An effort to consolidate various fraud related news from newspapers/websites across the world. News on Phishing, News on Skimming, News on Hacking, , News on Banking Frauds, News on Identity theft, Fraud news
Eleven people connected with the forum have been arrested in Vietnam and the
The UK's Serious Organized Crime Agency (SOCA) recently announced
that mattfeuter.ru, a leading cybercrime forum has been disabled by an operation
led by the Vietnamese High-Tech Crime Unit (HTCU), the Criminal Investigation
Dvision (CID) of the Ministry of Public Security of Vietnam (MPSVN), SOCA, the
UK's Metropolitan Police Central e-Crime Unit (PCeU), and the FBI. According to SOCA, CID and HTCU officers have also arrested eight members of
the group behind the site in Vietnam, and three forum users were arrested in the
UK. SOCA reports that the site, which had about 16,000 members, had facilitated
more than $200 million worth of credit card fraud worldwide through the hacking
of commercial entities and the harvesting and sale of more than 1.1 million
credit card numbers.
"One of the world's major facilitation networks for online card fraud has
been dismantled by this operation, and those engaged in this type of crime
should know that that they are neither anonymous, nor beyond the reach of law
enforcement agencies," Andy Archibald, interim deputy director of SOCA's
National Cyber Crime Unit, said in a statement.
"We and our partners, in the UK and abroad, continue to protect the public and
legitimate businesses by targeting websites trading in stolen card data, and
relentlessly pursuing those who operate and frequent them." By Jeff Goldman
It was a brazen bank heist, but a 21st-century version in which the
criminals never wore ski masks, threatened a teller or set foot in a
In two precision operations that involved people in more than two dozen
countries acting in close coordination and with surgical precision,
thieves stole $45 million from thousands of A.T.M.'s in a matter of
In New York City alone, the thieves responsible for A.T.M. withdrawals
struck 2,904 machines over 10 hours starting on Feb. 19, withdrawing
The operation included sophisticated computer experts operating in the
shadowy world of Internet hacking, manipulating financial information
with the stroke of a few keys, as well as common street criminals, who
used that information to loot the automated teller machines.
The first to be caught was a street crew operating in New York, their
pictures captured as, prosecutors said, they traveled the city
withdrawing money and stuffing backpacks with cash.
On Thursday, federal prosecutors in Brooklyn unsealed an indictment
charging eight men — including their suspected ringleader, who was found
dead in the Dominican Republic last month. The indictment and criminal
complaints in the case offer a glimpse into what the authorities said
was one of the most sophisticated and effective cybercrime attacks ever
It was, prosecutors said, one of the largest heists in New York City
history, rivaling the 1978 Lufthansa robbery, which inspired a scene in
the movie “Goodfellas.”
Beyond the sheer amount of money involved, law enforcement officials
said, the thefts underscored the vulnerability of financial institutions
around the world to clever criminals working to stay a step ahead of
the latest technologies designed to thwart them.
“In the place of guns and masks, this cybercrime organization used
laptops and the Internet,” said Loretta E. Lynch, the United States
attorney in Brooklyn. “Moving as swiftly as data over the Internet, the
organization worked its way from the computer systems of international
corporations to the streets of New York City, with the defendants
fanning out across Manhattan to steal millions of dollars from hundreds
of A.T.M.'s in a matter of hours.”
The indictment outlined how the criminals were able to steal data from
banks, relay that information to a far-flung network of so-called
cashing crews, and then have the stolen money laundered in purchases of
luxury items like Rolex watches and expensive cars.
In the first operation, hackers infiltrated the system of an unnamed
Indian credit-card processing company that handles Visa and MasterCard
prepaid debit cards. Such companies are attractive to cybercriminals
because they are considered less secure than financial institutions,
computer security experts say.
The hackers, who are not named in the indictment, then raised the
withdrawal limits on prepaid MasterCard debit accounts issued by the
National Bank of Ras Al-Khaimah, also known as RakBank, which is in
United Arab Emirates.
Once the withdrawal limits have been eliminated, “even a few compromised
bank account numbers can result in tremendous financial loss to the
victim financial institution,” the indictment states. And by using
prepaid cards, the thieves were able to take money without draining the
bank accounts of individuals, which might have set off alarms more
With five account numbers in hand, the hackers distributed the
information to individuals in 20 countries who then encoded the
information on magnetic-stripe cards. On Dec. 21, the cashing crews made
4,500 A.T.M. transactions worldwide, stealing $5 million, according to
While the street crews were taking money out of bank machines, the
computer experts were watching the financial transactions from afar,
ensuring that they would not be shortchanged on their cut, according to
MasterCard alerted the Secret Service to the activity soon after the
transactions were completed, said a law enforcement official, who
declined to be identified discussing a continuing investigation.
Robert D. Rodriguez, a special agent with the Secret Service for 22 years and now the chairman of Security Innovation Network,
said that in some ways the crime was as old as money itself: bad guys
trying to find weaknesses in a system and exploiting that weakness.
“The difference today is that the dynamics of the Internet and
cyberspace are so fast that we have a hard time staying ahead of the
adversary,” he said. And because these crimes are global, he said, even
when the authorities figure out who is behind them they might not be
able to arrest them or persuade another law enforcement agency to take
After pulling off the December theft, the organization grew more bold,
and two months later it struck again — this time nabbing $40 million.
On Feb. 19, cashing crews were in place at A.T.M.'s across Manhattan and
in two dozen other countries waiting for word to spring into action.
This time, the hackers had infiltrated a credit-card processing company
based in the United States that also handles Visa and MasterCard prepaid
debit cards. Prosecutors did not disclose the company’s name.
After securing 12 account numbers for cards issued by the Bank of Muscat
in Oman and raising the withdrawal limits, the cashing crews were set
in motion. Starting at 3 p.m., the crews made 36,000 transactions and
withdrew about $40 million from machines in the various countries in
about 10 hours. In New York City, a team of eight people made 2,904
withdrawals, stealing $2.4 million.
Surveillance photos of one suspect at various A.T.M.'s showed the man’s
backpack getting heavier and heavier, Ms. Lynch said, comparing the
series of thefts to the caper at the center of the movie “Ocean’s Eleven.”
While the New York crew had a productive spree, the crews in Japan seem
to have been the most successful, stealing around $10 million, probably
because some banks in Japan allow withdrawals of as much as $10,000 from
a single bank machine.
“The significance here is they are manipulating the financial system to
be able to change these balance limits and withdrawal limits,” said Kim
Peretti, a former prosecutor in the computer crime division of the
Justice Department who is now a partner in the law firm Alston &
Bird. “When you have a scheme like this, where the system can be
manipulated to quickly get access to millions of dollars that in some
sense did not exist before, it could be a systemic risk to our financial
It was unclear to whom the hacked accounts belonged, and who might ultimately be responsible for the losses.
The indictment suggests a far-reaching operation, but there were few
details about the people responsible for conducting the hacking or who
might be leading the global operation. Law enforcement agencies in more
than a dozen countries are still investigating, according to federal
prosecutors. The authorities said the leader of the New York cashing
crew was Alberto Lajud-Peña, 23, whose body was found in the Dominican
Republic late last month. Seven other people were charged with
conspiracy to commit “access device fraud” and money laundering.
The prosecutors said they were all American citizens and were based in
Yonkers. The age of one defendant was given as 35; the others were all
said to be 22 to 24. Mr. Lajud-Peña fled the United States just as the
authorities were starting to make arrests of members of his crew, the
law enforcement official said.
On April 27, according to news reports from the Dominican Republic, two
hooded gunmen stormed a house where he was playing dominoes and began
shooting. A manila envelope containing about $100,000 in cash remained
untouched. By MARC SANTORA
TORONTO – A smartphone app, which allows the user to read credit card information through wallets and purses, is cause for concern amongst consumers that carry credit cards with radio-frequency identification (RFID) technology, according to experts. The free app, available on the Samsung Galaxy S3 through the Google Play store, allows the phone to read the RFID chip on a credit card, picking up the cardholder’s name, credit card number and expiry date, according to a CBC investigation. RFID chip technology is used in many credit cards, most commonly used for tap-to-pay systems like MasterCard’s PayPass or Visa payWave. The technology stores information including the card number, the cardholder’s name and the expiry date. It does not include the three digit security number on the back of the card – usually used when a larger purchase is being made on the card. Major credit card companies have stated that RFID technology is safe, however the technology is not encrypted – unlike the chip on the front of the card that physically plugs in to debit or credit machines. RFID technology serves the same purpose as the magnetic strip on a credit card, but works wirelessly, making it more susceptible to high-tech theft. “The units that you tap your card on are set on very low ranges, so you only have to get within a few inches of the device for it to read your card. But there is nothing inherent in the technology that says it has to be within three to four inches – if you turn the power up you can push it out to 10 or 15 feet,” said David Skillicorn, professor at the school of computing at Queens University. “That’s where the trouble starts – because now you don’t have to be very close to the credit card or the passport in order to read the information on it.” The CBC investigation into the application revealed that credit card information could be read through wallets, pockets and purses using the phones near field communication (NFC) antenna. Theoretically, this means that someone using the app could gain access to your credit card information by just standing near you. “The new piece here is that instead of having to buy a slightly elusive piece of hardware from some sort of mail-order place, you can now just download the app to your phone and piggy back on its Bluetooth capabilities,” Skillicorn told Global News. Skillicorn said that one of the risks associated with this type of technology is identity theft. He notes that because RFID technology does not provide the three digit security code on the back of the card, a thief would not be able to make a substantial purchase. “You can steal small amounts of money, yes, but you can steal identify – and that’s the real risk. You could phone up MasterCard or Visa and when they ask you to enter your card number, you can change the address listed on the account and other personal details – but you can’t go a buy a $5000 TV with that information,” said Skillicorn. But Gordon Agnew, associate professor at the University of Waterloo who specializes in cryptography and data security, disagrees. Agnew argues that because the RFID technology is moving into debit cards now, the financial risk is much higher. “Most credit card companies say you are not liable for fraudulent use of your card, but a lot of debit cards are coming out with RFID technology and those cards are liable depending on the bank,” said Agnew.
What can consumers do to protect themselves?
The risk of these apps is limited to the Android platform right now. Near field communication is not yet available on the iPhone and BlackBerry is “too secure” to adopt the technology, according to Agnew. “The first line of defense is keep it protected,” said Agnew. “You can check to see if the card is RFID enabled – if there is a pie shaped symbol, made up of four or more lines, on the card then this means your card has the technology.” By Nicole Bogart
London, Apr. 25 (ANI): Online fraudsters are offering access to credit card details, networks of hacked computers, and other fraud 'services' through Facebook, according to security researchers.
Cyber security firm RSA identified posts on a Facebook group that included a list of stolen items that appear to have been obtained by one of the group's members.
According to the Guardian, the group has now been removed by Facebook, which said it was a violation of its rules. The group was launched on 28 February this year and at the time of its closure had 163 "likes" and 20 regular contributors. A Facebook spokesperson said that 'security issues, from malware to cybercrime, exist across the whole of the web'. Buying and selling malware, identities and card details is widespread on the Internet, but this appears to be one of the most brazen cases to date. The Facebook group was completely public, meaning anyone - including those without a Facebook account - could access the sites it links to and the discussions taking place on its homepage, the report added.