The Mortgage Fraud Blog reports Chun-O Kim, 45, Edgewater, N.J., a loan broker, admitted to stealing identities and fraudulently obtaining commercial loans and credit cards for personal profit. Kim pleaded guilty in U.S. District court to one count each of conspiracy to commit bank fraud; possessing 15 or more unauthorized credit cards with intent to defraud; and aggravated identity theft. Kim was arrested on September 16, 2010, in a coordinated law enforcement take down of 53 individuals in connection with widespread, sophisticated identity theft and fraud.
The Register reports a Brooklyn man has pleaded guilty to aggravated identity theft for his role in an operation that defrauded credit card issuers of almost $800,000 in bogus charges. Jonathan Oliveras, 26, also pleaded guilty to wire fraud and admitted to managing schemes to purchase stolen credit card information from people in Russia, and then passing it along at a profit or using it to make illegal purchases himself. Oliveras frequented online bazaars where credit card fraudsters gathered to buy and sell stolen account information, according to a statements of facts filed this week in US District Court in Alexandria, Virginia, that bears his signature. His ring typically received $500 to $2,000 for a sale of stolen da
The Register reports security researchers have found that thermal cameras can be combined with computer algorithms to automate the process of stealing payment card data processed by automatic teller machines. At the recent Usenix Security Symposium in San Francisco, the researchers said the technique has advantages over more common ATM skimming methods that use traditional cameras to capture the PINs people enter during transactions. That’s because customers often obscure a camera’s view with their bodies, either inadvertently or on purpose.
Bank Info Security reports the NSW Police in Australia announced the arrest of five Malaysian and Sri Lankan nationals for the roles they played in an international card-skimming. After a months-long investigation, authorities seized more than 50 stolen POS terminals, dozens of card skimmers and more than 18,000 blank and counterfeit cards. PIN overlays and other electronics, such as laptops and mobile phones, also have been confiscated. The scheme involved skimming at point-of-sale terminals in numerous merchant locations that span United Kingdom, mainland Europe and North America.
The Roanoke Times reports a Roanoke businessman racked up $70,000 in debt during a month long credit card “bust out,” making fresh charges on overdrawn accounts after small payments temporarily unfroze them. Ahmad Abedallah Al-Mikdadi, 42, pleaded guilty to charges of bank fraud, wire fraud and making a false statement to a financial institution. Each charge carries a maximum of 30 years in prison and a $1 million fine. Al-Mikdadi owed credit debt of about $62,000 when he began a “bust out” in early March 2009. Al-Mikdadi submitted credit card payments from accounts that either were already overdrawn or simply didn’t exist. Banks have a delay between logging the payment and discovering there was no money to back it up. Al-Mikdadi used the loophole to take out about $17,000 in cash advances and to buy about $10,000 worth of airline tickets for others. By month’s end, Al-Mikdadi’s credit card debt had swelled to about $132,000.
The Herald Sun in Australia reports three refugees who used credit card details skimmed in the UK to steal thousands from Australian banks have been sentenced. All three were handed jail terms, but a Victorian judge has suspended the prison terms for two of the Sri Lankan men, who survived torture, beatings and other atrocities before fleeing to Australia. The global fraud scheme involved card numbers stolen in Britain being emailed to Australia and encoded onto blank Coles Myer and Crown cards, which were then used to withdraw cash at ATMs. During the trial, the court heard more than 1500 credit and debit card details were stolen in the scheme to fleece major banks. The group withdrew $40,000, made up 317 fake cards and tried to steal another $70,000 across Victoria, New South Wales, Queensland and the ACT in 2008.
Bank Info Security reports from Florida to Texas, more reports of pay-at-the-pump card-skimming scams are pouring in to law enforcement agencies. Recently, the National Association of Convenience Stores, better known as NACS, issued a statement about skimming trends in Tampa, Fla., saying the theft of debit and credit card numbers at pay-at-the-pump gas terminals has become nearly epidemic. And a detective with the Euless, Texas, Police Department said a months-long investigation into skimming at gas pumps throughout northern Texas has finally come to a close, after local authorities arrested and charged a 51-year-old fraudster for his role in masterminding the scheme.
Fairfax News reports a Brooklyn, N.Y., man pleaded guilty today in U.S. District Court in Alexandria to his role in managing a credit card fraud operation that operated throughout the East Coast of the United States. Jonathan Oliveras, 26, pleaded guilty before U.S. District Judge Gerald Bruce Lee in the Eastern District of Virginia to a two-count criminal indictment charging him with wire fraud and aggravated identity theft. Oliveras admitted to managing a scheme to purchase stolen credit card account information through the Internet from individuals believed to be in Russia.
SC Magazine reports the discovery of new malware that obtains root access to the latest version of Android, is a sign that cybercriminals are keeping pace with the evolution of mobile devices, as noted by a university researcher. Xuxian Jiang, assistant professor at North Carolina State University in Raleigh, and his team last week discovered the first malware that uses a root exploit against Android version 2.3. Dubbed GingerMaster after Gingerbread, the codename for 2.3, the trojan is “repackaged” into legitimate applications that attempt to lure downloads in third-party stores, not the official Android Marketplace. Jiang notes by having the ability to elevate to root, or administrator, level, the malware can access all kinds of things it wants on the mobile phone.
Threat Post reports researchers at anti-malware company F-Secure say they have found the actual infected Excel file that was used in the attack on RSA earlier this year, eventually forcing the company to replace millions of its SecurID tokens. The Outlook email message containing the malicious file apparently was uploaded to Virustotal in March and the researchers dug it out this week. If the message and attachment that F-Secure researcher Timo Hirvonen found is indeed the same one used in the RSA attack–and the file name and description do fit what RSA has said publicly–then neither the attack nor the message’s social engineering tactics appear to very sophisticated. The subject line of the email is “2011 Recruitment Plan” and the Excel attachment had the same name. The email appeared to come from the address “webmaster [at] beyond dot com,” a job recruitment site.
