Massive Online ID Fraud Ring Busted
Iphtashu Fitz writes "CNet News is reporting that the US Secret Service in conjunction with authorities in six foreign countries have arrested 28 people in the last 48 hours on charges of identity theft, computer fraud, credit card fraud and conspiracy. Dubbed Operation Firewall, the Secret Service identified a group of people who stole over 1.7 million credit card numbers as well as a passport-forging facility in Bulgaria. The investigation started in July 2003 when the Secret Service began investigating an unspecified financial crime. They identified the website Shadowcrew.com whose members traded tutorials and information about identity theft and forgery and exchanged sensitive personal and financial information. The Shadowcrew website has since undergone a makeover thanks to the Secret Service. A press release about the operation can also be found on their website."
In Soviet Russia, the Secret Service local field office contacts YOU before you contact them!
Back on topic, at my last job I worked with the FBI and Secret Service on bank fraud, kiddie porn, etc cases that were hosted on our web servers. Think what you may about them, but they really have their shit together on these types of events and are dead eager to get the offenders in question. The smart person, if they are trying to do anything highly illegal, would do well to go about their business without using the internet. Once you get the attention of the Feds, its usually lights out for the perp. One case I assisted with was a conspirancy ring involving the sale of illegal guns in the UK, using a US based hosting company (my old job). That case broke earlier this year with several arrests and the destruction of the ring. Scotland Yard was the lead on it with backup from the FBI, with cheerful cooperation from us. Our policy was not to go "fishing" for questionble content on our web servers, but once we were made of illegal activity we would preserve evidence and work with the authorities. I've seen pictures on some website that puts tubgirl to shame, usually involving kids. Made me happy when the Feds would follow up with us and would tell us that they got their man (or men)...
"As the intrepid kobold companion continues his journey, he begins to wonder... if priests raises dead, why anybody die?
I was recently brought on to an e-commerce project...day 1 was stopping the fraudulent orders being sent to Malaysia or to the drop sites in the US. All it takes is a 30 second call to the card company to get the issuing bank's number...99% of the bad cards were verified as stolen from the bank. One card wasn't reported as stolen yet...yay for me.
If Paypal, IIS, etc can figure out key encryption, why can't we?
1) Credit card company creates keys and issues it to the customer...the card number is replaced by a number identifying the key.
2) Payment request certificates are sent to the customer who either signs it or doesn't sign it.
3) Transactions are encrypted using keys....you, your bank, the merchant and the card company can decrypt the info, no one else.
Didn't I just describe SSL/GPG? Oh wait..I did.
It boils down to this: if you can't handle the technology (aka keep spyware off your machine, keep it updated, and keep your card number safe), DON'T USE THE TECHNOLOGY. Write a check...but of course, that's digitized now thanks to Check 21...that old technology will be deprecated very soon in favor of direct debit.