23
Apr 10

Charting the Carnage from eBanking Fraud

facebooktwittergoogle_plusredditpinterestlinkedinmail

Aaron Jacobson of Authentify put together this map of all 43 of the U.S. commercial e-banking victims I’ve mentioned in stories at Krebsonsecurity.com and at the Washington Post’s Security Fix blog.

Clicking on this Google Maps link brings up an interactive version of this map showing the names of the victim at each point on the map, as well as their monetary losses.

What’s interesting that I hadn’t realized before seeing this map is that the victims appear to be heavily clustered in the East Coast and Midwest. I’m not sure if there is a connection, but the thieves perpetrating these attacks typically recruit their money mules almost exclusively from these regions. The thinking is that the criminals — most of whom reside in the Eastern European Time Zone (EET), don’t want to spend all night managing these mules. As such, they crooks tend not to solicit mules from those living in the Western United States. Again, there may not be an actual link between the mule trend and the grouping of victims, but just thought it was worth noting.

Tags: , , ,

21 comments

  1. Brian – Do you know if this map will be continually updated? This is great work! Keep it up, and also thank you to Aaron.

    • If you go to the map, it does have a notation “updated yesterday”. It does not have a map pointer for the story that Mr. Krebs posted today about the company in Fort Smith, Ark. Watching to see if Ft. Smith is added will be a good test. (Ft. Smith is a larger city in wester Arkansas, and is labeled at a fairly zoomed-out level on Google maps.

  2. I think the map correlates well with population density, and, by extension, business density. Occam’s Razor, and all that.

    • Yes, it’s well known that Dubuque and Tulsa are as densely populated as central California. ;-)

      • Dubuque and Tulsa ARE as densely populated as Central California. It’s the REST of Oklahoma and Iowa that’s not so densely populated.

  3. Aaron Jacobson

    I will continue to update the Google Map as Brian posts more stories.

  4. This map seems to sometimes show the location of the *victims*, and maybe sometimes the *banks*, but not necessarily the location of the *mules*. If the fraudsters were interested in recruiting mules in time zones convenient for them, then of course the east coast would be better. But that doesn’t necessarily mean that the victims couldn’t be evenly distributed across the country.

  5. Zero hits in WY UT MT SD ND … I guess paying the plumber with two bags of onions is difficult to subvert for the fraudsters in Russia :). On a more serious note, the Google Foreclosure Map http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=&mrt=realestate&sll=37.0625,-95.677068&sspn=55.937499,114.169922&attrid=ee6d68e1e5cb9843_&ie=UTF8&hq=&hnear=&t=h&z=4 shows pretty much the same gap in the plains and mountain west like this bank fraud map.

    • Ugh! Apologies for messing up the layout. You really need to add a “preview” to the comments box.

  6. @qka: The map should now have a pinpoint for JE Systems in Fort Smith, Arkansas.

  7. Well done to Aaron for a great map and continually updating it is a very good idea… it’s things like this that will pressure the banks to get their act together.

  8. “Zero hits in WY UT MT SD ND … I guess paying the plumber with two bags of onions is difficult to subvert for the fraudsters in Russia…”

    Hey, watch it. I live in Montana :) We pay with fresh buffalo, and always remember to tip the Pony Express-FedEx rider.

    But there have been money mule cases here. I think rural state banks and residents could be more susceptible in some cases to these scams….

    • Isn’t it possible that the smallest community banks could be more conservative? That they may not push online banking as much? That the initial startup costs (including training their own selves) of online banking may be seen as too high?

      • @Solo Owl;

        There are plenty of online banks out in the sticks, believe me.

        There are too many smaller fish out in the desert to bother in those areas; however the mix of practical distrust, and gullible innocence makes it a toss up for criminals in this area.

        Actually the smaller banks are very interested in NOT hiring more employees, and so automated banking in any form is very attractive for cost purposes. Even with costs related to theft losses, it still pays to go online.

  9. I don’t see any meaningful relationship between the time zone and the victims’ locations. A criminal enterprise – just like any other business – is motivated by profit and therefore will engage in its activities wherever it can make money. I find it highly unlikely that a slight difference in time zone would act as a barrier.

  10. I don’t want to sound cynical, but keeping in mind the bulk of the monies stolen is actually successfully returned, after subtracting money mule fees (probably at both ends of the transaction), MoneyGram/Western Union fees, licenses for expensive Zbots(!), fees to callservice.biz as reported by Brian and so on. it does not look like the perpetrators make so much. Assuming a gross estimate of 30 000$ per heist, over 43 cases it makes a million dollar “industry” but not a multi-million dollar one and I’m quite sure is pretty crowded there with multiple groups each having multiple members. With no “insider” knowledge I am wondering why they keep doing it, I would assume a honest job would allow them making just as much monies.

    • Take a look at the list of incidents on the map Brian linked to. Your estimate of the amount stolen is low by an order of magnitude. At a quick glance, most of multiple 100s of thousands, and some are nine digit figures.

      Not sure where you got the idea that most of the money is recovered.

      • I actually read about them all in Brian columns and elsewhere, the amounts listed in the map are the monies initially stolen. Fortunately, often 70% or more are recovered, either the money mules were slow or part of them were wired to another bank which flagged the transaction as suspicious and blocked it. As an example, Parkinson Construction is listed with 92000$ while “only” 18000$ were ultimately lost and possibly 10000-12000$ from them reached the perpetrators. A company inTexas was defrauded with 800.000 out of which 200.000 were not recovered. The mileage vary.
        Be it as it may, one or 10 millions getting in the wrong hands, those estimates makes little sense as long as we don’t know how many groups are involved, I was trying to understand whether individuals in those gangs are solely motivated by the monies that gets in their hands (which I thought were not that much per capita – after substracting “expenses”) to pass on the other side of the law.

        • Aaron Jacobson

          Yes. But overall, the total losses are still much much higher than the losses represented on the map. (This is because only a small fraction of victims are willing to go public with their stories.) The FBI estimates over $500 million in losses from commercial wire fraud in 2009 alone.

  11. Really interesting to see this information presented visually. I’ll be curious to see what patterns we can discern as Aaron continues to update the map.

    Backtrack “Mapping Bank Fraud” http://bit.ly/9YoCO7

  12. Take a look at the list of incidents on the map Brian linked to. Your estimate of the amount stolen is low by an order of magnitude.