• 
• 
• 

 1 of 3

Gallery

Perks and paintball: life inside a global cybercrime ring

Posted on 25 Mar 2010 at 09:58

Hackers in some Eastern European countries barely attempt to conceal their activities.

Panda Security found photos of a party in March 2008 that it said affiliate ring KlikVIP held in Montenegro to reward scareware installers. One showed a briefcase full of euros that would go to the top performer. "They weren't afraid of the legal implications, " said Panda Security researcher Sean-Paul Correll. "They were fearless."

Dealing with complaints

One of Innovative Marketing's biggest problems was the high proportion of victims who complained to their credit card companies and obtained refunds on their purchases. That hurt the relationships with its merchant banks that processed those transactions, forcing it to switch from banks in Canada to Bahrain. It created subsidiaries designed to hide its identity.

To keep the chargeback rate from climbing even higher, Innovative Marketing invested heavily in call centers

In 2005, Bank of Bahrain & Kuwait severed its ties with an Innovative Marketing subsidiary that had the highest volume of credit-card processing of any entity in Bahrain because of its high chargeback rates, according to D'Souza.

Innovative Marketing then went five months without a credit-card processor before finding a bank in Singapore - DBS Bank - willing to handle its account. The Singapore bank processed tens of millions of dollars in backlogged credit card payments for the company, D'Souza said.

To keep the chargeback rate from climbing even higher, Innovative Marketing invested heavily in call centers. It opened facilities in Ukraine, India and the US. The rogueware was designed to tell the users that their PCs were working properly once the victim had paid for the software, so when people called up to complain it wasn't working, agents would walk them through whatever steps it took to make those messages come up.

Often that required disabling legitimate antivirus software programs, according to McAfee researcher Dirk Kollberg, who spent hours listening to digitised audio recordings of customer service calls that Innovative Marketing kept on its servers at its Ukraine offices. He gathered the data by tapping into a computer server at its branch in Kiev that he said was inadvertently hooked up to Innovative's website. "At the end of the call," he said, "most customers were happy."

Police have had limited success in cracking down on the scareware industry. Like Innovative Marketing, most rogue internet companies tend to be based in countries where laws permit such activities or officials look the other way.

Law enforcement agencies in the US, Western Europe, Japan and Singapore are the most aggressive in prosecuting internet crimes and helping officials in other countries pursue such cases, said Mark Rasch, former head of the computer crimes unit at the US Department of Justice. "In the rest of the world, it's hit or miss," he said. "The cooperation is getting better, but the level of crime continues to increase and continues to outpace the level of cooperation."

The FTC succeeded in persuading a US federal judge to order Innovative Marketing and two individuals associated with it to pay $163 million it had scammed from Americans. Neither individual has surfaced since the Government filed its original suit more than a year ago. But Ethan Arenson, the FTC attorney who handled the case, warned: "Collection efforts are just getting underway."

Author: Jim Finkle of Reuters