Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Phishers Arrested In Eastern Europe and US

Posted by kdawson on Mon Nov 06, 2006 01:52 PM
from the round-'em-up dept.
Security
An anonymous reader writes to let us know about the roundup of a phishing gang by the FBI and authorities in Poland and Romania. 18 arrests were made in what the FBI calls "Operation Cardkeeper." The gang has allegedly been selling stolen identities and information on credit cards and bank accounts since at least 2004. To remind us what a drop in the bucket such international operations are, the article says: "The Anti-Phishing Working Group, an industry consortium, said more than 10,000 phishing Web sites were active on the Internet in August, about double the number of sites in January."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Phishers Arrested In Eastern Europe and US 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • I see nowhere in the article a mention about Romania. I know we've had our share of online scam artists, but mentioning Romania any time something like this comes along is just plain ridiculous.
  • We read about these busts quite frequently, but I wonder what percentage of these guys are actually convicted and jailed.
    • They are sentenced to eating Filet-O-Phish for eternity.
    • We read about these busts quite frequently, but I wonder what percentage of these guys are actually convicted and jailed.

      I hope it is enough to reduce the number of e-mail messages I get telling me of problems with my non-existant e-bay account.
  • An anonymous reader writes to let us know about the roundup of a phishing gang by the FBI and authorities in Poland and Romania.

    Poland and Romania have an FBI?

      • Re: (Score:3, Informative)

        by DenDude (922896)

        No, we sure as bloody hell don't. So the real question is - what the **** is YOUR police force doing in MY country?! Who gave them the authority to arrest anyone on Polish soil?!

        I guess you missed the part of the article that stated:

        Working with international authorities, the FBI also assisted in the arrests of 11 people in Poland believed to be connected to a network of online fraud forums. The FBI said it had traced a series of phishing attacks from late 2004 back to members of the Polish ring. (emph

      • When people in YOUR country steal credit card information from people in MINE, I sure as hell hope someone over here is doing something about it.

        Idiotic finger-pointing aside, this is perfectly standard international policing pracitce. If you live in a country where your government won't protect its citizenry from international criminals, then I frankly feel sorry for you.

        *Waits for the anti-americanites to come out of the woodwork to jump all over that set-up*
          • RTFA moron - the FBI didn't arrest anybody in Poland. Nor could they, they only have jurisdiction to arrest in the US. They can assist other countries law enforcement, by I assume, giving them intelligence and information on the subjects. And the USA would extradite anybody that committed a capital crime in Poland - which you could have found out yourself if you would used the minute it took to write your ignornace filled post to actually learn something. I don't know where you are from, but please post so
            • The FBI and DEA took part in raids and traffic stops up here in Canada a while back. Supposedly in an "advisory" role only, but there were cases where they were pointing guns at Canadians...
              • They can point all the guns they like with the Canadian Authorities approval - they just can't actually "arrest" anybody. I'm sure the US authorities were there because the case involved trafficing into the US. I'm guessing the US DEA has a little more experience with that kind of stuff than the Canadian DEA or equivalent, which was probably the other reason they were involved.
                • Everybody seems to be missing a pretty crucial point here:

                  If I'm a bank, and I am based in the US (say: CitiBank, or Wells Fargo, both of whom have been victims of numerous phishing attacks) and if I am the victim of an international gang who phishes my customers: guess who I have to go to to investigate? Usually the FBI and / or the SEC. If the criminals behind the phishing attack are found to be in a country other than the US, *usually* INTERPOL gets involved so they can then point me (or the FBI / SEC) t
                • It was a "training" type situation where the DEA folks were telling the RCMP who (as in what to look for) to stop and search. Which I'm ok with, it's just the "get secretly invited to the country and take part in arrests and carry handguns possibly without the proper paperwork, licenses etc" thing that is a bit disturbing.

                  It is basically impossible to get a carry permit up in Canada (you need written permission from "some guy" and have it planned weeks or even months in advance, etc.

                  • The invation wasn't "secret" - the US DEA was helping the Canadian law enforcement in an official capacity. It's not a big deal or a conspiracy - they were just offering them training and probably intelligence gathering techniques. And if the DEA agents are certified with their firearms, I'm sure it is quite legal to bring them into Canada, especially if they are working with the blessing of the Canadian government. I realize it may be harder for Canadian citizens to get conceal and carry permits, but I am

      • Re: (Score:1, Informative)

        by Anonymous Coward
        The FBI didn't arrest anybody in Poland. They arrested some people in Ohio, and provided information to the Polish authorities. And as far as I can tell, the only ones being charged under US law are the US citizens - those arrested in Poland will face trial there according to local law.
      • No, we sure as bloody hell don't. So the real question is - what the **** is YOUR police force doing in MY country?! Who gave them the authority to arrest anyone on Polish soil?!

        The FBI has an office in Warsaw and they work with the polish police and the CB all the time. I know a guy who got a binder prepared by the FBI during the discovery period of his CC fraud case in the mid 90s.

        Tak w ogole, to niezla reakcja... niezle z dupy.
  • ...then things are at an all-time high. I can hardly delete fake PayPal, eBay and banking phishing emails fast enough. I do legitimate eBay sales and the phishers get more sophisticated every day -- well, at least their formatting has gotten better.

  • Not really just a drop in the bucket (Score:4, Insightful)

    by TheFlyingGoat (161967) on Monday November 06 2006, @02:25PM (#16739205) Homepage Journal
    The Washington Post is slashdotted, so I can't read the article, but I doubt this is just a "drop in the bucket". A group of 18 is likely to have more than a single phishing website. More than likely they'd have over 100. That's still just 1% of the sites out there, but it's at least something. Also, if there were other people in this phishing group, those people would be stongly deterred from phishing in the future. It also serves as a preventative against additional people getting into phishing. At least something is being done about these crimes.
    • Probably more than that even, especially if they have any sense of templating & code re-use.

      I hope we find out. It'd be nice to get some forensic details on their operation out into the open.
  • I read nothing about Romania. The article talks about US and Polish citizens. Maybe anonymous submitters should be scrutinized a tad more by the editors.
  • They haven't committed any crime in their own country, for starters. They may not have committed any crime in the USA, either. I am completely unaware of any laws against tricking someone into giving out their banking information.

    The Internet is pretty much a consequences-free zone. You can do anything you like there, such as stealing or what would be considered a hate crime in the offline world and never get prosecuted for it. You can see examples of this every day. And just about every "Internet pros

    • Re: (Score:2, Insightful)

      by sobachatina (635055)
      Tricking someone out of their bank account info is fraud and using that info to debit money without authorization is theft- both of these are illegal of course.

      These people may not have committed a crime in their country but that is what extradition is for.

      I agree completely with you that the best solution is educating internet users however this justifies the criminal behavior of these phishers not at all.

    • I am completely unaware of any laws against tricking someone into giving out their banking information.

      Ever hear of fraud?
    • "The Internet is pretty much a consequences-free zone."

      I see people that think like this all the time being busted trying to meet 13 year olds for sex on Dateline MSNBC... And anything you do on the internet is as illegal as doing it in the real world - being online isn't like being in "international waters" or anything...
      • being online isn't like being in "international waters" or anything...
         
        But it is, I can say anything I won't on an online forum or instant message, there is nothing illegal.

        It is when you use the internet to do illegal things in the real world. I can arrange to meet a 13 year old kid for sex as much as I want, but when I actually turn up, that is when it gets illegal. I can offer to sell you a bridge every day, but when I actually take your money, that is when problems arise.
    • The Internet is pretty much a consequences-free zone.

      Only in some ways. For example, it allows you to talk out your ass with an air of authority.

      As much as you'd like to think the laws in Europe and the US differer oh so much, they don't. Stealing is stealing, and it's pretty much illegal everywhere in the world that has running water. I don't know about Romania, but in Poland you can and will do time for CC fraud, bank fraud and income tax evasion. With our strict personal data laws, you can get time for s
      • What if somebody writes their banking information on their forehead and walks around? Would everyone that took note or memorized it be breaking the law? What happened to personal responsibility? I have seen scams worse than this in the "real world" and the people never get prosecuted. They hide behind their small print and their armies of lawyers, not the Internet. So much for justice.
        • Dude, you can memorize my banking information all you want. However, if you fucking take money from me without authorization, that is theft and is illegal pretty much everywhere. Your stupid rant about personal responsibility is sadly misplaced - how about not trying to rip people off?
          • No, sorry wrong. You fail to realize what phishing is all about. You give your information away voluntarily. Nobody breaks into your house, rapes your dog and steals your kittyfood. It's no different than any other scam. When you give your information away like that you place your responsibility into someone else's hands. Sure, they are responsible for any abuse, but you are responsible for providing that information. I don't care where you are, but giving somebody your wallet because they "Wanted to look a
  • Who comes up with operation names? And why? Might be a bit offtopic, but seriously. Cardkeeper? What about operation Gone Phishing?
    • Or "Operation Phishers of Phishers of Men"
      • "Operation Phisherman's Phriend?"

        Or do they phear being litigated by L0phthouse? :P

        np: Underworld - Pizza For Eggs (RiverRun Project)
    • There is one guy who comes up with all the names. That is his whole job. I think he may be related to the president. Well worth it.
  • beats a good day phishing. At least if you're these guys.

  • Interesting (Score:1, Funny)

    by Anonymous Coward
    To remind us what a drop in the bucket such international operations are, the article says: "The Anti-Phishing Working Group, an industry consortium, said more than 10,000 phishing Web sites were active on the Internet in August, about double the number of sites in January."

    Yes, and of course, dont forget the webstandard ..... one web site per person.

  • If we can count them... (Score:5, Insightful)

    by Nom du Keyboard (633989) on Monday November 06 2006, @02:50PM (#16739675)
    more than 10,000 phishing Web sites were active on the Internet in August, about double the number of sites in January.

    If we can count them, why can't we shut them down?

    • If we can count them, why can't we shut them down?
      Because they are hosted in countries over which US law enforcement has no jurisdiction. Eastern Europe is the biggest culprit, but they are found all over the world. It's not like we can just march in there and unplug their Internet connections.
    • If we can count them, why can't we shut them down?
      10,000 phishing sites is probably an extrapolation based on some small sample. That's usually how such numbers are made up.

      I seriously doubt they actually counted sites, though anti-phishing companies would be a good resource for real figures.
      • Yep, it's probably an educated guess. Kind of like when the DEA starts quoting figures about what percentage of drugs they are stopping from entering the US. If they don't know how much they aren't stopping, how the hell can the come up with a percentage of drugs they are stopping??
    • If we can count them, why can't we shut them down?

      We can, and we do - but it doesn't help much. I work for a fairly large webhost, and shut down 10-15 phishing sites per day. Next day there are 10-15 new ones, thanks to morons who are using outdated CMS'es/phpBB's or just people who have no idea what they're doing and gets their index.php injected.
  • Here in Virginia, you can get a phishing license for like $10 at tons of different places...no need to steal identities to get them, they hand them out to just about anyone. I don't know what these guys were thinking...

  • The reverse authentication problem (Score:3, Interesting)

    by 140Mandak262Jamuna (970587) on Monday November 06 2006, @03:23PM (#16740235) Journal
    I have seen all kinds of tough authentication systems. My friend used to carry around a key fob with a random number generator that changes every minute. Along with his user id and password he needs to supply this random number to access his cray account. And I have seen others carrying a credit card sized challenge-and-response thingie from RSA. But all these elaborate measures are used to autheticate the user for the server.

    In the phishing scenario, the user has to authenticate the server. That is the crux of the problem. The user base is vast and their technical expertise varies significantly. There is an urgent need to let the users spot phishing attacks easily and reliably. All the banks and financial institutions know it is a looming problem, still they dont do anything. Finally some lawyer sues some bank and suddently the pendulam will swing all the way to the other end and the banks will make us ALL jump through hoops of fire just to log in.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.