The Motives of Internet Criminals: Why They Want Our Money

This chapter is from the book 

The Crimes

Money is the motive: Internet criminals change their tactics frequently and their strategy rarely. Their goal is constant.

Phishing

At one time, spam was used to advertise products. It is possible that some spammers of the old school still exist, and they actually intend to make good on their offer to sell penis potions, fake Viagra, ink-jet cartridges, or whatever. Or the spammer might just take note of your credit card number and billing address and sell it to another group of criminals who will run up as many charges on your account as they can before the credit card company blocks it.

Stealing credit card numbers or other personal information—in hacker lingo phishing—was the first form of professional Internet crime to gain widespread notice. The complacent belief that professional Internet crime was a myth propagated by Internet security companies quickly evaporated as people's Inboxes started to fill up with fake e-mails from banks they had never heard of telling them that their account details had been compromised.

The gangs are after any type of personal information they can use to obtain money: usernames and passwords for financial sites such as online banks, stock brokers, payment schemes, and so on. In some cases, the gangs are attempting to perform identity theft—applying for credit using the identity and credit history of someone else.

Phishing attacks are not unprecedented. Almost as soon as credit cards appeared, so did ways of stealing card numbers. Each card has the account number clearly printed on the front of the card to be seen by every shop assistant, waiter, and hotel clerk who accepts the card for a purchase. Fraudulent mail order companies are also set up. These usually operate legitimately for some time until they suddenly saturate their advertising channels with an offer that is too good to be true. The perpetrators charge the cards, take the money, and run.

Some phishing e-mails are easy to spot, but many are not. The criminals impersonate anyone they think people might give their credit card number to: banks, merchants, charities, and even politicians. An attack in 2004 sent e-mail that appeared to come from a presidential campaign. In 2005, many phishing attacks solicited money on behalf of charities to support victims of the Asian tsunami and the Katrina hurricane within hours of the event.

Phishing e-mails use a wide range of techniques to fool the victim. Obscure Web browser features are used to conceal the address bar showing the user which site is being visited. In some attacks, the user is directed to the real Web site of the brand being impersonated, and the phishing attack page appears separately in a pop-up window.

Click Here for the Egress

You are in a crowd listening to a carnival barker describing the attractions you are about to watch. He warns the audience to make sure they know where their wallet is, as pickpockets have been operating. The pickpockets watch as hands instinctively reach out to wallets: now they know who might be nervous about carrying a large amount of cash and where they keep it. The barker gets his cut later.

Security problems lead to the call to "raise public awareness." But merely raising awareness of a problem without telling people how to protect themselves is counterproductive.

Phishing attacks frequently use concern for security against their victims. Attack messages often contain detailed instructions describing how users should protect themselves against phishing spam, which would clearly identify the message as a fake. The phrase "Protect your security: Verify your account" has become a criminal cliché.

A legitimate e-mail was sent out providing Australians with ten tips to prevent identity theft. Within hours, criminals were sending out the same e-mail with tip ten changed to "Click here to verify your account."

User education is useful only when the advice can be acted on. Telling people "Beware" does no good. Telling people what to beware of is better. Telling people what to do is best.

Unfortunately as you will see later in this book, the state of Internet security is so poor that we cannot provide the concise and understandable safety instructions today that as we would wish. In 2004, the U.S. Federal Trade Commission began an online safety campaign with the advice Stop—Look—Ask. "Look" would be good advice if consumers could be expected to look at a typical Internet e-mail and determine if it were genuine. As of 2007, this is a difficult task that an expert might be unable to answer with confidence.

We must work to change the Internet infrastructure so that any user can tell if an e-mail is genuinely from a trusted source, without the need for any special expertise. Until that is achieved, the best user education we can give is to tell users about the scams the criminals are using to try to steal their money and to tell them to stop, think and ask (see Figure 1-4).

User education can help protect against visible danger. Impersonating a merchant, a lottery, or a famous brand is a threat that users can guard themselves against. User education cannot protect when the danger is hidden. A Trojan keylogger, a spy in the machine that watches as users log on to their online bank, is a challenge for even the most expert user.

Even this scam is not unique to the Internet. At one time, a gang would set up a fake ATM that would steal the card details of anyone trying to use it. More recently, the criminals have discovered that it is much easier to just attach some additional equipment to an existing ATM.

The problem of Trojan phishing has led some banks to introduce new authentication schemes that use the mouse for input rather than the keyboard. But some phishing gangs have already found ways to bypass this technique.

Stolen credentials are used as currency. A perpetrator needing information might offer five fulls for the first person to supply it. A full is a credit card number with the full name and billing address of the card holder. The value of a stolen card number on the black market varies according to the amount of supporting information available. There is little demand for raw card numbers, which are worth only pennies. Most valuable are COB (change of billing) card numbers, with an account username and password that allow the billing address of the card to be changed.

Conversion to Cash

Criminals are not really interested in credit card numbers; they want the money. We have already seen that criminal markets allow phishing criminals to sell stolen credit card numbers. They are only worth money to the buyer if he has a means of turning them into cash. This process is known in criminal circles as carding.

When the phishing epidemic began, it was possible for a perpetrator to use his stolen information to create fake ATM cards with PIN numbers that could easily be turned into cash. Today, carding is a much more difficult and risky crime. The crime markets are awash with stolen card numbers, and the prices paid for stolen cards reflect this.

A typical carding scheme was described in the hacker magazine Phrack.³ The perpetrator used the stolen card number to buy goods from a mail order outlet. After the goods were shipped, he would ask the shipper to change the delivery address to a location where he could safely collect them.

This scheme worked (for a time) by exploiting a loophole in the credit card security controls. The merchants would only ship the goods to the billing address on the card, but it was possible to reroute the package after shipping.

Turning card numbers into cash is the most time-consuming and risky aspect of credit card fraud, as many who have attempted to use the Phrack carding scheme have discovered. One of the factors that has until recently kept the problem of phishing in check is that supply of stolen card numbers has far exceeded demand. The sudden increase in phishing attacks, therefore, indicates that the fraud rings have discovered ways to turn large numbers of stolen credentials into cash.

Some carding gangs make fake credit cards that are resold to petty criminals. One of the pieces of evidence that points to an Eastern European origin for many of the carding frauds is that many of the fake cards end up being used in German department stores by Eastern European youths.

Making fake cards works, but counterfeiting physical objects is an approach from the age of atoms, not bits and is thus difficult to scale. Each recruit who is brought into the organization represents a risk. As soon as the organization grows beyond a certain size, the risk of detection becomes a certainty. In the real world, there is no honor among thieves, and the chance that a low-ranking member of an organization will be willing to trade information in return for a lighter sentence is good.

Recruitment is a major problem for any organization that has to operate clandestinely. When I was at Oxford, some of my fellow students complained that they were disappointed that nobody had ever asked them to join the Secret Service. But the recruitment problems of the British intelligence services are surely minor compared to those of James Bond's adversaries. Where, for example, do you go to find sufficient hired help to carve out the inside of a volcano without anyone noticing? How does a criminal mastermind go about recruiting dispensable henchmen?

Recruiting through the Internet scales much better. The advertisements do not need to reveal the true nature of the enterprise. The recruit thinks that he is a shipping facilitator, but to the carding ring, he is a dispensable mule.

The carding ring buys goods with the stolen credit card numbers, giving the home of the mule as the delivery address. The mule then calls an international shipping company that offers expedited delivery and sets up a pickup. These companies specialize in shipping goods door to door in a hurry. In most cases, the package is delivered within 36 hours, 48 at the outside. These services are not inexpensive, but the carding rings don't mind; they can pay using a stolen card.

This scheme is called package reshipping, and it is a form of receiving stolen goods. There is absolutely no legitimate business of this type. The mule is dispensable and replaceable. The carding rings know that it is a matter of when rather than if the mule is caught.

The fraud control systems of the credit card companies are designed to quickly identify the possible use of a stolen card. The carding rings use the mule to bypass these fraud control mechanisms long enough for the goods to be shipped overseas.

The carding schemes sometimes involve Internet auctions. The mules are told that a distribution company needs domestic agents for its product because the auction company "will not let them in its system." The mules are told that the distributor is being unfairly excluded; they either don't think to ask why or don't care.

The Last Mile

Communications companies used to talk about the problem of the "last mile." Deploying a new network for long-distance telephone or data communications is relatively easy. The cost of this infrastructure can be shared among thousands or hundreds of thousands of customers at the same time. The biggest expense is cabling the last mile to the customer, where the costs are not so widely shared.

Internet criminals face a similar problem. It is relatively easy for them to endlessly shuffle funds between bank accounts using the Web. Their problem is how to convert their stolen funds into cash without being caught in the process.

A common approach is to recruit money movers. These perform essentially the same function as the package-reshipping mules but transfer money rather than forwarding parcels of stolen goods.

Employment advertisements for this type of scheme offer positions with impressive titles such as finance manager, financial consultant, and finance director but turn out to have only one actual requirement: The recruit has to have his own bank account. The real name for these positions, of course, is money launderer.

The money mover is instructed to open an account with one or more of the Internet payment services that facilitate anonymous payments. There are (or rather were) several schemes of this type offering an Internet currency backed by either a hard currency such as the U.S. dollar or in some cases a precious metal such as gold, platinum, or silver. The commissions charged by the operators of these services are typically in the range of five percent per transaction, a rate that would generally be considered prohibitive for a legitimate transaction.

It is hard to understand why any legitimate customer would want to invest money in a "bank" that does not reveal its owners, its directors, or even its place of business; is neither licensed nor insured as a bank; and makes no financial reports.

Pump and Dump

One way to cash out that is rapidly gaining favor requires no direct financial route between the accounts of the victim and the accounts of the perpetrator.

In a traditional pump and dump scheme, the perpetrator touts a penny stock with false promises of a sure-fire rapid increase in price (the pump). If the stock chosen has a small trade volume, a small increase in demand can cause the price to escalate rapidly. When the price has risen sufficiently, the perpetrator sells all his stock, leaving the investors with worthless stock they will soon find they are unable to sell (the dump).

Pump and dump scams have circulated through spam for several years. In some cases, the e-mails are designed to fool the reader into thinking that he has been inadvertently sent a hot tip by mistake. In others, the spam is carefully crafted to appear to have been sent by a well-known investor information service. But such pitches still rely on the ability to convince people to buy, and the perpetrator has to time his exit from the position carefully; if he waits too long, someone else might unload his position, leaving him with a pile of worthless stock.

The solution that some criminals have found to this difficulty is to remove the element of choice on the part of the victim. The criminals gain access to the victim's accounts using a phishing attack and place orders for the junk stock on their behalf.

Premium Service Fraud

Premium rate telephone services allow a service provider to charge people calling their telephone number. Services on offer range from erotic conversation to phone sex. High prices are charged; a single call can cost $5 a minute or more.

From a security perspective, everything that can be wrong is wrong.

Telephone subscribers have no reliable way of knowing if a telephone number is a premium rate service or not. There is no way to know what rate is to be charged and no way to know if the advertised services will be provided. The result is fraud.

In theory, subscribers can opt to have premium rate numbers blocked, but they are expected to know to ask for it. In practice, they can have access to 900 numbers blocked, which is not the same thing.

A premium rate service is typically set up through a service bureau whose function is similar to that of a book publisher in that it performs the necessary technical functions to provide the service, collects money from the telephone companies, and pays royalties to the service provider less their own (substantial) fees.

In the early 1990s, many bureaus were not particularly diligent in checking the credentials of companies applying to establish an account. Complaints from fraudulently charged customers were a problem for the telephone company or the service provider. Both preferred to consider any problems to be the customer's fault.

The telephone companies understood that fraud was likely. To control risk to themselves, they adopted a rule that payments would only be made to service providers after the telephone subscribers had had the opportunity to review their bills and make a complaint. Dishonest service providers would not be paid.

Paying the service providers late was good for the telephone companies, but a cash-flow problem for the service providers waiting to be paid. Some service bureaus stepped in to solve this cash flow problem by offering to factor an account—that is, to pay the service provider as the payments were earned (less a fee).

Factoring solved the cash flow problem for the legitimate service providers but eliminated the only fraud control. The telephone companies did not much care, as they were making big profits from the service, and the only security problem they recognized was the risk of the company being unable to recover money that they had already paid out. This risk had been accepted by the service bureaus factoring the account. The risk to the customer and the potential for criminal profit were ignored.

Con artists quickly developed ruses to trick the unwary into calling the premium rate number unintentionally. Some hackers took a more direct approach and took over the private exchange systems of businesses so that they could make calls to their own premium rate lines.

Premium service fraud reached a completely new level as large numbers of computers were connected to the Internet through modems connecting to the telephone system. The first attack of this type to gain public attention was the Beavis and Butthead incident in 1997. This involved a program whose advertised purpose was to view movies. Two versions of the viewing program were distributed. The version of the program that most victims admitted to having used included cartoons of the MTV cartoon characters Beavis and Butthead. The other version catered to an interest in gynecology. The Beavis and Butthead viewer was a Trojan that reconfigured the victim's machine to silently dial a telephone number in Moldova.

The Moldovan telephone company, like many serving smaller countries at the time, was acting as a premium rate service bureau, splitting the inbound international calling charge with the content providers. Premium rate call blocking had no effect because it only blocked premium rate calls to a 900 premium rate number.

An Accountability Failure

It is easy to get lost in the technical details. The real failure is social, not technical. There were plenty of companies and governments that might have chosen to act. The reason they did not is a failure of accountability. Everyone who could have stopped the fraud pointed the finger back at someone else, leaving the consumer to bear the loss.

The central theory of this book is that the principle cause of Internet crime is the lack of accountability in the Internet architecture, and the solution to Internet crime is to establish an accountability infrastructure for the Internet. Accountability means taking responsibility when our online actions might result in harm to others. Accountability means deterring crime with the prospect of consequences. Accountability means accepting responsibility to protect others from harm.

Wherever possible, the tools chosen to establish this infrastructure are technical rather than governmental. This choice is pragmatic, not ideological. The legislative process rarely works well when forced to move at a rapid pace. Legislative action should be the last resort, not the first. Technologists made the Internet an attractive medium for Internet crime, and technologists must take the lead in making the Internet an unattractive medium for crime.

Premium rate fraud illustrates an important exception. Regulation or the threat of regulation is sometimes necessary to align responsibility with the ability to act. The problem of premium rate fraud was created by the telephone companies, not the consumer. It is the telephone companies that must act.

In the case of international premium rate frauds, the carriers can plausibly claim that regulation prevents them from acting. Payment for international connection charges is an international treaty obligation, and carriers are obliged to pay for charges their customers incur.

There are, however, measures the telephone companies can take, including covering the cost of this fraud with a surcharge on all calls to any country that facilitates it and in extreme cases refusing to carry any calls to that country. In 2004, the telephone regulator in Ireland became the first to take action: blocking calls to 13 countries linked to this type of fraud.⁴

A middle ground would be for regulators to require deployment of a mechanism that would only block automatically dialed numbers. When a person attempted to dial, he would hear a message that told him that because of repeated failure to control frauds, it was necessary to screen calls to that country. The caller would then be asked to repeat a word or phrase to demonstrate that the call was intended. The user experience would be suboptimal, particularly because of language issues. But this would be all the more encouragement for complacent (or complicit) governments to take this crime seriously.

Extortion

Protection rackets have long been a favorite of organized crime. The extortionists approach the owner of a business and suggest that they need "protection" in case trouble occurs. The unspoken threat is that, unless payment is made, the extortionists will create the trouble themselves.

Peter Cook, owner of The Establishment, a London comedy club, once recalled being threatened in this way by the Kray twins, a pair of notorious criminals then waging a campaign of terror in the East end of London. Fortunately, Cook was a quick thinker and replied, "Oh I don't think it's very likely that there will be any trouble, and in any case, there is a police station next door." Cook did not see them in his club again and later named them as gangsters in the satirical magazine Private Eye.

Online protection rackets follow the same basic scheme, but the "trouble" in this case is bringing down the victim's Web site and the perpetrators calling themselves "security consultants."

This type of attack is known as a denial of service (DoS) attack. Instead of stealing information or using the machine itself, the attacker denies the legitimate owner the use of his system.

New virus releases were at one time frequently followed by DoS attacks against well-known targets. An army of captured machines will send a stream of nonsense packets to the targeted service in hopes of overwhelming it. This is known as a distributed denial of service (DDoS) attack.

DoS attacks are relatively easy to perform and difficult to prevent. It is unlikely that attackers expect to successfully extort money from the high-profile targets that result in newspaper headlines. But these attacks still serve a practical criminal purpose: demonstration of a protection ring's ability to take out any system it chooses at a time of its choosing.

DoS attacks often target online betting sites before a major sports event likely to attract many wagers. The online gambling industry is somewhat controversial in the U.S., where it competes for revenues with state monopolies and has been made illegal in most states. As a result, the industry has moved offshore to a number of Caribbean havens where specialist ISPs cater to their needs.

Like many industries that operate at the fringe of legality, the online gambling industry is considered easy prey by organized crime. It is quite likely that, in addition to outright extortion attacks, some attacks are intended to keep a competitor off the net before a lucrative football game or boxing match.

Loss of profits is not as effective as physical violence when it comes to persuading the target not to contact law enforcement. In the UK, betting is a legal and respectable business. When a number of UK bookmakers were threatened by a protection ring, they called the police. A payment was made in a sting operation that led to several members of the ring being arrested as they tried to pick up the money from banks in Latvia.⁵

Advance Fee Fraud

Next to phishing, the most visible Internet fraud is advance fee fraud. Early versions of this fraud often originated from Nigeria, and the Internet version is often referred to as the Nigerian letter or 419 fraud, after the section of the Nigerian criminal code that deals with it. In this version of the scam, the perpetrator claims to be an official or businessperson who needs your help to move a large sum of money out of his country.

As the Nigerian letter version of the scam became a cliché, the fraud rings behind the scam developed endless variations on the same basic scheme. The e-mail may purport to come from practically any country, and the reasons cited for needing to move the money include payment of a ransom, diverting money from dormant bank account, or to prevent seizure of an inheritance. Another common tactic is to tell the recipient that he has won a lottery.

The sum of money is almost always large, usually $25 million or more, and your cut is never less than 10 percent. Some report that if you negotiate, you can increase this to 15 percent.

In a week, I get approximately 200 solicitations of this type purporting to come from Nigeria alone. At an average of $30 million per e-mail, that makes $300 billion a year, about twice Nigeria's total Gross Domestic Product.

In an advance fee fraud, the perpetrator offers the potential victim (the mark) an opportunity to make a lot of money if he pays some money in advance. When the mark replies to the offer, there will be some "problem" that will invariably require some money to be advanced for an "unexpected" cost: some paperwork to clear, an official to be bribed, and so on. The amounts start small but increase gradually so that each time the victim finds it easier to trust the con men and throw good money after bad rather than accept that their earlier investment is lost.

It is easy to see these schemes as outright frauds when you are alert to the danger and have your full wits about you. But many senior citizens do not, and many prefer not to report the crime in case people start thinking they might be senile.

The money does not always come from the mark. Olsman Mueller & James, a small law firm in Michigan, first found out that it had been a victim of advance fee fraud when a $36,000 settlement check to a client bounced. When the firm checked with the bank, it discovered that the client suspense accounts had been drained—more than $2.1 million in all. Ann Marie Poet, a 60-year-old grandmother who had been with the firm for nine years, was charged with 13 counts of wire fraud.

The charges alleged a Dr. Mbuso Nelson, who claimed to be an official with the Ministry of Mining in Pretoria, South Africa, had contacted Poet in January of that year promising a $4.5 million fee for helping Nelson transfer $18 million from South Africa to a bank account in the United States. Poet then "borrowed" from the firm to pay "expenses" that kept turning up, wiring amounts ranging from $9,400 to $360,000 to pay for fees such as "ecological damages," "currency fluctuation marginal difference" and a "drug, terrorists, and money laundering clearance certificate." Like many embezzlers before her, Poet soon discovered that, once started, she had little option but to keep going and hope that the confidence tricksters were telling the truth.

This fraud is a modern twist on what was known in the 1930s as the Spanish prisoner con when it appeared during the Spanish civil war, but the scheme is even older and has been used in various guises since at least the Middle Ages when the story went that a rich knight on crusade had been kidnapped, needed to be ransomed, and would reward any lord handsomely for assistance.

Reliable estimates of the scope of 419 fraud are hard to come by. The thousands of complaints made to the police are likely to be only a fraction of the total, because most victims are unlikely to report that they were conned while engaging in a criminal conspiracy. The Michigan case is not an isolated one:

• A couple in Minnesota lost $2,600 after they wired the money to pay "taxes" on a fake lottery win paid with a forged cashier's check.⁶
• Melbourne financial planner Kerry Francis was jailed for 4½ years for transferring more than $700,000 from clients into a Nigerian letter scam.⁷
• Cuttle and Isaacs, a New Zealand livestock broker, went bankrupt owing farmers $4 million after two directors of the firm embezzled from the firm to participate in a section 419 fraud.⁸

In February 2003, the Nigerian Consul to the Czech Republic, Mr. Michael Lekara Wayi, was shot dead by a 72-year-old pensioner swindled of his life savings in a 419 scheme. The U.S. Secret Service reports that a U.S. citizen was murdered in Nigeria in 1995 while he visited Nigeria in connection with an advance fee fraud and that many more people have gone missing.⁹

Although the fraud is not unique to Nigeria, the vast majority of the advance fee frauds being operated through the Internet come from Nigeria, where the fraud accounts for a significant proportion of the country's income. The Nigerian government has shown little interest in prosecuting 419 frauds, which is not surprising because corruption is endemic, and the country faces many other serious public order problems.

The Nigerian gangs have been linked to several other murders. The major cons often involve enticing the victim to visit Nigeria, where he will be entirely within his power. The victim is often told that he does not require a visa to visit Nigeria, and the gang often pays off the customs and immigration officials to allow him into the country. As the U.S. Secret Service puts it,¹⁰ "Because it is a serious offense in Nigeria to enter without a valid visa, the victim's illegal entry may be used by the fraudsters as leverage to coerce the victims into releasing funds."

One scam used by the con-men at this point is known as the wash-wash. The victim is taken to a hotel room, where he is shown a suitcase of what appears to have been money before it was covered in some sort of chemical dye. The victim is invited to pick any of the bills and take it to a washbasin, where an amount of scrubbing reveals a $100 bill. The bill is actually counterfeit, covered in washable ink or a combination of petroleum jelly and iodine. The money will be his after he pays for the removal agent. It's the same advance fee fraud in a new guise.

After exhausting every means of tricking the victim out of his money, the gang switches to violence. The victim is kept hostage until the gang is convinced it has drained his wallet completely. Only then is the victim released. In some cases, the gang is nice enough to give the victim a lift to his national embassy, where he can apply for a loan to buy an air ticket to return home. Sometimes the victim disappears.

You might be wondering if there are organizations to help the victims of these schemes. There are.

These investigators will call up victims of 419 frauds to report that the Nigerian police have arrested a gang and offer to use their local knowledge of the banking system to reclaim whatever is left of the stolen money in return for a small fee and percentage of the amount recovered.

Of course, the Nigerian police has not arrested the gang, and the real way the "investigator" got the name is that he is part of the same gang who stole the money the last time. This is re-victimization, or re-vic fraud. After all, if they fell for it the last time, they will probably fall for it a second time.

Franchising Fraud

The sheer scale of the 419 scams is self-defeating; it makes no sense to bombard a person with 20 messages a week, let alone 20 messages that look suspiciously similar. Even more peculiar is the fact that would-be 419 scam perpetrators seem unable to learn from the tricks played on them by groups such as 419eater.com who make a sport of them.

The people behind the Web site make fun of would-be perpetrators of 419 frauds by "baiting" them with unlikely stories of their own. Each of the section headings on the 419eater.com Web site consists of a person holding a handwritten sign with the heading. Each is a would-be 419 fraud perpetrator who has been tricked into providing the photograph as "proof" that he is genuine. The trophy room contains hundreds of similar pictures, most showing a different perpetrator. Some show the perpetrators posed in embarrassing positions. One even carries a sign saying "Baiting is my favorite sport."

It is not unusual for a con man to be conned himself, but the tactics used by the scam baiters are as scripted as those used by the perpetrators. The tricks would quickly stop working if the perpetrators were talking to each other. This is itself an interesting fact because most of the scams originate from a relatively small geographical region. The scam would not continue if it was unprofitable, yet remarkably little effort seems to be taken to adapt to the publicity surrounding the scam. The vast majority of the 419 letters follow the original scheme.

An intriguing possibility is that there is a scam within the scam. The people sending the 419 letters might themselves be the dupes of an advance fee fraud, paying for the software tools and mailing lists necessary to set themselves up in a "business" they believe will make them a fortune. The would-be scammer might even be allowed to "earn back" some of his initial investment before being asked to forward a much larger sum.

This hypothesis would explain some of the odder features of the 419eater.com site, such as the fact that many of the photographs are taken in front of the same backdrop. The photographer would surely remark on the curious nature of the signs and warn the scammer that he had been fooled. Unless, of course, the photographer was working with the ring running the fraud within the fraud, and one of the ways that the rings extract money from their victims is to sell them photographs, forged documents, and so on.

Regardless of whether the rise in traditional 419 attacks is due to the fraud rings franchising their underperforming scams or some other reason, the fraud rings have been aggressive in developing new variations on the same theme.

One of these new "products" targets the sale of expensive goods such as luxury used cars through online ads. The vendor lists an expensive car such as a Mercedes on an online used car site for say $50,000 and is surprised to receive an offer to pay $6,000 more than the asking price with the proviso that the vendor forward the additional money to another party such as a shipper or a freight forwarder as part of the deal.

The vendor receives a cashier's check for $56,000, which normally clears three days after deposit. The vendor then wires $6,000 to the "freight forwarder" as per the agreement. A few days later, the bank cancels out the credit for the fraudulent cashier's check despite previously reporting it as "cleared." The vendor has lost the $6,000 wired to the "freight forwarder."

Other forms of advance fee fraud include a bogus "National Scholarship Fund" that would pay students scholarships of $2,500 to $6,500 after they had paid a "registration fee" of $100. Loan frauds are also common; the victim is told that he has qualified for a loan that will be paid as soon as he remits his first payment.

Copyright Theft

The one major form of Internet crime I do not try to provide a solution for in this book is theft of copyright work. Theft of copyright works is a major and growing problem. The Internet has led to a major increase in theft of copyright work. If copyright theft continues to grow, it might become impossible to finance the production of feature films costing a hundred million dollars or more.

Copyright is limited by the doctrine of "fair use," and for good reason. Every form of art borrows from others. The tune of Memories by Andrew Lloyd Webber sounds remarkably similar to Ravel's Bolero. The plot of The Forbidden Planet is essentially Shakespeare's Tempest. More importantly, the right to earn a living from copyright works is a net benefit to society. The "right" to suppress criticism through control of copyright works is not.

Fair use does not, however, mean that a person who has paid for one copy of a film or an album should be able to share it with the rest of the world for free. Extracting profit due to the content creator by facilitating "exchange" of copyright material is simply not a legitimate business.

I do not deal with the issue of copyright theft because the conditions for success do not exist. Faced with the major threat of Internet copyright infringement, the lobbying organizations for the content owners are still engaged in attempts to obtain retrospective extension of the lifetime of their copyrights. While the representatives of the U.S. recording industry were pleading the need for longer copyright terms and stronger enforcement methods to protect the livelihood of their artists, they slipped a provision into the Digital Millennium Copyright Act (DMCA) of 1999, which effectively transferred rights from the artists to the recording company by retrospectively redefining the status of the work.

The underlying problem here is that the Internet does much more than increase the threat of piracy; it changes the business model for the recording industry. The role of capital is reduced, and distributors will no longer act as gatekeepers. Power has shifted from the labels to the artist. The film industry has already undergone a similar transformation in the 1950s with the demise of the studio system. The recording industry understands that it now faces the same change.

It is not possible to effect a plan to protect against a criminal nuisance without a widespread consensus on the result to be achieved. Such consensus is impossible when neither side of the argument will accept realistic goals. If, however, it is shown that action can be effective against phishing and extortion, there will be much more incentive for both sides in this dispute to come to mutually acceptable terms.