Web Fraud 2.0: Faking Your Internet Address
One of the casualties from the unplugging of McColo Corp. is fraudcrew.com, a Web service that offered paying customers the ability to hide their identities online by routing their traffic through computers controlled by others.
Fraudcrew, which has not been charged with any crime, offered subscribers a point-and-click way to mask the source of their Internet connections, so that Web sites could not tell the true location of visitors using the service. The site was advertised heavily on Russian online forums catering to computer hacking and identity theft.
There are a number of services like those offered by Fraudcrew (Security Fix profiled another one earlier this year) that not only aid in hiding one's identity online, but could also defeat security measures put in place by financial institutions. Many online banks will check to see whether the customer's Internet address is coming from a location already associated with the customer's user name and password, or at least from a geographic location that is close to where the customer lives.
These masking services provide a software program that allows the user to pick from a drop down list of Internet addresses to proxy through. For example, if a user in Ukraine, has stolen the user name and password that Joe from St. Louis uses to access his bank online, that user can simply select a node in the proxy list that's in St. Louis, and the bank site will be none the wiser that the person logging in is not actually in St. Louis.
(I took this screen shot about a month ago, as I was visiting some of the more interesting properties hosted by McColo.)
While people have long used Web proxies to mask their real online location, these services allow the user to be much more specific, said Dave Marcus, director of security research and communications McAfee AVERT Labs.
"Probably the day after the Internet came around is when people started looking at ways to scrub their real Internet address," Marcus said. "Although this type of technology isn't new, it's the first time I've seen it used like this for obviously criminal reasons."
Fraudcrew's homepage boasted that potential customers should not be put off by previous experiences with other proxy services, and that their solution is unique. From their commercial pitch:
We are glad to present to you our new project whch was developing since 2005. It not the another clone of any proxy service, where the first half of proxies are low-speed dial-up users and the other half doesn't work at all. You will not deal with such a proplem with the Fraud Crew - Proxy Service. We offer only high speed proxies, easy-to-use service, and complete and high class anonymity.
Our software doesn't use any known public source codes, it is completely unique. Our team members are not some unknown people, we are well experienced people and we know what we do.
Fraudcrew's operations came to a screeching halt on Tuesday, after its hosting provider -- McColo -- was taken offline following the publication of allegations by the security community that McColo was serving as a gateway to organizations engaged in spam activity. (McColo has not been charged with any crime, and has not responded to requests for comment.) But Fraudcrew's owners appeared to have a sizable customer base, so it is likely this service will resurface at another hosting provider at some point.
November 20, 2008; 2:03 PM ET
Categories: Cyber Justice , Fraud , From the Bunker , Web Fraud 2.0
Save & Share: Previous: So Much Spam From One Place?
Next: Peculiar Patch Pits iPhone Security vs. Safari
Posted by: jbmoore61 | November 23, 2008 6:40 PM | Report abuse
Posted by: infogere | November 25, 2008 9:14 AM | Report abuse
The comments to this entry are closed.