Feeds

back to article 'World's BIGGEST online fraud': Suspect's phone had 'location' switched on

Two Russians arrested over their suspected involvement in the largest online fraud in US history were tracked down by analysing photos they posted to social media sites and tracking the location of one suspect's mobile phone, Reuters reports. Four Russians and a Ukrainian national were named as suspects in a credit card hacking …

COMMENTS

This topic is closed for new posts.
Silver badge
Meh

Cheeky Breeky y van damke!

Smilianets used a variety of online nicknames including "Dima Brave" and "Dima Bold"

GET OUT OF HERE STALKER! GO AWAY!

1
0
Anonymous Coward

Re: Cheeky Breeky y van damke!

One of my favourites is Anton Ravioli

1
0
Silver badge

It's all in the details

Tiny details that slowly add up. Plus other people.

In my perfect heist I'll be working solo, butt naked.

0
0
Anonymous Coward

Re: It's all in the details

As it's impossible to commit the perfect crime, you'll have to accept some compromises to ensure it's worth-while.

I'd suggest a full-bodied assistant, who in the name of avoiding any potential snags or skin scrapings (honest), should be clad in some very tight latex.

She needs to be full bodied in order to.... just because OK?

1
0
Anonymous Coward

Re: It's all in the details

Yes but "some compromises" don't mean being a complete dick and broadcasting your location to the entire world.

1
1
Devil

Re: It's all in the details

"As it's impossible to commit the perfect crime ..."

Try selling overvalued assets in a continuous spiral until the government bails you out. Then walk off with all the money and none of the responsibility.

Seems like the perfect crime to me.

52
0
Silver badge
Thumb Up

Re: It's all in the details

Agree. And they didn't physically "walk off", more's the pity, but stayed in their jobs, or got promoted.

5
0

Re: It's all in the details

Be careful of what you ask for - Rosanne Barr is "full bodied",but I wouldn't want to see her in latex.

1
0
Devil

Re: It's all in the details

The problem is when you cover your face but are still recognised.

0
0
Silver badge

Re: It's all in the details

@Bakunin

That's the one. It definitely is the perfect crime.

Christ, instead of being charged at any point, when you leave, they give you another massive payout.

0
0
Silver badge

Re: It's all in the details

@fishman

OK, I knew I was going to regret it but I had to put her name into Google to find out. Thankfully I didn't make the mistake of including the word latex though.

0
0

Re: It's all in the details

This reminds me of something that I heard a banker say a few years ago "A dollar borrowed is a dollar earned"

0
0
Silver badge
Facepalm

SQL injection

Learning that it is still possible to get hold of the details of 160 million cards using SQL injection is like being told that Fort Knox keeps a key under the doormat.

29
0
Silver badge

Re: SQL injection

I wonder how much it would have cost those 'organisations' to properly sanitise/parameterise (whatever) their websites against the SQL injection attack techniques. Can anybody who really has a clue let us know?

1
0

Re: SQL injection

Very little is the answer. A few developer days at most. Ever for the most exorbitant charging of contractors your talking a few thousand dollars.

1
1
Anonymous Coward

Re: SQL injection

Any big-mouthed web developers brave enough to post a link to a website they've worked on that they believe has no exploitable security issues?

Go on, it's only a few dev days work to make your sites secure, isn't it?

2
0
Gold badge
Meh

Re: SQL injection

Now you've leaked that, Fort Knox is going to have to move the key to under the halfbrick next to the watering can by the side gate.

6
0
Silver badge

Re: SQL injection - a big-mouthed web developer speaks

@AC 12:59: Any big-mouthed hacker brave enough to explain how he SQL injects prepared statements?

The kind of data access code that falls for SQL injection is usually a horrible mess of concatenated strings and escaped quotation marks. Trying to decipher it hurts your eyes and your brain. But converting it to something much more secure* isn't a particularly challenging task.

*I accept that nothing is 100% secure, but I've created plenty of sites that pass professional penetration testing. I don't suppose the sites that these hackers broke could claim that.

1
1
Silver badge
Meh

Re: SQL injection

>I wonder how much it would have cost those 'organisations' to properly sanitise/parameterise (whatever) their websites against the SQL injection attack techniques.

Actual procedure? Relatively little. As stated, a few thousand.

But first you have to get rid of the morons running things.

Now were' talking millions.

1
0
Anonymous Coward

Re: SQL injection - a big-mouthed web developer speaks

"I've created plenty of sites that pass professional penetration testing. I don't suppose the sites that these hackers broke could claim that."

So is that a "no" to "want to post a link to your secure site" then?

0
0

by analysing photos they posted to social media sites

You have been tagged in the photo : Me and Vladmir committing lots of credit card fraud LOL.

2
0

Re: by analysing photos they posted to social media sites

And long may the continue to do this. To be truly successful a criminal and his family must be invisible to society, luckily that's very difficult, as your family are just as likely to give you away accidentally as you are yourself. Just think of all the technological toys we now have that have GSM and GPS chips in them.

0
0
Bronze badge
Facepalm

If they're that dopey you can just imagine the caption under the photos, "Me and Vlad - banks u been pwned!"

0
0
Bronze badge

I strongly object ...

... to calling this scum "world's biggest hacker".

One of the world's biggest hackers has, sadly, just departed and I very much doubt he would enjoy the association.

8
0

Deported to the US?

extradited surely?

I would have thought you can only deported to your point of origin on this trip or your own country

1
0

Russian co-operation?

It's a novel idea...

0
0
Silver badge

NSA hack

"US Secret Service agents received information that Smilianets was travelling to Europe last year along with Drinkman." - I guess someone looked at the PNR ... passenger name record when they bought their airline tickets?

0
0

USD300million and rising, will security catch-up?

The breaking news from the US indicating that over 160million credit and debit card numbers have been stolen, whilst not unpredictable, is still quite staggering. Early estimates suggest around $300 million dollars has been stolen, but this figure looks likely to increase dramatically.

It appears that a group of criminals utilising malware to infiltrate large US companies and over time steal payment related data, which then was passed onto a second group who inserted this data on to magnetic stripes to clone bank cards, and completed the fraudulent transactions by either withdrawing cash from ATMs or making purchases.

Securing data is now at the forefront of many financial institutions minds, and as the methods by which hackers compromise our personal information becomes more sophisticated, so must our approach to security.

Every time that a fraud hits the headlines there is naturally a huge focus on how the crooks got hold of all those personal banking details. But there is often less attention given to how they were then able to use the customer details to extract money from customer’s bank accounts.

Unfortunately fraudsters will always find methods to compromise our personal data. While that in itself is a major concern the solution lies in ensuring the abuse of such data can be detected and prevented. The key lies in real-time detection, prevention and immediate resolution enabled by the empowered customer. Technology is available today to absolutely achieve this, in real-time, totally privacy sensitive, highly secure and yet totally intuitive from a customer standpoint. In fact, in many cases the customer is not even aware that security is being applied as many of the techniques used are completely invisible. The answer is robust customer authentication and transaction verification, relative to the bank’s perceived risk of the transaction. It must have speed (real-time), strong security, efficiency, good customer service and ease of use, while shutting down the scope for fraudsters to benefit from their crime. Similar stories (while on a smaller scale) have been publicised for over a decade, and invariably the issues remain the same, surely it is now time for financial institutions to step up and utilise effective security systems that can protect against such massive theft of payment credentials and the inevitable fraud fall-out that has already occurred and will continue for some time to come.

1
0

This post has been deleted by its author

Bronze badge
FAIL

Re: USD300million and rising, will security catch-up?

Spam alert !

ValidSoft - Redefining Fraud Prevention

www.validsoft.com/‎

ValidSoft security solutions for financial services and government. Online banking, e-commerce, telephone banking, mobile banking, card fraud and remote ...

0
0
Anonymous Coward

Reposted from krebsonsecurity.com ..

What was the point of reposting that from krebsonsecurity.com

0
0
Pint

Drinkman?

That's gotta be either the best or the worst last name ever.

0
0
Unhappy

Smilianets is no longer smiling, I guess we can call him Smilianyets.

3
0
Paris Hilton

300 million from 160 million cards. That's only 2 bucks a pop (give or take). Now 10 dollars for each would be more like it..

Paris - doesn't get out of (or was that into) bed for that money

0
0
FAIL

Who will defend us from all this Huawei malware?

This type of crime is the cutting edge .. Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security", US Attorney Paul Fishman

This is BS and SQL injection is hardly `cutting edge', see 'The vulnerability .. is .. known as .. SQL injection`, July 2005

"Here's the world's biggest hacker .. we got lucky"

A carding operation, hardly the worlds biggest hack, more like catching the low hanging fruit. Once they started selling cards online it was inevitable they would be caught. Also, don't use IRC to discuss ripping off credit card companies ..

2
0
This topic is closed for new posts.