Fraud Intelligence Newsletter

September 2008

Table of Contents
Notorious criminal marketplace closes
Credit card data for sale - in your inbox
Grey hat ISP cut off
Beware of password retrieval risks
October is National Cyber Security Awareness Month
Upcoming Event Schedule

September 29 - October 1, Digital PhishNet 2008 Conference (by invitation only), San Diego, CA.

October 14 - 16, eCrime Researchers Summit 2008 and APWG General Meeting (members only), Atlanta, GA.

November 2 - 7, ICANN Meeting, Cairo, Egypt.  Rod Rasmussen will again be attending as the Industry Liaison for the APWG.


Notorious criminal marketplace closes

The computer criminal marketplace site DarkMarket.ws was shut down by its operator, known online as Master Splynter, on September 16.  Based on comments posted by Master Splynter, scrutiny by law enforcement and other law-abiders apparently forced the shut down of the site. The site had been operating for the past three years as on online marketplace where stolen identities, stolen credit cards, and the tools of the trade were bought and sold. 



Credit card data for sale - in your inbox

Apparently, there is more supply of stolen credit card data than the online black market bazaars like DarkMarket can handle.  In mid-September, we started seeing spam messages offering to sell stolen credit card information.  The spam's opening lines read:

hi guys , I selling dmps (Visa & MC) (tr1+tr2) (tr2) Wellcome !!!Usa price list.

usa price :
Classik 25$
Gold / platinum / Purchaseng / corp 50$
Amex 20$
Discover 40$

The message also offered volume discounts.   Potential buyers were directed to contact the seller via ICQ or a Gmail account.



Grey hat ISP cut off by upstream provider

Atrivo, also called Intercage, is a California-based ISP that has historically hosted a disproportionately high volume of scam and malware distribution sites.  The ISP became unreachable on September 21 when its upstream connectivity provider stopped routing traffic for it.  The upstream provider pulled the plug on Atrivo after being pressured to do so by its customers and by several Internet watchdog groups, including Knujon.org and Brian Krebs of the Washington post.  Krebs provides the details of the shut down on his blog.

Atrivo provided hosting for the domain registrar EstDomains, which is notorious for its disproportionately high volume of fraud registrations, and its past associations with the now defunct Russian Business Network (RBN).  The RBN was forced out of business several months ago when its upstream connectivity providers ceased to provide it with service.  EstDomains has also recently been publicly scrutinized by Knujon.org and Brian Krebs. 



Beware of password retrieval risks

The personal Yahoo e-mail account of Republican vice-presidential nominee Sarah Palin was compromised when a hacker performed some basic online research augmented by educated guessing to fool Yahoo's "forgot-my-password" system into letting him change the password on Palin's account.

Most password help utilities rely on the concept of "shared secrets" to authenticate the account holder - except that the shared information isn't really a secret these days.  In the age of Google, blogs and online public records, very little demographic or historical information about a person is really secret.  Birthday, birth place, hometown, mother's maiden name, high school, colleges attended, pet's name...For most people, especially famous ones, this kind of information can be found with a minimum of online sleuthing.

Phishing can be used to determine shared secrets as well. If a system relies a limited set of shared secrets, phishers can create their attacks to get the necessary secrets from their victims.  For example, Bank of America's Site Key system has been repeatedly attacked in this manner.

October is National Cyber Security Awareness Month

The Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA) and others have joined together to support and promote National Cyber Security Awareness Month during October. The goal of National Cyber Security Awareness Month is to educate everyday Internet users on how to "Protect Yourself Before You Connect Yourself", by taking simple and effective steps.

This month provides an excellent opportunity to reach out to your customers, members and employees with educational messages.  The DHS website and NCSA website offer ideas, examples and resources for help in creating awareness campaigns and events.


If you want to learn more about protecting your organization from phone phishing, phishing, spear phishing, targeted malware and other attacks against your customers, please contact Internet Identity.

Newsletter Archive

November 2009
January-March 2009
November/December 2008
October 2008
September 2008
August 2008
July 2008
June 2008

2010 Event Schedule

Jan 31 – Feb 3, BlackHat DC 2010 Briefings and Training, Arlington, VA

Feb 8 – 10, Credit Union Information Security Professionals Association (CUISPA) Annual Summit , Austin, TX.

Feb 15 – 18, Messaging Anti-Abuse Working Group (MAAWG) 18th General Meeting, San Francisco, CA.

March 1 – 5, RSA Conference, San Francisco, CA.

March 7 – 12, ICANN General Meeting No. 37, Nairobi, Kenya.  Rod Rasmussen will be attending as liaison for the APWG.

March 16 – 17, e-Crime Congress, London, UK.

April 12 – 14, Educause Security Professional Conference, Atlanta, GA

May 3 – 5, FS-ISAC, FSTC, BITS Annual Summit, St. Pete Beach, FL.

May 11 – 13, Anti-Phishing Working Group (APWG) Counter e-Crime Operations Summit 2010, São Paulo, Brazil.

View Full Event Schedule
© 2008-2009 Internet Identity | Privacy Policy | Home | News | Solutions | About Us | 888-239-6932 | +1 253-590-4100

Note: All advertised performance claims are based upon direct, real-world trials for clients and prospects against our competitors. References who can further substantiate these claims are available to qualified prospects upon request. We encourage you to compare our service performance against our peers head-to-head for yourself!