International intrigue in Raleigh

A story ran in March that caught my eye but didn’t seem to catch the full attention of the press. Federal officers from the U.S. Department of Commerce raided the offices of Law Enforcement Associates in Raleigh, charging the company with unlawfully exporting a sophisticated surveillance vehicle to Morocco.

The company, on whose board the former House majority leader Tony Rand once served as chairman, has been in trouble before. In 2005, founder John Carrington was charged with illegally exporting police equipment to China. He paid an $850,000 fine and agreed not to export anything for five years. Except Carrington couldn’t resist and got in trouble two years later for violating the ban again.

What’s up with this company? Is this another Blackwater in our own backyard? Are these sophisticated, Big Brother-ish tools being used against Middle Eastern democracy protesters? Was China using its “police equipment” to crush dissent? What’s the story here?

FDIC “Your Business Account” scam

Got this scam email purporting to be from the FDIC. Funny how the feds send their email through Ukraine. Folks, be very suspicious about any unsolicited emails, particularly ones that reference your bank account.

Kudos to the FDIC for addressing this scam on their webpage.

Return-Path: acquiescing5863@gmail.com
X-Original-To: Mark Turner
Delivered-To: Mark Turner
Received: from eddy.neusemedia.com (eddy.neusemedia.com [67.217.170.39])
by maestro.markturner.net (Postfix) with ESMTP id CEAE214119
for Mark Turner; Thu, 2 Jun 2011 09:47:01 -0400 (EDT)
X-Received-SPF: neutral (eddy.neusemedia.com: 209.19.62.178 is neither permitted nor denied by domain of gmail.com) client-ip=209.19.62.178; envelope-from=acquiescing5863@gmail.com; helo=remote.usgvmwd.org;
Received: from remote.usgvmwd.org (remote.usgvmwd.org [209.19.62.178])
by eddy.neusemedia.com (Postfix) with ESMTP id E30178AE826
for Mark Turner; Thu, 2 Jun 2011 09:46:57 -0400 (EDT)
Received: from [86.93.221.142] (account easterlyhiru6@gmail.com HELO yyrxuzpt.poaijeowjkovzu.net)
by remote.usgvmwd.org (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 000646149 for Mark Turner; Thu, 2 Jun 2011 05:47:00 -0800
Date: Thu, 2 Jun 2011 05:47:00 -0800
From: alert@fdic.gov
X-Mailer: The Bat! (v3.51) Home
X-Priority: 3 (Normal)
Message-ID: 4283985778.NY7NS133995951@isplnzolzalejp.eeibmulcjotavug.ua
To: Mark Turner
Subject: FDIC: Your business account

Federal Deposit Insurance Corporation (FDIC) Logo

Dear Business Owner,

We have important news regarding your bank.

Please click here to see further details.

This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership
FDIC

Questions for FDIC?
Contact Us

Parcel arrived in the office of Postal service

Looks like more virus-laden emails are being sent, this time using “Postal Express” rather than the United Parcel Service notices of last time.

Again, do not open any attachments from people you don’t know (or services you don’t use).

Return-Path: post.express@wichita.com
X-Original-To: Mark Turner
Delivered-To: Mark Turner
Received: from wichita.com (200.146.124.135.dynamic.adsl.gvt.net.br [200.146.124.135])
by myserver (Postfix) with SMTP id 51AD9141BE
for me; Tue, 24 May 2011 00:27:25 -0400 (EDT)
Message-ID: 001a01cc19ca$e32ca4c6$0301010a@home-pc
From: “Post Express Service” post.express@wichita.com
To: Mark Turner
Subject: Parcel arrived in the office of Postal service
Date: Tue, 24 May 2011 01:27:27 -0200

Dear Customer

Your package has been returned to the Post Express office.
The reason of the return is “Incorrect delivery address of the package”
Information about your package is attached to the letter.

Thank you.
Post Express Service.

Attachment: Postal_Document_95816.zip

Dr. Bruce Ivins, revisited

Remember back in February of last year when I said the FBI was full of BS for blaming Dr. Bruce Ivins for the anthrax attacks? Well, it turns out I was right. Another bombshell hit yesterday when it was revealed that the weaponized nature of the anthrax made it all but impossible that Dr. Ivins produced it.

Why is it that the FBI too often is the gang that can’t shoot straight? They spend $100 million on an investigation and, once they hound one scientist to his death (after first forever tarnishing the reputation of another, wrongly-accused scientist), blame it on him knowing full well they were slandering an innocent man.

Man, I miss the days in this country when heads would roll when someone royally screwed something up. There should be more than one FBI executive seeking new employment right about now based on what they did with the anthrax case.

Or, as I said in my earlier post, perhaps the FBI really doesn’t want to find the perpetrators.

Dear costumer . . .

Another phishing attempt hit the inbox, this time addressed to “costumers” and targeting Earthlink users.

From: “Earthlink.net” noreply@earthlink.net
Date: Wed, 20 Apr 2011 02:18:08 +0200
Subject: Earthlink.Net – Account Suspended

Account Locked !

Dear costumer,

Due to the number of incorrect login attempts, your earthlink account has been locked for your security. This has been done to secure your accounts and to protect your private information in case the login attempts were not done by you.

If you did not trigger this lockout, follow this link to Log on to your Earthlink Account:

Click here to unlock your account
http://stsoft.homelinux.org/oscommerce/images/webmail.earthlink.net.html
Thank you for your prompt attention to this matter.

We apologize for any inconvenience.

Thank you for using Earthlink.Net!

Please do not reply to this e-mail. Mail sent to this address cannot be answered.

Scammer of the year?

This guy deserves a real medal of some sort. I’m stunned that he ever pulled this off.

A Chinese national who said he was the “supreme commander” of a made-up Army unit orchestrated an elaborate scheme that attracted recruits and their money with the promise that it was a path to U.S. citizenship, authorities allege.

Yupeng Deng, who is accused of raking in hundreds of dollars from his recruits, is set to be arraigned Wednesday on more than a dozen charges.

Los Angeles County prosecutors said Deng, also known as David Deng, recruited 100 other Chinese nationals, primarily in Asian enclaves in the San Gabriel Valley, to join the “U.S. Army/Military Special Forces Reserve unit,” then gave them phony U.S. Army uniforms and military ID cards.

Fallout from Epsilon email breach?

Like many folks, I’ve gotten emails from many companies I do business with online letting me know that their email databases have been compromised by hackers. The breach took place at an email marketing company called Epsilon. Here’s one notification I received from Marriott:

April 4, 2011

Dear Marriott Customer,

We were recently notified by Epsilon, a marketing vendor used by Marriott International, Inc. to manage customer emails, that an unauthorized third party gained access to a number of Epsilon’s accounts including Marriott’s email list.

In all likelihood, this will not impact you. However, we recommend that you continue to be on the alert for spam emails requesting personal or sensitive information. Please understand and be assured that Marriott does not send emails requesting customers to verify personal information.

We take your privacy very seriously. Marriott has a long-standing commitment to protecting the privacy of the personal information that our guests entrust to us. We regret this has taken place and apologize for any inconvenience.

Please visit our FAQ to learn more.

Sincerely,

Marriott International, Inc.

I also received one from Hilton and saw an online notice on the Chase website. Most of these notices state that there has been no direct leak of account information, only email addresses. That may be true, but early this morning someone tried to close a Paypal account linked with my email address and then open a new one ten minutes later:
Continue reading →

BackWPup WordPress vulnerability

Looking over my logfiles tonight, I noticed a host trying to access a file I don’t have, backwpup.php.

46.4.202.87 – – [31/Mar/2011:19:00:03 -0400] “HEAD /wp-content/plugins/backwpup/backwpup.php HTTP/1.1” 403 – “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”

It turns out this is a WordPress plugin that has a bug which lets an attacker traverse the file system. In other words, an attacker could then view any file on the server that’s accessible to the webserver process.

I hadn’t seen it before but it hasn’t been out too long. I don’t use that particular plugin but those who do should be aware.

Transaction canceled

I posted about a fake “transaction canceled” email I got but today I experienced a real canceled transaction.

I’ve been looking around for an LG Optimus V phone and thought I’d found the perfect one on Craigslist. It was priced at 60% of what a new phone costs:

VIRGIN MOBILE ANDROID – $120 (RALEIGH)
Date: 2011-03-28, 7:30PM EDT

THIS IS THE LG OPTIMUS V BRAND NEW IN BOX CALL 919-758-xxxx this is a touch screen

Continue reading →

ACH Payment canceled scam

Got this scam email today. Of course NACHA does not send emails about any transactions, so you can consider this to be fraud.

Date: Wed, 30 Mar 2011 15:36:01 +0000
From: risk@nacha.org
X-Mailer: The Bat! (v2.10.03) Personal
Message-ID: <2450512739.Q2NA84TE047826@urzrjfbftr.tlgwdedu.info>
Subject: ACH payment canceled

The ACH transaction (ID: 58051732944390), recently sent from your bank account (by you or any other person), was rejected by the other financial institution.

Please click here to download further information

If you have any questions or comments, contact us at info@nacha.org. Thank you for using http://www.nacha.org.