Wednesday, October 15, 2003

SecurityFocus HOME News: Guilty Plea in Kinko's Keystroke Caper: "For nearly two years ending last December, Jiang's makeshift surveillance net raked in over 450 online banking passwords and user names from hapless Kinko's customers, according to the plea. He would use victims' financial information to open new accounts under their names, and then siphon money from their legitimate accounts into the new, fraudulent ones.

According to court records, the caper began unraveling last October, when Jiang had the bad luck to use a stolen GoToMyPC account to remotely control a victim's home computer while the victim was sitting in front of it. The victim, unnamed in court filings, watched as the PC's cursor began moving of its own accord, riffling through files, opening a browser window, and then establishing an account with online money transfer site Neteller.com under the victim's name. The victim had logged into the machine through GoToMyPC from a Kinko's on Seventh Avenue a few days earlier.

GoToMyPC's access logs captured Jiang's IP address, and after a brief investigation, the U.S. Secret Service raided the apartment Jiang shared with his mother in Queens. They seized books on hacking, a laptop computer and four desktop machines from Jiang's bedroom. Under questioning, Jiang, admitted sniffing passwords and usernames from Kinko's machines and selling them over the Internet, according to a Secret Service affidavit filed in the case. "

No comments: