Network News

X My Profile
View More Activity

Web Fraud 2.0: Faking Your Internet Address

One of the casualties from the unplugging of McColo Corp. is fraudcrew.com, a Web service that offered paying customers the ability to hide their identities online by routing their traffic through computers controlled by others.

Fraudcrew, which has not been charged with any crime, offered subscribers a point-and-click way to mask the source of their Internet connections, so that Web sites could not tell the true location of visitors using the service. The site was advertised heavily on Russian online forums catering to computer hacking and identity theft.

There are a number of services like those offered by Fraudcrew (Security Fix profiled another one earlier this year) that not only aid in hiding one's identity online, but could also defeat security measures put in place by financial institutions. Many online banks will check to see whether the customer's Internet address is coming from a location already associated with the customer's user name and password, or at least from a geographic location that is close to where the customer lives.

These masking services provide a software program that allows the user to pick from a drop down list of Internet addresses to proxy through. For example, if a user in Ukraine, has stolen the user name and password that Joe from St. Louis uses to access his bank online, that user can simply select a node in the proxy list that's in St. Louis, and the bank site will be none the wiser that the person logging in is not actually in St. Louis.

fraudcrew.jpg

(I took this screen shot about a month ago, as I was visiting some of the more interesting properties hosted by McColo.)

While people have long used Web proxies to mask their real online location, these services allow the user to be much more specific, said Dave Marcus, director of security research and communications McAfee AVERT Labs.

"Probably the day after the Internet came around is when people started looking at ways to scrub their real Internet address," Marcus said. "Although this type of technology isn't new, it's the first time I've seen it used like this for obviously criminal reasons."

Fraudcrew's homepage boasted that potential customers should not be put off by previous experiences with other proxy services, and that their solution is unique. From their commercial pitch:

We are glad to present to you our new project whch was developing since 2005. It not the another clone of any proxy service, where the first half of proxies are low-speed dial-up users and the other half doesn't work at all. You will not deal with such a proplem with the Fraud Crew - Proxy Service. We offer only high speed proxies, easy-to-use service, and complete and high class anonymity.

Our software doesn't use any known public source codes, it is completely unique. Our team members are not some unknown people, we are well experienced people and we know what we do.

Fraudcrew's operations came to a screeching halt on Tuesday, after its hosting provider -- McColo -- was taken offline following the publication of allegations by the security community that McColo was serving as a gateway to organizations engaged in spam activity. (McColo has not been charged with any crime, and has not responded to requests for comment.) But Fraudcrew's owners appeared to have a sizable customer base, so it is likely this service will resurface at another hosting provider at some point.

By Brian Krebs  |  November 20, 2008; 2:03 PM ET
Categories:  Cyber Justice , Fraud , From the Bunker , Web Fraud 2.0  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: So Much Spam From One Place?
Next: Peculiar Patch Pits iPhone Security vs. Safari

Comments

Damn good job shutting down McColo! You've provided the IT Security Community with a great example of courage and initiative, both of which are solely lacking. If ISPs would put egress filters in place to filter out known bad traffic, a lot of bad things would go away. But management is usually either clueless or greedy. Incompetence is at least understandable, but allowing known malicious entities to sign up for services to boost subscription numbers and what not is plain wrong. Knowing which customers systems are compromised and not notifying them is wrong. But this is the world we find ourselves in.

Sincerely,

J. Moore

Posted by: jbmoore61 | November 23, 2008 6:40 PM | Report abuse

Hi Brian,

I am interested in your security fixes and especially in Mc Corp affair.
I have made a french translation of your related post. Please have a look here :
http://toplien.blogspot.com/2008/11/securite-mccolo-vs-brian-kerbs-episode.html.
I would appreciate your comments.

Regards
RG

Posted by: infogere | November 25, 2008 9:14 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company