[SLL] EBay goes far to fight fraud -- all the way to Romania

[Jerry Horvath]

"Why here? "The respect for math is inside every family, even simple
families, who are very proud to say their children are good at mathematics,"
said Radu Gologan, a senior research scientist at the Institute of
Mathematics in downtown Bucharest." - Los Angeles Times, December 26, 2007

As one who acquired formal academic credentials in mathematics and whose
early career was applied mathematics; I am appalled regarding the
contemporary US perception of the subject.  This is a negative perception.
 It has been my shocking experience to find a negative view of mathematics
and lack mathematical ability among students of computer technology!
How can anyone expect to comprehend a circuit, data structure,
communications, or provable code without mathematics? Yet, I find much of
the math lacking among the biomass of computer experts.

How did this Eastern European and Russian computer capabilities relate to my
personal experience?   I was retained to secure some business network
environments.  The networks had powerful hardware that was running it some
odd ways.  The odd behavior was assumed to be the result of simple network
penetrations.   I was amazed regarding the sophistication and source of the
network penetrations.  To this day, I'm sorry I did not retain the physical
disk drives that were part of these environments.  Having had this
experience, I opened a few of my systems to function as honey pots.

The results of my honey pot experience were amazing.  The penetrations were
almost instantaneous and very sophisticated.  I wrote a small article
describing some of the results.  I described the type and source of the
penetrations.  I stated that the penetrations "were not to work of local
script kiddies.  The people doing the penetrations are on the other side of
the globe and absolutely brilliant."  Perhaps, they appreciated mathematical
proficiency.

Jerry Horvath

The complete Los Angeles Times article follows:
Source:
http://www.latimes.com/news/la-fi-ebay26dec26,1,7056925.story?track=rss

*INTERNET
*
*EBay goes far to fight fraud -- all the way to Romania*


*The country is the top source of organized scams on the auction site. The
company has sent over equipment and a team to help the authorities there.

By Ian Wylie, Special to The Times
December 26, 2007*

RAMNICU VALCEA, ROMANIA -- This small industrial center in the foothills of
the Carpathian Mountains is not Albena Spasova's favorite destination.
Driving the twisting highway makes her ill. Once she arrives, danger lurks.

U.S. Secret Service agents escort her, for her safety. Over the last two
years, they have kept watch on dozens of trips, some lasting weeks, others
months, as she has spent long days foraging through case files with local
police and long nights holed up in one of the town's few hotels, with her
windows locked.

"You don't know who to trust there. You can't use the hotel phone line. When
you step outside, you can spot the local hackers in their cars, circling
around," said Spasova, 33. "The Secret Service agents always book my
accommodation and make sure I'm in a room next to them."

Ramnicu Valcea is an improbable capital of anything, but this obscure town
is a global center of Internet and credit card fraud. And Spasova is an
accomplished online fraud buster, helping to take down cyber-crime gangs
across Romania. She isn't an FBI agent, though, nor a Romanian police
officer.

Spasova works for EBay Inc.

No one, it turns out, does Internet auction fraud like the Romanians.
Bulgarians specialize in intellectual property theft; Ukraine is a leader in
online credit card crime; the Russians have a profitable niche in Internet
dating fraud.

But when it comes to online auctions, particularly for big-ticket items such
as cars that can yield $5,000 a scam, Romanians own the game. Romanian
police estimate that cyber-crime is now a multimillion-dollar national
industry, as important to organized criminals here as drug smuggling or
human trafficking.

The Internet Crime Complaint Center, a partnership between the FBI and the
National White Collar Crime Center, ranks Romania fifth in its table of
naughty nations. But most experts agree that doesn't give Romanian criminals
their due. Much of the cash being made on auction fraud reported as
originating in the U.S., Canada, Britain, Spain or Italy is actually being
picked up in those countries by Romanian money mules. An EBay fraud ring
busted last year in Chicago, for example, has been traced to Pitesti,
Romania.

EBay, which doesn't even operate a site in Romania, won't talk dollar
figures but acknowledges that the country is the No. 1 source of
"professional fraud." On a November 2006 visit to the Romanian capital,
Bucharest, FBI Director Robert Mueller said the vast majority of Internet
fraud committed on "one prominent U.S. online auction website is connected
to Romania or Romanians."

That poses a problem for EBay. The San Jose-based auction giant has built
its popularity and staked its reputation on self-policing feedback. Its
system depends on buyers and sellers trusting one another -- to send money
and to deliver the goods. Yet EBay users are the daily targets of phishing
scams, spoof e-mails and fake listing attacks. Such schemes don't cost EBay
any money. But some of its customers pay dearly. And they expect EBay to do
something about it.

"The fraudsters need to know we're coming after them," said Rob Chesnut,
Spasova's boss and a former federal prosecutor who set up EBay's Trust and
Safety division. "EBay doesn't have a product. We are in the trust business:
making people feel comfortable doing business with someone they don't know,"
he said. "If the bad guys have no fear of prosecution, they will continue to
try to defraud users. So there has to be a cost to trying."

*Computer experts*

Romania is a grim place in more ways than one. Former pro-Nazi regime, then
Soviet outpost, then weird Communist dictatorship and now developing nation:
Per-capita income here is just one-third the European Union average. Fearing
a flood of cheap labor, most European countries have barred or restricted
Romanians from job hunting in their countries.

The country is dotted with shuttered factories, such as the Aerofina plant
on the outskirts of Bucharest, opposite a potholed parking lot. This plant
once built missile launchers and ejector seats for the Romanian air force's
MiG-15s.

These days, though, there's something different going on here. Spread across
the factory's dimly lighted third floor, 30 young Softwin computer
programmers tap softly at their keyboards, tuning up the antivirus engines
that power BitDefender, a software package starting at $25 that detects new
computer viruses and releases programs to fight them.

In the last two years, BitDefender has been named a "Best Buy" by PC World
magazine and garnered other kudos from Consumer Reports and the website
TopTenReviews. IBM was impressed enough that it recently inked a deal to
integrate BitDefender's anti-spyware and anti-virus smarts into its own
virus prevention system.

Surprisingly, Romania has more than its fair share of homegrown computer
security talent. Besides Softwin, the Bucharest firm GeCAD provided the
technology for Microsoft's Windows Live OneCare anti-virus engine. Another
half a dozen independent anti-virus companies, among them AxelSoft, Avira
and Provision, are active in the capital; 11 more have been bought by
foreign firms in the last four years.

Why here? "The respect for math is inside every family, even simple
families, who are very proud to say their children are good at mathematics,"
said Radu Gologan, a senior research scientist at the Institute of
Mathematics in downtown Bucharest.

And the country has years of experience with computers. In the 1980s,
Romania was considered a Soviet satellite state, but dictator Nicolae
Ceausescu hated bowing to the Russians. He refused to buy computers from
Moscow, demanding that Romania build its own. While the Bulgarians built
personal computers, Romania specialized in minicomputers such as the Felix
C, based on Honeywell Bull's C11.

Florin Talpes, now a local entrepreneur, learned the art of reverse
engineering at the Institute for Technology, Computing and Informatics.

"We would get hold of a minicomputer . . . and take it apart,
reverse-engineering the operating system, the networking software, the
hardware," Talpes said. "We developed a deep understanding, to the level of
bits, of computing architecture, processing and software applications. We
did it so that we could design a better operating system, better software,
better hardware."

Forced to learn every bit of American silicon, every line of code, a
generation of Romanians developed an aptitude for delving into the innards
of machine code, using reverse engineering to deconstruct, anticipate and
destroy viruses.

But if you're good at fixing the problems, you're also good at creating
them. If you can stop viruses or Internet fraud, you're also in a position
to make them happen.

*'Second chance' scams*

A classic Romanian scam is the "second chance auction." The mark: an EBay
user who has narrowly lost an auction. The scammers can see that the user
was prepared to spend, say, $145 on a particular item. They will then try to
guess the user's e-mail address so that they can make contact off the EBay
platform to offer a second chance to buy the item. Users commonly have the
same e-mail address as their EBay user name, so the scammers may send out 50
e-mail messages using an EBay user name and the most common domain names
such as Gmail, Hotmail and Yahoo.

The Romanian scammers then cook up elaborate stories to persuade their
victims to send money via unrecoverable methods such as Western Union --
even instructing people not to tell Western Union the payment is for an EBay
transaction, claiming Western Union will charge them an EBay surcharge of
10% (it doesn't), and instead to say they're sending money to their Romanian
cousin.

FBI Special Agent Gary Dickson, who works out of the U.S. Embassy in
Bucharast helping EBay and other Internet companies chase down online
auction and credit card fraudsters, says Romanian criminals are getting
smarter.

"These gangs are very professional and take pains to avoid being detected,"
Dickson said. "They are highly organized and compartmentalized and use lots
of middlemen. Everyone has a different job to do, and they communicate in
different ways to avoid being intercepted. The whole operation is run just
like a business."

A typical gang might have a "copy and paste" department, responsible purely
for e-mailing pre-written scripts in reply to questions from EBay bidders.
Some workers might create or buy phishing or escrow websites; another
acquires fraudulent credit card details; others get fake IDs for couriers.
The gang might hire a dozen students via online job boards, renting them an
apartment where they do nothing but copy and paste e-mails. After maybe
three months, this "factory" will disband as the gang moves elsewhere.

It's old-style fraud using high-tech tools. Romanian scammers are fond of
using prepaid wireless modems that make it easier for them to avoid being
traced. Some gangs also set up their own Internet service providers to
escape or delay detection.

*EBay's crime fighters
*
Spasova -- backed up by an EBay developer, analyst and data administrator --
began hunting down Romanian fraudsters for the online auctioneer in 2005.
The first time she traveled to Ramnicu Valcea, she found just two law
enforcement officers trying to clear a backlog of more than 200 EBay cases,
armed with one 9-year-old computer and no Internet connection. To go online,
the police had to use the same Internet cafes frequented by the fraudsters.

"There are a lot of scammers in Romania who believe they are untouchable,
immune," EBay's Chesnut says. "They're sitting in their apartments in
Ramnicu Valcea feeling like, 'There's no way EBay is going to get me.' "

But Spasova knew the situation wasn't hopeless -- if local authorities could
get more training and technical help.

Spasova, Bulgarian by birth, was educated at a Bucharest university and
worked for the American Bar Assn. after the fall of communism in the region,
promoting law reform in Moldova and Bulgaria. By the end of the 1990s, she
was helping the association train law enforcement officers, judges and
prosecutors to counter money laundering and the emerging threat of
cyber-crime.

"Even in 2001, I was meeting judges who thought cyber-crime was someone
stealing a computer," she says.

To give the Romanian police a fighting chance, EBay has donated computers,
digital cameras and Internet connections. In her first 12 months on the job,
Spasova established relationships with law enforcement officers in 24 of
Romania's 42 districts and with local ISPs.

After she had won their confidence, Spasova and her small team began working
cases with local police, matching evidence with data from EBay's Fraud
Investigation Team database, such as the Internet protocol addresses, which
are unique to each computer, used when a fraudulent auction was posted --
the sort of information that could help police pinpoint the scammers'
location and begin surveillance. Through Spasova, the U.S. Secret Service
also pitched in, donating forensic software and providing intelligence on
fraud networks from its field agents.

But moving cases from the investigative to the judicial stage is another
challenge. Spasova has been educating Romanian prosecutors too, explaining
the nuances of phishing and other ways in which EBay accounts are
compromised "so that when a prosecutor goes to a judge, he can use layman's
language rather than terms the judge will not be familiar with."

In the last two years, Spasova and her colleagues have trained hundreds of
prosecutors and a magistrate from each province on dealing with cyber-crime.

Virgil Spiridon, chief of the Romania national police's 4-year-old
cyber-crime unit, rattles off some of the headway his team of 10
investigators has been making.

"Last year, 115 people were arrested and 831 crimes identified by police,"
Spiridon reads from his notebook. "We pressed charges against 61 people,
identified 65 organized groups and 28 cases have been sent to the courts."
He pauses and looks up.

"But we are running to keep up."

Most of the arrests to date have been of low-level couriers and money mules
-- the bagmen, not the brains at the top, the FBI's Dickson said. Likewise,
Spasova acknowledges the mammoth task that still lies ahead of the
chronically understaffed and underfunded Romanian police.

"In Ramnicu Valcea, police raided a local Internet cafe and arrested kids
doing fraud," she says. "But two hours later, they returned and found others
had taken their place."

There are cultural and structural obstacles too. Under Romanian law, for
example, victims of Internet fraud must send police a signed complaint and
be represented at the hearing, which makes pressing a case on behalf of an
American EBay customer nearly impossible.

"The judicial process can take forever," Spasova says. "Because the victims
aren't present, there is no sense of immediacy. It's hard to know who to
trust when the mothers and fathers of fraudsters know the mother and father
of the judge or local politicians."

Romania has taught EBay a lesson: the importance of "addressing a problem
region before we have a problem," said Matt Henley, senior manager of EBay's
Technical Investigations and Analysis Group, who has spent time with Spasova
in Romania. Henley says EBay is now alert to threats from "regions we
weren't paying attention to" and, thanks to Romania, has a ready-to-deploy
government-relations-in-a-box program it can take anywhere in the world.

Spasova has a new assignment from EBay: persuading Interpol, Europol and law
enforcement agencies across Europe to communicate directly with one another
and EBay on cyber-crime issues. But her jaunts to Ramnicu Valcea will
continue.

"Even though these frauds are not happening on our platform, we're not
showing a loss, and there are no victims in court . . . we're sending out a
message that someone is taking care of this," she says.