CS Unit-5

Download as pdf or txt
Download as pdf or txt
You are on page 1of 55

UNIT-V

Cyber Security
Fundamentals of Cyber
Security
UNIT-V
•Cyber Crime Examples: Introduction, Real-life Examples: Official
website of Maharashtra Government hacked, E-Mail spoofing
instances, Indian banks lose millions of rupees, Parliament attack, Pune
city police bust Nigerian racket.
•Mini-Cases: The Indian case of online gambling, an Indian case of
intellectual property crime, illustrations of financial frauds in cyber
domain.
UNIT-V Cyber Crime Examples
🠶 Introduction
🠶 For the reasons of confidentiality and privacy, real names (individuals and/or organizations)
are masked in some of the illustrations.
🠶 Though the names are masked, the situations are real.
🠶 If the hypothetical names match with actual names of any living or dead person, it is purely
a coincidence.
🠶 A number of cases/illustrations are based on the information released in the public domain; those URLs
are mentioned.
🠶 Neither authors nor the publisher is responsible for false/inaccurate information posted on those public
weblinks.
🠶 Cybercrime knows no geographical boundaries
UNIT-V Cyber Crime Examples
🠶 Introduction
🠶 Figure 11.1 illustrates this point effectively. Criminals, the means for the crimes and the
impacted victims can be anywhere on the globe!
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Official website of Maharashtra Government
hacked website was
🠶 Website hacking incidence reported in September 2007. The impacted
http://www.maharashtragovernment.in.
🠶 A few days after the Chief Minister of the state inaugurated the new, citizen-friendly service- based web
portal of the Brihanmumbai Municipal Corporation, the Maharashtra government’s official website was
hacked which lead to the shutting down of www.maharashtra.gov.
🠶 The state officials, however, said that there was no data lost and that there was no serious damage to the
website.
🠶 State Officials further stated that the website gets updated daily with information on various
government regulations and decisions, and supports links to all government departments.
🠶 However, IT experts had to restore the official website of the government of Maharashtra, having
succumbed to the attack by the hacker.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Official website of Maharashtra Government hacked
🠶 As per reports, the site was attacked early in the morning by a person or a group proclaimed
as “cool- hacker.” The hacker left an imprint of a hand on the hacked website.
🠶 The state’s information and technology department came to know about the incident next day morning.
They immediately blocked all access to the website.
🠶 The IT department has lodged an FIR (First Information Report) with the police in an
attempt to trace the culprit.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Official website of Maharashtra Government hacked
🠶 Joint commissioner of police, in his official remark, stated that the state’s IT officials lodged a formal
complaint with the cybercrime branch police following this incidence.
🠶 He expressed confidence that the hackers would be tracked down. The Commissioner also
mentioned that the hacker had posted some Arabic content on the site.
🠶 According to sources, hackers were suspected to be from Washington.
🠶 IT experts gave to understand that the hackers had identified themselves as “Hackers Cool Al-Jazeera” and
claimed they were based in Saudi Arabia.
🠶 Officials further added that this might be a red herring to throw investigators off their trail.
🠶 For those who are not familiar with the term “red herring,” it refers to the tactic of diverting attention away
from an item of significance.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: E-Mail spoofing instances
🠶 Example-1
🠶 An American teenager made millions of dollars by spreading false information about certain companies
whose shares he had short sold.
🠶 This misleading information was spread by sending spoofed E-Mails purportedly from news agencies like
Reuters, to share brokers and investors who were informed that the companies were doing very badly.
🠶 Even after the truth emerged, the values of the shares could not be restored to the earlier levels.
🠶 This resulted in thousands of investors losing a lot of money.
🠶 This can be considered as a cybercrime against an organization because the impacted organization was the
one about whom false information was spread.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: E-Mail spoofing instances
🠶 Example-2
🠶 Another example of E-Mail Spoofing incident in India.
🠶 A branch of the Global Trust Bank experienced a customer run-down on the bank owing to a certain
rumour spread about the bank not doing well financially.
🠶 Under panic, many customers decided to withdraw all their money and close their accounts.
🠶 It was revealed later that someone had sent out spoofed E-Mails to many of the bank’s customers
announcing that the bank was in a very bad shape financially and could close operations any time.
🠶 In the next few days, unfortunately, this information turned out to be true.
🠶 So, can we say that this instance of E-Mail Spoofing saved many customers?
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: E-Mail spoofing instances
🠶 Example-3
🠶 Another shocking example of the E-Mail Spoofing involves a former executive from a well- known company
in the state of Gujarat.
🠶 The executive faked himself to be a lady by adopting a false name.
🠶 He then created a fake E-Mail ID.
🠶 Using that ID, the executive contacted a businessman based in the Middle East.
🠶 The executive posing as a woman then went into a long cybercourting relationship with the Middle East
businessman.
🠶 During this “cyberdating,” the executive used to send many “emotional blackmailing”
messages to the businessman.
🠶 One such message threatened the businessman thatif he ended this relationship,“she”
(i.e., the executive posing as a woman) would end her life!
🠶 What is worse, the executive gave another woman’s E-Mail ID to the businessman. This too
was a non-existent address.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: E-Mail spoofing instances
🠶 When the Middle East businessman sent a mail at that ID, he was shocked to learn that the executive (who
presented himself as a woman) had died and that now the police was searching him as the suspect in that
death case!
🠶 Using this trap and trick the executive exhorted from the businessman several hundred thousands of
Indian Rupees threatening that the businessman would get exposed if he did not part with that money.
🠶 The executive also sent E-Mails to him from different E-Mail IDs making the poor businessman believe
that they were mails from high court and police officials.
🠶 All this was done to extract more money from the gullible businessman.
🠶 Finally, businessman flew to India to lodge a case with the Police.
🠶 Internet users indeed enjoy “anonymity” and can get away with many thin
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Indian banks lose millions of rupees
🠶 This is a real-life example showing the techniques used by cybercriminals.
🠶 Banks across the country lost Rs. 6.57 crore (Rs.6,57,00,000) to Internet frauds in 233
incidents of cybercrime, with Tamil Nadu topping the list in last fiscal year.
🠶 Rs.2.09 crore (Rs.2,09,00,000) has been lost by various banks in the Indian state of Tamil
Nadu in seven cases reported between April and December 2008.
🠶 The lending institutions in Maharashtra had reported the highest number of incidents, 23 in all.
🠶 They lost Rs.55.54 lakhs (Rs.55,54,000) to online fraudulent practices.
🠶 This was revealed by the erstwhile Ministerof State for Home told the Lok Sabha in
February 2009.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Indian banks lose millions
of rupees
🠶 The banks in other Indian states – Andhra Pradesh, Rajasthan and Bengal –
Rs.89.93
West lakhs (Rs.89,93,000), Rs.64.29 lakhs (Rs.64,29,000) and Rs.35.72 lost lakhs
(Rs.35,72,000), respectively, while Kerala and Delhi lost Rs.17.60 (Rs.17,60,000) and
Rs.10.90 lakhs (Rs.10,90,000), respectively, owing to cyberfrauds.
🠶 A total of 11 cases of Internet frauds were reported from Andhra Pradesh, 8 from Delhi, 7
from Tamil Nadu, 6 from Karnataka and 5 from West Bengal during the said period.
🠶 Surprisingly, banks in Bihar, Goa and Jharkhand did not losea single penny to such
activities and no case was reported from any of these states.
UNIT-V Cyber Crime Examples
🠶 e Examples: Parliament
Real-lif
🠶 Bureau of Police Research and Development (BPRD) at Hyderabad handled some of the top
attack
cybercases.
🠶 One such case involved analyzing and retrieving information from the laptop recovered from terrorists,
who attacked the Parliament.
🠶 The laptop was seized from the two terrorists, who were gunned down when Parliament was under siege
on 13 December 2001.
🠶 Police sent the seized laptop to Computer Forensics Division of BPRD after
computer experts at Delhi failed to trace much out of its contents.
🠶 Inside the laptop there were a number of evidences that established the motives of the two terrorists,
namely
🠶 (a) the sticker of the Ministry of Home that they had made on the laptop and pasted on
their ambassador car to gain entry into Parliament House and
🠶 (b) the fake ID card that one of the two terrorists was carrying with a Government of India emblem
and seal.
🠶 It was also found that the emblems (of the three lions) were care- fully scanned and the seal was also
deviously made along with residential address of Jammu and Kashmir.
🠶 But careful forensics detection proved thatit was all forged and was created using the
laptop.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 This story had appeared in Pune Mirror dated 25 October 2010.
🠶 Name of the victim has been masked to respect the privacy of the person.
🠶 However, all the events mentioned here are real and are presented exactly as they
happened, as mentioned in the chain of events mentioned here is as at the time of writing
this.
🠶 The police succeeded in nabbing two suspects in this fraud case.
🠶 This fraud happened when the police started probing into a complaint receivedfrom a
young software engineer working in Pune city.
🠶 Arjun Changaokar, a resident in Warje area, was duped into parting with Rs.10.27 lakhs (Rs.10,27,000) by
making him believe that he was going to be offered a high profile job in a London hotel called New Climax.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 In an E-Mail chat with an alleged UK-based Councillor, Arjun, the techie from Rajiv Gandhi
Infotech Park at Hinjewadi, was convinced to pack up and leave India for UK!
🠶 The fraud got exposed when Arjun found that there was no flight to UK from Indira Gandhi International
Airport at the time he was told by the conmen!
🠶 The efforts expended by Warje police were successful and two perpetrators, including
a bank account holder, were arrested.
🠶 However, the real mastermind Chong-Ching, who is a foreign national, was still
absconding.
🠶 A special squad of cyber experts has been investigating the Nigerian fraud racket run from Meera Road.
🠶 The three accused in the FIR (First Information Report) filed by the victim include Shailendra Ramesh
Soni, aged 24, a resident of Shivajinagar in Govandi in Mumbai, Naresh Shubrakaran Sharma, aged 27, a
resident of Queens Park in Mira-Bhayandar in Thane and Chong-Ching, the foreign national whose
complete name and address could not be traced (as at the time of writing this).
🠶 The fraud took place during the period 26 July–24 September 2010.
🠶 The accused have been charged under various sections of the IPC (Indian Penal Code and
the Indian IT Act for cheating and conspiracy using Information Technology.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 As per complaint filed by the victim Arjun Changaokar, the fraud started with the mail he
received on 26 July 2010. In that mail he was offered a job in UK-based hotel “New Climax.”
🠶 A person calling himself Chong-Ching claimed to be authority at the hotel and offered to victim the post
of Sales Supervisor with a handsome UK salary.
🠶 The victim responded to the E-Mail and accepted the offer. There onward, the correspondence
continued. In another E-Mail, a person called John Smith Levis introduced himself as UK councillor.
🠶 John claimed to have been given the responsibility by the hotel to provide Visa.
🠶 To get the Visa and to pay for journey expenses and accommodation in the UK, John asked
the victim for various amounts of money in a number of E-Mails.
🠶 John gave to the victim several account numbers in different branches of Axis Bank and ICICI Bank.
🠶 Victim Arjun deposited those amounts ranging from Rs.2 to 5 lakhs (Rs.2,00,000 to
5,00,000) on different occasions.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 Over a 2-month period, Arjun (thevictim) deposited a total amount of Rs.10.27
lakhs
(Rs.10,27,000)!
🠶 In the words of the victim
🠶 “At first, I received an email offering me a high paying job in UK hotel to get a visa and to pay for
journey expenses and accommodation in UK, I was asked for various amounts of money in multiple
emails. He gave me several account numbers in different branches of Axis Bank and ICICI Bank. I
deposited amounts ranging from Rs. 25 lakh on different occasions. Over a two-month period, I
deposited a total amount of Rs. 10,27,700.”
🠶 The victim arranged the money from various sources.
🠶 He shared with his parents and friends the news of his overseas job.
🠶 According to the E-Mail, the victim received on 10 October 2010, he was supposed to catch a flight from
Indira Gandhi International Airport and a person was going to meet Arjun at the airport with a Visa and
an air ticket.
🠶
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 During the correspondence, receipts with fake stamps (as it turned out later) and signatures
of the British High Commissioner were sent to victim.
🠶 When victim (Arjun) reached the airport, he found that there was no such person waiting for him. That is
when the victim realized that he had been cheated.
🠶 Arjun returned to Pune and tried to contact the concerned person but the concerned person
never replied to his mails.
🠶 Arjun then decided to approach the police.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 Inspector (Crime Branch) Solankar said“After receiving the complaint, we started
investigating the accounts in which Arjun had deposited the requested amounts of money.
🠶 We identified an account in the name Shailendra Soni in the Shivajinagar branch of Axis Bank. We sent a
team to Govandi and laid a trap for him.”
🠶 After the inquiry, the Police discovered that Soni was asked by someone called “Sharma” for
permission to use his account.
🠶 Police nabbed Sharma in Mira-Bhayandar.
🠶 The investigation revealed thatsomeone hailing from Nigeria asked them to commit
the crime. He offered 7% of the total amount to Sharma.
🠶 Sharma, in turn, got Soni’s help by offering him a 5% commission.
🠶 Sharma had met the suspected foreign national several times and they had been running this racket for
many years.
🠶 Sharma has various cheating crimes registered to his name.
🠶 The Police took up the investigation aimed at finding out other crimes committed by this gang.
UNIT-V Mini-Cases
🠶 The Indian case of online gambling
🠶 There are millions of websites, hosted on many servers, to offer online gambling
services.
🠶 It is believed that many of these websites are actually fronts for “money laundering.” Fraud cases of
“Hawala” dealings money mis-deals over the Internet have been reported in the past.

🠶 It is not yet fully known if these sites have any relationship with drug trafficking.
🠶 Recent Indian case about cyber lotto is very interesting.
🠶 Kola Mohan was the man who invented the story of winning the Euro Lottery.
🠶 He created a website and an E-Mail address on the Internet with the address
“eurolottery@usa.net.”
🠶 Whenever accessed, the site would declare him as the recipient of the 12.5 million pound.
UNIT-V Mini-Cases
🠶 The Indian case of online gambling
🠶 A Telugu newspaper published this as news after confirmation.
🠶 Meanwhile, Kola Mohan collected large sums of money from the public as well as from some banks for
mobilization of the deposits in foreign currency.
🠶 He could have gone on merrily.
🠶 The fraud, however, got exposedwhen a discounted cheque from Kola Mohan with
the
Andhra Bank for Rs.1.73 million bounced.
🠶 Kola Mohan had pledged with Andhra Bank the copy of a bond certificate purportedly issued by
Midland Bank, Sheffields, London stating that a term deposit of 12.5 million was held in his name.
UNIT-V Mini-Cases
🠶 An Indian case of intellectual property crime
🠶 Bharti Cellular Ltd. made a case in the Delhi High Court with a complaint that some cybersquatters had
registered domain names such as barticellular.com and bhartimobile.com with network solutions under
different fictitious names.
🠶 The court ordered Network Solutions not to transfer the domain names in question to any third party
and the matter was sub-judice. Similar issues were brought to various High Courts earlier.
🠶 Yahoo had sued a man called Akash Arora for use of the domain name “Yahooindia.Com”
deceptively similar to its “Yahoo.com.”
🠶 As this case was governed by the Trade Marks Act 1958, the additional defense taken against Yahoo’s
legal action for the interim order was that the Trade Marks Act was applicable only to goods.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Here provided varions illustrations of banking frauds (including credit card-related crimes),
online gambling, IPR crimes, digital media piracy, hacking,computer frauds, website
attacks, counterfeit hardware, malicious use of the Internet, social networking victims, etc.
🠶 Banking-Related Frauds
🠶 Credit Card-Related Frauds
🠶 Other Illustrations
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber
domain.
Illustration No. Title Topic
1 Stolen Credit Card Information Phishing and credit card frauds (banking frauds)

2 Phishing Incidence Phishing (credit card frauds)

3 Online Credit Card Theft Ring Credit card frauds


4 Understanding Credit Card Fraud Scenarios Credit card frauds

5 ShadowCrew – the Internet Mafia Gang Credit card frauds


6 Dirty Relations – Goods Delivery Fraud Frauds from online purchasing

7 Fake Mails Promising Tax Refunds: Beware Internet banking

8 Phone Scam Targets Your Bank Account DoS (denial-of-service) attack

9 Cookies and Beacons – The Facebook Controversy Cookies and Beacons


10 Privacy Loss through Leakage of Users’ Facebook Profiles Personal privacy loss leading to cybercrimes
11 Debit Card Frauds – Global Wave in Real Life Financial frauds with debit card
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber
domain.
🠶 Banking-Related Frauds
🠶 Illustration 1: Stolen Credit Card
Information
🠶 Illustration 2: Phishing Incidence
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Banking-Related Frauds
🠶 Illustration 1: Stolen Credit Card Information
🠶 cybercriminals operate beyond geographic boundaries.
🠶 Stolen credit card information is savored by cybercriminals.
🠶 “Phishing” and ATM skimming devices), to viruses using which buyers could extract money by threatening
company websites.
🠶 This top cybercrime site in the world offered online tutorials in illicit topics such as account takeovers,
credit card deception and money laundering.
🠶 There were equipments such as false ATM, pin machines as well as everything needed to set
up a credit card factory.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Banking-Related Frauds
🠶 Illustration 2: Phishing Incidence
🠶 According to the news posted on 14 April 2010, it could well be termed India’s first legal adjudication of a
dispute raised by a victim of a cybercrime.
🠶 The judgment for the first case was filed under the IT Act. In this judgment, Tamil Nadu’s IT Secretary
ordered ICICI Bank to pay Rs.12.85 lakhs (Rs.12,85,000) to an Abu Dhabi-based NRI within 60 days – in
compensation for the loss suffered by him as a result of a Phishing fraud.
🠶 Phishing is an Internet fraud through which cybercriminals illegally obtain sensitive information such as
usernames, passwords and credit card details by masquerading as a trustworthy entity.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Banking-Related Frauds
🠶 Illustration 2: Phishing Incidence
🠶 In this case, the reimbursement, that is the compensation, included the loss suffered by the supplicant, the
travel expenses and the financial loss incurred due to “complete lack of involvement of the respondent
bank – as per order from Tamil Nadu’s IT Secretary.
🠶 The order came based on an appeal (i.e., petition) that was filed by Umashankar Sivasubramaniam.
🠶 As per Umashankar’s claim, he received an E-Mail in September 2007 from ICICI, asking him to reply
with his Internet banking username and password or else his account would become non-existent.
🠶 He replied and later he found Rs.6.46 lakhs (Rs.6,46,000) moved from his account to the account of
another company.
🠶 That company did a withdrawal of Rs.4.6 lakhs (Rs.4,60,000) from an ICICI branch in
Mumbai and retained the balance in its account.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Banking-Related Frauds
🠶 Illustration 2: Phishing Incidence
🠶 An application was prepared as arbitration for proceedings under the IT Act.
🠶 The application was presented to the state IT Secretary on 26 June 2008.
🠶 In that application, Umashankar held the bank responsible for the loss that he suffered. ICICI Bank,
however, claimed that the applicant (Umashankar) had failed to protect his confidential information.
🠶 According to ICICI Bank, Umashankar carelessly disclosed his confidential

information such as password. According to the bank, he became the victim of a


Phishing attack because of this carelessness.
🠶 Bank spokesperson said that customers are fully apprised on security aspects of Internet banking through
various means.
🠶 ICICI Bank officials empathetically saidthatbank’s security systems are continuously
audited and neither the security nor bank’s processes have been breached.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Banking-Related Frauds
🠶 Illustration 2: Phishing Incidence
🠶 The bank decided to appeal the order.
🠶 The bank spokesperson said that ICICI Bank endeavors to offer world-class service to its
customers.
🠶 They further said that they have hundreds types of transactions, which can be completed online without
having to walk into a branch.
🠶 Further, they added that the bank strives for convenience and safety of their customers and
uninterrupted availability of services through self-service channels.
🠶 The bank claims that they also continuously upgrade their systems and technology to ensure that
customers get the best experience and a safe environment while transacting online.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Banking-Related Frauds
🠶 Illustration 2: Phishing Incidence
🠶 Vijayashankarm a techno-legal consultant appeared for the petitioner.
🠶 According to him, while the order may lead to tightening of cyberlaws in the country, the
judgment reflects the lack of accountability of using Internet banking.
🠶 He further opined that, although Phishing fraud is very common, banks are not accepting the liabilities.
🠶 In his view, such a ruling will set a good precedent.
🠶 In India, although there are 300-odd cases of Phishing attacks recorded or contended, most
cases do not get pursued under proper legal framework.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Banking-Related Frauds
🠶 Illustration 2: Phishing Incidence
🠶 Some such cases were filed at consumer courts. Figure 11.4 conceptually depicts the fate of
cybercrimes.
🠶
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 3: Online Credit Card Theft Ring
🠶 Illustration 4: Understanding Credit Card Fraud
Scenarios
🠶 Illustration 5: ShadowCrew – The Internet Mafia
Gang
🠶 Illustration 6: Dirty Relations – Goods Delivery
Fraud
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 3: Online Credit Card Theft Ring
🠶 This case took place in June 2009 and involved 36-year-old Max Ray Butler (also known as Max Ray
Vision) resident of San Francisco, California.
🠶 Max pleaded guilty in Federal Court in Pittsburgh to wire fraud charges to two counts before
Senior US District Judge.
🠶 In connection with the guilty plea, the attorney mentioned in the court that Butler, known widely on the
Internet as “Iceman,” among other aliases, conducted computer hacking and identity theft on the Internet
on a massive scale.
🠶 As part of the conspiracy, Butler cracked into financial institutions, credit card processing centers as well
as other secure computers with the illicit purpose of acquiring credit card account information and other
personal identification information.
🠶 Several of these cards were made available to Christopher Aragon – he was a partner in crime and was
based in the Los Angeles area.
🠶 Christopher used these cards with the help of a team of associates to buy up commodities
for sale. Max sold the remaining card numbers out-and-out over the Internet.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 3: Online Credit Card Theft Ring
🠶 Max and Christopher formed a website known as “CardersMarket.”
🠶 They devoted this crafty site for the acquisition, utilization and sale of credit card account
information.
🠶 This illicit process is known as “carding.”
🠶 A main intention of the site was to employ brilliant individuals to assist in carding activity.
🠶 During the best of times (from criminals’ view point), CardersMarket had
approximately 4,500 worldwide members!
🠶 Refer to Figure 11.5 to understand the entities involved in credit card transactions.
🠶 Max was arrested on a criminal complaint on 5 September 2007 in San Francisco.
🠶 A search of the com- puter systems in Max’s apartment revealed more than 1.8
million stolen credit card account numbers.
🠶 When these card account numbers were provided to Visa, MasterCard, American Express
and Discover, it was revealed that the amount of fraudulent charges on the cards in Max’s
possession totaled approximately $86.4 million.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber
domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 3: Online Credit Card Theft
Ring
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 3: Online Credit Card Theft Ring
🠶 These losses had to be borne by the thousands of banks that issued the cards.
🠶 On 20 October 2009, punishment was handed: 30 years in prison, a fine of $1,000,000 or
both – and that is what the law could provide as a maximum sentence.
🠶 As per Federal Sentencing Guidelines, the actual sentence imposed was based on the
gravity of the offense and the previous criminal history, if any, of the accused.
🠶 Many agencies were involved in inquiry of Max’s illegal activities –
🠶 Computer Crime and Intellectual Property Section (CCIPS) of the Department of Justice;
🠶 the Federal Bureau of Investigation;
🠶 the Vancouver Police Department, Vancouver, Canada;
🠶 the Newport Beach Police Department, Newport Beach, California;
🠶 and the Orange County Sheriff’s Department, Orange County, California;
🠶 and the US Attorney’s Office for the Northern District of California.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 4: Understanding Credit Card Fraud
Scenarios
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 4: Understanding Credit Card Fraud
Scenarios
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 4: Understanding Credit Card Fraud
Scenarios
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 4: Understanding Credit Card Fraud Scenarios
🠶 Figure 11.6 presents a schema for categorizing credit card frauds.
🠶 Figure 11.5 shows main entities involved in the normal credit card transactions.
🠶 A “fraud” can be defined as willful deceit or trickery or a deceptive or spurious act.
🠶 In an era of advanced technology, it should be easy to catch criminals and
fraudsters.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 4: Understanding Credit Card Fraud Scenarios
🠶 There are more than 50 different types of cards available in the market – we have considered only the
major ones.
🠶 Visa and MasterCard are made up of member organizations who can be either acquirers or
issuers (or both).
🠶 “Acquirers” are the members of the Visaor MasterCard organizations thathandle
“Merchants.”
🠶 “Issuers” are the members of the Visa or MasterCard organizations that issue the cards to
cardholders.
🠶 “Merchants” are those entities who “accept” card transactions.
🠶 “Service Providers” are the entities that pro- vide services related to the processing, storing or
transportation of card information on behalf of any of the entities mentioned (Issuers, Acquirers,
Merchants).
🠶 With that preamble, a few scenarios relating to credit card frauds are now explained.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 4: Understanding Credit Card Fraud Scenarios
🠶 Credit Card Application Fraud
🠶 Frauds Involving Lost and Stolen Credit Cards
🠶 The Fraud through Merchant Collusion
🠶 Frauds at the ATMs: Thieves fix a device to the cash dispensing slot of the ATM – this action causes
currency notes to get stuck inside the slot.
🠶 Carding Frauds
🠶 Credit Card Skimming: Security code has various terminologies attached with it:
🠶 Card Security Code (CSC),
🠶 Card Verification Data (CVD),
🠶 Card Verification Value (CVV or CV2),
🠶 Card Verification Value Code (CVVC),
🠶 Card Verification Code (CVC),
🠶 Verification Code (V-Code or V Code), or Card Code Verification (CCV).
🠶 The CVV is an algorithm (software program logic) that is very difficult to break.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 4: Understanding Credit Card Fraud
Scenarios
🠶 Credit Card Application Fraud
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 4: Understanding Credit Card Fraud
Scenarios
🠶 Credit Card Skimming
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 4: Understanding Credit Card Fraud
Scenarios
🠶 Credit Card Skimming
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 4: Understanding Credit Card Fraud
Scenarios
🠶 Credit Card Skimming
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 5: ShadowCrew – The Internet Mafia Gang
🠶 “ShadowCrew” was an international crime message board.
🠶 The board offered a haven for “carders” and hackers to trade, buy and sell anything from
stolen personal information to hacked credit card numbers and false identification.
🠶 As we know, a bank card number is the primary account number found on credit cards and bank cards.
🠶 It has a peculiar type of internal structure and it also shares a common numbering scheme.
🠶 Credit card numbers are a special case of ISO/IEC 7812 bank card numbers.
🠶 As mentioned in Illustration 3 (Online Credit Card Theft Ring), “CardersMarket” is devoted to the
acquisition, use and sale of credit card account information, a process known as “carding.”
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 5: ShadowCrew – The Internet Mafia Gang
🠶 The Shadowcrew criminal organization was a global organization of thousands of members
dedicated to promoting andfacilitating the "electronic theft of personal identifying
information,credit card and debit card fraud, and the production and sale of false
identification documents.
🠶 The organization operated and maintained the Internet website www.shadowcrew.com from August 2002
until October 2004, when it was taken down by the U.S. Secret Service (USSS) as the result of a year-long
undercover investigation known as "Operation Firewall.
🠶 Shadowcrew was operated as a members-only communications medium to facilitate the
commission of their criminal activities.
🠶 Shadowcrew members gained access to the website by typing in their chosen online screen name and
password at the login screen for the web site.
🠶 Individuals often were known by, and conducted their criminal business under, more than
one online name
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 5: ShadowCrew – The Internet Mafia Gang
🠶 Once they had logged into the website, Shadowcrew members were able to
anonymously conduct their criminal activity through their chosen nicknames by
posting messages to various forums within the website and sending and receiving
secure private messages to each other via the website.
🠶 The messages posted to various forums, among other things, "provided guidance to
Shadowcrew members on... producing, selling and using stolen credit card and debit
card information and false identification documents.,
🠶 The sole purpose of the Shadowcrew website was "to promote and facilitate the
commission of criminal activity. '
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 5: ShadowCrew – The Internet Mafia Gang
🠶 The Shadowcrew criminal organization oversaw the activities of its membership through a hierarchical
framework that included the following roles:
🠶 a small group of "administrators" whoserved as a governing council of the criminal
organization;
🠶 "moderators" who oversaw and administered one or more subject-matter-specific forums on the website
that was either within an area of their expertise or dealt with their geographic location;
🠶 "reviewers" who examined and/or tested products and services that members of the criminal organizations
desired to advertise and sell;
🠶 "vendors" who advertised and sold products and services to members of the criminal organizations via the
website after the product or service had obtained a position written review from a reviewer; and
🠶 "general members" who used the web sites to gather and provide information about perpetrating criminal
activity and facilitate their purchases of credit card numbers, false

identification documents and other contraband


UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber
domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 5: ShadowCrew – The Internet
Mafia Gang
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Credit Card-Related Frauds
🠶 Illustration 6: Dirty Relations – Goods Delivery Fraud
🠶 Internet seems to be breeding ground for many cybercriminals who take advantage of mail
Spoofing, ID theft and many other techniques to achieve their fraud objectives.
🠶 Online purchasing is possible by sending electronic mails using the Internet and there are ample
opportunities for fraudulent people to play mischief by hiding their real identity through fake E-Mails.
🠶 This illustration shows how this happened in a real-life scenario. Interestingly, it also shows the
humanitarian approach of the legal system in passing the judgment and giving due consideration in a
given context of the crime.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Other Illustrations
🠶 Illustration 7: Fake Mails Promising Tax Refunds – Beware
🠶 Illustration 8: Phone Scam Targets Your Bank Account
🠶 Illustration 9: Cookies and Beacons – The Facebook
Controversy
🠶 Illustration 10: Privacy Loss through Leakage of Users’
Facebook Profiles
🠶 Illustration 11: Debit Card Frauds

You might also like