http://www.guardian.co.uk/money/2007/nov/24/scamsandfraud.economicpolicy By Robert Booth The Guardian November 24 2007 It took just 19 hours from first contact with the anonymous Russian fraudster until he collected my $240 (116.50 U.K.P.) payment from a local "drop". I had sent a wire transfer to his frozen Siberian home town in exchange for details that would, in theory, grant access to more than 10,000 from the bank account of an unsuspecting British Halifax customer. He offered a choice of British accounts held at Lloyds TSB or HSBC and for more money, the balances could have been fatter - anything up to 35,000, the fraudster promised. For a fee of 1% of the balance he promised the name, branch, account number, sort code and internet login. The encounter with the anonymous Russian in an internet chatroom was one of scores like it going on at the time. In a separate private message, another vendor promised: "I will give you HSBC full info with 26k Pounds...for $500...When can you wire money?" The account I had chosen could be almost cleared out in one day without hitting its transfer limit and alerting the account holder or bank, I was told. The exchanges are likely to increase concerns about the security of Britain's banking and identity data. This weekend, the computerised bank details of millions of people remain missing, after the Treasury blunder in which two discs containing the data of 25 million individuals were lost in transit between HM Revenue & Customs and the National Audit Office. The details of similar British bank accounts are already being offered for sale by internet fraudsters in America, Russia, China and west Africa. According to security experts they have been hacked from computers, gathered in "phishing" expeditions where fraudsters masquerade as trustworthy entities, and burgled from offices before being circulated among the internet banking fraud community. On one publicly accessible website selling everything from stolen credit card details to fully operating pornographic websites, scores of vendors are lined up selling UK, European, US and Canadian bank details. It is a marketplace which illustrates the international nature of the illegal trade. The website is registered to the Cocos Islands, an Australian territory in the Indian Ocean consisting of two atolls, 27 coral islands and fewer than 1,000 residents. The salespeople are contactable through email addresses routed through servers in Russia and the USA. Most use Yahoo accounts or communicate through ICQ, an untraceable instant messaging programme. "If the Treasury data gets into the wrong hands these are exactly the illegal markets where it will end up," said Daniel Harrison, an identity theft expert. "Whoever has it will break the details down into small chunks to sell on quickly and without detection. The data is crossing borders incredibly quickly and there is very little that can be done to track it down. It is like an underground eBay." "The resale of bank account details is mainly managed by Russian organised crime," said Marc Kirby, the former head of computer forensics at the National Hi-Tech Crime Unit, which is now part of the Serious and Organised Crime Agency. "This is a highly organised black market that mirrors legitimate business dealings." The attempts to defraud British bank customers witnessed by the Guardian were of "great concern", said Brian Mairs, spokesman for the British Banking Association. "Customers have every right to be concerned and this is a double whammy for them after the bad news from HM Revenue & Customs earlier in the week," he said. "But they have the assurance that they will not lose out financially if they have not been responsible for the data being compromised." The investigation began with Google searches. After a few attempts, a forum emerged for vendors offering skimmed credit card details. Among them were some selling bank details. Each vendor offered an email and a chatroom contact for private negotiations. Once talking one on one, the sellers unpacked their wares. One seller offered bank account details, complete with their internet logins, for $75. "All live and fresh, contact me now," he urged. Another pushed blocks of Visa card details for $80. "Stuff will be sent out to u in 1-24 hours after payment," he said. "Have system of good discounts for constant buyers." A Russian-registered vendor offered UK and US bank logins with "good price and service!" The community has developed a high level of sophistication so that trusted parties can trade efficiently. In one posting on a forum selling card details a fraudster reports to the rest of the community on the "review" he has conducted of a new entrant to the market. He has tested his speed of response and accuracy of information supplied and marks him out of 10 for communication, timing and product. "Total: 9/10 nice score," he concludes and awards the status of "trial vendor". Many vendors offer discounts for bulk buyers and even display a replacement policy. If the account details do not work most vendors will replace the data with a different lead. SOCA, which has responsibility for fighting organised internet fraud, has set up a series of cross-border alliances to tackle the problem, but declined to comment on our findings. As sobering as the trade in stolen identities has become, there was a crumb of comfort last night for the Halifax account holder whose details the Russian fraudster was peddling. Twelve hours after the payment had been withdrawn from a Siberian wire office, the Guardian was still waiting for the promised bank details. Copyright Guardian News and Media Limited 2007 __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Sun Nov 25 2007 - 23:12:00 PST