Thursday, October 14, 2010

Dozens charged with largest Medicare scam ever

A vast network of Armenian gangsters and their associates used phantom health care clinics and other means to try to cheat Medicare out of $163 million, the largest fraud by one criminal enterprise in the program's history, U.S. authorities said Wednesday.

Federal prosecutors in New York and elsewhere charged 73 people. Most of the defendants were captured during raids Wednesday morning in New York City and Los Angeles, but there also were arrests in New Mexico, Georgia and Ohio.

The scheme's scope and sophistication "puts the traditional Mafia to shame," U.S. Attorney Preet Bharara said at a Manhattan news conference. "They ran a veritable fraud franchise."

Unlike other cases involving crooked medical clinics bribing people to sign up for unneeded treatments, the operation was "completely notional," Janice Fedarcyk, head of the FBI's New York office, said in a statement. "The whole doctor-patient interaction was a mirage."

The operation was under the protection of an Armenian crime boss, known in the former Soviet Union as a "vor," prosecutors said. The reputed boss, Armen Kazarian, was in custody in Los Angeles.

Bharara said it was the first time a vor — "the rough equivalent of a traditional godfather" — had been charged in a U.S. racketeering case.

Kazarian, 46, of Glendale, Calif., and two alleged ringleaders — Davit Mirzoyan, 34, also of Glendale, and Robert Terdjanian, 35, of Brooklyn — were named in an indictment charging racketeering conspiracy, bank fraud, money laundering and identity theft.

The indictment accused Terdjanian and others of hatching other schemes involving stolen credit cards, untaxed cigarettes and counterfeit Viagra. It also alleges that during a meeting last year at a Brighton Beach restaurant, Terdjanian pulled a knife on someone who owed him money "and threatened to disembowel the individual if the debt was not paid."

A judge jailed Terdjanian without bail on Wednesday at a brief hearing. Afterward, his attorney said his client denies the charges.

Kazarian and Mirzoyan were scheduled to appear in court Wednesday in Los Angeles.

Authorities began the New York-based investigation after information on 2,900 Medicare patients in upstate New York — including Social Security numbers and dates of birth — were reported stolen.

The defendants in the New York case also had stolen the identities of doctors and set up 118 phantom clinics in 25 states, authorities said. The names were used to submit fake bills for care that was never given, they said.

Some of the phony paperwork was a giveaway: It showed eye doctors doing bladder tests; ear, nose and throat specialists performing pregnancy ultrasounds; obstetricians testing for skin allergies; and dermatologists billing for heart exams.

Tuesday, October 5, 2010

Sacremento credit-card fraud traced to one restaurant

Roseville police are warning people eating out in Roseville to avoid using their debit cards and to pay with cash or use credit cards. Police said hackers have stolen well over 200 people’s information after they ate out at various restaurants and eateries. “We believe the breach is not actually at the restaurant but a third party vendor that's in the process between using your credit card at the restaurant and actually billing the bank,” said Capt. Stefan Moore.

Latest Zeus attack propagated via fake iTunes receipt

U.S. and international authorities may have just made a serious dent in the manpower behind the Zeus botnet, but dozens of arrests aren't stopping the data-stealing trojan from spreading.

The latest Zeus spam campaign targeted iTunes users and attempted to trick them into installing the insidious malware, designed to hijack online banking credentials from its victims, security firms warned this week.

The messages, which appeared to have been sent from Apple's iTunes Store with the address donotreply@itunes[dot]com, arrived with the subject "Your receipt #" followed by a random number, Fred Touchette, senior security analyst at email protection vendor AppRiver, wrote in a blog post Tuesday. The fake receipts claimed the recipient's iTunes order cost hundreds of dollars.

“People buying music from iTunes are getting used to seeing these receipts in their inboxes,” Touchette told on Tuesday. “If [attackers] can get them nervous about the amount of the receipt, they can get them to click on a link.”

Links in the bogus receipt lead to one of approximately 100 domains ending in .info, all of which were registered with GoDaddy. Once clicked, the links redirected users to another site where the Zeus trojan is waiting to infect victims.

The final site that users landed on attempted to automatically download a file claiming to be Adobe Flash Player, but it actually was the malicious payload, Touchette said.

The messages began cropping up on Friday, not long after a separate spam run spoofing the social networking site LinkedIn aimed to foist Zeus on victim PCs. The iTunes campaign is no longer active, and all the domains that attackers were using have been blacklisted, Touchette said.

In the past, attackers have used fake iTunes receipts to lure users to websites selling pharmaceuticals, as well as phishing sites that try to trick users into logging into fake web pages to dupe them into handing over account credentials, researchers at Mac security firm Intego, wrote in a blog post Tuesday.

U.S. and foreign authorities last week announced a series of arrests disrupting an international cybercrime operation linked to Zeus.

The latest attacks indicate that even in spite of last week's arrests, the cyber gangs that use Zeus have not been phased and do not plan on stopping, Touchette said.

“Zeus hasn't shown any signs of letting up,” he said. “Zeus has been so readily available on the underground forums as a kit that many people have their hands on it. It's going to be difficult to put a dent on its output.”

Monday, October 4, 2010

Cyber-criminals steal identity of one of the world's top security chiefs using Facebook

The head of Interpol has warned that cyber-crime is the 'most dangerous criminal threat we will ever face' after fraudsters stole his identity on Facebook.

Security chief Ronald K. Noble revealed that two fake accounts were created in his name and used to find the details of highly-dangerous criminals.

The embarrassing security breach saw one of the impersonators used the false profile to obtain information on fugitives convicted of serious crimes including rape and murder.

Victim: The head of Interpol Ronald K. Noble has warned about the threats of cyber-crime after his identity was stolen on Facebook

The police chief has now warned that there could be devastating consequences of a terrorist cyber attack as he addressed officials at the first Interpol Information Security Conference in Hong Kong.

He said: ' Just recently Interpol's Information Security Incident Response Team discovered two Facebook profiles attempting to assume my identity as Interpol's secretary general.

'One of the impersonators was using this profile to obtain information on fugitives targeted during our recent Operation Infra Red.

'Cyber-crime is emerging as a very concrete threat. Considering the anonymity of cyberspace, it may in fact be one of the most dangerous criminal threats we will ever face.'

As the world's leading cross-border police agency Interpol, is responsible for working with international police forces.
But the details were stolen during Operation Infra Red in which senior investigators from 29 countries targeted criminals on the run from crimes including murder, paedophilia, drug trafficking and money laundering. It led to more than 130 arrests

It is believed the cyber-criminals created Facebook profiles claiming to be Mr Noble. From there they gathered sensitive information about the suspects.

Mr Noble spoke publicly about the scam for the fist time to hundreds of top security chiefs from 56 countries who were gathered at the conference last Friday.

He warned that terrorist could use methods similar to cyber-criminals who hack into victims' to steal financial details.

Mr Noble added: 'Just imagine the dramatic consequences of an attack, let's say, on a country's electricity grid or banking system," he said.

'We have been lucky so far that terrorists did not -- at least successfully or at least of which we are aware - launch cyber-attacks.
'One may wonder if this is a matter of style. Terrorists may prefer the mass media coverage of destroyed commuter trains, buildings brought down, to the anonymous collapse of the banking system. But until when?'

A recent study found that almost two thirds of all adult web users globally have fallen victim to some sort of cyber-crime from spam email scams to having their credit card details stolen.

China had the most cyber-crime victims, at 83 percent of web users, followed by India and Brazil, at 76 percent each, and then the US, at 73 percent, according to the 2011Norton Cyber-crime Report: The Human Impact.

The study of more 7,000 Internet users, also found that 80 percent of people believed the perpetrators would never be brought to justice. Fewer than half ever bother to report the crime to police.

Stacey Wu from internet security firm Symantec said: 'Identity and personal information theft is a big problem. It is no longer just high school kids in their bedrooms sending out malicious emails. It's organised criminals.'

FBI says cyber-thieves stole $70 million

More suspects arrested Friday in what appears to be global crime ring.

 The FBI and law enforcement agencies in Ukraine, the Netherlands and Britain are tracking down international cyber criminals who stole $70 million by using malicious software that captured passwords and account numbers to log onto online bank accounts.

At a press briefing Friday, the FBI said Operation Trident Breach began in May 2009 when agents in Omaha, Nebraska, were alerted to some of the stolen money, which was flowing in bulk payments to 46 bank accounts around the United States.

Ukrainian authorities have detained five people thought to have participated in some of the thefts and Ukraine has executed eight search warrants in the ongoing investigation.

Gordon Snow, the FBI's assistant director in charge of the cyber division, said police agencies overseas were instrumental in finding criminals who designed the malicious software, others who used it and still others called "money mules," who transferred the stolen funds to havens as distant as Hong Kong, Singapore and Cyprus.

Many of the victims were small- and medium-sized businesses that do not have the money to invest in high-level computer security.

On Thursday, 37 people were charged in papers unsealed in federal court in Manhattan with conspiracy to commit bank fraud, money laundering, false identification use and passport fraud for their roles in the invasion of dozens of victims' accounts. Fifty-five have been charged in state court in Manhattan.

The Achilles Heel of PCI Compliance

The payments industry has made significant improvements toward complying with the Payment Card Industry Data Security Standard. But, as Verizon Business' Wade Baker explains, it's the maintenance of PCI DSS compliance that seems to pose the biggest challenges.

This week, Verizon Business releases its 2010 Payment Card Industry Compliance Report, a study that analyzes 200 selected PCI assessments conducted in 2008 and 2009 by Verizon's Qualified Security Assessors. The report reviews how companies are attaining and maintaining PCI compliance. Among the key findings this year: Businesses and organizations struggled most with PCI requirements regarding tracking and monitoring access, as well as meeting the demands for system and process testing and the protection of stored cardholder data.

"Companies struggle with anything they have to maintain over time that requires constant attention," says Baker, director of risk intelligence for Verizon and one of the PCI report's authors. "Just because you were validated at a point in time does not mean that's going to remain static all year."

Lack of Diligence

What often leads to breaches at once-PCI-compliant companies, Baker says, is a lack of consistency and diligence. Companies are not maintaining PCI compliance. "If you don't maintain compliance by constantly reevaluating and upgrading systems, that compliance will erode over time. It erodes down to the point where they are weak, and that's when a breach occurs," he says.

Of organizations Verizon reviewed or assessed for the report, only 22 percent were consistently compliant with PCI requirements from one year to the next. "They gain compliance and they're validated in year one, and then by year two they've lost a little bit," Baker says. "That's a very interesting trend."

Baker is quick to point out that the companies Verizon found that had been breached were not PCI compliant at the time, but had been PCI compliant at some point in the past.

Most payments companies, he says, are doing a better job at staying compliant, but improvements in corporate mindsets are needed. "Certain attacks are going down, and I think a lot has to do with the PCI DSS. But other types of attacks are going up," Baker says.

In Verizon's Data Breach Investigations Report, which also was recently released, Verizon notes that while the number of data base breaches has dropped, the compromise of records has increased. "Personal information in records, like medical records, has value to criminals," Baker says. "But there is a lot of positive momentum in that range, as well," to better protect consumer information.

PCI Common Sense

The vast majority of breaches are preventable, Baker says. Only a small percentage of breaches require sophisticated controls. "Following the security basics, Security 101 and 102, consistently and comprehensively across the organization is rule No. 1," Baker says. "And that would knock out many of these breaches."

Verizon notes that 90 percent of all breaches could have been prevented with something simple, like changing a password. Chris Novak, who works in Verizon's forensics unit, said during his presentation at the PCI Community Meeting in September, that only 15 percent of breaches are high-tech. "The majority of the breaches we see are of moderate complexity," he said. SQL injections top the list and are the most easily prevented, Novak says.

Baker also points to the exploitation of default credentials or stolen credentials as ranking high on the compromise list. "An attacker just goes and starts hammering away at an application and tries 'admin' and 'password' and other combinations that are set at the factory on certain devices and systems," Baker says. "All too often, just trying that a few times allows the attacker in, and then he can do whatever he wants to do from that point on."