Elektrospaces – How the Police Taps the Internet

Become a Patron!
True Information is the most valuable resource and we ask you to give back.

About how signals intelligence agencies, like NSA and GCHQ, are intercepting communications, we learned a lot from the Snowden revelations and the German parliamentary inquiry, but also from new legislation in France, the Netherlands and the United Kingdom.

Much less is known about the practice of tapping by law enforcement, like for example the FBI and police forces. Now, a case from the Netherlands provides some interesting insights in how Dutch police intercepts internet communications – in a way that comes remarkably close to the bulk collection by intelligence agencies.

– Cooperation with the Russians – Intercepting at Leaseweb –

– Some questions – The end of ZeuS –

Office of the Team High Tech Crime (THTC) of the Dutch police in Driebergen
(photo: NRC/Merlin Daleman)

Cooperation with the Russians

On Saturday, May 27, the Dutch newspaper De Volkskrant came with a surprising storyabout the cooperation between the Team High Tech Crime (THTC) of the Dutch police and officials from the Russian federal security service FSB, which is the main successor to the notorious KGB.

Since 2009, regular meetings are held in the Netherlands, in which also officials from the FBI participate. The aim is to cooperate in tracking down and eventually arresting cyber criminals. The Volkskrant’s front page report is accompanied by an extensive background story, which contains some more worrying details, but is only available in Dutch.

The cooperation with the Russians dates back to September 2007, when the head of THTC attended a conference in the Russian city of Khabarovsk, at which CIA, FBI, Mossad, BND and other agencies were present. The head of THTC was able to create a connection to the FSB and their deputy head of the department for cyber crime, Sergei Mikhailov, became the liaison for the Dutch police and would regularly visit the Netherlands.

Meetings in Driebergen

Initially, the meetings with the Russians were held in the Dutch village of Driebergen, where the Team High Tech Crime has its offices. The Dutch security service AIVD was apparently not very fond of this, so every visit of for example Mikhailov had to be reported, and since 2012, every police officer who had contact with someone from the FSB was briefed by the AIVD before and after every meeting.

The FSB, much like the FBI, isn’t just responsible for law enforcement, but is also Russia’s secret service for domestic security. This made AIVD worried that FSB officers could use their visits to the Netherlands for spying – although strictly spoken, collecting foreign intelligence is the task of another Russian agency, the SVR.

The police compound in Driebergen started as highway patrol station, but nowadays houses some of the most sensitive units of the Dutch police, including the national criminal investigation branch and the Unit Landelijke Interceptie (or Lawful Interception, ULI), which was created in 2005 as the central facility for internet tapping, as well as for telephone tapping on behalf of all the smaller police districts.*

The police compound in the village of Driebergen
(photo via Flickr)

Security incident

There was at least one security incident in Driebergen: De Volkskrant describes that during a meeting with FBI and FSB, a Russian official came to a member of the Dutch police team, pointed at someone from the FBI and said “he is copying your data”. An investigator went looking and saw that indeed the American had a thumb drive in a police laptop and was copying Dutch information. Whether this had any consequences was not reported.

In 2014, the cooperation with Russia came under pressure: in July, there was the Russian annexation of the Crimea and shortly aftwerwards, flight MH17 was shot down, killing 193 Dutch citizens. The criminal investigation of this case also takes place in Driebergen, so the police decided to move to meetings with FSB officials from Driebergen to police stations in Amsterdam and Rotterdam.

Intercepting at Leaseweb

The first case in which Dutch police and Russian FSB cooperated started in 2008, when Russian criminals used the ZeuS trojan horse malware to spoof the login screen of banks in order to capture user credentials, and steal the money from bank accounts without a trace.

Often these criminals used servers of the Dutch hosting company Leaseweb, which offers relatively anonymous and cheap services as well as high-speed connections, as it is close to the large Amsterdam internet exchange AMS-IX. To communicate with eachother, the criminals used the messenger service ICQ, which is still popular in Russia and Eastern Europe, but doesn’t use encryption.

To catch the criminals behind the ZeuS malware, the Dutch police team set up operation Roerdomp (the Dutch name for the Eurasian bittern) and in October 2008, they asked other countries for the ICQ numbers of known cyber criminals. Within 3 months, authorities from the US, Germany, Britain, the Ukraine and Russia provided a total of 436 ICQ numbers. In January 2009, the public prosecutor and an examining judge approved the interception of communications associated with these numbers.

ICQ logo and interface

DPI filtering

To acquire these ICQ communications, the police had decided to intercept all ICQ traffic from Russia that went through the Leaseweb servers. For that purpose they bought equipment for deep-packet inspection (DPI) worth 600.000,- euro.

DPI devices are able to examine the packets that make up internet traffic and filter them according to predefined criteria, usually to prevent viruses and spam, but in this case for intercepting communications.

High-end DPI equipment, from manufacturers like Narus and Verint, can also recreate(“sessionize”) the communication sessions in order to filter complete files and messages out – which is also one of the main features of NSA’s XKEYSCORE system.

The Volkskrant reports that after the interception was approved, the new equipment was connected to the servers of Leaseweb, but actually, Leaseweb will have splitted the traffic on its main backbone cable, creating a copy of all the data, which was then directed to the police computer – telecom and internet companies really don’t like outsiders to install equipment onto their actual networks.

Next, all the copied Leaseweb traffic, some 50 Gigabit per second for 4 to 10 million websites, went through the DPI machine. First the police filtered out all ICQ traffic, and then the ICQ traffic associated with the list of the 436 selected numbers. This went on for 3 months, so the warrant was apparently renewed a few times, as an approval for targeted interception is initially limited to a period of 4 weeks.

Leaseweb headquarters in Amsterdam
(click to enlarge)

Some questions

The description of the tapping operation by De Volkskrant raises some questions. Government filtering systems having access to all the internet traffic of a company is the way that (signals) intelligence agencies are conducting bulk collection, not the way that law enforcement is supposed to do targeted interception.

In western countries, the police is generally only allowed to tap communications associated with individually identified suspects or specific communication identifiers, like phone numbers and e-mail addresses. In the ZeuS case, it was probably argued that it was targeted interception because there were 436 specific identifiers: the ICQ numbers of known cyber criminals.

Foreign selectors

First, this case immediately reminds of the selector affair that came to light through the German parliamentary inquiry into the cooperation between NSA and BND. For years, NSA provided the Germans with millions of internet identifiers, which they entered into their satellite collection system, without being able to see to whom these identifiers belonged.

> See for more: German BND didn’t care much about foreign NSA selectors

Could that have happened to the Dutch police too? Were they able to verify that each one of the 436 ICQ numbers was used by a cyber criminal, or did they just trusted the foreign authority that provided them?

For this kind of international cooperation, it’s often inevitable that you have to trust your foreign partners, but then you should also try to make sure that the data collection is as careful and targeted as possible.

Dutch internet tapping

One way to assure that is through technical means. For telephone tapping this is relatively easy, because telephone switches have built-in tapping capabilities based upon international standards. For internet tapping this is different and external devices have to be used to pick out the communications of interest.

In the Netherlands, the interception of internet data uses the Transport of Intercepted IP Traffic (TIIT) protocol, which ensures that the police only gets the internet data associated with an IP or e-mail address for which there’s a warrant.

Overview of the TIIT protocol for IP and e-mail interception
(click to enlarge)

First, an Internet Service Provider (ISP) copies all its traffic and leads the copy to a secured interception network on its own premises. There, a sniffer machine (S1) filters out the data that have to be intercepted, and encrypts these with a key that is associated with a particular warrant.

Then, these data go to the ISP collector machine (S2), which sets up a connection, through an encrypted tunnel over a regular internet link, to a government collector machine (T1), which receives the data from one or more S2 machines.

The T1 devices are managed by the Unit Lawful Interceptions (ULI) in Driebergen and from there, the intercepted data are distributed to computers (T2) at the tapping rooms (tapkamers) of the police districts. Here, they are stored and decrypted so the intercepted communications become available in plain text.

Intercepting hosting providers

With the TIIT protocol, the police doesn’t get access to the copy of an ISP’s entire traffic: it’s the ISP that controls the sniffer machine that filters out the communications that belong to a particular suspect. But at Leaseweb it was apparently the police that controlled the sniffer (in the form of DPI equipment) where all the traffic passed through.

The most likely reason for this is that Leaseweb is a hosting provider and it’s considered that such companies don’t have to comply with the Dutch Telecommunications Law that says that public communication networks or services have to be interceptable. Therefore, hosting providers were not required to install the tapping facilities like the telephone and internet access companies have.

But the hosting companies can of course cooperate voluntarily when the police presents them a warrant. However, when the new Secret Services Act comes into force, such non-public communication providers do have to tolerate interception on behalf of AIVD and MIVD, but they don’t need to have pre-installed tapping capabilties.

This means that in both cases, even for targeted interception, the government will control the sniffer equipment for filtering up to a company’s entire traffic – something that digital rights groups like the ACLU already consider to be unlawful “bulk surveillance.”

Oversight

Another question is how to make sure that the police doesn’t misuse it’s power when for example a hosting provider voluntarily provides access to their entire traffic. Maybe the police has internal protocols for that, but while interception conducted by the secret services is subject to independent oversight, police tapping is not.

It’s considered that in criminal cases, a judge will eventually decide whether certain police methods are lawful or not, but in practice, judges often lack the necessary technical knowledge, while police and public prosecutors try to hide these sensitive techniques. It’s not clear whether any suspect in the ZeuS case was tried before a Dutch court.

Untargeted interception

The ZeuS case shows that not only the networks of telecommunications and internet service providers can be useful to intercept, but also hosting providers like Leaseweb, especially when their servers are used by foreign companies to host their internet (communication) services – useful, not only for the police, but also for the secret services AIVD and MIVD.

Soon, both services can even go a step further, as the new Secret Services Act will also allow them to conduct untargeted cable interception. That means that they may not only filter out communications that are associated with already known identifiers, but also (temporarily) store all the metadata and a lot of content in order to search for data that belong to yet unknown targets.

In the public debate about the new law, there was a lot of speculation about how the new untargeted cable access will be implemented, but the interception at Leaseweb, as described by De Volkskrant, gives a very concrete example of what can be expected.

National watch center of the Royal Marechaussee in Driebergen
with a large dark gray Philips PNVX crypto telephone
(photo: AmberAlert.nl)

The end of ZeuS

After collecting the messages associated with the 436 ICQ numbers and subsequently analysing them, it came out that one particular ICQ number acted as the leader of the cyber crime network. In one of the intercepted conversations this person even admitted to be the designer of the ZeuS malware.

The police gave him the codename “Umbro”, but he himself used aliasses like Lucky12345, Monstr, Slavik, IOO, Pollingsoon, and Nu11. De Volkskrant story doesn’t tell how the police found out the real identity of “Umbro” and it was only in 2014, under the international law enforcement Operation Tovar, that he was identified as Evgeniy Mikhailovich Bogachev, born October 28, 1983.

Already in 2013, investigators noticed that the ZeuS virus wasn’t just used for stealing money anymore, but also for finding out very specific information about government officials of Russia’s neighbours. Dutch police and the FBI became convinced that “Umbro” (Bogachev) had started working for Russian intelligence too.

To be or not to be arrested

The latter seems to be one of the reasons that, after the hack of the Democratic National Committee (DNC) in 2016, the US government put Bogachev on a list of sanctioned individuals. Besides that, his malware was also responsible for stealing over 100 million USD from American organizations. However, Bogachev is still at large, probably because he is useful for Russian intelligence operations.

For the Dutch police team there was another unpleasant surprise: Sergei Mikhailov, the FSB officer who had become such a familiar face for them, was suddenly arrested in December 2016 – according to Russian press reports because he and Kaspersky expert Ruslan Stojanov had leaked information to US intelligence.

Nobody knows whether this is true or where Mikhailov is now, but the cooperation between Dutch police and the Russian FSB continues.

Links and sources
– Volkskrant.nl: Dutch police works together with Russia’s FSB, despite political tensions (2017)
– Netkwesties.nl: Russen schakelden contactpersoon van Nederlandse cyberpolitie uit (2017)
– Inspectie V en J: Meldkamer Landelijke Eenheid Politie (.pdf) (2014)
– Ars Technica: Deep packet inspection meets ‘Net neutrality, CALEA (2007)
– Dialogic.nl: Aftapbaarheid van telecommunicatie (.pdf) (2005)
– Rijkspolitie.org: Geschiedenis AVD Driebergen (2002)

4 comments:

Anonymous said…: Sniffing traffic is history, now most communications are end to end encrypted. So, ISP do not have access to it (in most cases); June 10, 2017 at 1:23 AM
Anonymous said…: huh… haha ya sure, that and rainbow unicorns…; June 11, 2017 at 6:23 AM
see here said…: When it comes to mobile broadband internet, there are a variety of numerous systems, for example LTE, 3rd generation as well as 4G, which allow continuous transmission of the web sign towards the cell phone. A special broadband Wi-Fi signal doesn’t depend on line-of-sight transmitters check over here.; June 16, 2017 at 12:49 PM
cyberzon said…: Of course it is e2e crypted. That is why SS (Secret Service) need help from ISPs. All the “targeted” traffic goes through LI (Lawful Intercept) devices. SS is interested not only what you speak about, but with who you are speaking as well. With little bit of fishing or other methods you get the key to decrypt all the traffic and encrypt it again – so no one knows ’bout it.; June 27, 2017 at 5:22 PM

Welcome to Electrospaces.net!

Here you can read about:
– Signals Intelligence (SIGINT),
– Communications Security (COMSEC),
– Information Classification,
and also about the equipment, from past and present, which make that civilian and military leaders can communicate in order to fulfill their duties.The main focus will be on the United States and its National Security Agency (NSA), but attention will also be paid to other countries and subjects.

Any comments, additions, corrections, questions or suggestions will be very appreciated! There’s no login or registration required for commenting.

twitter.com/electrospaces
info (at) electrospaces.net

As of February 3, 2017:
NEW PGP Public Key fingerprint: ECEC FF63 D036 F415 A0BF A436 661A AC96 B451 5E04

Hotlinks

– The Dutch virtual Crypto Museum

– Website about Crypto Machines

– Steven Aftergood’s Secrecy News

– Intelligence expert Matthew Aid

– Bruce Schneier on Security

– The weblog Empty Wheel

– Weblog of Matthijs R. Koot

– Leaked documents: IC Off the record

– Der Spiegel’s 53 & 36 documents- Netzpolitik live blogs: NSA Inquiry

– The Snowden Surveillance Archive

– NSA Observer – FVEY Docs

– Spy back: ICWATCH

– The Cryptome

> Many more links

Go back

Your message has been sent

Revealed – Top USG Lobbyists for Internet – Donations in $

Become a Patron!
True Information is the most valuable resource and we ask you to give back.

Go back

Your message has been sent

Lobbyist Definition, Lobbyist Jobs, Lobbyist Salary, Lobbyist Definition Government, Lobbyist Groups, Lobbyist Registration, Lobbyist Movie, Lobbyist Synonym, Lobbyist Firms, Lobbyist Definition Ap Gov, Lobbyist Ap Gov, Lobbyist Average Salary, Lobbyist Approach White House Officials To, Lobbyist Are Required To Follow Strict, Lobbyist And Special Interest Groups, Lobbyist Ap Gov Definition, Lobbyist Association, Lobbyist Apush, Lobbyist Activities, Lobbyist Attire, Lobbyist Bls, Lobbyist Ban, Lobbyist Bribery, Lobbyist Background, Lobbyist Bundling, Lobbyist Bad, Lobbyist Books, Lobbyist Benefits, Lobbyist Bills, Lobbyist Biography, Lobbyist Career, Lobbyist Certification, Lobbyist Companies, Lobbyist Corruption, Lobbyist Career Path, Lobbyist Cartoon, Lobbyist Civics Definition, Lobbyist Cover Letter, Lobbyist Compensation, Lobbyist Contributions, Lobbyist Definition, Lobbyist Definition Government, Lobbyist Definition Ap Gov, Lobbyist Def, Lobbyist Disclosure Act, Lobbyist Database, Lobbyist Disclosure, Lobbyist Degree, Lobbyist Directory, Lobbyist Definition Quizlet, Lobbyist Example, Lobbyist Education, Lobbyist En Espanol, Lobbyist Ethics, Lobbyist Explained, Lobbyist Employer, Lobbyist Expenditures, Lobbyist Etymology, Lobbyist Effect On Politics, Lobbyist Entry Level Jobs, Lobbyist Firms, Lobbyist Florida, Lobbyist For Education, Lobbyist Facts, Lobbyist Filings, Lobbyist For Tyson, Lobbyist For Animal Rights, Lobbyist Firms In Dc, Lobbyist For Turkey, Lobbyist For Russian Interests, Lobbyist Groups, Lobbyist Government Definition, Lobbyist Good Or Bad, Lobbyist Gift Ban, Lobbyist Groups In Dc, Lobbyist Goals, Lobbyist Georgia, Lobbyist Groups In America, Lobbyist Governors Ball, Lobbyist Groups In Washington Dc, Lobbyist History, Lobbyist House Of Cards, Lobbyist How To Become, Lobbyist Harrisburg Pa, Lobbyist Hourly Rate, Lobbyist Hotel, Lobbyist Healthcare, Lobbyist Hours, Lobbyist Hawaii, Lobbyist Hotel Washington D C, Lobbyist Internships, Lobbyist In Spanish, Lobbyist In A Sentence, Lobbyist Income, Lobbyist Influence, Lobbyist Interest Groups, Lobbyist In Congress, Lobbyist Illinois, Lobbyist In Government, Lobbyist Influence The Courts In Texas By, Lobbyist Jobs, Lobbyist Jobs Dc, Lobbyist Jobs Nyc, Lobbyist Job Outlook, Lobbyist Jobs Denver, Lobbyist Jobs Mn, Lobbyist Jobs Florida, Lobbyist Jobs Sacramento, Lobbyist Jobs Texas, Lobbyist Job Description, Lobbyist K Street, Lobbyist Korean Drama, Lobbyist Karen Johnson, Lobbyist Killed, Lobbyist Korean Drama Episode 1, Lobbyist Korean Movie, Lobbyist Korean, Lobbyist Korean Drama Cast, Lobbyist Korean Series, Lobbyist Korean Drama Review, Lobbyist Lookup, Lobbyist List, Lobbyist Laws, Lobbyist Lawyer, Lobbyist License, Lobbyist Louisiana, Lobbyist List Illinois, Lobbyist Legal, Lobbyist Letter, Lobbyist Law Firm, Lobbyist Meaning, Lobbyist Movie, Lobbyist Meme, Lobbyist Money, Lobbyist Majors, Lobbyist Money In Congress, Lobbyist Methods, Lobbyist Massachusetts, Lobbyist Matt Mika, Lobbyist Mika, Lobbyist News, Lobbyist Nyc, Lobbyist New Mexico, Lobbyist Names, Lobbyist New York, Lobbyist Nevada, Lobbyist Nursing, Lobbyist Nh, Lobbyist Nc, Lobbyist North Carolina, Lobbyist Organization, Lobbyist Origin, Lobbyist Occupation, Lobbyist Oklahoma, Lobbyist On K Street, Lobbyist Oregon, Lobbyist Often Assist Lawmakers By, Lobbyist Opensecrets, Lobbyist Org Crossword, Lobbyist Org Crossword Clue, Lobbyist Pay, Lobbyist Positions, Lobbyist Professions, Lobbyist Plural, Lobbyist Purpose, Lobbyist Political Cartoon, Lobbyist Political Definition, Lobbyist Pass Governors Ball, Lobbyist Politics, Lobbyist Public Search, Lobbyist Quizlet, Lobbyist Qualifications, Lobbyist Quotes, Lobbyist Questions, Lobbyist Quebec, Lobbyist Queensland Government, Lobbyist Qualities, Lobbyist Qld, Lobbyist Quarterly Report, Lobbyist Quiz, Lobbyist Registration, Lobbyist Role, Lobbyist Registration Federal, Lobbyist Regulations, Lobbyist Registry, Lobbyist Rules, Lobbyist Resume, Lobbyist Registration Requirements, Lobbyist Revolving Door, Lobbyist Registration California, Lobbyist Salary, Lobbyist Synonym, Lobbyist Search, Lobbyist Salary Nyc, Lobbyist Salary In Dc, Lobbyist Search Illinois, Lobbyist Spending, Lobbyist Scandals, Lobbyist Sentence, Lobbyist Salary Payscale, Lobbyist Tactics, Lobbyist Trump, Lobbyist Training, Lobbyist Techniques, Lobbyist Training Programs, Lobbyist Texas, Lobbyist Tyson, Lobbyist Try To Maintain, Lobbyist To Congressman Ratio, Lobbyist Tools, Lobbyist Used In A Sentence, Lobbyist Utah, Lobbyist Urban Dictionary, Lobbyist Uk, Lobbyist Usa, Lobbyist Uk Jobs, Lobbyist Uber, Lobbyist Uk Salary, Lobbyist Urban Dic, Lobbyist Unethical, Lobbyist Vs Consultant, Lobbyist Vs Lawyer, Lobbyist Virginia, Lobbyist Vs Bribery, Lobbyist Vs Advocate, Lobbyist And Interest Group, Lobbyist Vs Activist, Lobbyist Vs Pressure Groups, Lobbyist Video, Lobbyist Virtual Families 2, Lobbyist Waivers, Lobbyist Wiki, Lobbyist What Do They Do, Lobbyist Willard Hotel, Lobbyist Who Went To Jail, Lobbyist Wage, Lobbyist Write Legislation, Lobbyist Work For, Lobbyist Website, Lobbyist What I Actually Do Meme, Spacex Lobbyist, Lobbyist Youtube, Lobbyist Yahoo, Lobbyist Yearly Salary, Young Lobbyist, Young Lobbyist Network, Yelp Lobbyist, Ymca Lobbyist, Youth Lobbyist, Lobbyist New York, Lobbyist Thank You For Smoking, Lobbyist Zorg, Zinc Lobbyist, Zionist Lobbyist, Elaine Ziemba Lobbyist, Jennifer Ziegler Lobbyist, Mark Zuckerberg Lobbyist, Zigaretten Lobbyist Film, Lobbyist Zoeken, Lobbyist Zeeland, Lobbyist Zdf, Internet Speed Test, Internet Explorer, Internet Providers, Internet Archive, Internet Explorer 11, Internet Of Things, Internet Explorer For Mac, Internet Radio, Internet Service Providers, Internet Service, Internet Archive, Internet Addiction, Internet Access, Internet Advancement, Internet And Cable, Internet Availability, Internet Archive Wayback, Internet Acronyms, Internet App, Internet Available In My Area, Internet Browser, Internet Booster, Internet Brands, Internet Bill, Internet Box, Internet Banking, Internet Business, Internet Backbone, Internet Bandwidth, Internet Business For Sale, Internet Companies, Internet Cafe, Internet Cafe Near Me, Internet Connection, Internet Cable, Internet Connection Test, Internet Comment Etiquette, Internet Censorship, Internet Cost, Internet Crime Complaint Center, Internet Definition, Internet Download Manager, Internet Down, Internet Deals, Internet Download Speed, Internet Dating, Internet Domains, Internet Domain Name Services, Internet Download Manager Free, Internet Dinosaur Game, Internet Explorer, Internet Explorer 11, Internet Explorer For Mac, Internet Explorer Download, Internet Essentials, Internet Explorer 10, Internet Explorer 9, Internet Explorer Has Stopped Working, Internet Explorer For Windows 10, Internet Encyclopedia Of Philosophy, Internet Fax, Internet Friends, Internet For Home, Internet Famous, Internet Fax Service, Internet Filter, Internet Freedom, Internet For Rv, Internet For Low Income, Internet For Classrooms, Internet Games, Internet Gateway, Internet Gaming Disorder, Internet Genie, Internet Girl, Internet Gif, Internet Gaming Cafe, Internet Girlfriend, Internet Glasses, Internet Gaming Cafe Near Me, Internet History, Internet Historian, Internet High Five, Internet Hotspot, Internet Health Report, Internet History Bill, Internet Health, Internet Hug, Internet Health Map, Internet History For Sale, Internet In My Area, Internet Icon, Internet In Spanish, Internet Issues, Internet Invented, Internet Issues Today, Internet Is Slow, Internet In Cuba, Internet Information Services, Internet Is Beautiful, Internet Jobs, Internet Jukebox, Internet Jetset, Internet Jack, Internet Jokes, Internet Jock, Internet Jobs From Home, Internet Job Boards, Internet Jitter Test, Internet Jacksonville Fl, Internet Keeps Dropping, Internet Keeps Cutting Out, Internet K Hole, Internet Killed The Video Star, Internet Keeps Disconnecting, Internet Kill Switch, Internet Keeps Going In And Out, Internet Key Exchange, Internet Keyboard, Internet Kid Meme, Internet Law, Internet Logo, Internet Loans, Internet Latency, Internet Lingo, Internet Las Vegas, Internet Login, Internet Live Stats, Internet Latency Test, Internet Library, Internet Modem, Internet Movie Database, Internet Marketing, Internet Meme, Internet Music, Internet May Not Be Available, Internet Money, Internet Modeling, Internet Map, Internet Marketing Strategies, Internet Neutrality, Internet Noise, Internet Near Me, Internet Not Working, Internet News, Internet Nebraska, Internet Not Working On Iphone, Internet Not Connecting, Internet No Contract, Internet News Sites, Internet Of Things, Internet Outage, Internet Outage Map, Internet Options, Internet On The Go, Internet Of Things Definition, Internet Of Things Stocks, Internet Of Things Devices, Internet Only Plans, Internet Options Near Me, Internet Providers, Internet Privacy, Internet Providers In My Area, Internet Phone, Internet Privacy Bill, Internet Plans, Internet Privacy Laws, Internet Prices, Internet Protocol, Internet Packages, Internet Quotes, Internet Quizzes, Internet Quality Test, Internet Quiz, Internet Questions, Internet Quizlet, Intranet Quorum, Internet Qos, Internet Quote Abe Lincoln, Internet Queen, Internet Radio, Internet Router, Internet Recovery Mac, Internet Retailer, Internet Rules, Internet Relay Chat, Internet Rule 35, Internet Radio Tuner, Internet Recovery, Internet Repeater, Internet Speed Test, Internet Service Providers, Internet Service, Internet Safety, Internet Service Near Me, Internet Security, Internet Speed Test Comcast, Internet Speed Checker, Internet Slang, Internet Service Provider Near Me, Internet Test, Internet Tv, Internet Truckstop, Internet Troll, Internet Time Machine, Internet Tv Options, Internet Tv Box, Internet Time, Internet Tough Guy, Internet Traffic Report, Internet Usage, Internet Usage Statistics, Internet Upload Speed, Internet Users, Internet Usage Monitor, Internet Usb, Internet Users By Country, Internet Usb Stick, Internet Use, Internet Usage Policy, Internet Verizon, Internet Vs Intranet, Internet Vs World Wide Web, Internet Vpn, Internet Video Downloader, Internet Virus, Internet Videos, Internet Very Slow, Internet Vs Wifi, Internet Vs Internet, Internet Wayback Machine, Internet Wiki, Internet Wifi, Internet Without Cable, Internet Wines, Internet Wire, Internet Won’t Connect, Internet Weather Report, Internet Wireless, Internet Worm, Internet Xfinity, Internet Xbox One, Internet Explorer, Internet Xfinity Deals, Internet Xfinity Login, Internet Xfinity Speed Test, Internet Xpress, Internet Xbox 360, Internet X, Internet Explorer 11, Internet Youtube, Internet Yellow Pages, Internet Yard Sale, Internet Year, Internet Yuma Az, Internet Y Cable, Internet York Pa, Internet Yahoo, Internet Youtube Downloader, Internet Yakima, Internet Zip Code, Internet Zone Mapping, Internet Zone, Internet Zero, Internet Zombie, Internet Zillionaire, Internet Zone Mapping Group Policy, Internet Zines, Internet Zoom, Internet Zone Settings, Donation Pick Up, Donation Center, Donation Box, Donation Request, Donation Request Letter, Donation Letter, Donation Drop Box, Donation Definition, Donation Value Guide, Donation Of Constantine, Donation App, Donation After Cardiac Death, Donation Assistant, Donation Assistant App, Donation Attendant, Donation Account, Donation Agreement, Donation After Circulatory Death, Donation Amount, Donation Army, Donation Box, Donation Box Near Me, Donation Button, Donation Bins, Donation Bins Near Me, Donation Box Ideas, Donation Button Twitch, Donation Based Yoga, Donation Button Paypal, Donation Box With Lock, Donation Center, Donation Calculator, Donation Clothes, Donation Car, Donation Card, Donation Card Template, Donation Companies, Donation Clipart, Donation Containers, Donation Certificate, Donation Drop Off, Donation Drop Box, Donation Definition, Donation Drop Box Near Me, Donation Drop Off Box Near Me, Donation Drive, Donation Deduction, Donation Drop Off Box, Donation Drop Off Locations Near Me, Donation Drop Spot, Donation Envelopes, Donation Exchange, Donation Estimator, Donation Email Template, Donation Envelope Template, Donation Email, Donation Express, Donation Events, Donation Envelope Printing, Donation Estimator For Taxes, Donation Form, Donation Form Template, Donation Furniture Pick Up, Donation Flyer, Donation Flyer Template, Donation For Money, Donation Fair Market Value, Donation Foundation, Donation For Funeral, Donation For Cancer, Donation Gif, Donation Goodwill, Donation Guide, Donation Gifts, Donation Guidelines, Donation Goal, Donation Guide For Taxes, Donation Games, Donation Groups, Donation Goal Tracker, Donation Home Pick Up, Donation Hair, Donation Hours Goodwill, Donation Hours, Donation Hashtags, Donation Help, Donation Hub, Donation History, Donation Household Items, Donation Homeless, Donation In Spanish, Donation Images, Donation Icon, Donation Ideas, Donation In Kind, Donation In Memory Of, Donation In Honor Of, Donation Inter Vivos, Donation Items, Donation In Lieu Of Favors, Donation Jar, Donation Jar Ideas, Donation Jar Sayings, Donation Jar Template, Donation Jar Wording, Donation Jokes, Donation Jar Sign, Donation Journal Entry, Donation Jar Decorating Ideas, Donation Jobs, Donation Kiosk, Donation Kidney, Donation Keywords, Donation Kansas City, Donation Kapolei, Donation King Title Maplestory, Donation Kidney Foundation, Donation Kiosk System, Donation Ka Hindi, Donation Keith Palmer, Donation Letter, Donation Letter Template, Donation Locations, Donation List, Donation Levels, Donation Letter Thank You, Donation Land Claim Act, Donation Letter Request, Donation Link, Donation Lds, Donation Match, Donation Meaning, Donation Machine Isaac, Donation Meme, Donation Money, Donation Management Software, Donation Movers, Donation Message, Donation Meter, Donation Merchandise, Donation Near Me, Donation Nation, Donation Nyc, Donation Navigator, Donation Names, Donation Needed, Donation Nation Reviews, Donation Number, Donation Needle, Donation Nearby, Donation Of Constantine, Donation Organizations, Donation Of Furniture, Donation Online, Donation Of Hair, Donation Of Appreciated Stock, Donation Of Clothes, Donation Of Car, Donation Of Eggs, Donation On Twitch, Donation Pick Up, Donation Pick Up Nyc, Donation Pick Up Nj, Donation Page, Donation Pick Up Mn, Donation Pick Up Los Angeles, Donation Pick Up San Diego, Donation Pick Up Today, Donation Pick Up Chicago, Donation Pick Up Seattle, Donation Quotes, Donation Quilts, Donation Quickbooks, Donation Qr Code, Donation Request, Donation Quilt Patterns, Donation Qualified Organization, Donation Quotes For Funeral, Donation Quotes For Cancer, Donation Quotes And Sayings, Donation Request, Donation Request Letter, Donation Receipt, Donation Receipt Template, Donation Request Form, Donation Receipt Letter, Donation Request Template, Donation Receipt Requirements, Donation Request Email, Donation Request Nyc, Donation Synonym, Donation Sites, Donation Station, Donation Stores, Donation Sign, Donation Solicitation Letter, Donation Software, Donation Salvation Army, Donation Services, Donation Sheet, Donation Thank You Letter, Donation Town, Donation Tracker, Donation Tax Deduction, Donation Tax Form, Donation Thank You Letter Template, Donation Tax Receipt, Donation Template, Donation Tax Credit, Donation Thesaurus, Donation Unicef, Donation Upgrade Clash Of Clans, Donation University, Donation Used Furniture, Donation Usa, Donation Using Paypal, Donation Upper East Side, Donation Used Clothes, Donation Urban Dictionary, Donation U\/s 80g, Donation Value Guide, Donation Valuation Guide, Donation Valuation Guide 2017, Donation Value Of Books, Donation Veterans, Donation Value Guide 2016 Goodwill, Donation Value Calculator, Donation Values 2016, Donation Values Irs, Donation Value Guide 2017 Spreadsheet, Donation Website, Donation Warehouse, Donation Write Off, Donation Wording, Donation Worksheet, Donation With Purchase, Donation Wedding Favor, Donation Widget, Donation Website Free, Donation Wall, Donation X, Donation Xchange Companies, Donation Xpress, Donation Xp Clash Royale, Donation X Request, Donation X Companies, Donation Xmas Gifts, Donation Xmas Cards, Donation Xsplit, Donation Xp Coc, Donation Yoga, Donation Yoga Austin, Donation Yoga Santa Monica, Donation Yoga Nyc, Donation Yoga Near Me, Donation Yoga Los Angeles, Donation Youtube, Donation Yoga Portland, Donation Yoga Sf, Donation Yoga Philadelphia, Donation Zakat, Donation Zuckerberg, Donation Zhypermu, Donation Zelda Twilight Princess, Donation Zoo, Zappos Donation Request, Zoobooks Donation Request, Zuckerberg Donation Newark, Zales Donation Request, Zaxby’s Donation Request

CONFIDENTIAL – Virginia Fusion Center Bulletin: TOR, Bitcoins, Silk Road and the Hidden Internet

The following report was released to law enforcement around the country by the Virginia Fusion Center in April 2013. It describes law enforcement concerns related to the use of Tor, Bitcoins and other services allowing greater anonymity online.

TOR, Bitcoins, Silk Road, and the Hidden Internet

10 pages
Law Enforcement Sensitive
April 19, 2013

The purpose of this bulletin is to provide awareness and a basic understanding of the “Hidden Internet” to investigators in the field, as well as provide some examples of how the Hidden Internet can be exploited by criminal elements.

While the term “Hidden Internet” can be used in a broader context and refer to other internet terms such as the “Deep Web” or “Deepnet,” for the purpose of this bulletin the term “Hidden Internet” will refer to the hidden services provided by the TOR project to internet users, specifically relating to the Silk road website and use of Bitcoins.

TOR Project

The TOR project was initially designed and implemented as a third generation onion routing project by the United States Naval Research Laboratory. While the inception and design was for the purpose of protecting sensitive communications for the United States Navy, today it is utilized by over 500,000 users every day for both legal and illegal activities.

The TOR project’s primary goal is to increase privacy and security for internet users, as stated in their own 2012 Annual Report. This is accomplished through the onion routing system that utilizes TOR volunteers which are used as relays. As users connect through TOR, their data is routed through a series of relays, is encrypted, and as a result does not provide the users location, other identifying information, or original IP address.

…

It is important to note that the use of TOR is not illegal in and of itself. Further, the use of TOR provides a service that can be a useful tool both to individuals personally, for governments, and law enforcement personnel. For example, TOR can provide an investigator a level of anonymity while conducting investigations covertly on the internet, such as attempting to monitor a suspect’s Facebook or Myspace account without the risk of identifying the investigators location or IP address.

If electronic evidence is seized and subsequently searched for digital evidence during an investigation, the discovery of the TOR software on a computer may be an indicator that not all of the individual’s internet browsing history will be obtainable through traditional means, i.e. subpoena, to the individual’s internet service provider.
Bitcoins

While TOR provides individuals the ability to remain anonymous on the internet, it would not be possible to establish a cyber black market without the ability to exchange currency. Bitcoins are a virtual currency traded online over peer-to-peer networks allowing both the providing and receiving parties to remain anonymous to one another.

A Bitcoin is “a digital currency, a protocol, and a software that enables; Instant peer to peer transactions, and Worldwide payments” which allows users to conduct online transactions without the use of standard regulated world currencies. For law enforcement, the use of Bitcoins in conjunction with the Hidden Internet, poses a great challenge.

Bitcoins can be purchased several ways, including online exchanges (Mt. Gox being the most common), private companies, or individuals who have Bitcoin holdings already. To begin trading in Bitcoins all a user needs to do is choose a wallet and install it on a computer or smartphone/tablet. Once the user has the wallet they are able to send and receive Bitcoins.

Bitcoins are not regulated or insured by any government or banking system. As such, the use of Bitcoins, the terminology, and execution are extremely technical and will not be covered in this bulletin but the explanations and descriptions are widely available on the Internet.

Since the inception of Bitcoins in 2009 there has been a continuous rise in the usage and total value of Bitcoins in circulation. There are over 50,000 Bitcoin transactions daily equaling millions of U.S. dollars. The total value of all Bitcoins in circulation is over 1.3 billion.

As is the case with the use of TOR, the purchase, receipt, and use of Bitcoins is not illegal in and of itself and perfectly legitimate transactions are made such as paying for clothing, hotels, restaurants, and allowing individuals or groups to make anonymous donations4. However, with the limited exposure to detection and high potential for profit, the use of TOR and Bitcoins has laid the foundation for the exploitation of these services by criminal elements.

Silk Road

The Silk Road is a hidden website that can only be accessed using TOR or other services (such as Onion.to) that will route through TOR. The hidden net address for The Silk Road Anonymous Marketplace is: http://silkroadv5p5cbl6.onion/.

…

For the purposes of this bulletin, the Virginia Fusion Center (VFC) established, through the use of TOR, a Silk Road account. The following are screen shots of the site from initial logon, to browsing. For any individual who is comfortable with the internet the entire process can take only minutes.

The following screenshots show the initial account set up screen, login screen, as well as browsing screen shots of items that could be purchased from the site. For the purposes of this bulletin, a covert screen name was utilized. The screenshots are simply samples of the items listed on the site, and in no way are all inclusive.

With the launch of the Silk Road website in 2011, use has increased. By some accounts, it is believed that the Silk Road conducts approximately $2,000,000 per month in transactions believed to net “The Dread Pirate Roberts” approximately $140,000 per month, all in Bitcoins.

While the Silk Road is believed to be the largest and most well-known of the hidden sites, there are others such as “Black Market Reloaded”, “Deep Web Weapons”, “Gun Guys Den”, and “Behind Bloodshot Eyes”, amongst others.

Smishing and Vishing And Other Cyber Scams to Watch Out for This Holiday

Credit Card

You receive a text message or an automated phone call on your cell phone saying there’s a problem with your bank account. You’re given a phone number to call or a website to log into and asked to provide personal identifiable information—like a bank account number, PIN, or credit card number—to fix the problem.

But beware: It could be a “smishing” or “vishing” scam…and criminals on the other end of the phone or website could be attempting to collect your personal information in order to help themselves to your money. While most cyber scams target your computer, smishing and vishing scams target your mobile phone, and they’re becoming a growing threat as a growing number of Americans own mobile phones. (Vishing scams also target land-line phones.)

“Smishing”—a combination of SMS texting and phishing—and “Vishing”—voice and phishing—are two of the scams the FBI’s Internet Crime Complaint Center (IC3) is warning consumers about as we head into the holiday shopping season. These scams are also a reminder that cyber crimes aren’t just for computers anymore.

IC3 Tips to Protect Yourself
From Cyber Scams
– Don’t respond to text messages or automated voice messages from unknown or blocked numbers on your mobile phone.

– Treat your mobile phone like you would your computer…don’t download anything unless you trust the source.

– When buying online, use a legitimate payment service and always use a credit card because charges can be disputed if you don’t receive what you ordered or find unauthorized charges on your card.

– Check each seller’s rating and feedback along with the dates the feedback was posted. Be wary of a seller with a 100 percent positive feedback score, with a low number of feedback postings, or with all feedback posted around the same date.

– Don’t respond to unsolicited e-mails (or texts or phone calls, for that matter) requesting personal information, and never click on links or attachments contained within unsolicited e-mails. If you want to go to a merchant’s website, type their URL directly into your browser’s address bar.

Here’s how smishing and vishing scams work: criminals set up an automated dialing system to text or call people in a particular region or area code (or sometimes they use stolen customer phone numbers from banks or credit unions). The victims receive messages like: “There’s a problem with your account,” or “Your ATM card needs to be reactivated,” and are directed to a phone number or website asking for personal information. Armed with that information, criminals can steal from victims’ bank accounts, charge purchases on their charge cards, create a phony ATM card, etc.

Sometimes, if a victim logs onto one of the phony websites with a smartphone, they could also end up downloading malicious software that could give criminals access to anything on the phone. With the growth of mobile banking and the ability to conduct financial transactions online, smishing and vishing attacks may become even more attractive and lucrative for cyber criminals.

Here are a couple of recent smishing case examples:

Account holders at one particular credit union, after receiving a text about an account problem, called the phone number in the text, gave out their personal information, and had money withdrawn from their bank accounts within 10 minutes of their calls.
Customers at a bank received a text saying they needed to reactivate their ATM card. Some called the phone number in the text and were prompted to provide their ATM card number, PIN, and expiration date. Thousands of fraudulent withdrawals followed.

Other holiday cyber scams to watch out for, according to IC3, include:

Phishing schemes using e-mails that direct victims to spoofed merchant websites misleading them into providing personal information.
Online auction and classified ad fraud, where Internet criminals post products they don’t have but charge the consumer’s credit card anyway and pocket the money.
Delivery fraud, where online criminals posing as legitimate delivery services offer reduced or free shipping labels for a fee. When the customer tries to ship a package using a phony label, the legitimate delivery service flags it and requests payment from the customer.

TOP-SECRET – Buying a Car Online? Read This First

You can buy almost anything over the Internet—including clothes, a pizza, music, a hotel room, even a car. And while most transactions are conducted lawfully and securely, there are instances when criminals insert themselves into the marketplace, hoping to trick potential victims into falling for one of their scams.

Today, the FBI’s Internet Crime Complaint Center (IC3) issued an alert about a specific type of cyber scam that targets consumers looking to buy vehicles online.

How the scam works. While there are variations, here’s a basic description: consumers find a vehicle they like—often at a below-market price—on a legitimate website. The buyer contacts the seller, usually through an e-mail address in the ad, to indicate their interest. The seller responds via e-mail, often with a hard-luck story about why they want to sell the vehicle and at such a good price.

In the e-mail, the seller asks the buyer to move the transaction to the website of another online company….for security reasons….and then offers a buyer protection plan in the name of a major Internet company (e.g., eBay). Through the new website, the buyer receives an invoice and is instructed to wire the funds for the vehicle to an account somewhere. In a new twist, sometimes the criminals pose as company representatives in a live chat to answer questions from buyers.

Once the funds are wired, the buyer may be asked by the seller to fax a receipt to show that the transaction has taken place. And then the seller and buyer agree upon a time for the delivery of the vehicle.

What actually happens: The ad the consumer sees is either completely phony or was hijacked from another website. The buyer is asked to move from a legitimate website to a spoofed website, where it’s easier for the criminal to conduct business. The buyer protection plan offered as part of the deal is bogus. And the buyer is asked to fax the seller proof of the transaction so the crooks know when the funds are available for stealing.

And by the time buyers realize they’ve been scammed, the criminals—and the money—are long gone.

Red flags for consumers:

Cars are advertised at too-good-to-be true prices;
Sellers want to move transactions from the original website to another site;
Sellers claim that a buyer protection program offered by a major Internet company covers an auto transaction conducted outside that company’s website;
Sellers refuse to meet in person or allow potential buyers to inspect the car ahead of time;
Sellers who say they want to sell the car because they’re in the U.S. military about to be deployed, are moving, the car belonged to someone who recently died, or a similar story;
Sellers who ask for funds to be wired ahead of time.

Number of complaints. From 2008 through 2010, IC3 has received nearly 14,000 complaints from consumers who have been victimized, or at least targeted, by these scams. Of the victims who actually lost money, the total dollar amount is staggering: nearly $44.5 million.

If you think you’ve been victimized by an online auto scam, file a complaint with IC3. Once complaints are received and analyzed, IC3 forwards them as appropriate to a local, state, or federal law enforcement agency.

TOP-SECRET- FBI — Tracking a Web of Criminals – Federal Bureau of Investigation

Wouldn’t it be nice if you could see where that scam e-mail came from? If you could plot a scammer’s location on a map, along with their victims? And then go after them?

The FBI Cyber Division’s Internet Crime Complaint Center, a partnership with the nonprofit National White Collar Crime Center, is doing just that. In any given month IC3’s website gets about 20,000 complaints. Agents and analysts wade through them to find patterns and trends, and then go after the scammers by sending the investigative leads to law enforcement agencies or FBI field offices.

Supervisory Special Agent Charles Pavelites, IC3: Anyone who’s been a victim of crime on the Internet can file a complaint with us. We don’t have thresholds for individual complaints. We like to get as much information as possible, and get as much information as possible out to law enforcement in hopes of spurring investigations.

Narrator: The FBI Cyber Division investigates the whole spectrum of Internet crimes, from auction fraud to international threats targeting the U.S. infrastructure.

Assistant Director Shawn Henry, FBI Cyber Division: It’s really important for people to understand how significant the threat is from the cyber attack vector to the U.S. economy and the U.S. infrastructure. There are many foreigners, organized crime groups, that are looking to target the U.S. financial infrastructure, because the business of the United States is done on the Internet.

Narrator: The Internet Crime Complaint Center’s database holds more than 1.3 million complaints. They can sift through the complaints to target specific frauds, or get an overall picture of current online crime trends.

Pavelites: This would be all kinds of cyber fraud, all kinds of schemes. And, these are just dots, but they represent the information that go with them that we can use to determine trends, determine loss amounts, to determine where we should be focusing our efforts in the fight against cyber crime.

Narrator: To avoid scammers’ traps, follow your instincts: don’t click on links or open attachments in unsolicited e-mail, and guard your personal information.

Henry: So the consumer really has to ensure that they’ve got active virus scanning in place, the most recent virus signatures up to date. They’ve got to have a firewall that monitors the connections between their computer and other computers. And they really have to monitor that and be on top of what the threats are and ensure that they’re protecting themselves to the greatest extent possible.

FBI – Be Aware of Recent Cyber Crime Scams

Internet Crime Complaint Center’s (IC3)

Scam Alerts

This report, which is based upon information from law enforcement and complaints
submitted to the IC3, details recent cyber crime trends and new twists to previously-existing
cyber scams.

“Mass Joinder Lawsuits” Promising Home Mortgage Relief

The IC3 has received several complaints from individuals who reported they received
a letter stating they were a potential plaintiff in a “Mass Joinder” lawsuit being
filed by a law firm located in California, against their mortgage companies. Consumers
stated they were requested to pay non-refundable, upfront fees of $2,000 to $5,000.
The law firm made a wide variety of claims and sales pitches and offered legal and
litigation services, with the goal of taking money from the victim.

Lawyers seeking plaintiffs to join a class for a class action lawsuit do not seek
up front commission from their class clients. Class action lawyers are typically
paid on a contingency basis. In a contingency fee arrangement, an attorney receives
approximately 40% of any judgment or settlement amount obtained on the client’s
behalf.

Warnings have been posted on-line regarding “Mass Joinder” by the California Department
of Real Estate; the Better Business Bureau; as well as consumers who have been scammed
and posted their experiences, insights, and warnings.

On-line Auction Site PlayStation Bundle Ad Scam

The IC3 has received several complaints from individuals who reported they received
an unsolicited e-mail stating their ad for a Sony Playstation 3 Metal Gear Solid
4 PS3 80 GB Bundle has been posted and a confirmation number was enclosed for the posting.
In each instance the victim claimed they did not place an ad on an on-line auction
site for the Sony Playstation Bundle. Some victims stated they did not even have
an on-line auction account.

Warnings have been posted on-line to beware of auction site phishing e-mail scams
and specifically mention the above-mentioned scam. One warning indicated the scam
was first reported in January 2009.

Fraud Trends Affecting The eCommerce Community

Ethoca recently provided the IC3 information pertaining to the increase in fraud
attempts incurred by on-line merchants. Ethoca was founded under the concept of
safely sharing transaction data to fight on-line credit card fraud. The company
serves as a data sharing platform for merchants to stop on-line fraud and is partnered
with the National Cyber Forensics and Training Alliance (NCFTA).
The data received by Ethoca remains private and is only used for fraud prevention.
The following information is based on Ethoca’s data collection and information sharing
process.

Advisory On Military Addresses

On 07/11/2011, the hacker group Anonymous posted 90,000 e-mail addresses and passwords.
As a result of this posting, merchants have reported some orders containing military
e-mail addresses have been identified as fraudulent. Until this time, military e-mail
addresses typically meant an order was less likely to be fraudulent. The increase
in fraud orders has happened within the last 30 days.

E-mail Address Tumbling

E-mail address tumbling has been around for awhile and fraudsters have used it for
many years. On the other side, good consumers utilize address tagging to identify
orders.

The purpose of e-mail tagging is to allow consumers to have one e-mail address for
every purpose. The attractive feature of e-mail tagging is it allows the consumer
to vary their e-mail address to help differentiate when placing orders, shopping,
working, schooling, etc., but automatically forwards to the primary e-mail address.
This feature on Gmail works in two ways, either with a period or a plus sign. The
period works by allowing the consumer to take an e-mail address, JohnDoe@gmail.com,
and add as many periods as the consumer wants to the e-mail address, JohnDoe…..@gmail.com,
J.o.h.n.D.o.e@gmail.com, etc.

The feature most often used is the + feature, which allows a user to add additional
tags to their e-mail address to easily identify how someone obtained their name.
Using the above example, when shopping on-line, a consumer can tag their e-mail
as JohnDoe+081811OnlineRetailerName@gmail.com. This allows the user to know they
shopped on-line with a merchant on that specific day.

These features can be used in combination with rules to route e-mails into different
boxes, keeping inbox e-mail volume down, and helping users be more efficient.

Fraudsters have figured out this tip and use what has been termed e-mail address
tumbling, so the fraudster does not have to create unique user accounts for their
many fraud attempts. So far these features have only been found to work with Gmail
accounts.

4 comments:

Rate this:

Share this:

Your message has been sent

Rate this:

Share this:

TOR, Bitcoins, Silk Road, and the Hidden Internet

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this:

Rate this:

Share this: