April 17, 2010

The owner and curator of bobbear.co.uk, a site that specializes in exposing Internet scams and phantom online companies, announced Saturday that he will be shuttering the site at the end of April.

Bobbear and its companion site bobbear.com, are creations of Bob Harrison, a 66-year-old U.K. resident who for the last four years has tirelessly chronicled and exposed a myriad of fraud and scam Web sites. The sites, which are well-indexed by Google and other search engines and receive about 2,000 hits per day, often are among the first results returned in a search for the names of fly-by-night corporations advertised in spam and aimed at swindling the unsuspecting or duping the unwitting.

Indeed, bobbear.co.uk has been extremely valuable resource to krebsonsecurity.com, which has used it to track the constant stream of new fraudulent corporations used to recruit so-called money mules, people lured into helping organized criminals launder money stolen through online banking theft.

In an interview with krebsonsecurity, Harrison said he’s been considering this move for some time now, and finally decided to quit the site for health and quality-of-life reasons.

“The wife says I spend about 15 hours a day on it, although it may not be quite that much,” joked the pseudonymous Harrison, speaking via phone from his home near Kent, about 50 miles outside of London. “Things are quite hard and health isn’t that good, so the time has come.”

An example of a money mule recruitment site exposed by bobbear.co.uk

Since its inception, the site has been a fairly frequent target of denial of service attacks — presumably perpetrated by the very same groups whose fraudulent activity Harrison has been exposing. Groups opposed to his work also have targeted Harrison with so-called Joe job attacks, reputation assaults in which perpetrators send out spam e-mails that spoof the name of the target and attempt to tarnish the name of the apparent sender.

But Harrison said he wasn’t retiring the site because of those attacks, which he said have dropped off in recent months anyway. On the contrary, Harrison said he spends more time making sure he doesn’t get sued for erroneously categorizing a legitimate Web site as fraudulent.

“We had so many messages of thanks, and congratulations on the site, but it is so stressful and takes so much out of you, and there is always the worry of litigation hanging over your head,” Harrison said.

The fraud fighter said he plans to spend his upcoming free time finishing a house he started building in 1999, and spending more time with his wife and family, which includes two cats and three geese.

In the meantime, Harrison said he’s hoping to receive some serious offers from an entity or individual interesting in carrying on his work and his sites.

“I haven’t had any offers yet, but it would be nice if someone would take it over, redesign the site,” Harrison said.

10 thoughts on “Fraud Fighter ‘Bobbear’ to Hang Up His Cape

  1. MGD

    I was very disappointed to read Bob’s retirement email. Not in that he was retiring, rather that we were loosing such an extremely valuable resource and asset in the fight against cyber crime. I wish him well and thank him profusely for his extensive and tireless contributions.

    In many cases Bobbear has been the first to alert the net on emerging mule recruiting, and has saved countless victims from being ensnared. Bobbear was just mentioned a few days ago in a WSJ mule article:
    “Scammers Use Online Ads to Con Desperate Job Seekers into ‘Mule’ Operations” http://online.wsj.com/article/SB10001424052702303591204575170112332177770.html

    I have collaborated with Bob on numerous occasions, and he has been an invaluable resource in tracking the multi year money laundering Devbill organized crime syndicate. Many of the potential cyber-mule recruits who are targeted from fraudulent employer accounts on careerbuilder.com are alerted to the fraud when due diligence research online leads them to bobbear’s website.

    It is not possible to overstate Bob’s volunteer efforts in being the early warning alert for emerging mule recruiting.

    I do hope that that bobbear’s database stays online, even if it is not updated. His database serves are as excellent forensic resource for those of us that track long term cyber crime operations. It is extremely valuable even as an archive. I have numerous links pointing to various articles on his website. I know that Bobbear.co.uk has served as a valuable tool for Law Enforcement around the globe.

    I thank Bob for the countless hours of volunteer work, and for the positive impact that he has had. I wish him well in his retirement.


  2. El Paso, TX

    Interesting post, as usual. A journalistic point: maybe, Brian, you should have mentioned that “Bob Harrison” is a pseudonym at the beginning, instead of upon the third mention of his name.

  3. kabo0m

    I hope someone takes over the site for you. I understand site-related stress (different sources of stress however) and think your retirement is well earned but I do so hope someone will be taking over. I had just only recently found out about you when I got caught up in a mail “evaluator” job and got sent a fake money order to “evaluate” the mail system. I didn’t fall for it of course but took pictures and warned others of it and the site got shut down. Of course we know they will be back under a different name as always. Someone said you would have been interested in the pictures (high quality) but since you are retiring I wanted to say that I perused your site and it is very informative. I am a newbie in comparison to your normal visitors but I am learning. Thank you for all your hard work.

  4. MK

    Thanks, Bob, for your informative bobbear site and all the careful documentation that you have done. I either found your site googling spam email or from Castlecops forum post a few years ago. I just hope someone can take over your site an continue the hard work, even if it is spread out in different formats and or websites. By the way, this story was featured on Slashdot as well with some interesting comments: see http://tinyurl.com/y5x2hu8

  5. Andy

    Thank you for the article Brian. Bob, thank you for the website. I have only just learned about it and downloaded it using wget. I hope you don’t mind. This is the first time I have heard of http://www.bobbear.co.uk. Perhaps I can put some of it on my website http://www.dragonnefyre.org.uk I have sent Bob an email via his website. We need sites like Bobs and we need to know about them so we can check things out.

  6. InfoSec Pro

    Maybe if Bob does not find anyone willing to step forward immediately to take over the site he can at least sign up some helpers to transition it into a community operated resources and then develop the model to have a self-sustaining team in the leadership roles…

  7. dh

    I’m running a backup of the site before it gets taken offline. It’s been going for 17 hours and is so far up to 1.31 GB. Anyone want a copy or can host it for others?

  8. JCitizen

    Maybe the guys at aa419.org would be willing to take over Bob’s site; has anyone asked them?

    AA419.org has already been known as a place to find fraudulent sites.

    Hope this helps!

Comments are closed.