際際滷

際際滷Share a Scribd company logo

Phish phry operation

Mohamed Zahran
Mohamed Zahran

The document summarizes an international phishing operation called "Operation Phish Phry" carried out by the FBI and Egyptian authorities in 2007. An Egyptian-based criminal group hacked into American bank accounts by obtaining victims' information through phishing. They shared this information with co-conspirators in the US who transferred funds into fraudulent accounts. The FBI notified Egyptian authorities, and a joint investigation and arrests in both countries resulted. 53 defendants were named in the US and 47 suspects in Egypt. The operation highlighted cooperation between US and Egyptian law enforcement according to their respective laws while respecting national sovereignty.

1 of 6
Our group "Amr Safwat, "Nada Rady" and "Mohamed Zahran" The case Brief A Kickoff: What is Phishing? Phishing is a technique that involves sending email messages that appear to be official correspondence from banks or credit card vendors. In this process, bank customers are directed to fake websites purporting to be linked to financial institutions where the customers are asked to enter their account numbers, passwords and other personal identification information. Because the websites seem to be legitimate complete with bank logos and legal disclaimers customers do not realize that the websites do not belong to the legitimate financial institutions. Introduction: Phish Phry Operation: Operation Phish Phry commenced in 2007 when FBI agents, working with United States financial institutions, took proactive steps to identify and disrupt sophisticated criminal enterprises targeting the financial infrastructure in the United States. Investigators in both countries uncovered an international conspiracy allegedly operating an elaborate scheme to steal identities through a method commonly called phishing. The group is accused of conspiring to target American-based financial institutions and victimize an unknown number of account holders by fraudulently using their personal financial information. The multinational investigative effort resulted in 53 defendants being named in the federal indictment and 47 suspects being identified by Egyptian authorities. The domestic defendants were arrested in California, Nevada, and North Carolina. In California, defendants reside in the counties of Los Angeles, Orange, San Bernardino, Riverside, and San Diego. Egyptian-based hackers obtained bank account numbers and related personal identification information from an unknown number of bank customers through phishing Defendants were accused with conspiracy to commit wire fraud and bank fraud. Various defendants are charged with bank fraud; aggravated identity theft; conspiracy to commit computer fraud, specifically unauthorized access to protected computers in connection with fraudulent bank transfers and domestic and international money laundering. Egypt's part in the Phry: The indictment alleges that co-conspirators in Egypt collected victims' bank account information by using information obtained from their phishing activities. Armed with the bank account information, members of the conspiracy hacked into accounts at two banks.
Once they accessed the accounts, the individuals operating in Egypt communicated via text messages, telephone calls and Internet chat groups with co-conspirators in the United States. Through these communications, members of the criminal ring coordinated the illicit online transfer of funds from compromised accounts to newly created fraudulent accounts. US part in the Phry: The United States part of the ring was through the perpetration of the defendants who directed trusted associates to recruit runners, who set up bank accounts where the funds stolen from the compromised accounts could be transferred and withdrawn. A portion of the illegally obtained funds withdrawn were then transferred via wire services to the individuals operating in Egypt who had originally provided the bank account information obtained via phishing. The corporation between the Egyptian law enforcement and the USA FBI and the rules that ruled this cooperation The start was information from the FBI to the Egyptian Force inform them about a criminal group in Egypt that use internet in professional way to hack into some American banks by the help of an American group and that the FBI is tracking that group about 2 years and they are sure about them Order was given to the check about that information and to work according to the Egyptian Law , a Form of Special Technical team was assign Technical cooperation was in Technical Ambush to down the proxy server (1) that the criminal group was use to keep all their activity away from the Egyptian law enforcement authorities All the action that the Egyptian Force taken with according to the Egyptian law The arrange between FBI and the Egyptian Force to do the arrestment operation in the same time in Egypt and USA
The corporation was in the principle of National sovereignty to each team, in the information side it was full corporation (1) proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly. A proxy server has many potential purposes, including: To keep machines behind it anonymous (mainly for security).[1] To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.[2] To apply access policy to network services or content, e.g. to block undesired sites. To log / audit usage, i.e. to provide company employee Internet usage reporting. To bypass security/ parental controls. To scan transmitted content for malware before delivery. To scan outbound content, e.g., for data leak protection. To circumvent regional restrictions.
The legislations in Egypt concerning that case Telecommunication Regulation Law No. 10 of Year 2003 Regulates telecommunication industry including internet services & net workings Established an national authority for managing the telecommunication utility, which National Telecommunication Regulatory Authority NTRA Regulates licensing of telecoms operators i.e. internet service providers Regulates the import, manufacture & assemble of telecommunications equipments Legally recognise & define important related technical matters i.e. operators, service providers, networks, interconnection etc; Set the criminal liability on different illegal actions, which considers cyber crimes i.e. unauthorized establishing or operating of telecommunication networks By passing international phone calls over internet (Voip); interception & recording of telecommunications content; hiding, changing, altering , obstructing of any telecommunication messages; Disclosure - without due - of right any information concerning telecommunication networks users, or their incoming or out going communications; Intentionally disturbs or harasses other party by misusing telecommunication equipments; Law No. 15 of Year 2004 Regulating Electronic Signature
& Establishing the Information Technology Industry Development Agency (ITIDA) Established a General Agency ( ITIDA), which is responsible of regulating the e signature services, & other activities related to electronic dealings and information technology industry, as well as, promoting ICTs industry, Also, reservation of intellectual property rights through depositing, recording & registering the original copies of computer software; Legally recognise & define important related matters i.e. e writing, e document, e signature, e medium, digital certificate etc; Legally recognise the e signature & e writing & documents, with the same conclusiveness prescribed for official & private writings & documents in Evidence laws Criminalize all forms of relevant illegal acts, for example: Damages or forgery of e signature, medium or e document; Uses of such faked electronic matters, while being aware of that; Obtaining without due right any of the above mentioned electronic matters, or penetrating such mediums or obstructing it, or inactivates the performance of its function. Egypts International Judicial Cooperation in Field of Combating Cyber Crime According to Article (151) of Egyptian Constitution, treaties concluded & ratified by Egypt have the same force of national laws; Egypts exchange mutual legal assistance through several international legal tools
References 1-Federal Bureau of investigations http://losangeles.fbi.gov/pressrel/2009/la100709.htm 2- Conversation with one of the Police officers in Egypt 3-Information from Judge Amr Abdelmoaty, President of Primary Court, Egypt

More Related Content

Phish phry operation

  • 1. Our group "Amr Safwat, "Nada Rady" and "Mohamed Zahran" The case Brief A Kickoff: What is Phishing? Phishing is a technique that involves sending email messages that appear to be official correspondence from banks or credit card vendors. In this process, bank customers are directed to fake websites purporting to be linked to financial institutions where the customers are asked to enter their account numbers, passwords and other personal identification information. Because the websites seem to be legitimate complete with bank logos and legal disclaimers customers do not realize that the websites do not belong to the legitimate financial institutions. Introduction: Phish Phry Operation: Operation Phish Phry commenced in 2007 when FBI agents, working with United States financial institutions, took proactive steps to identify and disrupt sophisticated criminal enterprises targeting the financial infrastructure in the United States. Investigators in both countries uncovered an international conspiracy allegedly operating an elaborate scheme to steal identities through a method commonly called phishing. The group is accused of conspiring to target American-based financial institutions and victimize an unknown number of account holders by fraudulently using their personal financial information. The multinational investigative effort resulted in 53 defendants being named in the federal indictment and 47 suspects being identified by Egyptian authorities. The domestic defendants were arrested in California, Nevada, and North Carolina. In California, defendants reside in the counties of Los Angeles, Orange, San Bernardino, Riverside, and San Diego. Egyptian-based hackers obtained bank account numbers and related personal identification information from an unknown number of bank customers through phishing Defendants were accused with conspiracy to commit wire fraud and bank fraud. Various defendants are charged with bank fraud; aggravated identity theft; conspiracy to commit computer fraud, specifically unauthorized access to protected computers in connection with fraudulent bank transfers and domestic and international money laundering. Egypt's part in the Phry: The indictment alleges that co-conspirators in Egypt collected victims' bank account information by using information obtained from their phishing activities. Armed with the bank account information, members of the conspiracy hacked into accounts at two banks.
  • 2. Once they accessed the accounts, the individuals operating in Egypt communicated via text messages, telephone calls and Internet chat groups with co-conspirators in the United States. Through these communications, members of the criminal ring coordinated the illicit online transfer of funds from compromised accounts to newly created fraudulent accounts. US part in the Phry: The United States part of the ring was through the perpetration of the defendants who directed trusted associates to recruit runners, who set up bank accounts where the funds stolen from the compromised accounts could be transferred and withdrawn. A portion of the illegally obtained funds withdrawn were then transferred via wire services to the individuals operating in Egypt who had originally provided the bank account information obtained via phishing. The corporation between the Egyptian law enforcement and the USA FBI and the rules that ruled this cooperation The start was information from the FBI to the Egyptian Force inform them about a criminal group in Egypt that use internet in professional way to hack into some American banks by the help of an American group and that the FBI is tracking that group about 2 years and they are sure about them Order was given to the check about that information and to work according to the Egyptian Law , a Form of Special Technical team was assign Technical cooperation was in Technical Ambush to down the proxy server (1) that the criminal group was use to keep all their activity away from the Egyptian law enforcement authorities All the action that the Egyptian Force taken with according to the Egyptian law The arrange between FBI and the Egyptian Force to do the arrestment operation in the same time in Egypt and USA
  • 3. The corporation was in the principle of National sovereignty to each team, in the information side it was full corporation (1) proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly. A proxy server has many potential purposes, including: To keep machines behind it anonymous (mainly for security).[1] To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.[2] To apply access policy to network services or content, e.g. to block undesired sites. To log / audit usage, i.e. to provide company employee Internet usage reporting. To bypass security/ parental controls. To scan transmitted content for malware before delivery. To scan outbound content, e.g., for data leak protection. To circumvent regional restrictions.
  • 4. The legislations in Egypt concerning that case Telecommunication Regulation Law No. 10 of Year 2003 Regulates telecommunication industry including internet services & net workings Established an national authority for managing the telecommunication utility, which National Telecommunication Regulatory Authority NTRA Regulates licensing of telecoms operators i.e. internet service providers Regulates the import, manufacture & assemble of telecommunications equipments Legally recognise & define important related technical matters i.e. operators, service providers, networks, interconnection etc; Set the criminal liability on different illegal actions, which considers cyber crimes i.e. unauthorized establishing or operating of telecommunication networks By passing international phone calls over internet (Voip); interception & recording of telecommunications content; hiding, changing, altering , obstructing of any telecommunication messages; Disclosure - without due - of right any information concerning telecommunication networks users, or their incoming or out going communications; Intentionally disturbs or harasses other party by misusing telecommunication equipments; Law No. 15 of Year 2004 Regulating Electronic Signature
  • 5. & Establishing the Information Technology Industry Development Agency (ITIDA) Established a General Agency ( ITIDA), which is responsible of regulating the e signature services, & other activities related to electronic dealings and information technology industry, as well as, promoting ICTs industry, Also, reservation of intellectual property rights through depositing, recording & registering the original copies of computer software; Legally recognise & define important related matters i.e. e writing, e document, e signature, e medium, digital certificate etc; Legally recognise the e signature & e writing & documents, with the same conclusiveness prescribed for official & private writings & documents in Evidence laws Criminalize all forms of relevant illegal acts, for example: Damages or forgery of e signature, medium or e document; Uses of such faked electronic matters, while being aware of that; Obtaining without due right any of the above mentioned electronic matters, or penetrating such mediums or obstructing it, or inactivates the performance of its function. Egypts International Judicial Cooperation in Field of Combating Cyber Crime According to Article (151) of Egyptian Constitution, treaties concluded & ratified by Egypt have the same force of national laws; Egypts exchange mutual legal assistance through several international legal tools
  • 6. References 1-Federal Bureau of investigations http://losangeles.fbi.gov/pressrel/2009/la100709.htm 2- Conversation with one of the Police officers in Egypt 3-Information from Judge Amr Abdelmoaty, President of Primary Court, Egypt