Online payment site hijacked by notorious crime gang Online payment service CheckFree lost control of at least two of its domains on Tuesday in an attack that sent customers to servers run by a notorious crime gang believed to be based in Eastern Europe. Reg reader Richard D. reported receiving a bogus secure sockets layer certificate when attempting to log in to his Mycheckfree …
Its pretty obvious that all of uatelecom.co.ua is dodgy. Their nameserver is ns1.uadns.co.cr with an admin contact in Panama who lists a gmail address. The snailmail address given for that contact is a mailbox.
Consideration should also be given to blocking their upstream providers ukrpack.net and ukrtel.net - in fact I haven't considered it, I've just done it :)
The first step in combating on-line fraud is for the major payment sites to get their act together. Once the "legitimate" recipients of electronic payments use best practice, the dodgy sites will start to be discernable by the ordinary user.
E.g.on Monday I tried to make a credit card payment to Vodafone.ie. Firefox warned me off, complaining of cross-site scripting and an obsolete SSL certificate. I thought that I would be conscientious and notify Vodafone customer services. The reply was:
"I'm sorry you have been unable to .... I suggest you disable the security settings on your computer and try ... once more.
"We recommend Microsoft's Internet Explorer Version 6 browser."
We are all doomed.
This post has been deleted by its author
Online banking is safe because if anything happens as the result of misuse of your online account you are refunded the money.
But if you are irresponsible with your cheque book, credit card etc you are liable for the loss.
These online payment systems are not banks and aren't covered by banking law, yet another reason to try to use normal banking systems as much as possible.
@ James,
Exactly, couldn't agree more. How can they know these are bad people, and not do anything about it?
Step one. Provide evidence to local authorities.
Step two, raid premises (home, offices etc.) and take everything and arrest everyone involved. Freeze all bank accounts.
Step three, throw all people involved in jail and throw away key. Ban all people involved from access to the internet or any companies involved in internet services, under penalty of being thrown back in jail. Take all money from frozen accounts.
If the local authorities are corrupt and/or unwilling to do anything, then surely there would be some way to globally banning these IP addresses? Remove the hosting ISP's from the Internet, remove the ISP hosting back bone providers etc.
Dodgy ISP's and Back bone provided would soon stop hosting these bad sites if they found they would loose their net access. Plus legit sites would avoid dodgy hosts, as they wouldn't want to suddenly find they lost their sites.
How about an official black list, (aka like bluetack.co.uk have). Then simply make that available to all browsers. I know this can be done yourself, (just go to bluetack and download blocklist manager and Protowall or similar). But having this done as an automatic and standard part of your OS would be better.
"Why hasn't it been closed down and the operators arrested?"
Because its hosted in the Ukraine by an ISP who is either a crook themselves or cares only about the revenue stream from the client.
There is no transnational means of closing down an IP address or even an ISP - the Ukranian govt would have to do the latter, the individual ISP the former.
What /could/ happen is that major ISPs in other countries could refuse to peer with the culprit ISP - but there'd be legal and financial implications to that and unfortunately our ISPs don't really care enough to take the pain. Just look at how much spam gets through and you can see their commitment to blocking dodgy sources.
"Why hasn't it been closed down and the operators arrested?"
Agreed. Maybe, if it's an EU-based Eastern European operation, the Eurocrats should have been a bit tougher on letting everyone onto their gravy train back when they stopped getting love from the existing EU nations, and maybe a few penalty laps outside the EU for the corrupt authorities who let this go on should be in order. Of course, all bets are off if it's happening in Russia or various other states in the region.
The nature of the allconnectedness of the Internet means you can't stop this sort of thing happening, also it's protected by international treaties which prevent "Internet Warfare" (although that remains to be seen).
Basically you have to punish the criminals in their country of origin (where the crime was committed), otherwise what's the difference between blocking a site which the govenment believes to be illegal and one it just doesn't like (i.e. Chinese Internet).
Rule one of secure banking, be very suspicious of anything unusual (certificate warnings esp.)
Then also have a good firewall, up to date virus scanner, latest updates, never use a PC for secure banking that could have been tampered with (cyber cafe, kids/grannies who download without knowing what they are doing etc.), intenet banking *can* be very secure, but it can also be very insecure (if you're ignorant of the issues or slack with your security), perhaps the banks should do more to raise awareness, but doing so without scaring people off is not easy and no bank wants to be the first as it will be seen as *their* bank that is less secure than others that don't try to raise awareness.
"To confirm the redirection was an internet-wide problem, he checked the site using a server in another part of the US"
By doing so, he checked that it was a US-wide problem shurely... there are places outside the US. Reportedly.
Now it may or may not be an internet-wide problem, but...
"to check that Greek is really the most spoken language in the world, we talked to people in another part of Greece"
Yeah I fonud something like that on another site it was basicaly a borked script that just needed a single line changed to a few lines as somewhere along that line the script broke but I was told to use IE as well if I wanted to use that site as they had no plans to fix it anytime soon.. It's a well know supermarket site to boot.
I mean If they had given me an e-mail address I could have e-mail them the fix there and then would have taken about 10 minutes maybe.
I do love those "paypal" dispute ones going about... I precheck all e-mail via mailwasher as it shows where the links truely go that and the true return address of the e-mail.
...The Macedonians and/or the Romanians will be upset that the Ukranians did something "cool" and will wreak havoc upon the purpatrators to fuel their jealousy
No need to panic, or do anything, they'll all sort themselves out and we can go back to being ignorant to it all.
Unless I'm just being too old school here, I haven't graced the presence of an IRC server in over a year at least..
Putting on my jacket and heading to the pub..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
