Archive

Archive for December, 2009

Let There Be Light

December 15, 2009 2 comments

Yaacov Apelbaum-Festival of Lights

For the majority of westerners,  religious persecution is a strange and foreign concept.   Most of us view political and religious fanaticism such as pogroms or the Auto de fé as a distant memory of a dark and uncultured era now long gone.  Of course, there are always a few regrettable exceptions to this.  But to me, incidents like Neo Nazis marching on Pennsylvania Avenue just further highlight the beauty of the first amendment. If you feel strongly about something, get a permit, pack your soap box and have a go at it. By all means.

This week as I was surfing on-line, I stumbled upon this news clip.  Apparently, the Jewish community in Moldova had setup a Menorah to celebrate Hanukkah (after having been given a permit to do so).  This didn’t go down well with Moldova’s eparchy of the Russian Orthodox church.  So under the charismatic leadership of Father Anatoly Chirbik (and a hammer wielding priest), the local community staged a get-together and in a very orderly manner, proceeded to crash the celebration.  It’s all on tape: the honor guard, the banners with the miraculous icons, the sprinkling of holy water, the burning of incense, and even a live accompaniment by a chorus of Gregorian chanters.

When I first watched the clip, I thought that it was just another Borat promotional, but after listening to Father Chirbik’s speech (excerpt below), I realized that it was actually the real thing.

“We are an Orthodox country. Stephen the Great and Holy defended our country from all kinds of Jews, and now they come and put their menorah here. This is anarchy.” 

My initial confusion was understandable as Borat’s explanation of the origin of his brother’s madness were not dissimilar in substance and style from the one made by Father Chirbik:

Bilo [Borat’s brother] had "a demon", so we chiseled a hole the size of kestrel egg in his head and put a dry fish inside to eat the demon. This worked for a while, but then "the demon” took his revenge and made Bilo retarded.

Even more perplexing than the speech, were the participants.  The expressions on their faces ranged from gratefulness for having been chosen to join the wrecking crew to religious piety and patriotic zeal.  By all accounts, this was a family event; complete with well dressed moms, dads, grandparents and young kids in tow. It was by no means your stereotypical lynch mob wielding torches and pitch forks.

But looks can be deceiving. Just because someone was born in the 20th century and dresses appropriately doesn’t automatically elevate him to the rank of a modern human being.  Theodor Adorno once stated: “’[The] Enlightenment has always aimed at liberating men from fear...” Alas, it seems that large segments of the world’s population are still firmly planted in the midst of the savage Byzantine era, and if the Moldova incident is any indication, they are not in a great rush to get out of there soon.

The Age of Enlightenment and the political reforms that it spawned (like the Bill of Rights)  have repeatedly demonstrated that church and state do not mix well and are best enjoyed separately.  For US immigrants the likes of Irving Berlin, who experienced religious prosecution first hand, the freedom of religion has always been a sign of a divine blessing. 

“God bless America”

© Copyright 2009 Yaacov Apelbaum All Rights Reserved.

Windows Live Credit Card Phishing

December 10, 2009 14 comments

Yaacov Apelbaum-Phishing

I recently received an email claiming to be from Microsoft Live. The email stated that due to some processing issues, they could not authorize my credit card and so I would need to login to their website to update my credit card information by clicking on their link.

Over the years, I have seen a number of these types of messages, but this was the first one targeting me personally.  After skimming through it, I realized that it was a blatant phishing attempt, nevertheless, I still marveled at the ingenuity of the scammers.

Yaacov Apelbaum-Fake MSN Image

Billing and Account Management

Dear Windows Live Hotmail member,
During our regularly scheduled account maintenance and verification procedures, our billing department was unable to authorize your current payment method information.

This might be due to either of the following reasons:

  1. A recent change in your personal information (i.e. change of address, credit card)
  2. Submitting invalid information during the initial Sign Up or upgrade process.
  3. An inability to accurately verify your selected payment method information due to an internal error within our processors.
    Please use the following link to update your payment method information :

http://billing.microsoft.com/logon.srf?action=SignIn&reason=auth&type=auto&uid=187&acct=49472101102

The above link may have been blocked for your privacy. To activate the link please look for the Show content link that is usually located on top of this message.

NOTE! If your account information is not updated within 48 hours then your ability to use your Windows Live Hotmail account will become restricted.

Thank you for using Windows Live Hotmail!
Please do not reply to this e-mail, as this is an unmonitored alias.

Yaacov Apelbaum-Fake Windows Live Image

  © 2009 Microsoft Corporation. All rights reserved.


Anatomy of a Phish


Yaacov Apelbaum-Anatomy of a Phish For the uninitiated, phishing (pronounced “fishing”) is a fraudulent attempt to acquire sensitive information from a user.  Such information can be: credit cards, user IDs, passwords, and/or account information.  It is often accomplished via email or phone

Phishing falls into the category of exploits  known as “ “social engineering”. Even though they are mostly low tech, (requiring neither sophisticated technology nor advanced programming), they can to be successful (especially the well executed and new exploits) because most people tend instinctively to do what they are told and will not challenge the authority and authenticity of what seems to be an official correspondence.

In a typical phishing scenario, the perpetrators (usually located offshore) send a simple email—claiming to be from the customer service department of a recognizable organization  (like a bank, on-line service, etc.)—the email will inform you of some  problem with your account. You are then instructed to provide details of your bank, email, or credit card account in order to correct this problem.

Even though, phishing exploits can have many variations, they can be grouped into the following are five usage scenarios:

1. Forged identities — In this exploit, the attacker creates an email address that is related to a reputable organization like “Windows Live Customer Support”. Even though on the surface, their email address looks legitimate (as in: billing@windowslive.com), it is not. If you’re not paying attention, it can be easy to mistake a message like this for a genuine customer support request.

2. Compromised accounts — In this exploit, the attacker uses a compromised user account to send an email to everyone in the address book for that account. An email you receive from a known account dramatically increases the credibility of that message, and therefore the likelihood of a successful phishing attack.

3. Direct phone calls — In this exploit, the scammer may contact you directly by phone, telling you that they work for some financial institution (may offer to lower your interest rates) or the fraud investigation departments.  They will inform you that your account has been breached and will directly ask you for your account details in order to verify it.

4. Bogus websites — In this exploit, the attacker will send you a link to what seems to be a functional website.  The site will include official-looking logos, language, or other identifying information taken directly from a legitimate websites. The address of the site will show resembles the name of a reputable company but with some spelling variations. For example, the name"microsoft.live.com" could appear instead as: “micorsoft.live.com

5. Social Network Harvesting — In this exploit, a communication from a scammer will ask you for personal information.  You may mistake it for an email from a friend wanting to reconnect. The email will include convincing details about your personal life which ware recovered from social networks such as LinkedIn, Facebook, etc.

In general, the objective of phishing is to recover your webmail credentials since the resale value of a legitimate web mail account on the black market can be as high as $2-$3—twice the amount they could get for a stolen credit card number.  So for a phisher, breaching several dozens accounts a day can be a lucrative business, making $100K-$500K for the life of the scam.

In the case of my phishing email, when I followed the link in it,  I was taken to a credit card entry form (Image 1). As I expected, the form looked genuine, it had all the right corporate trimmings: a Microsoft logo, copyright notice, and even a link to a help page (which ironically offered the following advice You should keep this number secret, protect it, and never write it on your card.”)

Yaacov Apelbaum-Phishing Credit Card Form

Image 1: Phishing Credit Card Entry Form

As with most phishing sites, I was expecting to find some bogus or misspelled Microsoft URL, but instead I was surprised to see that the web address of the webpage actually belonged to a company called Human & Technology H&T (Image 2), clearly, htech21.com doesn’t even sound like Microsoft.   I’ve checked the parent URL out and It turns out, that this company was at one point a legitimate Korean hardware manufacturer, than,  two years ago, their CEO was arrested and the company became the target of one of the biggest class-action lawsuits in history.

CEO Jeong Kuk-Kyo So what is the connection between htech21.com and this phishing expedition?  It appears that the perpetrators of this scam decided to cut some costs and instead of purchasing and hosting their own domain, they chose to break into the H&T corporate web site and place their credit card collection pages on it.  At one point, our scammers discovered that Human & Technology has gone out of business (this could also have been an inside job) and safely assumed that this orphaned website (which has not been updated for 3 years) is no longer being maintained or monitored, and as such, was a perfect staging platform for a phishing operation.

Yaacov Apelbaum-Phish Help WindowIt is also interesting to note, that the site’s help file focused on ATMs (Automated Teller Machines), strongly suggests that at least some of the phishing website contents have also been used in other scams.

Yaacov Apelbaum-Human & Technology Phishing Website Korean  Yaacov Apelbaum-Human & Technology Phishing Website English

Image 2: Phishing Host Website

It is hard to recognize legitimate customer service communications from phishing expeditions. This difficulty if further compounded by the fact that for many, using services such as Amazon, EBay, and e-banking has now become a  a way of life.  For most users, the potential inconvenience of being looked out of their favorite on-line services outweighs the risk of disclosing their account information. Unfortunately, the on-line services are not helping this situation either because most are either impossible to reach by phone or their offshore support centers are largely useless.

So how does one survive in the hostile jungle of email exploits? The following are my top 10 Do’s and Don’ts of email:

1.  Do Not open emails that have a wrong or incorrect spelling of your name. Phishers often harvest email addresses in balk and may not have your full name. Because of this, they will try to guess your name from your email address.

2.  Do Not open emails that are not addressed to you by name. Phishers will almost never personalize correspondences; they will refer to you as “Dear Customer” or “Dear Valued Customer” because they send balk solicitations to millions of email addresses.

3.  Do Not respond to any account management email requests that come from your bank. If your bank needs to reach you, they will send you an official letter or leave you a voice mail with a valid callback telephone number.

4.  Do Not open unsolicited emails. Nothing in life is free, this includes the invitation to view naked celebrities and the Prozac and Viagra offers in your inbox.

5.  Do Not use email links to go to any financial websites. Type in the URL yourself and save it as a bookmark.

6.  Do verify the website URL you are about to log into, check the spelling carefully before you provide your login details on any web page.  Pay close attention to domain name following the “http://” section of the address.  Many phishers will Intentionally create very long names to obfuscate the fake URL.

7.  Do log in to your on-line accounts regularly and look for unrecognized transactions.  Do the same with your monthly credit card statements.

8.  Do Not send your account details via email to anyone.  email traffic is unencrypted, so anyone on route can intercept the message.

9.  Do check that the Internet connection you are using is secure. Look for HTTPS in the address field of your browser.  You may also want to click on theEncrypted connection iconpadlock to view the actual server certificate.  This will help you verify that it was issued by a reputable authority and assigned to the company managing the website in question.

10.  Do make sure that you have an updated anti-virus software and that your firewall is turned on.

© Copyright 2009 Yaacov Apelbaum All Rights Reserved.