Hundreds of computer geeks, most of them students putting themselves through college, crammed into three floors of an office building in an industrial section of Ukraine’s capital, Kiev, churning out code at a frenzied pace. They were creating some of the world’s most pernicious and profitable computer viruses.
According to court documents, former employees and investigators, a receptionist greeted visitors at the door of the company, known as Innovative Marketing Ukraine. Communications cables lay jumbled on the floor and a small coffee maker sat on the desk of one worker.
As business boomed, the firm added a human resources department, hired an internal IT staff and built a call center to dissuade its victims from seeking credit card refunds. Employees were treated to catered holiday parties and picnics with paintball competitions.
Top performers got bonuses as young workers turned a blind eye to the harm the software was doing.
“When you are just 20, you don’t think a lot about ethics,” said Maxim, a former Innovative Marketing programmer who now works for a Kiev bank and asked that only his first name be used for this story. “I had a good salary and I know that most employees also had pretty good salaries.”
In a rare victory in the battle against cyber-crime, the company closed down last year after the US Federal Trade Commission (FTC) filed a lawsuit seeking its disbandment in US federal court.
An examination of the FTC’s complaint and documents from a legal dispute among Innovative executives offer a rare glimpse into a dark, expanding — and highly profitable — corner of the internet.
Innovative Marketing Ukraine, or IMU, was at the center of a complex underground corporate empire with operations stretching from Eastern Europe to Bahrain; from India and Singapore to the US. A researcher with anti-virus software maker McAfee Inc who spent months studying the company’s operations estimates that the business generated revenue of about US$180 million in 2008, selling programs in at least two dozen countries.
“They turned compromised machines into cash,” researcher Dirk Kollberg said.
The company built its wealth pioneering scareware — programs that pretend to scan a computer for viruses, and then tell the user that their machine is infected. The goal is to persuade the victim to voluntarily hand over their credit card information, paying US$50 to US$80 to “clean” their PC.
Scareware, also known as rogueware or fake anti-virus software, has become one of the fastest-growing, and most prevalent, types of Internet fraud. Software maker Panda Security estimates that each month some 35 million PCs worldwide, or 3.5 percent of all computers, are infected with these malicious programs, putting more than US$400 million a year in the hands of cyber-criminals.
“When you include cost incurred by consumers replacing computers or repairing, the total damages figure is much, much larger than the out-of-pocket figure,” Ethan Arenson, an attorney with the FTC said, who helps direct the agency’s efforts to fight cyber-crime.
Groups like Innovative Marketing build the viruses and collect the money but leave the work of distributing their merchandise to outside hackers. Once infected, the machines become virtually impossible to operate.
The scareware also removes legitimate anti-virus software from vendors including Symantec Corp, McAfee and Trend Micro Inc, leaving PCs vulnerable to other attacks.
When victims pay the fee, the virus appears to vanish, but in some cases the machine is then infiltrated by other malicious programs. Hackers often sell the victim’s credit card credentials to the highest bidder.
Removing scareware is a top revenue generator for Geek Choice, a PC repair company with about two dozen outlets in the US. The outfit charges US$100 to US$150 to clean infected machines, a service that accounts for about 30 percent of all calls. Geek Choice chief executive officer Lucas Brunelle said that scareware attacks have picked up over the past few months as the software has become increasingly sophisticated.
“There are more advanced strains that are resistant to a lot of anti-virus software,” Brunelle said.
Anti-virus software makers have also gotten into the lucrative business of cleaning PCs, charging for those services even when their products fall down on the job.
Charlotte Vlastelica, a homemaker in State College, Pennsylvania, was running a version of Symantec’s Norton anti-virus software when her PC was attacked by Antispyware 2010.
“These pop-ups were constant,” she said. “They were layered one on top of the other. You couldn’t do anything.”
So she called Norton for help and was referred to the company’s technical support division. The fee for removing Antispyware 2010 was US$100. A frustrated Vlastelica vented: “You totally missed the virus and now you’re going to charge us $100 to fix it?”
“It’s sort of a plague,” Kent Woerner said, a network administrator for a public school district in Beloit, Kansas, some 8,850km away from Innovative Marketing’s offices in Kiev.
He ran into one of its products, Advanced Cleaner, when a teacher called to report that pornographic photos were popping up on a student’s screen. A message falsely claimed the images were stored on the school’s computer.
“When I have a sixth-grader seeing that kind of garbage, that’s offensive,” Woerner said.
He fixed the machine by deleting all data from the hard drive and installing a fresh copy of Windows. All stored data was lost.
Stephen Layton, who knows his way around technology, ended up junking his PC, losing a week’s worth of data that he had yet to back up from his hard drive, after an attack from an Innovative Marketing program dubbed Windows XP Antivirus.
The president of a home-based software company in Stevensville, Maryland, Layton says he is unsure how he contracted the malware.
But he was certain of its deleterious effect.
“I work eight to 12 hours a day,” Layton said. “You lose a week of that and you’re ready to jump off the roof.”
Layton and Woerner are among more than 1,000 people who complained to the US FTC about Innovative Marketing’s software, prompting an investigation that lasted more than a year and the federal lawsuit that sought to shut them down. To date the government has only succeeded in retrieving US$117,000 by settling its charges against one of the defendants in the suit, James Reno, of Amelia, Ohio, who ran a customer support center in Cincinnati, Ohio. He could not be reached for comment.
“These guys were the innovators and the biggest players [in scareware] for a long time,” Arenson said, who headed up the FTC’s investigation of Innovative Marketing.
Innovative’s roots date back to 2002, according to an account by one of its top executives, Marc D’Souza, a Canadian, who described the company’s operations in-depth in a 2008 legal dispute in Toronto with its founders over claims that he embezzled millions of dollars from the firm. The other key executives were a British man and a naturalized US citizen of Indian origin.
According to D’Souza’s account, Innovative Marketing was set up as an Internet company whose early products included pirated music and pornography downloads and illicit sales of the impotence drug Viagra. It also sold gray market versions of anti-virus software from Symantec and McAfee, but got out of the business in 2003 under pressure from those companies.
It tried building its own anti-virus software, dubbed Computershield, but the product didn’t work. That didn’t dissuade the firm from peddling the software amid the hysteria over MyDoom, a parasitic “worm” that attacked millions of PCs in what was then the biggest email virus attack to date. Innovative Marketing aggressively promoted the product over the Internet, bringing in monthly profits of more than US$1 million, according to D’Souza.
The company next started developing a type of malicious software known as adware that hackers install on PCs, where they served up pop-up ads for travel services, pornography, discounted drugs and other products, including its flawed anti-virus software. They spread that adware by recruiting hackers whom they called “affiliates” to install it on PCs.
“Most affiliates installed the adware product on end-users’ computers illegally through the use of browser hijacking and other nefarious methods,” D’Souza said.
He said that Innovative Marketing paid its affiliates US$0.10 per hijacked PC, but generated average returns of US$2 to US$5 for each of those machines through the sale of software and products promoted through the adware.
The affiliate system has since blossomed. Hackers looking for a piece of the action can link up with scareware companies through anonymous Internet chat rooms. They are paid through electronic wire services such as Western Union, Pay Pal and Webmoney which can protect the identity of both the sender and the recipient.
To get started, a hacker needs to register as an affiliate on an underground Web site and download a virus file that is coded with his or her affiliate ID. Then it’s off to the races.
“You can install it by any means, except spam,” one affiliate recruiting site says, earning4u.com, which pays US$6 to US$180 for every 1,000 PCs infected with its software. PCs in the US earn a higher rate than ones in Asia.
Affiliates load the software onto the machines by a variety of methods, including hijacking legitimate Web sites, setting up corrupt sites for the purposes of spreading viruses and attacks over social networking sites such as Facebook and Twitter.
“Anybody can get infected by going to a legitimate Web site,” Uri Rivner said, an executive with RSA, one of the world’s top computer security companies.
A scareware vendor distributed its goods one September weekend via the New York Times’ Web site by inserting a single rogue advertisement. The hacker paid NYTimes.com to run the ad, which was disguised as one for the Internet phone company Vonage. It contaminated PCs of an unknown number of readers, an account of the incident published in the New York Times said.
Patrik Runald, a senior researcher at Internet security firm Websense Inc, expects rogueware vendors to get more aggressive with marketing.
“We’re going to see them invest more money in that — buying legitimate ad space,” he said.
To draw victims to infected Web sites, hackers will also manipulate Google’s search engine to get their sites to come up on the top of anyone’s search in a particular subject. For instance, they might capitalize on news events of wide interest — from the winners of the Oscars to the Tiger Woods scandal — quickly setting up sites to attract relevant search times.
Anti-virus maker Panda Security last year observed one scareware peddler set up some one million web pages that infected people searching for Ford auto parts with a program dubbed MSAntispyware2009.
They also snare victims by sending their links through Facebook and Twitter.
Some rogue vendors manage their partnerships with hackers through software that tracks who installed the virus that generated a sale. Hackers are paid well for their efforts, garnering commissions ranging from 50 to 90 percent, Panda Security said. SecureWorks, another security firm, estimates that a hacker who gets one to two percent of users of infected machines to purchase the software can pull in over US$5 million a year in commissions.
Hackers in some Eastern European countries barely attempt to conceal their activities.
Panda Security found photos of a party in March 2008 that it said affiliate ring KlikVIP held in Montenegro to reward scareware installers. One showed a briefcase full of euros that would go to the top performer.
“They weren’t afraid of the legal implications,” Panda Security researcher Sean-Paul Correll said. “They were fearless.”
One of Innovative Marketing’s biggest problems was the high proportion of victims who complained to their credit card companies and obtained refunds on their purchases. That hurt the relationships with its merchant banks that processed those transactions, forcing it to switch from banks in Canada to Bahrain. It created subsidiaries designed to hide its identity.
In 2005, Bank of Bahrain & Kuwait severed its ties with an Innovative Marketing subsidiary that had the highest volume of credit card processing of any entity in Bahrain because of its high chargeback rates, D’Souza said.
Innovative Marketing then went five months without a credit card processor before finding a bank in Singapore — DBS Bank — willing to handle its account. The Singapore bank processed tens of millions of dollars in backlogged credit card payments for the company, D’Souza said.
To keep the chargeback rate from climbing even higher, Innovative Marketing invested heavily in call centers. It opened facilities in Ukraine, India and the US. The rogueware was designed to tell the users that their PCs were working properly once the victim had paid for the software, so when people called up to complain it wasn’t working, agents would walk them through whatever steps it took to make those messages come up.
Often that required disabling legitimate anti-virus software programs, said McAfee researcher Dirk Kollberg, who spent hours listening to digitized audio recordings of customer service calls that Innovative Marketing kept on its servers at its Ukraine offices. He gathered the data by tapping into a computer server at its branch in Kiev that he said was inadvertently hooked up to Innovative’s Web site.
“At the end of the call,” he said, “Most customers were happy.”
Police have had limited success in cracking down on the scareware industry. Like Innovative Marketing, most rogue Internet companies tend to be based in countries where laws permit such activities or officials look the other way.
Law enforcement agencies in the US, Western Europe, Japan and Singapore are the most aggressive in prosecuting Internet crimes and helping officials in other countries pursue such cases, said Mark Rasch, former head of the computer crimes unit at the US Department of Justice.
“In the rest of the world, it’s hit or miss,” he said. “The cooperation is getting better, but the level of crime continues to increase and continues to outpace the level of cooperation.”
The FTC succeeded in persuading a US federal judge to order Innovative Marketing and two individuals associated with it to pay US$163 million it had scammed from Americans. Neither individual has surfaced since the government filed its original suit more than a year ago.
However, Ethan Arenson, the FTC attorney who handled the case, warned: “Collection efforts are just getting underway.”
A nation has several pillars of national defense, among them are military strength, energy and food security, and national unity. Military strength is very much on the forefront of the debate, while several recent editorials have dealt with energy security. National unity and a sense of shared purpose — especially while a powerful, hostile state is becoming increasingly menacing — are problematic, and would continue to be until the nation’s schizophrenia is properly managed. The controversy over the past few days over former navy lieutenant commander Lu Li-shih’s (呂禮詩) usage of the term “our China” during an interview about his attendance
Bo Guagua (薄瓜瓜), the son of former Chinese Communist Party (CCP) Central Committee Politburo member and former Chongqing Municipal Communist Party secretary Bo Xilai (薄熙來), used his British passport to make a low-key entry into Taiwan on a flight originating in Canada. He is set to marry the granddaughter of former political heavyweight Hsu Wen-cheng (許文政), the founder of Luodong Poh-Ai Hospital in Yilan County’s Luodong Township (羅東). Bo Xilai is a former high-ranking CCP official who was once a challenger to Chinese President Xi Jinping (習近平) for the chairmanship of the CCP. That makes Bo Guagua a bona fide “third-generation red”
US president-elect Donald Trump earlier this year accused Taiwan Semiconductor Manufacturing Co (TSMC) of “stealing” the US chip business. He did so to have a favorable bargaining chip in negotiations with Taiwan. During his first term from 2017 to 2021, Trump demanded that European allies increase their military budgets — especially Germany, where US troops are stationed — and that Japan and South Korea share more of the costs for stationing US troops in their countries. He demanded that rich countries not simply enjoy the “protection” the US has provided since the end of World War II, while being stingy with
Historically, in Taiwan, and in present-day China, many people advocate the idea of a “great Chinese nation.” It is not worth arguing with extremists to say that the so-called “great Chinese nation” is a fabricated political myth rather than an academic term. Rather, they should read the following excerpt from Chinese writer Lin Yutang’s (林語堂) book My Country and My People: “It is also inevitable that I should offend many writers about China, especially my own countrymen and great patriots. These great patriots — I have nothing to do with them, for their god is not my god, and their patriotism is
RSS