A federal grand jury in New Jersey today indicted three people in connection with the hacking into the IT systems of thousands of companies worldwide to gain free access to telephone services, according to U.S. Attorney’s Office in Newark, N.J.
Meanwhile, five people were arrested in Italy for alleged involvement in the same scam.
A multinational team of investigators worked jointly to round up the alleged hackers and their financial backers in the scheme to hack into the systems of many companies — 2,500 in the U.S. alone — to steal access codes that the victim companies used to route phone calls through telecom systems, the office said. One technology security analyst has previously reported that “rogue” states and criminal organizations have stepped up their capabilities to launch crippling online attacks, against the US and other governments.
The value of all the stolen services was unclear, though the U.S. Attorney’s office said the thieves routed more than $55 million worth of telephone calls over telecommunications networks in the U.S.
“This was an extensive and well-organized criminal network that worked across continents,” said New Jersey’s Acting U.S. Attorney. Ralph J. Marra Jr., in a statement.
“The hackers we’ve charged enabled their conspirators in Italy and elsewhere to steal large amounts of telecommunications’ capacity, which could then be used to further or finance just about any sort of nefarious activity here or overseas.”
Italian officials said in a press conference today that the proceeds from the group’s scam funded Islamic fundamentalist groups in Southeast Asia.
The five people people arrested in early morning raids in Italy today are all citizens of Pakistan.
The U.S. indictment names one citizen of Jordan, and two Philippine nationals, who had already been arrested in the Philippines in March 2007 in connection with the same theft.
The U.S. indictments charge the three people — Mahmoud Nusier, 40, Paul Michael Kwan, 27, and Nancy Gomez, 24 — with conspiracy to commit wire fraud, unauthorized access to computer systems and possession of unauthorized access devices, including pass codes to U.S. telephone systems. Each faces up to 20 years in prison.
The case is being prosecuted by Assistant U.S. Attorney Erez Liebermann.
Uniting to fight scams and spam
Meanwhile, as cybercrime continues to proliferate, one industry security group is hoping its work will help stem the tide of spam and scams. Cybercriminals are increasingly exploiting human vulnerabilities for financial gain.
The Messaging Anti-Abuse Working Group (MAAWG) held a three-day meeting in Amsterdam last week, discussing spam, network security, the DNS (Domain Name System) and other topics.
Industry professionals traded ideas on stopping abusive online behaviour.
Much of MAAWG’s work is done behind closed doors.
The organization – founded in 2003, and backed by heavyweights such as AT&T, Yahoo, Comcast and Verizon, has rarely granted access to its sessions to journalists.
The reason is it fears the security strategies discussed will become known and then circumvented by cybercriminals.
Many participants at MAAWG meetings don’t want to be identified in the press, in part because organized criminals gangs are now firmly entrenched in e-crime. Those who seek to disrupt those operations could be targeted for harassment.
The latest meeting was MAAWG’s largest European meeting, with 270 participants from 19 countries, including representatives from the U.S. Federal Trade Commission, the FBI and Europol, a European law enforcement organization.
One of the primary focuses of MAAWG is spam.
In 2004, Microsoft founder Bill Gates made his now infamous prediction that spam wouldn’t be a problem a couple of years later — but spam remains a thorn in the side of ISPs and consumers and has become ever more tricky to suppress.
ISPs are also battling against botnets, or networks of computers infected with malicious software, a crucial component of spam-sending operations.
The PCs that comprise botnets can be also be used to attack other computers by bombarding them with electronic requests, known as denial-of-service attacks. Compromised PCs are highly valuable to hackers, said Jerry Upton, MAAWG’s executive director.
Data can be stolen off the computers, which can be sold to other criminals who specialize in converting credit card numbers to cash, Upton said.
E-mail addresses on a PC can be sold to spammers. The PC can then be linked into a botnet and its bandwidth used for spam campaigns, Upton said.
“It is phenomenal,” Upton said. “They milk every dime. There’s a huge amount of money to be made.”
It’s also a huge nuisance for ISPs, many of which aren’t quite sure how best to deal with infected PCs on their network, said Michael O’Reirdan, chairman of MAAWG’s board of directors. ISPs will often receive complains about abusive activity, and dealing with those complaints can be a time-consuming and expensive exercise.
One of the problems is that much of the responsibility for maintaining good computer security is falling on the shoulders of consumers, who are often unaware of the issues.
“The PC is a complicated device … yet we are expecting end users to be responsible for them,” O’Reirdan said.
Many ISPs are just in the early stages of designing automated systems that can identify infected computers, quarantine them and work with their subscribers to get the PC patched and cleansed of malware. Officials from two ISPs — True Internet in Thailand and NetCologne in Germany — gave presentations during MAAWG’s meeting on how they have aggressive steps to work with their subscribers to get their PCs cleaned up.
Another big task at last week’s MAAWG meeting was to fine-tune a set of best practices for ISPs to help them mitigate botnets. The paper should be released within the next few weeks and will comprise strategies other ISPs have found successful, O’Reirdan said.
MAAWG’s papers have been influential within the ISP industry, Upton said. For example, MAAWG published a paper last year recommending that ISPs not allow their subscribers to directly send e-mail on Port 25.
The problem was that spammers were using hacked computers to send spam directly from the compromised PC to the destination mail server, bypassing an ISPs mail-routing system.
But network technicians were having trouble convincing upper management that they needed to shut off Port 25, Upton said. The paper, which represented an industry consensus, proved a powerful document to help persuade ISPs to make the changes.
“It’s still hard to get approval from the business guys,” Upton said.