Romanian authorities arrest cybercrime suspects

Well, eight days, and a joint effort to help prevent phishing and two major arrests related to identity theft, and I feel like we've made a decent attack on the identity theft culture. Score one for the good guys for once.

Dave Cullinane
Well, eight days, and a joint effort to help prevent phishing and two major arrests related to identity theft, and I feel like we've made a decent attack on the identity theft culture. Score one for the good guys for once.

Just a day after reading Dancho Danchev's story on Owen Walker being arrested, and about eight days after Dancho covered a story on eBay, PayPal, and Google teaming up to combat phishing, we have a large group of about 20 people arrested in Romania on charges of running online fraud schemes. From Grant Gross of IDG News Service:

Authorities have arrested more than 20 people in Romania who are suspected of running online fraud schemes, according to media reports.

The Tuesday arrests were confirmed by the U.S. Federal Bureau of Investigation, which has been working with Romanian officials on cybercrime in recent months. The FBI would say only that the agency is aware of the arrests and because "this is an ongoing matter, we will have no further comment at this time."

I'm wondering if the people responsible for bringing this group down have seen Billy Rios and Nitesh Dhanjani's talk on phishing/identity theft that's been at the last couple Black Hats and will be presented again at Vegas this year. It really takes the cake in analysis of the identity theft culture. I'm also curious to see if there are any tricky techniques that might be employed to catch criminals sleeping, such as the GMail name stealing trick... will be interesting to see if Rios and Nitesh's research covers this at Black Hat Vegas. The story continues:

Romanian news reports suggested the number of people arrested there was between 21 and 24. reported that the suspects were accused of stealing identities online, in apparent phishing or auction-fraud schemes, and that they had taken US$640,000 from non-Romanians. Several U.S. Web sites, including eBay, were targets of the fraud, according to news reports.

The group's alleged leader, Romeo Chita, was arrested in an apartment owned by a Romanian lawmaker, reported.

Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, applauded the arrests in a blog post Wednesday.

The arrests are "another example of the successful international cooperation" between the U.S. and Romanian law enforcement, he wrote.

"How long is the long arm of the law?" Warner wrote. "It's at least long enough to reach from eBay headquarters to Romania."

You know what? Cheers to eBay. I've had limited opportunities to work with them, but their CISO Dave Cullinane, and I had a very interesting discussion at the eBay Red Team event that eBay sponsors. We talked about the large amount of identity theft coming out of Romania that eBay was dealing with. I'm not entirely sure how, but somehow Dave and eBay have worked with authorities from both the US and Romania (as well as other countries) to really get a handle on how to catch these criminals.

Warner posted video of three of the arrests on his blog.

In May, U.S. and Romanian authorities announced that 38 people in the two countries had been charged with using complicated Internet phishing schemes to steal thousands of credit and debit-card numbers. Two related phishing schemes had ties to organized crime, the U.S. Department of Justice said then.

Wonderful. It's great when things work. Let's see if the trend continues.

Phishing involves sending e-mail messages that look like official correspondence from banks or credit-card vendors in an attempt to get recipients to go to a fake Web site and enter their account numbers.

This last piece of his story, just ignore that. Everyone knows what phishing is... phishing is not the major problem here. Identity theft is the major problem. You have to think of identity theft as a unique piece of commerce, with its own market fluctuations, etc. Phishing is just one method of filling supply for the demand to feed the identity theft market. Numerous others exist, such as targeted spear phishing attacks, scam calls, ATM skimmers, etc.

I will probably say this a hundred times on my blog, you MUST go see Nitesh Dhanjani and Billy Rios talk about phishing at this coming Black Hat. If you can't, get their slides. You'll laugh, you'll cry, you'll get angry... identity theft is a market supplied by tough to tackle problems like phishing. Let's hope we see more work like that of eBay's in taming identity theft.