MGDPremium,MVM
join:2002-07-31
kudos:9
3 edits | reply to MGD
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto In a previous posting on 08/14/2010 regarding the massive Careerbuilder cyber-mule recruiting campaign of SKYDEX SOFT LTD aka SKYDEXSOFT.COM, I discussed the results of comprehensive forensic analysis of all the data recovered from that operation. Highlighted in that post was evidence recovered from the meta data of the SKYDEX SOFT LTD FAQ MS Word document recovered from the website SKYDEXSOFT.COM. The embedded data showed that the language set on the computer was Russian Cyrillic, and that the system default settings adopted during the Microsoft Word install was for a company named MoBILL GROUP and the author was "Admin":
I posted that data because I believed that it was an important clue. The FAQ document laid out the specific functions and responsibilities for the cyber-mules recruited for the massive card fraud laundering operation. While potential recruits may have no idea what they were getting involved with, the same could not be said about the author of the document. They clearly were well aware that they were preparing instructions for someone who was going to be an accomplice in a major global card fraud laundering operation. The document even includes bogus office addresses for SKYDEX SOFT Ltd., in both Hong Kong and Shanghai China. Though I believed that "MoBILL GROUP" clue to be important, how significant it was would depend on how many Cyrillic set computers exist, and where, with those settings. For example, are there thousands of Russian PCs all with some sort of generic cloned settings, or on the other hand are those settings unique to a specific entity. If the latter is correct, then we know that someone in that organization, with or without the knowledge of the principals, created that document. They would also have been aware of its purpose and would therefore be a co-conspirator to some degree. I ruled out the possibility that the document may have been an altered version of an original non nefarious creation based on the time line of original creation date compared to the final modification date:
So far, I have been unable to establish who or what that specific "MoBILL GROUP" is, nor answer the question of how limited or widespread that meta data is. However, I have been able to locate another Microsoft Word document written in Russian Cyrillic with the identical embedded Meta Data of Author "Admin" and Company "MoBIL GROUP". Not only are they identically worded, they are also capitalized identically. I am currently unable to comment on, or discuss, either how the document was located or from where it originated. I can tell you that there is a known connection between where the document was purportedly located at, and the foreign routing through which a significant amount of the fraud proceeds were laundered, in the millions. Whether they were passed through this laundering conduit with their direct knowledge I do not know. The point to elaborate is that there is at least an incidental connection between these two seemingly unrelated documents, both of which have the identical meta data.
For now, I am not going to type the names of the listed entities in this new document and will display only the images. However, you can search and see that they are significant entities in the Russian Federation. The document is a contract between two entities for almost 84,000,000 Roubles (84 Million), a little under $2.8 Million USD. The contract is for computer and electronic equipment, plus installation and training.
As you can see, the meta data of both default author and company from this new contract document are identical to that of the Skydex Soft Ltd card fraud laundering cyber-mule FAQ. This is indeed the proverbial forensic needle from within many hundreds of haystacks:
The original document is shown first, followed by a best attempt Google translation:
.
For clarity the specified equipment list is shown both in its original native version as well as translated:
Again, the reason for not typing the names of the entities in searchable text format at this time is because the significance or relative uniqueness of the embedded document meta data is unknown. For example, at the lowest end of the potential significance scale, there could be a large chain of Cyber Cafes throughout the Russian Federation each with a few dozen computers all with identically installed MS Word containing "Admin" and "MoBIL GROUP". Combine that with the possibility that each document was then authored at two different locations by unrelated individuals several months apart, and that the 0.5 degree of separation between a long term laundering conduit of the card fraud proceeds is just coincidental. Obviously the possibility scale can range far in the other direction also, where there are a very limited group of like configured machines all within one entity. I do not know that answer at this time. However, while I cannot elaborate on the contract document, nevertheless, the specific facts are that they do contain the identical embedded meta data:
This apparent high level of commonality only serves to further emphasizes the significance of the multi year Organized Crime Syndicate fleecing global consumers of many millions of dollars a year, while the multiple branches of the US Banking and financial system appears neutered in both its ability to formally recognize, report, or prevent the majority of it from taking place. Confounding is that in an era of Patriot Act financial regulation, where every one of the weekly wire transfers of the card fraud proceeds from each of probably hundreds of bank accounts, all meet, and even exceed, the federal SAR (Suspicious Activity Report) and FINCEN required reporting.
Though SAR reports are totally secret and contained only to the government, they are not even allowed to be revealed in court, it is highly doubtful that they are being triggered as required. As stated before, contrast that with Elliot Spitzer, who reportedly triggers a SAR filing when he transfers a few thousand of his own money between two banks on its way from New York to DC, to cover his anticipated sexual escapades expenses. He reportedly gets nailed as a result of a SAR report filing on the suspicious format. The Organized Crime Syndicate on the other hand extracts and wire launders hundreds of transactions a month out of the country, no less, year in year out, and barely an eyelid bats.
You know for sure that at some point down the road, eventually, the proverbial excrement from this will hit some giant sized fans.
.
MGD |
