Boing Boing 

Wall Street, like the mafia, but more ambitious

In Rolling Stone, Matt Taibbi is his usual incandescent self in reporting on the United States of America v. Carollo, Goldberg and Grimm, a bid-rigging trial against brokers at GE Capital, which implicated virtually every bank on Wall Street (and many overseas banks) in a multibillion-dollar municipal bond bid-rigging fraud, a fraud that skimmed a piece of every substantial municipal project in America, from public pools and baseball diamonds to subway stations and housing projects. Bid-rigging, a process perfected by the mafia, has been practiced by the financial sector on a scale never dreamed of by the simple men of the crime syndicates, and the scam is starting to unravel.

The defendants in the case – Dominick Carollo, Steven Goldberg and Peter Grimm – worked for GE Capital, the finance arm of General Electric. Along with virtually every major bank and finance company on Wall Street – not just GE, but J.P. Morgan Chase, Bank of America, UBS, Lehman Brothers, Bear Stearns, Wachovia and more – these three Wall Street wiseguys spent the past decade taking part in a breathtakingly broad scheme to skim billions of dollars from the coffers of cities and small towns across America. The banks achieved this gigantic rip-off by secretly colluding to rig the public bids on municipal bonds, a business worth $3.7 trillion. By conspiring to lower the interest rates that towns earn on these investments, the banks systematically stole from schools, hospitals, libraries and nursing homes – from "virtually every state, district and territory in the United States," according to one settlement. And they did it so cleverly that the victims never even knew they were being ­cheated. No thumbs were broken, and nobody ended up in a landfill in New Jersey, but money disappeared, lots and lots of it, and its manner of disappearance had a familiar name: organized crime.

In fact, stripped of all the camouflaging financial verbiage, the crimes the defendants and their co-conspirators committed were virtually indistinguishable from the kind of thuggery practiced for decades by the Mafia, which has long made manipulation of public bids for things like garbage collection and construction contracts a cornerstone of its business. What's more, in the manner of old mob trials, Wall Street's secret machinations were revealed during the Carollo trial through crackling wiretap recordings and the lurid testimony of cooperating witnesses, who came into court with bowed heads, pointing fingers at their accomplices. The new-age gangsters even invented an elaborate code to hide their crimes. Like Elizabethan highway robbers who spoke in thieves' cant, or Italian mobsters who talked about "getting a button man to clip the capo," on tape after tape these Wall Street crooks coughed up phrases like "pull a nickel out" or "get to the right level" or "you're hanging out there" – all code words used to manipulate the interest rates on municipal bonds. The only thing that made this trial different from a typical mob trial was the scale of the crime.

USA v. Carollo involved classic cartel activity: not just one corrupt bank, but many, all acting in careful concert against the public interest. In the years since the economic crash of 2008, we've seen numerous hints that such orchestrated corruption exists. The collapses of Bear Stearns and Lehman Brothers, for instance, both pointed to coordi­nated attacks by powerful banks and hedge funds determined to speed the demise of those firms. In the bankruptcy of Jefferson County, Alabama, we learned that Goldman Sachs accepted a $3 million bribe from J.P. Morgan Chase to permit Chase to serve as the sole provider of toxic swap deals to the rubes running metropolitan Birmingham – "an open-and-shut case of anti-competitive behavior," as one former regulator described it.

The Scam Wall Street Learned From the Mafia (via Naked Capitalism)

Florida voter-suppression campaign means WWII vet has to prove he is American or lose his vote

Florida governor Rick Scott has ordered a high-velocity purge of the state's voter-rolls, using secret criteria to target 180,000 Floridians and requiring them to prove their citizenship in 30 days or lose the right to vote. Democrats and activist groups claim that this violates federal laws. For 91-year-old WWII vet Bill Internicola, it's an insult. Greg Allen reports on NPR's Morning Edition:

"To me, it's like an insult," he says. "They sent me a form to fill out. And I filled out the form and I sent it back to them with a copy of my discharge paper and a copy of my tour of duty in the ETO, which is the European Theater of Operations."

Internicola's was one of more than 180,000 names Florida's secretary of state identified from motor vehicle records as possible noncitizens. Several weeks ago, the secretary's office sent county elections supervisors a first batch of some 2,600 names. County officials, who are also preparing for the state's August primary, started sending out letters to suspected noncitizens, saying they had 30 days to prove their citizenship or be removed from the voting rolls.

World War II Vet Caught Up In Florida's Voter Purge Controversy

LAPD probing Lap-Band weight loss surgery provider after patient deaths

Billboards for weight loss surgery provider "1-800-GET THIN" were ubiquitous around LA freeways until recently; the company has since come under scrutiny by the FDA, consumer affairs watchdogs and Consumer Reports for sketchy business practices. Now, the Los Angeles Police Department is investigating the firm over the recent death of a patient. Snip from LA Times report:

In a civil lawsuit, two former surgery center workers alleged that a series of medical gaffes contributed to [55 year old patient Paula] Rojeski's death. That lawsuit, filed in January, said an intravenous line was not properly inserted into Rojeski's arm during surgery, causing solution to pool on the floor of the operating room. Former surgical technicians Dyanne Deuel and Karla Osorio also said in the lawsuit that the anesthesiologist forgot to turn on the oxygen tank before surgery.

The LA Times report goes on to list four additional patient deaths. (photo: LA Times)

Independent watchdog says Canada's 2011 elections may have been corrupt

The independent nonpartisan NGO Democracy Watch says that Canada's elections regulator has failed in its duty to prevent fraud in Canada's elections. This comes on the heels of a voter-suppression scandal in which "robocalls" were placed, allegedly to voters likely to vote against the (now ruling) Conservative party, telling them that their polling places had changed. One whistleblower claims to have worked on the phone-bank that handled complaints from the robocalls, and says that she was instructed to tell people that she was working on behalf of the Conservative party, and to give out misinformation about where to vote. Jeff David of Postmedia News writes in the Montreal Gazette:

"Here we are 144 years since Canada became a so-called democracy and no one can tell whether Elections Canada is enforcing the federal election law fairly and properly because it has kept secret its investigations and rulings on more than 2,280 complaints since 2004," said spokesman Tyler Sommers.

The Harper government scrambled to keep pace with the burgeoning scandal during Tuesday's question period, after Postmedia News and the Ottawa Citizen unveiled new details of the election calls that had been routed through a Tory-linked firm.

A total of 1,334 complaints were filed with Elections Canada in the 2004, 2006, and 2008 federal elections, according to the agency's post-poll reports. Concerning the 2011 election alone, however, Elections Canada received 1,872 complaints about accessibility problems, 2,956 emails complaining of voting rule confusion in the Guelph area, and 1,003 complaints about other issues.

Elections Canada not doing its job: Democracy Watch

Rumblefish claims to own copyright to ambient birdsong on YouTube

Rumblefish, a company notorious for sending copyright takedown notices to YouTube alleging copyright violations in videos' soundtracks, demanded removal of a video whose audio consists entirely of ambient birdsong recorded during a walk in the woods. When the video's creator objected, Rumblefish repeated its accusation, and Google added the notation "These content owners have reviewed your video and confirmed their claims to some or all of its content: Entity: rumblefish Content Type: Sound Recording."

I posted a video which is basically just me walking and talking, outdoors, away from any possible source of music. http://www.youtube.com/watch?v=nPBlfeuZuWg

And apparently youtube identified my video as containing copyrighted music from a company called rumblefish. I filed a dispute, and now I'm waiting for said company to respond to it. Is this a freak occurrence? I feel pretty violated by this, a mysterious entity claiming to own my content and apparently profiting from it with ads.

There are birds singing in the background in the video, could they own the rights to birdsong?

Update: Rumblefish CEO Paul Anthony explains himself and his company in a Reddit AMA.

"Matched third party content. Entity: rumblefish Content Type: Musical Composition", but no music in the video (via /.)

Recursive phishing email

Bruce Sterling received a phishing email purporting to be a followup to a report of a phishing email. Coming soon: a phishing email purporting to be a phishing email purporting to be a followup to a report of a phishing email.

US-CERT is forwarding the following Phishing email that we received to the APWG for further investigation and processing.

Please check attached report for the details and email source

US-CERT has opened a ticket and assigned incident number PH0000005007349. As your investigation progresses updates may be sent at your discretion to soc@us-cert.gov and should reference PH0000002359885.

Phishing email arrives disguised as phishing email

Google: We're "mortified" a team working on Google project "misrepresented" relationship with Mocality

A followup to this morning's post, The Google-Kenya Ripoff. Nelson Mattos, Google's Vice-President for Product and Engineering, Europe and Emerging Markets, writes:

We were mortified to learn that a team of people working on a Google project improperly used Mocality’s data and misrepresented our relationship with Mocality to encourage customers to create new websites. We’ve already unreservedly apologised to Mocality. We’re still investigating exactly how this happened, and as soon as we have all the facts, we’ll be taking the appropriate action with the people involved.

The case of the stolen domain names

Numerous web design advice sites report that their domain names were mysteriously transferred from GoDaddy to another registrar. Though now registered in someone else's name, the DNS records and websites themselves have generally not been interfered with, suggesting a more cunning plan than usual. At fault seem to be poor account passwords, email-based transfer verifications, the GoDaddyness of GoDaddy, and PlanetDomain's indifference to complaints until sites go offline.

Identity theft marketplace sells mothers' maiden names, dates of birth, etc


Many websites will allow you to "recover a lost password" if you (or a crook) can supply your date of birth, mother's maiden name, etc. So, of course, crooks buy and sell data like dates of birth, mothers' maiden names, Social Security Numbers, and other easily mined minutae. Brian Krebs reports from superget.info, a site that sells would-be fraudsters this information, and also has a wholesale program so that entrepreneurial crooks can resell your personal information to their friends.

Superget lets users search for specific individuals by name, city, and state. Each “credit” costs USD$1, and a successful hit on a Social Security number or date of birth costs 3 credits each. The more credits you buy, the cheaper the searches are per credit: Six credits cost $4.99; 35 credits cost $20.99, and $100.99 buys you 230 credits. Customers with special needs to can avail themselves of the “reseller plan,” which promises 1,500 credits for $500.99, and 3,500 credits for $1000.99.

“Our Databases are updated EVERY DAY,” the site’s owner enthuses. “About 99% nearly 100% US people could be found, more than any sites on the internet now.”

Customers who aren’t choosy about the identities they’re stealing can get a real bargain. Among the most trafficked commodities in the hacker underground are packages called “fullz infos,” which include the full identity information on dozens or hundreds of individuals.

How Much Is Your Identity Worth?

Scandalus Olympus: ex-CEO alleges financial fraud

Michael C. Woodford (shown above), the former CEO of Olympus, says the Japanese technology company is involved in a whole lot of financial hanky-panky. The Olympus board says the 51-year-old British national, the first non-Japanese CEO in the company's history, was a bad manager. But he claims he was forced out when he began asking questions about $1 billion in payments for acquisitions made before he took the reins.

My favorite line in the scandal so far (and remember now, Olympus mostly sells cameras and medical imaging equipment): “There were $800 million in payments to buy companies making face cream and Tupperware,” said Woodford. “What the hell were we doing paying $800 million for these companies?”

More: Financial Times, Bloomberg, New York Times, and here's an internal letter published by the New York Times with Woodford's consent (PDF link).

(via Hiroko Tabuchi, Adario Strange, photo: REUTERS/Yuriko Nakao)

ATM skimmer gang invested proceeds in 3D printer to make better ATM skimmers


Last February, i.materialise reported that they'd declined an offer to 3D print a new fascia for an ATM, because they suspected it was part of an ATM skimmer (a device used to capture peoples' ATM PINs and card numbers). The news may have inspired another ATM skimmer gang, four men from South Texas who were indicted in June. Prosecutors say the crooks had saved their pennies from earlier ATM ripoffs and invested in a 3D printer that they used to print their own fascia without having to go through an intermediary like i.materialise.
“When [Lall was] put in jail, we asked, ‘What are we going to do?’ and we had to figure it out and that’s when we came up with this unit,” Paz allegedly told the undercover officer.

The government alleges Paz also was the guy who encoded the stolen card data onto counterfeit cards. The feds say Albert Richard of Missouri City, Texas prepared ATMs at numerous banks where the skimming devices were installed, by covering the ATM cameras or spray-painting over them, and by acting as a lookout.

A fourth defendant, John Griffin, is alleged to have used the counterfeit cards to withdraw funds at different ATMs around Texas. Prosecutors allege the group stole more than $400,000 between Aug. 2009 and June 2011. Prior to their arrest this summer, the gang started making decent money but they split the profits between them. Federal prosecutors say the men stole $57.808.14 in month of April 2011 alone (yes, that’s an odd amount to have come out of ATMs, but I digress).

Gang Used 3D Printers for ATM Skimmers

Old ad: Drink sugary drinks before meals to lose weight!


A group called "Sugar Information" ran ads in the late 60s and early 70s promoting soft drinks as a way to fill up and suppress your appetite. I suspect that people who followed this advice were disappointed -- the sugar crash from soft drinks is pretty widely believed to make you hungry, not full.

O RLY? I wonder if butter works like this too.

Many US ISPs in epidemic of covert search-hijacking of their customers

The Electronic Frontier Foundation worked with UC Berkeley's International Computer Science Institute to uncover a widespread program of search-hijacking by American ISPs. Many US ISPs run covert proxies that redirect certain lucrative search queries (made by customers who believe that they are searching Google or another search engine) to their preferred suppliers, pocketing an affiliate fee for delivering their customers. Participating ISPs, which include Cavalier, Cogent, Frontier, Fuse, DirecPC, RCN, and Wide Open West (Charter used to do this, but appear to have stopped), did not disclose the practice to their customers, who were meant to believe that they were getting the search results that their preferred search-engines had presented.

EFF and ICSI uncovered the vendor that supplied the hijacking software, a company called Paxfire.

Using EFF's HTTPS Everywhere Firefox extension and a search-engine that permits HTTPS logins (such as Google or DuckDuckGo) will prevent this sort of hijacking.

The published research papers did not identify the controller of the proxy servers that were receiving the traffic, but parallel investigations by the ICSI Networking Group and EFF have since revealed a company called Paxfire as the main actor behind this interception. Paxfire's privacy policy says that it may retain copies of users' "queries", a vague term that could be construed to mean either the domain names that they look up or the searches they conduct, or both. The redirections mostly occur transparently to the user and few if any of the affected ISP customers are likely to have ever heard of Paxfire, let alone consented to this collection of their communications with search engines.

The proxies in question are operated either directly by Paxfire, or by the ISPs using web proxies provided by Paxfire. Major users of the Paxfire system include Cavalier, Cogent, Frontier, Fuse, DirecPC, RCN, and Wide Open West. Charter also used Paxfire in the past, but appears to have discontinued this practice.

Why do they do this?
In short, the purpose appears to be monetization of users' searches. ICSI Networking's investigation has revealed that Paxfire's HTTP proxies selectively siphon search requests out of the proxied traffic flows and redirect them through one or more affiliate marketing programs, presumably resulting in commission payments to Paxfire and the ISPs involved. The affiliate programs involved include Commission Junction, the Google Affiliate Network, LinkShare, and Ask.com. When looking up brand names such as "apple", "dell", "groupon", and "wsj", the affiliate programs direct the queries to the corresponding brands' websites or to search assistance pages instead of providing the intended search engine results page.

Widespread Hijacking of Search Traffic in the United States

(Image: 2005_South Africa_Centurion_DSCF0242, a Creative Commons Attribution Share-Alike (2.0) image from hmvh's photostream)

Regulating science the way we regulate restaurant kitchens

Peer-review does many things, but it isn't built to weed out fraud. In the wake of large scandals like the expose of Andrew Wakefield's fraudulent autism study, the British government is starting to consider regulating science for fraud the same way it regulates restaurants for public health. Brian Deer, the journalist who helped expose Wakefield, supports the idea. What do you think? (Via Ivan Oransky)