According to the FBI, the U.S.-Egypt phishing operation collected personal information from thousands of victims and used that information to defraud U.S. banks. Hackers based in Egypt allegedly captured banking information and other personal details, then supplied that information to associates in the U.S. who then withdrew funds using the stolen credentials and wired back a portion of the proceeds to Egypt.

Information Week notes that "all 53 defendants in the U.S. face charges of conspiracy to commit bank fraud and wire fraud, which carry a maximum sentence of 20 years in prison."

"One Hundred Phishers Charged In Largest Cybercrime Case" [Information Week]
(Photo: adobemac)

The teller cooperated and the man escaped with an undisclosed sum of money, says the FBI's press release. If you know who this guy is, call St. Louis Crimestoppers at 866-371-TIPS or the FBI in St. Louis at 314-231-4324.

FBI and Webster Groves Police are Searching for Bank Robber [FBI]

"These funds are inherently vulnerable to bribery, fraud, conflicts of interest and collusion. There is an old adage, that where there is money to be made, fraud is not far behind, like bees to honey," FBI director Robert Mueller told an afternoon gathering of business executives.

Law enforcement agencies faced a similar scenario after Hurricane Katrina, with a task force created in the wake of the 2005 storm so far convicting 246 people of fraud and other crimes related to relief funds in Mississippi and Louisiana, Mueller said.

Given the trillions and trillions of dollars involved in the government's current moves to stem the economic crisis, "from the purchase of troubled assets to improvements in infrastructure, health care, energy and education — even a small percentage of fraud would result in substantial taxpayer losses," said Mueller, a former U.S. attorney who had specialized in white-collar crime litigation while a lawyer in private practice.

It's a not-so-surprising yet still chilling horror story from one of the nation's top law enforcement authorities. Mueller goes on to say that the FBI doesn't have the resources to track down "every criminal threat," meaning he's worried that some fraud will never be discovered.

FBI Director Anticipates New Crime Wave Of Financial Fraud [Morning Star] (Photo: peasap)

Now the FBI is mic-ing up loan offices to catch lenders in the act of mortgage fraud. The Bureau created a National Mortgage Fraud Team back in December to tackle the mortgage fraud caseload, which has tripled to 2,400 in the past three years, Reuters reports.

FBI Direcor Robert Mueller:

"In addition, sophisticated investigative techniques, such as undercover operations and wiretaps, not only result in the collection of valuable evidence, they provide an opportunity to apprehend criminals in the commission of their crimes, thus reducing loss to individuals and financial institutions," he said.

By the way, the reason Mueller seems so confident is he doesn't have to face Omar.

FBI sets up mortgage fraud team, uses wiretaps [Reuters]
(Photo:frankieleon)

Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file.

[...]

Whitley Ryals said the state discovered the intrusion on April 30, after which time it shut down Web site site access to dozens of pages serving the Department of Health Professions. The state also has temporarily discontinued e-mail to and from the department pending the outcome of a security audit, Whitley Ryals said.

Here's the full text of the ransom. Why can't hackers be a bit more elegant and well spoken in a James Bond Villain sort of way?

ATTENTION VIRGINIA

I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(

For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid. Now I don't know what all this shit is worth or who would pay for it, but I'm bettin' someone will. Hell, if I can't move the prescription data at the very least I can find a buyer for the personal data (name,age,address,social security #, driver's license #).

Now I hear tell the Fucking Bunch of Idiots ain't fond of payin out, but I suggest that policy be turned right the fuck around. When you boys get your act together, drop me a line at hackingforprofit@yahoo.com and we can discuss the details such as account number, etc.

Until then, have a wonderful day, I know I will ;)

"Hackers Break Into Virginia Health Professions Database, Demand Ransom" [Washington Post via Slashdot] (Thanks to Chris!)
"Over 8M Virginian patient records held to ransom, 30 Apr 2009" [Wikileaks]
(Goblin statue: tanakawho)

There was also a list of officials who could be called to confirm such requests. The signatures of the officials appeared to match those in Citibank's records and were accepted by Citibank, the complaint says.

In October, Citibank received two dozen faxed requests for money to be wired, and it transferred $27 million to accounts controlled by the conspirators in Japan, South Korea, Australia, China, Cyprus and the United States, the complaint says.

Citibank called the officials whose names and numbers it had been given to verify the transactions, prosecutors said. The numbers turned out to be for cellphones in Nigeria, South Africa and Britain used by the conspirators.

Citibank, in its investigation, later determined the package of documents had come via courier from Lagos, Nigeria, rather than from the offices of the National Bank of Ethiopia, in Addis Ababa.

The FBI arrested Amos when he tried to visit Los Angeles. Citibank sent the $27 million back to Ethopia and may soon form a support group with this guy.

Nigerian Accused in Scheme to Swindle Citibank [The New York Times]
(Photo: TheTruthAbout...)

CNN says the plant has been sealed off by federal agents and the company, Peanut Butter Corporation of America, is not answering their phones.

A "senior congressional aid" told reporters that the FBI also had warrants for the company's headquarters in Lynchburg, VA.

FBI raids peanut butter plant suspected in outbreak [CNN]
FBI raids Ga. plant at center of salmonella scare [AP]

From the Chicago Tribune:

"We owe it to the victims' families to bring modern technology and current cold-case homicide investigation techniques to this case in the hopes of solving it once and for all," FBI spokesman Tom Simon said.

If investigators are to solve the murders, they will have to reverse momentum on a case that cast its shadow over three decades and involved more than 100 investigators, more than 6,500 leads, 400 possible suspects, some 20,000 pages of reports, no crime scene and no motive. The task force had all but disbanded.

The new activity in the case surrounds a longtime suspect, James William Lewis, who was convicted of extortion after writing a letter to Tylenol's manufacturer offering to stop killing people in exchange for $1 million. He later denied having anything to do with the killings and served 11 years in prison. After being released in 1995, Lewis started a number of computer-related companies, says the Tribune.

The Web site for one of the companies, CyberLewis, this week included a link to a page labeled "Tylenol."

On that page was a bizarre five-paragraph statement in which Lewis referred to "the curse of being labeled the Tylenol Man." "Somehow, after a quarter of a century, I surmise only a select few with critical minds will believe anything I have to say."

FBI reopens Tylenol tampering case [Chicago Tribune]
(Photo:reachforthestarz)

FBI probing bailout firms [CNNMoney]

[The] undercover operation... at one point had Eastern European hackers chasing a female FBI agent through the streets of New York, trying to mug her for ATM-card-programming gear.

"Stakeouts, Lucky Breaks Snare Six More in Citibank ATM Heist" [Wired Threat Level] (Thanks to Robbie!)
(Photo: Getty)

Countrywide is one of 14 companies being investigated over the past year by the FBI as it looks into how financial institutions packaged mortgages into securities.

The Times says it's unclear what sort of charges might be filed, but that as part of the larger investigation against the group of companies the FBI "is looking into possible accounting fraud, insider trading or other violations in connection with loans made to borrowers with weak, or subprime, credit."

"Countrywide Said to Be Subject of Federal Criminal Inquiry" [New York Times]
(Photo: Getty)

The passenger has been taken into custody, but the whole thing makes us wonder what the comment was. Why can't we hear it? Is it like the "The Funniest Joke in the World?" Once we find it and post it, will they have to evacuate the building where you work because you read it?

LAX Passenger Detained, Flights Delayed After 'Suspicious Comment' [KNBC]
(Photo:JohnKit)

The F.B.I. has been warning for years that mortgage fraud is a significant and growing problem. In the 2006 fiscal year, it documented 35,600 suspicious-activity reports related to mortgage fraud, up from 22,000 the year before and as few as 7,000 in 2003.

Many of the cases the F.B.I. has brought so far have focused on local or regional mortgage fraud rings that involve speculators, loan officers, brokers and other housing professionals.

State officials have been active in bringing mortgage cases. The New York attorney general, Andrew M. Cuomo, is investigating whether Wall Street banks withheld damaging information about the loans they were packaging. Prosecutors in Ohio, Massachusetts, Illinois and Connecticut have also been looking into the industry.

F.B.I. Opens Subprime Inquiry [NYT]
(Photo:alykat)

(In an "overpayment scheme" you agree to sell an item for a small amount of money like, $75, to a scammer posing as an interested customer. The scammer sends you a fake check for a large amount of money, then asks you to send back the difference. You do it, and the check turns out to be fake. Old as the hills.)

"The check was drawn against HSBC bank," the reader wrote. "I called their support line and explained the situation. They told me to deposit the check and see if it cleared. I asked 'Let me get this straight. I know the check is fake. You know it's fake. Yet you are telling me to deposit it and commit a felony?' 'Well sir,' they said 'we can't tell you if it's fake or not until you deposit it.' 'I know it's fake. I've told you it's fake. Someone is creating counterfeit checks drawn on your bank.' 'Sir, we can't know that until you deposit it.' Pathetic."

The reader then tried to report the fraud to the company whose account information was faked on the check - a New York City foreign exchange dealer, not all of whom are above suspicion themselves. "I was told pretty much the same thing by them - I should go ahead and try to cash it. What the heck is going on? Supposedly these people are concerned with check fraud and theft, yet they tell me to break the law by trying to cash a fake check!"

I spent almost an hour on the phone with the bank and the rep for the foreign exchange outfit. Neither really gave a damn. Now I'm wondering who's the bigger fool — the person who falls for these scams, or the person who tries to fight back."

To report a check fraud crime, contact your local FBI field office. For example, if you are in Chicago, you would call the Chicago Division Headquarters at (312) 421-6700. It might not turn into an episode of Law & Order or anything, but you'll know that you've done your best.

Cash Fraudulent Check, Says HSBC [Info World]

Roger Lee Dillon, 22, who had worked at the northeast Ohio company for about nine months, had security clearance and used a pass code to get access to areas where cash and checks were kept.

...[FBI agent Frank] Figliuzzi said that a purple pickup truck belonging to Nicole Boyd that was found in a parking lot in Salem, Ohio, contained receipts from buys made in the Beckley, W.Va., area, which led the FBI to focus its search there. A retailer led the FBI to Pipestem.

"FBI: Heist Timed to Holiday Shopping" [Associated Press]
(Photo: Getty)

I just want you to know that I applaud your efforts. I used to work at Best Buy, for the switch from just being techs to branding as Geek Squad. At stored #xxx in Chattanooga TN. (xxx) xxx-xxxx ext xxxx (for the tech bench).

I had the misfortune of enabling the dumping of these files, through a means that you would not have been able to record. For a lot of the stuff we did, we used a WinPE and Knoppix disc to diagnose and fix most issues. The knoppix disc also loaded up a SSH server to which would then be connected to, to download the "interesting" files.

I also know we had to alert the authorities to a couple of machines because of the content that was found.

FBI said to keep up the good work (I guess, because we did what they couldn't)... We were also sued a couple of times, for other "reasons".

The machines of interest were kept in the back near the 'war room,' and was a common spectacle for employees to come back there and see it.

-Former GS agent

I used to work at the geek squad here in rockford, il. They used to do the music thing all the time. Everything we played was taken off someone's machine somewhere. Same with images, video, movies. One guy even had someone's home-made porn on his jumpdrive. It was almost sick

-S

We really have a hard time believing that the guy we caught was an isolated incident, or that higherups had never heard of it happening before.

Given the time (one guy said he had worked there during the transition from when Geek Squad became part of Best Buy), depth (if your employees are interfacing with FBI agents, that has to trickle up at some point), and breadth (note the reference again to a common "war room" where the stolen files became backroom spectacle).

PREVIOUSLY:

VIDEO: Consumerist Catches Geek Squad Stealing Porn From Customer's Computer
How To Make Your Computer Catch People Stealing Your Porn

(Photo: Maulleigh)

These networks are called botnets, and according to the FBI, botnetted computers can be used to:
• Steal the computer owner's identity;
• Launch massive spam campaigns;
• Engage in click-fraud—schemes which artificially inflate the number of visitors to a website; and
• Launch denial of service attacks that can cripple web servers and crash sites.

Fun! Sadly there's not an easy way to know if your computer is being controlled by a botnet. There are signs, however.

If you have mail in your outbox that you don't remember sending, or, if your email address is getting undelivered spam bounced back to it, you might be part of a botnet.

What to do if you think you've been botnetted:

• Don't call and pester the FBI about it. They do catch botherders such as Mr. James C. Brewer of Arlington, Texas, who is accused of infecting tens of thousands of computers worldwide, including some at Chicago-area hospitals, but they're not about to give you tech support.

• File a complaint with the internet crime center.

Let's hear some strategies for protecting your computer from botnets. What are your favorite tools? —MEGHANN MARCO

OPERATION: BOT ROAST [FBI]
Botnets and Hackers and Spam (Oh, My!) [FTC]
(Photo: frogmuseam2)

...The method is a sharp contrast to the traditional training for bank employees confronted with a suspicious person, which advises not approaching the person, and at most, activating an alarm or dropping an exploding dye pack into the cash.

When a man walked into a First Mutual branch last year wearing garden gloves and sunglasses, manager Scott Taffera greeted him heartily, invited him to remove the glasses, and guided him to an equally friendly teller. The man eventually asked for a roll of quarters and left.

Banks try charm to deter robbers: If youre a bad guy, it scares the lights out of you [AP]

The audit by Justice Department Inspector General Glenn A. Fine found that FBI agents sometimes demanded personal data on individuals without proper authorization. The 126-page audit also found the FBI improperly obtained telephone records in non-emergency circumstances.

The audit blames agent error and shoddy record-keeping for the bulk of the problems and did not find any indication of criminal misconduct.

Still, "we believe the improper or illegal uses we found involve serious misuses of national security letter authorities," the audit concludes.

At issue are the security letters, a power outlined in the Patriot Act that the Bush administration pushed through Congress after the Sept. 11, 2001, terror attacks. The letters, or administrative subpoenas, are used in suspected terrorism and espionage cases. They allow the FBI to require telephone companies, Internet service providers, banks, credit bureaus and other businesses to produce highly personal records about their customers or subscribers - without a judge's approval."

We're often worried about criminals improperly accessing our personal information, but what do you when it's the Federal government? Hit the Boing Boing link for a download of the official 199-page report. — BEN POPKEN

DoJ: FBI misused Patriot act in domestic spying activities [Boing Boing]

It's also possible to intercept unencrypted or poorly encrypted messages directly as they're broadcast over cellular channels. (If the network uses sophisticated encryption, you might be out of luck.) To steal messages with your phone, you would need to upload illegal "firmware" onto your phone. This essentially turns your phone into a radio and allows it to pick up all the texts broadcast on a given channel—instead of limiting you to the ones addressed to you. You'd also need to know the network for the target phone—Verizon, Cingular, T-Mobile, etc.—and you'd have to make sure that both your phone and the target are within range of the same base station. This method isn't too expensive since you don't need much more than a computer, a phone, and some firmware that any serious techie could find online for free.

Guess we'll have to curb the hot and heavy txts to Walmart's delicious PR people. Someone could be listening....—MEGHANN MARCO

How Do You Intercept a Text Message? [Slate]
(Photo: Clean Wal-Mart)

"What we're told here is that Wal-Mart had security officials who were monitoring e-mails, but somehow the monitoring got out of control," said Williams, who broke the news on CNBC.

Wal-Mart Probed Over Monitoring OF Outside Emails [CNBC](Thanks, Matt!)

FBI agents raided Christopher's home last month.—MEGHANN MARCO(Thanks, Jason!)

Fake Boarding Pass Creator Goes Free [Cnet]
Christopher's Blog [Blogger]

Related:
NWA Boarding Pass Generator
Fake NWA Boarding Pass Site Removed, Creator Visited By FBI

The Star Tribune: OCT 27 - "Does this pose a threat to security? No," TSA spokeswoman Carrie Harmon said. "Once they enter the screening checkpoint, that individual and his or her bags are screened for dangerous weapons and explosives."

Screeners at Newark fail to find 'weapons' [The Star Ledger via Mere Rhetoric]

Article reprinted inside in case you don't feel like handing over personal information just to read the second page.

Screeners at Newark fail to find 'weapons'
Agents got 20 of 22 'devices' past staff
Friday, October 27, 2006
BY RON MARSICO
Star-Ledger Staff

Screeners at Newark Liberty International Airport failed 20 of 22 security tests conducted by undercover U.S. agents last week, missing an array of concealed bombs and guns at checkpoints throughout the hub's three terminals, federal security officials familiar with the results said.

The tests, conducted Oct. 19 by U.S. Transportation Security Administration "Red Team" agents, also revealed significant failures by screeners to follow standard operating procedures while checking passengers and their baggage for prohibited items, said the officials, who spoke on condition of anonymity because it is against TSA policy to release covert-test results.

"We can do better, and training is the path to improved performance," said Mark Hatfield Jr., Newark Airport's federal security director, declining to address specifics. "Test results are not a grade or a scorecard; they are a road map to perpetual improvement; any other characterization is simply misleading. We have to challenge ourselves to do better every day and be relentless in that pursuit."

The poor test results at Newark come after heightened security procedures that the TSA put in place at U.S. airports in August, after authorities in Great Britain said they foiled an attempt by terrorists to blow up trans-Atlantic flights using liquid explosives.

One of the security officials familiar with last week's tests said screeners at Newark missed fake explosive devices that were hidden under bottles of water in carry-on luggage, taped beneath an agent's clothing and concealed under a leg bandage another tester wore.

Additionally, the official said screeners failed to use hand-held metal detector wands when required, missed an explosive device during a pat-down and failed to properly hand-check suspicious carry-on bags. Supervisors also were cited for failing to properly monitor checkpoint screeners, the official said.

"We just totally missed everything," the official said.

When the tests are conducted, undercover agents hide prohibited items on their bodies or in their checked and carry-on luggage in an effort to slip those items past screeners.

The results point up the continued problems the TSA has encountered as it struggles to keep up with ever-present and changing terrorist threats, aviation security experts said. Those problems, they said, include inadequate training for screeners, pressure from the airline industry to keep passenger lines moving and shortages of security personnel because Congress has imposed a nationwide cap of 43,000 screeners.

"The failures of TSA are failures at the basic level," said Steve Elson, a member of the Federal Aviation Administration's "Red Team" who resigned before 9/11 and has been a persistent TSA critic. He said top TSA officials have little aviation security experience and screeners are required to conduct too many tedious and obvious checks.

Like other security watchdogs, Elson advocates having the TSA take a page from Israeli aviation security by more broadly instituting behavioral profiling techniques in which travelers are asked probing questions. The TSA has developed a limited version of the program at some airports, including Newark.

Without such expanded initiatives, the TSA is "going to fail, and they do, with constant, stunning regularity," Elson said.

Newark Airport — which terrorists got through on Sept. 11, 2001, before hijacking United Flight 93, which later crashed in Pennsylvania — has been plagued by security lapses, screener shortages and testing failures since the TSA took over airport security from the FAA and private contractors in 2002.

From June to September 2004, for example, Newark Airport screeners missed one in four fake bombs or weapons that inspectors tried to sneak past checkpoints, according to weekly confidential inspection reports obtained that year by The Star-Ledger.

Such failings are not limited to Newark. An April 2006 report by the U.S. Government Accountability Office reiterated previous widespread GAO findings of screeners failing undercover tests at airports across the country.

"TSA covert testing has identified that weaknesses existed in the ability of TSOs (transportation security officers) to detect threat objects on passengers, in their carry-on bags, and in checked luggage," the GAO reported. The agency, however, did not provide failure percentage rates in its report.

Bogdan Dzakovic, a TSA employee who testified before the 9/11 commission about his experience as a member of the FAA's "Red Team" before the attacks, said such poor results are predictable.

"TSA's learned nothing since 9/11, because they still don't know what a 'Red Team' is for and what to do with the information," said Dzakovic, who retains federal whistle-blower protections.

Dzakovic said it is time for TSA "Red Team" agents to "start thinking like terrorists" in order to develop theories on what tactics might be developed next to bring down airliners, rather than focusing exclusively on past techniques.

"It's still a good reflection of how poorly the screening checkpoints are doing five years after 9/11 and billions of dollars later," Dzakovic said of the continued poor test results. "TSA is always going to be one step behind the bad guy. The only solution to that is human profiling."

TSA officials at the agency's Virginia headquarters also declined to discuss specifics of the Newark Airport results, but defended their policies.

"Covert tests are conducted by security experts who expect significant fault rates commensurate with the tests' high level of difficulty," said Ann Davis, a TSA spokeswoman.

"Those tests strengthen the screening system by challenging the work force and identifying factors that could lead to a breach," Davis said. "TSA then uses test results to adapt and improve upon our screening protocols and training regimens."

• The FBI seized Chris Soghoian's computers and ransacked his house.
• The congressman who called for Soghoian's arrest essentially retracted his comments and praised Soghoian for performing a public good, though he called it, "a lousy way of doing it."
• A TSA spokeswoman said, "Does this pose a threat to security? No."
• A Northwest spokesman said, "If someone were to print a fraudulent boarding pass with a first-class seat that was unassigned, they would quickly be discovered by our flight attendants."
• You can still mod your NWA boarding pass by hand-editing the HTML. Unless you're a noob.

So it looks like that website wasn't a danger, didn't aid terrorists, and was basically useless except for one thing: pointing out a big ol' security hole. Awesome, glad we got that one figured out.

Previously: Fake NWA Boarding Pass Site Removed, Creator Visited By FBI

BoingBoing reports that this Saturday morning, the FBI visited Chris Soghoian and handed him a written order to take down the site. By this time, Soghoian had already removed the generator.

On Friday, Rep. Edward Markey (D- Massachusetts) called for the site's removal and Soghoian's arrest.

As Wired points out, the hole is nothing new. Bruce Schneier wrote it up in in '03, Slate in '05, and Sen. Chuck Schumer issued a press release about it in April '06.

Soghoian, a security researcher, has never used one of the facsimile boarding passes and says his only intent was to bring public attention to a glaring security hole.

"The only way for these kind of problems to get fixed, are through through public full disclosure," Soghoian wrote on his blog when releasing the boarding pass generator. "TSA/DHS cannot be expected to fix anything unless they are publicly shamed into doing so."

(Thanks to Ian and Luke!)