Slashdot Mirror
Massive Online ID Fraud Ring Busted
Iphtashu Fitz writes "CNet News is reporting that the US Secret Service in conjunction with authorities in six foreign countries have arrested 28 people in the last 48 hours on charges of identity theft, computer fraud, credit card fraud and conspiracy. Dubbed Operation Firewall, the Secret Service identified a group of people who stole over 1.7 million credit card numbers as well as a passport-forging facility in Bulgaria. The investigation started in July 2003 when the Secret Service began investigating an unspecified financial crime. They identified the website Shadowcrew.com whose members traded tutorials and information about identity theft and forgery and exchanged sensitive personal and financial information. The Shadowcrew website has since undergone a makeover thanks to the Secret Service. A press release about the operation can also be found on their website."
Hey this is the kind of case law enforcement needs. Take down the big boys. As much as some of you like to flame the USSS, you gotta give them credit for this one!
Identity theft can destroy people, literally. Not to mention the years it could take to clean up the damage. This is excellent, and hopefully more busts will follow. :)
US businesses that currently accept chip and PIN/signature
Lets hope they are going after the viagra selling rings too
The fed-version of their website is priceless. I especially like the music and the picture of hands reaching through the bars of a jail cell.
"Weapons should be hardy rather than decorative" - Miyamoto Musashi
I think that goes for OS's too
First they bust them, then they 'fix' their website.
;-)
Now we slashdot the poor thing into oblivion.
Who would have thought that there was a future in law enforcement for webmasters ? Puts a whole new slant on 'deputy webmaster'
Hacked by Chine^H^H^H^H^HSecret Service!
... how long before the US Secret Service gets served a writ by the RIAA for damages related to the use of the Mission Impossible theme tune? ;)
Life is like a sewer; what you get out of it depends on what you put into it...
Morons. If you want to conspire, wouldn't it be smart to do it somewhere with a wee bit less conspicuous name than shadow crew?
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
"...a group of people who stole ... a passport-forging facility in Bulgaria."
;)
Sorry, just had to nitpick.
I'm sorry if I haven't offended anyone
On the site: Proxies, VPNs, IP Spoofing, Encryption, etc....You Are No Longer Anonymous!!
Well, aren't we glad? There's the proof that lifting anonimity is only for your own good </sarcasm>
the pun is mightier than the sword
This really made my up-sick-in-the-middle-of-the night. That "redesigned" page was great. I'm sure a few people had to go change their pants the first time they loaded that one.
What makes that picture especially scary for the members when they visit it is that there is no computer in that jail cell. No computer for 10 years?!? That's worse than a death sentance to some of them!
Hey, attrition, did you make a note on that?
I like the phrase: :-)
Aren't they supposed to be secret?
"CONTACT YOUR LOCAL UNITED STATES SECRET SERVICE FIELD OFFICE....BEFORE WE CONTACT YOU!!"
Yeah! like I know where the local offices are
Is it like a franchise? You get macdonalds and right next to it "your local us secret service office"!
Great!
At the risk of *sounding* like a troll, what does this have to do with what I thought was the sole task of the United States Secret Service -- protecting the President of the United States? I would have thought this would have been a task for the FBI. What gives?
READY.
PRINT ""+-0
I was looking at this site and the forums that are still there has a very recent post from someone...
= viewprofile&u=4
Just look for yourself - http://www.shadowcrew.com/phpBB2/profile.php?mode
I find the website hilarious, especially the bottom line:
"RECENT NEWS REPORTS SHOULD INFORM YOU THAT THE SECRET SERVICE IS INVESTIGATING YOUR CRIMINAL ACTIVITY. CONTACT YOUR LOCAL UNITED STATES SECRET SERVICE FIELD OFFICE....BEFORE WE CONTACT YOU!!"
That is a hilarious signature they have left, but this seems so funny that I'm actually surpised that the Secret Service is having this much of a ball on the website, not something I expect, but like to see!
What I would really like, more than the arrest of identity thieves, is the entire identification system become more immune to this kind of theft. By simply eliminating the suspects, the actual threats posed by them have only been reduced in number, not in level of threat. All those identity insecurities still exist in the system waiting to be taken advantage of the next time some palooka decides it's worth it to skim off a few credit card numbers.
I surely don't have the solution to fix the identity theft problem. In fact, I would leave it to my colleagues here at Slashdot who are much more knowledgable about security issues than I am to hammer out the fine details of a more secure system.
As we become more dependent upon our identification numbers, credit card numbers, social security numbers, and every other number which identifies and tracks us, we open ourselves up to this kind of identity theft threat. The solution is not simply to lock up the perpetrators, it must be a technical solution which makes it difficult or impossible to steal an identity.
The only thing that makes me depressed is that this is just the tip of the iceberg.
Shame on you, Slashdot!.
My life is in despair because of you!
db
Cig:
ôô
One can only wonder who was responsible. A rival group of fraudsters perhaps, or someone trying to bring them into further disrepute?
Trolling using another account since 2005.
Yeah, but some of it is scary --
Proxies, VPNs, IP Spoofing, Encryption, etc....You Are No Longer Anonymous!!
Yup, that's always good when it's the bad guys who're being affected, despite all this.
But pray, what about the good citizens? Or maybe the argument goes that if I'm a good citizen, I've no business wanting all this?
Hmmm....
, the Secret Service identified a group of people who stole over 1.7 million credit card numbers as well as a passport-forging facility in Bulgaria.
the secret service doesnt like thieves who still from forgers!
CONTACT YOUR LOCAL UNITED STATES SECRET SERVICE FIELD OFFICE....BEFORE WE CONTACT YOU!!
thats just beautiful...
Who is this Karma guy and why is he bad ??
Proxies, VPNs, IP Spoofing, Encryption, etc....You Are No Longer Anonymous!!
Hmm .. that suggests that the feds have broken strong encryption, is that true? I don't think so!
cant help laughing at the way the page is made.
Well at least they have a sense of humour.
Timang tinggi tinggi
parang sudah asah
alang alang mandi
biar sampai basah
... makes me want to commit some crimes of my own lol *hangs over desk, typing this message*
The Secret Service has not yet learnt how to decode the untold mysteries of the
apparently.
~.~
I'm a peripheral visionary.
Secret Service can't afford a web designer?
"GENERATOR" content="Microsoft FrontPage 5.0"
I consider the design of this website also a crime.
I'll send in Homeland Security. They seem to have nothing to do now, anyway (see previous story on slashdot).
I don't need a signature.
Does it strike anyone else as odd that the Secret Service would deface a website in this manner?
I'm guessing that this was more of a pre-election public relations maneuver and that this was something less of an event than we would be led to believe.
From the source-code of the site --No wonder -- the word ShadowCrew does not render properly in Firefox =)
Come on you guys at Secret Service!!! Use a good browser guys
Just what exactly is a Slashdotter doing using Internet Explorer?
Below are the results of attempting to parse this document with an SGML parser.
1.
Line 1, column 0: no document type declaration; implying ""
The checked page did not contain a document type ("DOCTYPE") declaration. The Validator has tried to validate with the HTML 4.01 Transitional DTD, but this is quite likely to be incorrect and will generate a large number of incorrect error messages. It is highly recommended that you insert the proper DOCTYPE declaration in your document -- instructions for doing this are given above -- and it is necessary to have this declaration before the page can be declared to be valid.
2.
Line 4, column 6: end tag for "HEAD" which is not finished
Most likely, You nested tags and closed them in the wrong order. For example
...
is not acceptable, as must be closed before. Acceptable nesting is:
Another possibility is that you used an element (e.g. 'ul') which requires a child element (e.g. 'li') that you did not include. Hence the parent element is "not finished", not complete.
3.
Line 4, column 13: end tag for "HTML" which is not finished
At least I would've thought they'd manage to get this done right!
How long will the will they take to check on all Slashdotters that clicked on the link? I think we just made their job just grew up a bit! :)
We always think about secret services like sinister and serious people...
;-)
But they can also be good humorists... that website is a good example...
But I also guess that after the site having been slashdotted, they'll have to spend month to sort out all the access to the site... They'll be busy for a long time... and maybe they'll have to recruit more people... Maybe is it the answer to the unemployment problems
now watch the RIAA prosecute the secret service under the DMCA for illegally distributing copyrighted music through a website operated by the secret service...
Umm...won't clicking on the shadowcrew.com link make our ip address get logged?
And won't that result in us getting "on the shitlist"?
Normally, I wouldn't consider this but given the recent news story about homeland security trying to enforce an expired patent, I'm not sure what to expect.
Darkprofits and Shadowcrew.com? Come on.... they should have gone with shinyfunplace.com or fluffylegitimateactivity.com...
What do you expect to happen if you run imgoingtokillthepresident.com? Happy fun time?
yo.
But do you really think the secret service changed the website? Very unprofessional of them in that case... IMHO a more appropriate action would have been to just take it down.
Martin
Topics like "How To Replace a Photo on a Passport".
I bet 'thebestofbc' will be happy to know the Secret Service can get his info from the Shadowcrew server after he's made a post like
"...on the old canada PP, we used to cut out the pic, lam and all, replace the pic with a new one, then a thin overlam over the whole thing. looked pretty good, but this would not work with any of the new PP's."
I'm sorry if I haven't offended anyone
Shadowcrew is run by bullshitters - this is their idea of a joke. If you really think a government agency would put up a new page like that on the website, then you probably don't know that "gullible" isn't a real word and can't be found in any dictionary.
well lets think about this. 1) Take it down: 3972 members thinking "oh the site's just down temporarily" 2) Put up the cool USSS site: 3972 members scared for their lives so that they stop their illegal activities and turn themselves in to USSS. (Not to mention have a mental breakdown next time they see Mission Impossible!) Hmm..I think it's a damn good decision.
Looks like the slashdot crew are performing our own little "makeover"
More info for people who grok Cyrillics:
http://news.netinfo.bg/?tid=40&oid=653591
http://news.bg/article.php?cid=7&pid=0&aid=149 248
Aliquid melius quam pessimum optimum non est.
Or sit back and watch the uniformed engaging in criminal action. That's the most sensible option.
We'd all take the Secret Service a lot more seriously if they updated their name. Back in 1865 it may have been way cool to call your treasury cops a "secret service", but now it alternates between quaintness and confusion Since they're now part of DHS, how about "Homeland Enforcement"? Make a great TV show!
They probably have Password as their password too.
_O_
.|< The named which can be named is not the true named
looks alot like http://modemhelp.net/modemhelp.net's april fool's joke
Do they run Linux?
In Soviet Russia, The Secret services YOU!
They stole an entire facility? I'm not even mad, I'm impressed. wow.
So they populated a BBS with thousands of messages to make it look more real? Right.
I'm sorry if I haven't offended anyone
If you managed to read the shadowcrew.com site forum before we Slashdotters knocked over their webserver, you might have noticed the comments posted a few days ago about how their site was slow, because it was undergoing a DDoS attack.
If they thought that was bad, I wonder what they're thinking now!
(Serves them right, anyways. It's too late to look now, but their forums are fill with discussions of how to scam people.)
The site seems to be slashdotted or something (doesn't load). Mirrordot to the rescue:8 15e933bda4b46bd/index.html.
http://www.mirrordot.com/stories/837e41d1433a2683
And as for the background sound, the site uses the nonstandard bgsound tag, which will work in IE. It's the theme from Mission: Impossible.
Classic stuff.
look what i found bout em2 004- January/msg00009.html
https://www.redhat.com/archives/k12ltsp-list/
those guys were too dumb...
Now where am I going to get my passports?
oBet, oBkov, Vrat Vseki, zoV Gora, moDa, aDski, DZHob,
What is the secret service for? I thought it's the president's protection service?
that the Shadowcrew webserver has also undergone a makeover care of Slashdot!
I can see the headline now:
"Hundreds of thousends of nerds arrested for suspicion of identity theft"
Yep - you are going to be arrested within an hour of visiting the site because of the Patriot Act and then you will be sent to Cuba within a day and held as an enemy combatant.
Here's a fun trick: Go to your friend's house and ask if you can check your email quick from their computer and visit the site. Sit across the street and laugh as unmarked vans take your friend away.
TINHAT ON
Dude that's how they get into your system!
TINHAT OFF
"Only using our site you can get every detail of any US citizen including SSN number:
t =7 01"
http://www.shadowcrew.com/phpBB2/viewtopic.php?
A nazdrave... :)
I think the site is now slashdotted, but the wayback machine reveals a bit of what it used to look like.
The title of this should be Department of Homeland Security busts computer users.
Then the 90% of the messages will consist of what is homeland security doing busting innocent computer users and how President Bush had a direct involvment.
http://www.seanbonner.com/blog/archives/000910.php
ah! this is real?
Once they see that we were all referred from the same site...
"The Shadowcrew website has since undergone a makeover thanks to the Secret Service." ... more like thanks to Slashdot! It won't load at all :)
And currently is being slashdotted too. I wonder wether they stole /. account data ? o.O
Wait, didn't my karma drop considerably recently ?
Powerful is he who overpowers his temptations.
You'd think by now these underground websites would learn that you can't just let anyone in to your trusted network. I've actually recieved spam-style emails asking me to join CarderPlanet.com, which was one of the sites involved in the ring. Gee, how hard was it to find them? Sheesh.
Nothing has connected the fraud ring to any known terrorist group, Townsend said.
Um... Yeah. Terrorists. I guess that was one of those pre-emptive statements because... you know... someone reading the article would think I hope they weren't going to use my credit card to commit some sort of terrorist act.
The ShadowCrew homepage sans music
For those of you who can't see it because it was slashdotted.
Absolutely this is the kind of case the law enforcers need to investigate and crack down on it hard.
I'll wait with bated breath to see if they really did get the 'Mr Big's and can nail them.
Unfortunately, it has occasionally turned out, with big organised crime operations, that the big guys really got away, and the criminal evidence against the others had crucial flaws, so that in the end, after years of delays and millions of taxpayers money in investigation costs and lawyers fees, even the smaller guys got off too.
I really hope this isn't going to be another one of those. For the time being, we can hope that the cybercops have earned their credit here.
-wb-
It is still possible to check out the genuine version of this site via http://web.archive.org/web/20020903220621/http://s hadowcrew.com/
...the counterfeit president?
>'fun trick'
...heh, even make it the default homepage - although that's a tad obvious.
heck - surely the bosses (or any PHB) pc would be better,
maybe add it into the favourite list
I'm glad they were finally busted, because I really hate that ID fraud, I tell you!
I know I'd end up stealing the identity of Dwayne Dibley.
also boa factory is still up
google it ull see
next thing you know the crooks will be using wiki's
Do not look into LASER with remaining eye!
The whole "forging facility" consisted of 1 bulgarian student. He was making copies of credit cards. Funny thing is that one of the discovered forged cards belonged to Bill Gates.
Discussion discussion discussion...lots of it.
AJ: Sir! Yes Sir!
Boss: I want you to go deep undercover, join this identity theft organisation and bring them to justice.
AJ: Sir! Yes Sir!
Boss: Agent Jones.
AJ: what. I'm busy, just one more compile, k.
Boss: Well done Agent Jones, the thieves are locked up and the world's a safer place.
AJ: yo! right on! My l33t undercover hax0r sk1lls roxs!
Boss: hmm. Let me have your mission report.
AJ: yeah yeah, mission documentation is for wimps. Read the source, luke dude.
Boss: such a pity. Yet another brave agent lost to the demands placed upon them. The world's such a cruel place.
Details here
Now I'm confused: on Slashdot does this make him a bad guy or a good guy?
ACTIVITIES BY SHADOWCREW MEMBERS ARE BEING INVESTIGATED BY THE
UNITED STATES SECRET SERVICE
SEVERAL ARRESTS HAVE RECENTLY BEEN MADE...WITH MANY MORE TO FOLLOW.
Proxies, VPNs, IP Spoofing, Encryption, etc....You Are No Longer Anonymous!!
SHADOWCREW TOPICS
SHADOWCREW MEMBERS ARE FACING THE FOLLOWING CHARGES (*Charges are Not Limited to Below):
*
TITLE 18 USC 371 - CONSPIRACY
*
TITLE 18 USC 1029 - ACCESS DEVICE FRAUD
*
TITLE 18 USC 1028 - FRAUD W/IDENTITY DOCUMENTS, IDENTITY THEFT, ETC.
*
TITLE 18 USC 1030 - FRAUD AND RELATED ACTIVITY IN CONNECTION WITH COMPUTERS.
IF YOU ARE A MEMBER WHO IS CONFUSED AND/OR CONCERNED BY YOUR ACTIONS...PLEASE READ THE FOLLOWING:
RECENT NEWS REPORTS SHOULD INFORM YOU THAT THE SECRET SERVICE IS INVESTIGATING YOUR CRIMINAL ACTIVITY.
CONTACT YOUR LOCAL UNITED STATES SECRET SERVICE FIELD OFFICE....BEFORE WE CONTACT YOU!!
you mean other than your mom? I'm not sure.
... is not to have one.
that there needs to be a huge increase in ways to combat identify theft, ways to make it more difficult to steal identies of people. realistically there is no bulletproof way but the more difficult it gets the better it is as less people will have the means to commit the crime and less people would hopefully be affected.
you can buy credit cards on www.carderplanet.net
1 54
* To:
* Subject: you can buy credit cards on www.carderplanet.net
* From:
* Date: Wed, 22 Jan 2003 17:23:46 -0600 (CST)
* Old-return-path:
FORUM.CARDERPLANET.NET
- My name is Script, I'm a founder of forum.carderplanet.net and i can provide you with excellent credit cards with cvv2 code and without it
Minimum deal is a USD $200.00.
- USD $200.00 - there are 300 credit cards without cvv2 code ( visa + mc ) - USA (included credit card number, exp. day. cardholder billing address,zip,state).
- USD $200.00 - there are 50cc with cvv2 code ( visa +mc) USA (included credit card number, exp. day. cardholder billing address & CVV code from the back side of the card).
Also i can provide cards with SSN+DOB.
COST 40$ per one.
Minimal deal 200$
- Also i can provide Europe credit cards, France,Germany +UK and many other contries around the globe.
r
- All credit cards with good exp day and it's work also so good.
I'm accept payments through Western Union, E-Gold, WebMoney,direct deposit,cash in bag..
You can contact me via icq# 100316,icq#100630 also by email: script4cc@ukr.net
http://forum.carderplanet.net/viewtopic.php?t=4
Anyway, here's my take on the translation of the page:
They really need to work on their 733t-speak if they want to be taken seriously by other defacement gangs.
One line blog. I hear that they're called Twitters now.
Heck if you want to be suspected of Anti-American activities, why don't you just put a John Kerry poster up in your house. It'll make the whole govt. soil its pants.
Call it OT but something kinda related to this happened here in Montreal: Some guy stole some other guy's ID and started making trouble and stuff.. But when he went to the bank for a loan approval or something alike the police was waiting for him.. or perhaps the original guy. It turned out that the victim already had debt and money and gambling problems including fraud. The police was expecting the real person to get to the bank and caught the ID stealer instead. Now try to get out of that kind of sh*hole.
printf($randomline(sigs.txt) \n "-- "$randomline(authors.txt));
-- myself
Or just go wardriving around with a laptop on WiFi. Imagine the whole police swat team surrounding half the city and arresting innocent people! heheh
printf($randomline(sigs.txt) \n "-- "$randomline(authors.txt));
-- myself
It's probably cheaper for them to deter people from these actions than it is for them to arrest them.
There's a house around here that was originally used by a group of drug dealers and prostitutes that was located in a bad neighborhood. The police raided it and turned it into a police substation.
"It is better to risk sparing a guilty person than to condemn an innocent one." - Voltaire
1)Clearly you did not RTFA and you did not do any homework...
It wasn't a patent, it was a REGISTERED TRADEMARK.
The rubiks cube image is the trademark so you may not sell it in packaging with a picture or drawing and you may not sell it in cello wrap where the cube itself is visible unless it is a genuine rubiks cube. Magic cube looks just like rubiks cube and is sold in a box with a cello window. The appearance item visible through the window is TRADEMARKED! Get it? The way the product LOOKS is the trademark. A cube with each side divided into 9 squares IS the trademark! The patent applies to how the product works. I can sell a knockoff without violating the trademark if I sell a plain black cube and a sheet of stick on skin for the faces. Would not be easy though as I may not (without permission) use the rubiks cube image on the box to illustrate what the final result of applying the stickers will look like. Very clever registering the products appearance as the trademark!
Homeland security is an umbrella organization.
2)No worries from USSS. These are the cops who can read and think. If it were the FBI, your concern would certainly be justified. You don't spoof your mac address? Certainly they can narrow down an IP but how the hell can they prove it was your computer that was using it?
now they are taken appart by law enforcement agencys, but on top of that, their servers are being slashdotted
Only morons moderate based on a sig.
Emacs is good operating system, but it has one flaw: Its text editor could be better.
for the lazy who wish to be amused, here's a proper link to the slashdotted, defaced, mainpage (MirrorDOT mirror):
8 15e933bda4b46bd/index.html
http://www.mirrordot.org/stories/837e41d1433a2683
...and it was uploaded by US Secret Service. I think we should notify proper authorities.
I was recently brought on to an e-commerce project...day 1 was stopping the fraudulent orders being sent to Malaysia or to the drop sites in the US. All it takes is a 30 second call to the card company to get the issuing bank's number...99% of the bad cards were verified as stolen from the bank. One card wasn't reported as stolen yet...yay for me.
If Paypal, IIS, etc can figure out key encryption, why can't we?
1) Credit card company creates keys and issues it to the customer...the card number is replaced by a number identifying the key.
2) Payment request certificates are sent to the customer who either signs it or doesn't sign it.
3) Transactions are encrypted using keys....you, your bank, the merchant and the card company can decrypt the info, no one else.
Didn't I just describe SSL/GPG? Oh wait..I did.
It boils down to this: if you can't handle the technology (aka keep spyware off your machine, keep it updated, and keep your card number safe), DON'T USE THE TECHNOLOGY. Write a check...but of course, that's digitized now thanks to Check 21...that old technology will be deprecated very soon in favor of direct debit.
Vote KERRY for a more united & socialist America!
You're sort of missing the point--what does trademark enforcement have to do with Homeland Security. It sort of just proves that the whole creation of the agency was just a big law enforcement funding and power grab.
One CPU cycle wasted on digital restrictions management is ONE TOO MANY.
Hi again,
Here is Donn Jimenez. I write to you because we are accepting your
mortgag=
e application.
Our office confirms you can get a $220.000 lo=C0n for a $252.00 per month
=
payment.
Approval process will take 1 minute, so please fill out the form on our
we=
bsite:
http://atrium-carrageen.refitalk.com
Thank you.
Best Regards Donn Jimenez
First Account Manager
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Besides, this site is so cocky, especially the "proxies, VPNs, whatnot - you are no longer anonymous!" that it makes me, a law abiding citizen, want to do something illegal just for the heck of it.
I think the cellmate who's in the cell is pretty scary already.
One line blog. I hear that they're called Twitters now.
Shadowcrew. I knew I recognized that name.
These guys did some weird stuff. For example, they spammed our internal email addresses at the IRS with offers to host child porn sites. For example, here's one of the emails they sent to an IRS employee, namely me.
But here's where I run out of expertise in how these things work. What on earth were they hoping to accomplish by sending out these spams? Are people actually dumb enough to dial up a phone number sent to them in spam and say "I'd like to host a child porn site. Please set it up for me. Here's my credit card info."?
Or is that phone number one of those things that charges you outrageous sums just for calling it? I wouldn't know; I certainly didn't ring 'em up out of curiosity.
These shadowcrew folks just strike me as weird. I wish I understood their "business model." OTOH, I'm just glad I won't be getting any more emails from them that I have to forward to our investigators.
...that this story called the agency the "Secret Service", instead of the "Department of Homeland Security" like the last article did (since the Secret Service, and myriad other law enforcement and protective agencies are now a part of DHS), otherwise we might have even more than the normal level of utterly useless paranoid police state drivel.
But hey, the Rubik's Cube case was a hell of a lot more scary when you invoke the name of the evil, Nazi-like "DHS" and sensationalize it like that!
It is nice to see the Govt doing their jobs well, in contrast to today's other story about the DHS going after some little store owner over a Rubik's Cube knockoff.
Identity theft is a HUGE problem, they have an uphill batle to fight it. This is the government doing what it should, helping citizens live their lives without interference. We need more of this.
Here's a fun trick: Go to your friend's house and ask if you can check your email quick from their computer and visit the site. Sit across the street and laugh as unmarked vans take your friend away.
Great friend you are. </sarcasm>
that probably depends on which "port" Bubba uses for input/output and at what baud rate...
Yes Francis, the world has gone crazy.
I just sent a complaint email to the abuse team responsible for Net access at a particular USA educational institution that is now hosting, at time of writing, a fake eBay 'phish' site. Presumably, it's just a compromised system cracked by outsiders--if not, then somebody there at said institution has got some 'splaning to do!
The Feds may pay lip service to the spam email problem with Band-Aid approaches like the CAN-SPAM Act, but fvck with the USA money supply (via ID theft in this case) and they will take notice!
stole over 1.7 million credit card numbers as well as a passport-forging facility in Bulgaria
Who allows their Bulgarian passport-forging facility to be stolen? Honestly. One day do you just show up for a nice day of illegal work and poof, building gone! The Bulgarians got whats coming if you ask me.
cyn, free software and *nix operating systems enthusiast.
and here i thought they were slashdotted.
(goes to answer knock at door)
Keep your packets off my GNU/Girlfriend!
Yeah, some people are so stupid they name themselves after shadows.
Enforcement is nice, but cleaning up this one group of morons does little to solve the root cause, buggy M$ junk. The costs and skills to do the job are so low that we can be sure that no real difference will be made.
Friends don't help friends install M$ junk.
Does the site just say "PWN3D" above an SS logo?
"Sic Semper Tyrannosaurus Rex."
Well, it would take them a long time to haul that all that H back home to repacka... I mean, to haul it back to Evidence.
Well, it is certainly good news - nice to know something's being done. But Massive ? That's not the word I would use. 28 people are a drop in the sea of criminals. Now, if all of those 28 spilled some names before their comrades caught the wind of arrests, there might be some collateral damage where due, but... I don't think so. Bottom line is, good thing. But scale impression is wrong. Like arresting 2 dozen street drug dealers in Bronx and calling it massive. 28 people should be weekly catch for this sort of crime.
'...computers in the future may have only 1000 vacuum tubes and perhaps weigh 1.5 tons...' Popular Mechanics, 03/49'
They also stole a passport-forging facility in Bulgaria?
What is this world coming to when we can't even keep our passport-forging facilities safe?
I doubt the USSS got permission to use that song. I hope the MPAA goes after them!
...It's the theme from Mission: Impossible.
Does the United States Secret Service have copyright permission to use the theme from Mission: Impossible?
Andrew Oakley - www.aoakley.com
Wouldn't the best way then to base the resulting hash off a combination of your CC# and the place of business (whatever name they register the charge with your CC company as).
That way, when 5555-5555-5555-5555 221 is mixed with "Denny's Seattle," and "2004-10-26-23-22-11" (time/date). the latter half of a verification code comes up with ID "EDJLLKJEWO-2."
The first part could be a MD5-style hash (semi-random), so that one can't generate your own hash by knowing the encoding method. The latter part, however, could be reversed back using your CC # to get "Denny's Seattle 2004-10-27 11:22:11pm" and bust the dude working front desk at Denny's during that time.
*Denny's is used purely as example, I've never known anyone to have their CC# hijacked from there.
I've been the victim of online credit card theft, and I design ecommerce systems for a living, so I'll speak to that small part of the problem. The solution is mindblowingly simple: never identify yourself to anyone but your credit card company.
I care about this, because it's my ass on the line if my software has any holes in it. Metaphorically, here's how the system works currently: you're buying something from me, so you give me all of your bank information, I write it down someplace and keep it for ever, and then I go later and withdraw the money from your bank. If my files are ever broken into, whoever took them can also go and withdraw money from your bank -- and conversely, if I give you something valuable in exchange for your bank information, and then your account turns out to be empty, I'm SOL.
We do this because it matches the way credit card transactions are done in the real world. The internet gives us a few luxuries, however. Here's how the system should work: you're buying something from me, so I instantly teleport you to your actual bank. You tell them exactly how much money to give me, as soon as I call and confirm the transaction is complete -- the bank verifies that they know you, and you verify that it's your bank, and I don't give a crap how that happens. You then teleport back to my store with a slip of paper with a number on it. I call up your bank and verify that that number means that you transferred the proper amount of money to me.
All of this can be integrated seamlessly into existing online checkouts without changing the experience much, and it reduces the millions of potential points of failure in ecommerce across the internet to about 5 -- one for each credit card company.
Until this system is implemented, I'm saying the problem of online credit card fraud can be blamed entirely on inertia -- the technical solution is there.
I'm not sure how you steal a FACILITY in Bulgaria, but these crooks are bloody amazing if they pulled it off!! Cheers to them!
Now off to steal that new Parliament building in Scotland....
Um, you do know that protecting the currency and the monetary system is exactly what the Secret Service is *for*? They don't have any mandate or authority w.r.t. phishing, so far as I know.
But what about: leave site look alone, install traps everywhere, 3972 members soon well and truly fingered.
International Credit Card Fraud ring leads to bigger fish:
Authorities today arrested thousands of credit card fraudsters. These individuals were tracked down by tracing connections to a site currently under investigation. Visits to www.shadowcrew.com where traced to another site slashdot.org.
Slashdot.org, although supposedly a geek news site, has in fact been found to link heavily to credit card fraud and software piracy. Member lists have already been obtained, and many of the more prominent figures in this conspiracy ring have already been sent off for sodomiz^H^H^H^H^H^H^H detainment.
In a joint press release today Secret Service Officials and Microsoft Representatives noted that the site, in addition to its fraudulent and illegal activities is a strong advocate of the linux operating system. Microsoft Officials did not hesitate to point out the vague link that does not really exist between linux and software piracy.
I guess I could go on, but i've already started to get into absurd anti-microsoft fanboyism. I had to do it though, what good would a joke about the takedown of slashdot be without microsoft trying to get a shot in?
Slashdot: Where anecdotes and generalizations can be freely substituted for facts, logic, or intelligence
I want Ashcroft getting these people on every transaction in which personal data was abused, in violation of the copyright - including those transactions from people who got their copiedwrong data. At least, for the next few months before he's on the dole again.
--
make install -not war
What's criminal about seizing the property of a criminal? In this case, it would be the domain name registration that was seized, then redirected to a site hosted by the Secret Service. Get a brain dumbfuck.
Was for selling the "Magic Cube" Rubix knoclkoffs!!
Hmm. If you don't understand the problems with asset forfeiture, you might want to use your big brain to get thee to a library.
Does this mean they can't use "Operation Firewall" again, for something more related to Internet security? If the government can't name it, it doesn't exist - we're doomed!
--
make install -not war
I loaded the site, but got no tunes. Perhaps they removed the music when they realized the RIAA would seek damages of $150,000 per page view.
Got to love the Secret Service page. It screams big brother all over the place. We can thank the Patriot Act for allowing them to work without warrants. I mean after all gotta keep the country safe from those pesky foreign terrorists.
"Criminals aren't that easy to scare"
I suspect that most of the people on that site don't really think of themselves as criminals. They are just testing the boundaries and assumed they would never get caught. Now they know they can. In particular, they now know that the people who have been feeding them info *did* get caught, so the readers won't feel as comfortable about using the site's advice (which clearly didn't work for them).
Yeah, this is hoot! Well done!
:)
Nice to see law enforcement doing it's job. And it couldn't have happened to a nicer bunch.
Can you imagine the member's reactions to this when they first hit it? Oh... fuck... me...
Google still has a cache of the orignal front page, so when you click "skip intro" you get in to the forum via IP, not DNS http://63.240.81.5/phpBB2/
...that stole my credit card info and my paypal account. My checking account was cleared out, and my credit card was maxed out. I was hosed. Luckily PayPal refunded me the money. It may not be FDIC insured but they got me my cash back within the span of 2 days.
I hope you guys become Bubba's bitch! Dont drop the soap!
What's a sig? Pete Brubaker
Congrat.s to the Secret Service. Thank you.
Expect Freedom.
Do little good if they got someone in the gang to turn and/or infiltrated them. It's more likely old-fashioned police work than cracking IPSec, Skype, TLS, etc.
I'd much more prefer to vote BUSH for a more united national socialist - oh wait, that's what the Nazis called themselves. Fits even better then - Ashcroft, Rumsfeld, Cheney and Bush - Hitler never looked better than when compared to this lot.
Been there, Done that, Sold the t-shirt to the next idiot in line
I really hope soupnazi & eckis (shadowcrew) got it.
God I hated those punks.
Or you could just go to the ACTUAL forum...
http://www.shadowcrew.com/phpBB2/
Anyone else think it's strange that the BB is still up? Quick someone cache it before it's gone forever :)
-Ariel
Tsk tsk, I'm disappointed... these guys are supposed to be all that, you'd think they would be able to hire a someone to design a valid webpage:
I know their job is to protect the USA President and the USA financial system. Surely that carding ring they broke up recently didn't get all those 1.7 million credit card numbers solely by 'dumpster diving' and other 'meatspace' exploits.
I know the Secret Service are deadly serious about protecting the USA President and the American monetary system--just look at how popular In The Line Of Fire and To Live And Die In L.A. still are in the years after there respective releases. They also happen to be two favorite films of mine. Both films vividly convey how deadly and hair-raising being a United States Secret Service Agent can be!
What's a guy who knows how to use "bated" properly doing on slashdot?
Usually when someone attempts that idiom he ends up sounding like he's been eating cat food.
Well, that huge run-on sentence reassures me a little, I guess... wouldn't want this place to get all literate-like.
The feds couldn't have put that site up it is way too ironic!
because he's most certainly right.
If someone in the govt were to actually pull a stunt like that, they would most likely get fired quick (or the govt equivalent of "fired", whatever that is.)
Just one point to nitpick on:
> I traced the Joe Job back to a Finnish DSL net
If it's the same entity that hacked this site and sent joe job spams, it's likely it was sent through botnets.
I've received a couple of those emails, and while they have the exact same content, they come from 2 apparently unrelated and geographically distant IPs.
Comment removed based on user account deletion
Strong encryption is easy to break. One of the most effective methods is known as the purchase-key attack. Basically, the attacker offers something of value (money, a plea agreement, etc) to someone who has the decryption key in exchange for handing over the key. It is far superior to the rubber hose attack (beating the key out of someone) as the purchase-key attack does not leave any evidence if done properly.
The music is from the original "Mission: Impossible" TV show (in fact, it sounds like an analog recording using TV and mic, the way we used to do it in the olden days) and if you remember the series, one of its regular schticks was that at the end, when there was no escape, the MI team would in some highly ironic way inform the target that he'd been pwn3d.
Which makes this just bloody perfect, music and all!
~REZ~ #43301. Who'd fake being me anyway?
The Lorne Chronicles.
This guy's idea of parallel parking is to fishtail a car into a spot sideways. You want him to be in the same risk class as you? Thought not.
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
Of course ... sometimes they make mistakes. Just ask Steve Jackson.
The higher the technology, the sharper that two-edged sword.
Ah ... I think you meant "bawd-rate".
The higher the technology, the sharper that two-edged sword.