Scam of the day – August 6, 2017 – Hero hacker who stopped Wannacry arrested on malware charges

Say it ain’t so!  It was just a few weeks ago that Marcus Hutchins, a cybersecurity researcher for Kryptos Logic was being hailed as a hero for his discovery of the kill-switch used to stop the spread of the dangerous WannaCry ransomware malware attack that infected millions of computers around the world.  Now, however, Hutchins has been arrested by the FBI on federal charges related to the creation and distribution of the Kronos banking malware that when surreptitiously installed on victims’ computers allowed the cybercriminals to steal login information and data that enabled the cybercriminals to hack into their victims’ bank accounts.

Federal authorities allege that Hutchins created the software and then, in keeping with the present business plan used by many cybercriminals sold the malware for thousands of dollars to other criminals on websites on the Dark Web, where criminals buy and sell criminal information and products.


It should not be overlooked that Hutchins has only been charged with these crimes and has a presumption of innocence.  A lesson for all of us is to remember that malware such as both the Wannacry ransomware and the Kronos banking malware are generally downloaded on to the computers, smart phones and other electronic devices of their victims when the victims click on links in infected emails or text messages.  Trust me, you can’t trust anyone.  Never click on any links unless in you have absolutely confirmed that they are legitimate.

Scam of the day – April 22, 2017 – Russian cybercriminal sentenced to 27 years in prison

In a stunning development, Russian citizen Roman Seleznev, the son of a Russian legislator close to Vladimir Putin, was sentenced to 27 years in prison for being the mastermind behind massive credit card hacking attacks in which he stole millions of credit card numbers and sold them on the Dark Web to other cybercriminals.  Prosecutors estimated that the financial loss due to Seleznev’s crimes were a minimum of 170 million dollars and could be as high as a billion dollars.  Seleznev’s crimes were made easier by the predominant use of magnetic strip credit cards at the time he was committing his crimes rather than the harder to steal chip credit cards largely now used.

Russian hackers dominate much of international cybercrime, but are permitted to commit their crimes with impunity in Russia so long as they do not attack Russian targets.  In addition, Russia does not extradite indicted Russian hackers.  Seleznev was arrested when he made the mistake of taking a vacation in the Maldives in 2014 where he was arrested with the help of Maldivian police and turned over to American authorities.


International cooperation is an essential element in combating cybercrimes.  Much of the world is beginning to cooperate in this endeavor, but the absence of Russia in this effort is notable.

As for all of us as consumers, the best things we can do are to be vigilant and follow the precautions we constantly tell you about here at, such as using your chip credit card whenever possible and refraining from using your debit card except at ATMs.

Scam of the day – September 1, 2016 – International banking system continues to be hacked

In February, cybercriminals hacked into Bangladesh’s Central Bank and managed to steal approximately 81 million dollars.  As a result of this attack, SWIFT, which is a cooperative association of member banks that provides an international messaging system for banks has been investigating the security of SWIFT members and earlier this week it told its members that since the attack on the Bangladesh Central Bank there have been a number of other cyberattacks on banks around the world.   According to the letter, an undisclosed number of attacks against banks around the world were successful although SWIFT did not indicate how many banks were successfully hacked and how much money was lost.

It appears in the hacking of the Bangladesh Central Bank, as with so many types of cybercrimes, this one started with social engineering spear phishing which lured bank employees to unwittingly download the malware used by the hackers to infiltrate the bank’s computers and obtain not just the passwords and cryptographic keys used for electronic fund transfers, but also the emails of bank employees so that they could copy and adapt the emails by which they made their transfers appear legitimate. Armed with this information, the cybercriminals sent dozens of account transfer requests using the international SWIFT banking messaging service from the Bangladesh Central Bank to the Federal Reserve Bank of New York where the Bangladesh Central Bank has accounts containing billions of dollars.  The account transfer requests processed by the Federal Reserve Bank of New York electronically sent about 81 million dollars to accounts in the Philippines where the funds were transferred multiple times including transfers to Philippine casinos in an effort to launder the money.

Late last year banks in the Philippines and Vietnam also suffered similar cyber attacks.  Now cybersecurity investigators are saying that the same type of malware used in all three attacks was the same used by state sponsored North Korean hackers against South Korean banks in 2013 and Sony in 2014.

Although SWIFT is pressing member banks to increase their security, SWIFT has no regulatory authority to mandate such actions, however, in its recent letter to SWIFT member banks, SWIFT indicated that if member banks fail to update their security to meet SWIFT standards by November 19th, SWIFT might report them to bank regulators.  In particular the suggested security measures include better password management and authentication procedures as well as installing better procedures to recognize hacking attempts.


All businesses and governmental agencies have got to do a better job at cybersecurity in general.  In particular, greater attention has to be paid to the dangers of social engineering spear phishing which has been at the root of the almost all of the major data breaches at both companies like Target and governmental agencies, such as the Office of Personnel Management.  The international banking system is under attack and although the  security of the SWIFT system itself appear not to have been breached, that is little consolation when individual banks are hacked thereby obtaining the authorizations necessary to utilize the SWIFT system to steal money.  Although SWIFT continues to say that its messaging system is secure, it is apparent that just as the individual banks need to increase their security, so does SWIFT have to recognize the security vulnerabilities that exist in banks around the world and pressure member banks to use dual factor authentication and confirmation protocols in order to protect the security of the international banking system.

Scam of the day – May 17, 2016 – Russian cybercriminal innovator sentenced

Although you probably have not heard of Nikita Kuzman or the Gozi malware he created, Kuzman has dramatically changed the world in which we live.  Kuzman, a Russian with degrees earned in computer science at two major Russian universities invented the Gozi malware which was unleashed on an unsuspecting public in 2007.  This malware was among the first to be able to steal bank account related data including usernames and passwords from the infected computers of its victims and then use this information to steal money from the victims’ accounts.  Gozi infected more than a million computers throughout the world and was used to steal tens of millions of dollars from individuals, companies and even government agencies such as NASA.  However, what distinguishes Kuzman from other cybercriminals who have created similar types of malware is that Kuzman then created the business model for implementing the use of the malware by leasing the use of Gozi to less sophisticated cybercriminals, who would pay Kuzman a fee of $500 per week for the use of the Gozi malware which would send the stolen information to computers controlled by Kuzman who would, in turn, provide the data to the criminals spreading the malware so long as they paid their weekly leasing costs.

According to Troels Oerting, the head of Interpol’s European Cybercrime Centre, there are only about a hundred cybercriminal masterminds like Guzman in the world today.  The proliferation of small and large scale computer crimes perpetrated against individuals, companies and government agencies is primarily accomplished by less accomplished cybercriminals who have purchased or leased the malware from innovators such as Kuzman who initiated this business model.  And like any business, the criminals who do create this malware also routinely provide tech support and updates for a price.

Kuzman was recently sentenced in the U.S. District Court for the Southern District of New York to various computer crimes and was required to pay a financial penalty of $6,934,979.  The prison sentence imposed was a mere 37 months of time served pending his trial.  The reason for this light sentence is that Kuzman because of his continuing cooperation with federal investigators regarding others charged with similar crimes.


An important element of the story about the Gozi malware and other similar types of malware is that regardless of how sophisticated the malware is, it is useless until it is downloaded on to the computers of its intended victims and this is generally done not through complex software or technology, but rather by luring unsuspecting victims into clicking on links and downloading attachments in socially engineered phishing emails.  And just as the malware itself has gotten more sophisticated over the years, so have the psychologically compelling spear phishing emails used to spread the malware.  Malware tainted phishing emails formerly addressed to “Dear Customer” now come addressed to you by name and often contain sufficient personal information to cause victims to trust the emails and click on the tainted links.  The lesson is clear.  Trust me, you can’t trust anyone.  Never click on a link or download an attachment until you have absolutely confirmed that the email or text message sent with a link or attachment is legitimate.

Scam of the day – January 16, 2016 – Turkish hacker sentenced to 334 years in prison

While American judges struggle with finding proper sentences for cybercriminals, Turkish judges don’t appear to be having the doubts that American judges in some instances do.  In the United States, the federal Computer Fraud and Abuse Act (CFAA) provides for a maximum sentence of ten years for a first offender and 20 years for repeat offenders, however there are a number of factors that judges are required to consider that could reduce the length of the sentence.  Recently Deniss Calovskis, who was involved in a major computer attack had his sentence set at the mere 21 months he had already served prior to his trial.  Meanwhile in Turkey, Onur Kopcak, who had already been serving 199 sentence for computer crimes which he had been convicted of in 2013, was sentenced to an additional 135 years in prison for hacking the credit card information of 11 people and selling the information to other criminals.


One of the reasons for the proliferation of cybercrimes has been that the sentences for major cybercriminals have not been sufficiently harsh to serve as a disincentive to criminals from committing these crimes.  Obviously this is not the case in Turkey.  Other reasons for the dramatic increase in scams and cybercrimes in recent years include the ease with which they can be accomplished from anywhere in the world and the difficulty in apprehending the criminals.  Meanwhile, when it comes to protecting yourself from scams, cybercrimes and identity theft, the best place to look for a helping hand is at the end of your own arm and one of the best ways to do this is by following the basic steps regularly provided here on Scamicide.

Scam of the day – December 18, 2015 – Congress close to passing cybersecurity legislation

For years Congress has been debating much needed cybersecurity legislation without much success.   Now it appears that a cybersecurity bill that includes provisions previously approved by the House of Representatives and the Senate will be included in the omnibus spending bill which is close to passage and needed to maintain the funding of the federal government.  The essence of the cybersecurity proposal is the sharing of information by businesses and the federal government about technical aspects of cyberthreats such as hacking attacks and malware.  Much of the opposition by businesses to this type of legislation over the years has been the concern of businesses that such sharing could make them vulnerable to lawsuits.  In response to this concern, the new proposed legislation provides for protection from certain types of lawsuits, such as lawsuits based upon violations of electronic privacy protections. Meanwhile there continues to be opposition to the proposed law, deemed “The Cybersecurity Act of 2015” by some privacy advocates who believe the proposed law does not do enough to protect personal information when data is shared pursuant to the newly proposed law.  However, supporters of the bill, including President Obama have said that the protections of corporations from liability in data sharing will only apply if the companies remove personal information when sharing cyberthreat information.


I believe that this law is a major step forward in the battle against cybercrime and will help enable companies and the federal government do a better job in fighting the numerous cyberthreats faced by the government and private industry today.  It should also be noted that these threats come not just from cybercriminals and identity thieves, but also from foreign governments and terrorist groups such as ISIS.  It is expected that this law will be passed before the end of the year.  I will keep you updated as to the bill’s progress.

September 28, 2015 – Steve Weisman’s latest USA Today column

Here is a link to Steve Weisman’s USA Today column from today’s online edition of USA Today entitled “Email Scam Hits Corporate Computers.

Scam of the day – July 3, 2015 – Turkish man arraigned in worldwide financial hacking scheme

Ercan Findikoglu who had been arrested in Germany in December of 2013 finally was extradited to the United States where last week he was arraigned on charges related to three major cyberattacks on the global financial system.  Findikoglu, a Turkish citizen is alleged to be the kingpin of an international gang that hacked into three credit and debit card processors and then manipulated the account data on prepaid debit cards to be dramatically increase the balances.  Findikoglu then is alleged to have distributed the stolen debit card information to cohorts around the world who would create cards and then use the phony cards to withdraw money from ATMs around the world.  One plot targeted cards issued by JP Morgan Chase, another by the National Bank of Ras Al-Khaimah in the United Arab Emirates  and a third plot targeted cards issued by Bank Muscat in Oman.  The debit cards of Bank Muscat were distributed to gang members in 24 countries who within a two day period did 36,000 ATM withdrawals totaling 40 million dollars.  The total amount stolen through all three bank hacks was 55 million dollars.


The international cooperation involved in this case is good news in the battle against cybercrime which is a crime that knows no borders.  Often the type of international cooperation required to effectively combat such cybercrime is lacking in the international community.  Hopefully, this case provides an indication of a positive change in the war against cybercrime.   Another positive change that is necessary in the battle against cybercrime is greater cooperation between hacked companies and law enforcement and other governmental agencies.  To date, Congress has not enacted the legislation necessary to make this happen, but it is expected that in the not too distant future we will see such laws mandating greater disclosure and cooperation between government and business.

Scam of the day – February 15, 2015 – President Obama’s Executive Order on cybersecurity

In an effort to help combat cybercrime, President Barack Obama has issued an Executive Order encouraging and promoting information sharing both within the private sector as well as between the private sector and the government.  It has long been known that such information sharing about cyberthreats is an important step in the battle against cybercrime, data breaches and hackers.  The Department of Homeland Security will take the lead in establishing Information Sharing and Analysis Organizations (ISAOs) including setting up voluntary standards for these organizations.


Although this is a very promising first step that will undoubtedly aid in the battle against cybercrime, data breaches and hackers, it is only a first step.  When looking for a helping hand to protect yourself from cybercrime and hackings, the best place to look is still at the end of your own arm.  We all must recognize that each of us is responsible for following best practices to protect ourselves as best we can from cybercrime and hackings.  We cannot rely on either government or private industry to do the job for us.  One of the reasons I write Scamicide each day is to arm you with the knowledge you need to protect yourself as best you can from threat of cybercrime and hackings.

Scam of the day – February 2, 2015 – Vladimir Brinkman ordered to be extradited to the United States

Although the name of Russian Vladimir Drinkman may not be familiar to you, you certainly are familiar with the crimes with which he and three other Russians and a Ukranian are charged.  According to the federal indictment of Drinkman, he is a “sophisticated hacker, who specialized in penetrating and gaining access to the computer networks of multinational corporations, financial institutions and payment processors; harvesting data, including among other things, credit card, debit card, and other customer account information, from within the compromised networks; and exfiltrating that data out of the compromised networks.”  Drinkman and his allege co-conspirators are accused of stealing more than 160 million credit and debit card numbers from various companies, including, most notably from Heartland Payment Systems, Inc. a credit and debit card processor that had more than 130 million card numbers stolen at a cost of 200 million dollars.  Drinkman and his associates would then sell the numbers to other criminals who would put the stolen information on to credit and debit cards which they would then use by purchasing goods or withdrawing money from the accounts of their debit card identity theft victims.  Drinkman was arrested in the Netherlands in 2012 and has been fighting extradition since that time.  Now a Dutch judge has approved his extradition to New Jersey to face federal charges.


This is a noteworthy example of international cooperation in the apprehension and legal processing of international hackers and cybercriminals.  Should Drinkman actually go on trial in the United States, much information about how cybercrime operates would be made public.  As for what it means to all of us as individuals, it is just another reminder that we are only as safe as the places with which we do business and store our personal information with the weakest security.  Therefore it is incumbent upon all of us to constantly monitor all of our financial accounts for early evidence of hacking or identity theft.