A Look at Romanian ‘Hackerville’ Reveals Human Element of Cybercrime

“Editor’s Note: Welcome to my weekly column, Virtual Case Notes, in which I interview industry experts for their take on the latest cybersecurity situation. Each week I will take a look at a new case from the evolving realm of digital crime and digital forensics. For previous editions, please type “Virtual Case Notes” into the search bar at the top of the site.

Cybercrime if often thought of as something that only happens within the generalized, invisible space of the internet. It is seen as virtual rather than physical, and those who commit cybercrime are thought of as anonymous individuals whose activities are all within the confines of the web. Run an image search for “hacker” or “cybercriminal” and you will see plenty of pictures of people with their faces hidden by hoods or masks, sitting alone in a dark room in front of a computer. But what if, instead of a hooded loner, the universal image of cybercrime was that of a group of neighbors in an impoverished part of the world, gathered together at a local cafe?

The latter is a new picture of cybercrime that researchers Jonathan Lusthaus and Federico Varese hope to make more people aware of in their recent paper “Offline and Local: The Hidden Face of Cybercrime.” The co-authors, working on the Human Cybercriminal Project out of the sociology department of the University of Oxford, traveled to Romania in 2014 and 2015 to study the oft-ignored real-world aspect of cybercrime in an area known to be a hub for one specific form of this crime—cyber fraud.

“Hackerville”

The town of Râmnicu Vâlcea, which has a population of around 100,000, has faced some economic setbacks in the last decade, including the loss of a major employer, a chemical plant; in addition, the average monthly salary in Romania as a whole (in 2014) was only €398 compared to €1,489 across the European Union. However, upon arriving in town, Lusthaus and Varese found themselves surrounded by luxury cars, “trendy” eateries, and shopping malls stocked with designer clothes and electronics. Though Râmnicu Vâlcea is poor “on paper,” the town seemed to be thriving, and interviews with Romanian law enforcement agents, prosecutors, cybersecurity professionals, a journalist, a hacker, and a former cybercriminal would soon give the researchers a clue as to why that might be.

“It was rumored that some 1,000 people (in Râmnicu Vâlcea) are involved almost full-time in internet fraud,” Varese told me, explaining why the town sometimes nicknamed “Hackerville” became a key target of their research (although the authors point out, in their paper, that the more accurate term would be “Fraudville,” as scams are focused more on the sale of fake goods than hacking or the spread of malware).

Varese said major findings from their interviews in Râmnicu Vâlcea as well as the Romanian cities of Bucharest and Alexandria were that cybercriminals knew each other and interacted with each other at local meeting spots offline, such as bars and cafes; that they operated in an organized fashion with different people filling different roles; that many in the town were aware of the organized crime but either didn’t say anything or sought to become involved themselves; and that there have been several cases throughout the years of corrupt officials, including police officers, who accepted bribes from the fraudsters and allowed them to perpetuate their schemes without interference.

“These are almost gangs,” Varese said. “They are not the individual, lonely, geeky guy in his bedroom that does the activities, but it’s a more organized operation that involves some people with technical skills and some people who are just basically thugs.”

The paper describes a culture of local complacency, often under threat of violence by a network of seasoned cybercriminals. This picture is far from that of the anonymous, faceless hacker many have come to envision, and instead reveals how internet crime can become embedded in specific populations.

“Most people think of cybercrime as being a global, international sort of liquid problem that could be anywhere and could come at you from anywhere,” Varese said. “In fact, the attacks—the cybercrime attacks or the cyber fraud—really come from very few places disproportionately. So cybercrime is not randomly distributed in the world. It’s located in hubs.”

Cultural and Human Factors

I asked Varese two major questions—why Romania and why cybercrime, as opposed to other forms of profitable crime? He responded that a look at the country’s history reveals why, instead of weapons or drugs, criminals in Romania might turn instead to their computers.

“Romania is a very special place. Mainly because, during the dictatorship of Nicolae Ceaușescu—that was the communist dictator that ruled Romania from the 60s to the 90s—he emphasized the importance of technical education, and especially IT,” Varese explained. “There was a very good technical basis among people. When the internet arrived, a lot of Romanians built up their own micro-networks. And so it turns out that when the regime fell, Romania turned out to be a country which was very, very well-connected.”

The high level of technical education, combined with a high level of poverty and a high level of corruption—as shown in the paper, which points out that Romania’s score on Transparency International’s 2016 Corruption Perceptions Index is only 48 out of possible 100—created a perfect storm for a culture of cybercrime to grown, Varese said.

But Romania is not the only place where cybercrime is highly concentrated and where online activities are strongly tied to offline factors. Varese identifies Vietnam in Asia, Nigeria in Africa and Brazil in the Americas as three other cybercrime hubs. Varese and his coauthor also plan to take their future research to Eastern Europe, where “corruption and the technical and economic of legacy of communism” have created “a highly conducive environment for cybercrime,” their paper states.

Varese hopes this sociological research will help authorities recognize and manage the human element of cybercrime that is often ignored in the fight against online threats.”

Read More

Missing Florida woman found after she bottled her scent

“A woman with dementia who went missing in Florida was found by a police dog in a matter of minutes, having bottled her scent in advance.

Citrus County Sheriff’s Office said the anonymous woman had used a specialist scent preservation kit.

It can hold a person’s scent for up to seven years.

In a Facebook post police said she stored the scent two-and-a-half years ago, and a picture of the jar showed it was dated January 2015.

Scent preservation kits involve rubbing a pad on a person’s underarm, then sealing it in a sterile jar so police dogs have a reliable scent to smell before looking for a missing person.

Manufacturers say they work better and more quickly than articles of clothing, because they are not contaminated by other people’s smells or smells from the environment.

Dogs have a stronger sense of smell than humans and working police dogs are trained to sniff out drugs, people and in some cases corpses.

Some police forces around the world, including in China and Germany, have held scent samples from criminal suspects and crime scenes to help in their investigations.

But there are concerns over a high failure rate; in 2006 it was found that only a quarter of people indicated by dogs in New South Wales, Australia, turned out to be carrying drugs when they were searched.

In this case, though, the missing person was found and the dog earned a celebratory ice cream.”

Read Source

GLOBAL POLICE SPRING A TRAP ON THOUSANDS OF DARK WEB USERS

“WHEN ALPHABAY, THE world’s largest dark web bazaar, went offline two weeks ago, it threw the darknet into chaos as its buyers and sellers scrambled to find new venues. What those dark web users didn’t—and couldn’t—know: That chaos was planned. Dutch authorities had already seized Hansa, another another major dark web market, the previous month.

For weeks, they operated it as usual, quietly logging the user names, passwords, and activities of its visitors–including a massive influx of Alphabay refugees.

On Thursday, Europol and the US Department of Justice jointly announced the fruits of the largest-ever sting operation against the dark web’s black markets, including the seizure of AlphaBay, a market Europol estimates generated more than a billion dollars in sales of drugs, stolen data, and other illegal goods over its three years online. While Alpabay’s closure had previously been reported as an FBI operation, the agency has now confirmed that takedown, while Europol also revealed details of its tightly coordinated Hansa takeover.

With Hansa also shuttered as of Thursday, the dark web looks substantially diminished from just a few short weeks ago—and its denizens shaken by law enforcement’s deep intrusion into their underground economy.

“This is likely one of the most important criminal cases of the year,” attorney general Jeff Sessions said in a press conference Thursday morning. “Make no mistake, the forces of law and justice face a new challenge from the criminals and transnational criminal organizations who think they can commit their crimes with impunity by ‘going dark.’ This case, pursued by dedicated agents and prosecutors, says you are not safe. You cannot hide. We will find you, dismantle your organization and network. And we will prosecute you.”

The Sting

So far, neither Europol nor the Department of Justice has named any of the administrators, sellers, or customers from either Hansa or AlphaBay that they plan to indict. The FBI and DEA had sought the extradition from Thailand of one AlphaBay administrator, Canadian Alexandre Cazes after identifying him in an operation they called Bayonet. But Cazes was found hanged in a Bangkok jail cell last week in an apparent suicide.

Still, expect plenty of prosecutions to emerge from the double-takedown of Hansa and AlphaBay, given the amount of information Dutch police could have swept up in the period after Alphabay’s closure.

“They flocked to Hansa in their droves,” said Interpol director Rob Wainwright. “We recorded an eight-times increase in the number of new users on Hansa immediately following the takedown of Alphabay.” The influx was so large, in fact, that Hansa put up a notice just last week that it was no longer accepting new registrations, a mysterious development given that Dutch police controlled it at the time.

That surveillance means that law enforcement likely now has identifying details on an untold number of dark web sellers—and particularly buyers. Europol claims that it gathered 10,000 postal addresses of Hansa customers, and tens of thousands of their messages, from the operation, at least some of which were likely AlphaBay customers who had migrated to the site in recent weeks.

Though customers on dark web sites are advised to encrypt their addresses so that only the seller of the purchased contraband can read it, many don’t, creating a short trail of breadcrumbs to their homes for law enforcement when they seize the sites’ servers.”

Read More

Dialing for Cash

A massive international hacking and telecommunications fraud scheme served as a backdrop for an FBI investigation that led to the capture of a Pakistani citizen who played a major role in scamming U.S. companies out of millions of dollars in fees.

From November 2008 to December 2012, Muhammad Sohail Qasmani laundered more than $19.6 million in proceeds from a conspiracy that transformed the telephone networks of American corporations into literal cash cows.

Allegedly led by another Pakistani national, Noor Aziz Uddin—who is currently a fugitive wanted by the FBI—the fraud scheme involved an international group of highly skilled hackers who focused on penetrating telephone networks of businesses and organizations in the United States. Once the hackers gained access to the computer-operated telephone networks, commonly known as PBX systems, they reprogrammed unused extensions to make unlimited long distance calls.

Before a hired group of dialers could freely use the exploited lines, Aziz set up a handful of pay-per-minute premium telephone numbers to generate revenue. While the numbers appeared to be chat, adult entertainment, and psychic hotlines, no actual services were provided. Instead, the hacked extensions of the U.S. companies dialed into dead air or fake password prompts and voice-mail messages. The longer the lines stayed connected with the fraudulent premium numbers, the higher the bill would be for the unsuspecting businesses. Once paid, the resulting income for Aziz’s fake premium lines ended up in the pockets of the criminal enterprise.

Having previous experience running a money laundering and smuggling business in Thailand, Qasmani was a prime candidate for managing the hundreds of transactions necessary to keep the fraud scheme going over the long term.

“Qasmani was a lifelong fraudster with a history of running telephone schemes since the late 1990s. It’s how he made his name,” said Special Agent Nathan Cocklin, who investigated the case from the FBI’s Newark Field Office. “His collective background made him a go-to money mover for Aziz.”

Read More

Chicago Police, Feds Team up on New Effort to Curb Violence

Chicago police, federal agents and prosecutors are launching a new initiative Friday to stem the flow of illegal firearms in the city as part of efforts to curb rampant gun violence that President Donald Trump says is at “epidemic proportions.”

Trump’s remark on Twitter came ahead of an announcement by Chicago police and the Bureau of Alcohol, Tobacco, Firearms and Explosives about the formation of the Chicago Crime Gun Strike Force. The Chicago Sun-Times reported 20 additional ATF agents have been sent to Chicago.

State police, intelligence analysts and state and federal prosecutors will target illegal guns and repeat gun offenders, Chicago police said. Superintendent Eddie Johnson said in a statement Thursday night that “we are foundationally changing the way we fight crime in Chicago.”

Trump tweeted Friday morning that “Crime and killings in Chicago have reached such epidemic proportions that I am sending in Federal help.” In January, he warned Chicago about its high number of homicides, saying on Twitter that he is ready to “send in the Feds.”

Trump’s latest tweet said there have been 1,714 shootings in Chicago this year. The Sun-Times said its count showed 1,737 people have been shot in 2017, including 306 who died. The Associated Press sent a message to a police spokesman seeking their most recent count.

Police and federal officials note, however, that efforts to curb gun violence in Chicago have been cooperative — and are ongoing. Under the new effort, the federal prosecutors and prosecutors from Cook County will work on new strategies to prosecute gun crimes and offenders.

Attorney General Jeff Sessions, speaking Friday on the Fox News Channel’s morning show, “Fox & Friends,” said the Justice Department is “sending in additional gun investigators” to Chicago and that he has urged the U.S. attorney’s office to prosecute gun cases aggressively.

“The police have been demoralized in many ways,” he said. “In many ways, the policies in Chicago have not been working. Murders are way, way too high. It is critical for the people of Chicago’s public safety that we begin to work together here and deport violent criminals that have been convicted. They need to not be a sanctuary city, they need to be protecting the people of Chicago from violent criminals.”

Read More

How To Know Which NIST Framework To Use

“One of the most important aspects of the recent cybersecurity executive order is also the aspect causing the most confusion.

When President Donald Trump signed the executive order in May, it included the requirement federal agencies use the NIST Cybersecurity Framework to manage their cybersecurity risk. However, some have confused the NIST CSF with the NIST Risk Management Framework, which all federal agencies have been required to follow since its 2010 introduction.

To put it succinctly, they are two different frameworks. As industry and government work together to execute this order, it is very important for everyone to fully understand the two frameworks, and how they differ.

NIST CSF Overview

The NIST CSF was released in February 2014 in response to a 2013 executive order that called for a voluntary framework of industry standards and best practices to help organizations manage cybersecurity risk.

The CSF was created as a result of collaboration between government and the private sector. It “uses a common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.”

The heart of the NIST CSF is the Framework Core, which consists of five functions: identify, protect, detect, respond and recover. The functions and their components aren’t a checklist of actions to be performed in order. Rather, they are concurrent and continuous activities that “provide a high-level, strategic view of the life cycle of an organization’s management of cybersecurity risk.”

Read More

Corporate Sector Special Operations: Myths & Realities

“It was still dark outside when the first undercover operative arrived at the Palace Hotel in San Francisco. A thick layer of fog swirled through the streets as the operative made his way into the lobby. He sat down to wait for his partner, and for the man who had hired them for the job. The hotel was to be the site of a large tech conference that day, and the two operatives had to be in position fast. Conference attendees would soon be streaming in for registration, and before long, the guest speakers would begin to arrive—including one specific Silicon Valley billionaire they would be watching for.

As the hubbub in the lobby built to a crescendo, the operatives slid into the background. It was imperative for their mission that no one knew who they were or what they were doing there.

While this might sound like a nefarious plot in some Hollywood movie, this was actually a covert protective operation, and part of a whole undercover world that very few people know exists—an invisible world I call the “surveillance zone.”

Introducing the “Surveillance Zone”

Let me offer you a peek behind the curtain—and into the “zone.” That first undercover operative mentioned above? That was actually me, and the man who had hired us was the senior security director for a well-known Silicon Valley corporation. We’d been hired to covertly protect the billionaire founder and CEO, whose company—despite some dramatic downswings and falling stock prices—was about to unveil a new venture. The mix of angry stockholders, excited techies, and nervous investors had company execs feeling skittish and us on our guard, and made for a tricky and interesting assignment.

On top of all that, the CEO had been receiving increasingly violent threats from a dedicated stalker who had demonstrated the will and ability to take things to the next level. Having surveilled the CEO’s home and workplace, and even physically confronted the CEO, there was ample reason to take the stalker’s intentions seriously.

When the threat to harm the CEO at the convention had come in (just a day before the event), the company decided to take action. At ten pm, I received a call from the security director, requesting our presence at the hotel at six am the following morning.”

Read More

Security and police make several arrests at Livingston Mall

“Police assisted security officers and made several arrests with various charges on May 13 and May 14 at the Livingston Mall.

The first call from the Livingston Mall was about person being held in the parking lot by security for potentially being in possession of stolen property, according to police.

Upon police arrival, it was revealed that the individual possessed multiple items stolen from six different stores at the Livingston Mall. Subsequent to investigation, Robert Braswell, 33, of East Orange was arrested and charged with receiving stolen property and was released on his own recognizance pending court action.

The next afternoon, police received a call from both Lord & Taylor security and Livingston Mall security, whom were attempting to take an individual into custody who may have previously passed bad checks. Upon arrival, the female was fighting with security officers, according to police.

Ultimately, Latesha Shavers, 35, of Perth Amboy, was charged with assault and resisting arrest. Police said she had also been under investigation by Lord & Taylor security the previous week for passing bad checks.

Shavers was subsequently charged by Livingston police for passing bad checks and theft by deception on an incident that occurred on May 7. Following these charges, she was remanded to the Essex County Jail.”

View Source

Barona Casino Security Points Deputies to International Counterfeiting Ring

“Barona Resort and Casino security guards alerted San Diego County Sheriff’s Department deputies to an international counterfeiting operation.
Deputies arrested Lien Do, Hao Nguyen, and Ben Ven Pham on Christmas Day last year.
They found $300,000 worth of counterfeit chips in the suspects’ car.
“It appears that what they were seeking to do was convert those chips into cash and to walk out the casino with the cash,” said Prosecutor Daniel Shim.
The defendants were charged with multiple felonies, including grand theft, burglary, forgery and possession of counterfeit marks.
“When the sheriff’s department searched their home in Garden Grove, they found about $2 million in casino labels,” Shim said. “During Mr. Pham’s interview, he indicated he received those chips from Vietnam.”
Two of the defendants plead guilty to lesser charges and are serving one-year jail terms. Charges against a third defendant were dropped and he returned to Vietnam.
“The Sheriff’s department did a great job in investigating this case. They did a very thorough investigation,” Shim said.
The criminal investigation expanded to at least six other casinos in Southern California, several of which are located in San Diego.
It remains unclear if any of the fake chips were actually used in any of those casinos.
“It is still unknown if the operation had any ties to organized crimes,” Shim said.”

View Source

How Private Investigators Can Effectively Handle Intense Situations

“A private investigator’s days are often filled with uneventful surveillance and dead ends, but that’s only part of the job. On occasion, PIs may land in hot water and must rely on their communication and negotiation skills to get them out of it.

It takes talent, poise, and honed interpersonal skills to talk an enraged spouse out of swinging at you. Physical weapons are not always available, so we use what we do have in our arsenal—words, empathy, and emotional intelligence—to de-escalate a volatile situation.

Operating effectively under stress is a must-have skill in this line of work. No amount of training can prevent us from feeling fear in extreme situations. But we can learn to mitigate the stress symptoms, and even harness them—to laser-focus our energies on solving the problem at hand.

The Adrenaline Rush

In stressful conditions, our adrenal glands secrete a hormone to prepare the body for “fight or flight.” That shot of adrenaline can feel like a head rush: Your heart races. You breathe faster and deeper. You feel a surge of energy, heightened awareness, or even a suppressed pain response. And under extreme stress, you may experience tunnel vision, auditory exclusion (temporary hearing impairment), or a sense that time has slowed.

Some people seek out that rush (in its milder forms) as a welcome distraction from the more tedious aspects of investigative work. But when the job brings us into contact with unpredictable people and dangerous places, that physiological fight or flight response isn’t just a bungee-jump in the park anymore; it’s a survival mechanism.

The flip side is that those same symptoms that prepare us to deal with danger can also cloud judgement and make clear thinking a challenge.”

Read More