Risk
7/12/2007
05:43 PM
50%
50%

Who's Fighting Identity Theft? You'd Be Surprised

I love a good scrap, and one of the more interesting ones I've been following this year involves the U.S. Justice Department and E-Gold, an organization that provides a payment system for online transactions. The government says that E-Gold facilitates cybercrime by allowing the criminal element to pay online for stolen goo

I love a good scrap, and one of the more interesting ones I've been following this year involves the U.S. Justice Department and E-Gold, an organization that provides a payment system for online transactions. The government says that E-Gold facilitates cybercrime by allowing the criminal element to pay online for stolen goods. Yet E-Gold portrays itself as a fellow cybercrime fighter and asserts the government ignores its offers for assistance and is taking credit for E-Gold's investigative work.A federal grand jury in late April indicted E Gold Ltd, Gold & Silver Reserve Inc., and the owners of these related digital currency businesses on charges of money laundering, conspiracy, and operating an unlicensed money transmitting business.

However, E-Gold chairman Douglas Jackson disputes these charges and asserts that the U.S. Secret Service's recent announcement that it has arrested and indicted four members of an organized fraud ring in south Florida was helped by E-Gold's own investigative efforts. "The recent USSS press release is the second instance in three weeks where the USSS is claiming credit for work that was actually initiated and performed last year by e-gold's own in-house investigators," Jackson told me in an e-mail exchange today.

Why is all of this squabbling important to you? As you'll see in InformationWeek's upcoming 10th Annual Global Security Survey, which hits InformationWeek.com this weekend, often companies don't know when their IT systems have been breached and their customer data stolen and sold on the black cyber market. In the 2006 Annual Global Security Survey, only 8% of U.S. respondents said that identity theft had occurred within their organization. You'll be surprised to see where that percentage is in this year's survey results. Anecdotal evidence (including the TJX and Polo cases), suggests that companies should be more worried.

It also suggests that law enforcement should be using every tool at its disposal to crack down on crooks looking to ruin your credit and, worse, the credit of your customers.

The Secret Service's south Florida bust resulted in the recovery of about 200,000 stolen credit-card account numbers responsible for fraud losses roughly calculated to be more than $75 million. One of the keys to the arrests was information that the Secret Service obtained after earlier this year arresting a 30-year-old Florida man--who used the online handle "Blinky"--and his girlfriend. Blinky is accused of trafficking counterfeit credit cards and identifications for years over the Internet. His arrest turned up evidence of an organized fraud ring involving Cuban nationals operating in south Florida and led to the four arrests and indictments announced this week.

The four fraudsters were sending large amounts of money via E-Gold accounts to known cyber criminals in Eastern Europe in return for tens of thousands of stolen credit card account numbers. The stolen credit card account numbers were then used to counterfeit credit cards in "plants" throughout southern Florida, the Secret Service said in a statement.

But Douglas says it was his company that first brought Blinky to the attention of law enforcement in March 2006. Jackson told InformationWeek that investigators working for E-Gold began monitoring Blinky pursuant to an undercover operation it was conducting with law-enforcement agents from the U.S., U.K., and Russia.

"In May 2006, working with records supplied by an exchange service that had sold [Blinky] some e-gold, we were able to supply general location (Miami), three confirmed phone numbers he used, and the usual IP/timestamp combos that even in this day and age are often useful," Jackson said. "In September 2006 we were able to set up a quasi-ambush where the guy was sent a Fed Ex package such that we were able to supply law enforcement with a specific physical location (a garage in Miami) and a time to nab him."

Jackson sent me a copy of an e-mail exchange he claims to have had with a Secret Service contact in January 2006. In an e-mail Jackson ostensibly sent to the agency, he requested the Secret Service use information gathered by E-Gold investigators to crack down on a card-counterfeiting ring. An enthusiastic-sounding response from the agency informed Jackson his Secret Service liaison had made contact with "our guys at HQ and they will be in contact with you or your staff concerning this matter." Jackson told me that E-Gold was later "rebuffed" by the Secret Service and doesn't know if they followed up on the information he says he sent them.

If you're curious about the Justice Department's side of this story, so am I. While I've reached out to them several times as the TJX case has unfolded, I rarely hear back from them.

The TJX data breach has cost that company more than $20 million, and counting. For that company, law enforcement's successes are probably bittersweet. On the one hand, crooks are being put away. On the other hand, the evidence is mounting that their customers have become victims of identity theft. Still wondering whether law enforcement should be working with, rather than against, E-Gold?

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.