Real World Case Study 3 Cyber Scams
Cyber scams are today's fastest-growing criminal niche. Scores of banks and e-commerce giants, from JPMorgan Chase & Co. to Wal-Mart.com, have been hit, sometimes repeatedly, by hackers and online fraud schemes. The 2005 FBI Computer Crime Survey estimated annual losses to all types of computer crime—including attacks of viruses and other malware, financial fraud, and network intrusions—at $67 billion a year. Of the 2,066 com panies responding to the survey, 87 percent reported a security incident. In addition, the U.S. Federal Trade Commission savs identity theft is its top complaint.
To track cyber crime, law enforcement officers work with companies such as eBay or Microsoft, as well as with legal authorities around the globe. eBay has 60 people that combat fraud, while Microsoft’s Internet Safety Enforcement team has 65 operatives, including former law enforcement agents and federal prosecutors. To document the extent of the activityBusinessWeek reporters scoured underground Web sites where stolen data are swapped like so many baseball cards on eBay.
Consider this e-mail promoting the launch of an online crime trading bazaar, vendorsname.ws, last year: “During the battle with US Secret Service, we!@# &! All those bastards and now are running a brand new, improved and the biggest carders’ forum you ever seen.” The message brags about its array of stolen goods: U.S. and European credit card data, “active and wealthy” PayPal accounts, and Social Security numbers. Those who “register today” get a “bonus” choice of “oneCitybank account with online access with 3K on board” or “25 credit cards with PINs for online carding.”What follows is a look at four individuals who have been identified by multiple law enforcement authorities as high-priority targets in their investigations. It’s no coincidence that all are Russian. Strong technical universities, comparatively low incomes, and an unstable legal system make the former Soviet Union an ideal
breeding ground for cyber scams. Also, tense political relations complicate efforts to obtain cooperation with local law enforcement. “The low standard of living and high savviness is a bad combination,” argues Robert CChesnut, a former federal prosecutor who is a senior vice president directing antifraud efforts at eBay.Among the most pernicious scams to emerge in the last few years are so-called reshipping rings. The king of these rings is a Russian-born hacker who goes by the name Shtirlitz—a sly reference to a fictional Soviet secret agent who spied on the Nazis. In real life, Shtirlitz is being investigated by the U.S. Postal Inspection Service in connection with tens of millions of dollars’ worth of fraud in which Americans signed up to serve as unwitting collaborators in converting stolen credit card data into tangible goods that can be sold for cash. “We think he is involved in the recruitment of hundreds of people,” says William A. Schambura, an analyst with the U.S. Postal Inspection Service. Investigators believe that people like Shtirlitz use stolen credit cards to purchase goods they send to Americans whose homes serve as drop-off points. The Americans send the goods overseas, before either the credit card owner or the online merchant catches on. Then the goods are fenced on the black market.BusinessWeek found that reshipping groups take out advertisements in newspapers and spoof ads from online job sites. “We have a promotional job offer for you!!” beckons one e-mail for a “shipping-receiving position” from UHM Cargo that appeared to come from Monster.com. It states that “starting salary is $70–$80 per processed shipment. Health and life benefits after 90 days.” Officials do not know Shtirlitz’s real name but believe he is 25–27 years old and lived in the San Francisco area at one time after his parents emigrated. They do not know where he is now but believe he is active. In one forum of CardingWorld.cc, a person with the alias iNFERNis, posted this request on December 23, 2005: “Hi, I need eBay logins with mail access, please icq 271-365-234.” A few hours later, Shtirlitz replied: “I know good vendor. ICQ me: 80–911.”Once equipped, someone could log into those eBay accounts and use them to buy goods with the owners’ money while emptying the money out of their PayPal accounts. “The Web sites are more like a dating service,” notes YohaiEinav, an analyst at RSA Security Inc. “Then you can conduct transactions in private chat rooms. I can click on someone’s name and start doing business with them.” The technical tools to steal credit card numbers and online bank account log-in data are often just as valuable as the stolen goods themselves. A cyber criminal known as Smash is being investigated by the Postal Inspection Service on the suspicion that he helps hackers hack. The picture, or avatar, that accompanies Smash’s posts in online chat rooms shows a fallen angel. Around 25–30 years old and based in Moscow, he is believed to be an expert in building spyware programs, malicious code that can track Web surfers’ keystrokes and is often hidden in corrupted Web sites and spam e-mail.......................
CASE STUDY QUESTIONS
1) List several reasons “cyber scams are today’s fastestgrowing criminal niche.” Explain why the reasons you give contribute to the growth of cyber scams
2) What are several security measures that could be implemented to combat the spread of cyber scams? Explain why your suggestions would be effective
3) Which of the four top cyber criminals described in this case poses the biggest threat to businesses? To consumers? Explain the reasons for your choices, and describe how businesses and consumers can protect themselves from these cyber scammers.