Cybersquatting on photographs: one form of identity theft on the Internet

One hears a lot about identity theft these days and the need to protect personal online information, but what one doesn't hear about that much is the use of photographs of real people to represent other people who are using the Internet to promote or sell either themselves or saleable items (sometimes through use of a fictitious online persona).

This type of photo squatting is not as simple and straightforward as commandeering the image of a famous person from the past or a current politician/celebrity as an avatar accompanying online comments made using a pen name; this is more a stated claim involving the downloading and re-naming of an existing jpg file and then uploading it again to the Internet to represent a second person/fictitious persona without the knowledge or permission of the first person in the original photograph.

These 'fake' photographs often turn up on auction and dating sites. Sometimes the fakes appear to involve activity bordering on the unlawful, sometimes they appear to simply be misrepresentation of the second person's actual physical appearance - a type of wishful thinking.

What is obvious is that the people who have had their photographs hijacked in this way rarely have any idea that their faces are out there in cyberspace often inserted in biographies which give them street addresses, phone numbers, emails, jobs, partners and/or families that bear no relationship to their own lives.

Do you know where those happy snaps you may have posted on your website or social networking page have migrated to?

Graphic from Silhouette Clip Art

A case of the biter bit, but few are chortling over AFP intelligence fiasco

I was watching ABC Four Corners last Monday when this little comment came up:
"ANDREW FOWLER: The site was called root-you.org, and for the last two weeks the Australian Federal Police in cooperation with the South Australian Police have run the perfect sting.

TIM DAVIS, FEDERAL AGENT, HIGH TECH CRIME OPS. AFP: We've infiltrated that site and so now we've got control as well.

NEIL GAUGHAN: What we've done with that particular network is we've captured all the identities of all the people that've been using that network. We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration.....

ANDREW FOWLER: In the case of root-you.org, the Federal Police decided the best result was to effectively blow up the site by posting a notice that it was under law enforcement control.

TIM DAVIS, FEDERAL AGENT: Mate are you right to post that message on the forum.

MAN (on phone): Yep.

TIM DAVIS, FEDERAL AGENT: Well if you can do that now that'd be great."

I did idly wonder if there would be a cyber response and thought - "Naw, won't happen".
Then it well and truly did and F-Secure has links to this not so funny episode of counter-hacking, which was the almost inevitable result of all that televised bragging by the boys in blue (this also saw police computer files of actual bank, building society and corporate credit card details exposed to the view of at least one other hacker).

Some of the hacker chatter {A little **** covers words which offend those bluidy filters}:
"After the authorities FINALLY posted their little "ohhh, we have been monitoring this website", we finally said "Enough is enough, we are sick of these f**ks acting like they are hackers, lets see what they really know".
So After writing another FTP report yesterday.. I decided I would move on to getting control of r00t-y0u.org. See what the authorities know about server maintenance.. and how secure they can make stuff.
Lo and behold, their server was windows! I couldn't stop laughing at the sight of this, but I soon moved on. After visiting a 404 page, I instantly noticed that they were using Xampp. Those lazy f***s
can not even just install apache, and php themselves. So instead, they download some application to do it all for them.
Figures.
Now, of course.. they were just SO F***KING SMART, that they left the MYSQL password BLANK! After screwing around with their database, I dumped a vulnerable query into a php file, thus giving me full access to their servers.
After taking a look at the r00t-y0u database, lookie what we find.
User: "h1t3m" (Administrator)
Email: macrobber@gmail.com
These dipsh*ts are using an automatic digital forensics and incident response tool.
They can't do sh*t all themselves, because like I have said before, they have no skill. Anyways, after looking on their win32 machine for a while, I noticed some really awkward stuff. They have credit cards, and bank accounts all on a seperate drive (G:\)."

Four Corners transcript

Pic from Google Images

Boy the Wonder Cat receives the ultimate Nigerian phishing scam?

This rather amusing email turned up in Boy the Wonder Cat's email inbox recently:

Good day,
This programme is awarded for all victims who were previously scammed by the internet fraudsters ,
The Financial Commitee of the UN-HABITAT Programme have deposited your Settlement Check Parcel of $500,000.00 USD with Reference Number UN013-0156/UPS-UN-HABITAT to the United Parcel Service of Nigeria(UPS)
You are to contact the United Parcel Service of Nigeria (UPS) with
your details for more information.
CONTACT:
E-mail:ups_deliveryunits02@live.com
Tel: +234-7060-516-059
Accept Our regards.
Pathangery Latha
UN-HABITAT Senior Information Officer
PLEASE REPLY TO:ups_deliveryunits02@live.com

Unhappy with EBay? Users explains why

Anyone who has ever over time looked at items for sale on eBay would have noticed some hilariously puffed up item descriptions, obviously phoney buyer/seller feedback history entries and sometimes the odd fraudulent offering.

One regular eBay user now details how common shills are on the auction site.

SHILL BIDDING

In eBay's own words, "Shill bidding is bidding that artificially increases an item's price or apparent desirability", and it's just as common on eBay as it is in any motor auction room up and down the country. But just because that dodgy geezer in the sheepskin coat, upping the interest on that Mondeo, is all part of the "charm", it doesn't mean it's OK on eBay. In fact, it's a criminal offence and there have been several prosecutions, here in the UK. Not only that, but eBay's rules prevent you bidding on items being sold by your friends, family and (take note) your work colleagues! The only exceptions are purchases made using the "Buy it Now" option or fixed price listings. So how can you recognise if you're being taken to the cleaners? Well, this is one of the easiest frauds to carry out, so many shill bidders are going to leave some clues for you. Check the number of bid retractions a bidder has - we can all make mistakes, but could we really enter the "wrong amount" over and over again? See if the user IDs are in the same format, or look similar in more obscure ways. Look out for sellers who immediately relist an item - wouldn't you try to communicate with a non-paying bidder first, instead of arbitrarily relisting straight away? Although it's easy to manipulate, have a look at the location given by the IDs concerned, and remember that eBay's "distance from seller" feature can be used to weed out those sellers who deliberately enter the wrong location (see my other guides for details of how this feature can be used to your advantage). Does the pattern of bids look right? Finally, although I'm not allowed to provide a link, there is at least one on-line tool that allows you to enter the eBay IDs of both the seller, and the suspected shill bidder, to view the historical transactions between the two parties, but you'll have to do a search for that one.

He also lists nine other scams.

While another user is so incensed with what he sees as eBay's refusal to adequately police the practice of false bids that he has written a lengthy case study.

Ponzi scheme promoter bites the dust

"Investment manager" (and that term is used very loosely) Bernard Madoff, the former Nasdaq chairman, was charged on Thursday with massive fraud.

Time reports that according to the U.S. Attorney's office in the southern district of New York, Madoff admitted to defrauding clients for up to $50 billion in a massive Ponzi scheme that was committed over a number of years. (See the top 10 scandals of 2008.)

Forbes reports that Madoff, known to his mates as Bernie, informed “senior employees,” possibly his sons, that his investment advisory business was a fraud. (See "Mad Madoff.")

Madoff reportedly said he was “finished,” that he had “absolutely nothing,” that “it's all just one big lie.” He allegedly stated that the business was insolvent, and that it had been for years.

His estimated losses from the fraud clocked in at $50.0 billion. The U.S. Securities and Exchange Commission said regulatory files showed that the firm had more than $17.0 billion in assets under management at the start of the year and that virtually all of that is missing.

The 70-year-old Madoff is being charged with one count of securities fraud, which carries a maximum penalty of 20 years in prison and a maximum fine of $5.0 million. Madoff was released on his own recognizance after posting a $10.0 million bond secured by his Manhattan apartment.

The Securities and Exchange Commission asked the federal court in New York to freeze Madoff’s assets. The commission also appointed a receiver who will try to gather all the assets and will try to determine whether anyone else was complicit in the fraud. “The process takes years,” said Powers. “Although these frauds may appear simple, forensic accountants must go through the various transactions that occurred to understand the full extent.”

Powers said Ponzi-like schemes typical start when the scamster made a bad investment decision or dipped into clients' funds, and instead of admitting to the mistake or paying back the losses, uses new money from investors to meet redemptions.

Some are considering Madoff’s scheme the biggest fraud case in Wall Street’s history. Madoff’s clients, which reportedly include Lombardier, the Loeb Family, Banco Santander, and a slew of charities, will likely seek civil lawsuits or other legal action to try to recover the money they’ve invested.