For those of you shocked at learning that JAP had been backdoored at the request/order of a judge/court to investigate a criminal, here is another interesting story.
Notice the SURFOLA.com disclaimer. ---------- Forwarded Message ---------- >Date: Sat, 23 Aug 2003 00:00:11 +0200 From: Barry Wels <[EMAIL PROTECTED]> >Subject: blackmail / real world stego use >Sender: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] > > >Hi, > >So far I have only found one English item in the news about this. > >http://www.expatica.com/index.asp?pad=2,18,&item_id=33655 > >So let me translate some of the dutch information about this >interesting case : > >A 45-year old chip designer from Utrecht was arrested June 3. >He confessed to have tried to blackmail the 'Campina' food company. >He had threatened to poison their products, and demanded 200.000 euro. > >The most remarkable thing about this case is however how he >communicated with Campina, and how he thought to receive the money. > >He forced Campina to open a bank account, and get a 'world card' with >it. Then they had to deposit 200.000 Euro on it (about 185.000 >US dollar). He ordered them to buy a credit card reader, and read the >information off the magnetic-stripe of the 'world card'. >Then they had to send him the output of the card reader, together with >the pin code. With this information, he then could create a copy of >the 'world card' using a card-writer and a blank card. > >To send him the information, he made them use steganography! >Campina received an envelope via snailmail containing a floppy with a >stego program and instructions. > >They had to encode the 'world card' info into a picture of a red VW >golf, using the stego program, and a fixed crypto key that was >included in the envelope. > >Finally, they had to place the picture in a fake add on a website >where large amounts of people sell/buy second hand cars. > >He would then read the add, and make a copy of the picture. >Decode the stego info out of it, write his own copy of the card, >and withdraw money. Without ever having personal contact with Campina >(or the police). To be real clever, he did not approach the website >with the car adds directly. Police found out the add was approached >trough a US anonymizer called SURFOLA.com. SURFOLA.com claims on their >website : > >"We will not give out your name, residence address, or e-mail address >to any third parties without your permission, for any reason, at any >time, ever." > >The Utrecht police informed the FBI, and asked for assistance. Within >24 hours, the FBI cracked the case, supplying the Dutch police with >a '@wxs.nl' e-mail address and some paypal.com financial data. > >This data led to the 45 year old chip programmer. >After his identity was known, the police ofcourse started surveillance on >him. The 'desert terrorist' was arrested red-handed when he withdrew money >from an ATM using the world-card copy.... >--- > >Greetings, > >Barry Wels. > ------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
