-=[ Busted ]=- Six Trillion In Fake Bonds

On the other side of the pond, a record $6 trillion of fake US Treasury bonds were seized by Italian anti-mafia prosecutors.  The bonds were uncovered in hidden compartments in three safety deposit boxes in Zurich.  Bloomberg reports that Italian authorities arrested eight people in connection with the probe, dubbed Operation Vulcanica.

The Italian authorities also uncovered fraudulent checks issued through HSBC Holdings in London, and another $2 billion of fake bonds in Rome.  Those involved in the financial fraud case were apparently planning to buy plutonium from Nigeria, according to police monitored phone conversations.

Good work guys.  I hope they round up all involved, especially those with the plutonium.  You know that stuff isn’t going to be used to power wind up toys.

Of Skimmers & Scumbags

A skimming device came off in the hands of a Bank of America customer when she tried to use her debit card at an ATM recently, police said.  The man who had planted the credential stealing device appeared and asked for it back.  The woman refused to return the card and growled at the man who fled.

Sixth Precinct police are seeking two male suspects in connection with the  incident. The first is about 40, stands 5 feet 10 inches tall, and weighs 170  pounds. The second male is about 30, stands 5 feet 8 inches tall, and weighs 160  pounds, police said.

The two suspects face felony forgery charges and up to 15 years in  prison.  I wouldn’t advise anyone to do this, but that 23 year old woman sure has moxxy.  I hope the bank rewards her for her valiant stance.  DNAinfo

The reason that I don’t advise people to take this kind of action?  Read the article just published in The Compliance Exchange blog about Aaron Hand, already convicted in a $100 million mortgage-fraud scheme and serving a sentence of eight years and four months to 25 years.  He was sentenced to 8 – 16 more for plotting to have a key witness in his case killed.

Please remember that these guys mean business, and that there is more than just your current balance at stake.  These guys are all in it for the big money payoff.  If you find yourself involved in a confrontation or an investigation, a little paranoia is healthy, and caution is not cowardice, in my humble opinion.

ASIC Warns Online Trading Accounts Hacked

The Australian Securities and Investments Commission (ASIC) is warning online traders to review their account security after a wave of account hacks.  During its regular surveillance ASIC became aware of “several stockbroking account intrusions involving unauthorized access and trading”.

ASIC is working with online brokerage firms to help affected customers, and with authorities to find the source.  In the meantime, anyone with an online account should check their transaction history and bank accounts, change their passwords, and make sure their anti-virus software is current.  If any unauthorized trading is suspected, contact your broker ASAP.


Fake iPad2s On Store Shelves in BC

CTV reports that as many as 10 fake iPad 2s, made of slabs of modeling clay, were recently sold at retail stores in Vancouver, BC.  Best Buy and Future Shop are investigating.

Scammers apparently bought the iPads with cash, replaced them with bags of modeling clay, resealed the boxes and returned them to stores for refunds.  The devices were apparently stuck back onto the shelves without being checked because they appeared to still be sealed, and then re-sold to other customers.

How these “tablets” were not detected is beyond me.  I can never return merchandise without getting the third degree.  I have had to provide a reason for every return, and “I just changed my mind” never suffices.  Don’t retailers generally test returned products, or at least check that the contents are present?  Those little plastic seals aren’t that difficult to unstick and then reseal.

So what can consumers do to protect themselves?  Always open the box before leaving the store, and check that the contents are what you expected.

Beware The Pink Facebook Scam

Watch out for this scam on Facebook.  You might get invitations from some of your online friends to change your Facebook page from that boring blue color to the more exciting and invigorating pink, black or even red color.  Don’t get sucked in.  Each of the pages linked to in the invitation demands that you share it with others, write a nice comment about it, and complete a survey.  These surveys drive revenue to the scammer, they are paid for each one that someone fills out.

You are very unlikley to get the awesome color change that was advertised, and any friends that follow your recommendations won’t be very impressed when they don’t get it either.  Now, there are number of GreaseMonkey scripts which will work alongside the Firefox web browser to customise the look of Facebook and other sites, according to Graham Cluley.  Look them up if you are so inclined.

People who have fallen for this survey scam should scan their Facebook profiles for “shared” and “liked” content that they don’t want to endorse.

Financial Institutions, Charities, Beware OpRobinHood

Notorious hacking groups Anonymous and TeaMp0isoN are teaming up with other hacktivists to launch coordinated attacks on banks in response to recent crackdowns against “Occupy” protest movement encampments.  The joint operation has been code named OpRobinHood, and will involve using stolen credit cards to make false donations to charities, and other malicious activities that their moms can all be proud of.  These activities are supposed to be going down at the expense of banks, but who do you REALLY think will face increased charges and clawbacks to cover the losses?  Yup.  You, Me and those unnamed Charities.

These anarchists are also encouraging bank account holders to withdraw their funds and deposit them in credit unions instead.  Their intentions are to starve the banks of customers as a physical attack, and parallel that attack with sustained and large scale credit card charging campaigns. 

Of course, this begs a few questions:

  • Just how much more “honest and considerate” do you think a credit union is of the Occupy protesters?
  • What differs the credit union from the banks regarding motivations and intentions?
  • How is one any better than the other?
  • Is security somehow better, worse, or about the same at these gentler credit unions versus the evil empire of banks?
  • When they are finished with the banks, will they then come after the credit unions?  Then the mattress manufacturers?  And finally cookie jar makers?

It’s nice that these hacktivists have 99% of us in their hearts, but why do I get the feeling that this is all just another sham to cover over the fact that what these cowards are actually doing is to take money from the banks just to line their own pockets, and using the charities to either distract, hide, or lauder their ill-gotten gains?  Just sayin’…

-=[BUSTED]=- Fraud Victimizes Two NC Banks

FraudNews reports that three individuals, a disbarred lawyer, a crooked loan officer and another man could possibly get long prison sentences for their role in a mortgage fraud scam involving two well known North Carolina banks.   All three have pleaded guilty on a variety of counts.  The US attorney’s office states that they caused losses amounting to over $ 1 million.

Loans department bank officer Mark David Webb, and Goldsboro real estate lawyer, William Devaughn Orander III worked at both banks between 2004 and 2008 when the fraud took place.  The banks allowed borrowers to make a purchase of properties without having money of their own.   They also allowed them to walk away from the closing table with more than 50% of the purchase price for property in cash.   Prosecutors stated that there were a lot of instances where the money was paid to other members of the conspiracy.  This was either done individually or using the real estate holding companies that the co-conspirators owned.  As for Southern Bank’s losses, it amounts to nearly $284,000 with about $715,000 loaned out.

The third party to this conspiracy, Robert Keith Parker, pled guilty to the charge of making false statements to influence financial institutions connected with the loan.   It was Parker and Webb who falsified income tax returns to be able to qualify Parker’s wife to get a loan from Southern Bank.

Nearly $5 million worth of losses have been reported last year by the New Century Bank in a different fraud case by its founding chair, Raymond Lee Mulkey Jr., where the bank lent their founder millions to operate finance companies that he owned.

Operation Shady RAT

Score another big one for the good guys!  Even if they are a little late to the scene to save the maiden or slay the dragon…  I guess we have to score a whole bunch for the bad guys too, since they ran this scam successfully for so long…

Security vendor McAfee published a report on Tuesday about a hacking group that managed to penetrate 72 global companies, governments and non-profit organizations in 14 countries since 2006.  This massive operation stole national secrets, business plans and other sensitive information.  McAfee discovered the intrusions after gaining access to a command-and-control server that collected data from the compromised computers.  Over the past 5 to 6 years there has been a “historically unprecedented transfer of wealth” due to the operation it has named “Shady RAT”.

The attackers gained access to computers by sending targeted e-mails to individuals within the organizations containing an exploit that downloads malicious software and communicates with the command-and-control server to exfiltrate data and further infect their networks.  The data stolen consists of everything from classified information on government networks, source code, e-mail archives, exploration details for new oil and gas field auctions, legal contracts, SCADA (supervisory control and data acquisition) configurations, design schematics and more.  They were not too selective regarding the data that they gathered.  McAfee declined to name all of the organizations affected, but did name the International Olympic Committee (IOC), the World Anti-Doping Agency, the United Nations and the ASEAN (Association of Southeast Asian Nations) Secretariat.  Those organizations were of little economic interest to hackers, and add the speculation of nation state involvement.

In 2006, eight organizations were attacked, but by 2007 that number increased to 29, according to the report.  The number of victimized organizations peaked at 38 in 2009.  The duration of the compromises ranged from less than a month to more than two years in the case of an attack on an Asian Olympic committee.

So, should the average business, large, medium or small sized, be worrying about malware and the APT threat?  Oh, only if secrets, business plans and sensitive information matter to you, you bet your assets!  This cruft is going mainstream, this type of code is available, and coming soon to a PC near you.

Beware “Wrong Hotel Charge” Spam Scam

A very malicious spam campaign has been detected and reported by the good folks at m86 Security Labs.  The attack consists of emails appearing to come from reception desk managers at various hotels, targeting Visa users.  The emails exhibit subject lines such as “Hotel Sutton Place made wrong transaction” and “Wrong transaction from your credit card in Four Seasons Resort Scottsdale” and contain a rather long explanation in very bad English, claiming that the hotel has charged your credit card for over $1,000 by mistake.

To summarize, the email generally says, “Please see the attached form.  You need to fill it in and contact your bank for the return of funds,” and offers an attachment named RefundFormXXX.zip (XXX represents a random three digit number).  The unzipped file is Refund-Form.exe which is outfitted with the icon for an Excel file in order to encourage opening (executing) it.  Once executed, the malware downloads another executable from a Russian domain which is a fake AV application named “Security Protection”.

An HTTP request is sent to, requesting a module called ‘grabbers’ from load.php.  A file called update.dat is retrieved, which is actually an encrypted Windows .dll file.  Once decrypted it acts as a password stealer looking for stored passwords and targeting a huge number of applications including instant messaging programs, poker clients, FTP clients and web browsers.

Roughly one day after all of this malicious activity takes place, another HTTP request is sent, retrieving another fake AV called “Personal Shield Pro.

Texas Restaurant Breach Leads to Fraud

Tracy Kitten at BankInfoSecurity.com E-News is reporting that some 200 people have reported fraudulent debit and credit transactions against their accounts after dining at Margarita’s Mexican Restaurant in Texas.  Investigators believe that Margarita’s point-of-sale system became infected with malware after a third-party vendor’s network was compromised.  “It looks like someone got in to the third-party vendor that handles the credit card information. They did not directly get into Margarita’s system.”

Investigators do not believe restaurant employees are involved, and are reviewing the incidents with the Secret Service.  Police believe the card numbers were intercepted sometime between early April and mid-May, as customers began reporting fraudulent transactions in July.  This is a good long article, I encourage you to read it.

What can we learn from this incident?  Be aware of your third-party vendors’ and suppliers’ policies, practices, and ensure that they are at least as diligent with their security practices as you are.  Trust your vendors and suppliers, but monitor, filter, and restrict their access.  Use anti-malware protection, keep it up to date, and remove information that you don’t need from your POS and network devices.  What you don’t collect and store has less of a chance of haunting you later.  If you really have to store it, secure it, and secure it well.  It might not be your money that is stolen, but it might be your reputation that is on the line.  How many of those customers that were affected do you think will return to Margarita’s?