U.S. DHS goes after Vietnamese hackers, identity thieves

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.itworld.com/security/132288/us-dhs-goes-after-vietnamese-hackers-identity-thieves

January 3, 2011, 10:00 PM —  IDG News Service —
The U.S. Department of Homeland Security is cracking down on a
international criminal ring, based in Vietnam, that is thought to have
stolen hundreds of millions of dollars from online merchants using
hacking and identity theft.

Last month, agents from the DHS's Immigration and Customs Enforcement
(ICE) investigations unit raided the home of two Vietnamese exchange
students at Minnesota's Winona State University, seizing documents and
computer equipment.

According to an affidavit filed in support of the search warrant in
this case, the students, Tram Vo and Khoi Van, made more than $1.2
million selling software, videogames and Apple gift cards on eBay, and
then shipping buyers products that they'd purchased with stolen credit
card numbers.

The scam that Vo and Van are accused of has become a big problem for
U.S. merchants, according to the affidavit, which was unsealed last
week.

Here's how it works. Using stolen information the criminals set up
eBay and PayPal accounts in other people's names and start selling
products -- $400 Rosetta Stone software or iTunes gift cards, for
example. When legitimate buyers purchase these products using PayPal,
the scammers then order them direct from the manufacturer, using
stolen credit card numbers. By the time the credit card user reports
the fraud, the scammers have already moved their money from PayPal to
another bank account. Then they move it offshore to accounts in Canada
or Vietnam.

The online merchant is the big loser in the deal, but the consumers
whose information was stolen also take a hit, as they have to untangle
themselves from the fraudulent credit card transactions and fake eBay
and PayPal accounts.

One victim, Susan Higginbotham, of Bemidji, Minnesota, got as many as
eight letters a day from banks telling her she'd just signed up as a
customer. She also got bills from eBay for the fraudulent
transactions, according to the Minnesota Star Tribune, which first
reported the investigation on Saturday.

In November, Louisiana authorities working with ICE arrested three
students in connection with a similar scam.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/