A case of the biter bit, but few are chortling over AFP intelligence fiasco

I was watching ABC Four Corners last Monday when this little comment came up:
"ANDREW FOWLER: The site was called root-you.org, and for the last two weeks the Australian Federal Police in cooperation with the South Australian Police have run the perfect sting.

TIM DAVIS, FEDERAL AGENT, HIGH TECH CRIME OPS. AFP: We've infiltrated that site and so now we've got control as well.

NEIL GAUGHAN: What we've done with that particular network is we've captured all the identities of all the people that've been using that network. We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration.....

ANDREW FOWLER: In the case of root-you.org, the Federal Police decided the best result was to effectively blow up the site by posting a notice that it was under law enforcement control.

TIM DAVIS, FEDERAL AGENT: Mate are you right to post that message on the forum.

MAN (on phone): Yep.

TIM DAVIS, FEDERAL AGENT: Well if you can do that now that'd be great."

I did idly wonder if there would be a cyber response and thought - "Naw, won't happen".
Then it well and truly did and F-Secure has links to this not so funny episode of counter-hacking, which was the almost inevitable result of all that televised bragging by the boys in blue (this also saw police computer files of actual bank, building society and corporate credit card details exposed to the view of at least one other hacker).

Some of the hacker chatter {A little **** covers words which offend those bluidy filters}:
"After the authorities FINALLY posted their little "ohhh, we have been monitoring this website", we finally said "Enough is enough, we are sick of these f**ks acting like they are hackers, lets see what they really know".
So After writing another FTP report yesterday.. I decided I would move on to getting control of r00t-y0u.org. See what the authorities know about server maintenance.. and how secure they can make stuff.
Lo and behold, their server was windows! I couldn't stop laughing at the sight of this, but I soon moved on. After visiting a 404 page, I instantly noticed that they were using Xampp. Those lazy f***s
can not even just install apache, and php themselves. So instead, they download some application to do it all for them.
Figures.
Now, of course.. they were just SO F***KING SMART, that they left the MYSQL password BLANK! After screwing around with their database, I dumped a vulnerable query into a php file, thus giving me full access to their servers.
After taking a look at the r00t-y0u database, lookie what we find.
User: "h1t3m" (Administrator)
Email: macrobber@gmail.com
These dipsh*ts are using an automatic digital forensics and incident response tool.
They can't do sh*t all themselves, because like I have said before, they have no skill. Anyways, after looking on their win32 machine for a while, I noticed some really awkward stuff. They have credit cards, and bank accounts all on a seperate drive (G:\)."

Four Corners transcript

Pic from Google Images

Phishing lures received this week

St. George Group

Dear Customer,

Due to recent account takeovers and unauthorized listings, St.George Bank is requesting a new account verification procedure. From time to time, randomly selected accounts (seller and/or buyer) are placed under an advanced updating process based on merchant accounts/bank relations and on-file credit cards. St.George Bank may also request in an email message scanned/faxed copies of one or more photo ID's. Your account confirmation may go wrong if your credit card/bank account has expired, or if you have changed/replaced your credit card without letting us know about the change.

An email one doesn't reply to!

Dear costumer ,

For your security, we have temporarily prevented access to your account. We have reasons to believe that your access may have been accesed by someone else than you. You may be getting this message because you are signing on from a different location or device.
If this is the case, your access may be restored when you return to your normal sign on method.
For immediate access, you are required to follow the link below to secure your personal account informations.
https://ibanking.stgeorge.com.au/InternetBanking/welcome.jsp?loginattempt=max&resetid=emailID29953291
Thank you for helping us protect your account.

© St.George Bank Limited ABN 92 055 513 070 AFS Licence No. 240997

The spelling gives this attempt at Internet fraud away.

Church of Scientology on trial in France on charges of organised fraud

... and the case could lead to the nationwide dissolution of the controversial organisation.

The so-called church is accused of targeting vulnerable people for commercial gain.

France, which categorises Scientology as a sect, has previously convicted several individual Scientologists of fraud over the past decades – most notably its science fiction-writing creator, L Ron Hubbard, in 1978.

The Guardian reports that the case stems from the testimony of a French woman who filed an official complaint against the organisation in 1998.

Lawyers for Aude-Claire Malton claim Scientologists preyed upon her at a time when she was "very psychologically fragile", pressuring her into spending €21,000 (£18,000) – her life savings – on products including "purification packs" and vitamins.

The investigating magistrate in charge of bringing the case against the church, Jean-Christophe Hullin, said the church, which has been glamourised by Hollywood members such as Tom Cruise and John Travolta, made a profit by placing individuals in a "state of subjection". The organisation, he argued, is "first and foremost a commercial business" whose actions reveal "a real obsession for financial remuneration".

Another low-life email scam

In our electronic global village it won't be long before this email surfaces again in Australia.

According to Network World on Monday:
"You've been let go. Click here to register for severance pay. " With the economy in the state it is in now, people are afraid for their jobs and criminals are taking advantage of that fear, said Rubinoff. A common tactic includes sending an email to employees that looks like it is from the employer. The message appears to relay news that requires a quick response.
"It can be an email that appears to be from HR that says: 'You have been let go due to a layoff. If you wish to register for severance please register here,' and includes a malicious link."
No one wants to be the person that causes problems in this economy, so any email that appears to be from an employer will likely elicit a response, noted Rubinoff. Lares' Nickerson has also seen cons that use fake employer emails.
"It might say, 'In an effort to cut costs, we are sending W-2 forms electronically this year,'" said Nickerson"
* Eight other scams are here.

2009 Internet scams, hoaxes and threats and the NSW North Coast

E-Victims has released its top 10 Internet scams expected to plague users this year.

ScamBusters also has a similar top ten list:

10. Travel and vacation scams. Travel scams have always been around. But this year we expect to see more Internet-based ruses like bogus offers of cheap airfare and event tickets. The huge Olympic Games Internet tickets scam of 2008 was just the start.

9. Phony auction and classified sales. Yes, eBay, Craigslist, etc. scammers continue to reel in the victims. Despite attempts by the sites themselves to clamp down on the con artists, we expect the tricksters to re-double their deception efforts.

8. Investment and pump and dump scams. We've broadened this category after reporting on a number of failed or phony investment schemes that have cost victims tens of millions of dollars.

7. Work at home and job scams. With unemployment on the rise and the growing popularity of working from home, we think this scam will become more prevalent in 2009.

6. Grandparent, family tragedy and death threat scams. These are extremely common scams where people ask for money by claiming a relative is in trouble or that a murder contract has been taken out. Mostly, they come by phone but increasingly are seen in emails.

5. Viruses and spyware.

4. Nigerian scams, again with lots more new twists.

3. Lottery scams. You've won! New ones are appearing from Canada, the Caribbean, inside the US and from the Far East.

2. Economy related scams. We predict huge growth in loan- and credit-related scams, but foreclosure scams may ease slightly as pressure eases on banks. We'll see.

1. Identity theft and phishing. Despite tougher counter-measures, this scam is still way too easy for the criminals.

Currently in Australia a phishing email is doing the rounds which falsely alerts the recipient to an Australian Tax Office refund.
Surprisingly, by last Wednesday morning this scam was not yet posted on the ACCC-managed Scam Watch .

Australians reportedly lost up to a billion dollars in these scams in 2006-07, but what is more worrying is that identity theft is often being used for purely malicious ends in email attacks mounted as 'payback' for some form of personal disagreement.

There is some evidence that emails of this sort may have be sent from the NSW North Coast over the last 6-12 months.

So, if you receive an email with content or language that appears out of character for the named sender:

• First, contact the sender directly (not via email reply link) and attempt to verify the suspect email;
• Secondly, contact the local police if the email is fraudulent as identity theft can be an offence under Australian law if it involves stealing, fraud, forgery, uttering, computer hacking and misuse, or personation.

Ponzi scheme promoter bites the dust

"Investment manager" (and that term is used very loosely) Bernard Madoff, the former Nasdaq chairman, was charged on Thursday with massive fraud.

Time reports that according to the U.S. Attorney's office in the southern district of New York, Madoff admitted to defrauding clients for up to $50 billion in a massive Ponzi scheme that was committed over a number of years. (See the top 10 scandals of 2008.)

Forbes reports that Madoff, known to his mates as Bernie, informed “senior employees,” possibly his sons, that his investment advisory business was a fraud. (See "Mad Madoff.")

Madoff reportedly said he was “finished,” that he had “absolutely nothing,” that “it's all just one big lie.” He allegedly stated that the business was insolvent, and that it had been for years.

His estimated losses from the fraud clocked in at $50.0 billion. The U.S. Securities and Exchange Commission said regulatory files showed that the firm had more than $17.0 billion in assets under management at the start of the year and that virtually all of that is missing.

The 70-year-old Madoff is being charged with one count of securities fraud, which carries a maximum penalty of 20 years in prison and a maximum fine of $5.0 million. Madoff was released on his own recognizance after posting a $10.0 million bond secured by his Manhattan apartment.

The Securities and Exchange Commission asked the federal court in New York to freeze Madoff’s assets. The commission also appointed a receiver who will try to gather all the assets and will try to determine whether anyone else was complicit in the fraud. “The process takes years,” said Powers. “Although these frauds may appear simple, forensic accountants must go through the various transactions that occurred to understand the full extent.”

Powers said Ponzi-like schemes typical start when the scamster made a bad investment decision or dipped into clients' funds, and instead of admitting to the mistake or paying back the losses, uses new money from investors to meet redemptions.

Some are considering Madoff’s scheme the biggest fraud case in Wall Street’s history. Madoff’s clients, which reportedly include Lombardier, the Loeb Family, Banco Santander, and a slew of charities, will likely seek civil lawsuits or other legal action to try to recover the money they’ve invested.