tricky

Malware forges online bank statements to hide fraud

business, science, security / /

From Kim Zetter’s “New Malware Re-Writes Online Bank Statements to Cover Fraud” (Wired: 30 September 2009):

New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report.

The sophisticated hack uses a Trojan horse program installed on the victim’s machine that alters html coding before it’s displayed in the user’s browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances.

The ruse buys the crooks time before a victim discovers the fraud, though won’t work if a victim uses an uninfected machine to check his or her bank balance.

The novel technique was employed in August by a gang who targeted customers of leading German banks and stole Euro 300,000 in three weeks, according to Yuval Ben-Itzhak, chief technology officer of computer security firm Finjan.

The victims’ computers are infected with the Trojan, known as URLZone, after visiting compromised legitimate web sites or rogue sites set up by the hackers.

Once a victim is infected, the malware grabs the consumer’s log in credentials to their bank account, then contacts a control center hosted on a machine in Ukraine for further instructions. The control center tells the Trojan how much money to wire transfer, and where to send it. To avoid tripping a bank’s automated anti-fraud detectors, the malware will withdraw random amounts, and check to make sure the withdrawal doesn’t exceed the victim’s balance.

The money gets transferred to the legitimate accounts of unsuspecting money mules who’ve been recruited online for work-at-home gigs, never suspecting that the money they’re allowing to flow through their account is being laundered. The mule transfers the money to the crook’s chosen account. The cyber gang Finjan tracked used each mule only twice, to avoid fraud pattern detection.

The researchers also found statistics in the command tool showing that out of 90,000 visitors to the gang’s rogue and compromised websites, 6,400 were infected with the URLZone trojan. Most of the attacks Finjan observed affected people using Internet Explorer browsers …

Finjan provided law enforcement officials with details about the gang’s activities and says the hosting company for the Ukraine server has since suspended the domain for the command and control center. But Finjan estimates that a gang using the scheme unimpeded could rake in about $7.3 million annually.

Malware forges online bank statements to hide fraud Read More »

Various confidence scams, tricks, & frauds

business, history, law, science, security / /

From “List of confidence tricks” (Wikipedia: 3 July 2009):

Get-rich-quick schemes

Get-rich-quick schemes are extremely varied. For example, fake franchises, real estate “sure things”, get-rich-quick books, wealth-building seminars, self-help gurus, sure-fire inventions, useless products, chain letters, fortune tellers, quack doctors, miracle pharmaceuticals, Nigerian money scams, charms and talismans are all used to separate the mark from his money. Variations include the pyramid scheme, Ponzi scheme and Matrix sale.

Count Victor Lustig sold the “money-printing machine” which could copy $100 bills. The client, sensing huge profits, would buy the machines for a high price (usually over $30,000). Over the next twelve hours, the machine would produce just two more $100 bills, but after that it produced only blank paper, as its supply of hidden $100 bills would have become exhausted. This type of scheme is also called the “money box” scheme.

The wire game, as depicted in the movie The Sting, trades on the promise of insider knowledge to beat a gamble, stock trade or other monetary action. In the wire game, a “mob” composed of dozens of grifters simulates a “wire store”, i.e., a place where results from horse races are received by telegram and posted on a large board, while also being read aloud by an announcer. The griftee is given secret foreknowledge of the race results minutes before the race is broadcast, and is therefore able to place a sure bet at the wire store. In reality, of course, the con artists who set up the wire store are the providers of the inside information, and the mark eventually is led to place a large bet, thinking it to be a sure win. At this point, some mistake is made, which actually makes the bet a loss. …

Salting or to salt the mine are terms for a scam in which gems or gold ore are planted in a mine or on the landscape, duping the greedy mark into purchasing shares in a worthless or non-existent mining company.[2] During the Gold Rush, scammers would load shotguns with gold dust and shoot into the sides of the mine to give the appearance of a rich ore, thus “salting the mine”. …

The Spanish Prisoner scam – and its modern variant, the advance fee fraud or Nigerian scam – take advantage of the victim’s greed. The basic premise involves enlisting the mark to aid in retrieving some stolen money from its hiding place. The victim sometimes believes he can cheat the con artists out of their money, but anyone trying this has already fallen for the essential con by believing that the money is there to steal (see also Black money scam). …

Many conmen employ extra tricks to keep the victim from going to the police. A common ploy of investment scammers is to encourage a mark to use money concealed from tax authorities. The mark cannot go to the authorities without revealing that he or she has committed tax fraud. Many swindles involve a minor element of crime or some other misdeed. The mark is made to think that he or she will gain money by helping fraudsters get huge sums out of a country (the classic Nigerian scam); hence marks cannot go to the police without revealing that they planned to commit a crime themselves.

Gold brick scams

Gold brick scams involve selling a tangible item for more than it is worth; named after selling the victim an allegedly golden ingot which turns out to be gold-coated lead.

Pig-in-a-poke originated in the late Middle Ages. The con entails a sale of a (suckling) “pig” in a “poke” (bag). The bag ostensibly contains a live healthy little pig, but actually contains a cat (not particularly prized as a source of meat, and at any rate, quite unlikely to grow to be a large hog). If one buys a “pig in a poke” without looking in the bag (a colloquial expression in the English language, meaning “to be a sucker”), the person has bought something of less value than was assumed, and has learned firsthand the lesson caveat emptor.

The Thai gem scam involves layers of con men and helpers who tell a tourist in Bangkok of an opportunity to earn money by buying duty-free jewelry and having it shipped back to the tourist’s home country. The mark is driven around the city in a tuk-tuk operated by one of the con men, who ensures that the mark meets one helper after another, until the mark is persuaded to buy the jewelry from a store also operated by the swindlers. The gems are real but significantly overpriced. This scam has been operating for 20 years in Bangkok, and is said to be protected by Thai police and politicians. A similar scam usually runs in parallel for custom-made suits.

Extortion or false-injury tricks

The badger game extortion is often perpetrated on married men. The mark is deliberately coerced into a compromising position, a supposed affair for example, then threatened with public exposure of his acts unless blackmail money is paid.

The Melon Drop is a scam in which the scammer will intentionally bump into the mark and drop a package containing (already broken) glass. He will blame the damage on the clumsiness of the mark, and demand money in compensation. This con arose when artists discovered that the Japanese paid large sums of money for watermelons. The scammer would go to a supermarket to buy a cheap watermelon, then bump into a Japanese tourist and set a high price.

Gambling tricks

Three-card Monte, ‘Find The Queen’, the “Three-card Trick”, or “Follow The Lady”, is (except for the props) essentially the same as the probably centuries-older shell game or thimblerig. The trickster shows three playing cards to the audience, one of which is a queen (the “lady”), then places the cards face-down, shuffles them around and invites the audience to bet on which one is the queen. At first the audience is skeptical, so the shill places a bet and the scammer allows him to win. In one variation of the game, the shill will (apparently surreptitiously) peek at the lady, ensuring that the mark also sees the card. This is sometimes enough to entice the audience to place bets, but the trickster uses sleight of hand to ensure that they always lose, unless the conman decides to let them win, hoping to lure them into betting much more. The mark loses whenever the dealer chooses to make him lose. This con appears in the Eric Garcia novel Matchstick Men and is featured in the movie Edmond.

A variation on this scam exists in Barcelona, Spain, but with the addition of a pickpocket. The dealer and shill behave in an overtly obvious manner, attracting a larger audience. When the pickpocket succeeds in stealing from a member of the audience, he signals the dealer. The dealer then shouts the word “aqua”, and the three split up. The audience is left believing that “aqua” is a code word indicating the police are coming, and that the performance was a failed scam.

In the Football Picks Scam the scammer sends out tip sheet stating a game will go one way to 100 potential victims and the other way to another 100. The next week, the 100 or so who received the correct answer are divided into two groups and fed another pick. This is repeated until a small population have (apparently) received a series of supernaturally perfect picks, then the final pick is offered for sale. Despite being well-known (it was even described completely on an episode of The Simpsons and used by Derren Brown in “The System”), this scam is run almost continuously in different forms by different operators. The sports picks can also be replaced with securities, or any other random process, in an alternative form. This scam has also been called the inverted pyramid scheme, because of the steadily decreasing population of victims at each stage.

Visitors to Las Vegas or other gambling towns often encounter the Barred Winner scam, a form of advance fee fraud performed in person. The artist will approach his mark outside a casino with a stack or bag of high-value casino chips and say that he just won big, but the casino accused him of cheating and threw him out without letting him redeem the chips. The artist asks the mark to go in and cash the chips for him. The artist will often offer a percentage of the winnings to the mark for his trouble. But, when the mark agrees, the artist feigns suspicion and asks the mark to put up something of value “for insurance”. The mark agrees, hands over jewelry, a credit card or their wallet, then goes in to cash the chips. When the mark arrives at the cashier, they are informed the chips are fake. The artist, by this time, is long gone with the mark’s valuables.

False reward tricks

The glim-dropper requires several accomplices, one of whom must be a one-eyed man. One grifter goes into a store and pretends he has lost his glass eye. Everyone looks around, but the eye cannot be found. He declares that he will pay a thousand-dollar reward for the return of his eye, leaving contact information. The next day, an accomplice enters the store and pretends to find the eye. The storekeeper (the intended griftee), thinking of the reward, offers to take it and return it to its owner. The finder insists he will return it himself, and demands the owner’s address. Thinking he will lose all chance of the reward, the storekeeper offers a hundred dollars for the eye. The finder bargains him up to $250, and departs.…

The fiddle game uses the pigeon drop technique. A pair of con men work together, one going into an expensive restaurant in shabby clothes, eating, and claiming to have left his wallet at home, which is nearby. As collateral, the con man leaves his only worldly possession, the violin that provides his livelihood. After he leaves, the second con man swoops in, offers an outrageously large amount (for example $50,000) for such a rare instrument, then looks at his watch and runs off to an appointment, leaving his card for the mark to call him when the fiddle-owner returns. The mark’s greed comes into play when the “poor man” comes back, having gotten the money to pay for his meal and redeem his violin. The mark, thinking he has an offer on the table, then buys the violin from the fiddle player (who “reluctantly” sells it eventually for, say, $5,000). The result is the two conmen are $5,000 richer (less the cost of the violin), and the mark is left with a cheap instrument.

Other confidence tricks and techniques

The Landlord Scam advertises an apartment for rent at an attractive price. The con artist, usually someone who is house-sitting or has a short-term sublet at the unit, takes a deposit and first/last month’s rent from every person who views the suite. When move-in day arrives, the con artist is of course gone, and the apartment belongs to none of the angry people carrying boxes.

Change raising is a common short con and involves an offer to change an amount of money with someone, while at the same time taking change or bills back and forth to confuse the person as to how much money is actually being changed. The most common form, “the Short Count”, has been featured prominently in several movies about grifting, notably Nueve Reinas, The Grifters and Paper Moon. A con artist shopping at, say a gas station, is given 80 cents in change because he lacks two dimes to complete the sale (say the sale cost is $19.20 and the con man has a 20 dollar bill). He goes out to his car and returns a short time later, with 20 cents. He returns them, saying that he found the rest of the change to make a dollar, and asking for a bill so he will not have to carry coins. The confused store clerk agrees, exchanging a dollar for the 20 cents the conman returned. In essence, the mark makes change twice.

Beijing tea scam is a famous scam in and around Beijing. The artists (usually female and working in pairs) will approach tourists and try to make friends. After chatting, they will suggest a trip to see a tea ceremony, claiming that they have never been to one before. The tourist is never shown a menu, but assumes that this is how things are done in China. After the ceremony, the bill is presented to the tourist, charging upwards of $100 per head. The artists will then hand over their bills, and the tourists are obliged to follow suit.

Various confidence scams, tricks, & frauds Read More »

Crazy anti-terrorism plans that worked

history, law, politics, security / /

From a Special Operations officer quoted in Tom Ricks’s Inbox (The Washington Post: 5 October 2008):

One of the most interesting operations was the laundry mat [sic]. Having lost many troops and civilians to bombings, the Brits decided they needed to determine who was making the bombs and where they were being manufactured. One bright fellow recommended they operate a laundry and when asked “what the hell he was talking about,” he explained the plan and it was incorporated — to much success.

The plan was simple: Build a laundry and staff it with locals and a few of their own. The laundry would then send out “color coded” special discount tickets, to the effect of “get two loads for the price of one,” etc. The color coding was matched to specific streets and thus when someone brought in their laundry, it was easy to determine the general location from which a city map was coded.

While the laundry was indeed being washed, pressed and dry cleaned, it had one additional cycle — every garment, sheet, glove, pair of pants, was first sent through an analyzer, located in the basement, that checked for bomb-making residue. The analyzer was disguised as just another piece of the laundry equipment; good OPSEC [operational security]. Within a few weeks, multiple positives had shown up, indicating the ingredients of bomb residue, and intelligence had determined which areas of the city were involved. To narrow their target list, [the laundry] simply sent out more specific coupons [numbered] to all houses in the area, and before long they had good addresses. After confirming addresses, authorities with the SAS teams swooped down on the multiple homes and arrested multiple personnel and confiscated numerous assembled bombs, weapons and ingredients. During the entire operation, no one was injured or killed.
ad_icon

By the way, the gentleman also told the story of how [the British] also bugged every new car going into Northern Ireland, and thus knew everything [Sinn Fein leader] Gerry Adams was discussing. They did this because Adams always conducted mobile meetings and always used new cars.

The Israelis have a term for this type of thinking, “Embracing the Meshugganah,” which literally translated means, embrace the craziness, because the crazier the plan, the less likely the adversary will have thought about it, and thus, not have implemented a counter-measure.

Crazy anti-terrorism plans that worked Read More »

Why cons work on us

business, law, security / /

From Damien Carrick’s interview with Nicholas Johnson, “The psychology of conmen” (The Law Report: 30 September 2008):

Nicholas Johnson: I think what I love most about con artists and the world of scammers is that they’re criminals who manage to get their victims to hand over their possessions freely. Most thieves and robbers and the like, tend to use force, or deception, in order for them to take things, whereas a con artist manages to get their victim to freely give up their stuff.

The main thing that really makes people susceptible to con artists is the idea that we’re going to get something for nothing. So it really buys into our greed; it buys into sometimes our lust, and at the same time, sometimes even our sense that we’re going to do something good, so we’re going to get a great feeling from helping someone out, we’re going to make some money, we’re going to meet a beautiful girl—it really ties into our basest desires, and that’s what the con artist relies on.

Most con artists rely on this idea that the victim is in control. The victim is the one who is controlling the situation. So a great example of that is the classic Nigerian email scam, the person who writes to you and says, ‘I’ve got this money that I need to get out of the country, and I need your help.’ So you’re in control, you can help them, you can do a good deed, you can make some money, you’ve got this fantastic opportunity, and the con artist needs your help. It’s not the con artist doing you a favour. So really, you feel like you’re the one who’s controlling the situation when really it’s the con artist who knows the real deal.

I think for a lot of con artists they’re very proud of their work, and they like people to know exactly what they’ve gotten away with.

… for many of [the conmen], they really feel like even if they get caught, or even if they don’t get away with it, they feel like they’re giving their victim a good story, you know, something to dine out over, something to discuss down at the pub. They think that’s OK, you can scam somebody out of a couple of hundred bucks, because they’re getting a good story in return.

My all-time favourite one only makes the con artist a few dollars every time he does it, but I absolutely love it. These guys used to go door-to-door in the 1970s selling lightbulbs and they would offer to replace every single lightbulb in your house, so all your old lightbulbs would be replaced with a brand new lightbulb, and it would cost you, say $5, so a fraction of the cost of what new lightbulbs would cost. So the man comes in, he replaces each lightbulb, every single one in the house, and does it, you can check, and they all work, and then he takes all the lightbulbs that he’s just taken from the person’s house, goes next door and then sells them the same lightbulbs again. So it’s really just moving lightbulbs from one house to another and charging people a fee to do it.

But there’s all sorts of those homemaker scams, people offering to seal your roof so they say, ‘We’ll put a fresh coat of tar on your roof’, or ‘We’ll re-seal your driveway’. In actual fact all they do is get old black sump oil and smooth it over the roof or smooth it over the driveway. You come home and it looks like wet tar, and so ‘Don’t step on it for 24 hours’, and of course 24 hours later they’re long gone with the money, and you’re left with a sticky, smelly driveway.

Why cons work on us Read More »

How con artists use psychology to work

1 Comment / business, science, security / /

From Paul J. Zak’s “How to Run a Con” (Psychology Today: 13 November 2008):

When I was in high school, I took a job at an ARCO gas station on the outskirts of Santa Barbara, California. At the time, I drove a 1967 Mustang hotrod and thought I might pick up some tips and cheap parts by working around cars after school. You see a lot of interesting things working the night shift in a sketchy neighborhood. I constantly saw people making bad decisions: drunk drivers, gang members, unhappy cops, and con men. In fact, I was the victim of a classic con called “The Pigeon Drop.” If we humans have such big brains, how can we get conned?

Here’s what happened to me. One slow Sunday afternoon, a man comes out of the restroom with a pearl necklace in his hand. “Found it on the bathroom floor” he says. He followed with “Geez, looks nice-I wonder who lost it?” Just then, the gas station’s phone rings and a man asked if anyone found a pearl necklace that he had purchased as a gift for his wife. He offers a $200 reward for the necklace’s return. I tell him that a customer found it. “OK” he says, “I’ll be there in 30 minutes.” I give him the ARCO address and he gives me his phone number. The man who found the necklace hears all this but tells me he is running late for a job interview and cannot wait for the other man to arrive.

Huum, what to do? The man with the necklace said “Why don’t I give you the necklace and we split the reward?” The greed-o-meter goes off in my head, suppressing all rational thought. “Yeah, you give me the necklace to hold and I’ll give you $100” I suggest. He agrees. Since high school kids working at gas stations don’t have $100, I take money out of the cash drawer to complete the transaction.

You can guess the rest. The man with the lost necklace doesn’t come and never answers my many calls. After about an hour, I call the police. The “pearl” necklace was a two dollar fake and the number I was calling went to a pay phone nearby. I had to fess up to my boss and pay back the money with my next paycheck.

Why did this con work? Let’s do some neuroscience. While the primary motivator from my perspective was greed, the pigeon drop cleverly engages THOMAS (The Human Oxytocin Mediated Attachment System). … THOMAS is a powerful brain circuit that releases the neurochemical oxytocin when we are trusted and induces a desire to reciprocate the trust we have been shown–even with strangers.

The key to a con is not that you trust the conman, but that he shows he trusts you. Conmen ply their trade by appearing fragile or needing help, by seeming vulnerable. Because of THOMAS, the human brain makes us feel good when we help others–this is the basis for attachment to family and friends and cooperation with strangers. “I need your help” is a potent stimulus for action.

How con artists use psychology to work Read More »

Money involved in adware & clicks4hire schemes

business, security, tech in changing society / /

From Chapter 2: Botnets Overview of Craig A. Schiller’s Botnets: The Killer Web App (Syngress: 2007):

Dollar-Revenue and GimmyCash are two companies that have paid for installation of their Adware programs. Each has a pay rate formula based on the country of installation. Dollar-Revenue pays 30 cents for installing their adware in a U. S. Web site, 20 cents for a Canadian Web site, 10 cents for a U.K. Web site, 1 cent for a Chinese Web site, and 2 cents for all other Web sites. GimmyCash. com pays 40 cents for U. S. and Canadian Web site installs, 20 cents for 16 European countries, and 2 cents for everywhere else. In addition, GimmyCash pays 5 percent of the webmaster’s earnings that you refer to GimmyCash.

Money involved in adware & clicks4hire schemes Read More »

Take over a computer network with an iPod or USB stick

business, security, tech in changing society, technology / /

From Bruce Schneier’s “Hacking Computers Over USB” (Crypto-Gram: 15 June 2005):

From CSO Magazine:

“Plug an iPod or USB stick into a PC running Windows and the device can literally take over the machine and search for confidential documents, copy them back to the iPod or USB’s internal storage, and hide them as “deleted” files. Alternatively, the device can simply plant spyware, or even compromise the operating system. Two features that make this possible are the Windows AutoRun facility and the ability of peripherals to use something called direct memory access (DMA). The first attack vector you can and should plug; the second vector is the result of a design flaw that’s likely to be with us for many years to come.” …

Recently I’ve been seeing more and more written about this attack. The Spring 2006 issue of 2600 Magazine, for example, contains a short article called “iPod Sneakiness” (unfortunately, not online). The author suggests that you can innocently ask someone at an Internet cafe if you can plug your iPod into his computer to power it up — and then steal his passwords and critical files.

And about someone used this trick in a penetration test:

“We figured we would try something different by baiting the same employees that were on high alert. We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.

“The next hurdle we had was getting the USB drives in the hands of the credit union’s internal users. I made my way to the credit union at about 6 a.m. to make sure no employees saw us. I then proceeded to scatter the drives in the parking lot, smoking areas, and other areas employees frequented.

“Once I seeded the USB drives, I decided to grab some coffee and watch the employees show up for work. Surveillance of the facility was worth the time involved. It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desks.

“I immediately called my guy that wrote the Trojan and asked if anything was received at his end. Slowly but surely info was being mailed back to him. I would have loved to be on the inside of the building watching as people started plugging the USB drives in, scouring through the planted image files, then unknowingly running our piece of software.”

Take over a computer network with an iPod or USB stick Read More »

“Have you ever been admitted to a mental institution?”

business, history, language & literature, politics / /

From Tom Stites’s “Guest Posting: Is Media Performance Democracy’s Critical Issue?” (Center for Citizen Media: Blog: 3 July 2006):

And then there were [Walter] Annenberg’s political shenanigans – he shamelessly used his news columns [in The Philadelphia Inquirer] to embarrass candidates who dared to run against his favorites. One day in 1966 a Democrat named Milton Shapp held a press conference while running for governor and Annenberg’s hand-picked political reporter asked him only one question. The question was, “Mr. Shapp, have you ever been admitted to a mental institution?” “Why no,” Shapp responded, and went away scratching his head about this odd question. The next morning he didn’t need to scratch his head any more. A five-column front page Inquirer headline read, “Shapp Denies Mental Institution Stay.” I’m not making this up. I’ve seen the clipping – a friend used to have a framed copy above his desk. Those were not the good old days.

“Have you ever been admitted to a mental institution?” Read More »

Checking papers does no good if the papers are forged

security, tech in changing society / /

From Bruce Schneier’s “News” (Crypto-Gram Newsletter: 15 April 2006):

Undercover investigators were able to smuggle radioactive materials into the U.S. It set off alarms at border checkpoints, but the smugglers had forged import licenses from the Nuclear Regulatory Commission, based on an image of the real document they found on the Internet. Unfortunately, the border agents had no way to confirm the validity of import licenses. I’ve written about this problem before, and it’s one I think will get worse in the future. Verification systems are often the weakest link of authentication. Improving authentication tokens won’t improve security unless the verification systems improve as well.

Checking papers does no good if the papers are forged Read More »

Killer search terms

security, technology / /

From The Inquirer‘s “Killer phrase will fill your PC with spam”:

THERE IS ONE phrase which, if you type into any search engine will expose your PC to shed-loads of spam, according to a new report.

Researchers Ben Edelman and Hannah Rosenbaum reckon that typing the phrase “Free Screensavers” into any search engine is the equivalent of lighting a blue touch paper and standing well back. …

More than 64 per cent of sites that are linked to this phrase will cause you some trouble, either with spyware or adware. The report found 1,394 popular keywords searches found via Google, Yahoo, MSN, AOL and Ask that were linked to spyware or adware and the list is quite amusing. Do not type in the following words into any search engine:

Bearshare
Screensavers
Winmx
Limewire
Download Yahoo messenger
Lime wire
Free ringtones

Killer search terms Read More »

The Witty Worm was special

security / /

From CAIDA’s “The Spread of the Witty Worm“:

On Friday March 19, 2004 at approximately 8:45pm PST, an Internet worm began to spread, targeting a buffer overflow vulnerability in several Internet Security Systems (ISS) products, including ISS RealSecure Network, RealSecure Server Sensor, RealSecure Desktop, and BlackICE. The worm takes advantage of a security flaw in these firewall applications that was discovered earlier this month by eEye Digital Security. Once the Witty worm infects a computer, it deletes a randomly chosen section of the hard drive, over time rendering the machine unusable. The worm’s payload contained the phrase “(^.^) insert witty message here (^.^)” so it came to be known as the Witty worm.

While the Witty worm is only the latest in a string of self-propagating remote exploits, it distinguishes itself through several interesting features:

  • Witty was the first widely propagated Internet worm to carry a destructive payload.
  • Witty was started in an organized manner with an order of magnitude more ground-zero hosts than any previous worm.
  • Witty represents the shortest known interval between vulnerability disclosure and worm release — it began to spread the day after the ISS vulnerability was publicized.
  • Witty spread through a host population in which every compromised host was doing something proactive to secure their computers and networks.
  • Witty spread through a population almost an order of magnitude smaller than that of previous worms, demonstrating the viability of worms as an automated mechanism to rapidly compromise machines on the Internet, even in niches without a software monopoly. …

Once Witty infects a host, the host sends 20,000 packets by generating packets with a random destination IP address, a random size between 796 and 1307 bytes, and a destination port. The worm payload of 637 bytes is padded with data from system memory to fill this random size and a packet is sent out from source port 4000. After sending 20,000 packets, Witty seeks to a random point on the hard disk, writes 65k of data from the beginning of iss-pam1.dll to the disk. After closing the disk, the worm repeats this process until the machine is rebooted or until the worm permanently crashes the machine.

Witty Worm Spread

With previous Internet worms, including Code-Red, Nimda, and SQL Slammer, a few hosts were seeded with the worm and proceeded to spread it to the rest of the vulnerable population. The spread was slow early on and then accelerates dramatically as the number of infected machines spewing worm packets to the rest of the Internet rises. Eventually as the victim population becomes saturated, the spread of the worm slows because there are few vulnerable machines left to compromise. Plotted on a graph, this worm growth appears as an S-shaped exponential growth curve called a sigmoid.

At 8:45:18pm[4] PST on March 19, 2004, the network telescope received its first Witty worm packet. In contrast to previous worms, we observed 110 hosts infected in the first ten seconds, and 160 at the end of 30 seconds. The chances of a single instance of the worm infecting 110 machines so quickly are vanishingly small — worse than 10-607. This rapid onset indicates that the worm used either a hitlist or previously compromised vulnerable hosts to start the worm. …

After the sharp rise in initial coordinated activity, the Witty worm followed a normal exponential growth curve for a pathogen spreading in a fixed population. Witty reached its peak after approximately 45 minutes, at which point the majority of vulnerable hosts had been infected. After that time, the churn caused by dynamic addressing causes the IP address count to inflate without any additional Witty infections. At the peak of the infection, Witty hosts flooded the Internet with more than 90Gbits/second of traffic (more than 11 million packets per second). …

The vulnerable host population pool for the Witty worm was quite different from that of previous virulent worms. Previous worms have lagged several weeks behind publication of details about the remote-exploit bug, and large portions of the victim populations appeared to not know what software was running on their machines, let alone take steps to make sure that software was up to date with security patches. In contrast, the Witty worm infected a population of hosts that were proactive about security — they were running firewall software. The Witty worm also started to spread the day after information about the exploit and the software upgrades to fix the bug were available. …

By infecting firewall devices, Witty proved particularly adept at thwarting security measures and successfully infecting hosts on internal networks. …

The Witty worm incorporates a number of dangerous characteristics. It is the first widely spreading Internet worm to actively damage infected machines. It was started from a large set of machines simultaneously, indicating the use of a hit list or a large number of compromised machines. Witty demonstrated that any minimally deployed piece of software with a remotely exploitable bug can be a vector for wide-scale compromise of host machines without any action on the part of a victim. The practical implications of this are staggering; with minimal skill, a malevolent individual could break into thousands of machines and use them for almost any purpose with little evidence of the perpetrator left on most of the compromised hosts.

The Witty Worm was special Read More »

Smart World of Warcraft Trojan

security, social software, tech in changing society, technology / /

From Information Week‘s’ “ Trojan Snags World Of Warcraft Passwords To Cash Out Accounts“:

A new password-stealing Trojan targeting players of the popular online game “World of Warcraft” hopes to make money off secondary sales of gamer goods, a security company warned Tuesday.

MicroWorld, an Indian-based anti-virus and security software maker with offices in the U.S., Germany, and Malaysia, said that the PWS.Win32.WOW.x Trojan horse was spreading fast, and attacking World of Warcraft players.

If the attacker managed to hijack a password, he could transfer in-game goods — personal items, including weapons — that the player had accumulated to his own account, then later sell them for real-world cash on “gray market” Web sites. Unlike some rival multiplayer online games, Warcraft’s publisher, Blizzard Entertainment, bans the practice of trading virtual items for real cash.

Smart World of Warcraft Trojan Read More »

Israeli car theft scam

security / /

From Bruce Schneier’s “Automobile Identity Theft“:

This scam was uncovered in Israel:

1. Thief rents a car.

2. An identical car, legitimately owned, is found and its “identity” stolen.

3. The stolen identity is applied to the rented car and is then offered for sale in a newspaper ad.

4. Innocent buyer purchases the car from the thief as a regular private party sale.

5. After a few days the thief steals the car back from the buyer and returns it to the rental shop.

What ended up happening is that the “new” owners claimed compensation for the theft and most of the damage was absorbed by the insurers.

Israeli car theft scam Read More »

Magruder fools the Federals

history, security / /

From Shelby Foote’s The Civil War: Fort Sumter to Perryville (399):

No wheeze was too old for [John Bankhead] Magruder to employ it. One morning he sent a column along a road that was heavily wooded except for a single gap in plain view of the enemy outposts. All day the gray files swept past in seemingly endless array, an army gathering in thousands among the pines for an offensive. They were no such thing, of course. Like a low-budgeted theatrical director producing the effect with an army of supernumeraries, Magruder was marching a single battalion round and around, past the gap, then around under cover, and past the gap again.

Magruder fools the Federals Read More »

Beauregard fools Halleck & escapes

history, security / /

From Shelby Foote’s The Civil War: Fort Sumter to Perryville (384):

When [Pierre Gustave Toutant de Beauregard‘s men] stole out of the intrenchments [at Corinth] after nightfall, they left dummy guns in the embrasures and dummy cannoneers to serve them, fashioned by stuffing ragged uniforms with straw. A single band moved up and down the deserted works, pausing at scattered points to play retreat, tattoo, and taps. Campfires were left burning, with a supply of wood alongside each for the drummer boys who stayed behind to stoke them and beat reveille next morning. All night a train of empty cars rattled back and forth along the tracks through Corinth, stopping at frequent intervals to blow its whistle, the signal for a special detail of leather-lunged soldiers to cheer with all their might. The hope was that this would not only cover the incidental sounds of the withdrawal, but would also lead the Federals to believe that the town’s defenders were being heavily reinforced.

It worked to perfection. … Daylight showed “dense black smoke in clouds,” but no sign of the enemy Pope expected to find massed in his front. Picking his way forward he came upon dummy guns and dummy cannoneers, some with broad grins painted on. Otherwise the works were deserted. …

Seven full weeks of planning and strain, in command of the largest army ever assembled under one field general in the Western Hemisphere, had earned [Halleck] one badly smashed-up North Mississippi railroad intersection.

Beauregard fools Halleck & escapes Read More »

Walke describes the Battle of Island Number 10

history / /

From “Operations of the Western Flotilla” by Henry A. Walke, Commander of the Carondelet, describing the Battle of Island Number Ten:

Having received written orders from the flag-officer, under date of March 30th, I at once began to prepare the Carondelet for the ordeal. All the loose material at hand was collected, and on the 4th of April the decks were covered with it, to protect them against plunging shot. Hawsers and chain cables were placed around the pilot-house and other vulnerable parts of the vessel, and every precaution was adopted to prevent disaster. A coal-barge laden with hay and coal was lashed to the part of the port side on which there was no iron plating, to protect the magazine. And it was truly said that the old Carondelet at that time resembled a farmer’s wagon prepared for market. The engineers led the escape-steam, through the pipes aft, into the wheel-house, to avoid the puffing sound it made when blown through the smoke-stacks.

All the necessary preparations having been made, I informed the flag-officer of my intention to run the gauntlet that night, and received his approval. Colonel Buford, who commanded the land forces temporarily with the flotilla, assisted me in preparing for the trip, and on the night of the 4th brought on board Captain Hollenstein, of the Forty-second Illinois, and twenty-three sharp-shooters of his command, who volunteered their services, which were gratefully accepted. Colonel Buford remained on board until the last moment to encourage us. I informed the officers and crew of the character of the undertaking, and all expressed a readiness to make the venture. In order to resist boarding parties in case we should be disabled, the sailors were well armed, and pistols, cutlasses, muskets, boarding-pikes, and hand-grenades were within reach. Hose was attached to the boilers for throwing scalding water over any who might attempt to board. If it should be found impossible to save the vessel, it was designed to sink rather than burn her, as the loss of life would probably be greater in the latter case by the explosion of her magazine. During the afternoon there was promise of a clear, moonlight night, and it was determined to wait until the moon was down, and then to make the attempt, whatever the chances. …

At ten o’clock the moon had gone down, and the sky, the earth, and the river were alike hidden in the black shadow of a thunder-storm, which had now spread itself over all the heavens. As the time seemed favorable, I ordered the first master to cast off. Dark clouds now rose rapidly over us, and enveloped us in almost total darkness, except when the sky was lighted up by the welcome flashes of vivid lightning, to show us the perilous way we were to take. Now and then the dim outline of the landscape could be seen, and the forest bending under the roaring storm that came rushing up the river.

With our bow pointing to the island, we passed the lowest point of land without being observed, it appears, by the enemy. All speed was given to the vessel to drive her through the tempest. The flashes of lightning continued with frightful brilliancy, and “almost every second” wrote a correspondent, “every brace, post, and outline could be seen with startling distinctness, enshrouded by a bluish white, glare of light, and then her form for the next minute would become merged in the intense darkness.” When opposite Battery No. 2, on the mainland, the smoke-stacks blazed up, but the fire was soon subdued. It was caused by the soot becoming dry, as the escape-steam, which usually kept the stacks wet, had been sent into the wheel-house, as already mentioned, to prevent noise. With such vivid lightning as prevailed during the whole passage, there was no prospect of escaping the vigilance of the enemy, but there was good reason to hope that he would be unable to point his guns accurately. Again the smoke-stacks took fire, and were soon put out; and then the roar of the enemy’s guns began, and from Batteries Nos. 2, 3, and 4 came almost incessantly the sharp crack and screaming sound of their rifle-shells, which seemed to unite with the electric batteries of the clouds to annihilate us.

While nearing the island or some shoal point, during a few minutes of total darkness, we were startled by the loud, sharp order, “Hard a-port!” from our brave and skillful pilot, First Master Hoel. We almost grazed the island, and it appears were not observed through the storm until we were close in, and the enemy, having no time to point his guns, fired at random. In fact, we ran so near that the enemy did not, probably could not depress his guns sufficiently. While close under the lee of the island and during a lull in the storm and in the firing, one of our pilots heard a Confederate officer shout, “Elevate your guns!” “Yes, confound you,” said the pilot, in a much lower key, “elevate.” It is probable that the muzzles of those guns had been depressed to keep the rain out of them, and the officers, not expecting another night attack in such a storm, and arriving late, ordered the guns elevated just in time to save us from the direct fire of the enemy’s heaviest fort; and this, no doubt, was the cause of our remarkable escape. Nearly all the enemy’s shot went over us.

Having passed the principal batteries, we were greatly relieved from suspense, patiently endured, however, by the officers and crew. But there was another formidable obstacle in the way — a floating battery, which was the great “war elephant” of the Confederates, built to blockade the Mississippi permanently. As we passed her she fired six or eight shots at us, but without effect. One ball struck the coal-barge and one was found in a bale of hay; we found also one or two musket-bullets. We arrived at New Madrid about midnight with no one hurt, and were most joyfully received by our army. At the suggestion of Paymaster Nixon, all hands “spliced the main brace.”

Walke describes the Battle of Island Number 10 Read More »

A burning quilt brings revenge

history, security / /

From Shelby Foote’s The Civil War: Fort Sumter to Perryville (287-288):

[At the Battle of Pea Ridge,] they saw the rebels coming, yelling and firing as they came, hundreds of them bearing down to complete the wreckage their artillery had begun. As the Federals fell back from their shattered pieces an Iowa cannoneer paused to toss a smoldering quilt across a caisson, then ran hard to catch up with his friends. Still running, he heard a tremendous explosion and looked back in time to see a column of fire and smoke standing tall above the place where he had fuzed the vanished caisson. Stark against the twilight sky, it silhouetted the lazy-seeming rise and fall of blown-off arms and legs and heads and mangled trunks of men who just now had been whooping victoriously around the captured battery position.

A burning quilt brings revenge Read More »

Stanton the uber-lawyer

history / /

From Shelby Foote’s The Civil War: Fort Sumter to Perryville (244):

[Lincoln’s Secretary of War Edwin McMasters] Stanton had done devious things in his time. A corporation lawyer, he delighted also in taking criminal cases when these were challenging and profitable enough. His fees were large and when one prospective client protested, Stanton asked, “Do you I would argue the wrong side for less?” For a murder defense he once took as his fee the accused man’s only possession, the house he lived in. When he had won the case and was about to convert the mortgage into cash, the man tried to persuade him to hold off, saying that he would be ruined by the foreclosure. “You deserve to be ruined,” Stanton told him, “for you were guilty.”

Stanton the uber-lawyer Read More »

The diamond scam

business, history / /

From The Atlantic‘s “Have You Ever Tried to Sell a Diamond?” (February 1982):

The diamond invention – the creation of the idea that diamonds are rare and valuable, and are essential signs of esteem – is a relatively recent development in the history of the diamond trade. Until the late nineteenth century, diamonds were found only in a few riverbeds in India and in the jungles of Brazil, and the entire world production of gem diamonds amounted to a few pounds a year. In 1870, however, huge diamond mines were discovered near the Orange River, in South Africa, where diamonds were soon being scooped out by the ton. Suddenly, the market was deluged with diamonds. …

The major investors in the diamond mines realized that they had no alternative but to merge their interests into a single entity that would be powerful enough to control production and perpetuate the illusion of scarcity of diamonds. The instrument they created, in 1888, was called De Beers Consolidated Mines, Ltd., incorporated in South Africa. As De Beers took control of all aspects of the world diamond trade, it assumed many forms. In London, it operated under the innocuous name of the Diamond Trading Company. In Israel, it was known as “The Syndicate.” In Europe, it was called the “C.S.O.” — initials referring to the Central Selling Organization, which was an arm of the Diamond Trading Company. And in black Africa, it disguised its South African origins under subsidiaries with names like Diamond Development Corporation and Mining Services, Inc. At its height — for most of this century — it not only either directly owned or controlled all the diamond mines in southern Africa but also owned diamond trading companies in England, Portugal, Israel, Belgium, Holland, and Switzerland.

De Beers proved to be the most successful cartel arrangement in the annals of modern commerce. While other commodities, such as gold, silver, copper, rubber, and grains, fluctuated wildly in response to economic conditions, diamonds have continued, with few exceptions, to advance upward in price every year since the Depression. …

The diamond invention is far more than a monopoly for fixing diamond prices; it is a mechanism for converting tiny crystals of carbon into universally recognized tokens of wealth, power, and romance. To achieve this goal, De Beers had to control demand as well as supply. Both women and men had to be made to perceive diamonds not as marketable precious stones but as an inseparable part of courtship and married life. To stabilize the market, De Beers had to endow these stones with a sentiment that would inhibit the public from ever reselling them. The illusion had to be created that diamonds were forever — “forever” in the sense that they should never be resold.

In September of 1938, Harry Oppenheimer, son of the founder of De Beers and then twenty-nine, traveled from Johannesburg to New York City, to meet with Gerold M. Lauck, the president of N. W. Ayer, a leading advertising agency in the United States. …

In Europe, where diamond prices had collapsed during the Depression, there seemed little possibility of restoring public confidence in diamonds. … This left the United States as the only real market for De Beers’s diamonds. In fact, in 1938 some three quarters of all the cartel’s diamonds were sold for engagement rings in the United States. Most of these stones, however, were smaller and of poorer quality than those bought in Europe, and had an average price of $80 apiece. Oppenheimer and the bankers believed that an advertising campaign could persuade Americans to buy more expensive diamonds. …

Specifically, the Ayer study stressed the need to strengthen the association in the public’s mind of diamonds with romance. Since “young men buy over 90% of all engagement rings” it would be crucial to inculcate in them the idea that diamonds were a gift of love: the larger and finer the diamond, the greater the expression of love. Similarly, young women had to be encouraged to view diamonds as an integral part of any romantic courtship.

Since the Ayer plan to romanticize diamonds required subtly altering the public’s picture of the way a man courts — and wins — a woman, the advertising agency strongly suggested exploiting the relatively new medium of motion pictures. Movie idols, the paragons of romance for the mass audience, would be given diamonds to use as their symbols of indestructible love. In addition, the agency suggested offering stories and society photographs to selected magazines and newspapers which would reinforce the link between diamonds and romance. Stories would stress the size of diamonds that celebrities presented to their loved ones, and photographs would conspicuously show the glittering stone on the hand of a well-known woman. Fashion designers would talk on radio programs about the “trend towards diamonds” that Ayer planned to start. …

In addition to putting these plans into action, N. W. Ayer placed a series of lush four-color advertisements in magazines that were presumed to mold elite opinion, featuring reproductions of famous paintings by such artists as Picasso, Derain, Dali, and Dufy. The advertisements were intended to convey the idea that diamonds, like paintings, were unique works of art.

By 1941, The advertising agency reported to its client that it had already achieved impressive results in its campaign. The sale of diamonds had increased by 55 percent in the United States since 1938, reversing the previous downward trend in retail sales. N. W. Ayer noted also that its campaign had required “the conception of a new form of advertising which has been widely imitated ever since. There was no direct sale to be made. There was no brand name to be impressed on the public mind. There was simply an idea — the eternal emotional value surrounding the diamond.” …

N. W. Ayer outlined a subtle program that included arranging for lecturers to visit high schools across the country. “All of these lectures revolve around the diamond engagement ring, and are reaching thousands of girls in their assemblies, classes and informal meetings in our leading educational institutions,” the agency explained in a memorandum to De Beers. …

De Beers needed a slogan for diamonds that expressed both the theme of romance and legitimacy. An N. W. Ayer copywriter came up with the caption “A Diamond Is Forever,” which was scrawled on the bottom of a picture of two young lovers on a honeymoon. Even though diamonds can in fact be shattered, chipped, discolored, or incinerated to ash, the concept of eternity perfectly captured the magical qualities that the advertising agency wanted to attribute to diamonds. Within a year, “A Diamond Is Forever” became the official motto of De Beers. …

N. W. Ayer … set about exploiting the relatively new medium of television by arranging for actresses and other celebrities to wear diamonds when they appeared before the camera. …

N. W. Ayer proposed to apply to the diamond market Thorstein Veblen’s idea, stated in The Theory of the Leisure Class, that Americans were motivated in their purchases not by utility but by “conspicuous consumption.” “The substantial diamond gift can be made a more widely sought symbol of personal and family success — an expression of socio-economic achievement,” N. W. Ayer said in a report. To exploit this desire for conspicuous display, the agency specifically recommended, “Promote the diamond as one material object which can reflect, in a very personal way, a man’s … success in life.” …

Toward the end of the 1950s, N. W. Ayer reported to De Beers that twenty years of advertisements and publicity had had a pronounced effect on the American psyche. “Since 1939 an entirely new generation of young people has grown to marriageable age,” it said. “To this new generation a diamond ring is considered a necessity to engagements by virtually everyone.” …

The campaign to internationalize the diamond invention began in earnest in the mid-1960s. The prime targets were Japan, Germany, and Brazil. … Within ten years, De Beers succeeded beyond even its most optimistic expectations, creating a billion-dollar-a-year diamond market in Japan, where matrimonial custom had survived feudal revolutions, world wars, industrialization, and even the American occupation. …

When the campaign began, in 1967, not quite 5 percent of engaged Japanese women received a diamond engagement ring. By 1972, the proportion had risen to 27 percent. By 1978, half of all Japanese women who were married wore a diamond; by 1981, some 60 percent of Japanese brides wore diamonds. In a mere fourteen years, the 1,500-year Japanese tradition had been radically revised. …

The diamond market had to be further restructured in the mid-1960s to accomodate a surfeit of minute diamonds, which De Beers undertook to market for the Soviets. They had discovered diamond mines in Siberia, after intensive exploration, in the late 1950s: De Beers and its allies no longer controlled the diamond supply, and realized that open competition with the Soviets would inevitably lead, as Harry Oppenheimer gingerly put it, to “price fluctuations,”which would weaken the carefully cultivated confidence of the public in the value of diamonds. Oppenheimer, assuming that neither party could afford risking the destruction of the diamond invention, offered the Soviets a straightforward deal – “a single channel” for controlling the world supply of diamonds. In accepting this arrangement, the Soviets became partners in the cartel, and co-protectors of the diamond invention.

Almost all of the Soviet diamonds were under half a carat in their uncut form, and there was no ready retail outlet for millions of such tiny diamonds. When it made its secret deal with the Soviet Union, De Beers had expected production from the Siberian mines to decrease gradually. Instead, production accelerated at an incredible pace, and De Beers was forced to reconsider its sales strategy. De Beers ordered N. W. Ayer to reverse one of its themes: women were no longer to be led to equate the status and emotional commitment to an engagement with the sheer size of the diamond. …

DeBeers devised the “eternity ring,” made up of as many as twenty-five tiny Soviet diamonds, which could be sold to an entirely new market of older married women. The advertising campaign was based on the theme of recaptured love. Again, sentiments were born out of necessity: older American women received a ring of miniature diamonds because of the needs of a South African corporation to accommodate the Soviet Union. …

N. W. Ayer learned from an opinion poll it commissioned from the firm of Daniel Yankelovich, Inc. that the gift of a diamond contained an important element of surprise. “Approximately half of all diamond jewelry that the men have given and the women have received were given with zero participation or knowledge on the part of the woman recipient,” the study pointed out. …

Women spoke in interviews about large diamonds as “flashy, gaudy, overdone” and otherwise inappropriate. Yet the study found that “Buried in the negative attitudes … lies what is probably the primary driving force for acquiring them. Diamonds are a traditional and conspicuous signal of achievement, status and success.” It noted, for example, “A woman can easily feel that diamonds are ‘vulgar’ and still be highly enthusiastic about receiving diamond jewelry.” The element of surprise, even if it is feigned, plays the same role of accommodating dissonance in accepting a diamond gift as it does in prime sexual seductions: it permits the woman to pretend that she has not actively participated in the decision. She thus retains both her innocence – and the diamond. …

Except for those few stones that have been destroyed, every diamond that has been found and cut into a jewel still exists today and is literally in the public’s hands. Some hundred million women wear diamonds, while millions of others keep them in safe-deposit boxes or strongboxes as family heirlooms. It is conservatively estimated that the public holds more than 500 million carats of gem diamonds, which is more than fifty times the number of gem diamonds produced by the diamond cartel in any given year. Since the quantity of diamonds needed for engagement rings and other jewelry each year is satisfied by the production from the world’s mines, this half-billion-carat supply of diamonds must be prevented from ever being put on the market. The moment a significant portion of the public begins selling diamonds from this inventory, the price of diamonds cannot be sustained. For the diamond invention to survive, the public must be inhibited from ever parting with its diamonds. …

During the periods when production from the mines temporarily exceeds the consumption of diamonds – the balance is determined mainly by the number of impending marriages in the United States and Japan – the cartel can preserve the illusion of price stability by either cutting back the distribution of diamonds at its London “sights,” where, ten times a year, it allots the world’s supply of diamonds to about 300 hand-chosen dealers, called “sight-holders,” or by itself buying back diamonds at the wholesale level. …

Dave Watts summed up the magazine’s experiment by saying, “As an 8-year investment the diamonds that we bought have proved to be very poor.” The problem was that the buyer, not the seller, determined the price. …

In 1976, the Dutch Consumer Association also tried to test the price appreciation of diamonds by buying a perfect diamond of over one carat in Amsterdam, holding it for eight months, and then offering it for sale to the twenty leading dealers in Amsterdam. Nineteen refused to buy it, and the twentieth dealer offered only a fraction of the purchase price. …

Retail jewelers, especially the prestigious Fifth Avenue stores, prefer not to buy back diamonds from customers, because the offer they would make would most likely be considered ridiculously low. The “keystone,” or markup, on a diamond and its setting may range from 100 to 200 percent, depending on the policy of the store; if it bought diamonds back from customers, it would have to buy them back at wholesale prices. Most jewelers would prefer not to make a customer an offer that might be deemed insulting and also might undercut the widely held notion that diamonds go up in value. …

The firm perhaps most frequently recommended by New York jewelry shops is Empire Diamonds Corporation, which is situated on the sixty-sixth floor of the Empire State Building, in midtown Manhattan. Empire’s reception room, which resembles a doctor’s office, is usually crowded with elderly women who sit nervously in plastic chairs waiting for their names to be called. One by one, they are ushered into a small examining room, where an appraiser scrutinizes their diamonds and makes them a cash offer. “We usually can’t pay more than a maximum of 90 percent of the current wholesale price,” says Jack Brod, president of Empire Diamonds. … For example, Brod estimates that a half-carat diamond ring, which might cost $2,000 at a retail jewelry store, could be sold for only $600 at Empire. …

He points out that the setting frequently conceals flaws, and adds, “The sort of flawless, investment-grade diamond one reads about is almost never found in jewelry.” …

When thieves bring diamonds to underworld “fences,” they usually get only a pittance for them. In 1979, for example, New York City police recover stolen diamonds with an insured value of $50,000 which had been sold to a ‘fence’ for only $200. …

While those who attempt to sell diamonds often experience disappointment at the low price they are offered, stories in gossip columns suggest that diamonds are resold at enormous profits. This is because the column items are not about the typical diamond ring that a woman desperately attempts to peddle to small stores and diamond buying services like Empire but about truly extraordinary diamonds that movie stars sell, or claim to sell, in a publicity-charged atmosphere. …

… the “pipeline” through which De Beers’s diamonds flow from the cutting centers in Europe to the main retail markets in America and Japan. This pipeline, a crucial component of the diamond invention, is made up of a network of brokers, diamond cutters, bankers, distributors, jewelry manufacturers, wholesalers, and diamond buyers for retail establishments. Most of the people in this pipeline are Jewish, and virtually all are closely interconnected, through family ties or long-standing business relationships. …

The most serious threat to De Beers is yet another source of diamonds that it does not control – a source so far untapped. Since Cecil Rhodes and the group of European bankers assembled the components of the diamond invention at the end of the nineteenth century, managers of the diamond cartel have shared a common nightmare – that a giant new source of diamonds would be discovered outside their purview. … In the late 1970s, vast deposits of diamonds were discovered in the Argyle region of Western Australia, near the town of Kimberley (coincidentally named after Kimberley, South Africa). Test drillings last year indicated that these pipe mines could produce up to 50 million carats of diamonds a year – more than the entire production of the De Beers cartel in 1981. …

The diamond scam Read More »

The conspirer

history, language & literature / /

From Shelby Foote’s The Civil War: Fort Sumter to Perryville (138):

[John Slidell] was aptly named, being noted for his slyness. At the outbreak of hostilities, back in the spring, an English journalist called him, “a man of iron will and strong passions, who loves the excitement of combinations and who, in his dungeon, or whatever else it may be, would conspire with the mice against the cat rather than not conspire at all.”

The conspirer Read More »