-=[ Busted ]=- Six Trillion In Fake Bonds

On the other side of the pond, a record $6 trillion of fake US Treasury bonds were seized by Italian anti-mafia prosecutors.  The bonds were uncovered in hidden compartments in three safety deposit boxes in Zurich.  Bloomberg reports that Italian authorities arrested eight people in connection with the probe, dubbed Operation Vulcanica.

The Italian authorities also uncovered fraudulent checks issued through HSBC Holdings in London, and another $2 billion of fake bonds in Rome.  Those involved in the financial fraud case were apparently planning to buy plutonium from Nigeria, according to police monitored phone conversations.

Good work guys.  I hope they round up all involved, especially those with the plutonium.  You know that stuff isn’t going to be used to power wind up toys.

Of Skimmers & Scumbags

A skimming device came off in the hands of a Bank of America customer when she tried to use her debit card at an ATM recently, police said.  The man who had planted the credential stealing device appeared and asked for it back.  The woman refused to return the card and growled at the man who fled.

Sixth Precinct police are seeking two male suspects in connection with the  incident. The first is about 40, stands 5 feet 10 inches tall, and weighs 170  pounds. The second male is about 30, stands 5 feet 8 inches tall, and weighs 160  pounds, police said.

The two suspects face felony forgery charges and up to 15 years in  prison.  I wouldn’t advise anyone to do this, but that 23 year old woman sure has moxxy.  I hope the bank rewards her for her valiant stance.  DNAinfo

The reason that I don’t advise people to take this kind of action?  Read the article just published in The Compliance Exchange blog about Aaron Hand, already convicted in a $100 million mortgage-fraud scheme and serving a sentence of eight years and four months to 25 years.  He was sentenced to 8 – 16 more for plotting to have a key witness in his case killed.

Please remember that these guys mean business, and that there is more than just your current balance at stake.  These guys are all in it for the big money payoff.  If you find yourself involved in a confrontation or an investigation, a little paranoia is healthy, and caution is not cowardice, in my humble opinion.

Microsoft Sues UK Retail Chain For Pirating Windows

ComputerWorld reports that Microsoft is suing a UK retail electronics chain for selling Windows recovery discs to customers, claiming that the practice amounts to piracy.  I think that they are going to be challenged to make a strong case.  It will be interesting to see how this one unfolds.

Microsoft accuses Comet Group PLC of illegally copying Windows XP and Vista to create operating system recovery discs.  These copies were then sold to Windows desktop and laptops cutomers in 2008 and 2009.  Comet, operating about 250 UK stores, believes it was on solid legal ground.

Comet approached 95,000 PC customers over a 2 year period, and offered to sell them unnecessary recovery discs, according to Microsoft’s anti-piracy legal team.  The recovery software was already provided on the hard drive by the computer manufacturer.

The total take for Comet from this exercise is estimated at about 2.2 million dollars.  Not bad.

So is Comet just fulfilling a need that Microsoft has stopped providing in order to cut costs, or does Comet have some accountability or obligation for controlling how these recovery CDs are used after sale?  My understanding is that Microsoft’s own VAR agreement states that these CDs can be provided by the reseller “for a nominal fee”.  Is $25 a nominal fee?  If the recovery software is on the hard drive, does that preclude the VAR’s abaility to collect the nominal fee and distribute the CDs?  What’s your take on this?

Anonymous Takes Down Child Porn Site

ArsTechnica also reports that pedophiles connecting to a concealed child pornography site got an unwelcome surprise last week.  The hacktivist group Anonymous took down “Lolita City”, a child pornography site run on over a concealed “darknet,” and account details of 1,589 users from the site’s database were posted as evidence.  I don’t usually have much good to say about Anonymous or hacktivists in general, but I have even less good to say about those who exploit children.

The takedown is part of Anonymous’ Operation Darknet, an anti-child-pornography effort aimed at thwarting child pornographers operating on on the Tor Network to mantain anonimity.   Anonymous’ attack was focused on a hosting service called Freedom Hosting, which the group claims was the largest host of child pornography on Tor’s network.  “By taking down Freedom Hosting, we are eliminating 40+ child pornography websites,” Anonymous claimed in its statement.  “Among these is Lolita City, one of the largest child pornography websites to date, containing more than 100GB of child pornography.”

Score 1 for the good guys, courtesy of the bad guys…

Subway Sandwich’s $3M Security Lesson

Weak LinkInstead of coming in with guns and robbing the till, criminals can target small businesses, and steal from them digitally, across the planet.  The tools used in the crime are widely available to anyone willing to take the risks, and small businesses’ generally poor security practices and reliance on inexpensive software packages makes them easy pickings. 

In a scheme dating back at least to 2008, ArsTechnica reports a band of Romanian hackers has been stealing payment card data from the point-of-sale (POS) systems of hundreds of small retail businesses, including over 150 Subway restaurant franchises, ringing up over $3 million in fraudulent charges.  In an indictment unsealed in a New Hampshire court, the hackers are alleged to have gathered the credit and debit card data from over 80,000 victims. 

The methods used by the attackers were not sophisticated.  The compromised systems were located through an IP addresses scan for any systems with a specific type of remote desktop access software running (port scan).  The software was either unprotected or used poor passwords as protection, and provided back door access to the POS systems. Continue reading

-=[BUSTED]=- UK POS Scammer Guilty

Softpedia is carrying a story about Thomas Beeckmann, 26, pleading guilty to his involvement in an intricate operation in which PIN Entry Devices (PEDs) were altered seamlessly to record and transmit data from the cards that passed through them.  The Point Of Sale devices were stolen from shops all around Europe, and brought to the UK where Beeckmann rigged them up to steal data.  He would add a circuit board inside each one, containing a small amount of memory to store information.  The PEDs were then reintroduced to the shops.

The crooks involved in this scam didn’t even have to physically remove the freshly planted devices in order to retrieve the target data.  Everything was transmitted through a Bluetooth component to a gang member that would only have to be near the apparatus for a short period of time.  The data was retrieved and used to create clone cards for use at other shops and online.

These POS scanners would look and behave just like normal devices.  Transactions processed on them would simply flow through them.  There would be no way for a typical customer to tell the difference.  My question is, why would a shop owner return these stolen devices to service after their disappearance and re-appearance?  Something does not sound completely right here.  There has got to be more to the story, complicity, complacency, or stupidity?


-=[BUSTED]=- Fraud Victimizes Two NC Banks

FraudNews reports that three individuals, a disbarred lawyer, a crooked loan officer and another man could possibly get long prison sentences for their role in a mortgage fraud scam involving two well known North Carolina banks.   All three have pleaded guilty on a variety of counts.  The US attorney’s office states that they caused losses amounting to over $ 1 million.

Loans department bank officer Mark David Webb, and Goldsboro real estate lawyer, William Devaughn Orander III worked at both banks between 2004 and 2008 when the fraud took place.  The banks allowed borrowers to make a purchase of properties without having money of their own.   They also allowed them to walk away from the closing table with more than 50% of the purchase price for property in cash.   Prosecutors stated that there were a lot of instances where the money was paid to other members of the conspiracy.  This was either done individually or using the real estate holding companies that the co-conspirators owned.  As for Southern Bank’s losses, it amounts to nearly $284,000 with about $715,000 loaned out.

The third party to this conspiracy, Robert Keith Parker, pled guilty to the charge of making false statements to influence financial institutions connected with the loan.   It was Parker and Webb who falsified income tax returns to be able to qualify Parker’s wife to get a loan from Southern Bank.

Nearly $5 million worth of losses have been reported last year by the New Century Bank in a different fraud case by its founding chair, Raymond Lee Mulkey Jr., where the bank lent their founder millions to operate finance companies that he owned.