Monthly Archives: August 2006

How malicious hackers attack (InfoWorld, by Roger A. Grimes)

How malicious hackers attack — an overview by Roger A. Grimes, for InfoWorld

‘When it comes to network defense, the adage “know thy enemy” is never more appropriate.’ — But this is probably the best technique:
‘Every professional penetration tester can easily, and laughingly, recount numerous stories about how easy it is to get unauthorized access from a normal corporate employee. I often walk up to the CEO’s executive secretary and say something like, “Hello, my name is Roger Grimes. I’ve been hired by IT to do password penetration test auditing. I need the CEO’s password.”

How often does this work? So far, 100 percent of the time.’

Florida: 2 Convicted of DIY-e-Business Scam

Bernard Roemmele, 46, and Steve Hein, 53, were convicted, after a six month trial, by a federal jury sitting in Ft. Lauderdale, Florida, of RICO conspiracy and conspiracy to commit money laundering, LawFuel reports.
The two set up an e-Business scam operation under the trade name of CITX, based in Boca Raton. CITX was formerly an internet service provider and alleged computer technology company, which joined with a Boca Raton-based marketing company, PRSI, Inc., to perpetrate the fraud.

Through these companies, the defendants offered the public a non-existent e-commerce opportunity for a fee of $295 per person over the Internet. The offer promised customers an electronic website “store” that would provide customers with an opportunity to engage in e-commerce by electronically retailing goods and services on a pornography-free “internet mall.”

Customers were promised that they would earn commissions from their personal sales, and also from the sales generated by the individuals whom they convinced to purchase these websites.

In addition, Roemmele and Hein set ut a “boiler room” operation. They distributed false press releases via the Internet and other communications media with false and fraudulent information to induce individuals to purchase stock in CITX. Throughout the course of the fraud schemes, the defendants generated more than $15 million in criminal proceeds and netted more than than 46,000 victims (an average damage of $326 per head).