MGDPremium,MVM
join:2002-07-31
kudos:9 | said by Whip412 :
That phone number - 973-944-3970 - is a Morristown, N.J. landline phone number. Irvington is a 908 area code.
Many of the "landline" numbers wil be Vonage lines. Several months back during the cyber-mule debriefing process that issue came up. I always ask if they were emailed files by the crime syndicate, or given download links etc. I am looking for the possibility that their computers were deliberately infected by the criminals after they came onboard. That was motivated by the fact the the crime syndicate communicates frequently via hijacked PCs that are part of bot networks.
During one debriefing when the cyber-mule said that they did not download anything, nor were emailed links or files, I said was there anything else unusual that happened. He said "now that you mention it, there was something". A package was sent to me that I did not order. Several days later the syndicate asked me if I had received a package from Vonage. They then told me to plug it in and attach it to my broadband router.
Very slick, the crime syndicate orders Vonage service using victim's hijacked credit cards, and has the voip box shipped to a cyber-mule. They then use them as the fraud site contact phone numbers, and can retrieve the voice mail remotely. When the numbers are traced they will lead to accounts charged to a card victim. When the associated IP address for the VOIP box is traced, it will lead to a cyber-mule. When the IP address that accessed the account are traced it will lead to various domestic hijacked IPs from a bot network that are used as proxies.
This is not an exclusive method, not all cyber-mules are sent boxes. It is just part of a robust group of options that the organized crime syndicate uses to manage a US based telephone system. Neither is a specific cyber-mules Vonage box used for that mules associated LLC and fraud site. It is a mix and match diverse set up to add obfuscation, and deter accurate tracking. Remember that the phone numbers listed for all the carded domain registrations, and the associated email addresses are controlled by the syndicate also. That is also why some of the listed phone numbers are routinely disconnected. The card victims dispute the "Vonage" charge, and the account is subsequently cancelled. However once the initial order is approved they will have anywhere from 30 to 60 days of use, if the victim even disputes it.
Asking if the cyber-mule was shipped a voip box is now a standard part of the debriefing process. When found, the box is disconnected in addition to locking out the authorize.net gateway account and the business bank account.
MGD |
