June 27, 2007 9:27 AM PDT

eBay targets Romanian fraudsters

Online auction site eBay has made public the details of a months-long campaign to curb online fraud arising in Romania--an effort that has resulted in several hundred arrests.

Matt Henley, a member of eBay's Fraud Investigations Team, spoke about the campaign while taking part in a two-day workshop in Sydney, Australia, with representatives of local law enforcement agencies.

Henley is in town to discuss the latest online fraud techniques with representatives from the Australian Federal police, the High-Tech Crime Centre, the Australian Crime Commission, ACMA and all the state and territory police forces.

The e-commerce site's internal fraud team first took note of a higher-than-usual amount of fraudulent activity from Eastern Europe in 2005.

"There are 25- to 30-year-old criminals that are among some of the brightest we've ever dealt with. But law enforcement officials and magistrates might have never even used a computer."
--Matt Henley, a member of eBay's Fraud Investigations Team

"A huge percentage of the fraud we were seeing was from Romania," Henley said.

While schemes varied, many of the suspects set out to commit fraud after approaching eBay users who had narrowly lost an auction.

"The fraudster can see that a user that didn't win was prepared to spend $145 on a particular item," Henley explained. "They would then attempt to contact the user off the eBay platform to offer them a second chance. The No. 1 goal of these fraudsters was to pull users off of eBay--away from our security cameras, so to speak."

The fraudsters would first have to guess the e-mails of the losing bidders--most commonly by combining their eBay username with popular Web-mail domains.

"It's very common that users have the same username for their eBay as their e-mail," Henley explained. The would-be scammers would have a certain level of success, he said, "simply by sending out 50 e-mails of the most common domain names--including the eBay user name at Gmail, Hotmail, Yahoo."

A dearth of knowledge and resources
The scale of the fraud was such that eBay formed a dedicated team to look into the issue, hiring a team of analysts and lawyers to work with victims and the Romanian authorities to come up with some solutions.

The team's initial assessment attributed the Romanian problem to two central issues--a technology knowledge gap and a lack of resources to tackle cybercrime.

"What we found is that there is a huge gap between generations in Romania," Henley said. "There are 25- to 30-year-old criminals that are among some of the brightest we've ever dealt with. But law enforcement officials and magistrates might have never even used a computer."

The U.S.-based eBay team first took an education role, running road shows for law enforcers, and conducting a two-day course with the National Institute of Magistrates in Bucharest in conjunction with credit card companies Visa and MasterCard.

Last year, eBay and Microsoft also sponsored a National Cybercrime conference in Romania, talking about the online fraud issue with 200 law enforcement agencies.

Next, eBay attempted to address resourcing issues to fight cybercrime in the small East European state. Romania tends to base its resource allocation on population, so most of its law enforcement efforts in the country had been concentrated on its capital, Bucharest.

"Whereas we found that most of the fraud is coming from towns with populations of 50,000 or 100,000," Henley said.

In some of these towns, the eBay team found backlogs of 200 eBay-related fraud cases.

"The police presence in these towns often didn't even have an Internet connection," Henley said. "Some were using the same Internet cafes as the criminals, which was of grave concern to us."

The Romanian Police Force thus became the lucky recipients of eBay-donated Internet connections, computer equipment and digital cameras.

Since the campaign began three years ago, Henley claims that eBay has helped the Romanian authorities make "several hundred arrests" related to online fraud.

"Prior to this, nobody was being arrested," he said. "At least now there is the knowledge that there is a risk associated with being involved in this fraud."

Henley is in no doubt that another country like Romania will prove attractive to online criminals, but for now is satisfied that there is no one country more problematic than another.

"The next (problematic) country will be wherever there is the same pattern--highly trained people with little opportunities to make money legitimately," he said.

Brett Winterford of ZDNet Australia reported from Sydney.

See more CNET content tagged:
Romania, fraudster, eBay Inc., Bucharest, fraud

3 comments

Join the conversation!
Add your comment
Related to Estonian DDoS wars?
I wonder if these are the same people, or types of people, who
are behind the Estonian DDoS wars of the last month or two?

I'm very glad to see eBay and PayPal sharing some of their
success stories publicly. This will help show consumers that the
Internet is not just a totally unpoliceable wild frontier.

Dave
<a class="jive-link-external" href="http://www.ironkey.com" target="_newWindow">http://www.ironkey.com</a>
Posted by Dave_IronKey (12 comments )
Reply Link Flag
Probably not
Out of internet cafes in a poorly wired town? Not enough infrastructure to support it, nor much chance of experienced people. Just a guess.
Posted by Phillep_H (497 comments )
Link Flag
who and where exaclty ?? :D
hi Brett,
for sure, the fight against cybercrime here is not taken that seriously. by far! :) but what i find more disturbing is that all over the news, these reports and actions, seem to have no real target! i mean, this is a very precise 'industry', where you can give names and locations (IPs). we never see/hear these!! only that there are hundreds of arrests in hundreds of locations... but who exactly and where???
let me give you a glimpse of what's going on:
the fight against these hackers is so unorganized and chaotic, that is blows your mind! Pls tell Mr Matt Henley, that they got the wrong people if they were searching in internet cafes :)). For every 100 arrests, they give a name to the public? And what about the location, town, provider? Or, are they arresting guys for downloading mp3s and movies -and then selling them on the black market- charging them with everything the authorities have in mind? :)) Here the outcome of a campaign is not as important as the political campaign of the authorities, trying to ?buy? the votes and popularity, thru mass-media and news. So as long as the population sees on TV that they are working, and they have the americans on their side, it doesn?t really matter who they blame, catch, or arrest! Think about that!
I am not saying that selling downloads mp3s is just fine, I?m just saying that things in romania are not always as the big companies say they are! My main concern is that instead of improving their security, and gaps, they prefer to blame a country or community, with no real evidences, names, towns, etc?
Posted by durox_cj (18 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.