Forgot your password?
typodupeerror

Phishers Arrested In Eastern Europe and US 84

Posted by kdawson
from the round-'em-up dept.
An anonymous reader writes to let us know about the roundup of a phishing gang by the FBI and authorities in Poland and Romania. 18 arrests were made in what the FBI calls "Operation Cardkeeper." The gang has allegedly been selling stolen identities and information on credit cards and bank accounts since at least 2004. To remind us what a drop in the bucket such international operations are, the article says: "The Anti-Phishing Working Group, an industry consortium, said more than 10,000 phishing Web sites were active on the Internet in August, about double the number of sites in January."
This discussion has been archived. No new comments can be posted.

Phishers Arrested In Eastern Europe and US

Comments Filter:
  • Romania???? (Score:2, Informative)

    by adinu79 (860333)
    I see nowhere in the article a mention about Romania. I know we've had our share of online scam artists, but mentioning Romania any time something like this comes along is just plain ridiculous.
    • Re:Romania???? (Score:4, Informative)

      by El Torico (732160) on Monday November 06, 2006 @03:05PM (#16738853)
      Other articles noted that the investigation includes Romania - http://www.net-security.org/secworld.php?id=4352 [net-security.org].

      This article in the Washingtonn Post appears to be the most comprehensive - http://blog.washingtonpost.com/securityfix/2006/11 /14_arrested_for_credit_card_ph_1.html [washingtonpost.com]

  • Convictions? (Score:2, Insightful)

    by j00r0m4nc3r (959816)
    We read about these busts quite frequently, but I wonder what percentage of these guys are actually convicted and jailed.
    • Re: (Score:2, Funny)

      by ReidMaynard (161608)
      They are sentenced to eating Filet-O-Phish for eternity.
    • We read about these busts quite frequently, but I wonder what percentage of these guys are actually convicted and jailed.

      I hope it is enough to reduce the number of e-mail messages I get telling me of problems with my non-existant e-bay account.
  • by Chacham (981)
    An anonymous reader writes to let us know about the roundup of a phishing gang by the FBI and authorities in Poland and Romania.

    Poland and Romania have an FBI?
  • ...then things are at an all-time high. I can hardly delete fake PayPal, eBay and banking phishing emails fast enough. I do legitimate eBay sales and the phishers get more sophisticated every day -- well, at least their formatting has gotten better.
  • by TheFlyingGoat (161967) on Monday November 06, 2006 @03:25PM (#16739205) Homepage Journal
    The Washington Post is slashdotted, so I can't read the article, but I doubt this is just a "drop in the bucket". A group of 18 is likely to have more than a single phishing website. More than likely they'd have over 100. That's still just 1% of the sites out there, but it's at least something. Also, if there were other people in this phishing group, those people would be stongly deterred from phishing in the future. It also serves as a preventative against additional people getting into phishing. At least something is being done about these crimes.
    • Probably more than that even, especially if they have any sense of templating & code re-use.

      I hope we find out. It'd be nice to get some forensic details on their operation out into the open.
  • I read nothing about Romania. The article talks about US and Polish citizens. Maybe anonymous submitters should be scrutinized a tad more by the editors.
  • They haven't committed any crime in their own country, for starters. They may not have committed any crime in the USA, either. I am completely unaware of any laws against tricking someone into giving out their banking information.

    The Internet is pretty much a consequences-free zone. You can do anything you like there, such as stealing or what would be considered a hate crime in the offline world and never get prosecuted for it. You can see examples of this every day. And just about every "Internet pros
    • Re: (Score:2, Insightful)

      by sobachatina (635055)
      Tricking someone out of their bank account info is fraud and using that info to debit money without authorization is theft- both of these are illegal of course.

      These people may not have committed a crime in their country but that is what extradition is for.

      I agree completely with you that the best solution is educating internet users however this justifies the criminal behavior of these phishers not at all.

    • by kbob88 (951258)
      I am completely unaware of any laws against tricking someone into giving out their banking information.

      Ever hear of fraud?
    • "The Internet is pretty much a consequences-free zone."

      I see people that think like this all the time being busted trying to meet 13 year olds for sex on Dateline MSNBC... And anything you do on the internet is as illegal as doing it in the real world - being online isn't like being in "international waters" or anything...
      • by mgblst (80109)
        being online isn't like being in "international waters" or anything...
         
        But it is, I can say anything I won't on an online forum or instant message, there is nothing illegal.

        It is when you use the internet to do illegal things in the real world. I can arrange to meet a 13 year old kid for sex as much as I want, but when I actually turn up, that is when it gets illegal. I can offer to sell you a bridge every day, but when I actually take your money, that is when problems arise.
    • by jedrek (79264)
      The Internet is pretty much a consequences-free zone.

      Only in some ways. For example, it allows you to talk out your ass with an air of authority.

      As much as you'd like to think the laws in Europe and the US differer oh so much, they don't. Stealing is stealing, and it's pretty much illegal everywhere in the world that has running water. I don't know about Romania, but in Poland you can and will do time for CC fraud, bank fraud and income tax evasion. With our strict personal data laws, you can get time for s
  • Who comes up with operation names? And why? Might be a bit offtopic, but seriously. Cardkeeper? What about operation Gone Phishing?
    • by griffjon (14945)
      Or "Operation Phishers of Phishers of Men"
      • by Briareos (21163)
        "Operation Phisherman's Phriend?"

        Or do they phear being litigated by L0phthouse? :P

        np: Underworld - Pizza For Eggs (RiverRun Project)
    • Hey, I got my rod and tackle box ready! Did someone say Mission Impossible? Sierr! Then again that dream I had last night about the Loch Ness Monster, reeling it in, that was a nightmare - call that a mission impossible! Ops, Sorry off the topic! Just that "gone phishing" triggered ME memory path, and my instincts just wondered off with imagination.
    • by mgblst (80109)
      There is one guy who comes up with all the names. That is his whole job. I think he may be related to the president. Well worth it.
  • beats a good day phishing. At least if you're these guys.
  • Interesting (Score:1, Funny)

    by Anonymous Coward
    To remind us what a drop in the bucket such international operations are, the article says: "The Anti-Phishing Working Group, an industry consortium, said more than 10,000 phishing Web sites were active on the Internet in August, about double the number of sites in January."

    Yes, and of course, dont forget the webstandard ..... one web site per person.
  • by Nom du Keyboard (633989) on Monday November 06, 2006 @03:50PM (#16739675)
    more than 10,000 phishing Web sites were active on the Internet in August, about double the number of sites in January.

    If we can count them, why can't we shut them down?

    • If we can count them, why can't we shut them down?
      Because they are hosted in countries over which US law enforcement has no jurisdiction. Eastern Europe is the biggest culprit, but they are found all over the world. It's not like we can just march in there and unplug their Internet connections.
    • by TubeSteak (669689)
      If we can count them, why can't we shut them down?
      10,000 phishing sites is probably an extrapolation based on some small sample. That's usually how such numbers are made up.

      I seriously doubt they actually counted sites, though anti-phishing companies would be a good resource for real figures.
      • Yep, it's probably an educated guess. Kind of like when the DEA starts quoting figures about what percentage of drugs they are stopping from entering the US. If they don't know how much they aren't stopping, how the hell can the come up with a percentage of drugs they are stopping??
    • by Zedrick (764028)
      If we can count them, why can't we shut them down?

      We can, and we do - but it doesn't help much. I work for a fairly large webhost, and shut down 10-15 phishing sites per day. Next day there are 10-15 new ones, thanks to morons who are using outdated CMS'es/phpBB's or just people who have no idea what they're doing and gets their index.php injected.
      • by Gunstick (312804)

        do you do it proactive? Like run a search robot on new files if they are copies of bank sites. Or run some network scanner which triggers an alarm if it sees the login page of yahoo/ebay/paypal etc fly by. It could even drop the connection...

        If you are annoyed by the 15 sites to shut down because people email you that there are phish sites up, it is more interesting to not make it possible to run phishing sites in the first place. The hackers will get annoyed and move to another ISP.

        good ida? bad idea?
        I kno
  • Here in Virginia, you can get a phishing license for like $10 at tons of different places...no need to steal identities to get them, they hand them out to just about anyone. I don't know what these guys were thinking...
  • by 140Mandak262Jamuna (970587) on Monday November 06, 2006 @04:23PM (#16740235) Journal
    I have seen all kinds of tough authentication systems. My friend used to carry around a key fob with a random number generator that changes every minute. Along with his user id and password he needs to supply this random number to access his cray account. And I have seen others carrying a credit card sized challenge-and-response thingie from RSA. But all these elaborate measures are used to autheticate the user for the server.

    In the phishing scenario, the user has to authenticate the server. That is the crux of the problem. The user base is vast and their technical expertise varies significantly. There is an urgent need to let the users spot phishing attacks easily and reliably. All the banks and financial institutions know it is a looming problem, still they dont do anything. Finally some lawyer sues some bank and suddently the pendulam will swing all the way to the other end and the banks will make us ALL jump through hoops of fire just to log in.

  • The article cited mentions cyber criminals in the U.S.A. and Poland, not Romania.
  • Where's Romania in this article? I can't seem to find any reference to it...
  • There is no mention of Romania in the article.
  • Yeah, I know this is redundant, but you shouldn't tarnish Romania's reputation. It's bad enough that we have to use only European online banking sites for legitimate money transfers, cause the Americans have us classified as "card-stealing plague". I know we've had to deal with our share of malicious people, but we're pretty much out of the Middle Ages now, you know... It's really annoying when you try to buy/sell stuff through E-bay and you want to sign up for a Paypal account, only to notice that your co

Nobody said computers were going to be polite.

Working...