Operation n

Police offers by day and private eye hackers by night; bugging phones and hacking into computers was just a night in the office for Jeremy Young and Scott Gelsthorpe, founders of Active Investigation Services (AIS) or "hackers are us". Its a profitable business they had been running for 6 years until they got caught.

One of their clients, waste millionaire Adrian Kirby, paid £47,000 for AIS to spy on environmental investigators.

US millionaire Matthew Mellon was acquitted of spying on his ex-wife, Tamara, founder of the Jimmy Choo shoe company.

How did they do it?

Young admitted breaking the law. His former receptionist Karen Coulson told the court he was a “good storyteller” who told lies and “would stretch the truth”.

But they were dubbed “Hackers Are Us” in court for the “extras” they offered for a wealthy elite. They used illegal means to provide extra services for clients and had a price list for those services.

For £5,000, AIS would “monitor” - or hack into - an e-mail account.

For this, they used the expertise of Marc Caron, an IT specialist based in Phoenix, Arizona.

He used so-called Trojan horses, which infiltrate computers through a seemingly innocuous e-mail, website or programme, but then allow hackers access to everything on the machine.

Caron pleaded guilty in the US and will be sentenced on 28 June.

They could also tap a landline telephone at a cost of £6,000 per month.

For this, they employed the services of Michael Hall. He was sentenced before this trial began after admitting a string of offences.

AIS also used firms of “blaggers”. Put simply, these were con artists who impersonated someone in a official capacity to trick information from a subject. On at least one occasion, AIS asked a blagger to pretend to be a doctor in order to glean personal medical histories.

Gelsthorpe told the court that “seemed like fair play” to him.

Clients varied. Some were individuals - often suspicious spouses.

These were known as OTS enquiries - for “(A bit) On The Side”.

Subjects varied too and included local council officials and ordinary residents.

Among the computers targeted were official networks in government offices.

AIS was investigated by the Metropolitan Police’s Anti-Corruption Command following a tip-off from BT.

Credits:

• Thanks to woo-shy for the cool information

References:

• BBC

For Alexey Ivanov, the story of his hacking, his crimes, his arrest and his release from prison ends in a place that he finds perfectly satisfactory. His goal, he says, had long been to come to the United States. And now he is here, living and working in New England. Ivanov says he started his U.S. job search in April 1999. He did it the way any sensible hacker living on the other side of the world would do it. “I went to Dice.com and downloaded a database from a job-seeking server,” he says. “It was easy. I wrote some scripts, and in a few hours I was sending my résumé to 5,000 jobs.”

PayPal provided the Russians with one of their more satisfying conquests, if not one of the more lucrative. Ivanov claims to have masterminded the PayPal scam. The first step, he says, involved placing scripts on eBay that collected the e-mail addresses of PayPal customers. Then, using the domain name “PayPaI,” with an uppercase “I” instead of a lowercase “L,” Ivanov set up a mirror site that was a replica of PayPal. Ivanov and his cohorts then sent e-mails to PayPal customers, offering them a gift of US$50, for which they had only to enter their passwords on the bogus site. The scammers simply sat back and collected the password harvest.

Hacker Alexey Ivanov was lured to the United States and snared in a high-stakes cyber-sting. The FBI says he got what he deserved. But Ivanov says his gamble paid off. In the end, he got what he wanted all along

ALEXEY IVANOV’S job interview didn’t go as well as he’d hoped.

Ivanov, then a 20-year-old computer programmer from Chelyabinsk, Russia, had flown to Seattle in November 2000 to apply for a job with a company called Invita Security. To the young Russian, Invita promised the dream job. The company was clearly entrepreneurial—entrepreneurial enough to seek out the services of this skilled hacker who worked in an abandoned factory halfway around the world. They even promised to pay his airfare and to pick him up at the Seattle airport. At Ivanov’s suggestion, the company encouraged him to bring along a fellow programmer, Vasiliy Gorshkov. When the two Russians arrived, their Invita hosts explained what they were looking for: a few good hackers who could break into the networks of potential customers as part of an effort to persuade those companies to hire Invita to keep hackers out. Ivanov was familiar with the tactic.

As Ivanov, Gorshkov and two American business types sat at a table in a Seattle office, Gorshkov regaled the interviewers with tales of his hacking exploits, and Ivanov allowed himself to dream of a better life. He was exhausted: The trip from Chelyabinsk had taken nearly 48 hours, and he had not waited to arrive to start celebrating his good fortune. The interviewers asked their guests to demonstrate some of their skills, and the two Russians took turns logging in to their own network back in Chelyabinsk. Ivanov knew that he and Gorshkov were good, so when his hosts appeared to be impressed, Ivanov was not surprised.

The big surprise would come later, when the two Russians were being driven to their lodgings. The car stopped suddenly; the doors flew open, and Ivanov heard someone say: “FBI. Get out of the car with your hands behind your back.”

It was then that he remembered something he had heard about America: It was the kind of place where anything could happen.

Ivanov and Gorshkov were charged with conspiracy, computer fraud, hacking and extortion. Gorshkov was jailed in Seattle, where his incriminating boasting took place. Ivanov was flown east, to Connecticut, to be tried in the home state of the Online Information Bureau—one of several companies whose servers he had breached.

The federal agents who arrested the Russians brandished a short catalogue of cybercrime allegations. They claimed that the Russians had tried to extort money from scores of U.S. companies, including Central National Bank of Waco, Texas; Nara Bank N.A. of Los Angeles; and a Seattle-based ISP called Speakeasy. As it turned out, most of the allegations were right on the money. Ivanov and Gorshkov had, among other things, tapped a database of an estimated 50,000 credit cards, and they were making good use of some of them. Gorshkov would be found guilty of all four crimes, sentenced to three years in jail and ordered to pay US$692,000 in restitution. He has since returned to Russia. Ivanov would eventually admit to hacking into 16 companies. He served three years and eight months in jail and owes more than US$800,000 in restitution.

References:

• Crime Research

To much hacking and not enough playing makes Michael Daw a dull boy.

I am a huge Starcraft fan, although its been many years since its release of Starcraft and its addon Broodwars. Starcraft 2 is finally here! Alot of women are going to lose their woman over this!

The game play on SC2 looks absolutely incredible and dang complex.

Core has setup a really cool site at newstarcraft2.com. I have joined the forum, so if your a SC2 fan, come on over… who says its to early to be putting together strategies and forming teams :)

I released an online version of my WordPress vulnerability scanner. Its still in its initial stages, I will work on risk highlighting, discussion and recommendations shortly.

Go give your blog a test, details here. Feedback most welcome and encouraged.

I released an article on GNUCitizen today around XSS engines and worm propogation techniques. In this article I discuss 3 XSS Engine types:

• Scrape;
• Specific; and
• Generic XSS Worms

If you haven’t already checked it out, I would recommend the read.