The underground world of cybercrime is thriving, with millions of stolen credit card numbers and personal identification details available for mere dollars. This report delves into the activities of digital mobsters who specialize in phishing expeditions, sending millions of scam emails daily. These cybercriminals remain hidden behind digital aliases, screen names, and encrypted communication channels, engaging in various illicit activities.

Virtual Hit Men: Anonymity and Retribution

One significant incident involved the theft of 150,000 consumer records, credit reports, and Social Security numbers by cybercriminals. These individuals operate as a digital gang, punishing errant members by exposing their true identities on public websites, effectively assassinating their virtual personas. The Secret Service has recently made a major breakthrough, arresting 28 individuals, indicting 19, and uncovering a network of 4,000 web-based mob members.

Web Mob Busted: Coordinated Law Enforcement Action

Law enforcement agencies took synchronized action against this cyber mob, conducting raids on multiple gang members simultaneously while they were engaged in web-based discussions. By capturing key figures and taking control of the gang’s website, they issued warnings to potential suspects. This operation significantly disrupted the criminal network’s activities.

Bottom Line: A Dark Marketplace

The cybercriminal marketplace operates discreetly, with stolen credit card data, worth thousands of dollars, being sold for as little as $1 to $10. Personal identification information, including email addresses, is even cheaper. The culprits range from high school dropouts to IT postgraduates, all exploiting the perceived anonymity of the internet to profit from confidential data on the world’s computer networks.

Authors: W.F. “Casey” Ebsary, Jr., CentralLaw.com and Albert Lucas, B.A. Mathematics

Full Text of Article:

Millions of stolen credit card numbers and other personal identification information are available for less than ten dollars according to experts at Baseline magazine and the United States Department of Justice. Unlike Michael Corleone’s crew, these mobsters exist solely in cyberspace. Phishing expeditions are their forte, with estimates of between 75 and 150 million scam emails sent daily.

Virtual Hit Men

Recently one large data collector was hit by mobsters who stole or accessed nearly 150,000 consumer records, credit reports, and Social Security numbers. This gang hides behind digital aliases, screen names, and nicknames. To punish wayward gang members, enforcers will publish the true names and identifying information of formerly anonymous transgressors on websites. Supplying the rat’s true identity to law enforcement virtually assassinates the individual in cyberspace.

The Secret Service recently tracked down one such gang. With 28 arrests, 19 indictments, and 4,000 gang members, the Government has penetrated one of the largest, if not the largest known web mob. Again, unlike secret meetings of the heads of the families, the web mobs met in web based discussion forums where they discussed and attempted to perfect the stealing and the forging of bankcards, and a myriad of other personal identification documents. They cloak their identities and encrypt their communications.

Web Mob Busted

Agents with the Secret Service staged synchronized raids on several gang members. Since word travels fast in cyberspace, they simultaneously knocked on dozens of doors across the country while the gang members were chatting and plotting in a web-based forum. By moving in concert, they captured the capos before they could compromise further investigation by publicizing the bust and/or destroying computer records of their dark deals. Eventually the agents took control of the mob’s website and posted a warning on their homepage to those not yet busted – “Contact your local United States Secret Service field office before we contact you!!!”

In the digital equivalent of a bunch of televisions falling off Tony Soprano’s truck, batches of credit card data were falling off electronic trucks and onto the hard drives of gang members. They tested batches of purloined information to grade and evaluate the data for accuracy and to determine whether or not the card numbers were cancelled or valid. Testing of the data consisted of illicit entry into a retailer’s computer and running a series of nominal charges for each card number to see if the charges were approved or declined. Once tested and graded, the data is sold to the highest bidder on clandestine websites.

Bottom Line

According to the Secret Service, a credit card with a $10,000 limit would sell for between $1 to $10 dollars or more. E-mail addresses and associated personal identification information are cheaper – they go for a few cents each. From high school dropouts to post graduate students of Information Technology, cyber criminals now use the illusion of anonymity and take unrestricted license with confidential information housed on the world’s computer networks.

Authors: W.F. “Casey” Ebsary, Jr., CentralLaw.com and Albert Lucas, B.A. Mathematics

The survey found that speakers reading slides, flying text across the screen, and annoying use of sounds were some reasons for disdain for the technology. To that list add the users’ tech timeouts when the software or the hardware fails to display the desired show. With prices tumbling on hardware, including cheap projectors and notebook computers, expect the visual delirium to continue until audiences stand up and complain, walk out, or fall asleep during these moments of mediocrity.

Combining the laser pointer with the video projector can exponentially increase the risk of midday narcolepsy in the jury box or the seminar room. Actually, since the searing red dot of the laser pointer resembles the laser sight on the SWAT team’s M-16, some might claim it to be a useful device for waking up bored audience members or jurors. Jurors know that labels on laser devices warn of eye damage. Use of the powered pointer might actually keep them on the edge of their seats protecting themselves from blindness and more importantly not hearing a word said.

We revel in new technologies but hope their use will help, not distract and bore the audience. To that end, make sure that use of presentation technology serves and does not supplant. Evaluate each tool and ask a few simple questions: Does this technology work? Do you know how to work it? Is the technology really necessary to convey the message? Does it distract from the message? Is the technology persuasive? New technologies will emerge. Each must be reviewed by asking these questions.

In a culture where computer-generated scenes can appear real, just because it was on the television or the big screen projector doesn’t necessarily mean that the audience is convinced that either a droid army saved the universe; or that your side of the case should prevail.

Authors: W.F. “Casey” Ebsary, Jr., CentralLaw.com and Jodi Ann Baudean, Master of Science in Civil Engineering

A first line of defense against malicious access is a hardware firewall. Without a hardware firewall, the attached computer is easily accessible. With a hardware firewall such as a Linksys Cable/Broadband router as the first layer of protection a hacker will not be able to see your computer as a first device attached to your cable modem.

The second line of defense is a software firewall. A heuristic firewall such as ZoneAlarm looks for suspicious activity per se in addition to an ever-evolving defined list of threats. ZoneAlarm uses a permission-based system to allow access to and from the Internet to be granted or denied by a user. For example, a number of attacks on Windows operating systems using Outlook as an email client, have exploited easy access to the Outlook contacts database. Once accessed those attackers replicate themselves and redistribute information from the attacked computer to email addresses found on the victim’s computer. Obviously, distribution of confidential client information is not an option for any of us. So not protecting our information is not an option either.

The third and final line of defense is maintenance of current virus protection software. Most top of the line software packages will automatically access the publisher’s website to obtain a current list of threats or virus definitions. This third line of defense will provide protection in the event the other two layers do not intercept the malicious file(s) that can compromise your home or office network.

Remember that your security system is only as strong as the weakest link. So while we obviously will focus on our desktop computers, legitimate remote access to our networks with a laptop from home or from onsite from a courtroom or client’s office, will provide opportunities for hackers to exploit our systems. You must make sure that all devices accessing our networks are equipped to deter hackers. Furthermore all users must be aware of the best practices to prevent illicit access to your firm’s digital resources.

A document contains information about the author, creation and revision dates, and other information about the lineage of the publication. The metadata as it is referred to can be used by a party to track revisions, additions, and deletions from the text. Therefore, care should be used to strip documents of these attributes when the document is to be distributed outside of the firm. Tips on stripping these attributes are available from both Microsoft and Corel. The Microsoft resource can be found at support.microsoft.com. The Corel resource is located at corel.com.

Surprisingly, the Microsoft Office stores all previous revisions of a Word document within the document itself. The revisions can be removed. One easy way to strip most of the identifiable information from document is to open a document in your word processor, select all of the text and copy it, open the Notepad application, paste the text into the Notepad document, and save the document as a text document.

Phishing is not to be confused with ‘fishing.’ There is no cast net, no baiting of the hook, and no minnow awaiting a large-mouth bass. But there are plenty of wireless fly rods out there. What do I mean? Specifically, an enterprising nerd or computer wizard of the binary-off generation can send you a disguised email representing a company you know and highly regard. The message may be duplicating a well-known logo in a misleading email suggesting you, the gullible, reply and update their files. They will frequently ask for a Social Security Number, credit card number, username and password, and/or your bank account number. Such data provides a license for identity theft. It goes on all the time. You read stories of months and months of futile effort to rectify credit reports done in by the virtual criminals. Frequently, the bait appears as an online financial intermediary asking for an update of personal information. In reality, takers just feed the ‘phisher’ valuable key information used to exploit the theft of the vulnerable victims’ identities.

Spoofing

Another popular indoor sport for some phisherman is spoofing. The digital sportsmen are hacking wireless cellular networks. First, the angler finds a cellular telephone with voice mail. Second, the piscator spoofs the cellular phone number, fooling the cellular network into authorizing access to the cellular telephone’s features. Third, the woesome whaler harvests the data and voicemail stored in the victim’s account. Data can include voicemail, user identification information, address books, photos, and passwords.

Explaining

How do they do it? Spoofing is easier and simpler than compromising most computer networks. We will not publish specifically where to go to spoof caller identification information. However, accept as fact, that information appearing to identify a caller can be falsified. Some cellular providers allow users to turn off the requirement that passwords be entered when accessing services from the user’s handset. The cellular caster then calls a cell phone number whose password is not required by the user – an option popular among many callers. The happy harpooner then gains entry into the victim’s voice mail, can control the options available to users (both authorized and otherwise), and has reign over whatever data and information is stored therein. A celebrity such as Paris Hilton and all her friends in her address book know all about it.

Preventing

Avoiding phishing and spoofing requires vigilance. Don’t supply usernames and passwords to anyone. Networks and providers already know your username and password. Change passwords regularly and use your cell phone pin number to access your voicemail every time no matter how busy you may be. These basic precautions will not stop the ever-advancing threats, but will provide a safety net. Be wary and be warned from your lighthouse attendant from on the bay.

Authors: Albert Lucas, B.A. Mathematics and W.F. “Casey” Ebsary, Jr., CentralLaw.com

Firewalls

A two-tiered approach to security is advisable. First, a hard firewall, as simple as a router can harden you defenses against nefarious efforts to access your computer network. At CentralLaw.com we use a simple device manufactured by LinkSys. It comes in a variety of flavors both wired and wireless. Key point here with the wireless variant is to enable password protection of the device and change the default password. Those with wireless mobile access and nothing better to do play a fairly common game – “war driving.” Contestants cruise the streets of Metropolis searching for unprotected wireless networks or networks whose passwords and username were never changed from the manufacturers’ default settings. Once a wireless connection is found, the players have access to your Internet connection, possibly to you data, and possibly to your office network.

Second, a software firewall is quite useful. They are frequently and often automatically updated and can respond to threats developed after the installation of the hard firewall. Heuristic or artificially intelligent firewalls are available. At CentralLaw.com we use ZoneAlarm. This new generation of protection enables a permission based security system that learns about the user’s legitimate accesses to the network and affirmatively requests permission from the user before allowing a program or process to access a protected computer. The program is trained to learn how and what legitimate users do on the protected computer. The program will log, alarm, and identify the evil-doer, and prevent the wicked from wandering.

Recently, one morning ZoneAlarm caught and blocked a suspicious effort to access a computer resource in our office. The artificially intelligent software firewall noted viral activity that had not previously been permitted by our systems’ users. Later that day, themedia publicized the latest viral attack on the world’s computers and suggested users go to their anti-virus software and update it. We followed the advice, but were already protected from a threat. Since anti-virus and/or system software vendors had not yet responded to the attack, we would have been vulnerable.

Spyware

While programs usually run and are visible to users in the taskbar along the bottom of your computer screen, spyware installs itself in your operating system and its effects are not noticed until a computer’s internet access has slowed, a browser home page has been changed, a new search bar appears, or myriad other odd symptoms surface. We use a two-tiered approach here also. AdAware from LavaSoft and SpyBot Search and Destroy are a one-two punch to knock out these veiled threats.

Software Updates

Computer networks, like chains, are only as strong as the weakest link. Make sure all machines accessing your network are secured with the latest operating system updates. Some system updates have file sizes that require hours to download by a telephone dial-up connection. The masses use dial up, virtually guaranteeing that these updates will not be installed on those computers. Consequently, new threats propagate from throngs of unprotected computers. Take the time to assure that all computers under your control or terminals that have access to your network are regularly keeping pace with these updates. Recovering compromised data from even a single destroyed hard disk drive begins at around $5,000.00 per disk drive and it is not uncommon for data to be unrecoverable.

File deletion either through an accident, an application, or through the familiar desktop icon, the trashcan, seldom makes recovery of the deleted files impossible. Use of these commands on most computers merely delays the inevitable recovery of the files by those with a desire to do so. Most computers delete files by eliminating entries on the directory or index of the hard drive, but really the data associated with those entries remains accessible. Experts frequently analogize such deletions to the tearing of the table of contents from a book. Even though the outline of the book has been removed, pages of content remain.

Many common consumer applications can resolve these deleted files. Recovery of the files for evidentiary purposes requires the use of a computer forensics expert. These professionals use techniques designed to maintain chains of custody and software designed to assure an audit trail for files recovered. Professional recovery using scientifically valid recovery methods prevents claims that files recovered are not admissible for a number of evidentiary foundational reasons.

The computer forensics expert can also help devise a strategy to efficiently recover relevant data from diverse types of storage devices and from a number of geographically distinct storage locations. A well-planned search strategy can maximize an investment made in a forensic investigation. One megabyte of data is roughly 180,000 words of text or about the size of a typical novel. One gigabyte of data is 1,000 megabytes and will contain the information that one might find in 1,000 books.

With the price per megabyte of storage plummeting, large capacity storage devices capable of storing 120 gigabytes are common and cost less than $200.00. A poorly planned or executed search strategy can be quite costly. Searching the wrong storage device or looking in the wrong places will mobilize a marathon of futility; like searching 120,000 books in the wrong library.