Saturday, July 03, 2010

Stealing $10 Million, 20 cents at a time

On June 28, 2010, the Federal Trade Commission unveiled a law suit againt unknown credit card fraudsters, seizing the assets of 16 companies run by at least fourteen "money mules". The companies named were: API Trade, LLC; ARA Auto Parts Trading LLC; Bend Transfer Services, LLC; B-Texas European, LLC; CBTC, LLC; CMG Global, LLC; Confident Incorporation; HDPL Trade LLC; Hometown Homebuyers, LLC; IAS Group LLC; IHC Trade LLC; MZ Services, LLC; New World Enterprizes, LLC; Parts Imports LLC; SMI Imports, LLC; SVT Services, LLC. Each of these companies was run by a money mule recruited for the job via a spam email message. Each of them was instructed to establish their LLC to receive payments from small transactions, which they would then aggregate and wire to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus and Kyrgyzstan. Before the law suit hit, a Preliminary Injunction had already been issued back in March to freeze the assets of the company in question.

This is the sort of case that raises strongly a point that I continually preach at UAB: Modern cybercrime law enforcement is not possible without strong computer science and data mining skills. At UAB, I work as the "Director of Research in Computer Forensics". My normal pitch about the program is that Computer Scientists solve problems by applying technology and algorithms. Criminal Justice professionals are facing more and more crimes that can only be solved by the application of Computer Science. In our program, we introduce the two to each other. Some of our graduates will be tool users -- law enforcement and corporate investigators who now know the range of technology solutions that might be possible to make them better cybercrime investigators. Other graduates will be tool makers -- computer scientists who now understand the range of problems being faced by modern law enforcement and who are now equipped to design solutions to those problems.

In this case, the criminals, who have been active since at least 2006, are documented to have placed at least 1.3 million credit and debit card charges without the authorization of the card holder. Can you imagine working a case with 1.3 million fraudulent charges without the benefit of data mining technology? The defendants "somehow obtain the consumers' account numbers and proceed to sneak the charges onto the accounts. Defendants purposely make their unauthorized charges less than $10 in the hopes that consumers will not notice them or will choose not to contest the charges." (Quoted from the FTC Memorandum of Support.

Unknown defendants, referred to as "the Doe Defendants", manage the creators of the sixteen fake LLCs, referred to as the "Money Cashing Defendants" from somewhere in Eastern Europe. The Doe Defendants create hundreds of fake companies and corresponding websites which are named in ways that come close to the names of real organizations, making them difficult to search. Often the listed addresses and phone numbers are also similar to a real organization.

The consumers are charged as little as 20 cents in a single fraudulent transaction, and as much as $10. 90% of the charges were never disputed. Those that were received instructions to call non-existent telephone numbers, or answering services from which calls were never returned. More than 1000 consumers have filed complaints with the FTC about these illegal practices.

How much effort would YOU go to to right the wrong of an illegal $3 charge on your credit card?

The Memorandum of Support filed by the FTC describes three roles of various criminal groups in this action:

A. The Money Mules

This group is described as "an expansive network of money mules in the United States to cash out the unauthorized charges." The Doe Defendants sent out emails to recruit their money mules "announcing that an international financial services company is seeking a US finance manager to process transactions and cash checks, money orders, and international wire transfers." The claim is that there is a tax benefit to the company to have many tiny charges aggregated in the United States. In order to realize this tax savings, the Does will send the payments from their US customers to the Money Mules, who receive the payments and send them on to the "international financial services company."

B. The Money Cashing Defendants

The "international financial services company" required that the money mules form corporate entitites and establish bank accounts in the names of these corporate entities. Between the sixteen corporations established, more than three hundred merchant bank accounts were opened. While this sounds like the same group of people as Group A, Group A is the people themselves, while defendant Group B is actually the group of corporations formed by the people in Group A.

These companies then established merchant accounts at numerous "credit card clearing companies" in order to have charges processed by a clearing company and have the cash placed into their bank accounts. The companies used "virtual offices" through a company that sells "non-PO box" addresses to give the company a sense of legitimacy. Rather than establish their own Employer Identification Numbers (tax numbers required to be on file for merchant banking accounts), the companies "borrowed" the EINs of existing organizations with similar sounding names.

In order to pass the "due diligence" checks used when establishing merchant accounts, fake websites were created for each of the companies, claiming they sold various types of office supplies, and providing business and "home" telephone numbers for each of the organizations. All of the numbers forwarded to a cell phone number in Belarus. The "Owners" of these companies were real people, who included their name, social security number, and date of birth on the merchant account applications. The Defendant Does ran credit checks on each of the "borrowed" identities to make sure their credit scores were good before using their identities.

FTC: All Your Base Are Belong To Us



After reviewing the data, the FTC ruled against the defendants in the form of a Preliminary Injunction which freezes assets of all defendants as well as prevents them from sharing or selling the identity data they may have acquired about their victims. Here's the Asset Freeze language.

IT IS FURTHER ORDERED that Defendants, and their officers, agents, servants,
employees, and attorneys, and all other persons in acti ve concert or participation with any of them, who receive actual notice of this Order by personal service or otherwise, whether acting directly or through any trust, corporation, subsidiary, division, or other device, or any of them, except as provided herein, as stipulated by the parties, or as directed by further order of the Court, are hereby restrained and enjoined from:

A. Transferring, liquidating, converting, encumbering, pledging, loaning, selling, concealing, dissipating, disbursing, assigning, spending, withdrawing, granting a lien or security interest or other interest in, or otherwise disposing of any funds, credit instruments, real or personal property, accounts, contracts, shares of stock, lists of consumer names, or other assets,
or any interest therein, wherever located, including outside the territorial United States, that are:

1. Owned, controlled, or held by, in whole or in part, for the benefit of, or subject to access by, or belonging to, any Defendant;
2. In the actual or constructive possession of any Defendant; or
3. In the actual or constructive possession of, or owned, controlled, or held by, or subject to access by, or belonging to, any other corporation, partnership, trust, or any other entity directly or indirectly owned, managed, or controlled by, or under
common control with, any Defendant, including, but not limited to, any assets held by or for any Defendant in any account at any bank or savings and loan institution, or with any credit card processing agent, automated clearing house processor, network transaction processor, bank debit processing agent, customer service agent, commercial mail receiving agency, or mail holding or forwarding company, or any credit union, retirement fund custodian, money market or mutual fund, storage company, trustee, or with any broker-dealer, escrow agent, title company, commodity trading company, precious metal dealer, or other financial institution or depository of any kind, either within or outside the territorial United States;

B.Opening or causing to be opened any safe deposit boxes, commercial mail boxes, or storage facilities titled in the name of any Defendant, or subject to access by any Defendant or under any Defendant's control, without providing the Commission prior notice and an opportunity to inspect the contents in order to determine that they contain no assets covered by
this Section;

C. Cashing any checks or depositing any payments from customers of Defendants;

D. Incurring charges or cash advances on any credit card issued in the name, singly or jointly, of any Defendant;

E. Incurring liens or encumbrances on real property, personal property, or other assets in the name, singly or jointly, of any Defendant or of any corporation, partnership, or other entity directly or indirectly owned, managed, or controlled by any Defendant; or

F. Transferring any funds or other assets subject to this Order for attorney's fees or living expenses, except from accounts or other assets identified by prior written agreement with the Commission; provided that no attorney's fees or living expenses shall be paid from funds or other assets subject to this Order until the financial statements required by Section V are provided to counsel for the Commission.


I love it when the bad guys lose their toys!

Long Boring Lists


OK, I know this is the boring part, but here are all the companies listed in the order, followed by a list of the vendor names that may have showed up on your fake credit card charges if you are a victim. Both lists are drawn from the FTC documents already mentioned:

• API Trade, LLC, a Pennsylvania limited liability company incorporated in 2006, which has at least four bank accounts in its name; API's registered office address is 9926 Haldeman Avenue, #45 B, Philadelphia, Pennsylvania 19115

• ARA Auto Parts Trading LLC, a limited liability company, which has at least two bank accounts in its name; ARA's principal address is 14202 Barcalow Avenue, Philadelphia, Pennsylvania 19116

• Bend Transfer Services, LLC, a Nevada limited liability company incorporated in 2007, which has at least thirty bank accounts in its name; Bend's registered office address is 21285 East Highway 20, #169, Bend, Oregon 97701.

• B-Texas European, LLC, a Texas limited liability company incorporated in 2006, which has at least sixteen bank accounts in its name; B-Texas' registered office address is 701 Brazos Street, Suite 1050, Austin, Texas 78701. B-Texas also conducts business at 8070 County Road, 603, Brownwood, Texas 76801.

• CBTC, LLC, a Delaware limited liability company incorporated in 2007, which has at least four bank accounts in its name; CBTC's registered office address is 151 Evergreen Drive, Dover, Delaware 19901. It also conducts business at 9926 Haldeman Avenue, #45 B, Philadelphia, Pennsylvania 19115.

• CMG Global, LLC, a Pennsylvania limited liability company incorporated in 2006, which has at least eleven bank accounts in its name; CMG's registered office address is 7400 Roosevelt Boulevard, #52602, Philadelphia, Pennsylvania 19115. It also conducts business at 7400 Roosevelt Boulevard, Apartment A303, Philadelphia, Pennsylvania 19152 and P.O. Box 52602, Philadelphia, Pennsylvania 19115.

• Confident Incorporation, a California company incorporated in 2002, which has at least three bank accounts in its name; Confident's registered office address is 17800 Castleton Street, Suite 386, City of Industry, California 91748. Confident also conducts business at 30616 Sand Trap Drive, Agoura Hills, California 91301.

• HDPL Trade LLC, a Pennsylvania limited liability company incorporated in 2008, which has at least nine bank accounts in its name; HDPL's registered office address is 1143 Northern Boulevard, #263, Clarks Summit, Pennsylvania 18411.

• Hometown Homebuyers, LLC, a Texas limited liability company incorporated in 2002, which has at least thirty-seven bank accounts in its name; Hometown's registered office address is 413 East Highway 121, Lewisville, Texas 75057. It also conducts business at 8070 County Road 603, Brownwood, Texas 7680l.

• IAS Group LLC, a California limited liability company incorporated in 2008, which has at least five bank accounts in its name; Highway 121, Lewisville, Texas 75057. It also conducts business at 8070 County Road 603, Brownwood, Texas 7680l.

• IHC Trade LLC, a New York limited liability company incorporated in 2007, which has at least seventy-one bank accounts in its name; IHC's registered office address is 5823 North Burdick Street, East Syracuse, New York 13057.

• MZ Services, LLC, an Arizona limited liability company incorporated in 2004, which has at least fifty-three bank accounts in its name; MZ Services's registered office address is located at 2910 North Casa Tomas Court, Phoenix, Arizona 85016.

• New World Enterprizes, LLC, a New Jersey limited liability company incorporated in 2005, which has at least fourteen bank accounts in its name; New World's registered office address is 115 Magnolia Avenue, Suite 10, Jersey City, New Jersey 07306. New World also conducts business using the following addresses: (1) 441 Tomlinson Road, Apartment G 12, Philadelphia, Pennsylvania 19116, (2) P.O. Box 2645, Newark, New Jersey 07114, (3) 2400 East 3rd Street, Apartment 705, Brooklyn, New York 11223, and (4) 504 Florida Grove Road, Keasby, New Jersey 08832.

• Parts Imports LLC, a Louisiana limited liability company incorporated in 2006, which has at least forty-two bank accounts in its name; Parts Imports' registered office address is 617 Elm Drive, Bogalusa, Louisiana 70427.

• SMI Imports, LLC, a Florida limited liability company incorporated in 2006, which has at least fourteen bank accounts in its name; SMI's registered office address is 2329 North Tamiami Trail, Apartment #10, Sarasota, Florida 34234. SMI also conducts business at 8122 45th Court East, Apartment 7, Sarasota, Florida 34243.

• SVT Services, LLC, a New York limited liability company incorporated in 2008, which has at least eight bank accounts in its name. SVT's registered office address is 800 East 13th Street, Apartment K, Brooklyn, New York 11230.

The fraudulent charges seen by the consumers actually The mark of the scam is to see fraudulent credit card charges from one of the following companies:

ACM
Adele Services
Advanced Global Tech
AEI
Albion Group
Alpha Cell
ALS
ALS LLC
BEI
BIT
BusinessWorks
Center Company
Centrum Group
CFM
CFR
COS
Data Services
Den Enterprises
Dgen
Digest Limited
Don Partners
DwellTech
Edge
ESTA
Eureka
Extra Path
Form Limited
Foto Fast
Gamma
GFDL
GLOBO
Green Stone
Harry Dean
HBS
Home Port
Homebase
ICH Services
IHS
Image Company
Image Services
IPS
ISSO
IVA
Lang Group
Light Flow
Link Group
Link Services
List Services
Mark Silver
MARX
Mera
MFG
Name Services
NETT
New Eight
Office Development
Office Services
OM Extra
ONE
Online Group
Prc Services
Presi
Rasna
RSIPartners
RSS Inc.
Safeworks
Search Company
Search Management
Search Services
SFR
Sigma
Site Group
Site Management
Site Services
Source Limited
Standard Six
SYS INC
System Development
Terra
THQ
TIMO
TLC Inc.
Union Green
United Services
VIVOS
WELLE
Will Services
World Trade
World Wide Services
YES

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.