There is now a mutated version of the modus operandi victimizing chatters using Yahoo Messenger.
The old modus operandi involved those of suspects assuming the “username/handle” of YM users and eventually victimizing unsuspecting victims who are made to send cell phone loads believing that they are chatting with friends and relatives when in fact they are not.
In the first place, how is a suspect able to secure information about the user and eventually assume his identity in the net? Well, either the suspect had surreptitiously accessed the username and password of the person whose identity he wanted to assume or he must have utilized a hardware or software with “keylogging” capabilities.
From the term itself, we can define keylogging as the practice of noting (or logging) the keys strokes on a keyboard, typically in a covert manner so that the person using it is unaware that his actions are being monitored. The keylogger is able to note of a user's online habits and thereafter report it back to the software's creators. From what we have previously discussed, it seems that keylogging is another form of identity fraud.
For those of you who have yet to hear of such, the logical question is how does a keylogger get installed in one’s computer system without the user knowing it? For hardware keyloggers, the suspect will have to physically access the computer and install it there in such a way that the user would not easily notice it. Some hardware keyloggers are placed directly under the keyboard or in the cable connecting it and the CPU. For the non-hardware types, keyloggers get introduced into a system through pop-up advertisements where the user is enticed to install the attached software for free. Other sources of keyloggers include instant messaging, download managers, online gaming, and the favorite of many- pornsites.
As we all know, most PC owners install passwords in their computers in order to regulate or limit the use of the same. When a user turns on his PC, the very first keystrokes he makes on the PC may be those of his username and password. For a lot of PC users, it is a practice to make use of common usernames and passwords in every internet access for every internet site for easy recall and this is what the creative hacker capitalizes on.
Logically, once the hacker receives his daily dose of keystrokes from his intended victim, he would realize that the very first keystrokes may be that of his prospect’s username and passwords. Thereafter, he would visit instant messaging sites which may be regularly visited by his prospect and then by chance would key in the username and password hoping that he would have access. Once he succeeds, he easily assumes the identity of the user and chats with whoever is online at that time. In most cases, the hacker would target his victim’s close friends and relatives in order to request for money, but in majority of the instances, cellphone loads.
The truth is that keyloggers have been in active use for years now although in the Philippines, very few are yet to be aware of their existence. They have in fact been upgraded to the very sophisticated ones that are very hard to detect and remove although there are various applications available in the market that are capable of doing such.
With the use of keyloggers, the use of passwords with alpha-numerics and symbols is not safe after all.
Let’s go back to the investigation of these types of cases.
Once the victim realizes that he has been had, the victim goes to the NBI or PNP to file a Complaint. Under this scenario, a victim is notified that the long route of the investigative process involves coordination with the Yahoo in the USA in order to secure information pertinent to the user of the account when the chat took place and consequently when the loads were sent. Remember that the user at the time the chat took place is not the legitimate user of the account and therefore the objective is to determine when the breach into the account took effect.
We have discussed in previous posts the difficulty in securing information from sites based abroad as borne about by the lack of laws or treaties between countries that would allow a smooth flow of information.
Faced with said difficulties, the logical thing is to make do with whatever processes that can be done in the Philippines. The same would involve coordination with the telcos in order to inquire whether the loads have already been loaded and to what numbers they have been credited. All that the victim has to do is to provide the telco with the call card numbers and the “PIN” and the recipient number is easily identified.
But then again, while the telcos would have knowledge of such, it would not have any information on the user being a prepaid number which justifies the need for a load. Nevertheless, with the recipient number already available, law enforcement may be able to dig up leads that can be used in eventually identifying him. I would not discuss that anymore as the same is considered “tricks of the trade”.
But lately, law enforcement has been alarmed of a mutation of the MO when suspects get to further instruct their victims to totally destroy the call cards either by cutting it into pieces of burning it. If the card has been destroyed, the reference point would not be available anymore for the telco and law enforcement to use.
This is another manifestation that suspects by themselves are upgrading and improving their craft. Sometimes I tend to blame myself for discussing much of what law enforcement do without realizing that it is benefiting criminals too.
If you think I am overdoing it, I wouldn’t mind my readers reminding me from time to time. Thank you.
u seem to know much based on the other posts. where can you be contacted for assistance
ReplyDelete.. so informative,the more information we have the better..for sure criminals are just criminals(with a small brain),they can get away with this for a while but soon bad karma will gonna hit them..plus you will not be judge on earth anyway..
ReplyDeleteNAG-CHAT AKO WITH MY SIS IN LONDON TAPOS MAY NAGPOP-OUT NA MSG GALING KUNWRI FROM OUR COUSIN. BUTI DI KMI NANIWALA. GUD POST
ReplyDeletethe best thing to do if in doubt and if theres like money involve,verbal confirmation is better..by the way this criminals know when to attack there victim..i knew it because i have been victimize by this useless ass@&*^!so public awareness is still the best strategy..
ReplyDeletewhere exactly is your office?
ReplyDeletevery informative! a wired-world truly means a weird world. looking forward to more posts!
ReplyDeletehindi nman kailangan mbiktima ng syndicato para mawalan ng load eh. kasi ang globe at smart mismo anggaling magbawas ng load kahit di nman gnagamit ang cp. may mga promos sila na khit hindi mo nirequest o dinecline mo na babawasan pa din ang load. tapos ano ang kasiguruhan na kada tawag natin eh yung fees lang tlaga ang kinakaltas. negosyo lang para sa mga yan ang impt. sana nga di na lang nauso ang cellphone. gumulo buhay
ReplyDeleteany new posts?
ReplyDeletesaw the nbi raid on flesh asia. so sa phils pala yun. husay nbi ah
ReplyDeleteI have a son who is 17 years old and last summer i bought him a laptop. i actually regret buying him one because all he does is stay in his room. he has become aloof. what im afraid of is that he seems to be doing illegal things because at one time, the maid saw sheets of papers with several numbers which i think are callcard numbers. there were plenty of them. what should i do
ReplyDeleteI hope you dont mind but I copied some of your materials for research purposes. Thanks
ReplyDeleteI didnt get ur answer on d question on how equipped the NBI at matters involving proxy servr verification. ur very good at d ComGuild Conf
ReplyDeleteThis is very informative
ReplyDelete