The temptation to turn this column into some sort of police blotter for cyber crimes is always tough to resist. But the rich fodder from headlines around the Web this week pushed me over the edge, offering as it does a nasty little peephole into the seamy underside of the Internet.
Let's start with the 26-year old "entrepreneur," who sold hardware and software that essentially let people steal Internet access using a re-jiggered cable modem. Ryan Harris, head of a San Diego company called TCNISO, made at least $1 million in the last six years, selling gear that reused the MAC addresses of legitimate, paying subscribers, according to this report. The company also tweaked configuration files that enabled users to get faster, "uncapped" speeds, avoiding any premiums charged by the ISP.
Harris also marketed a book titled Hacking the Cable Modem, written under the pseudonym DerEngel. He faces up to 20 years prison time, and fines of $250,000, plus restitution if convicted on federal theft charges.
Meanwhile, an IT professional at the Bank of New York Mellon was charged this week with grand larceny, money laundering, and identity theft that netted him an alleged $1.1 million over eight years. Using his insider access, he is charged with stealing the identities of more than 150 bank employees, then subsequently defrauding charities, non-profits, and other organizations.
The Manhattan District Attorney's Office claims that Adeniyi Adeyemi "changed former colleagues' online bank account contact information, hijacked their accounts, and wired money in increments below $10,000 to avoid triggering mandatory reporting to the U.S. Treasury -- to the dummy accounts he had established at various brokerages," reports sister publication InformationWeek. Adeyemi was placed under Secret Service surveillance "when suspicious Internet activity traced back to wireless Internet connections in Adeyemi's apartment building, and mail connected to the fraud was delivered to the various apartments within the building," the District Attorney's office said.
Last, but probably not least, is Khalid Shaikh, the former CEO of large-file transfer service YouSendIt, who was charged with four counts of mail fraud for his part in a series of denial-of-service attacks against the company's own servers.
Shaikh was YouSendIt's CEO from 2004 to August 2005, then served as CTO 'til he left the company in November 2006, according to Network World. The maximum statutory penalty for each count of mail fraud is five years imprisonment, three years of supervised release and a fine of $250,000, plus restitution.
Could those have just been really, really large files he sent over and over again? No one's saying. Shaikh faces five years imprisonment for each count of mail fraud, $250,000 in fines, plus restitution if convicted.
Quite an assortment, eh? An outsider, an insider, an insider-turned-outsider. None of these cases is particularly shocking -- what alarms me about them is the density or frequency of this sort of malfeasance, even though in a couple cases, the alleged crimes had been going on for years. And it makes me wonder how many other online thefts, fraud, and attacks are going on at this very moment.
Information isn't just power, it's profitable -- at least until the guys with the warrant show up and take you away.
This blog is part of Internet Evolution's Security Clan, which examines the future of Internet security and the changing nature of risks and vulnerabilities. To join the Security Clan,register here.
I think Internet crime is greater than what we can imagine. One of the main problems I see concerning the field of investigation is the lack of an International law for this type of crime - correct me if I am wrong.
Some months ago, I was victim of a scam. I followed a link that appeared on one my trusted sites, ended up entering my credit card number and you know how it goes. There was a phone number to call before x date in case you wanted to cancel your order. I called and to my surprise that was the button to activate the debit from my card. Bang! I immediately called my bank, blocked the card - too late. I went to the police, they did what they could but they said they couldn't proceed with an investigation because the address of the scam company was in the United States.
Nevertheless, the police officer told me what I did what the right thing as my case was going to alert other possible victims in Finland. They only could circulate the information in the country and warn Internet users about what had happened to me and someone else in the country who was victim of the same scam.
If the Internet has no borders, there shouldn't be borders regarding investigation of online crime, or am I wrong?
You raise a good point, Mike -- it's probably a lot easier to justify stealing from institutions or corporations than individuals and the unfortunate truth is that technology makes that a whole lot easier than it used to be. The other piece here is that most digital thieves aren't so good about wiping off their fingerprints or leaving no evidence of their entry and exit and interim transactions. I don't intend to do a cyber-crime roundup every week, but there's plenty of material to use if I did.
After your response, I have to admit I'm stuck with this mental image of two guys in silly yellow plastic hats singing "We are Devo..." on Saturday Night Live.
We agree that the changes in technology (the engines of commerce) are in each succeeding generation are taken advantage of.
It just concerns me that as we spin further into the world of upbiquitious information, that property rights are being so eroded. We've had some lively discussions on this site about digital rights--and the lack of respect for them that a surprinsing majority seem to have about them.
There was even a post on this thread about "sticking it to the cable company."
And of course, even I said phreaking was "just theft of service."
So maybe it isn't either degeneration, or de-evolution. Maybe it is just distancing ourselves from the problem, and hoping that we don't get caught up in one of the schemes.
I totally agree with your too good to be true sentiment. People seem to think that what would be too good to be true in the physical world, isn't too good to be true when on the internet. There is still a very big disconnect there that I assume will close over time as people become better educated about the scams online.
I didn't think my comments were to hard to understand.
Over the years, a lot of cybercrime has gone un-punished because law enforcement hasn't had the resources/knowledge to actually catch the perpetrators. Is the increase in people actually being arrested and convicted due to an increase in the knowledge of investigators and prosecurtors? Or is it that cybercrime is increasing and therefore we're seeing a higher percentage of people being convicted of these crmes and still the same percentage are getting away with it? Or... could it be that people are more stupid and are less able to cover their tracks?
And I'm not even sure where Pluton is, so I guess that can be ruled out as my home.
Here's a first: Paul and I agreeing on something. I think the prevalence of online crime is likely far greater than we know or can measure. As I was writing the blog, I kept thinking, "This is just the stuff we know about or has been investigated sufficiently to bring charges." I think this is the tip of the iceberg; how large the ice is anybody's guess.
Good insights, Kurt, but no, I don't think we're necessarily degenerating. I think people evolve (up or down the contunuum -- your call) to find the gaps between what the law allows and what the technology enables. And it's not new... the robber barons and oil tycoons of more than 100 years ago practiced this ethos; more recently Enron, Countrywide, Madoff, and countless others offered their own special refinements.
Somewhat similar in nature, is the case of the couple that used fake companies to fraud customers and in turn make millions by using Cisco's Warranty Program. This was a large scam targeting companied who wanted a cheaper way out of Cisco's Warranty.
Just proves that no one can be trusted and the old saying of "If it's too good to be true, it probably is."
I really can't make any sense from your comments. Are you suggesting that the law enforcement agencies are catching too many cybercriminals? "Frequency of the crime is not increasing quickly"? Are you just from Space?? It means you have been living somewhere around Pluton all these years if you don't know that cybercrime is readily on the increase.
I think the underlying fear for folks like us hooked on the internet is just how much of these crimes are going on unnoticed!!!
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
There's good reason CFOs (and everyone else who signs off) chafe when it comes to enterprise security spending -- it's not just a cost center, it's a gigantic, budget-sucking vortex. And now the numbers are in to back up what 'til now had been mostly just suspected or anecdotal.
Propaganda has a bit of a taint -- it's what the other side does, and is associated with political opponents, typically communists. So why did someone in the U.S. intelligence community leak the story about Chinese electronic eavesdropping on both 2008 presidential campaigns on the eve of Obama's visit to China next week?
Spend less on cyber-defense, not more, the RAND Corp. advises in a recent position paper prepared for the U.S Air Force that also concludes that the best defense is not a good offense -- just a really good defense. But wait... won't that cost money?
In the words of that famous enterprise IT security expert from the early '70s, Roger Daltrey, "Who are you?" Like the lead singer from The Who, I really wanna know.
While Google introduces its new Chrome OS (which I'm hearing will be widely available in one year? Did I mishear that?), IBM announced 10 new products today to help companies using IBM System z mainframe technology.
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
In order for banks to grow, they'll first have to start by retaining their standing client bases. To do this will require better customer service and more transparency. Banks are meeting these needs through more automated commodity services and mobile banking applications.
The release of Microsoft's newest OS raises the question of the company's relevance in an era when Google dominates applications and search, and Apple runs circles around Redmond with its gadgets and user interfaces.
Data is at the heart of any financial services firm, but analyzing that data in real time, and making decisions and predictions based on that data, is where the future is – whether that is customer data, trading data, or even risk management data.
Financial services companies are focused on modernizing and consolidating their core applications. The goal is to provide a holistic customer view, become more agile, and offer new products quickly, in a personalized way. SOA is one key building block of this transformation.
Earlier this year, Heartland Payment Systems was breached by Russian hackers who had also hit 300 other financial institutions. The scope of the Russian operation is mind-blowing and points to a new era in cyber attacks.
Industry initiatives and government stimulus funds are giving enterprise software vendors a great opportunity to help build out and manage smart grid technologies.
The US loses about $20 billion a year on pirated software, movies, and music. But public policy can help stem the tide of digital theft. For example, France has recently passed a 'three strikes and you’re out' law, whereby if after two warning letters an individual continues to download pirated software then his Internet access will be cut off. US policy makers should consider adopting similar policies.
Industry initiatives and government stimulus funds are giving enterprise software vendors a great opportunity to help build out and manage smart grid technologies.
The problem with telepresence is that it's not universally accepted, because video calling isn't. While we can all do video calling, we also apparently worry too much about how we look. If we want HD telepresence in our future, we have to dress down, mess up our hair, and dive into our online life.
The US loses about $20 billion a year on pirated software, movies, and music. But public policy can help stem the tide of digital theft. For example, France has recently passed a 'three strikes and you’re out' law, whereby if after two warning letters an individual continues to download pirated software then his Internet access will be cut off. US policy makers should consider adopting similar policies.
Financial management planning does not need to include Voodoo economics, but it does help to tap into the knowledge base of your team through some sort of real-time system. We explore your options.
When Reiter gets incensed over incompetent Verizon FiOS order-taking and support, he broadcasts it via Twitter. Did it do any good? How should your company offer Twitter support? Watch this for all the answers.
The successor to the BlackBerry Bold 9000 – the Bold 9700 – will be available soon in the US. Is it worth upgrading? Reiter's got one, and offers advice.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
