Archive for month: January, 2010

Robert Siciliano Identity Theft Expert

At a friend’s 40th birthday party, we wound up discussing my Craigslist ATM, and that led to a conversation about how easily people can be conned. One friend’s new boyfriend began telling us how frequently he is able to con people in order to get into bars and clubs. “I never wait in lines,” he claimed, “and I always get VIP treatment.” I hate lines, too, but I have a hard time lying to get what I want.

He says he finds the phone number of the bar or club and calls ahead of time, claiming to be the manager of a Boston Celtics player and explaining that he’ll be coming to the bar with a few people and that his player will arrive later. He gets the name of the club manager and someone from security. That night, he goes straight to the front of the line and drops the manager or bouncer’s name and acts as if he’s entitled to enter. He says his success rate is 100%, and I believe him.

When a  couple can crash a formal event at the White House despite Secret Service presence, then almost anything is possible. People successfully pose as health inspectors, police officers, and even Secret Service agents. As I demonstrated on The Montel Williams Show, I once posed as a “water inspector,” gaining access to people’s homes by saying I needed to “check the colorization of their water.” Any kind of fake badge and uniform can do wonders.

One recent example is a Massachusetts man who has been accused of posing as a Secret Service agent in order to enter the U.S. Department of Health and Human Services and pleaded guilty to disorderly conduct, trespassing, and impersonating a public official after attempting to enter a U2 concert without a ticket by impersonating a police officer:

“Authorities say he flashed what appeared to be a gold Massachusetts State Police badge and entered Gillette Stadium in Foxborough, Mass., on Sept. 21. They say he didn’t have a ticket to the concert.

He repeatedly asked to see the fire chief and where the ambulances were parked. When he refused to identify himself, stadium security called police, who then arrested him.”

A criminal can easily impersonate you online or in person to commit financial identity theft as it relates to new account fraud and account takeover, or to commit social media identity theft. This is why a credit freeze and an identity theft protection service are essential. Because identity theft will flourish until we are properly identified and systems are in place that point towards effective authentication and identification which leads to accountability.

1. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief. Invest is a social media identity theft protection toll such as Knowem.com.
2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing being an imposter and home invasions on the Montel Williams Show

Robert Siciliano Identity Theft Expert

In my early 20’s I bought real estate in a depressed area north of Boston in Lynn Massachusetts. At 20, that’s all I could afford. Lynn was then and is now known as “Lynn Lynn the City of Sin, you don’t go out the way you come in.” Lynn’s a hard city known for drugs and prostitution.  It’s also the home of various biker gangs known as “one percenters” The theory is 1% of all people come out of their momma just bad.

No surprise that the Boston Channel reports a Lynn couple was accused of selling the identities of at least 16 Transportation Security Administration workers at Logan International Airport.

Police said the ID data was allegedly taken by a female TSA contract worker who is related to one of the two Lynn suspects.

A TSA spokesman said the agency takes the ID theft very seriously.

“TSA can assure the traveling public the release of this information does not compromise aviation security,” TSA spokeswoman Ann Davis said.

TSA said the agency is helping workers obtain free credit reports so they can ensure their personal information remains secure, Davis said.

Well Ann, that’s step in the right direction but it won’t protect the identities of the victims. They need credit freezes, credit monitoring and at least a vacation to Maui to get over all the stress.

What’s more bothersome about this is the fact that this is a breach of airline/airport security that goes way beyond identity theft that isn’t being discussed. Just like THIS GUY got access to a corporation’s facility with a fake ID, a terrorist can do the same with a stolen TSA ID. To steal the ID of a TSA worker gives one access to the airport then to luggage and more. There needs to be a tighter system that prevent this. We need effective identification that makes another’s identity useless to the thief.

1. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing stolen luggage at Logan on CBS Boston

Robert Siciliano Identity Theft Expert

Lately I’ve been coming across “advertisements” on forums, posted by criminal hackers looking to sell our stolen information. They are “carders,” selling “dumps” and “fullz.” Well, I decided to make contact with one of them to see what the deal is. It turns out the one I connected with was less than forthcoming, but was very persistent and more than likely has and will continue to scam people. Here is the FIRST and SECOND postings set up by criminals that I’ve found this week. The links are functional as of this posting.

The hacker I contacted immediately returned my email. I told him I was a journalist and wanted to do a story on him. I couldn’t have been more upfront with my intentions. I even provided him with a link to my website, but that didn’t seem to matter. He just wanted my money. First he wanted me to open up an instant message and connect with him via his Yahoo email. That way we could chat. But I wasn’t about to let him in via IM, because there are known hacks that can allow a bad guy into your PC via an IM service. So instead, I set up a private chat at tinychat.com.

What follows is an abridged version of our conversation. (The full version is here.) I am robertsicili, and the scammer is dskimmed2009 (how appropriate).

[11:50] robertsicili: who is here?

[11:51] dskimmed2009: yes its me man

[11:52] robertsicili: nice meeting u

[11:52] robertsicili: where are you from

[11:52] dskimmed2009: I Have told you already man

[11:52] dskimmed2009: or have u forgotten that man

[11:53] robertsicili: you havent told me

[11:53] dskimmed2009: oh okay man

He avoided the question.

[11:55] robertsicili: why did you agree to speak to me?

[11:55] dskimmed2009: what do u mean ?

[11:56] robertsicili: well, your business isnt a normal one and usually guys like you try to stay 100percent under the radar

[11:56] dskimmed2009: ahahaha

[11:56] dskimmed2009: very good man

[11:56] dskimmed2009: so u too which country are u from ?

[11:57] robertsicili: US

[11:57] dskimmed2009: VERY GOOD

All CAPS “VERY GOOD” tells me right away he thinks I’m an idiot.

[11:57] dskimmed2009: I’m 27 years of age and  u?

[11:57] robertsicili: im 41

[11:58] dskimmed2009: wow…….then am small boy to u right

[11:58] robertsicili: youll be 40 before you know it

So small talk, getting used to each other.

[11:59] robertsicili: what country? your english is fine

[11:59] dskimmed2009: CVV,FULZ,DUMPS,BANKLOGINS,BANK TRANSFER,WU TRANSFERS,SKIMMING,ETC

He doesn’t want any more small talk. He want to get paid.

[12:00] dskimmed2009: What do you need to buy now man?

[12:00] robertsicili: all business, i get it.

[12:00] robertsicili: i want to tell your story. you are very interesting.

[12:01] dskimmed2009: yes am interesting man ok

[12:01] dskimmed2009: dont be serious let finish the deal at least today now ok

[12:01] robertsicili: i write for numerous US papers and find what you do facinating. Id like to understand your process.

This seemed to have gone right over his head because he never acknowledged it.

[12:06] robertsicili: so its not a problem for you to be public? how do you keep from being traced?

[12:06] dskimmed2009: i have many securities upon me so u dont need to be worried about that at all man ok

[12:07] dskimmed2009: becoz i do genue and valid business here with many and more costumers man

[12:07] dskimmed2009: so no one will traced upon me ok

[12:07] robertsicili: not worried, just curious, youre very smart

[12:07] dskimmed2009: why are u saying that am smart

[12:08] robertsicili: because you are able to be public, but still anonomous

[12:08] dskimmed2009: of course man becoz if i were to be bad i will never be in public annoucenment forums

[12:09] robertsicili: what is your “valid business”

[12:10] dskimmed2009: My valid business is to just do long term business with the other costumers man

He begins to tell me how honest he is with his customers.

[12:10] dskimmed2009: always i do give them what they will paid me for ok

[12:10] dskimmed2009: i dont dissapoint them as some ppl’s are doing to the other costumers

[12:10] robertsicili: so you are an hoinest business man who doesnt stiff his customers.

[12:11] dskimmed2009: i never stiff my costumers ok

[12:11] robertsicili: i see you take pride in that. and you should.

[12:11] dskimmed2009: am not interesting to do that to my costumers to loose my market man

[12:11] dskimmed2009: i always want to do long term business with my costumers

[12:12] robertsicili: there must be a lot of dishonest people in your business who stiff people

[12:12] robertsicili: how long have you been doing it?

[12:12] dskimmed2009: of course and they are those who used to spoiled most of the hackers business man

[12:13] robertsicili: so you are a “hacker”, do you get the data directly?

[12:13] dskimmed2009: i have been in this business for very good 17 years of age man

He loosens up a little and begins to give me history and a bit about his process.

[12:14] dskimmed2009: i use to go to Ho Minh Chin…Vietnam to hack softwares and come back to russian again man

[12:15] dskimmed2009: i have 3 types of softwares i use for my work man

[12:15] robertsicili: what are they called?

[12:15] dskimmed2009: One if for use to skimmed dumps

[12:15] dskimmed2009: software to skimmed dumps called Skimmer

[12:16] dskimmed2009: i have one too hacking software it used to hack credit card numbers and bank logins man

[12:16] dskimmed2009: i have western union bug software version 2010 with an activation code

[12:17] dskimmed2009: used to do online western union wireing and also hacking an mtcn numbers out from fullz man

[12:17] dskimmed2009: i have all types of skimming

[12:18] robertsicili: “hacking software”  so on other peoples computers?

[12:18] dskimmed2009: OH YES

He’s all happy now.

[12:22] robertsicili: are you russian?

[12:23] dskimmed2009: am not a russian man

[12:23] dskimmed2009: i have been there for good 8 years just to study how to hack very experiencely and perfect way man

[12:26] robertsicili: in the US we are hacked by many countries. The chinese are great hackers, Romanians too.

[12:27] robertsicili: I have heard of vietnamese hackers too but not as often.Ukraine have many good hackers

[12:27] dskimmed2009: oh yes man

[12:27] dskimmed2009: RUSSIAN,VIETNAM,THIALAND,ROMANIA,UKRAINE,NIGERIA ,GHANA

[12:28] robertsicili: Yes. All hacking Americans or all over the world?

[12:28] dskimmed2009: All those countries i just mention they contain alot of fake and good hackers

[12:29] dskimmed2009: they hack EUROPE,UK,US,CANADA,ASIA,WESTERN PART OF AFRICA

We discuss family!

[12:29] robertsicili: do you have kids?

[12:29] dskimmed2009: they hacked all over the world man

[12:29] robertsicili: ok

[12:29] dskimmed2009: i have 2 kids and my personal wife

Back to business

[12:35] robertsicili: how do you get paid?

[12:35] dskimmed2009: they are sooo many ways of means to get money easy but they dont like it on that way

[12:36] dskimmed2009: Through Western Union,Money Gramm,Liberty Resrve and Web Money

[12:38] dskimmed2009: u can also do western union online transaction money transfer with fullz

[12:39] robertsicili: define fullz

[12:39] dskimmed2009: fullz contain , SSN : SOCIAL SECURITY NUMBERDOB : DATE OF BIRTHDL : DRIVING LINCENSEMMN : MOTHER MAIDEN NAME

[12:40] robertsicili: I now understad fullz, but how do I turn that data into money?

[12:40] dskimmed2009: i will teach u if u buy either the fullz or the software ok

[12:40] dskimmed2009: u will just process and operate the software thats all

[12:41] robertsicili: how much for the software?

[12:41] dskimmed2009: 700$

[12:41] robertsicili: damn!~

[12:42] dskimmed2009: Don’t make noise

[12:42] dskimmed2009: i can reduce the price for u if u are ready at any time ok

[12:42] dskimmed2009: am not difficult hacker ok\

Such a great guy and all around good business man. Now I want more detail I want raw data, I want proof.

[12:48] robertsicili: when you get a chance send me samples of what I can get with the software. CVV2?

[12:49] dskimmed2009: all my software are containing security password and codes so i cant just give out like that man

[12:49] dskimmed2009: unless u have make payment for it

[12:49] dskimmed2009: b4 i can give u man

He is refusing to send me samples of data he hacked. I’m beginning to think he has nothing.

[12:50] robertsicili: if im going to make an investment in your softwareI need to understand what it does.

[12:51] dskimmed2009: it will hack the amount on the fullz as mtcn numbers for u to get out with the rest of the infomations man

[12:51] robertsicili: what is mtcn

[12:52] dskimmed2009: Money Transfered Control Number

But he never tells me what it does or how it works. I spend the next hour trying to pull that from him.

[12:54] robertsicili: you sell logins, how do you get them?

[12:55] dskimmed2009: bank logins ?

[12:55] robertsicili: is that what you sell?

[12:55] dskimmed2009: i have software to hack that from bank personal and company account’s

[12:55] dskimmed2009: yes i sell bank logins too man

[12:55] dskimmed2009: CVV,FULLZ,DUMPS,LOGINS,TRANSFERS

[12:56] dskimmed2009: I Do bank transfer,western union transfer and paypal verified account transfer toooo

[13:12] robertsicili: How do you get login data?

[13:14] dskimmed2009: i hack from online banking with software

[13:14] dskimmed2009: i have boa,rbc,wamu,wachovia

[13:14] dskimmed2009: icici,hsbc,abbey

[13:37] dskimmed2009: u need banking software for bank login date?\

[13:38] robertsicili: if im to start a business of hacking data I want to know what to buy from you.

[13:38] dskimmed2009: yes man

[13:38] dskimmed2009: please give me ur western union infomations now ok

[13:38] dskimmed2009: with ur phone number

[13:39] robertsicili: and what will you do with my western union info?

[13:39] dskimmed2009: i want to send some money for u to cash it out and send it to me on my infos in ghana man ok

Now he wants my “western union” account data so he can send me money so I can send his partner money in Ghana. He’s beginning to try an “affinity” scam on me.

[13:39] dskimmed2009: one of my business patner man

[13:39] dskimmed2009: he is online now am talking with him

[13:40] dskimmed2009: so i want to give him us infos to send the money

[13:40] dskimmed2009: through money gramm

[13:40] dskimmed2009: becoz right now all the banks is close

[13:40] dskimmed2009: here in ghana now

[13:41] robertsicili: why do you want to send me cash?

[13:41] dskimmed2009: i want him to send the money to us country so that u cash it out send it to me here in ghana now man ok

[13:41] dskimmed2009: becoz right now all banks is close in ghana now ok

[13:44] robertsicili: OK so he sends me money and i send it back to you because the banks are closed?

[13:44] dskimmed2009: oh yes

[13:44] dskimmed2009: that is it my brother

[13:45] robertsicili: In the US we call that an “advanced fee” scam. At least thats what someone told me.

[13:46] dskimmed2009: okay then stop ok

[13:46] dskimmed2009: don’t do it again ok

[13:46] dskimmed2009: we continue our business now

“don’t do it again” he tells me. OMG LMAO!!!!!

[13:47] robertsicili: I want to buy your software that hacks online banks. Tell me what it does and how much money it will cost me.

[13:49] dskimmed2009: it cost 1300$ for online banking software to hack bank logins both personal and company account

[13:51] robertsicili: tell me how it works, I want to undersyand the technology. Is it sql-injection, spyware? Password hacks, Phishing?

[13:52] dskimmed2009: 2 COMERSUS SOFTWARE WITHOUT BANK LOG IN AND BANK CREDIT CARD CODE ==========1000$

[13:52] dskimmed2009: 3 NEW WESTERN UNION HACKING BUG FOR WORLD WIDE TRANSFER ==========700$4 NEW PAYPAL LOG IN HACKWARE FOR HACKING FRESH PAYPAL ==========250$

[13:53] dskimmed2009: 7 NEW CREDIT CARD VALIDATOR FOR VALIDATING ANY FULL CC INFO ==========120$

[13:53] dskimmed2009: WESTERN UNION ONLINE SOFTWARE(WESTERN UNION BUG)VERSION 2009/2010PRICE:700$

Now I begin to get confused as he describes his process, because it makes no sense.

[14:22] robertsicili: explain to me me how it brings the infos and what the software hacks

[14:22] dskimmed2009: it will hack the bank u will choose on the list of the software processor

[14:23] dskimmed2009: then u will wait for 30 minutes for that bank u choose it’s infomations

[14:23] dskimmed2009: every infomations that will appear within that 30 minutes if valid infomations

[14:25] dskimmed2009: It’s not difficult to understand but if u understand i will be very happy man ok

[14:25] robertsicili: so the software is hacking the banks processor and getting consumer logins?

[14:28] dskimmed2009: it’s like bank transfer

[14:36] robertsicili: explain how th bank transfer works?

[14:36] dskimmed2009: a’m worry about how u dont understand man

[14:36] dskimmed2009: infact its pains me

“infact its pains me” TOOOOOO FUNNNNNYYY!!!!!!!!!!!!!!!

[14:36] robertsicili: Im skilled in software but want to understand how it works. is it a sql injection?

[14:38] robertsicili: if I am to spend thousands of dollars I needd to know how the tech nology works. you are selling hacking softeware but wont tell me how it works

[14:38] dskimmed2009: it will bring that bank u choose all its infomations will appear on it within that 30 minutes time man

None of this makes sense.

[14:40] dskimmed2009: u see someone’s bank account

[14:40] dskimmed2009: he is from usa

[14:40] dskimmed2009: his account was hacked by the software last weeks monday

[14:41] dskimmed2009: 38k was withdraw from it by one of my costumer who come to buy the software man

[14:43] robertsicili: ok

[14:43] dskimmed2009: u see ?

[14:44] robertsicili: soft of. I think there mayt be a language barrier here

[14:45] dskimmed2009: what do u mean by that man?

[14:45] robertsicili: so the software gives me access to the server and shows the banks customers accounts?

[14:45] robertsicili: then I can withdraw from the account and make a transfer?

[14:46] dskimmed2009: oh yes man

[14:46] dskimmed2009: that is it

[14:46] dskimmed2009: u can make the transfer ur self to ur account either company or personal account

So I ask him how he hacks Paypal. Based on his answer It cant possibly be this easy.

[14:50] robertsicili: ok. how does it work with paypal?

[14:51] dskimmed2009: We have Verified and Non Verified Account

[14:51] dskimmed2009: just the id and the password

[14:51] dskimmed2009: we have ones with an empty balances and with ones with founds tooooo

[14:59] robertsicili: how does it work?

[15:00] dskimmed2009: for that one is not difficult man

[15:01] dskimmed2009: u will just put the id on it,it will show the password and the amount in the account

WHAT? His software just needs an ID (account number) and it shows the password? I think I smell a rat.

[15:01] dskimmed2009: then u transfer to ur bank account or ur paypal account or uur personal account or any of ur company accout man

[15:02] dskimmed2009: that’sall

[15:02] robertsicili: serious? you have software that will show a persons user ID and their passwords and whats in the account? How does it do that?

[15:03] dskimmed2009: the software self will show the password and the amount on it

[15:03] dskimmed2009: infact i have sell this to 2 costumers only

[15:03] dskimmed2009: it’s too cost but simple to operate

[15:05] robertsicili: This sounds to good to be real. How can you prove this works before i send you money?

[15:05] guest-14953 entered the room

[15:06] dskimmed2009: i dont have any thing to show man

So he’s got nothing. Or at least wont give up anything.

[15:07] dskimmed2009: if u are ready u go to send money now so that i send u the software man

[15:07] dskimmed2009: becoz with the software u will make alot of money

[15:07] dskimmed2009: and am going to do long term business with u for ever man

[15:07] robertsicili: if what you say is true then the entire banking and paypal security is non existent.

[15:08] dskimmed2009: so u must to trust me and to be honest with me that alll

[15:08] robertsicili: dude, i find it hard to trust in this situation.

[15:09] dskimmed2009: ok

[15:09] dskimmed2009: any way thanks for contacting me ok

[15:09] dskimmed2009: bye

What an ASS. I learned he wasn’t much of a hacker, or at least didn’t have a very good handle on his technology or he just didn’t want to tell me. But the mere fact that he is sitting in a hut or internet café  somewhere and communicating like this tells me someone somewhere has sent him money. Man.

1. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing credit card and debit card fraud on CNBC