Schneier on Security

Bob's Your Uncle • June 5, 2006 4:22 PM

Ottenheimer shows his lack of knowledge in the scene. The podcast interviewee is one of the bigger guys in that scene, and while he stumbles around on this podcast, his other podcasts have more clarity and he is more at ease in them.

Banks are clearly at fault for covering up their security problems. According to the FBI and Secret Service, banks are responsible for refusing to allow most LE investigations to take place. The interviewee found this out and wanted to let people know that the reason he and others like him get away with it, is because the banks are covering the losses to the victim, and once they do, the bank then becomes the victim, and does not have to file a report with the police about it. Thus, no victim and no way LE can investigate or open a case on a criminal doing this type of operation.

The banks claim that LE wont do anything, therefore they wont call them. This is often true, most Federal LE agents refuse to open a case against anyone unless the loss threshold is large.

I have seen LE refuse to do anything about a victim losing 200 thousand dollars. They had a chance to save the victim and refused, citing it wasn’t worth their time to look into it as the dollar amount was to small.

So, the banks are right as well. They don’t want to waste their time calling in LE on some casher who uses pins ripped from some other companies database who refuses to be named (Office Max) and refuses to press charges due to the bad publicity. So, why should the banks take the hit for some company who left the door open?

LE says why should they investigate when no one will complain about it?

If you ask me, everyone is responsible except the hapless victim whom everyone seems to forget.

If you want to know what is going on, I suggest you visit sites that are enabling this type of fraud to exist. These sites are easy to find, and even easier to shut down. However, LE says they cant do anything about them, which is another excuse for LE running these sites to get information, so they can go out and bust a few kids later on.

They never get the main players because they claim they cannot touch them. So, they are content to just get the smaller players who fall into those schemes.

Take cardersmarket.com

Here is a site hosted in Ft Lauderdale Florida. Matter of fact, its hosted right out of a guys house. Yet, LE refuses to shutter them. Instead, this site promotes vending of pins and numbers and paypals and ebays and so forth, all the while LE looks on at all the players.

LE claims they cant do anything to a site hosted on US soil. Yet, truth be told, its LE running the site just like they ran Shadowcrew. They build these sites hoping criminals will come to them and start trading. After a few years of victimizing and people from all over getting ripped off, they bust in and close it down and arrest a few token suspects. Then another site is opened up and the story is repeated over and over and over.

That is LE’s way of trying to do something. However, LE is just enabling others to find a spot to trade, which in turn makes the data valuable. If you close the sites that trade the info, the data eventually loses its value because there is no buyers.

LE just wants to run crime sites so they can track it all. In order to run a crime site though, one must BE a crime site, therefore LE is involved in running crime sites unbeknowst to the general public.

Banks just make money off it all. The losses are a fly speck on profits. The more they lose, the more they charge people for those losses. The banks are scamming the public, LE is scamming the public and the victims are having to deal with it after its all said and done, while everyone else looks the other way and points their fingers at the other guy, blaming him for the victims woes.

That is the game.

http://www.thegrifters.net

http://www.shadowcrewthebook.com

Yeah, a hapless plug..

Bob's Your Uncle • June 6, 2006 12:18 AM

“Glad I got someone’s attention. I was afraid someone might think I knew to much or was part of the cool crowd”

Being flippant under the circumstances of how people lose money and their identities shows your lack of understanding of the situation. Nay, its shows your lack of actually caring what a victim goes through.

Most of these stories leave the victim out of it. The victim is the lone person out there trampled on by everyone else. No one see’s the loss through the victims eyes. They only see it on paper. No one truly knows what a victim feels when first discovering what the debit card interviewee has done to them.

Its not the cashers fault that the banks or stores he gets his numbers from are loose in security. They tell the public that they are secure. I mean here you are at some big box store, and the thought is these people wouldn’t store your pin number on their office computer where someone ONLINE can come by and pick right through it with a modicum of skills.

No, you think that you are safe entering that pin data into the POS system. Well truth is, your not. No one is, matter of fact, everyone that does business in this world with cards, numbers, id cards, banks, stores, and all merchants, are all easy targets for these fraudsters.

Matter of fact, if that is your name Ottenheimer, in the space of a few minutes, one from these boards could find you, get your credit report, your ssn number, and everything about you and your life, and that of your neighbors, and their credit profiles and ssn numbers, and drivers license numbers, and easily become you.

Then, all it takes to destroy you and leave you weeping on the sidewalk of poverty is a calculated series of attacks on your good credit. After a few months, boom, your toast. Your mortgage will probably be called in, your credit cards all canceled, your lines of credit put on hold or called in or removed, your car reposessed, your job lost after they find out you visited and downloaed child porn files, and eventually you end up committing suicide over it. Because the road down is easy while the road back up for a victim is very hard.

Putting your real name out on any blog, or any web interface is about as dumb as it can be. And, if anyone wanted to, they could blow you out of the credit water with ease because of it.

I know, you think I jest, but truly I don’t. That was the mentality of people on Shadowcrew.

There are many boards out there now which are being run just like that board was ran. Most of these guys are so good at what they do, you would never know what happened, nor why it happened to you. In the case of card cash outs, this is the least of one’s worry. Its a rather easy crime on the victim. He usually gets his money back quickly, while the average identity theft victim, goes through YEARS of hell trying to correct the wrongs done to him by the average Shadowcrew member.

As for losses and being a contradiction in reasoning. The banks look at it as nothing compared to the profits they make. And they do tell the public they have to increase rates to cover fraud losses. This is not a contradiction this is a fact.

While the banks make billions of dollars, they refuse to stem the flow of losses by maintaining their own security so that their customers can be safe. They say implementing security is not what the customer wants, the customer wants ease of use. Therefore they use last 4 of your social security number to identify you over the phone.

Why if I knew your social or the last 4, and knew your bank, I could call them up, pretend to be you, and wire out all your money to my private offshore account in Latvia, after changing your passwords, your phone number, and your billing address.

It is that easy. Then, its up to you to prove you didn’t take all that money and merch. The bank will say you called. You will say you didn’t. Tough world to prove it.

Also, not just anyone can get numbers and cash out for the Russians. Too many guys get numbers, see the money, and rip it off. So, the Russians are very careful in who they do business with. So, it takes major guys like the interviewee to be able to even get a deal to go cash out. Its not some deal where you can just go in and get premium numbers from a premium hack to go out and cash out.

More than likely, n00bs come in and get numbers that have been cashed out already 4 or 5 times, and are assigned to continue to try and cash out. The hope is that it will cover the pro’s trail by the n00b getting busted for the op.

Sometimes its just to clean the very last dollar out of the card or debit holders account.

As for printing fake id’s for instore, yes, that is done all the time. However there are a huge amount of stores that don’t even check ID’s. Plus, its easy to make track 1 data, which is the name portion, in any name you want. So, if you have some handy cards lying about with other names on them, its easy to just change the track 1 data to say what you want on it with any name you want. There is no authorization on track 1 and track 2 data matching up. Banks think its just a waste of time to authenticate both.

As for Shadowcrew members who raked in HUNDREDS OF MILLIONS OF DOLLARS according to the US Attorney’s office in New Jersey, most are getting off with probation and house arrest, as Kevin O’Dowd, the prosecuter in the case, DROPPED ALL THE CHARGES except for conspiracy, which is the lowest charge there is. Leaving most to plead out and get nothing in time. His idea was to send a message to fraudsters worldwide, and that message was LOUD AND CLEAR!!!!

You can make that money and get away with it. Especially if you have O’Dowd prosecuting you.

He sent the best possible message the government could send to fraudsters.

CRIME DOES PAY!!!! And today, it pays very well.

Just look at the numbers and see what the Shadowcrew case got the fraudsters. Millions, no, HUNDREDS OF MILLIONS of dollars, and only house arrest and probation and dropped charges for a quick plea deal to the low charge of conspiracy.

Great Message..

Just great.