Big Bust
Authorities in the United States, the United Kingdom and Ukraine last week announced charges against dozens of people believed to be behind
Those charged are alleged to have used the well-known Zeus Trojan to infect computers and compromise online bank accounts.
Though the masterminds of such scams are typically based overseas, they rely upon domestic "money mules" to transfer the money out of the countries where victims' accounts are compromised.
The arrests in the United States may be the easiest to pick off, but the arrests in Ukraine could be another matter.
Five people were arrested in Ukraine, and although they were not named, an unnamed official told Wired.com's "Threat Level" blog that they are believed to be the key players.
"The busts show that top criminal players are being taken out — not just the low-hanging fruit who operate as mules," Wired.com wrote.
Still, some are questioning how lasting the effects of this international bust will be.
Brian Krebs, the security expert behind Krebsonsecurity.com, interviewed one of the victims of this scheme: a business owner in Texas named Troy Owen who
Owen told Krebs the arrests are "excellent news, even if they haven't caught everyone involved. … I had already pretty much given up hope that they'd be able to find these guys. I'm just glad they're finally starting to bring some of these people to justice."
Still, Owen said he realized that these arrests would not put an end to the fraud. "I wonder how many people are waiting in line to take their place," he told Krebs.
Avivah Litan, a vice president and distinguished analyst at the Stamford, Conn., market research company Gartner Inc., said fraudsters may already have been moving beyond Zeus.
"These arrests will put these particular money-mule operations out of business and probably quiet down the other Zeus money-mule operations, at least temporarily," Litan wrote on her blog Friday, "but
And even without these charges and arrests to slow down the alleged Zeus scammers, the fraud community was already hard at work to build the next big scheme. "We won't see an end to innovation in malware and attack methods going after ACH and wire transfers any time soon," she wrote.
Legal Troubles
A U.K.
The sharpest criticism came in the form of "Operation Payback," an organized attack last month on ACS Law's website as well as larger targets like the Recording Industry Association of America and the Motion Picture Association of America, which are also known for pursuing legal action against those suspected of sharing music and films online.
ACS Law brushed off the first attack, the article said, but suffered a bit more the second time it was hit. In its attempt to bring its site back online, ACS Law inadvertently exposed a 350-megabyte archive of e-mails to the Internet. The e-mails contained sensitive information including names, addresses, passwords and payment information, the article said.
Because of the strictness of data security laws in the U.K., this short-lived exposure could put the law firm "on the hook for hundreds of thousands of pounds," the article said. "This is more than a matter of mere embarrassment."
Crime Doesn't Pay
More thieves are making off with entire ATMs, but
Thieves take the machines, usually by first knocking them loose with a vehicle, to drag them away and crack them open at another location to get at the cash inside.
But in one instance in Lexington, Ky., thieves inadvertently made off with an empty automated teller machine, the Lexington Herald-Leader reported Sept. 29.
The ATM, stolen from the Racquet Club apartment complex, had run out of cash and was awaiting service when it was stolen. "According to the victims, it had not yet been refilled," Lexington police spokeswoman Sherelle Roberts told the paper.
Besides the ATM, the complex was also missing a wheel dolly, which the article said might have been used to haul off the ATM.
Exposures
A grocery store chain has disclosed that
Card thieves sometimes steal data by replacing retailers' payment terminals with altered versions that record payment data, which is later picked up by the thieves or, in the case of more advanced systems, transmitted to them wirelessly.
Aldi Inc. said last week that it had replaced the altered machines and has put new security measures in place following the incident, the Associated Press reported Friday. The altered machines were in use between June 1 and Aug. 31 and were placed in stores in 11 of the 31 states that Aldi operates in.
Police in St. Charles, Ill., told the AP that they received 32 reports of fraud from Aldi customers. The Chicago Tribune reported more than 200 Aldi customers in Wheeling, Ill., reported fraudulent withdrawals of $100 to $900 each.
A database of class information created in 2003 has led to an
The database had information on nearly 300 former students and used their Social Security numbers as student identification numbers, the Associated Press reported. The university stopped using Social Security numbers in this way in 2003.
The database, created that year, was discovered to be part of an archive accessible on the Web. The university sent letters last week to 239 affected former students. It was unable to locate another 54 affected former students.
