Crime and Security

Facebook and the 2011 London riots

Be careful what you write. In R v Blackwell [2011] EWCA Crim 2312, Lord Judge CJ offers this blunt description of the role played by “modern technology” (principally Facebook, Blackberry’s BBM protocol, Twitter and SMS messaging) in the recent London riots. Rejecting the appellants’ argument that incitement via Facebook was a less serious offence because it did not lead to criminal activity in the real world, his Lordship commented:

[73] We are unimpressed with the suggestion that in each case the appellant did no more than make the appropriate entry in his Facebook. Neither went from door to door looking for friends or like minded people to join up with him in the riot. All that is true. But modern technology has done away with the need for such direct personal communication. It can all be done through Facebook or other social media. In other words, the abuse of modern technology for criminal purposes extends to and includes incitement of very many people by a single step. Indeed it is a sinister feature of these cases that modern technology almost certainly assisted rioters in other places to organise the rapid movement and congregation of disorderly groups in new and unpoliced areas.

The Great Cyberheist: Inside the life of an identity thief

The New York Times has a fantastic writeup of the criminal activities and investigation of Alberto Gonzalez, a black-hat hacker who masterminded the TJX and Heartland Payment Systems credit card data breaches and who was sentenced to 20 years’ imprisonment earlier this year. The story has a cinematic, but slightly tragic quality:

At the same time that Gonzalez was stealing all this bank-card data, he was assembling an international syndicate. His favored fence was a Ukrainian, Maksym Yastremskiy, who would sell sets of card numbers to buyers across the Americas, Europe and Asia and split the proceeds with him. Gonzalez hired another EFnet friend, Jonathan Williams, to cash out at A.T.M.’s across the country, and a friend of Watt’s in New York would pick up the shipments of cash in bulk sent by Williams and Yastremskiy. Watt’s friend would then wire the money to Miami or send it to a post-office box there set up by James through a proxy. Gonzalez established dummy companies in Europe, and to collect payment and launder money he opened e-gold and WebMoney accounts, which were not strictly regulated (e-gold has since gone out of business). He also rented servers in Latvia, Ukraine, the Netherlands and elsewhere to store the card data and the software he was using for the breaches. Finally, he joined up with two Eastern European hackers who were onto something visionary. Known to him only by their screen names, Annex and Grig, they were colluding to break into American card-payment processors — the very cash arteries of the retail economy.

Botnet hosts strongly clustered around safe haven providers

Interesting survey of the connection between website hosts and botnet ‘command and control’ servers, which are used to direct networks of malware-infected clients:

For the first half of 2010, almost a quarter of botnet CnC servers were hosted by service providers in the US, with the top three countries (US - 23.9 per cent, Germany - 17.9 per cent and France - 8.6 per cent) hosting more than half of all CnC servers.

“Half of the servers used by cyber-criminals for the purpose of controlling their botnet empires are located in commercial hosting facilities within countries not traditionally associated with this kind of crime,” writes Gunter Ollmann, VP Research at Damballa.

Internet hosting firms 1&1 Internet AG in Germany and AT&T have unwittingly become favourite control points for cybercrooks, according to Damballa. 1&1 Internet alone accounts for more than one in 10 botnet command and control servers.

Fraudulent transfers of title and Nigerian scammers

It looks like the Nigerian 419 scammers are getting more sophisticated. A South African investor found his Australian property sold to third party purchasers without his knowledge after having his email account hacked:

Fraudsters swiped Mildenhall’s email login credentials and obtained personal property documents before selling a house and sending funds to Chinese bank accounts. The scammers hoodwinked real estate agents, banks and local land registrars.

Mildenhall only learned of the scam, seemingly by chance, after he contacted by a former neighbour last week, just in time to stop the finalisation of the sale of a house. Another house owned by Mildenhall was sold in June.

“They had a comprehensive understanding of how transactions take place and of the legal processes. If they are sophisticated as they seem to be, identity checks will not be enough — they can forge them.”

Here’s the property in question. Unfortunately for Mr Mildenhall, under Western Australian real property law, he’s unlikely to have a claim against the purchaser if the new interest was registered. However, he will probably be able to get compensation from the Torrens claim pool.  Read more »

Bulletproof hosting, cybercrime and botnets

The Register has an interesting piece analysing how cybercrime botnets are connected and why they seem impervious to outside attack. It seems that the botnets are programmed to reconfigure themselves if one upstream provider goes down, and are each strongly interconnected, which creates a whole lot of redundancy:

“What they’ve worked really hard to do for themselves is build a spiderweb of connections to the outer ring if the outer ring were the internet at large,” Sean Brady, manager of RSA’s identity protection and verification group, told The Register. “As you start picking off threads, they work to reroute, to crawl along different threads.”

Needless to say, this redundancy is pretty attractive to botnet controllers (who typically seem to buy or lease access from malware creators). What’s really interesting, though, is that it turns out all the major botnets rely on about nine commercial ISPs, which are legitimate businesses. Take those ISPs offline — or require them to block botnet communications — and it will be much harder for botnet operators to re-establish contact with infected computers once the command and control link is severed (as recently happened with the Zeus botnet). This raises a very interesting legal question about whether those ISPs are, or should be, liable to block access.

Iran launches cyberattack on human rights websites

According to Iranian news reports, Iranian intelligence forces have hacked into 29 human rights activism websites which they allege are a front for US espionage and intelligence agencies. The attack follows the finding of an Iranian domestic court that the websites were developed to spy on Iran’s nuclear programme, and for the purpose of ‘provoking sedition and illegal demonstrations and rallies through releasing unreal and unfounded news and reports after the June presidential elections … providing media and news support for the Jundollah terrorist group and the monarchist opposition groups.’ Apparently, the network also distributed American anti-censorship software.

Update: Following the attacks, Iranian security forces arrested dozens of people accused of being involved in the websites’ operation. However, Western media tells a very different story, with The Tech Herald now reporting that those arrested in the operation:

were tortured for their access to the various websites, and as such the sites were taken down by physical violence, and not hacking. They have 30 members of our group held hostage, including the sister of one of our members, who has nothing to do with this matter. Each of the 30 hostages is a human rights activist and nothing more. …

More hyperbolic warnings of Chinese 'cyber spies'

A report produced by the US–China Economic and Security Review Commission suggests that malicious attacks on United States military computer systems increased by 20 per cent in 2008, a figure that is projected to grow by 60 per cent in 2009. Experts attributed much of the increase to attacks originating in China:

“A large body of both circumstantial and forensic evidence strongly indicates Chinese state involvement in such activities,” the commission said in its 367-page report to Congress.

“China’s peacetime computer exploitation efforts are primarily focused on intelligence collection against US targets and Chinese dissident groups abroad.”

“China is changing the way that espionage is being done,” said Carolyn Bartholomew, who chaired the commission.

The report offers an alarming, though perhaps premature, conclusion:

China is likely using its maturing computer network exploitation capability to support intelligence collection against the US Government and industry by conducting a long term, sophisticated, computer network exploitation campaign. The problem is characterized by disciplined, standardized operations, sophisticated techniques, access to high-end software development resources, a deep knowledge of the targeted networks, and an ability to sustain activities inside targeted networks, sometimes over a period of months.  Read more »

Individual to be prosecuted for domain name 'theft'

A number of news agencies are reporting that Daniel Goncalves, a 25 year-old law firm technician, is being prosecuted for the ‘theft’ of domain name P2P.com:


Attorney Paul Keating told DNN that most cases of domain theft recovery that he has dealt with have been complicated at best. The real problem stems from the fact that domain names aren’t considered property. “The laws do not specifically identify domains as property. That has been the subject of various court decisions. Not all courts have issued consistent decisions. For example, bankruptcy courts have no difficulty treating domains as property. The IRS treats domains as a form of intellectual property and allows amortization along the lines of a trademark though over a shorter period,” Keating said. Further complications come in to play when we look at the rulings in different states. “California is believed to treat them as property after the Sex.com case but that was a federal decision interpreting California law. The Eastern District of Virginia (where the Verisign registry is headquartered) clearly holds domains to be the subject of a license and thus not property. I have been involved in various state-level cases seeking recovery of stolen names or trying to specifically enforce a domain purchase agreement in California and the courts have always honored the claim.”  Read more »

Melbourne game pirate convicted of commercial copyright infringement

According to The Age, a fellow University of Melbourne alumnus has been convicted of three counts of commercial copyright infringement and fined $20 000 for running a duplication lab in (wait for it) his mother’s basement:

Jeffrey Lim, 28, converted the ground floor of his parents’ Doncaster home into a work office that held six hard drives, a computer flat screen, three printers, three DVD burners, three computer towers, four scanners and various printer cartridges.

Hmm, sounds like my living room, sans the printers. Lim apparently sold various console games for $4 each using an online mail order website. Ms Tickey for the Crown relied on a tipoff from a PwC investigator and evidence from a police raid of the premises:

The man, who deposited $714 in to Lim’s account, later found that none of the 138 Playstation2 games he received displayed any genuine features.

Gosh, how unexpected! $5 games turn out not to be originals. Unsurprisingly, Lim pleaded guilty. Mr Simpson for the defence argued in mitigation that the piracy business emerged after ‘repeated but failed attempts’ to gain employment in the computer industry. Guess a Melbourne BSc isn’t what it used to be.

Largest ever securities fraud rocks Indian outsourcing goliath

This week’s high-tech crime is a new twist on an old favourite: securities fraud. It recently emerged that one of India’s largest outsourcing firms, Satyam Computer, had ‘overestimated’ its cash reserves and asset values by around 50 billion rupees (AUD $1.38bn). According to the company founder and chairman, this was ‘purely on account of inflated profit over a period of several years’. The fraud came to light when a recent asset acquisition fell through, forcing the company to acknowledge the ‘attempt to fill fictitious assets with real ones.’ According to a taped confession to Indian police by the chief financial officer:

Srinivas said he suspected that something was wrong when the company was late with bills, but Satyam’s chairman and managing director forbade him from using fixed deposits to pay them. He was told to “manage” the bills with operational cash instead, he said. That situation occurred continuously for the past five or six years, he said. …

Srinivas said he believed the company’s fixed deposits were “unreal” and “managed” and that they were a result of an “understanding” between management and the “audit section.”

Price Waterhouse, the Indian division of PricewaterhouseCoopers, was the external auditor for Satyam. The firm has come under fire since the Satyam fraud came to light: India’s accounting board is investigating Price Waterhouse’s work on Satyam, and investors in the computer company are considering lawsuits against the auditor.

 Read more »

Syndicate content