Risk
10/3/2008
02:48 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Government Cracks Down On Online Disaster Scammers

One case brought by the Hurricane Katrina Task force last November resulted in sentences of more than eight and nine years for two brothers who operated a fraudulent Web site.

More than 900 people who aimed to defraud disaster victims and their would-be benefactors have been swept up in a storm of litigation.

On Wednesday, the Hurricane Katrina Task Force, set up in September 2005 to fight disaster-related fraud, said that it had filed federal charges against 907 individuals in 43 federal judicial districts since its inception.

"Whenever a natural disaster strikes, there will always be unscrupulous people willing to take advantage of victim assistance and rebuilding efforts," said Matthew Friedrich, acting assistant attorney general for the Justice Department's Criminal Division and chair of the task force, in a statement. "Those who would try to profit from the misfortunes of disaster victims should know that the Department of Justice, federal investigative agencies, and inspectors general will continue their aggressive pursuit of disaster fraud."

One case brought by the Hurricane Katrina Task force last November resulted in sentences of more than eight and nine years for two brothers who operated a Web site that fraudulently claimed to be collecting money for Hurricane Katrina victims on behalf of the Salvation Army. According to the Department of Justice, the two brothers registered "Salvationarmyonline.org" on Sept. 3, 2005, less than a week after Hurricane Katrina swept through New Orleans. Their Web site directed visitors to donate through PayPal, and the brothers collected more than $48,000 for victims of Hurricane Katrina, and later Hurricane Rita, before authorities shut the scam down.

Cyber squatting -- the registration of domain names lawfully associated with other entities -- rose 38% in the second quarter of 2008, compared with the same period last year, according to MarkMonitor, a company that monitors brand abuse.

In July, the Internet Crime Complaint Center (IC3), a joint project operated by the FBI and the National White Collar Crime Center, warned that spate of disasters in May and June -- tornadoes, wildfires, and flood -- was likely to bring out scammers.

"Tragic incidents, such as 9/11, Hurricanes Katrina and Rita, and the recent earthquake in China, have prompted individuals with criminal intent to solicit contributions purportedly for a charitable organization and/or a good cause," IC3 said.

IC3 advises not responding to spam e-mail or clicking on links in unsolicited messages, not opening attached files from unknown senders, contributing directly to known organizations rather than through third parties claiming to represent such organizations, attempting to verify the legitimacy of charitable organizations, and refusing to supply sensitive personal or financial information to anyone soliciting donations.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant