12/17/03
Talk
about bad luck! A previously convicted felon from Ohio
and
an Internet addict from Pennsylvania met in an online chat
room and soon joined forces to operate a profitable spamming
venture. The pair sent hundreds of e-mails world-wide that
tricked people into giving out personal information--also
known as "phishing." But they made one mistake--one
of their "marks" turned out to be a Norfolk,
VA, FBI Agent who received the e-mail on his home computer. And this was not just any FBI Agent--he was
a specialist in computer crimes!
The
duo, who had never met in person, exchanged information
on "spamming" (sending mass unsolicited e-mails)
and "carding" (using stolen credit cards). Through
various schemes, the pair got their hands on a large online
service provider's customer user names and passwords, allowing them
access to that provider's chat rooms where they unleashed
several spamming programs, including a particular one known
as "Green Eggs and Spam." The company's subscribers
were flooded with spam messages claiming to be from "Security"
asking for updated credit card information and linked to a
phony "Billing Center" web page. But in fact, the
info went to web-based e-mail accounts accessed by the pair.
Unfortunately, many customers--believing the e-mail to be
legitimate--obliged by sending their personal information.
One
customer who didn't fall for the scam was the Norfolk
FBI Agent. What made the Agent suspect the e-mail? He had
just created the e-mail address literally a minute before
the e-mail reached his inbox and he knew there no way
to have
contact on an e-mail that had existed for only a matter of
seconds. When he clicked on the link in the e-mail, he
noticed
that his browser was going to a non-company web page--another
red flag. He could also tell that the e-mail sender's
address
was fake and the message was sent to almost 20 other users
at the same time. The Agent sent a copy of the phony web
page
to staffers in what was then the Bureau's Special Technologies
and Applications Unit of the National Infrastructure Protection Center to confirm
his suspicions--and they did.
The investigation eventually uncovered the electronic trail
of stolen accounts and free web pages... and ultimately to
the identity of the two main culprits. One has already been
sentenced and the other is currently awaiting sentencing.
One of the computers used in the scam was found to have over
400 stolen credit cards numbers on it.
These types of "phishing" e-mail schemes have been
steadily on the rise, but on 12/16/03, President Bush signed
the "Controlling the Assault of Non-Solicited Pornography
and Marketing Act of 2003 (or the CAN-SPAM Act) to federally
regulate spam. Under the new law, the Federal Trade Commission
is authorized to set up a "do-not-spam" registry,
and violators face multi-million dollar fines, jail time,
and could be sued for damages.
|