Archive for the ‘Cybercrime’ Category

Cyber Bust

Saturday, October 9th, 2010

The cyber thieves were smart. Instead of targeting corporations and large banks that had state-of-the-art online security, they went after the accounts of medium-sized companies, towns, and even churches. Before they were caught, members of the theft ring managed to steal $70 million.

Today, with our law enforcement partners in the United States, the United Kingdom, Ukraine, and the Netherlands,  announced the execution of numerous arrests and search warrants in multiple countries in one of the largest cyber criminal cases we ever investigated.

  Cyber Graphic

“This was a major theft ring,” said Gordon Snow, assistant director of the FBI’s Cyber Division. “Global criminal activity on this scale is a threat to our financial infrastructure, and it can only be effectively countered through the kind of international cooperation we have seen in this case.”

Using a Trojan horse virus known as Zeus, hackers in Eastern Europe infected computers around the world. The virus was carried in an e-mail, and when targeted individuals at businesses and municipalities opened the e-mail, the malicious software installed itself on the victimized computer, secretly capturing passwords, account numbers, and other data used to log into online banking accounts.

The hackers used this information to take over the victims’ bank accounts and make unauthorized transfers of thousands of dollars at a time, often routing the funds to other accounts controlled by a network of “money mules.” Many of the U.S. money mules were recruited from overseas. They created bank accounts using fake documents and phony names. Once the money was in their accounts, the mules could either wire it back to their bosses in Eastern Europe, or turn it into cash and smuggle it out of the country. For their work, they were paid a commission.

Yesterday, the New York office arrested 10 subjects related to the case, and is seeking 17 others. Those arrested are charged with using hundreds of false-name bank accounts to receive more than $3 million from victimized accounts.

In all, the global theft ring attempted to steal some $220 million, and was actively involved in using Zeus to infect more computers. But beyond the actual and potential monetary loss, this case is significant because of the extraordinary level of cooperation among international law enforcement to stop the group. And it also sends a message to hackers around the world that there are fewer safe havens from which they can operate.

“There are many challenges in a complicated global case like this one,” said Weysan Dun, special agent in charge of our Omaha office, where the investigation began in May 2009 when agents discovered a pattern of suspicious banking transactions. “With multiple countries involved, there are differences in times zones, geography, and culture, not to mention that all our cyber laws are not the same. “But those differences were overcome,” Dun said, “and the results speak for themselves.”

He added, “The international tolerance for this kind of criminal activity is decreasing. Our partners overseas are dealing more aggressively and effectively with cybercrime than ever before. The number of nations that collaborated and worked in partnership with the Bureau on this case represents a very significant step forward in the way we investigate these cases.”

Criminology Research Project, Inc., congratulates the FBI’s Cyber Division for a job well done.

Dr. Edward Blackwelder

Executive Director

Criminology Research Project, Inc.

Posted in Cybercrime | No Comments »

UPDATE: INTERNET CRIMES -Internet Crimes Complaint Center & Federal Bureau of Investigation Report

Thursday, March 18th, 2010
This information is from the Internet Crimes Complaint Center and the Federal Bureau of Investigation and is presented by Criminology Research Project, Inc., for your academic enrichment only.  All credit for this article goes to the Internet Crimes Complaint Center and the Federal Bureau of Investigation.  Criminology Research Project thanks the people of the Internet Crimes Complaint Center and the Federal Bureau of Investigation for making this report available.  It is the desire of CRP that you possess the most up-to-date information available on this most rapidly growing criminological problem.  You are encouraged to visit the Internet Crimes Complaint Center’s web-site for a more detailed and complete report.

 

 

 
2009 Internet Crime Report

Executive Summary

From January 1, 2009 through December 31, 2009, the Internet Crime Complaint Center (IC3) Web site received 336,655 complaint submissions. This was a 22.3% increase as compared to 2008 when 275,284 complaints were received. Of the 336,655 complaints submitted to IC3, 146,663 were referred to local, state, and federal law enforcement agencies around the country for further consideration. The vast majority of referred cases contained elements of fraud and involved a financial loss by the complainant. The total dollar loss from all referred cases was $559.7 million with a median dollar loss of $575. This is up from $264.6 million in total reported losses in 2008. Unreferred submissions generally involved complaints in which there was no documented harm or loss (e.g., a complainant received a fraudulent solicitation email but did not act upon it) or complaints where neither the complainant nor perpetrator resided within the United States (i.e., there was not an appropriate domestic law enforcement agency for direct referral).
Complaints received by IC3 cover many different fraud and non-fraud categories, including auction fraud, non-delivery of merchandise, credit card fraud, computer intrusions, spam/unsolicited email, and child pornography. All of these complaints are accessible to local, state, and federal law enforcement to support active investigations, trend analysis, and public outreach and awareness efforts.

On January 1, 2009, IC3 implemented a new complaint classification system based on a redesigned questionnaire that generates an automatic classification of the complaint into one of 79 offense-based categories. This redesign also resulted in a number of changes to the way the system gathers and classifies complaint data. Further information about these changes can be found in Appendix I of this report. Significant findings related to an analysis of the complaint data include:

Email scams that used the Federal Bureau of Investigation’s (FBI) name (schemes in which the scammer pretended • to be affiliated with the FBI in an effort to gain information from the target) represented 16.6% of all complaints submitted to IC3. Non-delivered merchandise and/or payment (in which either a seller did not ship the promised item or a buyer did not pay for an item) accounted for 11.9% of complaints. Advance fee fraud (a scam wherein the target is asked to give money upfront- often times- for some reward that never materializes) made up 9.8% of complaints. Identity theft and overpayment fraud (scams in which the target is given a fraudulent monetary instrument in excess of the agreed-upon amount for the transaction, and asked to send back the overpayment using a legitimate monetary instrument) round out the top five categories of all complaints submitted to IC3 during the year.

Of the top five categories of offenses reported to law enforcement during 2009, non-delivered merchandise and/or • payment ranked 19.9%; identity thieft, 14.1%; credit card fraud, 10.4%; auction fraud, 10.3%; and computer fraud (destruction/damage/vandalism of property), 7.9%.

Of the complaints involving financial harm that were referred to law enforcement, the highest median dollar losses were • found among investment fraud ($3,200), overpayment fraud ($2,500), and advance fee fraud ($1,500) complainants.

In those complaints in which perpetrator information is provided, 76.6% were male and half resided in one of the • following states: California, Florida, New York, the District of Columbia, Texas, and Washington. The majority of reported perpetrators (65.4%) were from the United States. A number of perpetrators were also in the United Kingdom, Nigeria, Canada, Malaysia, and Ghana.

Among complainants, 54% were male, nearly two-thirds were between the ages of 30 and 50, and a little over one-• third resided in one of the following states: California, Florida, Texas, or New York. The majority of complainants were from the United States (92%). However, IC3 received a number of complaints originating in Canada, the United Kingdom, Australia, India, and Puerto Rico.

Male complainants lost more money than female complainants (ratio of $1.51 lost per male to every $1.00 lost per • female). Individuals 40-49 years of age reported, on average, higher amounts of loss than other age groups.

In addition to FBI scams, popular scam trends for 2009 included hitman scams, astrological reading frauds, • economic scams, job site scams, and fake pop-up ads for antivirus software.

 
 

Overview

The Internet Crime Complaint Center (IC3) began operation on May 8, 2000, as the Internet Fraud Complaint Center. Established as a partnership between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation (FBI), IC3 serves as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cybercrime. Since inception, IC3 has received complaints across a wide spectrum of cybercrime matters, including online fraud (in its many forms), intellectual property rights (IPR) matters, computer intrusions (hacking), economic espionage (theft of trade secrets), child pornography, international money laundering, identity theft, and a growing list of additional criminal and civil matters.
IC3 gives the victims of cybercrime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. For law enforcement and regulatory agencies at the local, state, and federal level, IC3 provides a central referral mechanism for complaints involving Internet-related crimes. For affected members of industry, IC3 can leverage both intelligence and subject matter expert resources to identify and craft an aggressive, proactive approach to combating cybercrime.

IC3 2009 Internet Crime Report is the ninth annual compilation of information on complaints received by IC3 and referred to law enforcement or regulatory agencies for appropriate action. The results provide an examination of key characteristics of: (1) complaints; (2) perpetrators; (3) complainants; (4) interaction between perpetrators and complainants; (5) popular scams of 2009; and (6) success stories involving complaints referred by IC3. The results in this report are intended to enhance general knowledge about the scope and prevalence of cybercrime in the United States. This report does not represent all victims of Internet crime, or crime in general because it is derived solely from the people who filed a report with IC3.

General IC3 Filing Informat
 
 

The number of complaints referred to law enforcement has increased from 72,940 in 2008 to 146,663 in 2009 (see Figure 3). All complaints not directly referred are still accessible by law enforcement, used for trend analysis, intelligence gathering and consumer education. Typically, these non-referred complaints do not involve a documented case of financial or physical harm or involve a situation in which neither the complainant nor perpetrator reside within the United States. In a minority of cases, there is no designated agency to refer a complaint, based on jurisdictional factors or agency-defined thresholds for referral.

During 2009, IC3 implemented a new complaint classification system. This complainant-driven system is based on a logic-driven questionnaire that generates an automatic classification of the complaint into one of 79 offense-based categories. This redesign has also resulted in a number of changes to the way IC3 system gathers and classifies complaint data. The new classification system improves upon the previous system by making clearer distinctions between complaint elements and by reducing the number of categories used to classify complaints.

The results contained in this report were based on information that was provided to IC3 through the complaint forms submitted at

www.ic3.gov. Complainants without Internet access are advised to use resources at their local library, educational institution, local law enforcement agency, or local victim’s assistance office. After a complaint is filed with IC3, the information is automatically referred to the appropriate local, state, and federal law enforcement agencies.www.ic3.gov. The data represents both a complete analysis of all the complaints and a sub-sample of those complaints that have been referred to law enforcement. Although IC3’s primary mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding cybercrime, those complaints involving other types of crime such as telephone and mail contact were also referred.4 | Internet Crime Complaint Center Figure 1: Yearly Comparison of Complaints Received via the IC3 Web site
From January 1, 2009 through December 31, 2009, there were 336,655 total complaints filed with IC3 (see Figure 1). This is a 22.3% increase compared to 2008 when 275,284 complaints were received. The number of complaints filed per month, for 2009, averaged 28,055. Dollar loss of complaints referred to law enforcement was at an all time high in 2009, $559.7 million, compared to previous years (see Figure 2).050,000100,000150,000200,000250,000300,000350,000200020012002200320042005200620072008200916,83850,41275,064124,515207,449231,49207,492206,884275,284336,655

Figure 2: Yearly Dollar Loss (in millions) of Referred Complaints
$0$100$200$300$400$500$6002001$17.8$54.0$125.6$68.1$183.1$198.4$239.1$264.6$559.720022003200420052006200720082009

Figure 3: Yearly Number of Referrals
030,00060,00090,000120,000150,0002001200220032004200520062007200820094,81048,25270,553103,95996,73186,27990,00872,940146,6632009 

Complaint Characteristics

During 2009, email scams that used the FBI’s name was the offense most often reported to IC3, comprising 16.6% of all crime complaints. Non-delivery of merchandise and/or payment represented 11.9% of complaints. Advance fee fraud made up an additional 9.8% of complaints. Other top 10 complaint categories included identity theft (8.2%), overpayment fraud (7.3%), miscellaneous fraud (6.3%), spam (6.2%), credit card fraud (6.0%), auction fraud (5.7%), and destruction/damage/vandalism of computer property, (i.e.,”computer damage,” 4.5%) (see Figure 4).
The complaints referred to law enforcement by IC3 were largely those cases involving identifiable loss. That meant certain complaints received in high numbers (e.g., FBI scams) were referred in lower numbers because the complainant’s intent was to notify IC3 of the scam, rather than report a financial or physical loss.

For a more detailed explanation of complaint categories used by IC3, refer to Appendix I at the end of this report.

Complaint category statistics may not always produce an accurate picture of what is occurring. They are based on the perception of consumers, and are thus influenced by how the complainant characterizes their victimization. Two different people may describe the same victimization in very different ways.

A key area of interest regarding Internet fraud is the average monetary loss incurred by complainants contacting IC3. Such information is valuable because it provides a foundation for estimating average Internet fraud losses in the general population. To present information on average losses, two forms of averages are offered: the mean and the median. The mean represents a form of averaging familiar to the public: the total dollar amount divided by the number of complaints. Because the mean can be sensitive to a small number of extremely high or extremely low loss complaints, the median is also provided. The median represents the 50

th percentile, or midpoint, of all loss amounts for all complaints referred to law enforcement. The median is less susceptible to extreme cases, whether high or low amounts lost.

Figure 4: 2009 Top 10 Most Common IC3 Complaint Categories (Percent of Total Complaints Received)
0.0%5.0%10.0%15.0%20.0%FBI ScamsNon-Delivery Merchandise/PaymentAdvanced Fee FraudIdentity TheftOverpayment FraudMiscellaneous FraudsSpamCredit Card FraudAuction FraudComputer Damage16.6%11.9%9.8%8.2%7.3%6.3%6.2%6.0%5.7%4.5%6 | Internet Crime Complaint Center

Of the 146,663 referrals during 2009, 100,296 involved a victim who reported a monetary loss. The total dollar loss from all cases of fraud in 2009 that were referred to law enforcement by IC3 was $559.7 million; that loss was greater than 2008 when a total loss of $264.6 million was reported. Much of this increase can be attributable to a greater number of higher loss complaint categories (e.g., identity theft) relative to auction fraud, which historically has been among lowest loss offenses. Of those complaints reporting monetary loss that were referred to law enforcement, the mean dollar loss was $5,580 and the median was $575. The significant difference between the mean and median losses is reflected by a small number of cases in which hundreds of thousands of dollars were reported to have been lost by the complainant.
Over 20 percent (21.7%) of complaints referred to law enforcement involved losses of less than $100, and 36.7% reported a loss between $100 and $1,000. Just over 28 percent (28.3%) of the complaints referred to law enforcement reported losses between $1,000 and $5,000 (for a grand total of 86.7% of complaints referred to law enforcement showing a loss of $5,000 or less), and 13.4% indicated a loss greater than $5,000 (see Figure 6). The highest dollar loss per referred incident was reported by overpayment fraud (median loss of $2,500) complainants. Investment fraud (median loss of $1,857) and advance fee fraud (median loss of $1,500) complainants were other high dollar loss categories.

Figure 5: 2009 Top 10 Most Referred IC3 Complaint Categories (Percent of Total Complaints Referred)
0.0%5.0%10.0%15.0%20.0%Non-deliveryIdentity TheftCredit/Debit Card FraudAuction FraudMiscellaneous FraudsAdvanced FeeOverpayment FraudFBI ScamsSpamComputer Damage19.9%14.1%10.4%10.3%7.9%5.7%4.8%4.5%4.3%3.5%

Figure 6: Percent of Referrals by Monetary Loss
$100,000.00 and over$10,000 to $99,999.99$5,000 to $9,999.99$1,000 to $4,999.99$100 to $999.99$0.01 to $99.99

1%28.3%36.7%21.7%6.5%5.8%2009  Perpetrator Characteristics

As important as it is to understand the prevalence and monetary impact of cybercrime, it is also vital to gain insight into who the typical perpetrators are. This can prove to be difficult in the world of cybercrime, where a mask of anonymity can impede law enforcement efforts; the gender of the perpetrator was reported only 35.1% of the time, and the state of residence for domestic perpetrators was reported only 38.0% of the time. In those cases in which a complainant was able to provide information about the suspect, over 76% of the perpetrators were male and over half resided in: California, Florida, New York, Texas, Washington and the District of Columbia (see Map 1). The District of Columbia, Nevada, Washington, Montana, Utah, and Florida have the highest per capita rate of perpetrators in the United States (see Table 1). Perpetrators also have been identified as residing in the United Kingdom, Nigeria, Canada, Malaysia, and Ghana (see Map 2). Refer to Appendix III at the end of this report for more information about perpetrator statistics by state. Readers are cautioned to note that throughout this document, perpetrator demographics represents information provided to the victim by the perpetrator so actual perpetrator statistics may vary greatly.

Table 1: Perpetrators per 100,000 People*
 

 

Rank  

 State  

 Per 100,000 People  
1  

 District of Columbia  

 116.00  
2  

 Nevada  

 106.73  
3  

 Washington  

 81.33  
4  

 Montana  

 68.20  
5  

 Utah  

 60.22  
6  

 Florida  

 57.28  
7  

 Georgia  

 56.99  
8  

 Wyoming  

 56.40  
9  

 North Dakota  

 51.01  
10  

 New York  

 48.10  

Posted in Cybercrime | 2 Comments »

Cyber Crime-The Internet-Your Computer and You

Saturday, January 30th, 2010

The Internet has thrown wide the windows of the world, allowing us to learn and communicate and conduct business in ways that were unimaginable 20 years ago.  This is the upside of globalization, as  author Tom Friedman has noted in best-sellers such as The World is Flat.  The downside of our increasingly flat world is that the Internet is not just a conduit for commerce, but also a conduit for crime.

The Internet has created virtual doors into our lives, our finances, our businesses, and our national security. Criminals, spies, and terrorists are testing our doorknobs every day, looking for a way in.

Cyber crime is a nebulous concept.  It is difficult to grasp intangible threats, and easy to dismiss them as unlikely to happen to you.  So far, too little attention has been paid to cyber threats—and their consequences.

Have you ever though of strangers walking through your offices, homes, and dorm rooms?  What if they were opening drawers, reading your files, accessing your bank accounts, or stealing your company’s research and development?

Friends, this is happening at this very moment!  Intruders are reading our mail and hacking into our networks every day, looking for valuable information,.  Unfortunately, they are finding all of this because many of us are not aware of the threat these people pose to our privacy, our economic stability, and even our national security.

Most of us, including myself, assume that we will not be targets of cyber crime.  We, as a result, are not as careful as we know we should be.  The Director of the Federal Bureau of Investigation, Robert S. Mueller,III tells this true story; Not long ago, the head of one of our nation’s domestic agencies received an e-mail purporting to be from his bank.  It looked perfectly legitimate, and asked him to verify some information.  He started to follow the instructions, but realized this might not be such a good idea.  It turned out that he was just a few clicks away from falling into a classic Internet “phishing” scam.  This is someone who spends a good deal of his professional life warning others about the perils of cyber crime!  He, however, barely caught himself in time.  Director Mueller knows this is a true story as this person!

In July of 2008, a California oil and gas company called Pacific Energy Resources contacted the FBI and the Long Beach Police Department to report a computer attack.  Six computer servers had been rendered inoperable, disabling the critical leak-detection systems of three off-shore oil platforms.  This was the last in a series of network attacks which cost the company over $100,000 in losses.’’   An investigation led the FBI to a former IT contractor.  After he had been dismissed from his job, he retaliated by remotely accessing the computer system.  His actions could potentially have resulted in significant environmental damage. He pled guilty to a federal computer intrusion charge and faces up to 10 years in prison.

This past April, someone hacked into the database of the Virginia Department of Health Professionals.  The intruder blocked over 8 million patient records—records that hospitals, doctors, and pharmacies depend on in order to accurately prescribe and dispense medication.  Those records are no longer blocked and the FBI continues to investigate.

In the book, The Cuckoo’s Egg, the author chronicles the electronic adventure of Cliff Stoll, a systems manager at a Berkeley laboratory.  In the mid-1980s, he noticed an accounting disparity of 75 cents.  This was before the Internet as we know it today.  He tracked it to an unauthorized user who had repeatedly broken into the system and then used the lab’s computers to tap into military networks.  He eventually traced the attacks to a German hacker who was part of an espionage ring.  The book was prescient.  Twenty years later the entire world is online.  Because the web offers near-total anonymity it is much more difficult to discern the identity, motives, and location of an intruder.

In an early stage investigation it is not known if the problem is the dealing with a spy, a company insider, or an organized criminal group.  Something that looks like an ordinary phishing scam may be an attempt by a terrorist group to raise funding for an operation.  An intrusion into a corporate network could be the work of a high school hacker across the street or it could be a hostile foreign power across the globe.

Cyber threats present a unique challenge to law enforcement because so little is known and, equally, there is a tendency for investigators to compartmentalize an early investigation.  Criminal cases are usually separate from espionage cases, which in turn are separate from counterterrorism cases.  When it come to cyber threats, however, there is almost always some overlap.

It is the job of the FBI to serve both as a law enforcement and national security agency.  This is critical because what may start as a criminal investigation may lead to a national security threat.

Part 2 of this series continues tomorrow.  (CRP wishes to recognize the research efforts of the FBI in making this article possible)

Posted in Cybercrime | 2 Comments »

Criminal Justice System Fighting Internet Crime

Thursday, September 24th, 2009

They were crimes born of the Internet age — romantic solicitations on popular Web site Craigslist that police say led to the fatal shooting of one woman and the robbery of another in Boston hotels this past spring.

Internet forensic expert Mark Rasch used high-tech sleuthing to help police in Boston’s Craigslist crime.

And it was high-tech, 21st-century sleuthing, along with some old-fashioned gumshoe detective work, that put police on the trail toward a suspect and eventually an arrest.

CNN’s Randi Kaye recently took a behind-the-scenes look at how technology was used to lead police to 23-year-old medical student Philip Markoff, who has been indicted on seven counts, including first-degree murder.

Prosecutors said Julissa Brisman, a model from New York who advertised as a masseuse on Craigslist, was shot three times at close range and suffered blunt head trauma at the Marriott Copley Place hotel on April 14. And a 29-year-old Las Vegas, Nevada, woman was robbed of $800 in cash and $250 in American Express gift cards at the Westin Copley Place hotel, police reports said.

Investigators knew they had crimes born of the Internet on their hands, but how were they able to use that same technology to help them find a suspect who went to great lengths to hide his tracks?

“The figures involved communicated with each other [via] text and e-mail, and they only met at the very last minute,” said special correspondent Maureen Orth, who investigated the story for Vanity Fair magazine. “And then the way the police were able to solve the crime was going back, using the clicks and the Internet addresses.”

In Brisman’s case, police knew she had communicated on Craigslist with a person calling himself “Andy.”

Mark Rasch once headed the computer crimes unit at the U.S. Department of Justice. Now an Internet forensic expert, he helped Boston police track the alleged killer.

“The first thing you start with was the e-mail address. In this case, it’s an e-mail address from Live.com, which is Microsoft,” Rasch explained to CNN’s Kaye.

Rasch showed Kaye the tracer program he used to help follow the e-mails from “Andy.”

“Trace Back does what it says — traces the route that the e-mail took on its way from its origin to the destination,” Rasch said.

Rasch says police got the Internet protocol address for the e-mailer’s computer. From there, investigators tracked down the company providing Internet service to the suspect, which told them that the subscriber lived in a Quincy apartment building, outside Boston.

Even though police had what they believed was the killer’s real name and home address, that still was not enough, Kaye reports.

“They have to validate and actually get this guy’s fingers on the keyboard,” Rasch said. “So in the end, they reverted to the old gumshoe thing of a stakeout.”

Police zeroed in on Markoff.  They’d seen a tall, blond male they believed was the killer on the hotel surveillance cameras. And they did what many people do on a daily basis — they Googled him.

Police learned their prime suspect was a medical student at Boston University. He was engaged to be married.

Again, the Internet helped. They got a better look at him through pictures with his fiancee online. It’s a piece of a digital trail criminals rarely think about, Kaye reported.

“As one of the law enforcement people told me, if you can see it, they can see it,” Orth said.

Markoff’s cyber footprint was growing more clear to authorities every day. On April 20, six days after Brisman’s slaying, detectives arrested him.

They said he was carrying on him a New York driver’s license with a photo of someone named Andrew or Andy Miller. Police say Markoff used that driver’s license to purchase the gun that killed Brisman and that his fingerprints were on the paperwork.

In June, Markoff pleaded not guilty to Brisman’s death and the other charges against him. He remains in jail.

Posted in Cybercrime | 1 Comment »

E-mail Hackers-Urgent Notice for Criminology Research Project Readers

Wednesday, September 9th, 2009

For only $100, YourHackerz.com will provide anyone with the password of any e-mail account!  There is no way of detecting this invasion.  Also provided is a “spoofing service” to disguise a woman’s voice as a man’s, vice-versa. 

Services like YourHackerz.com are active and plentiful, with clever names like piratecrackers.com and hackmail.net.  They boast of having little trouble hacking into such Web-based e-mail systems as AOL, Yahoo, Gmail, Facebook and Hotmail and they advertise openly.  Experts said, there doesn’t appear to be much anyone can do about it.

Peter Eckersley, a staff technologist for the Electric Frontier Foundation in San Francisco said, “This is an important point that people haven’t grasp.  According to Professor Orin Kerr, a law professor at George Washington University,” Federal law probibits prohibits hacking but any hacker that is competent and spends the time and targets you, he’s going to get you.”  Professor Kerr was a trial attorney in the United States Justice Department’s computer crime section before his move to academics.  Kerr says, “The feds usually don’t have the resources to investigate and prosecute misdemeanors and part of the reason isi that normally it’s hard to know when an account has been compromised, because e-mail snooping doesn’t leave a trace.”

“Web Based e-mail password hacking or cracking is one of our all time favorite and unique hobbies,” writes the folks at YourHackerz.com.  It’s not clear where YourHackerz.com is located but experts suspect that most of the businesses are based overseas.  These outfits, with a 100% guarantee, claim they will provide original Passwords, no questions asked.  They require payment only after a buyer is convinced.  They also guarantee “total privacy of your information and no legal hassles.”

SlickHackerz.com boast, “We are professionals interested in helping serious people for whom an e-mail password wouldl mean saving a marriage, knowing the truth, preventing a fraud, protecting their family, job and interests only when conventional ways and normal procedures do not work.”

All the services advertise that they will e-mail a screenshot of the target’s in-box or even send an e-mail from the target-s e-mail as proof that they’ve cracked the password.  The customer then sends payment.  One service, whose fee is only $33, then responds with the script from a scene from a Shakespeare play, with the stolen poassword hidden in the copy.

The FBI cannot police the Internet, a spokesman said.  “The FBI is aware of these illegal services and we have been successful in the past in identifying criminal activity and working with prosecutors to bring indictments.  Users of these services should know that just because a product is marketed on the Internet does’s mean it’s legal.”

According to FBI spokesman Paul Bresson, “Agents must be made aware of specific illegal acts ocurring in the United States before they can pursue a provider.  They can’t investigate and online service without evidence of a particular crime.”

Alissa Cooper of the Center for Democracy and Technology in Washington says, “This kind of thing has been on the radar of law enforcement already, but with many of the hackers overseas in practice it takes a lot of resources and time to build up relationships with law enforcement in other countries.  They’re starting to do that in the cybersecurity realm.”

Criminology Research Project, Inc., in monitoring newspapers from throughout the United States, obtained this information from the Washington Post in an article written by Tom Jackson.   CRP realizes cybersecurity does not fall under “murder oriented subject matter,” nevertheless it does fall within the definition of general criminology.  It’s important, in my opinion, that everyone become aware of this illegal activity.  Any suggestions?  Certainly…change your password often and hope for the best.

Just yesterday I attempted to sign on to one of my e-mail accounts only to be told that someone was already signed in!  I promptly reported it to the FBI and received a speedy reply.  However, what will be done? Very little in my opinion.

 

Cybersecurity is a new area for law enforcement is presents a most difficult dilemma.  Law enforcement is accustomed to having a physical crime scene which is absent in this type crime.  For thet present it seems cybercrime has out foxed law enforcement’s best efforts therefore, out of necessity, it is the obligation of each of use using the Internet to take computer security into our own hands.

Posted in Cybercrime | 1 Comment »