cybercrime – Memphis Flyer

My Facebook account was hacked last week. Not in some high-stakes, sexy cyber-spy way, as seen in the 1992 film Sneakers. My screen didn’t freeze as green text cascaded down in a digital waterfall. My cursor didn’t suddenly move with a mind of its own.

No, everything went on more or less as normal, except “I” sent a message — “Look who died” — with a link to a nonexistent website out to all 1,389 of my contacts.

I was none the wiser until I started getting Facebook messages, texts, and Slack and Twitter DMs to the effect of “Hey, man, I think you’ve been hacked.”

The Commercial Appeal’s Micaela Watts took a screenshot and posted it on my wall with a cheery note: “You done been hacked.” Another friend messaged me to say that getting one’s account hacked is bound to happen these days, “Just like Omicron, I guess.” That’s bleak.

My dear friend Olivia got thrown in Facebook “jail” for a few days because her (perfectly inoffensive) comment didn’t meet with the site’s Community Standards. The people in charge of flagging these things are, I imagine, bored nearly to death, so I’m not sure they make for the most reliable safety net.

I spent the next half hour or so in a flurry of online activity. I posted about the hack, warning my contacts not to click the bogus link. I notified Facebook’s security and privacy team. I haven’t heard back from them yet. I changed my password to something complicated and hard to remember, and I turned on two-factor authentication, so I have to input a code texted to my phone if I log in from an unfamiliar device. I spent the next two days responding to messages about the fishy message “I” had sent out to people. It was embarrassing and time-consuming, and I don’t recommend it as a pastime.

Before long, I noticed that I was logged in on two devices — and that one of them seemed to have an IP address from somewhere in Kentucky. I kicked the device off (you can do that from the Security and Login page, for future reference) before I remembered that Facebook had asked me earlier that day if I had “liked” a photo from Michael Donahue. I don’t remember seeing anything about a Kentucky-based IP address in that message, and since I do “like” many of Donahue’s photos, I didn’t think much of it. Whoever hacked my account must have looked at my recent activity to make sure their first move was one that wouldn’t arouse my suspicions. What a clever cyber criminal!

After the initial alarm, I realized that the fishy message I’d broadcast to everyone I know online was eerily similar to a message I had received a few days ago.

That’s right. I blundered into this cyber scam. Like the best Greek tragedies, it was all down to my hubris. You see, while I prefer email for work communications, I get messages every way you can imagine — snail mail, Twitter, Facebook. So when I received a message from, well, someone rather older than I am, I assumed a local celebrity had died and someone was sending me a tip. Yes, the method of delivery was tactless, and the grammar wasn’t going to make anyone’s high school English teacher proud, but that’s on par with at least half of the messages I’m sent. Besides, I spent six years as a copy editor, which means that I’m primed to expect most people to write poorly. And as a Millennial, I expect anyone older than Gen X to have trouble with PDFs and digital etiquette, just as I expect anyone in Gen Z to be baffled when expected to use a phone to actually call someone.

You see? Hubris.

In all likelihood, the message was garbled because it was written by either a bot or someone in a troll farm in Russia or North Korea. I wonder if some up-and-coming hacker graduated from digital training wheels to more rewarding, high-stakes cyber crime after they successfully duped me.

So yes, this was my fault, but consider how easy it was for me to fall prey to this scam. All it takes is divided attention. We need to treat cyber malfeasance as a threat to national security. Yes, even on social media. Because, while the democratic premise that everyone is entitled to an opinion is a beautiful thing, it also presents an easy-to-hit target. Our ability to reach a consensus is our most fragile point, and I can’t help but feel that everything from vaccination efforts to political discourse would have been less fraught without the influence of social media. It’s here to stay, though, so we’d best get better about navigating it safely.

In the meantime, though, take it from me and don’t be too proud to ask, “Did someone actually die or is this a spam link?”

A group of state Attorneys General want existing rules to protect children under 13 online expanded to include things like faceprints used to unlock consumers’ cellphones, health data from internet-connected smart watches, and kids’ genetic information.

Tennessee Attorney General Herbert Slatery joined 24 other AGs on a comment letter Monday sent to the Federal Trade Commission (FTC) urging an update to the Children’s Online Privacy Protection Act (COPPA). They want stronger rules prohibiting websites, mobile applications, and other digital marketing companies from collecting personal information from children under the age of 13 and using that information to track children across the internet.

“Without modification to the current rule, companies will continue to build profiles on children based on collected data,” Slatery said in a statement. “Those profiles will be used to target them for many decades to come.”
[pullquote-1] The letter also urges the FTC to clamp down on companies that embed code in children’s mobile applications and collect data in order to show children advertising based on their online behavior.

The AGs also urged the FTC to examine how the rules apply to school-issued laptops that are “free” so long as companies get to collect information from the students using them. Further, the attorneys general urged the FTC not to create exceptions to the rule that would allow massive websites like YouTube to skirt COPPA’s requirements.

”The internet has only grown more embedded, and more inextricably intertwined in citizens’ lives over the last twenty years, not less,” reads the letter. “As more and more of our lives are lived online, and as digital tools make their way into our schools and into our lives at ever-earlier ages, rules like the COPPA Rule must continue not only to exist, but grow and adapt to ever-changing regulatory landscapes.”

Read the full letter here:
[pdf-1]
Nigerian Extradited to Memphis for Alleged Cybercrime

A Nigerian man was extradited to Memphis recently to stand trial in a cybercrime scheme that targeted a Memphis real estate company and other individuals here.

Babatunde Martins, 64, was living in Accra, Ghana, but has been brought to Memphis, facing charges of wire fraud, money laundering, computer fraud, and aggravated identity theft. The announcement was made Monday by Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney D. Michael Dunavant of the Western District of Tennessee, and Special Agent in Charge M.A. Myers of the FBI’s Memphis Field Office.

The indictment against Martins and his associates claims they hacked servers and email systems of a Memphis real estate firm. The firm was not named in a news release.

The group used spoofed email addresses and Virtual Private Networks to identify large financial transactions with the real estate company. The group would then initiate fraudulent email correspondence with the relevant business parties. Then, they’d redirect closing funds through a network of U.S.-based money mules to final destinations in Africa. Commonly referred to as business-email compromise, or BEC, this aspect of the scheme caused hundreds of thousands in loss to companies and individuals in Memphis, according to law enforcement agencies.

Martin is also charged with perpetrating romance scams, fraudulent-check scams, gold-buying scams, advance-fee scams, and credit card scams. The indictment alleges that the proceeds of these criminal activities, both money and goods, were shipped and/or transferred from the United States to locations in Africa through a complex network of both complicit and unwitting individuals that had been recruited through the various internet scams.

Possible victims of online scams are urged to check this list of names, aliases used by Martins and his associates.

Five other individuals have pleaded guilty to being involved in the scheme. Two others, Olufalojimi Abegunde, 33, and Javier Luis Ramos-Alonso, 30, were convicted in March after a seven-day trial in the U.S. District Court for the Western District of Tennessee. Abegunde received a 78-month sentence and Ramos-Alonso received a 31-month sentence for their roles in the scheme. Several individuals remain at large.

All of the group’s activities are suspected to have caused millions of dollars worth of loss to victims across the globe.