getting away with it
This brief article discusses how thieves stole account details from two online brokerages using keystroke loggers. By some broad definition this falls into the category of “identity theft”, since the thieves could then pretend to be the user in question. I don’t really think that warrants being called identity theft, but whatever.
I think dreaming up crimes is pretty easy. The hard thing is to figure out a good way to take physical possession of the loot. At some point you have to go clean out that bank account, or have illegally bought goods delivered to a physical address, etc. It’s not easy to come up with ways that let you reap the benefits of crime while minimizing the risk associated with these physical problems. There are some classic approaches, like using cut outs, drops, etc. In the online world it seems just as hard, and perhaps more so. At the end of the day there’s a wire leading to your house, or similar.
That’s why I like the above scam. Instead of trying for a direct score, they set up a disconnect and used the accounts to create an effect in the stock market that they then took advantage of. That’s got to be much harder to nail down, especially if even moderate care is taken to disguise the trades. I think this disconnect is very clever. But perhaps it’s actually an old trick?
You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.