dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
671299
share rss forum feed

MGD
Premium,MVM
join:2002-07-31
kudos:9
reply to MGD

Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

.
Delamoratemplates.com AKA DELAMORA TECHNOLOGIES, LLC 603-879-0528 »Delamoratemplates.com
.


.

Domain Name: Delamoratemplates.COM
Registrar: ENOM, INC.
.
Registration Service Provided By: NameCheap.com
.
Delamoratemplates.com IP =
.
Registrant Contact:
tbr LLC
Jin Bowden (silverio_bowden@yahoo.com)
+1.5016425898
Fax: +1.5016425898
697 Woodlane Dr
CA 91024 US
.
Status: Locked
.
Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
dns3.registrar-servers.com
.
Creation date: 13 Mar 2008 19:43:43
Expiration date: 13 Mar 2009 19:43:43

.
Still looking for reports of fraud charges, the site is currently down. The LLC appears to have been registered in California per Zenith See Profile:
.


.

LP/LLC
DELAMORA TECHNOLOGIES, LLC
Number: 200805310222
Date Filed: 2/21/2008 Status: active
Jurisdiction: CALIFORNIA
.
Address
482 WEST SAN YSIDRO BLVD 1741
SAN YSIDRO, CA 92173
.
Agent for Service of Process
SILVERIO C DE LA MORA
482 WEST SAN YSIDRO BLVD 1741
SAN YSIDRO, CA 92173

.
looking for a contact number for SILVERIO DELAMORA.

MGD

MGD
Premium,MVM
join:2002-07-31
kudos:9

2 edits

1 recommendation

reply to MGD

said by MGD:

Will come back and add data to these, need to set and hold the siteshot, in case they are pulled:
..........
..
[imaging failed]
»ktechwebdesign.com
Snapped 2008-09-06 03:44:50


[imaging failed]
»ktechwebdesign.com/help.php
Snapped 2008-09-06 03:44:50


------------------------------
www.ktechwebdesign.com

Contact us

KTech Solutions, LLC
www.ktechwebdesign.com

Phone/Fax:
1-(308)-646-0010

Support e-mail:
support@ktechwebdesign.com
------------------------------
...
..
.

I have located the LLC and location of the cyber-mule for:

ktechwebdesign.com AKA KTech Solutions, LLC 308-646-0010

I know that they have been actively processing fraud charges for several weeks. At least a half dozen Google search referrals have been coming in for that name.

The cyber-mule is from Douglastown / Little Neck New York:





NYS Department of State
Division of Corporations
Entity Information
.
---------------------------------
.
Selected Entity Name: KTECH SOLUTIONS L.L.C.
.
Selected Entity Status Information

Current Entity Name: KTECH SOLUTIONS L.L.C.
Initial DOS Filing Date: JUNE 04, 2008
County: QUEENS
Jurisdiction: NEW YORK
Entity Type: DOMESTIC LIMITED LIABILITY COMPANY
Current Entity Status: ACTIVE
.
Selected Entity Address Information DOS Process
(Address to which DOS will mail process if
accepted on behalf of the entity)
.
ONLINE RETAIL
240-35 69TH AVENUE
DOUGLASTON, NEW YORK, 11362
Registered Agent
NONE

.
The website is down, however that is not a guarantee that fraud charges have stopped. The listed contact number is also NLA.

That address is apparenlty an apartment building with multiple units:»www.whitepages.com/search/Revers···e=survey

A Nebraska area code for a contact number. A California domain registration, finished off with a no robots archive blocker.


Domain Name: KTECHWEBDESIGN.COM
Registrar: ENOM, INC
.
Registration Service Provided By:
NameCheap.com
.
Domain name: ktechwebdesign.com
.
Registrant Contact:
tbr LLC
Jin Bowden (silverio_bowden@yahoo.com)
+1.5016425898
Fax: +1.5016425898
697 Woodlane Dr
697 Woodlane Dr, CA 91024
US
.
Status: Locked
.
Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
dns3.registrar-servers.com
.
Creation date: 18 Jun 2008 14:34:09
Expiration date: 18 Jun 2009 14:34:09

.
[Edit add]
That domain registration is identical to the one used for Delamoratemplates.com on the 13th March 2008:»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto [/Edit]
.
.

Still searching on the original list to identify the state where these entities are registered. In the interim if there are any reports of fraud charges the line item should contain thetwo letter state abbreviation code.

efsdesign.com AKA Executive Financial Services 318-938-2177

exclusivewebconcepts.com AKA Exclusive Web Design Co. 585-535-1425

giwebdesign.com AKA Global Interservice, LLC 253-238-5381

lqservices.com AKA LUNA QUEST On-Line Services 503-766-3438

michiintel.com AKA PearllIntel@yahoo.com, LLC 562-252-1771

nlmdesign.com AKA New Liberty Management, Inc. 417-423-7523

pdatemplates.com AKA Pda press, Inc. 352-353-0375

pg-templates.com AKA Preferred Gate, LLC 410-457-7720

tamarackconsults.com AKA Tamarack Designs, LLC 601-667-4534

Tpdtemplates.com AKA TruthLives Productions and Design, LLC. 605-741-0077

Zdtemplates.com AKA Zavier Web Design and Tech Solutions, LLC 559-682-3757

xftemplates.com AKA Xtreme Focus, LLC 207-433-0565

fotemplates.com AKA Fire Opal, LLC 970-315-4005

count= 13

MGD
EDIT= added missing LLC screenshot

MGD
Premium,MVM
join:2002-07-31
kudos:9

4 edits

2 recommendations

reply to MGD

Back in April of 2009 I came across communications from the organized crime syndicate which indicated that they might be targeting transfirst.com as a merchant account provider for the recruited cyber-mules:

==============================================
From: Tatyana Wang [mailto:hr@unitelsoftware.com]
Sent: Friday, April 03, 2009 8:21 AM
To: XXXXXXX
Subject: Re: What's Next?

Good day XXXXXX,

How are things moving forward? You can full out the application form to
receive the merchant account at the Wells Fargo Bank, and at the same time
you can submit the application to receive the merchant account at the
TransFirst ( >http://www.transfirst.com). At the TransFirst, everything can be done online, you will not need to go to the local bank, and therefore, if you are rejected at the Wells Fargo, we can be certain that everything will be alright at the Transfirst.

Have a great day!

Best Regards,
Tatyana Wang.

==============================================

If you recall, unitelsoftware.com was one of almost a dozen fraud recruiting domains cloned from a subsidiary of EMC Corpration, and hosted in the Russian Federation on a series of Wahome.ru dedicated IPs. The modus-operandi of that first quarter 2009 cyber-mule recruiting campaign involved intensive solicitations via fraudulent employer accounts courtesy of Careerbuilder.com.

Subsequent communications from the crime syndicate in the second half of this year further indicated that transfirst.com was now a default back up merchant provider if the cyber-mule's account application was rejected by the bank:

==============================================

Hello,

We suppose because of the world finance crisis many banks don't want
to risk with new businesses.

Please try this merchant service www.transfirst.com

Or what other merchant service would like to use?

Best regards,
Adrian Nowak.
Chief manager of World Creative Studio, Inc.
adrian_nowak@worldcreativestudio.com
Phone/Fax for the USA: (954) 208-7279
==============================================
.
World Creative Studio, Inc. aka worldcreativestudio.com 954-208-7279 is part of a trifecta of mule recruiting domains which also includes Hong Kong Solutions Inc. aka hongkongsolutions.com 206-203-1947

Security at Transfirst was subsequently alerted and briefed to the organized card fraud laundering operation, once additional communications indicated that they were now selected as a primary target for merchant account processing. Recent fraud accounts subsequently identified as having obtained merchant processing via Transfirst, include: RAGDESIGN.COM aka REMOTE ACCESS GROUP INC. 206-666-4778 also BIGSTUDIODESIGN.COM aka ILLUSTRATIVE STUDIO, INC. 206-350-6215 and JAZZIPHONE.COM aka MOBILE INTERFACE, INC 206-338-6018.

Another recent find of a twin website card fraud laundering operation that was flushed out by Transfirst within the first few weeks of operation: REALPOCKETPC.COM and OPENDESIGNTEMPLATE.COM. The duped Florida cyber-mule originally registered CNCEVE SOLUTIONS, LLC on 06/23/2009 after being recruited by Hong Kong Solutions Inc. aka hongkongsolutions.com 206-203-1947:




==================================
Florida Limited Liability Company

CNCEVE SOLUTIONS, LLC
Filing Information
Document Number L09000060682
FEI/EIN Number NONE
Date Filed 06/23/2009
State FL
Status ACTIVE
Effective Date 06/22/2009

Principal Address
1786 OTISCO WAY
WINTER SPRINGS FL 32708 US

Mailing Address
1786 OTISCO WAY
WINTER SPRINGS FL 32708 US

Registered Agent Name & Address
AMERICAN SAFETY COUNCIL, INC.
5125 ADANSON ST.
SUITE 500
ORLANDO FL 32804 US

Manager/Member Detail
Name & Address
Title MGRM
CALKIN, W. DAVID
1786 OTISCO WAY
WINTER SPRINGS FL 32708 US
==================================

On 08/21/2009 two Florida Fictitious Business Names (FBN) were registered for REALPOCKETPC.COM




==================================
Fictitious Name

REALPOCKETPC.COM

Filing Information
Document Number G09000148240
Status ACTIVE
Filed Date 08/21/2009
Expiration Date 12/31/2014
Current Owners 1
County MULTIPLE
Total Pages 1
Events Filed NONE
FEI/EIN Number 27-0417302

Mailing Address
1786 OTISCO WAY
WINTER SPRINGS, FL 32708

Owner Information
CNCEVE SOLUTIONS, LLC
1786 OTISCO WAY
WINTER SPRINGS, FL 32708
FEI/EIN Number: 27-0417302
Document Number: L09000060682
==================================




and also OPENDESIGNTEMPLATE.COM



==================================
Fictitious Name

OPENDESIGNTEMPLATE.COM

Filing Information
Document Number G09000148251
Status ACTIVE
Filed Date 08/21/2009
Expiration Date 12/31/2014
Current Owners 1
County MULTIPLE
Total Pages 1
Events Filed NONE
FEI/EIN Number 27-0417302

Mailing Address
1786 OTISCO WAY
WINTER SPRINGS, FL 32708

Owner Information
CNCEVE SOLUTIONS, LLC
1786 OTISCO WAY
WINTER SPRINGS, FL 32708
FEI/EIN Number: 27-0417302
Document Number: L09000060682
==================================




We can tell that the cyber-mule was specifically told to apply for a merchant processing account at Transfirst.com because the cyber-mule's business bank account was set up at Bank of America. The default process at Bank of America would have directed the cyber-mule to apply for a business merchant account directly through them, and not Transfirst. Unknown to the duped cyber-mule at the time, but the trail of who is who, Hong Kong Solutions Inc, Bank of America, Transfirst, and of course the organized crime syndicate's exclusive and dedicated gateway processor for over half a decade, Authorize.net / Cybersource, are all listed on the required public notification for the FBN on 8/28/2009:

===========================================================================
NOTICE UNDER FICTITIOUS NAME STATUTE

TO WHOM IT MAY CONCERN:


Notice is Posted:
Location: Orlando, FL
Event Date: 8/28/2009
Description: CSE1014463

NOTICE UNDER FICTITIOUS NAME STATUTE TO WHOM IT MAY CONCERN:

Notice is hereby given that the undersigned pursuant to the "Fictitious Name
Statute", Chapter 865.09, Florida Statutes, will register with the Division
of Corporations, Department of State, State of Florida upon receipt of proof
of the publication of this notice, the fictitious name, to-wit:
opendesigntemplate.com under which we expect to engage in business at 1786
Otisco Way, Winter Springs, FL 32708. That the parties interested in said
business enterprise are follows: CNCeve Solutions, LLC, Hong Kong Solutions,
Inc., Bank of America, TransFirst Corporation, AuthorizeNet.com -CyberSource
Corporation.
Phone# 407-340-8918. Dated 8-26-2009, Winter Springs, Seminole
County, FL.
===========================================================================
Transfirst subsequently neutered the setup, and advised the cyber-mule within the first few weeks of the operation. It never got off the ground.

From time to time several have asked how the dots of this over half decade massive card fraud operation by this eastern European organized crime syndicate are connected. There are mutiple pieces of evidence that connects all the operations listed in this thread, from the Digital Age fraud, the Pluto Data, and all the other fraud laundering websites up through these two. They are tied together in an intricate pattern of common connections, including the cross charging of the same hijacked card data.

With respect to this case, one of the items that ties Hong Kong Solutions Inc. aka hongkongsolutions.com 206-203-1947 and CNCEVE SOLUTIONS, LLC and its subsidiary FBNs, REALPOCKETPC.COM and OPENDESIGNTEMPLATE.COM together are the domain registrations. The websites were taken down shortly after the operation was exposed, however, the fraudulent domain registrations yield the trail:

==================================
REALPOCKETPC.COM

Domain Name: realpocketpc.com
Expiry Date: 10-Jul-2010
Creation Date: 10-Jul-2009

Name servers:
ns1.domain.com
ns2.domain.com

Registrant Name: Claudia Thorstensen
Registrant Company: realpocketpc.com
Registrant Email Address: claudia_tt60@yahoo.com
Registrant Address: 37 Bancroft Ave
Registrant City: 37 Bancroft Ave
Registrant State/Region/Province: MA
Registrant Postal Code: 01867
Registrant Country: US
Registrant Tel No: +1.9132738915
Registrant Fax No:

IP: 174.133.212.214
Domain Status: Registered And No Website
==================================

The name and address of Claudia Thorstensen was used back in January of 2008 to register the card fraud laundering domain of DRGTEMPLATES.COM:

==================================
Registrar: ENOM, INC.
Registration Service Provided By: NameCheap.com

Domain name: drgtemplates.com

IP 66.152.162.116

Registrant Contact: DRG
Claudia Thorstensen (drginter58@yahoo.com)
37 Bancroft Ave
Reading, MA 01867 US.

Tel: +1.3203868193
Fax: +1.3203868193

Status: Locked.
Name Servers: ns1.hostdone.com
Name Servers: ns2.hostdone.com

Creation date: 03 Jan 2008 22:22:35
Expiration date: 03 Jan 2009 22:22:35
==================================

The duped cyber-mule assigned to drgtemplates.com was recruited by "Gundars Kristopans" of Atala Designs, Inc aka Ataladesigns.com fame, supposedly from Riga, Latvia. This connects an entire chain of recent recruiting and card fraud domains back to the entire early 2008 operation.

Furthermore, the OPENDESIGNTEMPLATE.COM domain registration cements the structural connections to the long term massive fraud operation by this organized crime syndicate even more.

==================================
OPENDESIGNTEMPLATE.COM

ICANN Registrar:GODADDY.COM, INC.
Created:2009-08-10
Expires:2010-08-10

Registrant:
Charalampos Tyligadas
288 New York Ave #7
Brooklyn, New York 11216
United States

Domain Name: OPENDESIGNTEMPLATE.COM
Created on: 10-Aug-09
Expires on: 10-Aug-10
Last Updated on: 10-Aug-09

Administrative Contact:
Tyligadas, Charalampos charalampos_t@yahoo.com
288 New York Ave #7
Brooklyn, New York 11216
United States
2063375041 Fax --

IP: 97.74.181.128
==================================

I chuckled as soon as I looked up that registration for OPENDESIGNTEMPLATE.COM, but you will not find a prior reference to it in this thread. That name Charalampos Tyligadas, was used back in February 2008, to register a card fraud laundering domain called IPD-TECHNOLOGIES.COM

==================================
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Visit: www.NameCheap.com

Domain name: ipd-technologies.com

Registrant Contact:
IPD LLC
Charalampos Tyligadas (charalam_tylig@yahoo.com)
+1.3094025302
Fax: +1.3094025302
338 E44th StreetApt. 14N
New York, NY 10017
US

Status: Locked

Name Servers:

Creation date: 01 Feb 2008 20:28:09
Expiration date: 01 Feb 2009 20:28:09
==================================

Though the IPD-TECHNOLOGIES.COM website did exist back then, the fraud operation never got off the ground. The reason for that is a very sharp potential cyber-mule, who had responded to a job offer on Craigslist in January of 2008. He received a reply to his initial inquiry from Aleksandr Kostanda aleksandr_kostanda7@fellowsolutions.com which was posted along with screen shots of FELLOWSOLUTIONS.COM who listed their address as being in Sophia, Bulgaria.

The cyber-mule became suspicious as the recruitment and enrollment process got underway.

quote:
==================================
From: aleksandr_kostanda7@fellowsolutions.com
To: XXXXXXXXXXX
Sent: Thu, 24 Jan 2008 5:57 am

Subject: Aleksandr Kostanda

Hello XXXXXXXXX,

We are glad you want to work with our company.
Yes, we can wait while you investigate incorporation procedures.
The company may be registered as a Corporation, LLC, Sole
Proprietorship or other business entity. Also you can see the
file "How to incorporate" I sent you before.

I can assure you that our company is absolutely legal and we offer
absolutely legal job offer. I understand your concers about it. The
USA's market is the biggest online market and we want to work on it.
You will have full control in your hands because the company will be
your property and you will get your 10% in any case not depending what
fees we will have.

We can do 2 or 3 or more web sites for you.
Yes, we can do all this here in Europa. But to open the
merchant account costs approx. $4000-5000 and they take fees 5-10% of
all sales. It's ok for big online stores who sell the goods for
millions dollars. It's not for small business. So many companies as
our company can't allow this big fees and have to search the agetns in
the USA. Because to open the merchant account (it's required for
online purchases) costs $100-150 and they take fees for 1-2% of sales.
So we have to open this business in the USA. And we have to search
the agents in the USA to help us in our business and for this we pay
10%. It's real good for the agent (because he can work as usual and
plus work with our company and it's not required much time; and the
agents monitor only the bank account and do the transfer 1-2 times a
week) and for our company. We have good specialists (technical,
desing, support and others) and we can create really good templates
and we just need to sell them. It's usual business.

It's more easy and less costs to find the agent in the USA and pay
10% of sales for managing accounts that open merchant account here.

In this business the main is advertising to get as many customers as
possible. So we spend for advertising apporox. 40% of sales. Yes it's
much but it gives good results even in the first days of the working
the website.

And second (the main thing) that it's small business and one merchant
account allow to have the sales not above than $50,000.00 for each
account a month. If you open a merchant account that allows to have more than
$50,000.00 that means we will have to pay more fees and in this case
the merchant account hold the money first month (and for this business
the main is advertising and as more you advertise the website as more
you get customers and it's impossible for this business that merchant
account hold the money at all). So we have to search several agents
and open several websites because we know that we will have more than
$50,000.00 for each website (of course it will take 1-2 months to
reach such level; we don't promise gold mountains for our agents at
once, just a good level of additional profit). It's good opportunity
for the agent because for this work he spends not too much time and
can work for his usual work and for our company because we have the
opportunity to enter to the USA's market and have US merchant account
that allow to have a profit if your business is not too big.

As more you have the websites as more you can get new customers and of
course you get more profit. It's business strategy.

You will be responsible to pay taxes only on your 10% commission; the
rest taxable 90% is the responsibility of Fellow Solutions, Inc.
You will need the W-2 form or 1099 for taxes. Find out about it and
you will see that you will be responsible only for your 10%.

Our company produces webdesign and templates - primary web pages
with no content.
We sell: Web Template, Logo template, Flash Intro Template.

As for our customers. Most of them are the people who
only started to create their own websites, students who learn the
internet skills because the cost of our products is less than most of
other webshops have. And we can competite with them. We can offer such
low price because here the salary of our desingers and other workers
less than in the USA and we can do such low price.

If you have any questions please ask me

Best regards,
Aleksandr Kostanda,
Fellow Solutions, Inc.
==================================

The potential mule became increasingly suspicious as the process progressed

quote:
==================================
From: Aleksandr Kostanda aleksandrkostanda@yahoo.com

To: XXXXXXXXXXXXXXXXXX
Sent: Wed, 6 Feb 2008 5:58 am

Subject: Aleksandr Kostanda

Hello XXXXXXXXXXXX,

I got your email.
I can't understand why you don't get my emails from
aleksandrkostanda@fellowsolutions.com
Please confirm if you get it now. I send from both email account.
This email and yahoo.

I didn't understand you correctly about this phrase:
" I don't fully understand why I can't go to the site directly without
going to ipd... first. "

Can you no go to the website www.ipd-technologies.com or what?
This website we will sell from.

I explain you how all works:

The customer goes to our webstore, chose the item he likes, then put
his credit card's info in the special page, then that info goes to
Gateway on authorize.net (they check the credit card's info if it's
valid and all datas is correct). If all is ok then that info goes to
the merchant account (they charge
the credit card) and then our system
gets the result and send the download link to the customer's email
where from he download template he chosed. Of course it's all
automatically and very quickly. Then after 1-2 days the money from the
merchant account (sales) goes to bank business account.

You will need to show the website? www.ipd-technologies.com to the
merchant manager in ane case I suppose.
If you ask you how much we are going to sell. Aprox. 2500-3500 a
month. Average price for each template is $12.00. So average sales in
dollars are $35,000 - $45,000.

When you get the merchant account you need to put this phone number
+1-(315)-359-6506 in the merchant service as our support phone number.
The individual receive a credit card statement from the issuer of
their card and in this statement must be put this phone number if he
did the purchase in our web shop.
It's necessary for our support.

Best regards,
Aleksandr Kostanda.
==================================

They ran multiple searches looking for any information or history on the proposed partnership function. That led to them contacting me, and, like several others in the same situation he agreed to assist me in gathering intelligence on the crime syndicate. Based on the stage that he was at, which was pending merchant account approval, it offered an opportunity for me to try and validate conclusions previously adopted about the syndicate's operation. The timing was perfect, as the syndicate would continue to communicate with the mule as long as they believed the merchant account application process was underway, which of course it was not once the cyber-mule had made contact with me. The window of opportunity would be short as once the syndicate realized it was not going to happen, they would move on.

One of the puzzling issues that I was addressing at the time was why the syndicate was not registering the domains to the cyber-mules. The obvious reason not to, was so that the mules could not be readily identified once the card fraud operation was underway, and the fraud charges surfaced. The question was why were they not concerned that this fraudulent domain registration would not be discovered during the merchant account application vetting process. The fact was that if they applied to any third party processors for a merchant account, especially in the double high risk category of internet sales, combined with intangibles, those third party processors will always check and confirm that the applicant is also the registered domain owner. With third party processing that verification check is considered vetting 101. So why when insisting that the merchant account applications be originated through the Banks where the business account was located, was this not an issue for the syndicate. I suspected that they knew that banks would not perform this verification which was a fundamental procedure with aftermarket providers.

During this narrow window of opportunity I wanted to present fictitious issues to the syndicate which were holding up the approval of the merchant account application to see what the responses were. The cyber-mule agreed to become an email proxy and forward communications as if they were his own.

A surprise, the bank wants to know why the domain assigned to the mule, IPD-TECHNOLOGIES.COM is registered to someone other than the applicant:

quote:
==================================
To: aleksandrkostanda@yahoo.com
Sent: Fri, 15 Feb 2008 12:00 pm

Subject: Merchant Account

Hello Aleksandr,

I have a curious question that needs to be answered before I can proceed any
further. The merchant provider called me to ask who "Charalampos Tyligadas
is. I told them I did not know that person. They then told me that
Charalampos Tyligadas from New York is who registered the
ipd-technologies.com web domain and that is the URL that is listed on the
merchant account application. I told them that I did not know that name but
would find out.

Can you please explain this? It is getting embarrassing and hard to come up
with answers that I do not know.

Best regards,

XXXXXXXXXX
==================================

The response clearly shows that the organized crime syndicate already knows that the banks do not check that the registration matches the applicant:

quote:
=====================================
From: Aleksandr Kostanda aleksandrkostanda@yahoo.com

To: XXXXXXXXXX
Sent: Fri, 15 Feb 2008 1:02 pm
Subject: Aleksandr Kostanda

Hello XXXXXXXXXX,

Charalampos Tyligadas is a man who registered the domain name
ipd-technologies.com for us. I didn't know that merchant service can
ask you about it.

Best regards,
Aleksandr Kostanda.
=====================================

After multiple attempts to obtain a merchant account failed I wanted to try and see if they would allow any other gateway processor other than Authorize.net - Cybersource to be used. They would not, it was an absolute that Authorize.net - Cybersource must be used as the gateway to processing the fraudulent card charges. So then we proposed that our only option left to use Authorize.net - Cybersource as a processing gateway was to use a third party, would that be okay:

quote:
=====================================
To: aleksandrkostanda@yahoo.com
Sent: XXXXXX Feb 2008 12:00 pm

Subject: Merchant Account

Aleksandr,

I have got nothing but the run around from these banks.

Rather than waste more time trying, I propose setting up the
merchant account with a reliable reseller who I trust.
She has the gateway for authorize.net as well as merchant services.
If this is OK with your company I would liketo proceed.
I think this would be much easier and quicker than shopping
around for a bank that will accept this business.

Please let me know ASAP.
=====================================

Well, as long as authorize.net is used for the processing gateway.:

quote:
=====================================
From: Aleksandr Kostanda aleksandrkostanda@yahoo.com

To: XXXXXXXXXXXXXXX
Sent: Thu, 14 Feb 2008 1:40 pm

Subject: Aleksandr Kostanda

Hello XXXXXXXX,

Ok, chose the merchant service not in bank.
Only please don't open the account in Cardservice International
company. They work very bad.

Best regards,
Aleksandr Kostanda.
=====================================

Also noteworthy, is that this operation also produced the first known record of the organized crime syndicate sending funds into the US. Up to this point all that is known is how and where the fraudulent funds exit the US and go to, various foreign banks to the beneficiary of Inowest Enterprises Inc and Midtown Intergroup Ltd.. Up until then all previous debriefed cyber-mules stated that they had paid all the set up costs out of pocket, and were reimbursed later from the initial fraud proceeds out of the business bank account.

quote:
=====================================
From: Aleksandr Kostanda aleksandrkostanda@yahoo.com

To: XXXXXXXXXXXXXXX

We sent the money through Western Union. You can pick up the money in
any their branch.

We sent to these datas:

[Redacted]

You will need to know the datas of the sender:

The first name: NATALYA
The second name: MITROFANOVA
MTCN: 814-678-XXXX
Address: Nikolaev, Ukraine
Sum: $500

Yes you need to set up the Company and get FEIN and only then you are
able to open the bank, merchant and authorize.net accounts.
You can set up the Company and get FEIN yourself. Just go to home
state’s Secretary of State Office there and fill our all necessary
papers.

Best regards,
Aleksandr Kostanda.
=====================================

Remember, Fellow Solutions, Inc aka fellowsolutions.com although they listed two US phone numbers: 530-618-6428 & 606-764-1922, they stated that they were from Sophia, Bulgaria:

Aleksandr Kostanda,
Fellow Solutions, Inc.
36 Dragan Tsankov Blvd.,
Sophia, 1057
Bulgaria,
Phone/Fax for US: (606) 764-1922

So a follow up was sent in order to explain why the funds to pay the set up costs were sent from the Ukraine via Western Union:

quote:
=====================================
From: Aleksandr Kostanda aleksandrkostanda@yahoo.com

To: XXXXXXXXXXXXXXX

Subject: Aleksandr Kostanda

We sent $500 through the Western Union. You can pick up the money.

The datas to get the money:

Sender:
The first name: NATALYA
The second name: MITROFANOVA
MTCN: 814-678-XXXX
Address: Nikolaev, Ukraine
Sum: $500

We sent it from Ukraine because it's the cheapest way to send the
money for us.

Best regards,
Aleksandr Kostanda.
=====================================

From that time forward sending inbound support funds from various names and cities throughout the Ukraine in a somewhat Hawala type fashion, would become common place, and has been used again very recently in an operation that will be published in a later story.

At the time of initial contact with the cyber-mule Fellow Solutions, Inc aka fellowsolutions.com was unknown to me. However, when I asked the cyber-mule if a website had been assigned to him yet, and he confirmed that it was IPD-TECHNOLOGIES.COM then I was able to immediately confirm that it was this organized crime syndicate. Though I had not uncovered fellowsolutions.com prior to that, I was already shadowing IPD-TECHNOLOGIES.COM. They were identified from cyber forensic audits of various servers which served as organized crime syndicate "factories" for producing and stashing the card fraud laundering websites. At the time that he gave me the assigned website name, a quick search from notes made during the first quarter of 2008 of stashed sites on servers in Australia and the US produced a hit:

An extract of the February 2008 file at that time, which produced the result:

quote:


Audit results

Extracted hosting from shadowed servers:

IP 64.74.223.77 [no reverse DNS set]

1. Mvwebtemplates.com

2. Naturalordertemplate.com

3. Webperfecttemplates.com

-----------------------

[mcawebtechnology.com IP 66.152.162.116]

01/07/2008

[mcawebtechnology.com]

-----------------------
Round trip time to 202.60.92.179: 216 ms

Results for

202.60.92.179 [reverse DNS - ns1.aussiednsserver.com]

170 Results for 202.60.92.179

Identified fraud websites:

033. Ccdtemplates.com

081. Interactiveconsults.com

105. Monroviadesigns.com

106. Mcatemplates.com

107. Mcawebtechnology.com

113. Mvwebtemplates.com

117. Naturalordertemplate.com

156. Ulcsolutions.com

157. Ulcwebdesign.com

164. Webperfecttemplates.com

173. Dp-websolutions.com

------------------------------------

66.152.162.116 [reverse DNS - 116-162-152-66-dedicated.HostDone.com]

183 Results for 66.152.162.116

IP = 66.152.162.116

001. 100percent-solutions.com

003. 123gettemplates.com

017. Bg-websolutions.com

047. Digisoft-technologies.com

052. Drgtemplates.com

059. Everton-templates.com

060. Eyecontemplates.com

069. Fs-webconcepts.com

071. Funwork-design.com

075. Genesusinfoproducts.com

077. Gordontemplates.com

087. Infinitysonstemplates.com

108. Mi-webdesign.com

112. Mydcsolutions.com

118. Palaciantechnologies.com

122. Posicion-web.com

123. Profadminservices.com

143. Sds-websolutions.com

153. Superior-webconcepts.com

154. Supremewebtech.com

156. Synergetic-design.com

166. Wabbytraffic.com

167. Wameltraffic.com

172. Wst-design.com

175. Zgravitywebdesign.com

178. Bst-design.com

179. Wolfentechconcepts.com

180. Cca-templates.com

181. Cjb-concepts.com

182. Ipd-technologies.com

183. Fv-solutions.com

172. Xenontemplates.com

054. Dmnelsonenterprises.com

037. Coastwebtech.com

021. Bsi-concepts.com

019. Blueparaisosolutions.com

017. Bg-websolutions.com

187. Ts-webtemplates.com

--------------------------------------

To be updated:

Wrw-templates.com

Wrw-technologies.com

Synergetic-design.com

Supremewebtech.com

Superior-webconcepts.com

Stonegate-templates.com

Sc-webtemplates.com

Rpr-design.com

Ronztemplatestore.com

Rg-webtechnologies.com

Rd-webconcepts.com

Profadminservices.com

Pgp-concepts.com

Pg-templates.com

Palaciantechnologies.com

Mydcsolutions.com

Mi-webdesign.com

Mcg-websolutions.com

Mcawebtechnology.com

Mcatemplates.com

Infosystemplates.com

Gordontemplates.com

Funworksolutions.com

Ed-webtechnologies.com

Drgtemplates.com

Dmnelsonenterprises.com

Digisoft-technologies.com

Dhtraffic.com

Delamoratemplates.com

Cybernettemplates.com

Cjb-concepts.com (orange template)

Ccdtemplates.com

Bsi-concepts.com
-----------------------------


Besides the cross charging of the same hijacked card data which, weaves a connecting thread through the crime syndicate's operation. There are numerous other pieces of evidence, which, when combined, yield the connected infrastructure of a massive multi year, multi million dollar, well organized crime syndicate.

MGD