Online Store Looking for a US Financial Manager (USA)

The Purpose of This Post Is To ALERT You That The Job You Are About To APPLY TO or May Have Applied For or is CONSIDERING APPLYING FOR Is Fraudulent. A LEGITIMATE COMPANY IDENTITY HAS BEEN STOLEN OR A BOGUS ONE CREATED

These job postings are an attempt to lure you into cashing counterfeit checks and have you wire funds via Western Union or MoneyGram – Essentially You Become A Money or RePackage Mule

Money Mule Explained

Read All About This at Symantec Corp.


Date: 2009-09-30, 12:54PM PDT
Reply to: job-uvjbz-1400125090@craigslist.org [Errors when replying to ads?]


Our company Waresales LLC looking for a financial manager to manage payments.

You should be an honest person and eager to work from Mon – Fri.

All details and to apply the position please contact us at job@attfin.com

Thank you.

  • Location: USA
  • Compensation: Financial Managers
  • Telecommuting is ok.
  • This is a part-time job.
  • This is an internship job
  • OK to highlight this job opening for persons with disabilities
  • OK for recruiters to contact this job poster.
  • Phone calls about this job are ok.
  • Please do not contact job poster about other services, products or commercial interests.
Advertisements

Canadian Pharmacy Spam – newrx4champions.com

Buying Precription Drugs Online May Be Dangerous
– Consumer Alert –
Drug Enforcement Administration Says

warning1

National Association of Boards of Pharmacy (NABP)

Warning


“The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Behind The Online Pharmacy

Today a shadowy, transnational network of illicit drug manufacturers, traders, doctors, Web site operators, spammers and criminals makes up the online pharmacy world.

Buying Medication Online Can Be Safe

There are many options out there when it comes to buying medication online. We have looked at websites after websites. Some sites feature offshore pharmacies that do not require a prior prescription. Others feature licensed pharmacies that do require a prescription from your doctor.
Before making a purchase that can effect your health, we strongly recommend that you consult your physician & DO NOT self-medicate. Ordering medication online can be a safe, money-saving experience. When done through licensed online pharmacies that require a prescription, you can be assured that the medication you get is exactly what you need to treat your ailments.

Order your Rx-Medications Online!
Browse Our Selection Today! -> http://newrx4champions.com

Address lookup

canonical name newrx4champions.com.
aliases
addresses 60.12.166.154

Domain Whois record

Queried whois.internic.net with “dom newrx4champions.com“…

   Domain Name: NEWRX4CHAMPIONS.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.UBR34NS.COM
   Name Server: NS2.UBR34NS.COM
   Name Server: NS3.BIDOKODJU.COM
   Name Server: NS4.BIDOKODJU.COM
   Name Server: NS5.HOSTLIFE45.COM
   Name Server: NS6.HOSTLIFE45.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Updated Date: 22-sep-2009
   Creation Date: 16-sep-2009
   Expiration Date: 16-sep-2010

Last update of whois database: Wed, 30 Sep 2009 20:07:11 UTC

Queried whois.namerich.cn with “newrx4champions.com“…

 DomainName : newrx4champions.com

RSP: China Springboard Inc.
URL: http://www.namerich.cn      

Name Server......................NS5.HOSTLIFE45.COM
Name Server......................NS1.UBR34NS.COM
Name Server......................NS2.UBR34NS.COM
Name Server......................NS4.BIDOKODJU.COM
Name Server......................NS6.HOSTLIFE45.COM
Name Server......................NS3.BIDOKODJU.COM
Status...........................clientTransferProhibited
Status...........................clientDeleteProhibited
Creation  Date ..................2009-09-16
Expiration Date .................2010-09-16
Last Update  Date ...............2009-09-23

Registrant ID ...................V-X-58522-14215
Registrant Name .................ZHANG WENQI
Registrant Organization .........ZHANG WENQI
Registrant Address ..............JIAOTONGLU16
Registrant City..................DL
Registrant Province/State .......LN
Registrant Country Code .........CN
Registrant Postal Code ..........116049
Registrant Phone Number .........+86.041128805621
Registrant Fax ..................+86.041128805621
Registrant Email ................kaokga@126.com

Administrative ID ...............V-X-58522-14215
Administrative Name .............ZHANG WENQI
Administrative Organization .....ZHANG WENQI
Administrative Address ..........JIAOTONGLU16
Administrative City..............DL
Administrative Province/State ...LN
Administrative Country Code .....CN
Administrative Postal Code ......116049
Administrative Phone Number .....+86.041128805621
Administrative Fax ..............+86.041128805621
Administrative Email ............kaokga@126.com

Billing ID ......................V-X-58522-14215
Billing Name ....................ZHANG WENQI
Billing Organization ............ZHANG WENQI
Billing Address .................JIAOTONGLU16
Billing City.....................DL
Billing Province/State ..........LN
Billing Country Code ............CN
Billing Postal Code .............116049
Billing Phone Number ............+86.041128805621
Billing Fax .....................+86.041128805621
Billing Email ...................kaokga@126.com

Technical ID ....................V-X-58522-14215
Technical Name ..................ZHANG WENQI
Technical Organization...........ZHANG WENQI
Technical Address ...............JIAOTONGLU16
Technical City...................DL
Technical Province/State.........LN
Technical Country Code ..........CN
Technical Postal Code ...........116049
Technical Phone Number ..........+86.041128805621
Technical Fax ...................+86.041128805621
Technical Email .................kaokga@126.com

; Please register your domains at
; http://www.namerich.cn

Network Whois record

Queried whois.apnic.net with “60.12.166.154“…

inetnum:      60.12.0.0 - 60.12.255.255
netname:      UNICOM-ZJ
descr:        China Unicom Zhejiang province network
descr:        China Unicom
country:      CN
admin-c:      CH1302-AP
tech-c:       JQ16-AP
remarks:      service provider
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CNCGROUP-ZJ
mnt-routes:   MAINT-CNCGROUP-RR
status:       ALLOCATED PORTABLE
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:      This object can only be updated by APNIC hostmasters.
remarks:      To update this object, please contact APNIC
remarks:      hostmasters and include your organisation's account
remarks:      name in the subject line.
remarks:      -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed:      hm-changed@apnic.net 20040629
changed:      hm-changed@apnic.net 20060124
changed:      hm-changed@apnic.net 20090507
changed:      hm-changed@apnic.net 20090508
source:       APNIC

route:        60.12.0.0/16
descr:        CNC Group CHINA169 Zhejiang Province Network
country:      CN
origin:       AS4837
mnt-by:       MAINT-CNCGROUP-RR
changed:      abuse@cnc-noc.net 20060118
source:       APNIC

person:       ChinaUnicom Hostmaster
nic-hdl:      CH1302-AP
e-mail:       abuse@chinaunicom.cn
address:      No.21,Jin-Rong Street
address:      Beijing,100140
address:      P.R.China
phone:        +86-10-66259940
fax-no:       +86-10-66259764
country:      CN
changed:      abuse@chinaunicom.cn 20090408
mnt-by:       MAINT-CNCGROUP
source:       APNIC

person:       Jianhuaq Qian
nic-hdl:      JQ16-AP
e-mail:       chenrenhai@china-netcom.com
address:      No 1,Hangzhou University Road,Hangzhou, Zhejiang,China
phone:        +86-571-28868063
fax-no:       +86-571-28868069
country:      CN
changed:      wuhong@china-netcom.com 20050421
mnt-by:       MAINT-CNCGROUP-ZJ
source:       APNIC

DNS records

DNS query for 154.166.12.60.in-addr.arpa returned an error from the server: NameError

name class type data time to live
newrx4champions.com IN A 60.12.166.154 54s (00:00:54)

— end —

Opportunity c/o needed (Home)

The Purpose of This Post Is To ALERT You That The Job You Are About To APPLY TO or May Have Applied For or is CONSIDERING APPLYING FOR Is Fraudulent. A LEGITIMATE COMPANY IDENTITY HAS BEEN STOLEN OR A BOGUS ONE CREATED

These job postings are an attempt to lure you into cashing counterfeit checks and have you wire funds via Western Union or MoneyGram -Essentially You Become A Money or RePackage Mule

Money Mule Explained

Read All About This at Symantec Corp.

Date: 2009-09-30, 6:40AM PDT
Reply to:
ggjobseekers@yahoo.com [Errors when replying to ads?]



The job will be to evaluate and comment on customer service in a wide variety of shops, stores, restaurant and services in your area. You would have flexible hours as it fits your schedule. Please e-mail your resume.
we will send you more information regarding our company. We are looking for trust worthy and committed individuals
Graham Smith.
RECRUITMENT SERVICES MANAGER Shoppers Guide Ltd.

  • Location: Home
  • Compensation: $400
  • This is a part-time job.
  • Principals only. Recruiters, please don’t contact this job poster.
  • Please, no phone calls about this job!
  • Please do not contact job poster about other services, products or commercial interests.

Job title: JOB , CUSTOMER MANAGER $38000 Annually

The Purpose of This Post Is To ALERT You That The Job You Are About To APPLY TO or May Have Applied For or is CONSIDERING APPLYING FOR Is Fraudulent. A LEGITIMATE COMPANY IDENTITY HAS BEEN STOLEN OR A BOGUS ONE CREATED

These job postings are an attempt to lure you into cashing counterfeit checks and have you wire funds via Western Union or MoneyGram -Essentially You Become A Money or RePackage Mule

Money Mule Explained

Read All About This at Symantec Corp.

Company information:

Name:
Location: austin

Job Details

JOB , CUSTOMER MANAGER $38000 Annually –

Our firm has an opening vacancy: Customer Manager.

Duties:

Receiving and processing of clients payments.

Requirements:

* Ability to schedule working hours effectively.
* Availability of spare time (3-4 hours per day).
* Advanced user ability to operate computer and to use Internet and e-mail.
* Adult age.

APPLY NOW: Please attach your resume in DOC or rich text format and send to e-mail : [click on “Apply Online” button]

This is a part-time job.

RealMatch.com

Spam Job Offerings – email-jobsupdates.com


Do Not Click on Any Link

Header Analysis

The following IP addresses were extracted from your headers:

IP Address Probable Country Additional Info
68.142.207.173 United States (Sunnyvale)* Whois Google DNSStuff Urgentmessage.org
70.38.64.243 Canada (Montreal)* Whois Google DNSStuff Urgentmessage.org
207.115.20.184 United States (Richardson)* Whois Google DNSStuff Urgentmessage.org
* The last IP listed is usually the originating IP address

Here is the text you submitted, with the IP addresses highlighted:

From Will Douglas Tue Sep 29 06:59:44 2009

X-Apparently-To: a Tue, 29 Sep 2009 06:59:44 -0700

Return-Path: <2-942447-2017@email-jobsupdates.com>

X-YahooFilteredBulk: 70.38.64.243

X-YMailISG: Tqt.MjoWLDtILqx8BduUUnOSVa4tOVFx9o65cTXRx6f94oRS0mKZ0qd.YEIBS.s84hxtXGjUc_gI1d6XW1X05N6b8PgSTikvmRJ1VWprAyrQU3htOnPCCETgNp2OCHQ0T__isWmoSj1vaqTacp7vqBZesAiHE_aRPY.TD5FnOyVHncPxSgK9qMcHoH1plt9byBSDiew0y_K2CRxTMqylg39HTDlvsptTJ9VDCSxadQEt29gbTLeIL1Drg08p5MZOLIH_VAVhy4Fc5LX8MWm2CrvG4dC4SUUWt2acJqGvYQuczvxkwzSTr5HxB7Ga

X-Originating-IP: [70.38.64.243]

Authentication-Results: mta150.sbc.mail.mud.yahoo.com from=jobs-updates.com; domainkeys=pass (ok); from=jobs-updates.com; dkim=neutral (no sig)

Received: from 207.115.20.184 (EHLO flpi182.prodigy.net) (207.115.20.184)

by mta150.sbc.mail.mud.yahoo.com with SMTP; Tue, 29 Sep 2009 06:59:44 -0700

X-Originating-IP: [70.38.64.243]

Received: from smtp.email-jobsupdates.com (email-jobsupdates.com [70.38.64.243])

by flpi182.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with ESMTP id n8TDxiSx013162

for ; Tue, 29 Sep 2009 06:59:44 -0700

Received: from localhost (ms244 [70.38.64.243])

by smtp.email-jobsupdates.com (Postfix) with SMTP id A77003BB43C

for ; Tue, 29 Sep 2009 09:59:44 -0400 (EDT)

MIME-Version: 1.0

DomainKey-Signature: a=rsa-sha1;

h=From:Message-ID; q=dns;

b=PmCNAMMCt3VBmrF8++OXf96hI6ERL0KR8FuOKKv1U270zJ3JwA3sYe8CVutu2AqcCKzgTD

L2ZYJdReQPguFk7kUj7l7zlVFX8fLL5PKFJfa1kiTvOyLsz3dTS4B4ZIOZstIlsdLlhSgP

j3UE5LZgOnQbnSEqTJR3lS/t0T6t0bY=;c=nofws; d=jobs-updates.com;s=bm;

From: “Will Douglas” <will.douglas@jobs-updates.com>

Message-ID: X-Mailer: ms244-mailer.php 2.1 X-List-Id: 942447

X-Sent-To:

List-Unsubscribe: http://email-jobsupdates.com/ms2444/2/2017/c29fa91f95c88a413125ee3c52dd0d50

Subject: Jobs…Job Match- Sept. 30, 2009

Date: Tue, 29 Sep 09 09:59:44 -0400

Content-Type: multipart/alternative;

boundary=”=_0a6195921efaa414445a79b65634b1bc”

To:

Content-Length: 3397

Address lookup

canonical name email-jobsupdates.com.
aliases
addresses 70.38.64.243

Domain Whois record

Queried whois.internic.net with “dom email-jobsupdates.com“…

Domain Name: EMAIL-JOBSUPDATES.COM

Registrar: DOMAINDISCOVER

Whois Server: whois.domaindiscover.com

Referral URL: http://www.domaindiscover.com

Name Server: NS1.DOMAINDISCOVER.COM

Name Server: NS2.DOMAINDISCOVER.COM

Status: clientTransferProhibited

Updated Date: 05-aug-2009

Creation Date: 05-aug-2009

Expiration Date: 05-aug-2010

>>> Last update of whois database: Tue, 29 Sep 2009 14:04:09 UTC

Queried whois.domaindiscover.com with “email-jobsupdates.com“…

Registrant:

email-jobsupdates.com

c/o Whois Privacy Service

PO BOX 501610

San Diego, CA 92150-1610

US

Domain Name: EMAIL-JOBSUPDATES.COM

Administrative Contact, Technical Contact, Zone Contact:

email-jobsupdates.com

c/o Whois Privacy Service

PO BOX 501610

San Diego, CA 92150-1610

US

(619) 393-2111

whois@emailaddressprotection.com

Domain created on 05-Aug-2009

Domain expires on 05-Aug-2010

Last updated on 05-Aug-2009

Domain servers in listed order:

NS1.DOMAINDISCOVER.COM

NS2.DOMAINDISCOVER.COM

Network Whois record

Queried whois.arin.net with “!NET-70-38-64-224-1“…

CustName: iWeb Dedicated CL2

Address: 5945, Couture

City: Montreal

StateProv: QC

PostalCode: H1P-1A8

Country: CA

RegDate: 2008-10-03

Updated: 2008-10-03

NetRange: 70.38.64.224 – 70.38.64.255

CIDR: 70.38.64.224/27

NetName: IWEB-CL-T150-02SH

NetHandle: NET-70-38-64-224-1

Parent: NET-70-38-0-0-1

NetType: Reassigned

Comment:

RegDate: 2008-10-03

Updated: 2008-10-03

OrgAbuseHandle: ABUSE1906-ARIN

OrgAbuseName: Abuse Coordinator

OrgAbusePhone: +1-514-286-4242

OrgAbuseEmail: abuse@noc.privatedns.com

OrgNOCHandle: NETWO2356-ARIN

OrgNOCName: Network Administrator

OrgNOCPhone: +1-514-286-4242

OrgNOCEmail: net-admin@noc.privatedns.com

OrgTechHandle: NETWO2356-ARIN

OrgTechName: Network Administrator

OrgTechPhone: +1-514-286-4242

OrgTechEmail: net-admin@noc.privatedns.com

# ARIN WHOIS database, last updated 2009-09-28 20:00

DNS records

name class type data time to live
email-jobsupdates.com IN A 70.38.64.243 3600s (01:00:00)
email-jobsupdates.com IN MX
preference: 10
exchange: smtp.email-jobsupdates.com
3600s (01:00:00)
email-jobsupdates.com IN NS ns2.domaindiscover.com 3600s (01:00:00)
email-jobsupdates.com IN NS ns1.domaindiscover.com 3600s (01:00:00)
email-jobsupdates.com IN SOA
server: ns1.domaindiscover.com
email: hostmaster.tierra.net
serial: 2009080602
refresh: 7200
retry: 1800
expire: 604800
minimum ttl: 28800
3600s (01:00:00)
email-jobsupdates.com IN TXT v=spf1 ip4:70.38.70.190 ip4:70.38.64.243 -all 3600s (01:00:00)
243.64.38.70.in-addr.arpa IN PTR email-jobsupdates.com 3600s (01:00:00)

— end —

Domains on Nameserver ns1.wvssdedicated.com

Entries 1 – 8 of 8 Domain

www.webplanneroffers.com

www.webplannernewsletter.com

www.wvssdedicated.com

www.desertrosenewsletter.com

www.dohapartyplanner.com

www.wvssdesigns.com

www.zincnewsletter.com

www.webplannermarketing.com

Kent White has invited you to join ExpertZoo.com

from invite@expertzoo.com
to scamfraudalert@gmail.com
date Mon, Sep 28, 2009 at 9:16 PM
subject Kent White has invited you to join ExpertZoo.com
mailed-by expertzoo.com
hide details 9:16 PM (4 hours ago)

Your friend and/or business contact Kent White has invited you to join www.ExpertZoo.com
Please click on the link below to see their profile:

Kent White

Message From Kent White :

I’d like to add you to join my professional network on ExpertZoo. -Kent
ExpertZoo.com helps you promote your service or business, surge sales, network and much more. If you do not wish to receive future mailings from ExpertZoo, please opt out by clicking herehttp://www.expertzoo.com/unsubscribe.aspx

ExpertZoo’s offices are located at:
10725 Wexford St,#7
San Diego, CA 92131

kathy Beller has invited you to join ExpertZoo.com

from invite@expertzoo.com
to scamfraudalert@gmail.com
date Mon, Sep 28, 2009 at 5:42 PM
subject kathy Beller has invited you to join ExpertZoo.com
mailed-by expertzoo.com
hide details 5:42 PM (8 hours ago)

Your friend and/or business contact kathy Beller has invited you to join www.ExpertZoo.com
Please click on the link below to see their profile:

kathy Beller

Message From kathy Beller :

I’d like to add you to join my professional network on ExpertZoo. -kathy
ExpertZoo.com helps you promote your service or business, surge sales, network and much more. If you do not wish to receive future mailings from ExpertZoo, please opt out by clicking herehttp://www.expertzoo.com/unsubscribe.aspx

ExpertZoo’s offices are located at:
10725 Wexford St,#7
San Diego, CA 92131

Organized Cybercrime Revealed – Reports CSO

The Shadow Economy For Stolen Identity and Account Information Continues to Evolve

By Michael Fitzgerald
September 28, 2009 — CSO —

As if CSOs don’t have enough on their plates, they now need to beat back made men, capos and the other elements of the Mafia. Yes, the Mafia is formally involved in cybercrime, or so alleges the U.S. attorney for Florida, who filed charges against associates of the Bonanno crime family that included pilfering data from Lexis-Nexis.

The Mafia engaging in cybercrime might sound like your grandmother joining Facebook. In fact, “the majority of data breaches are the result of organized crime,” says Nick Holland, an analyst at Aite Group in Boston. That doesn’t mean it’s the conventional Mafia pulling the strings—though it can be. In fact, it’s hard to tell just who is in control sometimes. For the most part, cybergroups that become notorious, like the Rockfish or the old Russian Business Network, do so because very few cybercrime groups publicize themselves, says Steve Santorelli of Team Cymru. (Cymru, pronounced cumri, is the Welsh word for Wales.)

In fact, observers sometimes disagree on just who’s behind a crime. Take last year’s RBS Worldpay scam, which saw hackers not only make off with 1.5 million records from the electronic payments processor, but make fake ATM cards used to withdraw more than $9 million in 49 cities around the world in a one-hour period. Frank Heidt, CEO of Leviathan Security in Seattle, thinks this was a case of an extremely well-organized group with roots in Russian organized crime. Peter Cassidy, director of research at Triarche Consulting Group in Cambridge, Mass., says it looks like a franchise-style operation in which the data and details on how and when to use it was sold to groups operating in different regions.

Also see CSO’s indepth exclusive Inside the Global Hacker Service Economy

Either way, it’s organized crime. Just a few years ago, most hackers either acted for the glory of spreading a virus they’d written, or handled all aspects of an operation, from phishing to building fake websites to cashing in on the fraud. Since then, cybercriminals have discovered Adam Smith. They specialize, they create markets and above all, they’re entrepreneurial. And because of the Internet, “you get radical distribution of labor and a radically fast ability to recruit skills,” says Cassidy.

As if CSOs don’t have enough on their plates, they now need to beat back made men, capos and the other elements of the Mafia. Yes, the Mafia is formally involved in cybercrime, or so alleges the U.S. attorney for Florida, who filed charges against associates of the Bonanno crime family that included pilfering data from Lexis-Nexis.

The Mafia engaging in cybercrime might sound like your grandmother joining Facebook. In fact, “the majority of data breaches are the result of organized crime,” says Nick Holland, an analyst at Aite Group in Boston. That doesn’t mean it’s the conventional Mafia pulling the strings—though it can be. In fact, it’s hard to tell just who is in control sometimes. For the most part, cybergroups that become notorious, like the Rockfish or the old Russian Business Network, do so because very few cybercrime groups publicize themselves, says Steve Santorelli of Team Cymru. (Cymru, pronounced cumri, is the Welsh word for Wales.)

In fact, observers sometimes disagree on just who’s behind a crime. Take last year’s RBS Worldpay scam, which saw hackers not only make off with 1.5 million records from the electronic payments processor, but make fake ATM cards used to withdraw more than $9 million in 49 cities around the world in a one-hour period. Frank Heidt, CEO of Leviathan Security in Seattle, thinks this was a case of an extremely well-organized group with roots in Russian organized crime. Peter Cassidy, director of research at Triarche Consulting Group in Cambridge, Mass., says it looks like a franchise-style operation in which the data and details on how and when to use it was sold to groups operating in different regions.

Also see CSO’s indepth exclusive Inside the Global Hacker Service Economy

Either way, it’s organized crime. Just a few years ago, most hackers either acted for the glory of spreading a virus they’d written, or handled all aspects of an operation, from phishing to building fake websites to cashing in on the fraud. Since then, cybercriminals have discovered Adam Smith. They specialize, they create markets and above all, they’re entrepreneurial. And because of the Internet, “you get radical distribution of labor and a radically fast ability to recruit skills,” says Cassidy.

You can even get specialized versions of malware, websites, etc.—the Verizon 2009 Data Breach report found that 59 percent of the malware it saw was customized. Sometimes the criminals adopt models that look like the software business. You can literally buy “fraud as a service,” where criminals subscribe to hosted services—a story first illuminated in CSO’s September 2007 article, “Inside the Global Hacker Service Economy” (see www.csoonline.com/article/456863).

Between 70 percent and 80 percent of malware now comes from organized groups, estimates Bogdan Dumitru, CTO at BitDefender, an antivirus firm based in Romania. Lone hackers still break new ground: Dumitru says Twitter malware that’s popped up recently was “developed by a kid. But in the next two months we’ll probably see organized entities taking advantage of it.”

DARK MARKET
The fluidity of cyberorganizations can make them more difficult for law enforcement to penetrate than their real-world counterparts. But it’s not impossible. DarkMarket, a spam and phishing forum, eventually was taken over and hosted on FBI servers. J. Keith Mularski, the supervisory special agent at the FBI assigned to the National Cyber Forensics and Training Unit, ran this site undercover, posing as a spammer named MasterSplynter.

DarkMarket started leading to arrests of prominent spammers and phishers in May 2007. It eventually closed in October 2008, after the arrest of DarkMarket’s boss, a Turkish hacker whose handle was Cha0, leaving Mularski as the last leader standing. Ultimately, sixty people—most of them the most powerful members of DarkMarket—were arrested in at least four countries: Germany, Turkey, the U.K. and the U.S. The FBI also got six complete malware packages and may have prevented $70 million in losses at financial services firms. Plus, it arrested Cha0 and his seven-member gang in Istanbul before they could ship out about 1,000 ATM skimmers, which prevented an additional $33 million in losses.

“Sure, they’ll reorganize, but with every law enforcement action, it’s a little bit harder to regroup,” says Mularski.

The DarkMarket operation has at least temporarily driven many cybercriminals off of Internet Relay Chat and bulletin boards, says Team Cymru’s Santorelli. They’ve opted instead for private instant messenger groups that they control, says Santorelli.

DarkMarket involved law enforcement groups working together across borders. That’s a good step in what remains a challenge. Cybercriminals “are good at finding cracks in international law,” says Yuval Ben-Itzhak, CTO of security firm Finjan. A group might be based in one country, use servers in a second and commit crimes in a third.

This problem has led to calls for better international law. For instance, Brazil has become a hotbed of bank fraud, phishing and Trojan activities since the penalties there are very light. Some are even calling for a group that can force Internet service providers to cut off servers that obviously house phishers.

More countries may be taking cybercrime seriously. While Eastern Europe is seen as a kind of Wild Cyber West, last year, Romanian police arrested 20 people in Ramnicu Valcea and Dragasani, towns known for organized eBay scams (one tried to auction off a Romanian city hall). Florin Talpes, BitDefender’s CEO, says joining the European Union in 2007 has changed attitudes in Romania and in Bulgaria, which have created stronger legal frameworks for fighting cybercrime.

Mularski, however, cites Romania as a country where traditional organized crime clearly has become involved in cybercrime. The FBI arrested 35 Romanians running a phishing and ATM skimming scam in Los Angeles, and Mularski says they were connected with Romanian organized crime. He concedes that the FBI did work with Romanian law enforcement to make 80 arrests in the two countries in a separate case. At least there are arrests in Romania. That rarely happens in a place like Russia, although two unnamed Russian hackers were recently indicted in the Heartland and Hannaford hacking cases—along with US-based alleged mastermind Albert Gonzalez.

Still, even cybercrime groups suffer from market forces. They’ve so flooded the cyber black market with credit card data that prices are falling. Organized crime has shifted its targets. They’re after medical records, which are valuable. They target company CFOs, aiming to get access to corporate bank accounts and wire money out of them. That tactic has had success: In late July, The Washington Post detailed how stealth Trojans had been used to infect a PC used by a county treasurer, a school district and the head of a small business. Hundreds of thousands of dollars were wired to money mules who then sent the funds on to bank accounts in the Ukraine and Russia.

Targeted industries are also shifting. While financial firms make the juiciest targets, Borenstein says that RSA is seeing more activity around the healthcare, manufacturing and government sectors.

Also on the rise are call center scams. Organized criminals may get access to someone’s bank or brokerage account but be unable to transfer money because of Web protections put in place by financial firms. So the criminals call customer service to complain and even bully, hoping to get help in transferring money out.

Meanwhile, social networks “are gold mines to social engineers, to someone who wants to get to the CFO of an organization to attack them,” says Joshua Corman, principal security strategist at IBM Internet Security Systems. Corman says CSOs need to tell employees not to answer things like those “25 Questions” surveys that run rampant on sites like Facebook because the answers often include information used as hints for account passwords.

BATTLING BACK AGAINST ORGANIZED CYBERCRIME
Even as cybercriminals get more sophisticated, the best ways to stop them are often the simple ones. Verizon’s report said that many credit card breaches occurred at firms with minimal PCI compliance. It also found that 51 percent of firms breached had never changed the default vendor passwords for equipment.

Equipment itself gets overrated by CSOs and CISOs, says Michael Levin, former deputy director of the National Cyber Security Division of the Department of Homeland Security. “They are wasting money on hardware and software,” he says. Instead, they should do things like tell employees not to click on e-mail attachments and other basics. Levin has cofounded the Center for Information Security Awareness in Fairfax, Va., which has prepared the free, online awareness training offered through Infraguard, the FBI’s regional effort to work more closely with private companies on cybercrime.

CSOs should get involved with groups like Infraguard or develop relationships with regional FBI or Secret Service agents and local law enforcement. They should also regularly assess their risk levels. “You have to assess every record and every piece of data in the place for its value to criminals,” says Cassidy.

CSOs should also be prepared to do much of their own forensics work before going to law enforcement. Levin says once law enforcement is involved, they may need a search warrant or even a grand jury subpoena to do things like explore company computers for malware, slowing the process.

Above all, talk to people outside of the security department or IT, and talk to peers at other companies, especially financial firms, which are on the front lines of the corporate cyberwars. The cybercriminals don’t cloister themselves, and CSOs can’t either.

Source: CSO – CSOONLINE.COM