The Hindu Business Line : Gotcha!

There is a popular saying (attributed to Abraham Lincoln) which goes something like this: “You can fool some of the people all of the time, and all of the people some of the time, but you cannot fool all of the people all of the time.”

This comes to mind while writing on the case of Anup Patel, a 30-year-old computer expert who was recently convicted to six years’ imprisonment by a UK court for alleged frauds to the tune of £2 million.

India-born Patel arrived in England at the age of two and went on to acquire a degree in computer science from Kingston University, London. Even as a student he displayed an extraordinary interest in obtaining the customer information of banks, presumably from Web sites. The means adopted to collect such data did not seem to matter to him.

Reports in the British press suggest that Patel was more interested in the adventure involved than in the money obtained illegally. This, however, does not square with the fact that he sent outside the UK fake cards which carried numbers of nearly 19,000 credit cards that had been harvested from unwary customers at petrol pumps.

This operation depended on the installation of secret cameras and card-readers at these pumps, situated mostly on the M5 motorway. It remains unclear how such gadgets were physically fitted at these centres without the knowledge of the staff there.

Credit cards prepared with the skimmed numbers were exported to countries that had not yet adopted the chip and Personal Identification Number (PIN) system in vogue in the UK which uses smart card technology and a modified swipe-card reader. The reader accesses the microchip embedded in the card to verify that the card is genuine before the customer is allowed to punch in his PIN for the transaction to be completed.

Patel’s strategy was to defeat this double-authentication process which does not exist in some countries. The physical delivery of forged cards was undertaken by Anthony Thomas (45) to places in Thailand and some east European countries.

Following a tip-off, in 2006, the UK police raided Croydon South Business Centre, in south London, which served as Patel’s office. The swoop yielded £20,000 in cash, the skimmed details of 19,000 cards, holograms and card printers. Interestingly, police check revealed that Patel had had a conviction in France about a decade ago for computer fraud; Thomas had several sentences to his credit.

It was reported that Patel’s actions were audacious and he took many chances with law enforcement in the belief that he could not be found out. Once he was known to have phoned Detective Sergeant Simon Russen investigating him and joked that he was like Leonardo DiCaprio, who played Frank Abagnale Jr in the movie Catch Me If You Can. Patel even added that the Sergeant could be compared to Tom Hanks, who played the FBI agent pursuing Abagnale Jr in the movie. In an apparent challenge to the Sergeant, Patel hung up saying, “Catch me if you can”! However, Patel, unlike Abagnale who dodged the police for five years, had to surrender within weeks of going underground after his associates were taken into custody.

Ingenious tracking methods

The FBI has penetrated the cyber underworld using techniques that are marked by extreme ingenuity.

For instance, it was revealed recently that as part of a sting operation the agency had floated a bogus company called ‘DarkMarket’ and set up a Web site offering help to hackers and others indulging in cyber crime. Specifically, the Web site facilitated sharing of information and expertise to those who had stolen identities and credit card data.

The site put on sale several products ranging from specialised hardware to electronic banking log-in data obtained from phishing attacks. Vendors were encouraged to submit products for pre-sale review.

Naturally, the site attracted various elements from the underworld seeking to make quick gains.

The FBI, however, decided to suspend the exercise recently as there was a feeling that ‘DarkNight’ had attracted far too much attention, and the sting operation was likely to be compromised.

But during the year or so when ‘DarkNight’ was functional, it obtained valuable data that will prove useful in tracking down cyber criminals in any part of the world. This modus operandus is worthy of emulation by Indian law enforcement agencies as well, especially because there is very little reporting of cyber crime by the victims or the lay public.

Tailpiece

Cyber-criminals the world over watch the goings-on in the political firmament without pause. This is possibly why some of them thought they should somehow exploit the euphoria generated by the US President-elect Barack Obama.

Hailing his victory, some miscreants launched a malware campaign in the hours following the declaration of the result. They led unwary surfers to a site that ostensibly gave finer details of the outcome of the Presidential poll.

When users clicked to go to the projected site, they were led to a fake site which urged them to install an update to Adobe’s Flash. Instead of installing this, what the site did was to leave behind a Trojan that moved swiftly to compromise the machine and flood it with more malware. This was mischief that quite likely resulted in a disaster to many.

Any more evidence required for us to be extremely alert while handling unknown Web sites, especially when the latter demand sensitive personal information or give directions to proceed further when such directions appear strange or unwarranted?

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

Related Stories:
Handle with care
Under siege in cyberspace
Serious about security

More Stories on : Security | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Get me a pizza!

‘There are no times like this’

Committed to IT

Gotcha!

More hurdles to cross

Going for the buzzer — and the trophy

Quiz

Big Blue’s green strategy

Project your image

Power back-up