The line between chutzpah and reckless
is often the same fine line between spectacular success and laughable fiasco
A cybercriminal who ran a mere eBay scam became a more significant collar for the US Department of Justice after he successfully stole the identity of the special agent investigating him. Rohit Jawa, 25, has pleaded guilty to eight counts of wire fraud, and one count of stealing a special agent's identity which he then used to …
It's not unusual to find criminals who think they're brighter than they are but this seems to be an outstanding example.
OTOH am I alone in being worried by the idea of "a web portal which provides access to criminal intelligence and other highly privileged information for law enforcement officials" which can be accessed by a bit of social engineering?
> I can't abide these Jawas
Quite right - terrible Eastern European motorbikes. Engines made of Swiss cheese, frames made of partially-vulcanised rubber. One step up from CZ motorbikes though.
Mines the one with the Honda C70 manual in the pocket. That's what I was riding when my brothers had Jawas and CZs..
Just this week I had an Ebay scammer send me an empty, but "signed-for" envelope containing nothing but a flyer, just so he could then provide "proof of delivery" to Ebay. Nasty and deceitful fellow who I suspect will shortly get his just deserts. Have raised this with Ebay who are now investigating, as it's clear he's done this to others, but am also considering calling in the police as well, but with all the cutbacks, it's doubtful they will do anything about it...
DEFINITELY get a crime number from the police. Even if they don't do anything, it will help your case with eBay. I had similar - was sent a (tracked, signed-for) postcard from China instead of the electronic item that I ordered. eBay/Paypal sorted the problem out without hassle.
eBay will send you instructions about what to do, just follow them and let the process do its stuff.
Jack Walsh: I know my rights. You owe me phone calls.
Alonzo Mosely: What should be of paramount importance to you right now is not the phone calls, it's the fact that you're gonna spend ten years for impersonating a federal agent.
Jack Walsh: 10 years for impersonating a fed, uh?
Alonzo Mosely: 10 years.
Jack Walsh: How comes no one's after you?
He kind of made FBI a laughing stock, first, he broke their "security" by social engineering (" purporting to be the special agent phoned FBI tech support and successfully obtained a temporary username and password) and then he set up fake FBI ebay and other accounts impersonating NINE FBI staff, including the agent who'd been investingating him. You couldn't make this up...
Why, exactly, should the OIG investigator be fired?
He suspected theft of a parcel by a postal employee, not mail fraud. He corresponded with the seller under that premise, and law enforcement officers and investigators are generally required to provide identification when asked, and for good reason.
Really, who's ballsy enough to attempt to steal the identity of a LEO? Well, this utinni, apparently, but seriously, you DO NOT want to go down a road that has law enforcement refusing to provide their credentials. Down that road leads to far greater impersonation of law enforcement, since anyone loud and burly can just start shouting "Police! On the ground! I don't gotta show shit!" and people will comply for fear of legal problems if they don't and oh look, now they're being robbed/kidnapped/raped/murdered/assaulted with a bannana-cream pie.
No, all the officer did was provide his credentials, which he is obliged to do by law.
I suspect the rest is the result of lax procedures that don't have a second party authentication requirement, or not following those procedures that do.
None of which was done by the officer whose creds had been stolen.
If there is an idiot in the room, it ain't the agent.
The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld.
According to the American watchdog, a common scam involves a fraudster posing as a potential romantic partner on one of the apps. The cybercriminal sends explicit of a stranger photos while posing as them, and asks for similar ones in return from the mark. If the victim sends photos, the extortionist demands a payment – usually in the form of gift cards – or threatens to share the photos on the chat to the victim's family members, friends, or employer.
The US FBI issued a warning on Tuesday that it was has received increasing numbers of complaints relating to the use of deepfake videos during interviews for tech jobs that involve access to sensitive systems and information.
The deepfake videos include a video image or recording convincingly manipulated to misrepresent someone as the "applicant" for jobs that can be performed remotely. The Bureau reports the scam has been tried on jobs for developers, "database, and software-related job functions". Some of the targeted jobs required access to customers' personal information, financial data, large databases and/or proprietary information.
"In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually," said the FBI in a public service announcement.
Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering.
The alleged crooks are believed to have stolen "several million euros" from at least "dozens of Belgian victims," according to that nation's police, which, along with the Dutch, supported the cross-border operation.
On Tuesday, after searching 24 houses in the Netherlands, officers cuffed eight men between the ages of 25 and 36 from Amsterdam, Almere, Rotterdam, and Spijkenisse, and a 25-year-old woman from Deventer. We're told the cops seized, among other things, a firearm, designer clothing, expensive watches, and tens of thousands of euros.
Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe.
In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.
Among the 2,000 people arrested in Operation First Light 2022 were call center operators and fraudsters, and money launderers. Interpol stated that the operation also saw 4,000 bank accounts frozen and 3,000 suspects identified.
Updated A former Seattle tech worker has been convicted of wire fraud and computer intrusions in a US federal district court.
The conviction follows the infamous 2019 hack of Capital One in which personal information of more than 100 million US and Canadian credit card applicants were swiped from the financial giant's misconfigured cloud-based storage.
Paige Thompson (aka "erratic") was arrested in July 2019 after data was leaked between March and July of that year. The data was submitted by credit card hopefuls between 2005 and early 2019, and Thompson was able to get into Capital One's AWS storage thanks to a "misconfigured web application firewall."
A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.
A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.
Gatrel, was convicted of owning and operating two websites – DownThem.org and AmpNode.com – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.
The former director of the University of Arkansas’ High Density Electronics Center, a research facility that specialises in electronic packaging and multichip technology, has been jailed for a year for failing to disclose Chinese patents for his inventions.
Professor Simon Saw-Teong Ang was in 2020 indicted for wire fraud and passport fraud, with the charges arising from what the US Department of Justice described as a failure to disclose “ties to companies and institutions in China” to the University of Arkansas or to the US government agencies for which the High Density Electronics Center conducted research under contract.
At the time of the indictment, then assistant attorney general for national security John C. Demers described Ang’s actions as “a hallmark of the China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.” The DoJ statement about the indictment said Ang’s actions had negatively impacted NASA and the US Air Force.
America's Federal Trade Commission has sued Walmart, claiming it turned a blind eye to fraudsters using its money transfer services to con folks out of "hundreds of millions of dollars."
In a lawsuit [PDF] filed Tuesday, the regulator claimed the superstore giant is "well aware" of telemarketing fraudsters and other scammers convincing victims to part with their hard-earned cash via its services, with the money being funneled to domestic and international crime rings.
Walmart is accused of allowing these fraudulent money transfers to continue, failing to warn people to be on their guard, and failing to adopt policies and train employees on how to prevent these types of hustles.
Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).
RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.
We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.
NSO Group told European lawmakers this week that "under 50" customers use its notorious Pegasus spyware, though these customers include "more than five" European Union member states.
The surveillance-ware maker's General Counsel Chaim Gelfand refused to answer specific questions about the company's customers during a European Parliament committee meeting on Thursday.
Instead, he frequently repeated the company line that NSO exclusively sells its spyware to government agencies — not private companies or individuals — and only "for the purpose of preventing and investigating terrorism and other serious crimes."
Biting the hand that feeds IT © 1998–2022