A glimpse inside the FBI.
I had an enlightening conversation today with an FBI agent as a result of the Internet fraud complaint I recently submitted through the San Francisco field office. Unfortunately some of the things the agent had to say weren’t exactly what I wanted to hear. Be that as it may I have no reason to believe they weren’t truthful either.
It’s been a couple of weeks now since my original report of a phishing scam masquerading as ebay. What I was told is that a case could not be opened unless the complaint was first filed through the FBI Internet Fraud Complaint Center. The trail may now very well be cold, or it may not. No one will ever know unless I file the complaint through proper channels.
As futile as it may sound, the one thing the agent assured me of is the IFCC is not a black hole into which anything deposited vanishes without a trace. To the contrary, I was told that the IFCC has proven to be one of the most successful reporting mechanisms ever created by the FBI. The one thing they cannot provide us through this mechanism, however, is closure. While fraud complaints to the IFCC may result in arrests, they never result in thank you’s to individuals who filed the complaints. Wouldn’t it be nice to get a reply from the FBI that said “Hey! Because of your tip and others just like yours we got’m! Thank you!” It just seems to me that a system that could flag specific complaints that helped result in arrests for an automated reply once the arrests were made would not be all that difficult to implement and would turn the IFCC from a big success into a blockbuster! Their biggest problem would be with growth. Wouldn’t that be a nice problem?
Another difficulty faced by law enforcement in tracing the true origin of the scams is the trail often leads them across international boundaries even though the scams are usually orchestrated from within our own boarders. Finding the true source requires a great deal cooperation from other countries in order to follow the trail all the way back. I asked the agent “How much cooperation do you actually get from other countries when investigating online fraud?” The reply was “Depends on the country.” The agent could not comment when I asked which countries gave us the best and worst cooperation but said I could probably guess which ones they are myself. Well of course I can guess. They’re the ones most popular with the scammers. Places like Taiwan, Korea and China have become havens for online scams.
Here’s basically how it works. Corporations and governments leave their computer systems vulnerable to compromise by not keeping them up to date with security patches, firewalls and such. Hackers scour the web for vulnerable systems and compile them into lists for resale. Scammers open web hosting accounts in unfriendly countries and put up their phoney web sites. To send their spam they compromise a vulnerable system from that list they bought and hijack their mail server, also probably in uncooperative nations. People get fooled into visiting the web site and depositing their personal information there. The ID thief simply logs on and retrieves the information for misuse or worse, resale. The saddest part is only the most inexperienced scammers use resources from friendlier countries to carry out their plans, meaning it’s mostly small time operators that law enforcement catch. The bigger, smarter, more well established operations that remain are likely to be with us for quite some time to come.
If countries such as these do not start cooperating with others in helping to stamp out the problem, ISPs should start blocking all Internet traffic from those countries at their national boarders. Australia has already demonstrated that it can be done (for different reasons but that’s beside the point). I truly believe temporary blackouts from harboring nations would be sufficient warning to them that we mean business. If they want to be part of the online phenomenon and reap the rewards it has to offer, play fair or don’t play at all. Do I think it will happen? Probably not. Consider how long it took SBC just to shut down access to one computer on our own soil that had been compromised in order to conceal the scammers’ true location. Full cooperation from our own ISP’s is probably the last thing we should expect. A sad commentary indeed.
What does this all mean for the rest of us? Simple. Ultimately the responsibility is ours to be on guard from others who would take undue advantage of us. If enough people had enough education to recognize threats as they came along and respond to them correctly there would be no reward for scammers. If there was no reward in conducting a scam there would be no scams. This may seem like the tail wagging the dog but truly I say, the bigger the tail the easier it is to wag the dog. We must all become foot soldiers in the war on Internet fraud, share everything we know with others no matter how small, urge them to join in too.
Support projects that educate. Knowledge is power. Power leads to victory.