News

  • 03.09.2010

    Nigerian advance-fee scammer gets 12 years

    IDG News Service -A Nigerian man has been sentenced to 12 years in prison for sending out fraudulent e-mails offering victims big bucks in exchange for moving cash to the United States.

    Okpako Mike Diamreyan, 31, was sentenced to 151 months of prison Wednesday by United States District Judge Janet Hall in Bridgeport, Connecticut.

    Diamreyan made more than US$1.3 million in a scam that suckered 67 victims between 2004 to 2009, prosecutors said. This type of fraud, called an advance-fee scam, was the number-one type of Internet fraud in 2009, according to the U.S. Federal Bureau of Investigation. Last year, advance-fee fraudaccounted for nearly 17 percent of the Internet fraud logged by the FBI.

    Diamreyan pretended to be different people -- Prince Nana Kamokai of Sierra Leone or an airport director from Ghana, for example. He said he needed to move between $11.5 million and $23.4 million out of the country and offered victims 20 percent of the funds, if they would help him out.

    After using fake documentation to convince his victims that he was legitimate, Diamreyan would get them to wire him different types of fees such as "PIN code fees" or courier services charges with the understanding that they would then get the money. These fees would pile up, but the promised money never arrived.

    The scam left "many individuals and their families in financial ruin,"the U.S. Department of Justice said in a statement.

    Diamreyan immigrated to the United States in 2008 and allegedly told an acquaintance that he wanted to make $1 million or so before going home to Nigeria: "i want to forget america and come back home... once i take like 1m or half m," prosecutors quote him as saying.

    He was arrested in August 2009 andfound guilty by a jury in February.

    Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

  • 03.09.2010

    Investigators find famous DJ's credit card details for sale

    IDG News Service -Armin Van Buuren is one of the world's most well-known trance music DJs. He also apparently has had his credit card details stolen.

    Investigators with Ultrascan, a company that investigates credit card fraud and other kinds of online crime, were doing research on forums and systems used to sell credit card numbers, said Frank Engelsman ofUltrascan.

    One analyst was using the ICQ instant messaging system where cybercriminals had set up an automated account to sell credit card numbers. Their ICQ user name was run by a bot, which automatically responds to certain commands.

    A potential buyer for stolen credit card details sees a greeting: "Hello welcome to ICQ bot. Press '1' for Russian. Press '2' for English." After pressing "2," users get three selections: "1. Buy CVV, 2. Checker 3. Account," according to a screen shot supplied by Ultrascan.

    When CVV is selected, the buyer sees how many credit card details are available, sorted by country. From the screen shot, it was possible to see that some 19,046 U.S. card numbers are for sale, 7,843 from the U.K. and more from other countries such as France, Italy and the Netherlands.

    After picking the Netherlands, the bot offered up the truncated details for four cards and the names of those cardholders, one of which was named "Armin Van Buuren."

    The Ultrascan researchers immediate recognized Van Buuren's name. They bought his card details, and the bot returned the DJs full credit card number, the three-digit security code on the back of the card and the name of his bank.

    Ultrascan contacted Van Buuren's management agency in the Netherlands. An official at the management agency on Friday confirmed they had been contacted.

    It's not known if his credit card details were ever used, but Engelsman said cybercriminals typically do not "double sell" details.

    From the format of the data, it appears that a database of credit card numbers was hacked, Engelsman said. Credit card companies, retailers and other data processors have taken steps in recent years to shore up the security of their processing systems to prevent such attacks, but data breaches still occur.

    Englesman said Van Buuren's credit card company called Ultrascan on the DJ's instruction, and Ultrascan informed the company of the problem.

    Van Buuren's situation is hardly unique. Computer security analyst for years have warned how cybercrime has turned into an underground economy, with hackers stealing credit card numbers and offering them for sale in forums where other fraudsters that specialize in abusing financial details.

    "Everybody can be a victim," Engelsman said. "It doesn't matter who you are."

    Send news tips and comments to jeremy_kirk@idg.com

  • 01.09.2010

    Discover to get $5M from Heartland for '08 data breach

    Computerworld -Heartland Payment Systems has agreed to pay $5 million to Discover to settle claims arising from the massive data breach disclosed by the payment processor last year.

    In a brief statement on Wednesday, the Princeton, N.J.-based Heartland said the settlement "resolves all issues" between the two companies stemming from the intrusion.

    "This settlement marks our final agreement with a card brand related to the intrusion," Heartland CEO Robert Carr said in the statement.

    In January, Heartland agreed to set aside$60 million to reimburse banks issuing Visa cards, for breach-related costs. Heartland has also agreed to pay $3.6 million to settle claims brought against it by American Express and more than $41 million to reimburse MasterCard issuers for breach-related costs.

    In addition to settling with the major card brands, Heartland also has offered to pay$4 million to settle a consolidated consumer class action lawsuitbeing heard in Texas.

    All of the settlement money has come from the$140 million Heartland set asideto cover the costs related to the breach. That amount includes more than $26 million in legal costs.

    Heartland, one of the largest processors of payment card transactions in the U.S., disclosed in January 2009 that hackers had broken into its systems in 2008 and stolen credit and debit card data. Authorities later said that data on as many as 130 million credit and debit cards had been stolen, making it thelargest ever breach involving payment card data.

    The intrusions at Heartland and several other major retailers were later traced to a gang of cyber thieves led by Miami-based Albert Gonzalez who wassentenced in Marchto 20 years in federal prison.

    Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at Twitter @jaivijayan or subscribe to Jaikumar's RSS feed Vijayan RSS. His e-mail address is jvijayan@computerworld.com.

    Read more about Securityin Computerworld's Security Topic Center.

  • 01.09.2010

    DARPA launches insider threat detection effort for military

    Computerworld -The Defense Advanced Projects Agency (DARPA) has launched a project for detecting and responding to insider threats on Department of Defense networks.

    Under the Cyber Insider Threat (CINDER) Program, DARPA will explore new approaches for improving the speed and accuracy of insider threat detection. The agency last week sought proposals for ways to identity hostile insider activity by monitoring specific user and network behaviors.

    In the initial stage of the project, the goal is not necessarily to develop new ways of detecting individual malicious insiders themselves. Instead, DARPA hopes to figure out the tell-tale signs and network activities that organizations should monitor to accurately detect malicious activity.

    "If we were looking for the insider actor himself, we might not detect someone who performs a single, isolated task and we run the risk of being inundated with false positives from events being triggered without context of a mission," DARPA said. "To this end, CINDER starts with the premise that most systems and networks have already been compromised by various types and classes of adversaries. These adversaries are already engaged in what appear to be legitimate activities, while actually supporting adversary missions."

    In the next two phases of the three-part CINDER effort, DARPA will develop systems that can monitor networks and user activity and spot malicious activity more quickly.

    The CINDER initiative comes just a few weeks after whistleblower Web siteWikileaks posted more than 70,000 documentscontaining sensitive details on American military operations in Afghanistan. The documents were allegedly leaked to the site by Bradley Manning, a relatively junior Army intelligence analyst who is also accused of supplying Wikileaks with a controversial video allegedly showing a deadly U.S Apache helicopter attack in Iraq.

    Manning's alleged actions have prompted widespread criticism from those who believe the data has put critical U.S. intelligence and military assets in Afghanistan in harm's way. The leaks have also highlighted the risks associated with theinformation-sharingthat has been going on within the military for some time.

    Networks such as the U.S. Department of Defense's Secret Internet Protocol Router Network or SIPRNet, which Manning is alleged to have accessed, are designed to pass along important information as quickly and efficiently as possible.

    Detecting malicious insider activity is difficult. "What sets the insider threat apart from other adversaries is the use of normal tactics to accomplish abnormal and malicious missions," DARPA said.

    The same issue has dogged enterprises for years and is considered by many analysts to pose aneven greater threat to corporate dataand networks than external hackers.

    Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at Twitter @jaivijayan or subscribe to Jaikumar's RSS feed Vijayan RSS. His e-mail address is jvijayan@computerworld.com.

    Read more about Securityin Computerworld's Security Topic Center.

  • 01.09.2010

    Miami man pleads guilty in ID theft case

    IDG News Service -A Miami man has pleaded guilty to two identity-theft related charges after federal agents found more than 26,000 credit card numbers stored on his computer, the U.S. Department of Justice said.

    Juan Javier Cardenas, 45, purchased stolen credit card numbers over the Internet between February 2008 and May 2009, the DOJ said in a press release. Cardenas., known as Maceo, pleaded guilty Wednesday in U.S. District Court for the Southern District of Florida to one count of conspiracy to traffic in and possess unauthorized credit card numbers with intent to defraud, and one count of trafficking in unauthorized credit card numbers, the DOJ said.

    Between March and May 2009, Cardenas e-mailed more than 1,500 credit card numbers to five co-conspirators, according to a June indictment of Cardenas. Those co-conspirators used the compromised credit card numbers to make fraudulent purchases, Cardenas said during his plea hearing before Judge K. Michael Moore.

    U.S. Secret Service agents raided Cardenas' house in May 2009 and found more than 26,000 credit card numbers stored on his computer.

    The indictment does not detail how Cardenas obtained the credit card numbers over the Internet.

    Cardenas faces maximum prison sentences of five years on the conspiracy charge and 10 years on the charge of trafficking in unauthorized credit card numbers. He also faces fines on both counts, as well as forfeiture of any property or proceeds he obtained through the criminal activities. Sentencing is scheduled for Nov. 18.

    Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantusG. Grant's e-mail address is grant_gross@idg.com.

  1   2   3