Ultrascan KPO

Knowledge itself is power

Attacks on US, Korea Web Sites Leave a Winding Trail - PCWorld

"Going after IP addresses is not really helpful," said Max Becker, CTO of Ultrascan Knowledge Process Outsourcing, a subsidiary of fraud investigation firm Ultrascan. "What we are trying to do is go after the people who set up and pay for these kinds of attacks."

Ultrascan has a network of informants who are closed to organized criminal gangs in Asia, many of which are involved in cybercrime - 11 08 2009

Going after IP addresses is not really helpful

Investigators Replicate Nokia 1100 Online Banking Hack

An old candy-bar style Nokia 1100 mobile phone has been used to break into someone's online bank account, affirming why criminals are willing to paying thousands of euros for the device.

May 21, 2009

Using special software written by hackers, certain models of the 1100 can be reprogrammed to use someone else's phone number and receive their SMS (Short Message Service) messages, said Max Becker, CTO of Ultrascan Knowledge Process Outsourcing, a subsidiary of fraud investigation firm Ultrascan.

The Nokia 1100 hack is powerful since it undermines a key technology relied on by banks to secure transactions done over the Internet.

Banks in countries such as Germany and Holland send a one-time password called an mTAN (mobile Transaction Authentication Number) to a person's phone in order to allow, for example, the transfer of money to another account.

Since the Nokia 1100 can be reprogrammed to respond to someone else's number, it means cybercriminals can also obtain the mTAN by SMS. Cybercriminals must already have a person's login and password for a banking site, but that's easy since millions of computers worldwide contain malicious software that can record keystrokes.

Ultrascan obtained Nokia 1100 phones made in Bochum, Germany. Phones made around 2003 in that now-closed factory have the firmware version that can be hacked, Becker said. Nokia has sold more than 200 million of the 1100 and its successors, although it's unknown how many devices have the particular sought-after firmware.

Ultrascan was able to successfully reprogram an 1100 and intercept an mTAN, but just one time. Becker said they are undertaking further tests to see if the attack can be executed repeatedly.

"We've done it once," Becker said. "It looks like we know how to do it."

Ultrascan experts obtained the hacker software to reprogram the phone through its network of informants, said Frank Engelsman, a fraud and security specialist with the company.

That application allows a hacker to decrypt the Nokia 1100's firmware, Becker said. Then, the firmware can be modified and information such as the IMEI (International Mobile Equipment Identity) number can be changed as well as the IMSI (International Mobile Subscriber Identity) number, which allows a phone to register itself with an operator.

The modified firmware is then uploaded to the Nokia 1100. Certain models of the 1100 used erasable ROM, which allows data to be read and written to the chip, Becker said. For the final step, the hacker must also clone a SIM (Subscriber Identity Module) card, which Becker said is technically trivial.

Nokia, which was closed on Thursday due to a holiday, could not be contacted. However, the company has said it does not believe there is a vulnerability in the 1100's software.

Becker said that may be semantically true, however, it's possible that the encryption keys used to encrypt the firmware have somehow slipped into the public domain. "We would really like to speak with Nokia," Becker said.

Ultrascan was also able to confirm that criminals are willing to pay a lot of money for the right Nokia 1100. An Ultrascan informant sold one of the devices recently in Tangiers, Morocco, for€5,000 (US$7,567), Engelsman said. Ultrascan previously confirmed data earlier this year that one Nokia 1100 sold for €25,000.

Ultrascan, which specializes in tracking criminals involved in Internet and electronic fraud, is trying to trace criminals who are using Nokia 1100s in online banking frauds.

"We keep trying to infiltrate these groups," Engelsman said

News items in which Ultrascan or one of its liaisons was quoted. (in various languages)

(Suckers) Victims lost $9.3 billion to 419 scammers in 2009 - ARS Technica

Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.

It's hard to believe that people are still falling for advance-fee fraud …

NIGERIA - RELATED FINANCIAL CRIME AND ITS LINKS WITH BRITAIN - CHATHAM HOUSE

Ultrascan, a Netherlands-based consultancy, is one of a small number of organizations that has tried to estimate the number and value of advance fee fraud scams worldwide. In an analysis of dozens of mostly rich countries, it concluded that the total losses to British companies and individuals in 2005 were $520 million, second only to the US at $720 million. It further estimated that 20 scam rings comprising, on average, dozens of members were active in the UK. The survey does not show the ‘complete advance fee fraud situation’: in most cases, its estimates are ‘low’ or ‘extremely low’

Some people argue that foreign countries, including Britain, should make a much bigger effortto gather intelligence on advance fee frauds, as well as other types of Nigeria-related crime. AsUltrascan, the Dutch consultancy, puts it, ‘everyone has a piece of the picture, but no-one has the full picture’.

The 419 Coalition, an anti-scam body, says countries should have a centralized, single place for submission of reports by those targeted by scams.

One Nigerian law enforcement officer warns that it is potentially catastrophic for Britain and other rich nations to ignore these frauds. They are the crude surface manifestation of criminal networks that flourish precisely because people dismiss them as not worthy of serious attention. ‘That was the mistake we made earlier,’ he says. ‘If there is no shift in this position,this problem will become something huge....

Download the full Africa Programme Report

THE CONTEMPORARY FACE OF ORGANISED CRIME IN AUSTRALIA - The Australian Crime Commision

The Australian Crime Commision  - ORGANISED CRIME IN AUSTRALIA - 2011

 .... Advance fee fraud is defined as any fraud requiring a victim to make payment/s in advance of the promised receipt of a large monetary or other material benefit. The extent of advance fee fraud in Australia has continually increased over the past years. There has been a recent increase in the number of advance fee fraud variations observed in Australia, with inheritance, lottery, romance and employment frauds increasing.

The size, sophistication and organisation of foreign-based entities involved in advance fee fraud have increased. Some groups exploit highly complex psychological triggers to target victims. International syndicates are also showing increasing signs of combining advance fee fraud with other offences such as identity crime, counterfeiting and, in some cases, drug trafficking.

It is difficult to accurately assess the total losses caused by advance fee fraud. Victim reporting is limited because of the embarrassment (and, in some cases, fear) attached to reporting such activity. Advance fee fraud losses by companies
and individuals in Australia are likely to be hundreds of millions of dollars.

Globally, victims of advance fee fraud lost an estimated US$9.3 billion in 2009, which is an increase from an estimated US$6.3 billion in 2008. The top three countries for advance fee fraud losses in 2009 were the US (US$2.1 billion), the UK (US$1.2 billion) and the People’s republic of China (US$936 million)....

Download - THE CONTEMPORARY FACE OF ORGANISED CRIME

Worldwide Slump Makes Nigeria's Online Scammers Work That Much Harder - Washington Post

Ultrascan Advanced Global Investigations in the Netherlands, which has a special department dedicated to 419 crimes, estimates conservatively that $4.3 billion was lost worldwide to 419 scams in 2007. Countries most victimized are the U.S., U.K. and Japan. Ultrascan's data comes from its own investigations, and it advises that the real figure is likely many times higher.

Online Scammers Work That Much Harder

Famous DJ's Credit Card Details for Sale - PCWorld

Armin Van Buuren is one of the world's most well-known trance music DJs. He also apparently has had his credit card details stolen.

Investigators with Ultrascan, a company that investigates credit card fraud and other kinds of online crime, were doing research on forums and systems used to sell credit card numbers

Catalog of Stolen Data

A potential buyer for stolen credit card details sees a greeting: "Hello welcome to ICQ bot. Press '1' for Russian. Press '2' for English." After pressing "2," users get three selections: "1. Buy CVV, 2. Checker 3. Account," according to a screen shot supplied by Ultrascan.

When CVV is selected, the buyer sees how many credit card details are available, sorted by country. From the screen shot, it was possible to see that some 19,046 U.S. card numbers are for sale, 7,843 from the U.K. and more from other countries such as France, Italy and the Netherlands. .....

Famous DJ Saved from Scam