Monday, March 30, 2015

How Pakistan Cyber Cop Nabbed Big Time $50M Hacker

Pakistan's cyber security chief Mir Mazhar Jabbar tracked down and arrested Noor Aziz Uddin and his accomplices last month in Karachi.  Noor was on FBI's Most Wanted list for stealing $50 million by international phone hacking that targeted small businesses in many countries around the world.

How Did Noor Do It?

Noor gathered business cards of small businesses and used them to target private branch exchange (PBX) switches by dialing into voicemail accounts and guessing passwords. One he guessed the voicemail passwords correctly, he would use the voicemail to forward calls to premium phone numbers that he owned. Then he and his many accomplices repeatedly dialed the hacked PBX numbers which forwarded to his premium phone lines earning him millions of dollars over several years. The premium phone line charges were in the range of several dollars a minutes.

The FBI’s official indictment doesn’t name specific entities, but it lists examples: One business in Livingston, New Jersey, was hacked for $24,120. Another, in Englewood, New Jersey, was charged $83,839, according to a story in International Business Times.  Noor and his accomplices netted over $50 million over 4-year period from 2008 to 2012 by this scheme.

How Was Noor Caught:

Early in 2015,  Pakistan's Federal Investigation Agency (FIA) found the cell phone number used by Noor personally.  Upon getting hold of the phone number, Jabbar contacted the wireless service provider with a court order. The carrier then gave him access to the phone's GPS coordinates. And that's how Jabbar reached Noor's doorstep last month.

Source: Communication Fraud Control Association

How Big is the Phone Hacking Fraud?

Widespread use of Voice over IP (VoIP) by small businesses has created a huge opportunity for phone hackers. Communications Fraud Control Association, a telecom trade group based in New Jersey, estimated the PBX fraud at $4.42 billion in 2013.


Growing access to technology is opening up new opportunities for criminals in both physical and cyber worlds. Noor Aziz Uddin case shows that the technology used by criminals to commit crimes can also be used by governments to fight such crimes. It requires law enforcement to stay one or two steps ahead of the criminals to beat them at their own game.

Related Links:

Haq's Musings

Pakistan Deploys Big Data to Fight Crime

Pakistani Computer Scientist Helps Fight Terror

Pakistan Government Deploys Mobile Apps

Pakistan Defense Production Goes High-Tech

Drones Outrage and Inspire Pakistanis

RMA Status in Pakistan

Cyber Wars in South Asia

Pakistan's Biggest Ever Arms Bazar

Genomics and Biotech Advances in Pakistan

India's Israel Envy: What if Modi Attacks Pakistan

Eating Grass: Pakistan's Nuclear Program


Riaz Haq said...

New Delhi: A Pakistani cyber security firm, which has worked with the authorities in that country, has been found stealing information from the Indian government and defence establishments, a report by a US-based security firm FireEye (founded by Pakistani-American Ashar Aziz) said today.

The Pakistani cyber firm accessed computers of bureaucrats through malware and targeted Indian establishments using leased US hosting services, FireEye said.

"An Islamabad-based IT security firm called Tranchulas, which claims to have helped prepare the Pakistani government for cyber warfare, bombarded officials in Indian government organizations with emails containing malicious software, or malware," it said.

The report reveals that India remains a vulnerable target for cyber-attacks even after documents leaked by whistleblower Edward Snowden exposed widespread spying by US National Security Agency.

The firm used terms like 'Sarabjit Singh', 'Devyani Khoragade' and 'Salary hikes for government employees' in the subject line to lure officials into opening attachments containing the malware.

The malware, identified by FireEye, has been active since early 2013 with the name of a Tranchulas employee, Umair Aziz, in its code.

FireEye said that since "July 2013, different variants of the malware with modified names have surfaced. It is indicated that it was common for cyber attackers to use servers located in a different country to avoid detection".

Anonymous said...

The story is very interesting but not giving full information. I don't understand how they manage to steal such a huge amount using voip calling when there are hundreds & thousands of free voip calling services are available like Skype, Viber, WeChat, Line, ringID, Kakao talk, IMO and the list goes on.

Moin said...

This is how cia decided to give fia some credit
for supporting them in the past.

Shams said...

How does Jabbar's status of "cyber cop" play into this story? FIA gave him the phone number and he was able to get GPS coordinates. Then he likely drove there, or perhaps took a commuter train - either way, where is the science of cyberity here?

Riaz Haq said...


I really wonder if you understand the difference between CIA and FBI after living in this country for decades.


What commuter train are you imagining in Karachi? And why would this guy Aziz quietly surrender after Interpol's international manhunt to someone walking up to his door after riding that imaginary commuter train?

Riaz Haq said...

Anon: " I don't understand how they manage to steal such a huge amount using voip calling when there are hundreds & thousands of free voip calling services are available like Skype, Viber, WeChat, Line, ringID, Kakao talk, IMO and the list goes on. "

You can't call premium phone lines cost $3 minute from free VoIP calling apps. You need to use a paid phone service. In this case the hackers hacked into PBXs owned by small and medium size business owners to make those calls and pocketed the money from such calls. The money came out of the pockets of the business owners.

Oostur said...

He probably did not deliver the agreed upon bribe money.

Riaz Haq said...

Oostur: "He probably did not deliver the agreed upon bribe money."

You should read "The Prisoner" by Karachi cop Omar Shahid Hamid to get better informed. It might help you drop some of your cynicism.

Anonymous said...

Riaz Haq said...

#Pakistan Security Firms Ransomware. Intelligence Start-Up i-Sight Goes Behind Enemy Lines to Get Ahead of Hackers

On a recent Wednesday morning, 100 intelligence analysts crammed into a nondescript conference room here and dialed into a group call with 100 counterparts in Argentina, Brazil, Cyprus, India, the Netherlands, Romania, Spain, Taiwan and Ukraine.

As they worked their way around the room, the analysts briefed one another on the latest developments in the “dark web.”

A security firm in Pakistan was doing a little moonlighting, selling its espionage tools for as little as $500. Several American utility companies were under attack. A group of criminals were up to old tricks, infecting victims with a new form of “ransomware,” which encrypts PCs until victims pay a ransom.

The analysts, employees of iSight Partners, a company that provides intelligence about threats to computer security in much the same way military scouts provide intelligence about enemy troops, were careful not to name names or clients, in case someone, somewhere, was listening on the open line.

Within 30 minutes, they were all back at their keyboards, monitoring underground chatter and markets, analyzing computer code meant to cause harm, watching the networks of potential attackers and poring over social media channels for signs of imminent attacks.

For the last eight years, iSight has been quietly assembling what may be the largest private team of experts in a nascent business called threat intelligence. Of the company’s 311 employees, 243 are so-called cyberintelligence professionals, a statistic that executives there say would rank iSight, if it were a government-run cyberintelligence agency, among the 10 largest in the world, though that statistic is impossible to verify given the secretive nature of these operations.

ISight analysts spend their days digging around the underground web, piecing together hackers’ intentions, targets and techniques to provide their clients with information like warnings of imminent attacks and the latest tools and techniques being used to break into computer networks.

The company’s focus is what John P. Watters, iSight’s chief executive, calls “left of boom,” which is military jargon for the moment before an explosive device detonates. Mr. Watters, a tall, 51-year-old Texan whose standard uniform consists of Hawaiian shirts and custom cowboy boots, frequently invokes war analogies when talking about online threats.

Riaz Haq said...

This #Pakistani-American's startup uses technology help prevent school bombings. #Pakistan #terrorism via @CNNMoney

What if suicide bombings could be thwarted days in advance?
Startup PredictifyMe is using data to do just that.
"[We] have the largest data set on earth when it comes to suicide bombings," said Dr. Zeeshan-ul-Hassan Usmani, Predictifyme's co-founder and chief data scientist.
This inspired the analytics company to partner with the United Nations in an initiative to use the data and protect schools in Pakistan, Nigeria and Lebanon against bombing attacks.
"Parents in these countries are afraid to send their children to school," said Rob Burns, PredictifyMe CEO and co-founder. "We're sitting here with technology that's easy to deploy and can help predict an attack and secure schools against it."
Terror attacks on schools are at the highest level in 40 years, with more than 10,000 attacks in the last five years, according to the UN.
PredictifyMe's technology not only predicts when a bombing will occur, it can also help schools prepare for an attack.
"This is what we're going to give the United Nations," said Usmani. "What schools, what is the threat level on schools on a particular date and day of the week. [The schools] will talk to the authorities to come up with their own plans."
Related:These tiny robots have superhuman strength
It's a two-step process, driven by the startup's software "Soothsayer" and "SecureSim."
Soothsayer's algorithm analyzes 200 indicators to predict the likelihood of a suicide bombing attack, said Usmani.
This includes weather, sporting events, major holidays, attacks in nearby countries, visits by international dignitaries and the emergence of a blasphemous video on YouTube or Facebook (FB, Tech30).
Usmani said the software is able to predict an attack within three days with 72% accuracy.
Related: 5 startups that are reimagining the world
SecureSim models and simulates explosions, taking into account physical and environmental properties and the type of explosives and shrapnel.
It assesses a facility's vulnerability to an explosion and determines the level of impact and injuries. It can also suggest preemptive safety measures. For instance, Usmani said the software showed that having a school's main entrance 20 feet from the classrooms can reduce the casualty count by one-third.