The message in this budget is clear. THE FBI IS TOO BUSY FIGHTING TERRORISM TO HELP YOU WITH YOU MINOR CYBER CRIMES. I am an ENORMOUS fan of the FBI, and believe that the investment to fight terrorism is necessary and beneficial. I also believe the FBI has incredible cybercrime agents, as evidenced by this week's Zeus Arrests. But its clear they don't have the manpower to scale to the size of the problem.
The FBI's Internet Crime & Complaint Center 2009 Annual Report received 336,655 complaints of victimization due to Cyber Crime and online fraud.
My question is who is supposed to be helping Ma & Pa with the identity theft that they have experienced? Who is supposed to help with the undelivered eBay goods? or the phisher who just drained your bank account? 336,655 times last year someone called the FBI and asked for help. You've seen the budget.
Something has to change.
Sir Paul told the BBC "If British crime gangs take up e-crime as enthusiastically as we fear, we must match the skills at their disposal." He says that for too long the attitude of the public, and presumably the funding agencies, has been "Leave cyber-crime to the banks and retailers to sort out." Sir Paul calls this a "fundamentally misguided argument."
In England and Wales there are 385 law enforcement officers dedicated exclusively to cybercrime, but 85% of those are dealing with human trafficking and child pornography issues, leaving only 60 officers to fight bank fraud. Last year the Metropolitan Police had an e-crime unit budget of only £2.75 million pounds. Yet Sir Paul says "It has been estimated that for every £1 spent on the virtual task force, it has prevented £21 in theft."
We have a very similar situation in the United States. Sir Paul says that losses in online fraud and theft reached £52 billion globally in 2007 ($82 billion USD). (Note, this is a far more reasonable number than the $1 Trillion recently fed to the Senate Commerce Science and Transportation commmitee by the AT&T CSO Edward Amoroso (6 page PDF). For more on the mythical $1 Trillion figure, please see John Leyden's Cybercrime Mythbusters story at The Reg.)
I'm totally ok with the $82 Billion figure, because I can get there with real data from scientifically based studies. For instance, the FTC's Identity Theft Survey in 2006 found that we had more than 8.3 million victims (3.3%) in the United States. Javelin Strategy's 2010 Identity Theft Survey put the number at 11.1 million US citizens, losing an average of $4,841 per person for $54 Billion in US losses. (For comparison, Javelin found 8.4 million US victims in 2006 while FTC found 8.3 million. I believe that shows their methodology is sound, and that we can accept their current numbers as well.) The losses per person average seems high when compared with actual losses reported in the FTC's annual Consumer Sentinel Report (101 page PDF) where losses were $2,721 per person for 630,604 actual reported losses, but I'm willing to accept the difference for now. Either way, lets agree that US losses for 11 million victims would be in the range of $30 to $50 Billion.
Think about those numbers another way. In 2006 we had 8.3 (or 8.4) million victims of identity theft, mostly via cyber crime means. In 2009 we had 11.1 million victims of identity theft. So the crime has increased by nearly 33% in three years. One would think this would mean we have dramatic increases in our budget to FIGHT cyber crime as well. But that is sadly not true.
Despite both the broadly held public perspection and the facts that cyber crime is increasing through the roof, the FBI's budget is only increasing by 4%. The budget states that the number of FBI Agents being requested in the FY 2011 budget is 14,169, an increase of 347 agents from the FY2010 budget. An increase of 408 Intelligence Analysts (across FBI, DEA, and ATF) is also requested raising the number of Intelligence Analysts across those three agencies to 4,558.
Similarly, despite overwhelming evidence that our court systems are overworked and underfunded, especially in their ability to prosecute cyber crime, we are only seeing a 5.5% budget increase request for FY11 for the US Attorney's offices.
What is being done to fix this? Clearly we need a dramatic increase in the number of agents and tools available to fight cyber crime. But a review of the FBI's FY 2011 budget request to congress shows that they are planning to add "Computer Intrusion" responsibilities to 163 personnel, resulting in an increase of 81 "Full-Time Equivalent" additional people to fight Computer Intrusion. (See: FY11 FBI Budget Summary (Excel spreadsheet).
These numbers are further broken down in the "Program Increases by Decision Unit" tab of the spreadsheet Exhibits: Salaries & Expenses which shows that within those 163 personnel, only 63 are agents, of which 32 are tasked to Counter Terrorism Counter Intelligence and 31 are tasked to Criminal Enterprises and Federal Crimes.
Despite the fact that the FBI is the primary law enforcement body for responding to many of the crimes passed by the Congress, the FBI does not consider crime fighting their primary responsibility. When we review their entire FY11 budget, we see that they have their mission broken down into two broad goals, and their budget divided between those goals:
GOAL | Description | 2011 Request (000s) |
GRAND TOTAL OF FBI BUDGET: | $8,083,475 | |
1 | Prevent Terrorism/Promote the Nation's Security | $4,871,077 |
1.1 | Prevent, disrupt, and defeat terrorist operations before they occur | $3,721,749 |
1.2 | Strengthen partnerships to prevent, deter, and respond to terrorist incidents | $417,973 |
1.3 | Prosecure those who have committed, or intend to commit, terrorist acts in the United States | $0 |
1.4 | Combat Espionage against the United States | $731,355 |
2 | Prevent Crime, Enforce Federal Laws... | $3,212,398 |
2.1 | Strengthen partnerships for safe communities and enhance the Nation's capacity to prevent, solve, and control crime | $681,488 |
2.2 | Reduce the threat, incidence, and prevalence of violent crime | $1,202,812 |
2.3 | Prevent, suppress, and intervene in crimes against children | $26,035 |
2.4 | Reduce the threat, trafficking, use, and related violence of illegal drugs | $91,733 |
2.5 | Combat public and corporate corruption, fraud, economic crime, and cybercrime | $1,140,531 |
2.6 | Uphold the civil and Constitutional rights of all Americans | $69,799 |
2.7 | Vigorously enforce and represent the interests of the United States in all matters over which the Department has jurisdition | $0 |
2.8 | Protect the integrity and ensure the effective operation of the Nation’s bankruptcy system | $0 |
This makes it difficult to tell how much money is actually being spent on Cyber crime, since it has now been lumped in with Public Corruption, Fraud, and Economic Crime, but it would be nice to think that a large part of that line item was cyber.
Does that line up with the FBI's stated priorities? At a risk of mixing church and state, a pastor I know is fond of saying "Show me a man's checkbook and I'll show you his priorities."
According to the FBI's National Security Priorities page, their top priorities, in order, are:
1. Counterterrorism (51.2% of budget)
2. Counterintelligence (9% of budget)
3. Cyber Crime (14.1% of budget - true number masked by combining #3,4,7)
4. Public Corruption (combined with #3,4,7)
5. Civil Rights (1% of budget)
6. Organized Crime
7. White Collar Crime
8. Major Thefts / Violent Crime (14.8%)
Its easy to see from the budget above that Counter Terrorism has swallowed the FBI. Yes, its their #1 priority, and that shows. But is Cyber really their #3, when, combining Cyber, Organized and White Collar Crimes together still gives them only 14.1% of the budget, while Major Thefts/Violent Crime gets 14.8%?
The argument could be made that not all Computer crime falls into the category of Computer Intrusion, but we seem similar tiny increases elsewhere. The FBI is requesting only $15 Million to improve its "Combat International Organized Crime" effort, which will only add 18 positions, including 3 agents and 7 attorneys. (See: Combatting International Organized Crime.
The President's FY 11 Budget request directs that the Law Enforcement Components of the entire US Department of Justice be increased from $12.6 Billion to $13.2 Billion. An additional cyber-related increase is not for crime fighting per se, but to increase the security of the DOJ's own computer systems and upgrade their technology.
Here is a graph from the President's budget for the Department of Justice outlining new hires:
click for larger version. Extracted from DOJ Budget Presentation.
$300.6 million to strengthen national security and fight terrorism
$234.6 million to restore confidence in our markets - with a $100 million for economic fraud enforcement and $100 million for infrastructure improvements
$121.9 million to reduce the threat, incidence, and prevalence of violent crime and drug trafficking
Did you notice it too? The absence of the big increase in funding and personnel to fight cyber crime?
The FBI FY11 budget asks for 13,057 personnel in the category "Criminal Investigative Series (1811), which is an increase in 276 Special Agents.
The FBI FY11 budget asks for 3,165 personnel in the category "Intelligence Series" (0132), which is an increase in 187 Intelligence Analysts.
In keeping with Sir Paul's comments about Cyber Crime in the UK, I'd like to suggest that someone should study the above numbers, study our cyber crime laws in America and the size of the problem, and then make a determination about whether we should adding 1,000 new Cybercrime agents instead of a mere handful.
In the meantime, States need to serious study this problem as well. The message in this budget is clear. THE FBI IS TOO BUSY FIGHTING TERRORISM TO HELP YOU WITH YOU MINOR CYBER CRIMES. I am an ENORMOUS fan of the FBI, and believe that the investment to fight terrorism is necessary and beneficial. I also believe the FBI has incredible cybercrime agents, as evidenced by this week's Zeus Arrests. But its clear they don't have the manpower to scale to the size of the problem.
The FBI's Internet Crime & Complaint Center 2009 Annual Report received 336,655 complaints of victimization due to Cyber Crime and online fraud.
My question is who is supposed to be helping Ma & Pa with the identity theft that they have experienced? Who is supposed to help with the undelivered eBay goods? or the phisher who just drained your bank account? 336,655 times last year someone called the FBI and asked for help. You've seen the budget.
Something has to change.
Friday, October 01, 2010
The Big One: Zeus Operation Trident BreACH
The FBI's Cyber Division has just concluded a press conference where they announced the culmination of Operation Trident BreACH. Finally we can tell "the rest of the story" of the Zeus arrests that began in the UK earlier this week and were followed by Operation ACHing Mule in New York yesterday.
This operation began in Omaha Nebraska in May of 2009 when FBI agents were alerted that 46 separate bank accounts had received ACH payments that seemed to be tied to malware. Unveiled in this press release publicly for the first time is the fact that this particular Zeus group had attempted to ACH transfer $220 Million, and actually got away with $70 million!
On September 30th, the Ukrainian Security Service, the SBU, had fifty SBU officers as well as members of their elite tactical operations team hit eight locations looking for the leadership of this international financial cybercrime ring. They were able to arrest five of the ringleaders, who are now being questioned.
This operation included the FBI's Omaha Cyber Crime Task Force, New York Money Mule Working Group, and Newark Cyber Crime Task Force, the Netherlands Policy Agency, the Ukrainian SBU, the Netherlands Police Agency's National High-Tech Crime Unit, and the United Kingdom's Metropolitan Police Service.
Pim Takkenberg, team leader of the Netherlands National High-Tech Crime Unit was quoted as saying their "involvement in this international operation is representative of the commitment that the KLPD and the National Prosecutor's Office have made to the fight against cyber crime in addition to the need for worldwide cooperation among all partners."
Well said, Pim!
Hopefully even more details about these arrests will be revealed in the near future.
This operation began in Omaha Nebraska in May of 2009 when FBI agents were alerted that 46 separate bank accounts had received ACH payments that seemed to be tied to malware. Unveiled in this press release publicly for the first time is the fact that this particular Zeus group had attempted to ACH transfer $220 Million, and actually got away with $70 million!
On September 30th, the Ukrainian Security Service, the SBU, had fifty SBU officers as well as members of their elite tactical operations team hit eight locations looking for the leadership of this international financial cybercrime ring. They were able to arrest five of the ringleaders, who are now being questioned.
This operation included the FBI's Omaha Cyber Crime Task Force, New York Money Mule Working Group, and Newark Cyber Crime Task Force, the Netherlands Policy Agency, the Ukrainian SBU, the Netherlands Police Agency's National High-Tech Crime Unit, and the United Kingdom's Metropolitan Police Service.
Pim Takkenberg, team leader of the Netherlands National High-Tech Crime Unit was quoted as saying their "involvement in this international operation is representative of the commitment that the KLPD and the National Prosecutor's Office have made to the fight against cyber crime in addition to the need for worldwide cooperation among all partners."
Well said, Pim!
Hopefully even more details about these arrests will be revealed in the near future.
FBI's Operation ACHing Mule
While visiting a Russian news site working on getting proper Cyrillic spellings for the Zeus criminals, I saw the first time the name of the FBI Operation. "Operation ACHing Mule" -- Love it!
ACHing of course has the double meaning -- these mules are in pain (aching) -- but also that these mules are performing "Automated Clearing House" bank transfers between victim bank accounts and their "mule" bank accounts.
Here is how "webplanet.ru" spelled them in their story. I've inserted the English next to each name:
"Citizens of Russia"
Артём Цыганков (Artem Tsygankov *), Софья Дикова (Sofya Dikova *), Максим Панферов (Maxim Panferov *), Кристина Извекова (Kristina Izvekova *), Артём Семёнов (Artem Semenov *), Альмира Рахматулина (Almira Rakhmatulina *), Юлия Шпирко (Julia Shpirko *), Максим Мирошниченко (Maxim Miroshnichenko), Юлия Сидоренко (Julia Sidorenko), Кристина Свечинская (Kristina Svechinskaya), Станислав Расторгуев (Stanislav Rastorguev *), Маргарита Пахомова (Margarita Pakhomova), Илья Карасёв (Ilya Karasev *), Марина Мисюра (Marina Misyura), Николай Гарифулин (Nikolai Garifulin *), Дмитрий Сапрунов (Dmitry Saprunov *), Касум Адыгюзелов (Kasum Adigyuzelov), Сабина Рафикова (Sabina Rafikova), Адель Гатауллин (Adel Gataullin), Руслан Ковтанюк (Ruslan Kovtanyuk), Юлия Клепикова (Yulia Klepikova *) , Наталия Дёмина (Natalia Demina), Александр Сорокин (Alexandr Sorokin), Александр Фёдоров (Alexander Fedorov) and Антон Юферицын (Anton Yuferitsyn)
"Citizens of Moldova"
Марина Опря (Marina Oprea *), Каталина Кортак (Catilina Cortac *), Йон Волосчук (Ion Volosciuc *), Лильян Адам (Lilian Adam *), Дорин Кодряну (Dorin Codreanu *), Виктория Опинка (Victoria Opinca) and Алина Турута (Alina Turuta)
"Citizenship not specified"
Александра Киреева (Alexander Kireev) and Константина Акобирова (Konstantin Akobirov)
* - SEVENTEEN of the criminals listed are still "at large" are indicated above with an asterisk. If you are in the New York, New Jersey, or Las Vegas areas and party with Russian criminals, you might have more information about them. Please see yesterday's blog post, New York FBI: 17 Wanted Zeus Criminals if you think you can help.
The Operation ACHing Mule press release (34 page PDF) lists many separate but related law enforcement cases, and the charges for each case.
In each of the cases below, the charges are given and the fines. I'm going to list the charge categories here, and then we'll show the same number after each person's name:
1 - Conspiracy to Commit Bank Fraud (up to 30 years, $1 M)
2 - Conspiracy to Possess False Identification Documents (up to 15 years, $250k)
3 - False Use of Passport (up to 10 years, $250k)
4 - Money Laundering (up to 20 years, $500k)
5 - Transfer of False Identification Documents (up to 5 years, $250k)
6 - Bank Fraud (up to 30 years, $1 M)
7 - Production of False Identification Documents (up to 15 years, $250k)
8 - Posession of False Immigration Documents (up to 10 years, $250k)
9 - False Use of Passport (up to 10 years, $250k)
10 - Conspiracy to Produce False Identification Documents (up to 15 years, $250k)
11 - Conspiracy to Commit Wire Fraud (up to 20 years, $250k)
12 - Conspiracy to Commit Money Laundering (up to 20 years, $250k)
On each charge, the fine can be replaced with "twice the gross gain or loss" of their actual crime, so for example "$250k fine or up to twice the gross gain or loss."
In reality, no one ever gets NEARLY the sentence. So for example, Anton Yuferitsyn has already been sentenced. Instead of "20 years and $500k fine" he got ten months and $38k in restitution.
Artem Tsygankov, age 22 (charged with: 1, 2)
Sofia Dikova, age 20 (1,2)
Maxim Panferov, age 23 (1,2,3)
Kristina Izvekova, age 22 (1,2,3)
Artem Semenov, age 23 (1,2,3)
Almira Rakhmatulina, age 20 (1,2,3)
Julia Shpirko, age 20 (1, 2)
Maxim Miroshnichenko, age 22 (1,2)
Julia Sidorenko, age 22 (1,2,3)
Marina Oprea, age 20, (1,2)
Catalina Cortac, age 21 (1,2)
Ion Volosciuc, age 19 (1,2)
Lilian Adam, age 21 (1,2)
Kristina Svechinskaya, age 21 (1,3)
Stanislav Rastorguev, age 22 (1,3)
Margarita Pakhomova, age 21 (1,3)
Ilya Karasev, age 22 (1,2,3)
Marina Misyura, age 22 (1,3)
Nikolai Garifulin, age 21 (1)
Dmitry Saprunov, age 22 (1,3)
Dorin Codreanu, age 21, (1)
Victoria Opinca, age 21, (1)
Alina Turuta, age 21, (1)
Alexander Kireev, age 22, (4)
Kasum Adigyuzelov, age 25, (1,5)
Sabina Rafikova, age 23, (6,7,8)
Konstantin Akobirov, age 25, (6,9)
Adel Gataullin, age 22, (6, 7, 9)
Ruslan Kovtanyuk, age 24, (6, 9)
Yulia Klepikova, age 22 (1, 9, 10)
Natalia Demina, age 23 (1, 9)
Alexandr Sorokin, age 23 (4)
Plead guilty on June 16, 2010 (sentencing Oct 4, 2010)
Alexander Fedorov, age 24 (4)
Plead guilty on September 27, 2010 (sentencing Jan 5, 2011)
Anton Yuferitsyn, age 26 (4)
Plead guilty on Feb 19, 2010, sentenced on June 25, 2010 to ten months in prison and $38,413 in restitution.
Jamal Beyrouti, age 53 (11, 12)
Lorenzo Babbo, age 20 (11,12)
Vincenzo Vitello, age 29 (11,12)
ACHing of course has the double meaning -- these mules are in pain (aching) -- but also that these mules are performing "Automated Clearing House" bank transfers between victim bank accounts and their "mule" bank accounts.
Here is how "webplanet.ru" spelled them in their story. I've inserted the English next to each name:
"Citizens of Russia"
Артём Цыганков (Artem Tsygankov *), Софья Дикова (Sofya Dikova *), Максим Панферов (Maxim Panferov *), Кристина Извекова (Kristina Izvekova *), Артём Семёнов (Artem Semenov *), Альмира Рахматулина (Almira Rakhmatulina *), Юлия Шпирко (Julia Shpirko *), Максим Мирошниченко (Maxim Miroshnichenko), Юлия Сидоренко (Julia Sidorenko), Кристина Свечинская (Kristina Svechinskaya), Станислав Расторгуев (Stanislav Rastorguev *), Маргарита Пахомова (Margarita Pakhomova), Илья Карасёв (Ilya Karasev *), Марина Мисюра (Marina Misyura), Николай Гарифулин (Nikolai Garifulin *), Дмитрий Сапрунов (Dmitry Saprunov *), Касум Адыгюзелов (Kasum Adigyuzelov), Сабина Рафикова (Sabina Rafikova), Адель Гатауллин (Adel Gataullin), Руслан Ковтанюк (Ruslan Kovtanyuk), Юлия Клепикова (Yulia Klepikova *) , Наталия Дёмина (Natalia Demina), Александр Сорокин (Alexandr Sorokin), Александр Фёдоров (Alexander Fedorov) and Антон Юферицын (Anton Yuferitsyn)
"Citizens of Moldova"
Марина Опря (Marina Oprea *), Каталина Кортак (Catilina Cortac *), Йон Волосчук (Ion Volosciuc *), Лильян Адам (Lilian Adam *), Дорин Кодряну (Dorin Codreanu *), Виктория Опинка (Victoria Opinca) and Алина Турута (Alina Turuta)
"Citizenship not specified"
Александра Киреева (Alexander Kireev) and Константина Акобирова (Konstantin Akobirov)
* - SEVENTEEN of the criminals listed are still "at large" are indicated above with an asterisk. If you are in the New York, New Jersey, or Las Vegas areas and party with Russian criminals, you might have more information about them. Please see yesterday's blog post, New York FBI: 17 Wanted Zeus Criminals if you think you can help.
The Operation ACHing Mule press release (34 page PDF) lists many separate but related law enforcement cases, and the charges for each case.
In each of the cases below, the charges are given and the fines. I'm going to list the charge categories here, and then we'll show the same number after each person's name:
1 - Conspiracy to Commit Bank Fraud (up to 30 years, $1 M)
2 - Conspiracy to Possess False Identification Documents (up to 15 years, $250k)
3 - False Use of Passport (up to 10 years, $250k)
4 - Money Laundering (up to 20 years, $500k)
5 - Transfer of False Identification Documents (up to 5 years, $250k)
6 - Bank Fraud (up to 30 years, $1 M)
7 - Production of False Identification Documents (up to 15 years, $250k)
8 - Posession of False Immigration Documents (up to 10 years, $250k)
9 - False Use of Passport (up to 10 years, $250k)
10 - Conspiracy to Produce False Identification Documents (up to 15 years, $250k)
11 - Conspiracy to Commit Wire Fraud (up to 20 years, $250k)
12 - Conspiracy to Commit Money Laundering (up to 20 years, $250k)
On each charge, the fine can be replaced with "twice the gross gain or loss" of their actual crime, so for example "$250k fine or up to twice the gross gain or loss."
In reality, no one ever gets NEARLY the sentence. So for example, Anton Yuferitsyn has already been sentenced. Instead of "20 years and $500k fine" he got ten months and $38k in restitution.
United States v. Artem Tsygankov, et al. (10 Mag. 2126)
Artem Tsygankov, age 22 (charged with: 1, 2)
Sofia Dikova, age 20 (1,2)
Maxim Panferov, age 23 (1,2,3)
Kristina Izvekova, age 22 (1,2,3)
United States v. Artem Semenov, et al (10 Mag. 2154)
Artem Semenov, age 23 (1,2,3)
Almira Rakhmatulina, age 20 (1,2,3)
Julia Shpirko, age 20 (1, 2)
United States v. Maxim Miroshnichenko, et al. (10 Mag. 2141)
Maxim Miroshnichenko, age 22 (1,2)
Julia Sidorenko, age 22 (1,2,3)
United States v. Marina Oprea (10 Mag. 2142)
Marina Oprea, age 20, (1,2)
Catalina Cortac, age 21 (1,2)
Ion Volosciuc, age 19 (1,2)
Lilian Adam, age 21 (1,2)
United States v. Kristina Svechinskaya, et al. (10 Mag. 2137)
Kristina Svechinskaya, age 21 (1,3)
Stanislav Rastorguev, age 22 (1,3)
United States v. Margarita Pakhomova (10 Mag. 2136)
Margarita Pakhomova, age 21 (1,3)
United States v. Ilya Karasev (10 Mag. 2127)
Ilya Karasev, age 22 (1,2,3)
United States v. Marina Misyura (10 Mag. 2125)
Marina Misyura, age 22 (1,3)
United States v. Nikolai Garifulin, et al. (10 Mag. 2138)
Nikolai Garifulin, age 21 (1)
Dmitry Saprunov, age 22 (1,3)
United States v. Dorin Codreanu (10 Mag. 2152)
Dorin Codreanu, age 21, (1)
United States v. Victoria Opinca, et al. (10 Mag. 2153)
Victoria Opinca, age 21, (1)
Alina Turuta, age 21, (1)
United States v. Alexander Kireev (10 Mag. 1356)
Alexander Kireev, age 22, (4)
United States v. Kasum Adigyuzelov (10 Mag. 1622)
Kasum Adigyuzelov, age 25, (1,5)
United States v. Sabina Rafikova (10 Mag. 1623)
Sabina Rafikova, age 23, (6,7,8)
United States v. Konstantin Akobirov (10 Mag. 1659)
Konstantin Akobirov, age 25, (6,9)
United States v. Adel Gataullin (10 Mag. 1680)
Adel Gataullin, age 22, (6, 7, 9)
United States v. Ruslan Kovtanyuk (10 Mag. 1827)
Ruslan Kovtanyuk, age 24, (6, 9)
United States v. Yulia Klepikova, et al. (10 Mag. 1753)
Yulia Klepikova, age 22 (1, 9, 10)
Natalia Demina, age 23 (1, 9)
United States v. Alexandr Sorokin (10 Cr. 437 (RWS))
Alexandr Sorokin, age 23 (4)
Plead guilty on June 16, 2010 (sentencing Oct 4, 2010)
United States v. Alexander Fedorov (10 Cr. 873 (KTD))
Alexander Fedorov, age 24 (4)
Plead guilty on September 27, 2010 (sentencing Jan 5, 2011)
United States v. Anton Yuferitsyn (10 Cr. 134 (JGK))
Anton Yuferitsyn, age 26 (4)
Plead guilty on Feb 19, 2010, sentenced on June 25, 2010 to ten months in prison and $38,413 in restitution.
United States v. Jamal Beyrouti et al.(10 Mag. 2134)
Jamal Beyrouti, age 53 (11, 12)
Lorenzo Babbo, age 20 (11,12)
Vincenzo Vitello, age 29 (11,12)