This won't solve the problem but it might make you feel better.
Posted on 11/19/2004 6:57:12 PM PST by misterrob
Okay folks, need some thoughts on cyber crime. My struggling start-up company was the victim of some soul-less person who decided to use a stolen credit card and then download copyrighted information from our server. They have since contacted us with some extortion demands which we won't pay, based both on principle and poverty. Come up with $40K or they distribute the two reports out to the world. They sent it to 10 people tonight and copied the addressed to us.
I've already filled out an on-line complaint with the FBI and I'm sure holding my breath waiting for them to do anything about it. Anyone else have any thoughts that they could share besides bend over and take it?
If you are a computer software engineer, USE BLACK MEDICINE.
Set up a spy-bot system to find out who's buying or who has bought your reports.
Everybody else is doing it.
Screw them before they screw you.
You can easily find the addresses of where your product went to.
Stop thinking like a white man...
THINK LIKE A WOMAN. GET REVENGE.
I have no idea what you just said ? Black medicine?
Black Medicine is a self-defense technique - pretend to give in, and strike them when they least expect it. Videos and books are available at your local gun show.
Hey! I'm a woman...I resemble that remark. lol
This won't solve the problem but it might make you feel better.
Actually I think it is the Secret Service that handles credit card fraud. So contact the Department of the Treasury.
Yes, I understood that, too. Never hurts to remind people.
contact Steve Gibson, Gibson Research I think it's GRC.com or GRC.org, very knowledgeable in this kind of stuff....
Then go out as your real name and tell your customer base that someone stole your document and altered it with false information. If they want the REAL document, they still have to send you $3,995
P.S. My consulting fee just so happens to be $3,995. I'll take it in cash or copyrighted documents.
Narby
Perhaps I didn't make my point clear. The idea is to put out so much disinformation, and TELL EVERYONE that there is disinformation on the street, that the genuine document you're being extorted over won't be worth a dime to the bad guys. A real customer will have to pay you in order to know that it's real.
I found a similarly named report at the following web sites:
http://www.nanomarkets.net/market_reports-nanostorage.htm
http://www.cir-inc.com/info/contact.cfm
I believe you need to contact the Cybercrimes unit of the FBI. From what you report this does not appear to be a network intrusion, rather only a cyber fraud. To proceed with investigation someone needs to preserve the evidence -- network logs and possibly a forensic image of the server if it isn't too large. The emails that you received might be of some evidentiary use, but if they were smart they used an overseas open email server relay that will make obtaining foreign law enforcement assistance problematic. However, if they used a web browser to log into a cyber store to provide the credit card information and then downloaded the report, tracing those connections could be much more useful. But don't get your hopes up too high because they undoubtedly used a compromised computer from which they made those connections. But that 1st compromised computer will have additional connection information that leads to their next hop.
Also, the FBI has some large cases ongoing concerning technology information theft in a variety of technologies and your incident could be related.
I would recommend contacting the FBI DC field office and ask for the cyber crime unit. See the following sites:
http://www.cybercrime.gov/reporting.htm
http://www.fbi.gov/contact/fo/fo.htm
I think Steve would probably be way too busy and much too expensive for this. (But, you never know - he might just be intrigued or outraged enough to do it anyway.)
It doesn't appear that this case would have much for him to sink his teeth into. The report was 'purchased' from a secure website that validated the (stolen) credit card. No hacking done, no DOS attack, no cracked software. The FBI has the tools to get ISP records and trace the emails and the FBI is free.
The three obvious crimes are identity theft, grand larceny, and extortion. Should be enough for the FBI to get interested. They might even be able to throw in the RICCO act if they can show a criminal enterprise.
We own those 2 urls. I have filed an e-complaint and tried calling them tonight but was told to call back Monday.
They used a Hotmail account that seems to have passed through a server hosted in Japan.
:-(
PDF files
They seem to have a good list from I could gather. Copies went to the industry's leading VC, a major technology analyst at Merril Lynch, GE's Lab and a few start-ups that I know. Yes, these types of people buy research. The note they sent out looks like it was us giving the report away which makes it very damaging. Maybe someone with half a brain would at least ask what the hell we were doing giving the report away but some people might just say, Thanks for the free stuff.
I accept that we got boned on this one but I am damn sure not going to roll over either.
It's actually a fairly standard operating procedure to pay and download. We have changed up a few things on our end to add additional authorization.
How are you supposed to contact these clowns to let them know if you're willing to pay their ransom?
Reply to email.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.