Home » Data Protection » Malware/Cybercrime

News

Romanian Phishing Busts Were Years in the Making

The FBI has been working since 2003 to crack down on Romanian phishers, a senior FBI official said Friday

By Robert McMillan, IDG News Service (San Francisco Bureau)

September 14, 2008 — CSO —

The U.S. Federal Bureau of Investigation spent years laying the groundwork for an investigation that led to the arrest of dozens of people involved in illegal phishing scams operated from Romania and the U.S., a senior FBI official said Friday.

Shawn Henry, who was appointed assistant director of the FBI's Cyber Division earlier this week, said he began meeting with Romanian police and lawmakers, including the country's minister of technology and minister of justice, in 2003 to help tackle the country's growing cybercrime problem.

Romanian crime gangs were hurting U.S. banks by tricking customers into giving up account numbers and passwords on phony "phishing" Web sites, but Romanian officials soon realized that the problem was also affecting businesses at home, too, because the problem was so bad that some companies were simply blocking all Internet traffic from Romania.

"Just at the time they were trying to merge with the West and get into NATO ... the U.S. and other Western nations were shutting them down because of the threat of crime," Henry said. "If they did not take this problem seriously, they were going to be left in the dark."

Since then Romania has taken some major steps to crack down on cybercrime, he said, by adding new hacking laws and strengthening its ability to fight computer crime. "They really committed themselves to the problem."

In 2006, the Cyber Division sent six FBI agents to Bucharest to work with the Romanian National Police. Operation Cardkeeper, as the effort was called, led to 13 arrests and prompted the FBI to set up a task force last year, where agents have worked full time in Romania assisting local police with their cyber investigations.

This year the task force helped shut down major phishing operations in sweeps that were announced in May and July. Nearly 60 people in the U.S. and Romania were arrested.

Although the Cyber Division team has been doing excellent work, Romania remains a top source of phishing activity, according to Gary Warner, director of research in computer forensics with the University of Alabama, Birmingham. "There are a lot of bad actors in Romania," he said.

But why Romania? According to Warner, the country has the dangerous combination of a shattered economy and institutional corruption that creates breeding grounds for cyber criminals the world over.

Romanian police told Henry that those arrested likely became phishers because they had the right combination of technical smarts and economic incentives. "Culturally they were good students in math, they were interested in technology, there was some degree of English speakers there," he said. "They were smart folks in a country that was just coming into its own, and I guess the intention was [to seize] an opportunity to expand on that."