Fundamentals of Cyber Security

UNIT-V
• Cyber Crime Examples: Introduction, Real-life Examples: Official
website of Maharashtra Government hacked, E-Mail spoofing
instances, Indian banks lose millions of rupees, Parliament attack, Pune
city police bust Nigerian racket.
• Mini-Cases: The Indian case of online gambling, an Indian case of
intellectual property crime, illustrations of financial frauds in cyber
domain.

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Introduction
 For the reasons of confidentiality and privacy, real names (individuals and/or organizations)
are masked in some of the illustrations.
 Though the names are masked, the situations are real.
 If the hypothetical names match with actual names of any living or dead person, it is purely
a coincidence.
 A number of cases/illustrations are based on the information released in the public domain;
those URLs are mentioned.
 Neither authors nor the publisher is responsible for false/inaccurate information posted on
those public weblinks.
 Cybercrime knows no geographical boundaries

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Introduction
 Figure 11.1 illustrates this point effectively. Criminals, the means for the crimes and the
impacted victims can be anywhere on the globe!

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: Official website of Maharashtra Government hacked
 Website hacking incidence reported in September 2007. The impacted website was
http://www.maharashtragovernment.in.
 A few days after the Chief Minister of the state inaugurated the new, citizen-friendly service-
based web portal of the Brihanmumbai Municipal Corporation, the Maharashtra
government’s official website was hacked which lead to the shutting down of
www.maharashtra.gov.
 The state officials, however, said that there was no data lost and that there was no serious
damage to the website.
 State Officials further stated that the website gets updated daily with information on
various government regulations and decisions, and supports links to all government
departments.
 However, IT experts had to restore the official website of the government of Maharashtra,
having succumbed to the attack by the hacker.

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: Official website of Maharashtra Government hacked
 As per reports, the site was attacked early in the morning by a person or a group proclaimed
as “cool- hacker.” The hacker left an imprint of a hand on the hacked website.
 The state’s information and technology department came to know about the incident next
day morning. They immediately blocked all access to the website.
 The IT department has lodged an FIR (First Information Report) with the police in an
attempt to trace the culprit.

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: Official website of Maharashtra Government hacked
 Joint commissioner of police, in his official remark, stated that the state’s IT officials lodged
a formal complaint with the cybercrime branch police following this incidence.
 He expressed confidence that the hackers would be tracked down. The Commissioner also
mentioned that the hacker had posted some Arabic content on the site.
 According to sources, hackers were suspected to be from Washington.
 IT experts gave to understand that the hackers had identified themselves as “Hackers Cool
Al-Jazeera” and claimed they were based in Saudi Arabia.
 Officials further added that this might be a red herring to throw investigators off their trail.
 For those who are not familiar with the term “red herring,” it refers to the tactic of diverting
attention away from an item of significance.

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: E-Mail spoofing instances
 Example-1
 An American teenager made millions of dollars by spreading false information about certain
companies whose shares he had short sold.
 This misleading information was spread by sending spoofed E-Mails purportedly from news
agencies like Reuters, to share brokers and investors who were informed that the companies
were doing very badly.
 Even after the truth emerged, the values of the shares could not be restored to the earlier
levels.
 This resulted in thousands of investors losing a lot of money.
 This can be considered as a cybercrime against an organization because the impacted
organization was the one about whom false information was spread.

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: E-Mail spoofing instances
 Example-2
 Another example of E-Mail Spoofing incident in India.
 A branch of the Global Trust Bank experienced a customer run-down on the bank owing to
a certain rumour spread about the bank not doing well financially.
 Under panic, many customers decided to withdraw all their money and close their accounts.
 It was revealed later that someone had sent out spoofed E-Mails to many of the bank’s
customers announcing that the bank was in a very bad shape financially and could close
operations any time.
 In the next few days, unfortunately, this information turned out to be true.
 So, can we say that this instance of E-Mail Spoofing saved many customers?

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: E-Mail spoofing instances
 Example-3
 Another shocking example of the E-Mail Spoofing involves a former executive from a well-
known company in the state of Gujarat.
 The executive faked himself to be a lady by adopting a false name.
 He then created a fake E-Mail ID.
 Using that ID, the executive contacted a businessman based in the Middle East.
 The executive posing as a woman then went into a long cybercourting relationship with the
Middle East businessman.
 During this “cyberdating,” the executive used to send many “emotional blackmailing”
messages to the businessman.
 One such message threatened the businessman that if he ended this relationship, “she”
(i.e., the executive posing as a woman) would end her life!
 What is worse, the executive gave another woman’s E-Mail ID to the businessman. This too
was a non-existent address.
RNS Reddy, Asst professor, GNITC
UNIT-V Cyber Crime Examples
 Real-life Examples: E-Mail spoofing instances
 When the Middle East businessman sent a mail at that ID, he was shocked to learn that the
executive (who presented himself as a woman) had died and that now the police was
searching him as the suspect in that death case!
 Using this trap and trick the executive exhorted from the businessman several hundred
thousands of Indian Rupees threatening that the businessman would get exposed if he did
not part with that money.
 The executive also sent E-Mails to him from different E-Mail IDs making the poor
businessman believe that they were mails from high court and police officials.
 All this was done to extract more money from the gullible businessman.
 Finally, businessman flew to India to lodge a case with the Police.
 Internet users indeed enjoy “anonymity” and can get away with many thin

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: Indian banks lose millions of rupees
 This is a real-life example showing the techniques used by cybercriminals.
 Banks across the country lost Rs. 6.57 crore (Rs.6,57,00,000) to Internet frauds in 233
incidents of cybercrime, with Tamil Nadu topping the list in last fiscal year.
 Rs.2.09 crore (Rs.2,09,00,000) has been lost by various banks in the Indian state of Tamil
Nadu in seven cases reported between April and December 2008.
 The lending institutions in Maharashtra had reported the highest number of incidents, 23
in all.
 They lost Rs.55.54 lakhs (Rs.55,54,000) to online fraudulent practices.
 This was revealed by the erstwhile Minister of State for Home told the Lok Sabha in
February 2009.

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: Indian banks lose millions of rupees
 The banks in other Indian states – Andhra Pradesh, Rajasthan and West Bengal – lost
Rs.89.93 lakhs (Rs.89,93,000), Rs.64.29 lakhs (Rs.64,29,000) and Rs.35.72 lakhs
(Rs.35,72,000), respectively, while Kerala and Delhi lost Rs.17.60 (Rs.17,60,000) and
Rs.10.90 lakhs (Rs.10,90,000), respectively, owing to cyberfrauds.
 A total of 11 cases of Internet frauds were reported from Andhra Pradesh, 8 from Delhi, 7
from Tamil Nadu, 6 from Karnataka and 5 from West Bengal during the said period.
 Surprisingly, banks in Bihar, Goa and Jharkhand did not lose a single penny to such
activities and no case was reported from any of these states.

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: Parliament attack
 Bureau of Police Research and Development (BPRD) at Hyderabad handled some of the top
cybercases.
 One such case involved analyzing and retrieving information from the laptop recovered from
terrorists, who attacked the Parliament.
 The laptop was seized from the two terrorists, who were gunned down when Parliament was
under siege on 13 December 2001.
 Police sent the seized laptop to Computer Forensics Division of BPRD after computer
experts at Delhi failed to trace much out of its contents.
 Inside the laptop there were a number of evidences that established the motives of the two
terrorists, namely
 (a) the sticker of the Ministry of Home that they had made on the laptop and pasted on
their ambassador car to gain entry into Parliament House and
 (b) the fake ID card that one of the two terrorists was carrying with a Government of
India emblem and seal.
 It was also found that the emblems (of the three lions) were care- fully scanned and the seal
was also deviously made along with residential address of Jammu and Kashmir.
 But careful forensics detection proved that it was all forged and was created using the
laptop. RNS Reddy, Asst professor, GNITC
UNIT-V Cyber Crime Examples
 Real-life Examples: Pune city police bust Nigerian racket.
 This story had appeared in Pune Mirror dated 25 October 2010.
 Name of the victim has been masked to respect the privacy of the person.
 However, all the events mentioned here are real and are presented exactly as they
happened, as mentioned in the chain of events mentioned here is as at the time of writing
this.
 The police succeeded in nabbing two suspects in this fraud case.
 This fraud happened when the police started probing into a complaint received from a
young software engineer working in Pune city.
 Arjun Changaokar, a resident in Warje area, was duped into parting with Rs.10.27 lakhs
(Rs.10,27,000) by making him believe that he was going to be offered a high profile job in a
London hotel called New Climax.

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: Pune city police bust Nigerian racket.
 In an E-Mail chat with an alleged UK-based Councillor, Arjun, the techie from Rajiv Gandhi
Infotech Park at Hinjewadi, was convinced to pack up and leave India for UK!
 The fraud got exposed when Arjun found that there was no flight to UK from Indira Gandhi
International Airport at the time he was told by the conmen!
 The efforts expended by Warje police were successful and two perpetrators, including a
bank account holder, were arrested.
 However, the real mastermind Chong-Ching, who is a foreign national, was still
absconding.
 A special squad of cyber experts has been investigating the Nigerian fraud racket run from
Meera Road.
 The three accused in the FIR (First Information Report) filed by the victim include
Shailendra Ramesh Soni, aged 24, a resident of Shivajinagar in Govandi in Mumbai, Naresh
Shubrakaran Sharma, aged 27, a resident of Queens Park in Mira-Bhayandar in Thane and
Chong-Ching, the foreign national whose complete name and address could not be traced
(as at the time of writing this).
 The fraud took place during the period 26 July–24 September 2010.
 The accused have been charged under various sections of the IPC (Indian Penal Code and
the Indian IT Act for cheating and conspiracy using Information Technology.
RNS Reddy, Asst professor, GNITC
UNIT-V Cyber Crime Examples
 Real-life Examples: Pune city police bust Nigerian racket.
 As per complaint filed by the victim Arjun Changaokar, the fraud started with the mail he
received on 26 July 2010. In that mail he was offered a job in UK-based hotel “New Climax.”
 A person calling himself Chong-Ching claimed to be authority at the hotel and offered to
victim the post of Sales Supervisor with a handsome UK salary.
 The victim responded to the E-Mail and accepted the offer. There onward, the
correspondence continued. In another E-Mail, a person called John Smith Levis introduced
himself as UK councillor.
 John claimed to have been given the responsibility by the hotel to provide Visa.
 To get the Visa and to pay for journey expenses and accommodation in the UK, John asked
the victim for various amounts of money in a number of E-Mails.
 John gave to the victim several account numbers in different branches of Axis Bank and
ICICI Bank.
 Victim Arjun deposited those amounts ranging from Rs.2 to 5 lakhs (Rs.2,00,000 to
5,00,000) on different occasions.

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: Pune city police bust Nigerian racket.
 Over a 2-month period, Arjun (the victim) deposited a total amount of Rs.10.27 lakhs
(Rs.10,27,000)!
 In the words of the victim
 “At first, I received an email offering me a high paying job in UK hotel to get a visa
and to pay for journey expenses and accommodation in UK, I was asked for various
amounts of money in multiple emails. He gave me several account numbers in
different branches of Axis Bank and ICICI Bank. I deposited amounts ranging from
Rs. 25 lakh on different occasions. Over a two-month period, I deposited a total
amount of Rs. 10,27,700.”
 The victim arranged the money from various sources.
 He shared with his parents and friends the news of his overseas job.
 According to the E-Mail, the victim received on 10 October 2010, he was supposed to catch
a flight from Indira Gandhi International Airport and a person was going to meet Arjun at
the airport with a Visa and an air ticket.

RNS Reddy, Asst professor, GNITC
UNIT-V Cyber Crime Examples
 Real-life Examples: Pune city police bust Nigerian racket.
 During the correspondence, receipts with fake stamps (as it turned out later) and signatures
of the British High Commissioner were sent to victim.
 When victim (Arjun) reached the airport, he found that there was no such person waiting for
him. That is when the victim realized that he had been cheated.
 Arjun returned to Pune and tried to contact the concerned person but the concerned person
never replied to his mails.
 Arjun then decided to approach the police.

RNS Reddy, Asst professor, GNITC

UNIT-V Cyber Crime Examples
 Real-life Examples: Pune city police bust Nigerian racket.
 Inspector (Crime Branch) Solankar said “After receiving the complaint, we started
investigating the accounts in which Arjun had deposited the requested amounts of money.
 We identified an account in the name Shailendra Soni in the Shivajinagar branch of Axis
Bank. We sent a team to Govandi and laid a trap for him.”
 After the inquiry, the Police discovered that Soni was asked by someone called “Sharma” for
permission to use his account.
 Police nabbed Sharma in Mira-Bhayandar.
 The investigation revealed that someone hailing from Nigeria asked them to commit the
crime. He offered 7% of the total amount to Sharma.
 Sharma, in turn, got Soni’s help by offering him a 5% commission.
 Sharma had met the suspected foreign national several times and they had been running
this racket for many years.
 Sharma has various cheating crimes registered to his name.
 The Police took up the investigation aimed at finding out other crimes committed by this
gang.
RNS Reddy, Asst professor, GNITC
UNIT-V Mini-Cases
 The Indian case of online gambling
 There are millions of websites, hosted on many servers, to offer online gambling
services.
 It is believed that many of these websites are actually fronts for “money laundering.”
Fraud cases of “Hawala” dealings money mis-deals over the Internet have been reported in
the past.
 It is not yet fully known if these sites have any relationship with drug trafficking.
 Recent Indian case about cyber lotto is very interesting.
 Kola Mohan was the man who invented the story of winning the Euro Lottery.
 He created a website and an E-Mail address on the Internet with the address
“[email protected].”
 Whenever accessed, the site would declare him as the recipient of the 12.5 million pound.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 The Indian case of online gambling
 A Telugu newspaper published this as news after confirmation.
 Meanwhile, Kola Mohan collected large sums of money from the public as well as from some
banks for mobilization of the deposits in foreign currency.
 He could have gone on merrily.
 The fraud, however, got exposed when a discounted cheque from Kola Mohan with the
Andhra Bank for Rs.1.73 million bounced.
 Kola Mohan had pledged with Andhra Bank the copy of a bond certificate purportedly
issued by Midland Bank, Sheffields, London stating that a term deposit of 12.5 million was
held in his name.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 An Indian case of intellectual property crime
 Bharti Cellular Ltd. made a case in the Delhi High Court with a complaint that some
cybersquatters had registered domain names such as barticellular.com and
bhartimobile.com with network solutions under different fictitious names.
 The court ordered Network Solutions not to transfer the domain names in question to any
third party and the matter was sub-judice. Similar issues were brought to various High
Courts earlier.
 Yahoo had sued a man called Akash Arora for use of the domain name “Yahooindia.Com”
deceptively similar to its “Yahoo.com.”
 As this case was governed by the Trade Marks Act 1958, the additional defense taken
against Yahoo’s legal action for the interim order was that the Trade Marks Act was
applicable only to goods.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Here provided varions illustrations of banking frauds (including credit card-related crimes),
online gambling, IPR crimes, digital media piracy, hacking, computer frauds, website
attacks, counterfeit hardware, malicious use of the Internet, social networking victims, etc.
 Banking-Related Frauds
 Credit Card-Related Frauds
 Other Illustrations

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.

Illustration No. Title Topic

1 Stolen Credit Card Information Phishing and credit card frauds (banking frauds)

2 Phishing Incidence Phishing (credit card frauds)

3 Online Credit Card Theft Ring Credit card frauds

4 Understanding Credit Card Fraud Scenarios Credit card frauds

5 ShadowCrew – the Internet Mafia Gang Credit card frauds

6 Dirty Relations – Goods Delivery Fraud Frauds from online purchasing

7 Fake Mails Promising Tax Refunds: Beware Internet banking

8 Phone Scam Targets Your Bank Account DoS (denial-of-service) attack

9 Cookies and Beacons – The Facebook Controversy Cookies and Beacons

10 Privacy Loss through Leakage of Users’ Facebook Profiles Personal privacy loss leading to cybercrimes
11 Debit Card Frauds – Global Wave in Real Life Financial frauds with debit card

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Banking-Related Frauds
 Illustration 1: Stolen Credit Card Information
 Illustration 2: Phishing Incidence

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Banking-Related Frauds
 Illustration 1: Stolen Credit Card Information
 cybercriminals operate beyond geographic boundaries.
 Stolen credit card information is savored by cybercriminals.
 “Phishing” and ATM skimming devices), to viruses using which buyers could extract money
by threatening company websites.
 This top cybercrime site in the world offered online tutorials in illicit topics such as account
takeovers, credit card deception and money laundering.
 There were equipments such as false ATM, pin machines as well as everything needed to set
up a credit card factory.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Banking-Related Frauds
 Illustration 2: Phishing Incidence
 According to the news posted on 14 April 2010, it could well be termed India’s first legal
adjudication of a dispute raised by a victim of a cybercrime.
 The judgment for the first case was filed under the IT Act. In this judgment, Tamil Nadu’s IT
Secretary ordered ICICI Bank to pay Rs.12.85 lakhs (Rs.12,85,000) to an Abu Dhabi-based
NRI within 60 days – in compensation for the loss suffered by him as a result of a Phishing
fraud.
 Phishing is an Internet fraud through which cybercriminals illegally obtain sensitive
information such as usernames, passwords and credit card details by masquerading as a
trustworthy entity.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Banking-Related Frauds
 Illustration 2: Phishing Incidence
 In this case, the reimbursement, that is the compensation, included the loss suffered by the
supplicant, the travel expenses and the financial loss incurred due to “complete lack of
involvement of the respondent bank – as per order from Tamil Nadu’s IT Secretary.
 The order came based on an appeal (i.e., petition) that was filed by Umashankar
Sivasubramaniam.
 As per Umashankar’s claim, he received an E-Mail in September 2007 from ICICI, asking
him to reply with his Internet banking username and password or else his account
would become non-existent.
 He replied and later he found Rs.6.46 lakhs (Rs.6,46,000) moved from his account to the
account of another company.
 That company did a withdrawal of Rs.4.6 lakhs (Rs.4,60,000) from an ICICI branch in
Mumbai and retained the balance in its account.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Banking-Related Frauds
 Illustration 2: Phishing Incidence
 An application was prepared as arbitration for proceedings under the IT Act.
 The application was presented to the state IT Secretary on 26 June 2008.
 In that application, Umashankar held the bank responsible for the loss that he suffered.
ICICI Bank, however, claimed that the applicant (Umashankar) had failed to protect his
confidential information.
 According to ICICI Bank, Umashankar carelessly disclosed his confidential
information such as password. According to the bank, he became the victim of a
Phishing attack because of this carelessness.
 Bank spokesperson said that customers are fully apprised on security aspects of Internet
banking through various means.
 ICICI Bank officials empathetically said that bank’s security systems are continuously
audited and neither the security nor bank’s processes have been breached.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Banking-Related Frauds
 Illustration 2: Phishing Incidence
 The bank decided to appeal the order.
 The bank spokesperson said that ICICI Bank endeavors to offer world-class service to its
customers.
 They further said that they have hundreds types of transactions, which can be completed
online without having to walk into a branch.
 Further, they added that the bank strives for convenience and safety of their customers and
uninterrupted availability of services through self-service channels.
 The bank claims that they also continuously upgrade their systems and technology to
ensure that customers get the best experience and a safe environment while transacting
online.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Banking-Related Frauds
 Illustration 2: Phishing Incidence
 Vijayashankarm a techno-legal consultant appeared for the petitioner.
 According to him, while the order may lead to tightening of cyberlaws in the country, the
judgment reflects the lack of accountability of using Internet banking.
 He further opined that, although Phishing fraud is very common, banks are not accepting the
liabilities.
 In his view, such a ruling will set a good precedent.
 In India, although there are 300-odd cases of Phishing attacks recorded or contended, most
cases do not get pursued under proper legal framework.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Banking-Related Frauds
 Illustration 2: Phishing Incidence
 Some such cases were filed at consumer courts. Figure 11.4 conceptually depicts the fate of
cybercrimes.


RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 3: Online Credit Card Theft Ring
 Illustration 4: Understanding Credit Card Fraud Scenarios
 Illustration 5: ShadowCrew – The Internet Mafia Gang
 Illustration 6: Dirty Relations – Goods Delivery Fraud

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 3: Online Credit Card Theft Ring
 This case took place in June 2009 and involved 36-year-old Max Ray Butler (also known as
Max Ray Vision) resident of San Francisco, California.
 Max pleaded guilty in Federal Court in Pittsburgh to wire fraud charges to two counts before
Senior US District Judge.
 In connection with the guilty plea, the attorney mentioned in the court that Butler, known
widely on the Internet as “Iceman,” among other aliases, conducted computer hacking and
identity theft on the Internet on a massive scale.
 As part of the conspiracy, Butler cracked into financial institutions, credit card processing
centers as well as other secure computers with the illicit purpose of acquiring credit card
account information and other personal identification information.
 Several of these cards were made available to Christopher Aragon – he was a partner in
crime and was based in the Los Angeles area.
 Christopher used these cards with the help of a team of associates to buy up commodities
for sale. Max sold the remaining card numbers out-and-out over the Internet.
RNS Reddy, Asst professor, GNITC
UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 3: Online Credit Card Theft Ring
 Max and Christopher formed a website known as “CardersMarket.”
 They devoted this crafty site for the acquisition, utilization and sale of credit card account
information.
 This illicit process is known as “carding.”
 A main intention of the site was to employ brilliant individuals to assist in carding activity.
 During the best of times (from criminals’ view point), CardersMarket had approximately
4,500 worldwide members!
 Refer to Figure 11.5 to understand the entities involved in credit card transactions.
 Max was arrested on a criminal complaint on 5 September 2007 in San Francisco.
 A search of the com- puter systems in Max’s apartment revealed more than 1.8 million
stolen credit card account numbers.
 When these card account numbers were provided to Visa, MasterCard, American Express
and Discover, it was revealed that the amount of fraudulent charges on the cards in Max’s
possession totaled approximately $86.4 million. RNS Reddy, Asst professor, GNITC
UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 3: Online Credit Card Theft Ring

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 3: Online Credit Card Theft Ring
 These losses had to be borne by the thousands of banks that issued the cards.
 On 20 October 2009, punishment was handed: 30 years in prison, a fine of $1,000,000 or
both – and that is what the law could provide as a maximum sentence.
 As per Federal Sentencing Guidelines, the actual sentence imposed was based on the
gravity of the offense and the previous criminal history, if any, of the accused.
 Many agencies were involved in inquiry of Max’s illegal activities –
 Computer Crime and Intellectual Property Section (CCIPS) of the Department of Justice;
 the Federal Bureau of Investigation;
 the Vancouver Police Department, Vancouver, Canada;
 the Newport Beach Police Department, Newport Beach, California;
 and the Orange County Sheriff’s Department, Orange County, California;
 and the US Attorney’s Office for the Northern District of California.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 4: Understanding Credit Card Fraud Scenarios

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 4: Understanding Credit Card Fraud Scenarios

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 4: Understanding Credit Card Fraud Scenarios

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 4: Understanding Credit Card Fraud Scenarios
 Figure 11.6 presents a schema for categorizing credit card frauds.
 Figure 11.5 shows main entities involved in the normal credit card transactions.
 A “fraud” can be defined as willful deceit or trickery or a deceptive or spurious act.
 In an era of advanced technology, it should be easy to catch criminals and fraudsters.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 4: Understanding Credit Card Fraud Scenarios
 There are more than 50 different types of cards available in the market – we have considered
only the major ones.
 Visa and MasterCard are made up of member organizations who can be either acquirers or
issuers (or both).
 “Acquirers” are the members of the Visa or MasterCard organizations that handle
“Merchants.”
 “Issuers” are the members of the Visa or MasterCard organizations that issue the cards to
cardholders.
 “Merchants” are those entities who “accept” card transactions.
 “Service Providers” are the entities that pro- vide services related to the processing, storing
or transportation of card information on behalf of any of the entities mentioned (Issuers,
Acquirers, Merchants).
 With that preamble, a few scenarios relating to credit card frauds are now explained.
RNS Reddy, Asst professor, GNITC
UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 4: Understanding Credit Card Fraud Scenarios
 Credit Card Application Fraud
 Frauds Involving Lost and Stolen Credit Cards
 The Fraud through Merchant Collusion
 Frauds at the ATMs: Thieves fix a device to the cash dispensing slot of the ATM – this action
causes currency notes to get stuck inside the slot.
 Carding Frauds
 Credit Card Skimming: Security code has various terminologies attached with it:
 Card Security Code (CSC),
 Card Verification Data (CVD),
 Card Verification Value (CVV or CV2),
 Card Verification Value Code (CVVC),
 Card Verification Code (CVC),
 Verification Code (V-Code or V Code), or Card Code Verification (CCV).
 The CVV is an algorithm (software program logic) that is very difficult to break.
RNS Reddy, Asst professor, GNITC
UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 4: Understanding Credit Card Fraud Scenarios
 Credit Card Application Fraud

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 4: Understanding Credit Card Fraud Scenarios
 Credit Card Skimming

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 4: Understanding Credit Card Fraud Scenarios
 Credit Card Skimming

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 4: Understanding Credit Card Fraud Scenarios
 Credit Card Skimming

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 5: ShadowCrew – The Internet Mafia Gang
 “ShadowCrew” was an international crime message board.
 The board offered a haven for “carders” and hackers to trade, buy and sell anything from
stolen personal information to hacked credit card numbers and false identification.
 As we know, a bank card number is the primary account number found on credit cards and
bank cards.
 It has a peculiar type of internal structure and it also shares a common numbering scheme.
 Credit card numbers are a special case of ISO/IEC 7812 bank card numbers.
 As mentioned in Illustration 3 (Online Credit Card Theft Ring), “CardersMarket” is devoted
to the acquisition, use and sale of credit card account information, a process known as
“carding.”

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 5: ShadowCrew – The Internet Mafia Gang
 The Shadowcrew criminal organization was a global organization of thousands of members
dedicated to promoting and facilitating the "electronic theft of personal identifying
information, credit card and debit card fraud, and the production and sale of false
identification documents.
 The organization operated and maintained the Internet website www.shadowcrew.com from
August 2002 until October 2004, when it was taken down by the U.S. Secret Service (USSS)
as the result of a year-long undercover investigation known as "Operation Firewall.
 Shadowcrew was operated as a members-only communications medium to facilitate the
commission of their criminal activities.
 Shadowcrew members gained access to the website by typing in their chosen online screen
name and password at the login screen for the web site.
 Individuals often were known by, and conducted their criminal business under, more than
one online name
RNS Reddy, Asst professor, GNITC
UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 5: ShadowCrew – The Internet Mafia Gang
 Once they had logged into the website, Shadowcrew members were able to anonymously
conduct their criminal activity through their chosen nicknames by posting messages to
various forums within the website and sending and receiving secure private messages to
each other via the website.
 The messages posted to various forums, among other things, "provided guidance to
Shadowcrew members on... producing, selling and using stolen credit card and debit card
information and false identification documents.,
 The sole purpose of the Shadowcrew website was "to promote and facilitate the commission
of criminal activity. '

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 5: ShadowCrew – The Internet Mafia Gang
 The Shadowcrew criminal organization oversaw the activities of its membership through a
hierarchical framework that included the following roles:
 a small group of "administrators" who served as a governing council of the criminal
organization;
 "moderators" who oversaw and administered one or more subject-matter-specific forums on
the website that was either within an area of their expertise or dealt with their geographic
location;
 "reviewers" who examined and/or tested products and services that members of the criminal
organizations desired to advertise and sell;
 "vendors" who advertised and sold products and services to members of the criminal
organizations via the website after the product or service had obtained a position written
review from a reviewer; and
 "general members" who used the web sites to gather and provide information about
perpetrating criminal activity and facilitate their purchases of credit card numbers, false
identification documents and other contraband RNS Reddy, Asst professor, GNITC
UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 5: ShadowCrew – The Internet Mafia Gang

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Credit Card-Related Frauds
 Illustration 6: Dirty Relations – Goods Delivery Fraud
 Internet seems to be breeding ground for many cybercriminals who take advantage of mail
Spoofing, ID theft and many other techniques to achieve their fraud objectives.
 Online purchasing is possible by sending electronic mails using the Internet and there are
ample opportunities for fraudulent people to play mischief by hiding their real identity
through fake E-Mails.
 This illustration shows how this happened in a real-life scenario. Interestingly, it also shows
the humanitarian approach of the legal system in passing the judgment and giving due
consideration in a given context of the crime.

RNS Reddy, Asst professor, GNITC

UNIT-V Mini-Cases
 Illustrations of financial frauds in cyber domain.
 Other Illustrations
 Illustration 7: Fake Mails Promising Tax Refunds – Beware
 Illustration 8: Phone Scam Targets Your Bank Account
 Illustration 9: Cookies and Beacons – The Facebook Controversy
 Illustration 10: Privacy Loss through Leakage of Users’ Facebook Profiles
 Illustration 11: Debit Card Frauds

RNS Reddy, Asst professor, GNITC