eBay's Cover Up Machine: Part 2

THIS STORY HAS BEEN UPDATED AT THE END...
Due to the sensitive nature of the incidents that surround the following article, I will be unable to provide as many screenshots as I normally would. And due to eBay's masterful way of burying info, there will be virtually no links. The incident referred to in the following article was NOT cached by Google. If you are worried that your name and financial info may have been compromised, I suggest that you contact eBay ASAP.
Early Thursday morning, an alleged Romanian hacker signed into the eBay discussion boards under a hijacked account and started a series of conversations on eBay's Trust & Safety board that began as taunting and culminated in the worldwide posting of confidential financial information of fifteen different eBay members, including social security numbers, credit card numbers, bank account and routing numbers, ATM PIN numbers, mother's maiden names, driver's license numbers, as well as home addresses and full contact information. The thread, including the financial information remained posted on the eBay discussion boards for over 40 minutes, despite repeated attempts from several users to report the link and until finally a fellow eBay user was able to contact eBay via phone and report the incident. eBay then ended the fraudulent listing associated with the "Romanian" and pulled all of the posts and the entire thread. Immediately after the posts were pulled, the Romanian posted the same message and information again to the discussion forum - this time to 12 different boards.
Rather than try to dissect the postings of the Romanian, calling himself "born_to_scam_american_guys," I'll simply post his entire initial post below. The following post appeared at 1:52 EST on the eBay discussion forums:
I read many opinions here.... All I saw it`s just bullshiet....Alot of things about scamms..stupid things I think. Romanian guys are the best boys !!!! We are in each country...each city...and every day alot of money from your pocket intro in pur bank accounts....You know why ?? I will tell you my opinion...because you are so stupid ..... anyone can scam you very easy....not only with fake escrow and shipping websites.... For us nothing is not imposibile....Paypal...bank accounts...credit cards...spam....wire transfers... alot of things boys !!! WHy ??? Because we are the best !!!! Let`s ask you something : what make the american and canadian boys at 14-15 years old ????? Eat burgers at Mc`Dolnalds and watch naked girls on internet porno webpages.... Romanian guys at 14-15 years old scam people...learn how to build a profesional website....how to hack a internet server...and many more another "bad" things.... Me , personally , receive every day between 1000 and 5000 eBay accounts from spam and hack.... Is so easy to stolen your eBay account and your Paypal.....is just a funny game for us....... Go to www.nopaypal.com and read the forum.... Romanian guys scam last year 10 milions sellers and buyers from USA and Canada with Paypal accounts....How ??? Paypal is very safe.... Good joke.... Is safe only in your dream boys.....!!!! HE HE HE !!!!!!!! Let`s me say you a unreal thing.... Is much easy to scam with Paypal....Westen Union is a little complicate now to scam....the police are very carefful with Western Union offices.... Last thing : Why big companies from internet market want only romanian guys to work for them ????? Because WE ARE THE BEST !!!!!!!!! Author : Born_To_Scam_American_Guys

(Regarding the use of Paypal in scams being "much easy," we at Firemeg.com drew that conclusion long ago and have been very vocal about it. Despite eBay's best PR spin about how safe Paypal is, there is no denying the fact that it is by far the easiest, quickest and safest (for scammers) method of money transfer for scams)

Shortly after the above posting was finally removed from eBay, Born_To_Scam_American_Guys posted another post, entitled: "Smart" Americans. This time rather than brag or taunt, he simply provided proof that he does indeed have access to the information he referred to and the ability to use it. Below I will post an example of what one section of this post looked like. Obviously I have changed the names, numbers etc. in an attempt to protect the account holder.

--------------------
Firstname: John
Lastname: Doe
Address: 10221 West 45th Street
City: Chicago
State: IL
Zipcode: 60615
Phone: 773-555-555
SSN: 3X6-XX-2XX4
Mother'sMaidenName: Smith
Driver Licence: AXXX-0XXX-2XXX
IssuedState: IL
DOB: 07-10-19XX
CardType: Credit
Cardname: John Q. Doe
Cardnumber: 4782XXXX0660XXXX
Expiry Date: 07-2009
CVV2: 1XX
ATM Pin: 8XX0
BankName: Chase
BankPhone: 800-228-8014
RoutingNumber: 0XXXXXXX3
Account Number: 7XXXXX3
Bun
-------------------
The Romanian posted fifteen different blocks of personal information from fifteen different people, just as shown above.
Yesterday afternoon, we at Firemeg.com began to call the individuals who appeared on the list - using the phone numbers provided by the Romanian. We were able to contact some of the individuals and alert them about the issue. Not one single solitary person on that list that we spoke to had been contacted by eBay regarding the matter, NOT ONE! We asked each person if they had been contacted by eBay regarding the matter....a unanimous "No." We asked if eBay had emailed letting them know about the issue....a unanimous "No." We asked them if they had received any sort of email from eBay at all...all but one person did NOT get an email from eBay yesterday about anything, but one person on the list did get an email "from eBay" that she said was prompting her to "change her password." No reason was given in this email for suggesting to change the password. The woman who received this email wasn't sure if it was a "phishing" email, because she had never heard of phishing before. We also asked if each person had an eBay account and it was a unanimous "YES."

So what, if anything, did each of the individuals on the list have in common? Three things: 1) each person is a registered user on eBay. 2) each had not used eBay in quite some time. 3) all had no idea what "phishing" is, or how to detect scam emails - in fact, they all "protected" themselves by sorting "junk" mail out and deleting it, keeping ONLY those emails that say they are from known individuals or businesses that they have dealings with (ie. such as eBay and Paypal).

All of those on the list that we spoke to, substantiated that ALL the info posted on the eBay discussion boards was correct, including bank account info, credit card info and social security numbers. One woman broke down and was near tears, if not fully crying, her voice trembling with each question she asked. She said that all information was correct and was current and that she was very scared. She couldn't even remember her eBay user ID or password. She said that she uses eBay during the holidays to buy gifts, and gets a new eBay ID each year because she ends up forgetting the password and/or username. She was terrified - I'm sure due in part to the little she has heard about identity theft. I gave her the number to eBay headquarters (1-408-376-7400) and suggested she call both eBay and her financial institutions and change as much info as she could. She seemed relieved that I had tried to help, but couldn't understand why she would need to contact eBay, since she hadn't used the account since December and likely would simply get another account next holiday season. I explained that scammers could use the account to defraud potentially thousands of people and gain even more sensitive information, and that any charges racked up by scammers on her account would ultimately be reflected on her credit report. (OT, but it must be said...think about this user next time you hear Meg Whitman giving a quarterly or annual report speech about the number of new users on the site).

So, did eBay have a responsibility to contact their users whose personal financial information had been exposed to the world on their site? Under California law it would seem that not only does eBay have a responsibility, but failure to do so is against the law. It would seem that the threat of exposure of recent hackings and misfeasance on eBay inc.'s part is of more concern to the company executives than the obvious malfeasance they have just taken part in by failing to contact the account-holders whose personal information was recently compromised on eBay.com.

As early as last summer, we heard users equating eBay to Enron - lately we're seeing this on a daily basis from many sources. So is eBay heading down the same path? Insiders say yes. If current trends continue however, there may be even less warning of the impending collapse than the employees and shareholders at Enron had. Any company that is entrenched in scandal can absolve itself immediately by admitting to malfeasance, outlining a plan for rectification and show proof that the company is dedicated to following through. eBay has done none of this. Another tactic that is commonly used in conjunction with the said method of absolution is to name a scapegoat. Let the sins of the company crush the scapegoat, diverting attention away from the real culprits and away from the real intentions of the company. Using a scapegoat is basically a way to deal with an issue with less chance of reprisal from the community of employees and users and Wall Street.

Problem is, though, that Meg Whitman as of yet has failed to name a scapegoat, admit to any issues, and has her underlings in management issuing denials at light speed - despite enormous amounts of evidence that supports recent events as fact. Instead, eBay management has chosen to blame phishing - more specifically those poor (often naive or uninformed) individual users who have had the bad fortune enough to fall victim to such a scam. As politically incorrect as it may be, this is like "blaming the retarded kid for eating the paste." Those who have been scammed or had their accounts compromised very rarely have any idea of how it happened. Blaming them for being naive is easier and cheaper than restructuring the security of a Fortune 500 online marketplace. So these poor souls are left standing in the road with their empty pockets and the burden of restoring their own good names following such attacks.

Recently Meg Whitman started accusing other online/information technology companies of such as banking institutions and others, specifically Microsoft and Yahoo!, of failing to prevent data breaches and failure in general of keeping security in cyberspace. Basically Whitman wants other online companies to prevent fraud on eBay by providing eBay with information on recent scams and by preventing fraudulent ebay emails from ever reaching potential victims. It's always easier to pass the blame onto competitors and dedicated users than it is to point the finger at one's self and accept responsibility for failed policy and poor security.
Some other blogs that have picked this story up are The Consumerist, OTHATSWHY.

Updated:
This is the rest of the conversation that appeared with the list of 15 blocks of user financial information.

20 replies				Date posted	Reply #
decorating_is_my_game (15 ) View Listings | Report				Mar-07-07 23:23 PST	1 of 20
you are a huge fool. ~~KKC MEMBER # 66.6~~ There's always one more imbecile than you counted on.
brinkleywillie (37 ) View Listings | Report				Mar-07-07 23:24 PST	2 of 20
look what I get in few minutes with my poor english ))))
mr_jats (23 ) View Listings | Report				Mar-07-07 23:25 PST	3 of 20
I already told her that.
brinkleywillie (37 ) View Listings | Report				Mar-07-07 23:26 PST	4 of 20
Incredibile...))))))) What is your email adress ? You will be the next victim )))))))
mr_jats (23 ) View Listings | Report				Mar-07-07 23:26 PST	5 of 20
Send us a postcard when you get to prison, K?
brinkleywillie (37 ) View Listings | Report				Mar-07-07 23:27 PST	6 of 20
Never I will not go there.... A good friend of mine work for NASA now....him get "open" the servers from there and "play" a little....:P
mr_jats (23 ) View Listings | Report				Mar-07-07 23:29 PST	7 of 20
Never I will not go there That's just what all the scammers say. LOL
brinkleywillie (37 ) View Listings | Report				Mar-07-07 23:29 PST	8 of 20
I scam from 8 years.....so...:P
fritz116 (179 ) View Listings | Report				Mar-07-07 23:34 PST	9 of 20
OH!! You guys meant *this 1*.... I'm assuming there has been a Save by some, before this jackhole gets yanked for his/her jollies???? If we have their ISP, etc, we need it - the FBI will be interested. Looks like Le Moron had a bit too much, tonight. CC everything to Avery. Porki/Fritz Jesus is a VERO member.
mr_jats (23 ) View Listings | Report				Mar-07-07 23:34 PST	10 of 20
so So what?
decorating_is_my_game (15 ) View Listings | Report				Mar-07-07 23:34 PST	11 of 20
Mr. WTF is taking so long with this one? ~~KKC MEMBER # 66.6~~ There's always one more imbecile than you counted on.
just_another_tequila_sunrise (14 ) View Listings | Report				Mar-07-07 23:35 PST	12 of 20
LW wouldn't know CI if it bit them?
brinkleywillie ?(37 ) View Listings | Report		Mar-07-07 23:36 PST	13 of 20
You have "nothing"..... I write from US now....I open a laptop there online and I use the ip adress to write emails...so...)))) Nice try ****** )))))
mr_jats ?(23 ) View Listings | Report		Mar-07-07 23:36 PST	14 of 20
I suppose Ebay is waiting for google to cache these poor folks' personal information before they decide it might be best to remove it?
brinkleywillie ?(37 ) View Listings | Report		Mar-07-07 23:37 PST	15 of 20
Someone need eBay or Paypal accounts ???? I have alot ....$5 per account.....)))
fritz116 ?(179 ) View Listings | Report		Mar-07-07 23:37 PST	16 of 20
You're a hacking dork. Nobunny cares about stroking your pathetic ego.... But you *will* be held... & since you just admitted to being in the US, US laws will apply. Moron. Porki/Fritz Jesus is a VERO member.
fritz116 ?(179 ) View Listings | Report		Mar-07-07 23:38 PST	17 of 20
Save Jesus. (said the Atheist) Porki/Fritz Jesus is a VERO member.
brinkleywillie ?(37 ) View Listings | Report		Mar-07-07 23:39 PST	18 of 20
It`s so funny.....Never I dont think that....He He he...
mr_jats ?(23 ) View Listings | Report		Mar-07-07 23:40 PST	19 of 20
Tu e?ti un fool la spre a fi laughed la ?i mocked
turkeyjackson ?(214 ) View Listings | Report		Mar-07-07 23:41 PST	20 of 20
Gordon Bennett! 29 replies				Date posted		Reply #
orange_cape_hides_me (Private ) View Listings | Report	Mar-07-07 23:48 PST		23 of 29
brinkleywillie (37 ) View Listings | Report	Mar-07-07 23:49 PST		24 of 29
218 Questions .....HUH... "Hot" Stuff here Baby..))))))
fritz116 (179 ) View Listings | Report	Mar-07-07 23:49 PST		25 of 29
I mailed every1 I can.. Why is this taking so long???? Anybody have a big pic, to break the board????? Porki/Fritz Jesus is a VERO member.
decorating_is_my_game (15 ) View Listings | Report	Mar-07-07 23:50 PST		26 of 29
caped, i have emailed A to get this removed. thatn is after about 100 reports! ~~KKC MEMBER # 66.6~~ There's always one more imbecile than you counted on.
mr_jats (23 ) View Listings | Report	Mar-07-07 23:50 PST		27 of 29
Someone need a cheap laptop ??? a Phone ???? Look : Yes we know there are alot of Romanian criminals operating here, did you think this was news to us? News to ebay? LOL Don't forget about that postcard, K? You remember, the one you can write out when you get alot of free time on your hands. Like 10 to 20 maybe? LOL
brinkleywillie (37 ) View Listings | Report	Mar-07-07 23:51 PST		28 of 29
fritz116 ...you are so .... If my son was like you...the only solution was to shoot in the head !!! But my son already learn how to use the laptop and in one year will be on eBay... to "sell" hot stuff...like me.... Electronics....Cars....Evrything :P
fritz116 (179 ) View Listings | Report	Mar-07-07 23:52 PST		29 of 29
Get back w/ the list, if any1 has it, so we can contact the peeps who have been violated by this moron. I will do so tomorrow (@ a decent hour). Porki/Fritz Jesus is a VERO member. A bit of a correction...It was the "Smart Americans" post that the poster posted to 12 different boards once it was finally removed.

Massive Attacks on eBay Continue, While Cover Up Machine Rolls On

It has been over two weeks now since a daily bombardment of scam listings started appearing on eBay.com, allegedly perpetrated by Romanian hacker, Vladuz. This current wave of fraudulent listings numbers between 1-3 million fake listings per day. eBay Inc. has gotten better at catching them and having them disappear before too many people are exposed to them. New threats are starting to emerge on the security front for eBay, and they're doing the best they know how to cover up the current situation and deflect possible bad exposure from the new threat.

On Sunday, we watched first hand as eBay Trust & Safety battled the scammers. A common search string was posted to a thread on the T&S eBay discussion board, which is currently discussing the attacks. This search string when plugged into the eBay search revealed over 500 obvious scam listings by a couple of different sellers for high ticket items with low starting bids and text in the description that led potential buyers to email for a Buy It Now price. Same basic MO of many scams recently. Over the next several hours and into the evening, the number of listings fluctuated between 120-600 scam listings, as eBay worked to remove them from the site. By the next morning, there were only five remaining listings to be found using that particular search string. Many of the listings listed San Jose (eBay's headquarters are there) as the location, but the seller was registered in Canada, and used pictures from completely listings on eBay for the listings.

Out of curiosity, I actually placed bids on two different items, a GPS unit and a sewing machine. Within 15 minutes of my bids the auctions were removed by eBay. I expected to see an email from ebay saying that the listings were fraudulent and that I should take appropriate precautions if I had made contact with the seller.....this did not happen. Instead, eBay sent me two emails, both of which said that the seller had cancelled my bid and ended the auction early due to an error in the listing. A blatant lie by eBay and a cover up for sure. Technically it would have been impossible for the seller to cancel bids, end auction and list auctions at the pace that it was happening. Even if the scammer had a team of 5 or 10 working on it, it would still be nearly impossible.

By lying to potential buyers, eBay may have actually driven the buyers to contact the seller via the email addresses that were in the listing itself. The seller had almost a dozen GPS units listed like the one that I had bid on. Someone new to eBay, or unaware of such scams may just have emailed the seller asking where the items went and if they were still available. At which point the scammer would have replied that, yes, they are still available. I emailed one such scammer via the email address in a listing. I asked the BIN price as instructed in the listing. Several hours later (after the item had been removed by eBay) I got a response from the scammer offering to sell me the new item ($2500 retail price) for just $650 with free shipping. This particular item was quite large and coming from Canada, and surely shipping would have exceeded $150.

These type of scams are still being listed in mass quantities on eBay as I type this, but there is a bigger problem that has just been discovered, not by eBay, but by Symantec. Monday morning Symantec (makers of Norton) published an article about a new threat to eBay. Basically, someone has written a bit of malware called trojan.bayrob, which "is a Trojan horse that establishes a proxy server and steals sensitive information from the compromised computer." Symantec gives the trojan a low risk rating with low levels of damage to computer rating, however, this is by design. The author of this code surely wouldn't want to melt any hard drives, but they would want to gather the sensitive user information that could be used in future attacks on the eBay site. Trojan.bayrob is thought to be primarily targeting eBaymotors, and while Symantec says that it has a low distribution level at this point, it only takes a few usernames & passwords for a scammer to cause terrible damage to eBay, the infected user, and potentially millions of unsuspecting buyers once the information is used to list fraudulent items on the site.

You may remember a month ago that Skype signed a deal with Symantec for home and office PC solutions. At the time, Skype said, "This confirms that Symantec's Norton line of security products meet Skype's strict standards for security, quality and usability." Being that Skype is an eBay company, the statement seemed ridiculous at the time, placing a virtual startup above a perenial powerhouse in security. It seems even sillier now.

We've yet to see any response from eBay about trojan.bayrob. No warnings. No comments. No instructions on how to deal with the problem if infected. eBay seems to be continuing their "if we don't mention it, it doesn't exist" stance on fraud. Meanwhile users are showing up on the eBay discussion boards with questions about hijacked accounts that have symptoms very similar to the effects of trojan.bayrob. Unlike other phishing techniques, trojan.bayrob is a "man in the middle" program that sends information from an infected computer through a proxy server (where information is dumped) on its way to the eBay servers. Unless an infected user has Norton or similar updated anti-virus, they would never know that this happened, as the trojan does nothing to change the users' browsers or address bar.

Back on the Vladuz front...yesterday eBay spokesperson Catherine England continued the denials in an interview with Auctionbytes. She denied that Vladuz's eBay Captcha tool was ever anything out of the ordinary, despite reports that go back to last year that Vladuz was selling the Captcha tool and user information to Chinese scammers. England also denied that there has been an increase in hijacked accounts. She conveniently had not looked into the "flux" in listing numbers, when asked by eWeek's Lisa Vaas. Those who have been following this, can't imagine eBay and England not looking into the numbers, as the charts have been posted to the T&S board on eBay and discussed in detail, as well as posted on Firemeg.com and eBaymotorssucks, both of which are routinely visited by users on the eBay network in San Jose.

In the course of three weeks eBay has seen some major problems arise, and yet the news from eBay is only of an increase in the number of worldwide listings. The release of this info comes at quite a strange time indeed. The quarter does not end for another three weeks and these releases from eBay usually come much close to the end of each quarter. The article and numbers are pure spin. Worldwide listings are up by 5.8%, but eBay US listings, which make up the majority of income for the company (FVF's & Paypal fees & insertion fees) are down by almost 3%. Seems as if though the numbers may have been released in an attempt to turn around the recent slide in eBay stock price that had seen eBay shares go down by over $2.50 in only a week.

Whatever the cause of the recent scams at eBay and account hijackings, one thing is clear....eBay Inc. has some serious issues and they are doing little to notify the users of eBay who ultimately are responsible for maintaining the value of the company. In fact, eBay continues to censor the community discussion boards and release no details on how to protect against scams and trojan.bayrob, and all the while eBay spokespeople are holding fast to the company line that there are no problems.