Massive Online ID Fraud Ring Busted 353
Iphtashu Fitz writes "CNet News is reporting that the US Secret Service in conjunction with authorities in six foreign countries have arrested 28 people in the last 48 hours on charges of identity theft, computer fraud, credit card fraud and conspiracy. Dubbed Operation Firewall, the Secret Service identified a group of people who stole over 1.7 million credit card numbers as well as a passport-forging facility in Bulgaria. The investigation started in July 2003 when the Secret Service began investigating an unspecified financial crime. They identified the website Shadowcrew.com whose members traded tutorials and information about identity theft and forgery and exchanged sensitive personal and financial information. The Shadowcrew website has since undergone a makeover thanks to the Secret Service. A press release about the operation can also be found on their website."
This is pretty big! (Score:3, Informative)
Wait (Score:2, Funny)
oBet, oBkov, Vrat Vseki, zoV Gora, moDa, aDski, DZHob,
Re:Wait (Score:5, Funny)
Re:This is pretty big! (Score:2)
Re:This is pretty big! (Score:3, Interesting)
Let's hope it's as big as it sounds! (Score:4, Insightful)
I'll wait with bated breath to see if they really did get the 'Mr Big's and can nail them.
Unfortunately, it has occasionally turned out, with big organised crime operations, that the big guys really got away, and the criminal evidence against the others had crucial flaws, so that in the end, after years of delays and millions of taxpayers money in investigation costs and lawyers fees, even the smaller guys got off too.
I really hope this isn't going to be another one of those. For the time being, we can hope that the cybercops have earned their credit here.
-wb-
Re:This is pretty big! (Score:3, Funny)
United Soviet Socialist States? I didn't know Bush had gone that far just yet.
oh, United States Secret Service. Still, you have to wonder about a secret government organization using 'SS' as its designation...
Re:This is pretty big! (Score:4, Funny)
Under your logic, were I to form a terrorist group and name it "John Kerry", he should have to change his name.
Shit. I just named a presidential candidate, Nazi orginization, AND the word 'terrorist' in the same post... oh well, the NSA was slashdotted earlier, I'm sure they won't be coming to get me, I'm safe here in..@#%#$%34j[CARRIER LOST]
Re:This is pretty big! (Score:2)
Re:This is pretty big!--The Feds missed one! (Score:3, Interesting)
The Feds may pay lip service to the spam email problem with Band-Aid [bandaid.com] approaches like the CAN-SPAM Act, [legalarchiver.org] but fvck with the USA money supply (via ID theft in this case) and they will ta
Re:spammers (Score:2)
Nah, the spammers will just find something else to sell, like they did with Vioxx. See the quote by spam king Pone Leray in Vioxx recall reduces worldwide spam [ericgiguere.com]
Eric
See the HTTP headers your browser is sending [ericgiguere.com]
We need more action on identity theft (Score:5, Insightful)
Re:We need more action on identity theft (Score:5, Funny)
Identity theft, the worlds leading cause of spontaneous human combustion. Four out of five leading physicists agree.
Re:We need more action on identity theft (Score:3, Funny)
Re:We need more action on identity theft (Score:2, Interesting)
Re:We need more action on identity theft (Score:2)
Re:We need more action on identity theft (Score:4, Informative)
Fraud already carries some serious penalties -- the new wave of fraud has more to do with the difficulty of tracing someone who obtains personal information for the purposes of fraud using the Internet. We now have people capable of defrauding others from distant countries. I think we're much better off spending time and money on improving forensic abilities, requiring creditors and vendors accepting credit to implement better security measures, and educating consumers about how they can protect themselves.
The punishment for identity fraud should be:
Those might help agencies develop better security and forensics, which leads to more criminals being caught. When people are actually getting caught, then the penalties are actually effective deterrents.
Re:We need more action on identity theft (Score:2)
That's pretty funny. Though obviously, once someone, uh, infringes your ID, they're going to run up credit card bills in your name, which is fraud any way you look at it.
Not very subtle! :) (Score:5, Funny)
Re:Not very subtle! :) (Score:2, Funny)
Re:Not very subtle! :) (Score:4, Funny)
Re:Not very subtle! :) (Score:2)
Proxies, VPNs, IP Spoofing, Encryption, etc....You Are No Longer Anonymous!!
Yup, that's always good when it's the bad guys who're being affected, despite all this.
But pray, what about the good citizens? Or maybe the argument goes that if I'm a good citizen, I've no business wanting all this?
Hmmm....
Re:Not very subtle! :) (Score:5, Funny)
From the source-code of the site --No wonder -- the word ShadowCrew does not render properly in Firefox =)
Come on you guys at Secret Service!!! Use a good browser guys
Re:Not very subtle! :) (Score:2)
Re:Not very subtle! :) (Score:3, Interesting)
Re:Not very subtle! :) (Score:5, Insightful)
Re:Not very subtle! :) (Score:2, Insightful)
There's a house around here that was originally used by a group of drug dealers and prostitutes that was located in a bad neighborhood. The police raided it and turned it into a police substation.
Re:Not very subtle! :) (Score:4, Informative)
http://www.mirrordot.com/stories/837e41d1433a2683
And as for the background sound, the site uses the nonstandard bgsound tag, which will work in IE. It's the theme from Mission: Impossible.
Classic stuff.
Re:I love to see the bullies bite the dust. (Score:5, Interesting)
Back on topic, at my last job I worked with the FBI and Secret Service on bank fraud, kiddie porn, etc cases that were hosted on our web servers. Think what you may about them, but they really have their shit together on these types of events and are dead eager to get the offenders in question. The smart person, if they are trying to do anything highly illegal, would do well to go about their business without using the internet. Once you get the attention of the Feds, its usually lights out for the perp. One case I assisted with was a conspirancy ring involving the sale of illegal guns in the UK, using a US based hosting company (my old job). That case broke earlier this year with several arrests and the destruction of the ring. Scotland Yard was the lead on it with backup from the FBI, with cheerful cooperation from us. Our policy was not to go "fishing" for questionble content on our web servers, but once we were made of illegal activity we would preserve evidence and work with the authorities. I've seen pictures on some website that puts tubgirl to shame, usually involving kids. Made me happy when the Feds would follow up with us and would tell us that they got their man (or men)...
Yes, but... (Score:5, Funny)
... how long before the US Secret Service gets served a writ by the RIAA for damages related to the use of the Mission Impossible theme tune? ;)
Re:Yes, but... (Score:3, Insightful)
The top secret stamp effect (Score:5, Funny)
Re:The top secret stamp effect (Score:2)
Crafty buggers (Score:4, Funny)
Sorry, just had to nitpick.
Re:Crafty buggers (Score:2)
warning from the us ss (Score:2)
Well, aren't we glad? There's the proof that lifting anonimity is only for your own good </sarcasm>
Defaced by Secret Service? (Score:2)
us secret service (Score:5, Funny)
"CONTACT YOUR LOCAL UNITED STATES SECRET SERVICE FIELD OFFICE....BEFORE WE CONTACT YOU!!"
Yeah! like I know where the local offices are
Is it like a franchise? You get macdonalds and right next to it "your local us secret service office"!
Great!
Re:us secret service (Score:5, Insightful)
Re:us secret service (Score:2)
The US domestic agencies have offices in all countries ?
Re:us secret service (Score:2)
Re:us secret service (Score:3, Funny)
Comment removed (Score:5, Funny)
Too funny... (Score:3, Interesting)
I find the website hilarious, especially the bottom line:
"RECENT NEWS REPORTS SHOULD INFORM YOU THAT THE SECRET SERVICE IS INVESTIGATING YOUR CRIMINAL ACTIVITY. CONTACT YOUR LOCAL UNITED STATES SECRET SERVICE FIELD OFFICE....BEFORE WE CONTACT YOU!!"
That is a hilarious signature they have left, but this seems so funny that I'm actually surpised that the Secret Service is having this much of a ball on the website, not something I expect, but like to see!
One step towards security (Score:5, Insightful)
I surely don't have the solution to fix the identity theft problem. In fact, I would leave it to my colleagues here at Slashdot who are much more knowledgable about security issues than I am to hammer out the fine details of a more secure system.
As we become more dependent upon our identification numbers, credit card numbers, social security numbers, and every other number which identifies and tracks us, we open ourselves up to this kind of identity theft threat. The solution is not simply to lock up the perpetrators, it must be a technical solution which makes it difficult or impossible to steal an identity.
Re:One step towards security (Score:2)
First of all, no system is 100% secure. There is no system that can't be hacked by people determined enough hack it, and exploited by those determined enough to exploit it.
Second, the system you're proposing sounds overly draconian, and would raise a lot of flags with a lot of the slashdot crowd, the EFF, and liberals everywhere. Things like implanted RFID chips, finger print/retinal scan identification built in to your computer, hardware based ID chips. All a step up in security, and all circu
Re:One step towards security (Score:2)
See, even if you had a identity card, with a private key on it, issued by the government after you've proven who you are (the tax man definitely knows who you are
Re:One step towards security (Score:4, Insightful)
I deal with a number of companies which use my SSAN as the "key" to my account, some which (supposedly) supplant it with a passphrase -- though a representative of one company told me that if I couldn't remember my passphrase she would accept my SSAN! This completely goes against my reason for having a passphrase on the account in the first place! I will not go into detail about with which companies I have accounts covered by this policity, but suffice to say that just about every service I am provided suffers in this way.
Like the parent, I cannot myself come up with a feasible system for replacement. I even had one company rep ask me what I would prefer to use, I answered "I don't care, just not my [SSAN]." Not necessarily true, since some companies ask for information which can be read directly off a stolen or misdirected envelope.
None-the-less, the current system IS broken and IS too easy to subvert. I find that too many entities look to the end user for solutions to their problems, as illustrated by the above question posed to me. I am sorry, but it is not the customer's responsibility to provide a fix to a company's broken procedures; the company itself should invest whatever it takes to ensure its customer/client safety, regardless of the cost.
Personally, I would opt to pay more for a service which made it more difficult to access my account information. If more companies provided a service like this, eventually it would become the norm and the price of such secure service would settle back down due to competition.
I do feel the need to address something I provided in my introduction: college documentation. Something as simple as classroom roll sheets is a problem. In more than one class I have attended a sheet of paper was passed around the class (proof of attendance, clarification of class enrollment, or whatever) on which a student was to print his or her name, SSAN, and then sign. Need I say more? Put all of these elements together and think about our personal security. Even I wrote my SSAN on such documents until later in my college life when I thought better of this practice. Only once did my refusal cause a problem, and I ultimately won the argument in front of college administration.
Re:One step towards security (Score:2)
The solution is low tech. It's when your grandparents knew their grandparents.
Re:One step towards security (Score:3, Insightful)
ID theft is only a problem because we place so much importance on our identities. One person can get a home loan. The other can't. One persan can get health insurance. The other can't.
The simple example is insurance. Insurance rates should not depend on the individual. The whole point of insurance is to spread the risk and cost of rare catastrophic events. Each should pay an equal share. When you get a system like today which is so perfect as to analyse each person's risk and ch
Shame on you... (Score:4, Funny)
Shame on you, Slashdot!.
My life is in despair because of you!
ShadowCrew "Joe Jobs" (Score:5, Informative)
One can only wonder who was responsible. A rival group of fraudsters perhaps, or someone trying to bring them into further disrepute?
Re:ShadowCrew "Joe Jobs" (Score:2)
Re:ShadowCrew "Joe Jobs" (Score:2)
The Music (Score:2, Funny)
Gov't HTML (Score:5, Funny)
OMG (Score:2)
Secret Service can't afford a web designer?
"GENERATOR" content="Microsoft FrontPage 5.0"
I consider the design of this website also a crime.
I'll send in Homeland Security. They seem to have nothing to do now, anyway (see previous story on slashdot).
Slashdotted! (Score:3, Insightful)
Re:Slashdotted! (Score:2)
copyright infringement by the secret service (Score:5, Insightful)
Re:copyright infringement by the secret service (Score:2)
Note to self (Score:5, Funny)
Darkprofits and Shadowcrew.com? Come on.... they should have gone with shinyfunplace.com or fluffylegitimateactivity.com...
What do you expect to happen if you run imgoingtokillthepresident.com? Happy fun time?
yo.
Re: (Score:2)
Re:Note to self (Score:2, Informative)
Well, actually the Norwegian rap-group "Gatas Parlament" [gatasp.no] (The parliament of the streets) recently put up this [killhim.nu] page. It's in norwegian, but I really don't think anyone needs a translation.
I doubt these guys will ever be going to the US...
(For the reccord: I don't think this is a good joke)
Check out the BBS (Score:2)
I bet 'thebestofbc' will be happy to know the Secret Service can get his info from the Shadowcrew server after he's made a post like
"...on the old canada PP, we used to cut out the pic, lam and all, replace the pic with a new one, then a thin overlam over the whole thing. looked pretty good, but this would not work with any of the new PP's."
GOT to do something about that name. (Score:2)
Re:GOT to do something about that name. (Score:2, Funny)
`Dubbed Operation Firewall[...]' (Score:2)
They probably have Password as their password too.
Re:`Dubbed Operation Firewall[...]' (Score:2)
Or "eigth asterisks"... ;-)
Re:`Dubbed Operation Firewall[...]' (Score:2)
Re:`Dubbed Operation Firewall[...]' (Score:2)
Re:`Dubbed Operation Firewall[...]' (Score:3, Insightful)
An entire facility? (Score:3, Funny)
They stole an entire facility? I'm not even mad, I'm impressed. wow.
Want to see what it looked like before? (Score:4, Informative)
Come on, this is slashdot... (Score:3, Insightful)
Then the 90% of the messages will consist of what is homeland security doing busting innocent computer users and how President Bush had a direct involvment.
Some thoughts (Score:2)
You'd think by now these underground websites would learn that you can't just let anyone in to your trusted network. I've actually
I'd try it but.... (Score:2)
think of the agents (Score:2, Funny)
AJ: Sir! Yes Sir!
Boss: I want you to go deep undercover, join this identity theft organisation and bring them to justice.
AJ: Sir! Yes Sir!
Boss: Agent Jones.
AJ: what. I'm busy, just one more compile, k.
Boss: Well done Agent Jones, the thieves are locked up and the world's a safer place.
AJ: yo! right on! My l33t undercover hax0r sk1lls roxs!
Boss: hmm. Let me have your mission report.
AJ: yeah yeah, mission documentation is for
The Reality is (Score:2)
There are other BIG concerns for economy! (Score:2)
Fraudulent transactions (Score:5, Interesting)
If Paypal, IIS, etc can figure out key encryption, why can't we?
1) Credit card company creates keys and issues it to the customer...the card number is replaced by a number identifying the key.
2) Payment request certificates are sent to the customer who either signs it or doesn't sign it.
3) Transactions are encrypted using keys....you, your bank, the merchant and the card company can decrypt the info, no one else.
Didn't I just describe SSL/GPG? Oh wait..I did.
It boils down to this: if you can't handle the technology (aka keep spyware off your machine, keep it updated, and keep your card number safe), DON'T USE THE TECHNOLOGY. Write a check...but of course, that's digitized now thanks to Check 21 [federalreserve.gov]...that old technology will be deprecated very soon in favor of direct debit.
Best way (Score:3, Interesting)
That way, when 5555-5555-5555-5555 221 is mixed with "Denny's Seattle," and "2004-10-26-23-22-11" (time/date). the latter half of a verification code comes up with ID "EDJLLKJEWO-2."
The first part could be a MD5-style hash (semi-random), so that one can't generate your own hash by knowing the encoding method. The latter part, howev
Internal Revenue Service involvement? (Score:3, Interesting)
Shadowcrew. I knew I recognized that name.
These guys did some weird stuff. For example, they spammed our internal email addresses at the IRS with offers to host child porn sites. For example, here's one of the emails they sent to an IRS employee, namely me.
But here's where I run out of expertise in how these things work. What on earth were they hoping to accomplish by sending out these spams? Are people actually dumb enough to dial up a phone number sent to them in spam and say "I'd like to host a child porn site. Please set it up for me. Here's my credit card info."?
Or is that phone number one of those things that charges you outrageous sums just for calling it? I wouldn't know; I certainly didn't ring 'em up out of curiosity.
These shadowcrew folks just strike me as weird. I wish I understood their "business model." OTOH, I'm just glad I won't be getting any more emails from them that I have to forward to our investigators.
Re:Jurisdiction (Score:2)
Re:Jurisdiction (Score:5, Informative)
Since ID theft has the potential of screwing up the financial system in a rather major way, I'm not too surprised they got involved on that case.
Anyway, the idea of "defacing" the site was bloddy brilliant. It gives the strong message that the Law can get to the frauders level in order to catch them. I'm pretty sure the message got through to a few people in a much stronger way than a simple press release would have.
Re:Jurisdiction (Score:2)
since they were formed, essentially.
"that's not fair" "it is, it is!"
Re:Jurisdiction (Score:2)
Re:Jurisdiction (Score:5, Informative)
http://www.secretservice.gov/investigations.sht
"The Secret Service was established as a law enforcement agency in 1865. While most people associate the Secret Service with Presidential protection, our original mandate was to investigate the counterfeiting of U.S. currency--which we still do . Today our primary investigative mission is to safeguard the payment and financial systems of the United States. This has been historically accomplished through the enforcement of the counterfeiting statutes to preserve the integrity of United States currency, coin and financial obligations. Since 1984, our investigative responsibilities have expanded to include crimes that involve financial institution fraud, computer and telecommunications fraud, false identification documents, access device fraud, advance fee fraud, electronic funds transfers, and money laundering as it relates to our core violations."
Re:Jurisdiction (Score:2)
They are probably the single most non-partisan and politically un-influenceable investigating agency in the employ of the US government (Hopefully that is not just PR spin!).
Re:Jurisdiction (Score:2)
They also are charged with various other jobs, including (according to their website):
laws relating to counterfeiting of obligations and securities of the United States; financial crimes that include, but are not limited to, access device fraud, financial institution fraud, identity theft, computer fraud; and computer-based attacks on our nation's financial, banking, and telecommunications infrastructure.
Since it looks like this site was p
Re:Strong encryption broken? (Score:2, Insightful)
The same goes for encrypted emails and the likes... There's little point in encrypting something if the recipient has had to surrender the key to a law enforcement agency.
Re:Defacement? (Score:5, Insightful)
Odd? Unthinkable. Unless you had already rounded up every single important person in the group, why on Earth would you signal to them that they were under investigation? The tone and design looks more like some kid-in-a-basement-circa 2001 than US Government Office circa 2004.
I call bullshit. More likely someone with the relevant passwords put that up when it became clear that they were under investigation.
A bit too elaborate to be a hoax (Score:2)
Re:A bit too elaborate to be a hoax (Score:2)
Re:Clicking on shadowcrew link = being investigate (Score:5, Funny)
"Hundreds of thousends of nerds arrested for suspicion of identity theft"
Yep - you are going to be arrested within an hour of visiting the site because of the Patriot Act and then you will be sent to Cuba within a day and held as an enemy combatant.
Here's a fun trick: Go to your friend's house and ask if you can check your email quick from their computer and visit the site. Sit across the street and laugh as unmarked vans take your friend away.
Re:Clicking on shadowcrew link = being investigate (Score:3, Insightful)
Re:Clicking on shadowcrew link = being investigate (Score:2)
BULGARI IUNACI!!! (Score:2, Funny)
Re:BULGARI IUNACI!!! (Score:2)
Anyway, it is quite funny that some of the most high-tech bits was done by Bulgarians. Hopefully it will help the next time I have to explain an American that they have no fscking idea whatsoever how technologically advanced the criminals are in some East European countries (Bulgaria being the prime example).
Re:God (Score:2)