Business & Finance
News
6/4/2007
03:36 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

U.S. Postal Service Cracks Down On Cyberscams

With new and increasingly inventive cyberscams surfacing every week, the Postal Inspection Service's workload isn't likely to get any lighter.

When you think about the U.S. Postal Service, you don't normally envision a crack team of globe-trotting agents who bust international Web fraud syndicates and bring cybercriminals to justice. Actually, that's a lot of what the Postal Service's Postal Inspection Service does, in conjunction with other law enforcement agencies.

And with new and increasingly inventive cyberscams surfacing every week, the Postal Inspection Service's workload isn't likely to get any lighter.

Standing before a packed auditorium Monday at Gartner's IT security conference, Greg Crabb, U.S. postal inspector program manager for the organization's international affairs group, explained that the Postal Inspection Service gets involved in information security crimes when those crimes involve use of the U.S. Postal Service to commit fraud, which is more often than you'd think.

"Every one of you living in the United States has a mailbox in front of your house," Crabb said. "I protect that mailbox." Incidentally, the U.S. Postal Service handles 668 million pieces of mail daily.

Just last week, a film producer in Tampa, Fla., was indicted on 10 counts, including several counts for transporting obscene matter via the Internet and through the U.S. postal system. There were also reports to the American Kennel Club and the Council of Better Business Bureaus of a scammer posing as a breeder of puppies who either sends out e-mails or puts up ads offering free or inexpensive puppies. Those responding to the solicitation have paid hundreds or thousands of dollars but received no pooch in return.

Crabb on Monday outlined several different types of criminal schemes he's investigated as a member of the Postal Inspection Service, which was formed in 1909.

In one scheme, a criminal poses as a merchant and steals money and/or payment card information from someone attempting to make a purchase via the Web. Or, as with the now-infamous Nigerian money laundering scams, the criminal can simply ask for money outright. Crabb said he's been chasing a cybercriminal named Vladuz, who has repeatedly gained unauthorized access to areas of eBay's network in order to hijack established accounts and hold auctions for products he doesn't plan to deliver. Thousands of U.S. victims have sent Western Union transactions to France, Germany, the United Kingdom, and Romania, in the hopes of purchasing items from Vladuz, Crabb said. Vladuz has even posted messages on eBay's internal forums and infiltrated servers that administer employee e-mail. "We've been chasing him for some time," Crabb added.

In another type of cyber scam, a cybercrook will sell software to unsuspecting victims. When those victims download the software onto their computers, malware is installed to help the criminal later turn that computer into a bot, which could then be used to launch distributed denial-of-service or some other type of cyberattack. In one example, Crabb traced this sort of activity to Bangkok, Thailand, where in May 2003 he helped arrest Maksym Kovalchuk, a Ukrainian man, on charges of criminal copyright infringement, trafficking in counterfeit goods, and money laundering. Kovalchuk was already a known cybercriminal, having in October 2001 launched the first phishing attack that used eBay as bait to trap its victims.

"Basically, he pioneered phishing by sending out eBay and PayPal spoofs," Crabb said.

In still another variation on cybercrime under the postal inspector's jurisdiction, international criminals buy goods using stolen or fraudulent payment cards and have the goods sent to accomplices in the United States, who then ship the merchandise to the person committing the fraud. In one such operation, a Ukrainian man named Malinkas Silinkas ran a reshipping scam against a U.S. company's e-commerce operations, having ill-gotten merchandise shipped to a U.S. address and then on to his base of operations in Lithuania. Crabb said that when Silinkas was arrested, law enforcement found more than 50,000 fraudulent IDs in his possession.

These are just some of the cases Crabb was able to discuss. For him, even largest cybercrimes are old hat. "I've seen so many TJX's it's not even funny," he said in reference to the cyberattack on the parent company of T.J. Maxx that resulted in the theft of 45 million credit and debit card numbers.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.