GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Industry self-policing: A lofty goal?

Patti Murphy
ProScribes Inc.

News

Industry Update

Federal Reserve sets debit interchange at 21 cents

Visa to update forecast after Fed sets debit interchange

More regs, requirements from FFIEC, PCI council

Fraudsters nailed, proactive security initiatives needed

The 25 most dangerous software errors in 2011

Features

Wal-Mart wants to bank the underserved

Patti Murphy
ProScribes Inc.

Microfinance and profits

Patti Murphy
ProScribes Inc.

Electronic billing for SMBs

The three R's of text message marketing

Pal Flagg
Street Savings

ISOMetrics:
Breaches across America

Selling Prepaid

Prepaid in brief

Is the new AmEx prepaid card a game changer?

Case study: Prepaid electricity metering

Views

Are you ready for the NFC paradigm shift?

Scott Henry
VeriFone Inc.

Education

Street SmartsSM:
Networking groups and referral marketing - Part 1

Bill Pirtle
MPCT Publishing Co.

Use communication to cut merchant attrition

Jeff Fortney
Clearent LLC

Finding the right payment processor

John Barrett
First Data Corp.

Social media: Putting your company's best face forward

Peggy Bekavac Olson
Strategic Marketing

What is my portfolio worth anyway?

Adam Atlas
Attorney at Law

Company Profile

Capital Access Network Inc.

New Products

Award winning loyalty technology

Paycloud
SparkBase

Less churn, more earn in health care

Revenue Maximizer
TransEngen Inc.

Inspiration

Make children your business

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

July 11, 2011  •  Issue 11:07:01

previous next

Fraudsters nailed, proactive security initiatives needed

In the wake of the failure of the Global Cyber-Crime Summit in London to agree on solutions to the growing seriousness of data theft, the secure data and online access security company IronKey Inc. is urging security professionals to immediately address the accelerating cyber-crime attacks around the world.

IronKey Chief Executive Officer Arthur Wong called for a new direction for protecting data to get away from a system that only detects threats after they occur. "The industry needs to be proactive, not reactive, and this was the missing message" from the summit, Wong said. He added that the industry needs to develop a software security package that assumes a system is already infected and gives the user "a hardened virtual operating system and browser, built-in malware protection and a trusted network" that together create a separate, protected computer system.

DOJ nails cyber fraud rings

Meanwhile, two Latvians were indicted, and the U.S. Department of Justice and the FBI seized more than 40 computers, servers and bank accounts disrupting two Latvian cyber crime rings that stole more than $74 million from more than 1 million consumers. The criminals allegedly sold customers by telling them they were protecting their computers when, in fact, consumers were buying fake computer security systems.

The law enforcement action, known as Operation Trident Tribunal, puts a halt on two criminal rings operating throughout the United States and Western Europe. In the first action, investigators discovered criminals aggressively marketing and selling fake security software by first getting customers to download a malicious program known as "scareware."

Scareware falsely tells computer users it has done a computer scan and found a variety of viruses, trojans and other forms of malware infecting the computer. A series of pop-up advertisements are then launched that continuously warn users they must buy fraudulent security software in order to repair the non-existent problems. The pop-ups continue to aggressively appear on the screen until the user either manages to end the communication or until the user buys the phony anti-virus software at a cost of up to $129.

The FBI believes more than 960,000 consumers were victims of the scareware fraud. Operation Trident Tribunal successfully located computers, servers and bank accounts for this operation causing a major disruption in the scam.

Operation Trident Tribunal also broke up a second online advertising scheme to sell scareware products. This fraud was run by two Latvian citizens, Peteris Sahurovs, 22, and Marina Maslobojeva, 23, who were arrested in their home country on a warrant from the U.S. District Court of Minnesota.

Sahurovs and Maslobojeva are accused of creating a phony advertising agency and convincing the Minneapolis Star Tribune they represented a hotel chain that wanted to buy online advertising on the paper's website. After the electronic advertisement began running on the website the defendants allegedly changed the code in the ad to infect visitors' computers with a malicious software program that bombarded users with scareware.

The FBI estimates the Latvians got away with at least $2 million. Sahurovs and Maslobojeva face at least 10 years in prison and a $250,000 fine for each of the two counts against them. They will also be asked for restitution and to forfeit any profits from their scam if they are found guilty.

Hacker pleads guilty to AT&T hack

In addition, a 26-year-old San Francisco man pled guilty to writing a malicious code that breached AT&T servers and stole personal information from its iPad subscribers. Daniel Spitler was indicted by the U.S. Attorney's office in Newark, N.J., on one count of conspiracy to gain unauthorized access to computers connected to the Internet and one count of identity theft.

Spitler admitted to being a member of an anarchistic group of Internet hackers and "trolls" (people who intentionally disrupt Internet content and services) calling themselves Goatse Security.

AT&T automatically linked each iPad 3G user's email address to a unique iPad number belonging to the registered user. Spitler and Goatse Security were able to write a program that collected this information by imitating the behavior of the iPad 3G.

The hackers then passed on the email addresses and iPad numbers to the Gawker website where they were published in redacted form.

Spitler was arrested with a co-defendant Andrew Auernheimer, 25, of Fayetteville, Ark. Spitler faces five years in prison and a $250,000 fine. He is scheduled to be sentenced in September 2011. Auernheimer is still awaiting trial.

"In the wake of other recent hacking attacks by loose-knit organizations like Anonymous and LulzSec, Daniel Spitler's guilty plea is a timely reminder of the consequences of treating criminal activity as a competitive sport," U.S. Attorney Paul Fishman said.

For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio