Hacker pleads guilty to stealing 1.8 million credit cards

One of the most prolific computer hackers in U.S. history pleaded guilty yesterday in federal court to stealing almost 2 million credit card numbers in what prosecutors called a "massive" wire fraud case costing banks some $86 million.

Max Ray Vision, 36, formerly known as Max Ray Butler, admitted that he used encryption programs to disguise extensive hacking into financial institutions and data processing centers from his California apartments.

Mr. Vision, known online as "Iceman," "Digits," "Aphex" and "Darkest," maintained a series of safe houses in San Francisco that he rented under false names to avoid detection.

"That's me, and this is what I did," he told Senior U.S. District Judge Maurice Cohill Jr. after the prosecution summarized the details of the case as part of the plea. "I am guilty."

He was prosecuted here because two Pittsburgh-area informants working with the U.S. Secret Service infiltrated his online operation and would have testified against him had he gone to trial.

His partner, Christopher Aragon of Los Angeles, also would have testified against him. Mr. Aragon, who referred to Mr. Vision as "Sam" and met with him once a month, is being prosecuted by the district attorney's office in Orange County, Calif., where his case is pending.

Assistant U.S. Attorney Luke Dembosky said Mr. Vision and Mr. Aragon established CardersMarket, an online forum devoted to the theft of credit card accounts and identity information that had about 4,500 members worldwide.

Mr. Vision provided many of the card numbers to Mr. Aragon to be encoded onto plastic cards and used to buy merchandise, Mr. Dembosky said. Mr. Vision also sold cards directly online, often to members of the CardersMarket network.

A forensic search of Mr. Vision's computer following a Secret Service raid on his apartment in September 2007 revealed 1.8 million stolen credit card accounts. The total amount of fraudulent purchases on those cards was $86.4 million.

"These losses were borne by the thousands of banks that issued the cards," Mr. Dembosky said.

The exact amount will help Judge Cohill determine a sentence and restitution order, although Michael Novara, Mr. Vision's public defender, argued that the figure may be too high because it includes card numbers that Mr. Vision had collected from other hackers and might not have been aware that he had in his possession.

He described Mr. Vision as a "hacker's hacker" who sometimes gained access to other hackers' computers for no other reason than "because he could."

Mr. Vision, who changed his name shortly before he was arrested, was the target of a 16-month investigation by the Secret Service, which handles financial crimes, and police in California and Canada.

Before his identity was known, a Pittsburgh-area informant gained the trust of "Iceman" as an administrator of the CardersMarket Web site.

The informant, said Mr. Dembosky, told the Secret Service about the network's activities and provided information from Iceman that indicated he was the same person as "Digits" and "Aphex" -- all Mr. Vision's online personas.

The second Pittsburgh-area informant twice bought credit card information from "Digits" in 2006, transactions that formed the basis of the indictment.

After Judge Cohill set sentencing for Oct. 20, federal marshals led Mr. Vision back to jail in shackles.

Read more: http://www.post-gazette.com/pg/09181/980704-84.stm#ixzz0Jt35qRTS&C

Microsoft sues for $1.5m click fraud

Microsoft sues for $1.5m click fraud

by Staff, Brand Republic 16-Jun-09, 11:55

NEW YORK - Microsoft has filed a lawsuit against three individuals for an elaborate "click fraud" scheme, accusing the group of clicking the ads of rival websites thereby exhausting their ad budgets and boosting the ranking of their own search ads.

Microsoft is seeking at least $750,000 (£456,000) in damages from the defendants, claiming the three set up a number of false companies in March of last year and targeted ads for car insurance firms and the computer game 'World of Warcraft'.
ADVERTISEMENT

In March 2008, Microsoft received complaints from car insurance advertisers who said traffic to their ads was spiking in a suspicious manner.

Microsoft investigated the claims and found an unusual number of searches for "auto insurance quotes" and a high click-through rate for the top paid search ads.

A similar scheme was being carried out with the keywords "World of Warcraft", Microsoft found.

Microsoft estimates the alleged fraud cost the advertisers in the region of $1.5m.

The company tracked down the source of the clicks and found the lion's share came from two Canadian-based proxy servers.

Microsoft claims that the three defendants set up fraudulent auto-insurance companies or worked with legitimate firms and bombarded the top-ranked ads with clicks, depleting the companies of their ad budgets and sinking their ad placements.

The defendants then placed their own ads on Microsoft's adCenter, which quickly rose in results rankings and were clicked on by actual customers. The group then sold the personal data of legitimate customers to low-level advertisers, Microsoft claims.

The lawsuit is a rare instance of a search engine going after individual advertisers and not the other way around.

Google was one of the first companies to do so in 2004 when it sued advertisers who were clicking on their own AdSense ads to make money.

Microsoft's general counsel Tim Cranton said the case was "significant" despite the relatively meagre compensation the company is asking for.

Cranton told the New York Times: "We have decided to become more active in the commercial fraud area on the enforcement side. The theory is you can change the economics around crime or fraud by making it more expensive."

About one in every seven clicks (13.8%) is fraudulent, according to consultancy Click Forensics, which measures global click fraud rates with its quarterly Click Fraud Index.

Murder suspect caught with photos on computer

By Blake Spurney

Editor

The wireless universe carries with it no loyalty, a local teenage girl learned recently.

*
Sexually explicit images of her were found by North Carolina investigators on the computer of a Gastonia murder suspect. Those images were traced to Austin Lee Hedden, 21, Franklin, who recently was charged in Rabun County with statutory rape against the girl. Investigators found images of child porn on Hedden’s computer, and he remains the target of a federal investigation.

According to court records, a Buncombe County, N.C., investigator and a State Bureau of Investigation agent were led to Hedden by Yahoo chat log records. He had sent Andrew Douglas Dalzell, the suspect of a 1997 abduction and murder of a 35-year-old woman in Carrboro, N.C., the images of the Rabun County girl.

Hedden told investigators that the girl was his ex-girlfriend and that he had deleted nude photos of her after they broke up in December. He also claimed his computer recently had gotten a virus that put “strange things” on it. Investigators received consent to look at his computer and discovered numerous pictures of nude preteen girls that he said he got from LimeWire, a file-sharing Internet service.

Hedden and the girl had met at the Fun Factory in Franklin, where he worked. He also admitted having sex with her at his home and several times in a car in Rabun County.

When investigators showed the girl the images of herself in April, she expressed surprise because they were supposed to be something private between her and Hedden. She told investigators she met Hedden in June 2008. They went on their first date in July and had sex at his residence. She texted him the next day to tell him she was 15; she initially had told him she was 16. He texted her back that he was upset and that he could go to jail.

However, Hedden continued to see her. He also requested that she send him a sexually explicit video and photos while she was in Florida, and she complied. The two parted ways that summer before getting back together in late fall. The girl had told her parents Hedden was 17. In their last encounter, he picked her up in December and brought her to his residence. He brought out a whip while they were having sex and gave her several alcoholic drinks. He also took nude photos of her with his cell phone, directing her on how to pose.

The girl showed investigators a tattoo of Hedden’s initials on her chest that she made herself using an insulin needle and pen ink. Hedden called off their relationship after their last encounter because he had a girlfriend.

Hedden told investigators he deleted the images of the girl after they broke up. He also told them that of the 2,000 images he deleted, about 10 percent were of girls younger than 10, and about half were of girls between the ages of 10-15. According to court records, he said the images of young girls had begun to make him “sick. … I got sick of myself and didn’t want to look at it anymore.”

Hedden also told investigators he created his Yahoo account in 2005 so he could chat on the Internet. He would pretend to be a 16- or 17-year-old girl while chatting with males. He had been using LimeWire for about two years, and he obtained images by using search terms such as “jailbait” or “young girls.”

Assistant District Attorney Penny Crowder said federal charges against Hedden were pending. The crime lab where his computer was taken for a forensics examination has a six-month backlog on cases. He was charged May 6 with statutory rape in Rabun and remains free on $5,500 bond.

Local authorities say they have been dealing with an ever increasing amount of teenagers sending sexual images of themselves to other teens via cell phones. Those images often get sent to a third party, which can lead to eternal life on the Internet.

“It’s serious, and it’s becoming epidemic in the last couple of years,” said Rabun County Sheriff’s Lt. Kendrick Maxwell, the school resource officer. He knew of six different instances in the past year in which nude images of local youths ended up in the hands of those for whom it wasn’t intended. Typically, it’s a girl sending a picture of herself to her boyfriend, and he forwards it to his friends.

Maxwell said the students didn’t comprehend the severity of what they were doing, either sending or receiving such images, or how easily such pictures can end up on the Internet — forever. Of the cases in which he came across images of local students, he hasn’t found any online yet. “Not saying they’re not out there, we just haven’t run across them yet,” he said.

“With a damn click of the button, it’s out there everywhere,” he said. “They don’t see it that way.”

District Attorney Brian Rickman said his office had been involved with “sexting” cases in all three counties.

Technically, sexually explicit images of an underage person are child porn under the law. However, Rickman said prosecutors had to deal with sexting on a case-by-case basis to determine whether it involved a sexual predator or if it was just a youth making a dumb mistake.

Once an image hits the Internet, it quickly can get in the collection of a pedophile, who “sends it to other pedophiles for their sick kicks,” Rickman said. “Once it gets out there, there’s no way to get it back.”

Dalzell, the murder suspect who received images from Hedden, pleaded guilty in May to enticing a minor to engage in illegal sexual activity. He had gone to Asheville in February to meet what he thought was an 11-year-old girl for sex. He had been communicating on an Internet chat room with an undercover officer posing as a young girl.

Dalzell also was the last person seen with Deborah Leigh Key when she disappeared outside a Carrboro bar in November 1997, according to The Herald-Sun in Durham, N.C. He confessed to killing her in 2004, but the confession was later ruled inadmissible because police used false documents to trick him into thinking he already had been charged with murder. He was told he would receive the death penalty if he didn’t confess.

Dalzell also had been charged with six counts of sexual exploitation of a minor for images found on his computer and fraud for using a stolen credit card number to attempt to order a Russian mail-order bride. Both cases were related to the murder investigation, and both were dismissed after it was ruled the evidence was illegally obtained.

Key’s body has never been found, and the confession was the primary evidence linking Dalzell to her death, authorities told The Herald-Sun.

By Hannah Guzik
Ashland Daily Tidings
June 09, 2009

The Southern Oregon High-Tech Crimes Task Force has seen a 9 percent increase in cases involving child pornography and child sexual exploitation over the past year, according to task force officials.

The increase could be a side-effect of the recession's high unemployment rate, leaving more people with more time to surf the internet — and hurt kids, said Sgt. Josh Moulin, the task force commander.

"Our child porn cases have gone through the roof," he said.
Related Stories

* Letters to the editor, June 8
* Letters to the editor, June 5
* Letters to the editor, June 4
* Prominent Ashlander investigated for child porn
* Nudist in Ashland draws gripes

"Every single year we've been in existence our cases have increased," Moulin said. "But it seems that since the economy has been hit the hardest, our caseload has increased the most."

The task force handles cases from law enforcement agencies located in the southern half of the state.

Moulin and Detective Brandon Bloomfield — the only officials assigned to the lab — are analyzing computers and other electronic equipment seized at the homes of Ashland resident James Auchincloss, half-brother to the late Jacqueline Kennedy Onassis, and Eagle Point resident Dennis Vickoren for evidence of child porn, at the request of the Ashland Police Department.

Police submitted the electronic equipment to the lab last October, but because the task force felt that there was no immediate threat, the case was assigned a low priority, resulting in a processing delay, Moulin said.

In addition, the lab is understaffed, he said. The task force has a five-month backlog of cases, something that could be remedied if the lab had about three more people assigned to it, Moulin said.

"We definitely would like to have added personnel and we hope that in the future some of the agencies will eventually be able to send somebody to the task force," he said. "We have enough work that we could have five full time people up here."

Typically police departments pay to train officers in computer forensics — an expensive and time-consuming process — and then send them to the lab to help with cases.

Most of the child porn and child sexual exploitation cases the lab receives come from Jackson, Josephine and Curry counties, Moulin said. In Jackson and Josephine counties, 400 people are registered for trading child porn, he said.

The task force would like to have the time and resources to go undercover and try to catch some of those people in the act of trading child porn online, Moulin said.

"We're hardly touching those cases," he said. "We have never, ever done a proactive case where we haven't found someone who was breaking the law."

The task force devotes much of its time to investigating cases involving crimes against children. Last year, the lab processed 116 cases, 37 of which involved child sexual exploitation, child pornography or child sexual abuse, Moulin said.

The task forces' total number of cases has increased 27 percent in the past year. In addition to crimes involving children, assault and stalking cases have dramatically increased, Moulin said.

When lab officials receive a piece of electronic equipment, such as a computer or cell phone, they remove the hard drive, where data is stored, make a copy of the hard drive, and then inspect the copy using the lab's computers. This insures that the original evidence is not altered, Moulin said.

The lab, which has been operating in Central Point since 2005 and in 2007 became a regional task force, has faced heavier caseloads each year due to the wider availability and use of technology, he said.

Child porn cases used to involve 400 to 500 images on a computer, he said. Now, they typically involve thousands of images and videos.

"We just finished a case where a person had 180,000 different videos and images of child pornography," Moulin said.

The videos and photographs are often graphic and disturbing — making the job of investigators a harrowing one, he said.

"We've recovered videos here locally of 1- or 2-year-old kids bound and raped. It's all on video. It's the worst of the worst you can imagine, what these people are doing to kids," Moulin said.

However grisly, Moulin said he finds his work worthwhile, because he has helped put hundreds of criminals behind bars. The task force has a 100 percent conviction rate, he said.

"I can tell you that in my law enforcement career this has been the most difficult thing I've done," he said. "But it's also been the most rewarding, because had we not prosecuted these people, they would have gone on undetected."

Contact staff writer Hannah Guzik at 482-3456 ext. 226 or hguzik@dailytidings.com.

Sodomsky cp case.

WASHINGTON – The Supreme Court won't stop Pennsylvania officials from prosecuting a man whose computer was found to contain child pornography while it was at Circuit City being upgraded.

Kenneth Sodomsky wants the high court to suppress the videos found on his computer, which he had taken into a Circuit City in Wyomissing, Penn., to get a DVD burner installed into it. While the computer was in the store, a worker looked through some of the files and found movie files with "questionable" names referring to boys of various ages. The worker then found a video of a hand reaching toward a penis and called the police.

Police seized the computer, obtained a warrant and found child pornography. Sodomsky moved to suppress the discovery, saying the Circuit City employees had no right to search his computer and show any of its contents to police.

A trial judge agreed, but a state appellate court overturned that decision, saying Sodomsky ran the risk of his illegal files being found and viewed by taking the computer out of his house and to the store.

Circuit City Stores Inc. closed the last of its stores in March.

The case is Sodomsky v. Pennsylvania, 08-1274.

Killings suspect done in by dropped cell phone

(06-02) 09:07 PDT PINOLE -- An East Bay triple-slaying suspect left his cell phone behind at the scene of a Pinole burglary and then called it to get it back, unaware that a police officer was on the other end, authorities said Tuesday.

Triple-murder suspect Anthony Ramirez, 23, was arrested a... View More Images

Anthony Ramirez, 23, never got his phone. Instead, he is in jail, charged with killing a man in Emeryville and suspected of two other homicides in Contra Costa County, Pinole police Sgt. Matthew Messier said.

It all began at about 9:30 p.m. May 22 when a burglar broke into a home on Alice Way in Pinole. The resident interrupted the break-in, and the burglar fled out the window. But he left his cell phone behind.

As Pinole police were scouring the home for evidence, they heard a cell phone ring. Officer Uri Nieves answered it.

"Hey, did you find my phone?" said the voice on the other end.

Nieves acted as if he was "just some guy who picked it up off the street," Messier said. Nieves nailed his role. "He's a very street-savvy officer who actually grew up in a rough neighborhood in Sacramento," Messier said.

Nieves asked the caller what his name was, and he replied, "Tony." Nieves arranged to return the phone to Tony - for a price - at the Boys and Girls Club on Appian Way.

Ramirez drove to the scene in a stolen Nissan 350Z, police said. Pinole police tried to box the car in with their cruisers, but Ramirez escaped after crashing the Nissan at Appian and Garden Way, Messier said. Officers found a sawed-off .30-30 rifle in the car.

Pinole police identified Ramirez as the suspect and learned that he was wanted in Emeryville for the April 20, 2008, shooting death of Chad Clarke on the 5500 block of Beaudry Street. Pinole handed the phone over to Emeryville police.

On May 27, officers found Ramirez outside a home on Samuel Street in Pinole, where he had apparently been sleeping on a mattress on the front porch, Messier said. Even as officers were closing in on him, Ramirez was texting his phone to arrange a meeting to get it back, unaware that the person on the other end this time was an Emeryville police officer, Messier said.

Two other sawed-off rifles were found at the home, police said.

In the Emeryville killing, Ramirez is accused of murdering Clarke during an attempted home-invasion robbery. Another man, Ricco Orlando Earl, 29, has also been charged with murder.

Ramirez was also being sought in connection with the April beating death of El Cerrito city employee Bruce King, 55, in his El Sobrante home, and the September shooting death of Ryan Valdez, Ramirez's half-brother, said Jimmy Lee, a Contra Costa sheriff's spokesman.

A second suspect in King's slaying, Raymond Gardner, 45, has been charged with murder.

Police are gratified that Ramirez was arrested without incident, Messier said, because the swastika-tattooed suspect told an acquaintance that "he was not going to be taken alive.

FORT POLK, La. (Army News Service, June 3, 2009) -- Using computers and enormous databases, information analysts are better than ever at weaving together a flow of biometric data-mostly fingerprints-collected from the field to identify individual insurgents.

Many of the fingerprints are extracted from bomb-making materials by experts after buildings are cleared by Soldiers, but there aren't enough experts to do the collecting. The Army thinks the answer may be a well-trained private, as part of the Biometric Intelligence Project, an Army effort to collect, exploit and analyze biometric material collected on the battlefield in order to produce timely and actionable intelligence.

The heart of the initiative is a database with more than 3.1 million biometric records. So far, the system has produced 690 detentions in theater, 18 convictions in the Central Criminal Court of Iraq and has stopped approximately 59 would-be terrorists from entering the United States.

The system can also be used on the battlefield to flag a detainee as a maker of improvised explosive devices.

"Because privates do most of the looking, terrorists need to be smarter than the private," said Byron Cousin, a retired first sergeant and mobile-training-team assistant leader sent to teach battlefield forensics at the Army's Joint Readiness Training Center here.

"A private yells, 'Sergeant, I found an arms cache' as he's rubbing his leg. The sergeant says 'Good job. Army Achievement Medal. Don't tell nobody you fell in on it,'" he joked with the paratroopers of the 82nd Airborne's, 1st Brigade Combat Team, during the four-day forensics course.

The paratroopers were taught to use the handheld interagency identity detection equipment, which looks and feels like a professional camera without an attached lens. The device captures images of the face, the iris and fingerprint and was designed for forward units in the field.

Next, the Soldiers moved to hands-on labs at another training site, followed by two days of practical battlefield scenarios. The 40-hour course wraps up with a written test and one final graded scenario, said team leader Bryant Cox, a former Marine combat photographer who has worked in intelligence for many years.

Soldiers learned the basics of battlefield forensics in one of the buildings in a mock, realistic Iraqi village: how to dust and lift latent prints from common household surfaces; to roll prints from detainees; to photograph fingerprints, deceased enemies, detainees and cleared rooms; as well as how to document it all properly.

"You learn not only to look for the basic materials, but to put two and two together," said Sgt. Clifton Whitley of the 2nd Battalion, 504th Parachute Infantry Regiment, who was retaking the course. "For instance, in one house, a guy may be making something that you think is nothing; in the next house, a guy is making something else; and then there's a third guy. Individually, there's nothing there, but you put them all together, and suddenly you have pressure plates for an IED," he said, suggesting that every team leader at the squad level and above should take the course.

Look in the kitchen for homemade explosives, said Cousin. He asked who had looked inside Iraqi and Afghan refrigerators. A few hands rose.

"You know what I'm talking about then," he said. "In Iraq, they may have things in there you don't recognize, but in Afghanistan, you see things that sometimes need to be shot again."

When the laughter subsided, the Cousin explained that bomb makers are separating components and hiding them in the kitchen, he said.

There will be 29 training events this year, including all of the rotations at JRTC as well as the National Training Center in Fort Irwin, Calif., and Joint Multinational Readiness Center in Hohenfels, Germany.

"The need for trained forensics collectors on the battlefield is immediate," said Cox. "During the last NTC training cycle we attended, three of the teams in our class were told before they even completed the course that they would have a forensics mission upon arriving in Afghanistan."

In a well-known, real-life video of a U.S. Soldier shot by a sniper in Iraq, the Soldier's armor stopped the 7.62mm slug. Following the discovery of the sniper's rifle, numerous bare-handed Soldiers handled it, obliterating the shooter's fingerprints. No chain of custody was documented, and the weapon was not packaged for most of its travel to the forensics lab.

However, after hours of meticulously dismantling and processing the weapon, forensics techs thinking outside the box developed many latent prints left on the rifle by the sniper. The sniper was positively identified three years later.

"Fingerprints are forever," Cousin said. "Finding and documenting this biometric data is a way for you to serve long after you're out of the Army," he said.