PHISHERMAN TO BE THROWN INTO SEA OF CRIMINALS
Alex S. Gabor
January 18, 2007
In the world of computer terminology, phishing is a criminal activity using social engineering techniques. A phisher simply put, is anyone who attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. A phisherman is really any person who engages in phishing.
This would include accessing a person’s email accounts without their permission and using the information to harass and annoy them. It is akin to obtaining sensitive information without the owner’s knowledge and using that knowledge to abuse the owner.
It can be done by a man or a woman or a child. In the case of Hewlett Packard, it was done by private investigators hired by corporate attorneys who were seeking to squash press leaks from their Board of Directors.
Phishing is almost always carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, technical measures, and now law enforcement has successfully stepped into the fray in the battle against fraud over the internet which has risen 500% since 1996. The number of convictions however remains modest.
Recently, in what the Justice Department is hailing as the nation’s first jury conviction under the CAN-SPAM Act of 2003, an Azusa, California man has been convicted of sending thousands of e-mails to America Online users that appeared to be from AOL’s billing department and prompted the customers to send personal and credit card information, which he used to make unauthorized purchases.
The CAN-SPAM Act of 2003 which was signed into law by President Bush on December 16, 2003, established the United States' first national standards for the sending of commercial e-mail and requires the Federal Trade Commission (FTC) to enforce its provisions.
The acronym CAN-SPAM derives from the bill's full name: Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003.
The abbreviation is a homonym since the verb “can” may imply "to put away" or "is able to". The effect of the law on spammers has been dubious at best. More heads are being put on the pike, an allegorical metaphor for putting ethics in on criminals who have none.
In verdicts reached late last Friday, Jeffrey Brett Goodin, 45, was found guilty of operating a sophisticated “phishing” scheme. The jury found that Goodin operated an Internet-based scheme designed to obtain personal and credit card information by tricking people into believing that they were providing information to a legitimate business,” according to a public statement released by Thom Mrozek, Public Affairs Officer for the Los Angeles U.S. Attorney’s Office.
The evidence presented during a week-long trial showed that Goodin used several compromised Earthlink accounts to send e-mails to AOL users.
Those e- mails appeared to be from AOL’s billing department and urged the users to “update” their AOL billing information or lose service. The e-mails referred the AOL customers to one of several webpages where the victims could input their personal and credit information. Goodin controlled those webpages, where he collected the information that allowed him and others to make unauthorized charges on the AOL users’ credit or debit cards.
Many Phisherman exist in the world, but those that have existed in Nigeria where hundreds of millions of emails have originated about dead uncles and rich political leaders having stashed away millions of dollars are the most egregious.
Emails from Nigeria, Russia, and other rapidly developing economies, offering the recipients of the bleeding heart emails as much as 50% of the booty should they choose to participate in providing banking information and engaging in what is clearly to any intelligent reader an attempt at money laundering, even if the money were real in a best case scenario, have been hitting US shores for more than a decade.
In addition to the CAN-SPAM Act conviction, Goodin was convicted of 10 other counts, including wire fraud, aiding and abetting the unauthorized use of an access device (credit card), possession of more than 15 unauthorized access devices, misuse of the AOL trademark, attempted witness harassment and failure to appear in court.
Recently, City National Bank in California had experienced problems which were traced to ARCO stations where the security cameras were focused on the keypads of credit card reader machines while customers would enter their pin numbers, employees had sold the information to drug dealers, who paid cash for copies of the video tapes. Some customers of the bank found unauthorized cash withdrawals from their accounts as far away as Reno, Nevada. This is taking Phishing to a very high level of sophistication. The unknown perpetrators are yet to be brought to justice.
In the most recent California Central District Court case, which was prosecuted by Assistant US Attorney Rozella Oliver and Assistant US Attorney Wesley L. Hsu who both represent the Cyber and Intellectual Property Crimes Section of the Department of Justice, Goodin is scheduled to be sentenced by United States District Court Judge Christina A. Snyder on June 11, 2007.
At sentencing, Goodin faces a statutory maximum sentence of 101 years in federal prison.
That case was investigated by the Ontario Police Department and the Electronic Crimes Task Force, which is comprised of the Federal Bureau of Investigation and the United States Secret Service.
The FBI is engaged in thousands of investigations. In one such ongoing investigation which is over three years old, a non paid confidential informant provided data on a group of methamphetamine dealers in Portland who were getting credit card information from an employee who once worked for hotels.com.
The perpetrators used illegally obtained credit card information, including social security numbers and booked hotel rooms all over Portland, using the same card, and immediately sold them to prostitutes for $20.00 a night. All of this was done online.
When law enforcement would show up at the hotel rooms, the hookers wouldn’t know who their real client was, but it made it appear that the credit card holder was engaged in some shady business dealings, making it difficult for the justice department to track down the real perpetrators.
Many people with paypal accounts get spoofed by phishers who tell them in their emails that if they don’t immediately change their password, their account will be closed. Paypal doesn’t have such a policy and if you get such an email you should forward it to spoof@paypal.com. They are very quick about responding to any Phisherman all over the world who tries to rip off their customers.
Within a few months of the passage of CAN-SPAM, hundreds of lawsuits had been filed by an alliance of Internet Service Providers. Many of those efforts resulted in settlements; most are still pending. Though most defendants were "John Does," many spam operations, such as Scott Richter's, were known.
Scott Richter is the CEO of Media Breakaway formerly known as OptInRealBig.com LLC. He has been accused by some as being a U.S.-based email spammer, but this accusation has been disputed.
Richter was listed in the Register of Known Spam Operations (ROKSO) top 200 spammers, but his inclusion in the list was deleted in 2005. His company once sent some 100 million emails a day. One of the most famous emails was the offer of Iraqi "most wanted" playing cards in 2003; Richter claims to have sold 40,000 decks before they were even printed.
Scott Richter once gave frequent interviews regarding spam and email marketing but now focuses on his affiliate marketing business and has not commented to the media for some time.
He claims his company complies fully with all laws, meaning in part that its emails include valid subjects and origin addresses, and it honors all opt out requests.
Richter was sued by Microsoft and the New York Attorney General; he settled with the New York Attorney General for $50,000 and admitted no wrongdoing.
Facing a $50 million judgment in Washington state from the Microsoft case, in March 2005, OptInRealBig.com filed for bankruptcy protection. It claimed to have assets of less than US$10 million and debts of more than $50 million.
Microsoft's refusal to settle a $20 million claim based on Washington state spam law is what forced Optinrealbig.com to file for bankruptcy.
Steven Richter, who is Scott Richter's father and President and General Counsel of Scott's company, commented "OptIn is profitable but for these lawsuits."
On August 9th, 2005, Microsoft lawyer Brad Smith published an open letter outlining the results of Microsoft's legal action against Richter.
According to Microsoft, Richter agreed to pay $7 million in damages to Microsoft. The company from Redmond claims to give the biggest part of the money to charitable causes. The settlement was approved by the court and the bankruptcy was dismissed in April of 2006. OptInRealBig.com changed its name to Media Breakaway in August of 2006.
Richter also ran a clothing line called "Spam King" until it was stalled by a trademark lawsuit by Hormel Foods, which owns the trademark to edible SPAM. No matter what law enforcement, the Justice Department, and big internet service providers and corporations do to combat spam, the more people that buy computers, the more spam we are going to see. Just like terrorism, fighting spam breeds more spam.
On April 29, 2004, the United States Government brought the first criminal and civil charges under the CAN-SPAM act. Criminal charges were filed by the United States Attorney for the Eastern District of Michigan, and the FTC filed a civil enforcement action in the Northern District of Illinois.
The defendants were a company named "Phoenix Avatar," and four associated individuals: Daniel J. Lin, James J. Lin, Mark M. Sadek and Christopher Chung of West Bloomfield, Michigan.
They were charged with sending hundreds of thousands of spam emails advertising a "diet patch" and "hormone products." The FTC stated that these products were effectively worthless. Authorities said they face up to five years in prison under the anti-spam law and up to 20 years in prison under U.S. mail fraud statutes. It is not known by the author whether the people were convicted or completed any sentences for the crimes they were charged with.
On February 1, 2005, a New York Times article suggested that the Can Spam Act had resulted in little to no effect on the flow of spam, and the amount of spam saturating the Internet had actually increased since the law went into effect.
As of late 2006, CAN-SPAM has been all but ignored by spammers. A review of spam levels in October of 2006 estimated that 75% of all email messages were spam, and the number of spam emails complying with the requirements of the law was estimated to be 0.27% of all spam emails.
Spam is here to stay, but professional Phishers beware – heads are rolling all over!
This would include accessing a person’s email accounts without their permission and using the information to harass and annoy them. It is akin to obtaining sensitive information without the owner’s knowledge and using that knowledge to abuse the owner.
It can be done by a man or a woman or a child. In the case of Hewlett Packard, it was done by private investigators hired by corporate attorneys who were seeking to squash press leaks from their Board of Directors.
Phishing is almost always carried out using email or an instant message, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, technical measures, and now law enforcement has successfully stepped into the fray in the battle against fraud over the internet which has risen 500% since 1996. The number of convictions however remains modest.
Recently, in what the Justice Department is hailing as the nation’s first jury conviction under the CAN-SPAM Act of 2003, an Azusa, California man has been convicted of sending thousands of e-mails to America Online users that appeared to be from AOL’s billing department and prompted the customers to send personal and credit card information, which he used to make unauthorized purchases.
The CAN-SPAM Act of 2003 which was signed into law by President Bush on December 16, 2003, established the United States' first national standards for the sending of commercial e-mail and requires the Federal Trade Commission (FTC) to enforce its provisions.
The acronym CAN-SPAM derives from the bill's full name: Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003.
The abbreviation is a homonym since the verb “can” may imply "to put away" or "is able to". The effect of the law on spammers has been dubious at best. More heads are being put on the pike, an allegorical metaphor for putting ethics in on criminals who have none.
In verdicts reached late last Friday, Jeffrey Brett Goodin, 45, was found guilty of operating a sophisticated “phishing” scheme. The jury found that Goodin operated an Internet-based scheme designed to obtain personal and credit card information by tricking people into believing that they were providing information to a legitimate business,” according to a public statement released by Thom Mrozek, Public Affairs Officer for the Los Angeles U.S. Attorney’s Office.
The evidence presented during a week-long trial showed that Goodin used several compromised Earthlink accounts to send e-mails to AOL users.
Those e- mails appeared to be from AOL’s billing department and urged the users to “update” their AOL billing information or lose service. The e-mails referred the AOL customers to one of several webpages where the victims could input their personal and credit information. Goodin controlled those webpages, where he collected the information that allowed him and others to make unauthorized charges on the AOL users’ credit or debit cards.
Many Phisherman exist in the world, but those that have existed in Nigeria where hundreds of millions of emails have originated about dead uncles and rich political leaders having stashed away millions of dollars are the most egregious.
Emails from Nigeria, Russia, and other rapidly developing economies, offering the recipients of the bleeding heart emails as much as 50% of the booty should they choose to participate in providing banking information and engaging in what is clearly to any intelligent reader an attempt at money laundering, even if the money were real in a best case scenario, have been hitting US shores for more than a decade.
In addition to the CAN-SPAM Act conviction, Goodin was convicted of 10 other counts, including wire fraud, aiding and abetting the unauthorized use of an access device (credit card), possession of more than 15 unauthorized access devices, misuse of the AOL trademark, attempted witness harassment and failure to appear in court.
Recently, City National Bank in California had experienced problems which were traced to ARCO stations where the security cameras were focused on the keypads of credit card reader machines while customers would enter their pin numbers, employees had sold the information to drug dealers, who paid cash for copies of the video tapes. Some customers of the bank found unauthorized cash withdrawals from their accounts as far away as Reno, Nevada. This is taking Phishing to a very high level of sophistication. The unknown perpetrators are yet to be brought to justice.
In the most recent California Central District Court case, which was prosecuted by Assistant US Attorney Rozella Oliver and Assistant US Attorney Wesley L. Hsu who both represent the Cyber and Intellectual Property Crimes Section of the Department of Justice, Goodin is scheduled to be sentenced by United States District Court Judge Christina A. Snyder on June 11, 2007.
At sentencing, Goodin faces a statutory maximum sentence of 101 years in federal prison.
That case was investigated by the Ontario Police Department and the Electronic Crimes Task Force, which is comprised of the Federal Bureau of Investigation and the United States Secret Service.
The FBI is engaged in thousands of investigations. In one such ongoing investigation which is over three years old, a non paid confidential informant provided data on a group of methamphetamine dealers in Portland who were getting credit card information from an employee who once worked for hotels.com.
The perpetrators used illegally obtained credit card information, including social security numbers and booked hotel rooms all over Portland, using the same card, and immediately sold them to prostitutes for $20.00 a night. All of this was done online.
When law enforcement would show up at the hotel rooms, the hookers wouldn’t know who their real client was, but it made it appear that the credit card holder was engaged in some shady business dealings, making it difficult for the justice department to track down the real perpetrators.
Many people with paypal accounts get spoofed by phishers who tell them in their emails that if they don’t immediately change their password, their account will be closed. Paypal doesn’t have such a policy and if you get such an email you should forward it to spoof@paypal.com. They are very quick about responding to any Phisherman all over the world who tries to rip off their customers.
Within a few months of the passage of CAN-SPAM, hundreds of lawsuits had been filed by an alliance of Internet Service Providers. Many of those efforts resulted in settlements; most are still pending. Though most defendants were "John Does," many spam operations, such as Scott Richter's, were known.
Scott Richter is the CEO of Media Breakaway formerly known as OptInRealBig.com LLC. He has been accused by some as being a U.S.-based email spammer, but this accusation has been disputed.
Richter was listed in the Register of Known Spam Operations (ROKSO) top 200 spammers, but his inclusion in the list was deleted in 2005. His company once sent some 100 million emails a day. One of the most famous emails was the offer of Iraqi "most wanted" playing cards in 2003; Richter claims to have sold 40,000 decks before they were even printed.
Scott Richter once gave frequent interviews regarding spam and email marketing but now focuses on his affiliate marketing business and has not commented to the media for some time.
He claims his company complies fully with all laws, meaning in part that its emails include valid subjects and origin addresses, and it honors all opt out requests.
Richter was sued by Microsoft and the New York Attorney General; he settled with the New York Attorney General for $50,000 and admitted no wrongdoing.
Facing a $50 million judgment in Washington state from the Microsoft case, in March 2005, OptInRealBig.com filed for bankruptcy protection. It claimed to have assets of less than US$10 million and debts of more than $50 million.
Microsoft's refusal to settle a $20 million claim based on Washington state spam law is what forced Optinrealbig.com to file for bankruptcy.
Steven Richter, who is Scott Richter's father and President and General Counsel of Scott's company, commented "OptIn is profitable but for these lawsuits."
On August 9th, 2005, Microsoft lawyer Brad Smith published an open letter outlining the results of Microsoft's legal action against Richter.
According to Microsoft, Richter agreed to pay $7 million in damages to Microsoft. The company from Redmond claims to give the biggest part of the money to charitable causes. The settlement was approved by the court and the bankruptcy was dismissed in April of 2006. OptInRealBig.com changed its name to Media Breakaway in August of 2006.
Richter also ran a clothing line called "Spam King" until it was stalled by a trademark lawsuit by Hormel Foods, which owns the trademark to edible SPAM. No matter what law enforcement, the Justice Department, and big internet service providers and corporations do to combat spam, the more people that buy computers, the more spam we are going to see. Just like terrorism, fighting spam breeds more spam.
On April 29, 2004, the United States Government brought the first criminal and civil charges under the CAN-SPAM act. Criminal charges were filed by the United States Attorney for the Eastern District of Michigan, and the FTC filed a civil enforcement action in the Northern District of Illinois.
The defendants were a company named "Phoenix Avatar," and four associated individuals: Daniel J. Lin, James J. Lin, Mark M. Sadek and Christopher Chung of West Bloomfield, Michigan.
They were charged with sending hundreds of thousands of spam emails advertising a "diet patch" and "hormone products." The FTC stated that these products were effectively worthless. Authorities said they face up to five years in prison under the anti-spam law and up to 20 years in prison under U.S. mail fraud statutes. It is not known by the author whether the people were convicted or completed any sentences for the crimes they were charged with.
On February 1, 2005, a New York Times article suggested that the Can Spam Act had resulted in little to no effect on the flow of spam, and the amount of spam saturating the Internet had actually increased since the law went into effect.
As of late 2006, CAN-SPAM has been all but ignored by spammers. A review of spam levels in October of 2006 estimated that 75% of all email messages were spam, and the number of spam emails complying with the requirements of the law was estimated to be 0.27% of all spam emails.
Spam is here to stay, but professional Phishers beware – heads are rolling all over!
Print
Email
