When you think about the U.S. Postal Service, you don't normally envision a crack team of globe-trotting agents who bust international Web fraud syndicates and bring cybercriminals to justice. Actually, that's a lot of what the Postal Service's Postal Inspection Service does, in conjunction with other law enforcement agencies.
And with new and increasingly inventive cyberscams surfacing every week, the Postal Inspection Service's workload isn't likely to get any lighter.
Standing before a packed auditorium Monday at Gartner's IT security conference, Greg Crabb, U.S. postal inspector program manager for the organization's international affairs group, explained that the Postal Inspection Service gets involved in information security crimes when those crimes involve use of the U.S. Postal Service to commit fraud, which is more often than you'd think.
"Every one of you living in the United States has a mailbox in front of your house," Crabb said. "I protect that mailbox." Incidentally, the U.S. Postal Service handles 668 million pieces of mail daily.
Just last week, a film producer in Tampa, Fla., was indicted on 10 counts, including several counts for transporting obscene matter via the Internet and through the U.S. postal system. There were also reports to the American Kennel Club and the Council of Better Business Bureaus of a scammer posing as a breeder of puppies who either sends out e-mails or puts up ads offering free or inexpensive puppies. Those responding to the solicitation have paid hundreds or thousands of dollars but received no pooch in return.
Crabb on Monday outlined several different types of criminal schemes he's investigated as a member of the Postal Inspection Service, which was formed in 1909.
In one scheme, a criminal poses as a merchant and steals money and/or payment card information from someone attempting to make a purchase via the Web. Or, as with the now-infamous Nigerian money laundering scams, the criminal can simply ask for money outright. Crabb said he's been chasing a cybercriminal named Vladuz, who has repeatedly gained unauthorized access to areas of eBay's network in order to hijack established accounts and hold auctions for products he doesn't plan to deliver. Thousands of U.S. victims have sent Western Union transactions to France, Germany, the United Kingdom, and Romania, in the hopes of purchasing items from Vladuz, Crabb said. Vladuz has even posted messages on eBay's internal forums and infiltrated servers that administer employee e-mail. "We've been chasing him for some time," Crabb added.
In another type of cyber scam, a cybercrook will sell software to unsuspecting victims. When those victims download the software onto their computers, malware is installed to help the criminal later turn that computer into a bot, which could then be used to launch distributed denial-of-service or some other type of cyberattack. In one example, Crabb traced this sort of activity to Bangkok, Thailand, where in May 2003 he helped arrest Maksym Kovalchuk, a Ukrainian man, on charges of criminal copyright infringement, trafficking in counterfeit goods, and money laundering. Kovalchuk was already a known cybercriminal, having in October 2001 launched the first phishing attack that used eBay as bait to trap its victims.
"Basically, he pioneered phishing by sending out eBay and PayPal spoofs," Crabb said.
In still another variation on cybercrime under the postal inspector's jurisdiction, international criminals buy goods using stolen or fraudulent payment cards and have the goods sent to accomplices in the United States, who then ship the merchandise to the person committing the fraud. In one such operation, a Ukrainian man named Malinkas Silinkas ran a reshipping scam against a U.S. company's e-commerce operations, having ill-gotten merchandise shipped to a U.S. address and then on to his base of operations in Lithuania. Crabb said that when Silinkas was arrested, law enforcement found more than 50,000 fraudulent IDs in his possession.
These are just some of the cases Crabb was able to discuss. For him, even largest cybercrimes are old hat. "I've seen so many TJX's it's not even funny," he said in reference to the cyberattack on the parent company of T.J. Maxx that resulted in the theft of 45 million credit and debit card numbers.
With all due respect to the Postal Inspector, there is no way in Hades that Vladuz is behind all the hijackings currently present on sleazebay. In fact, I would be very surprised if that particular person is behind ANY of them at this time.
If everyone recalls, Vladuz is the author of the eBayCaptcha Populator extension for Firefox. Here is the Developer's comment for the extension: This is only a proof of concept of how insecure eBay's captcha is.
Hardly a peep has been heard from Vladuz since. His telltale signature has not been seen for quite some time now.
But when we did hear from him, he was, in fact, helping ebayers with problems that even ebay's staff could not help wth, at a very popular ebay alternatives website and forum. Vladuz is more friendly, knowlegable and helpful than ebay's own staff. FACT!
Whatever Vladuz saw in the ebaY sign-in, well, someone else has seen it too. Not to mention the Russian Hang-up Team gang which has declared cyber war on the USA, and the Chinese scammers, who are also quite active in related areas pulling scams on ebay and all across the www each and every day. Also not to mention the various new worms and trojans which are constantly popping up, like the Bayrob, the Man-in-the-middle phishing kits, the Gozi, the Jitko, and probably others in the wild not yet even ID'ed
Some of the folks who are hijacking the listings are doing it because "it is there", like climbing a mountain. It is more than one person.
Furthermore, I personally think it is hilarious that a 13-18 year old person somewhere halfway around the globe, in a place believed to be the backwater of the world can run circles arounds some fat, flabby, lazy, dishonest, overpaid button-pushing, pencil-necked dorks and dweebs in San Jose. Those are the ones who are robbing and cheating the American Consumers, not the hackers.
Ebay could fix each and every one of the flaws, IF THEY WANTED TO. Since they profit from the scams, there is no incentive to do so. Simple as that.
Here is a screencap of a comment left by someone (from Romania) on one of the cappnonymous consumer awareness videos at youtube.
I would have to say I agree with that. Further, Romanian people are probably very tired of getting the undue rep as a nation of scammers due to the actions of very few (all blown waaaaaay out of proportion, I may add).
Let me spell it out for everyone. The villian of the story is ebay. Ebay is the one with the sole ability to correct the problems. Ebay is the one ignoring the obvious fixes.
ebaY is the one who has lied, censored, cheated, covered-up, bullied, threatened, and attemtped to indimidate.
ebaY is the one who has modified their own policies time and again to allow the scamming to go undetected and thus unreported.
ebay is the one who feels you are soo important they can send you endless auto-responses, without ever giving the courtesey of even reading your email.
ebaY is the one lining their pockets on the scams, including using the hijacked listing volume to enhance their appearance to their own stockholders.
ebaY is the main player in a continuing criminal enterprise. ebay is engaged in a conspiracy by virtue of willful blindness, or willful ignorance, along with actively, purposefully enhancing IT's rules and policies to accomodate the fraud, as mentioned above. They are aware of the fraud. They profit from the fraud, they have acted to conceal the fraud, they have enabled the fraud.