Romania home base for EBay scammers
This small industrial center in the foothills of the Carpathian Mountains is not Albena Spasova’s favorite destination. Driving the twisting highway makes her ill. Once she arrives, danger lurks.
U.S. Secret Service agents escort her, for her safety. Over the last two years, they have kept watch on dozens of trips, some lasting weeks, others months, as she has spent long days foraging through case files with local police and long nights holed up in one of the town’s few hotels, with her windows locked.
“You don’t know who to trust there. You can’t use the hotel phone line. When you step outside, you can spot the local hackers in their cars, circling around,” said Spasova, 33. “The Secret Service agents always book my accommodation and make sure I’m in a room next to them.”
Ramnicu Valcea is an improbable capital of anything, but this obscure town is a global center of Internet and credit card fraud. And Spasova is an accomplished online fraud buster, helping to take down cyber-crime gangs across Romania. She isn’t an FBI agent, though, nor a Romanian police officer.
Spasova works for EBay Inc.
No one, it turns out, does Internet auction fraud like the Romanians. Bulgarians specialize in intellectual property theft; Ukraine is a leader in online credit card crime; the Russians have a profitable niche in Internet dating fraud.
But when it comes to online auctions, particularly for big-ticket items such as cars that can yield $5,000 a scam, Romanians own the game. Romanian police estimate that cyber-crime is now a multimillion-dollar national industry, as important to organized criminals here as drug smuggling or human trafficking.
The Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center, ranks Romania fifth in its table of naughty nations. But most experts agree that doesn’t give Romanian criminals their due. Much of the cash being made on auction fraud reported as originating in the U.S., Canada, Britain, Spain or Italy is actually being picked up in those countries by Romanian money mules. An EBay fraud ring busted last year in Chicago, for example, has been traced to Pitesti, Romania.
EBay, which doesn’t even operate a site in Romania, won’t talk dollar figures but acknowledges that the country is the No. 1 source of “professional fraud.” On a November 2006 visit to the Romanian capital, Bucharest, FBI Director Robert Mueller said the vast majority of Internet fraud committed on “one prominent U.S. online auction website is connected to Romania or Romanians.”
That poses a problem for EBay. The San Jose-based auction giant has built its popularity and staked its reputation on self-policing feedback. Its system depends on buyers and sellers trusting one another -- to send money and to deliver the goods. Yet EBay users are the daily targets of phishing scams, spoof e-mails and fake listing attacks. Such schemes don’t cost EBay any money. But some of its customers pay dearly. And they expect EBay to do something about it.
“The fraudsters need to know we’re coming after them,” said Rob Chesnut, Spasova’s boss and a former federal prosecutor who set up EBay’s Trust and Safety division. “EBay doesn’t have a product. We are in the trust business: making people feel comfortable doing business with someone they don’t know,” he said. “If the bad guys have no fear of prosecution, they will continue to try to defraud users. So there has to be a cost to trying.”
Romania is a grim place in more ways than one. Former pro-Nazi regime, then Soviet outpost, then weird Communist dictatorship and now developing nation: Per-capita income here is just one-third the European Union average. Fearing a flood of cheap labor, most European countries have barred or restricted Romanians from job hunting in their countries.
The country is dotted with shuttered factories, such as the Aerofina plant on the outskirts of Bucharest, opposite a potholed parking lot. This plant once built missile launchers and ejector seats for the Romanian air force’s MiG-15s.
These days, though, there’s something different going on here. Spread across the factory’s dimly lighted third floor, 30 young Softwin computer programmers tap softly at their keyboards, tuning up the antivirus engines that power BitDefender, a software package starting at $25 that detects new computer viruses and releases programs to fight them.
In the last two years, BitDefender has been named a “Best Buy” by PC World magazine and garnered other kudos from Consumer Reports and the website TopTenReviews. IBM was impressed enough that it recently inked a deal to integrate BitDefender’s anti-spyware and anti-virus smarts into its own virus prevention system.
Surprisingly, Romania has more than its fair share of homegrown computer security talent. Besides Softwin, the Bucharest firm GeCAD provided the technology for Microsoft’s Windows Live OneCare anti-virus engine. Another half a dozen independent anti-virus companies, among them AxelSoft, Avira and Provision, are active in the capital; 11 more have been bought by foreign firms in the last four years.
Why here? “The respect for math is inside every family, even simple families, who are very proud to say their children are good at mathematics,” said Radu Gologan, a senior research scientist at the Institute of Mathematics in downtown Bucharest.
And the country has years of experience with computers. In the 1980s, Romania was considered a Soviet satellite state, but dictator Nicolae Ceausescu hated bowing to the Russians. He refused to buy computers from Moscow, demanding that Romania build its own. While the Bulgarians built personal computers, Romania specialized in minicomputers such as the Felix C, based on Honeywell Bull’s C11.
Florin Talpes, now a local entrepreneur, learned the art of reverse engineering at the Institute for Technology, Computing and Informatics.
“We would get hold of a minicomputer . . . and take it apart, reverse-engineering the operating system, the networking software, the hardware,” Talpes said. “We developed a deep understanding, to the level of bits, of computing architecture, processing and software applications. We did it so that we could design a better operating system, better software, better hardware.”
Forced to learn every bit of American silicon, every line of code, a generation of Romanians developed an aptitude for delving into the innards of machine code, using reverse engineering to deconstruct, anticipate and destroy viruses.
But if you’re good at fixing the problems, you’re also good at creating them. If you can stop viruses or Internet fraud, you’re also in a position to make them happen.
‘Second chance’ scams
A classic Romanian scam is the “second chance auction.” The mark: an EBay user who has narrowly lost an auction. The scammers can see that the user was prepared to spend, say, $145 on a particular item. They will then try to guess the user’s e-mail address so that they can make contact off the EBay platform to offer a second chance to buy the item. Users commonly have the same e-mail address as their EBay user name, so the scammers may send out 50 e-mail messages using an EBay user name and the most common domain names such as Gmail, Hotmail and Yahoo.
The Romanian scammers then cook up elaborate stories to persuade their victims to send money via unrecoverable methods such as Western Union -- even instructing people not to tell Western Union the payment is for an EBay transaction, claiming Western Union will charge them an EBay surcharge of 10% (it doesn’t), and instead to say they’re sending money to their Romanian cousin.
FBI Special Agent Gary Dickson, who works out of the U.S. Embassy in Bucharast helping EBay and other Internet companies chase down online auction and credit card fraudsters, says Romanian criminals are getting smarter.
“These gangs are very professional and take pains to avoid being detected,” Dickson said. “They are highly organized and compartmentalized and use lots of middlemen. Everyone has a different job to do, and they communicate in different ways to avoid being intercepted. The whole operation is run just like a business.”
A typical gang might have a “copy and paste” department, responsible purely for e-mailing pre-written scripts in reply to questions from EBay bidders. Some workers might create or buy phishing or escrow websites; another acquires fraudulent credit card details; others get fake IDs for couriers. The gang might hire a dozen students via online job boards, renting them an apartment where they do nothing but copy and paste e-mails. After maybe three months, this “factory” will disband as the gang moves elsewhere.
It’s old-style fraud using high-tech tools. Romanian scammers are fond of using prepaid wireless modems that make it easier for them to avoid being traced. Some gangs also set up their own Internet service providers to escape or delay detection.
EBay’s crime fighters
Spasova -- backed up by an EBay developer, analyst and data administrator -- began hunting down Romanian fraudsters for the online auctioneer in 2005. The first time she traveled to Ramnicu Valcea, she found just two law enforcement officers trying to clear a backlog of more than 200 EBay cases, armed with one 9-year-old computer and no Internet connection. To go online, the police had to use the same Internet cafes frequented by the fraudsters.
“There are a lot of scammers in Romania who believe they are untouchable, immune,” EBay’s Chesnut says. “They’re sitting in their apartments in Ramnicu Valcea feeling like, ‘There’s no way EBay is going to get me.’ ”
But Spasova knew the situation wasn’t hopeless -- if local authorities could get more training and technical help.
Spasova, Bulgarian by birth, was educated at a Bucharest university and worked for the American Bar Assn. after the fall of communism in the region, promoting law reform in Moldova and Bulgaria. By the end of the 1990s, she was helping the association train law enforcement officers, judges and prosecutors to counter money laundering and the emerging threat of cyber-crime.
“Even in 2001, I was meeting judges who thought cyber-crime was someone stealing a computer,” she says.
To give the Romanian police a fighting chance, EBay has donated computers, digital cameras and Internet connections. In her first 12 months on the job, Spasova established relationships with law enforcement officers in 24 of Romania’s 42 districts and with local ISPs.
After she had won their confidence, Spasova and her small team began working cases with local police, matching evidence with data from EBay’s Fraud Investigation Team database, such as the Internet protocol addresses, which are unique to each computer, used when a fraudulent auction was posted -- the sort of information that could help police pinpoint the scammers’ location and begin surveillance. Through Spasova, the U.S. Secret Service also pitched in, donating forensic software and providing intelligence on fraud networks from its field agents.
But moving cases from the investigative to the judicial stage is another challenge. Spasova has been educating Romanian prosecutors too, explaining the nuances of phishing and other ways in which EBay accounts are compromised “so that when a prosecutor goes to a judge, he can use layman’s language rather than terms the judge will not be familiar with.”
In the last two years, Spasova and her colleagues have trained hundreds of prosecutors and a magistrate from each province on dealing with cyber-crime.
Virgil Spiridon, chief of the Romania national police’s 4-year-old cyber-crime unit, rattles off some of the headway his team of 10 investigators has been making.
“Last year, 115 people were arrested and 831 crimes identified by police,” Spiridon reads from his notebook. “We pressed charges against 61 people, identified 65 organized groups and 28 cases have been sent to the courts.” He pauses and looks up.
“But we are running to keep up.”
Most of the arrests to date have been of low-level couriers and money mules -- the bagmen, not the brains at the top, the FBI’s Dickson said. Likewise, Spasova acknowledges the mammoth task that still lies ahead of the chronically understaffed and underfunded Romanian police.
“In Ramnicu Valcea, police raided a local Internet cafe and arrested kids doing fraud,” she says. “But two hours later, they returned and found others had taken their place.”
There are cultural and structural obstacles too. Under Romanian law, for example, victims of Internet fraud must send police a signed complaint and be represented at the hearing, which makes pressing a case on behalf of an American EBay customer nearly impossible.
“The judicial process can take forever,” Spasova says. “Because the victims aren’t present, there is no sense of immediacy. It’s hard to know who to trust when the mothers and fathers of fraudsters know the mother and father of the judge or local politicians.”
Romania has taught EBay a lesson: the importance of “addressing a problem region before we have a problem,” said Matt Henley, senior manager of EBay’s Technical Investigations and Analysis Group, who has spent time with Spasova in Romania. Henley says EBay is now alert to threats from “regions we weren’t paying attention to” and, thanks to Romania, has a ready-to-deploy government-relations-in-a-box program it can take anywhere in the world.
Spasova has a new assignment from EBay: persuading Interpol, Europol and law enforcement agencies across Europe to communicate directly with one another and EBay on cyber-crime issues. But her jaunts to Ramnicu Valcea will continue.
“Even though these frauds are not happening on our platform, we’re not showing a loss, and there are no victims in court . . . we’re sending out a message that someone is taking care of this,” she says.