PatrickPretty.com

Tag: Jon Leibowitz

  • BULLETIN: International Scammers Used Mail Drops, 80 Different Domains And 130 Phone Numbers To Dupe People Into Paying For ‘Removal Of Bogus Viruses And Non-Existent Spyware, FTC Says

    BULLETIN: Calling it a “major international crackdown on tech support scams,” the FTC has charged multiple companies and individuals in an alleged fraud scheme in which consumers were duped into believing their computers were infected with “viruses, spyware and other malware” and then charged to remove it.

    To cover their tracks, the FTC charged, the scammers used “virtual offices that were actually just mail-forwarding facilities and “80 different domain names and 130 different phone numbers.”

    “And the tech support scam artists we are talking about today have taken scareware to a whole other level of virtual mayhem,”said FTC Chairman Jon Leibowitz.

    From an FTC statement today (italics added):

    The FTC charged that the operations – mostly based in India – target English-speaking consumers in the United States, Canada, Australia, Ireland, New Zealand, and the U.K. According to the FTC, five of the six used telemarketing boiler rooms to call consumers. The sixth lured consumers by placing ads with Google which appeared when consumers searched for their computer company’s tech support telephone number.

    According to the FTC, after getting the consumers on the phone, the telemarketers allegedly claimed they were affiliated with legitimate companies, including Dell, Microsoft, McAfee, and Norton, and told consumers they had detected malware that posed an imminent threat to their computers. To demonstrate the need for immediate help, the scammers directed consumers to a utility area of their computer and falsely claimed that it demonstrated that the computer was infected. The scammers then offered to rid the computer of malware for fees ranging from $49 to $450. When consumers agreed to pay the fee for fixing the “problems,” the telemarketers directed them to a website to enter a code or download a software program that allowed the scammers remote access to the consumers’ computers. Once the telemarketers took control of the consumers’ computers, they “removed” the non-existent malware and downloaded otherwise free programs.

    The scam was targeted at “English-speaking consumers in the United States, Canada, Australia, Ireland, New Zealand, and the U.K,” the FTC said.

    Assisting in the cross-border probe were the Australian Communications and Media Authority (ACMA), the Canadian Radio-television and Telecommunications Commission (CRTC) and the United Kingdom’s Serious Organised Crime Agency, the FTC said.

    All in all, the FTC filed six complaints in the Southern District of New York. The named corporate defendants include Pecon Software Ltd., Finmaestros LLC,  Zeal IT Solutions Pvt. Ltd., Virtual PC Solutions, Lakshmi Infosoul Services Pvt. Ltd., and PCCare247 Inc.

    Visit the FTC site to read the agency’s full statement and to access the complaints.

  • BULLETIN: FTC Says Rent-To-Own Companies Used Software To Spy On Customers In Their Own Homes And At WiFi Spots; Agency’s Complaints Introduce Specter of Private Big Brother

    BULLETIN: In announcing deeply troubling allegations today, the FTC said that seven rent-to-own companies and a software firm spied on customers who leased computers.

    The customers were spied on in their own homes and at WiFi spots, the FTC alleged.

    Although the companies agreed to settle the FTC’s charges, the allegations alone introduce the specter that private businesses that leased computers to financially strapped Americans licensed themselves to go into the spy business, effectively snooping on potentially hundreds of thousands of people and creating a condition under which data could be harvested to track their public movements.

    Software installed on the computers gave the rental companies the ability to take remote screen shots, log keystrokes and, in some instances, use the computer’s installed webcam to snap photos not only of customers, but also of visitors in their homes, the FTC said.

    “An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes,” said FTC Chairman Jon Leibowitz.

    Some of the firms that put themselves in the spy business were “franchisees of Aaron’s, ColorTyme, and Premier Rental Purchase,” the FTC said.

    Named in a series of FTC complaints are software firm DesignerWare LLC and its principals, Timothy Kelly and Ronald P. Koller; Aspen Way Enterprises Inc.; Watershed Development Corp.; Showplace Inc., d/b/a Showplace Rent-to-Own; J.A.G. Rents LLC, d/b/a ColorTyme; Red Zone Inc., d/b/a ColorTyme; B. Stamper Enterprises Inc., d/b/a Premier Rental Purchase; and C.A.L.M. Ventures Inc., d/b/a Premier Rental Purchase.

    From an FTC statement today (italics added):

    DesignerWare’s software contained a “kill switch” the rent-to-own stores could use to disable a computer if it was stolen, or if the renter failed to make timely payments. DesignerWare also had an add-on program known as “Detective Mode” that purportedly helped rent-to-own stores locate rented computers and collect late payments.  DesignerWare’s software also collected data that allowed the rent-to-own operators to secretly track the location of rented computers, and thus the computers’ users.

    When Detective Mode was activated, the software could log key strokes, capture screen shots and take photographs using a computer’s webcam, the FTC alleged.  It also presented a fake software program registration screen that tricked consumers into providing their personal contact information.

    Detailed allegations are laid out in the various complaints — and those details might be enough to make Americans’ skin crawl.

    “Data gathered by DesignerWare and provided to rent-to-own stores using Detective Mode revealed private and confidential details about computer users, such as user names and passwords for email accounts, social media websites, and financial institutions; Social Security numbers; medical records; private emails to doctors; bank and credit card statements; and webcam pictures of children, partially undressed individuals, and intimate activities at home,” the FTC said.

    Customers even were tracked while away from their homes, the FTC charged. From the complaint against DesignerWare (italics/bolding added):

    16. Since at least September 2011, on every computer that has a wireless card
    installed, PC Rental Agent automatically logs the WiFi hotspots that the wireless card either sees or uses to connect to the Internet. When a computer connects to DesignerWare’s servers, it reports the WiFi hotspot location information along with the computer’s IP address.

    17. DesignerWare cross-references the information logged by a rented computer to PC Rental Agent with a publicly available list of WiFi hotspots’ physical locations and provides its licensees with street addresses for the particular WiFi hotspots viewed or accessed by the computer. The information derived from WiFi hotspot contacts can frequently pinpoint a computer’s location to a single building, and, when aggregated, can track the movements and patterns of individual computer users over time. DesignerWare provides its licensees with this location information for the ten most recent reporting cycles. DesignerWare recommends that rent-to-own stores only use this data in connection with recovering stolen property, but it does not monitor, restrict, or otherwise limit its licensees’ access to such location information.

    18. DesignerWare applied its location tracking upgrade of PC Rental Agent to every computer on which PC Rental Agent was installed, without obtaining consent from, or providing notice to, the computers’ renters. After the September 2011 upgrade, in numerous instances PC Rental Agent has been installed on rented computers without the computer renter’s knowledge or consent. Thus, consumers using those computers on which PC Rental Agent is installed – who may or may not be the computers’ renters, and who may or may not be current in their lease payments – do not know that their physical location can be identified from the WiFi hotspots that their computers encounter. Nor do they know that employees of the rent-to-own stores from which their computers are rented can monitor their physical locations and the patterns of their movements.

    The software also gave the rental companies the ability to dupe people into filling out a form when a “fake registration window” appeared on the computer screens, the FTC charged.

    Customers, according to the FTC complaint against Watershed, for example, saw a screen that claimed their computer did not contain an “activated” copy of Microsoft Windows.

    “No actual software is registered as a result of a consumer providing the requested information,” the FTC charged. “Instead, Detective Mode captures the information entered in the prompt boxes and sends the data to Watershed. In numerous instances, Watershed has used this information to find, require payment for, or repossess a computer.”

    Read the FTC’s extraordinary statement and see links to the complaints by clicking here.

  • Receiver In Jeremy Johnson/IWorks Fraud Case Issues Devastating Report; Incredible Number Of Firms Referenced In 79-Page Court Update; ‘Dozens Of Companies Used As Conduits To Re-Route Revenue And To Commingle And Hide Funds,’ Document Claims

    EDITOR’S NOTE: Jeremy Johnson and associated companies were accused civilly by the FTC in December 2010 of orchestrating a massive fraud scheme involving hundreds of millions of dollars. At the moment, Johnson, 35, faces a single criminal charge of mail fraud. He denies wrongdoing on both the criminal and civil fronts and has painted himself a victim of an evil government and a court-appointed receiver run amok.

    About three weeks prior to the release of the court-appointed receiver’s report that is the subject of the story below, the government signaled that new criminal charges will be forthcoming and that those charges will apply to Johnson and unnamed “others” within his business web.

    “The United States’ criminal investigation is expected to continue for some months,” prosecutors said in a Jan. 12 court filing.

    A devastating 79-page report filed Friday by the court-appointed receiver in the Jeremy Johnson/IWorks case paints a picture of an incredibly elaborate domestic and international fraud scheme — one that only grew as the government moved in.

    The issuance of the report by receiver Robb Evans occurred against the backdrop of an ongoing advertising campaign — apparently conducted by a person or persons within Johnson’s camp — that plants the seed that Evans is presiding over a fraudulent company. The ad campaign, which is taking place on Google’s network, initially started on a web domain whose root was formed in part with the receiver’s first and last names, followed by the word “fraud.” (See Dec. 22 editorial.)

    That campaign appears to have been moved to a different domain that does not use Evans’ name to form its root, but instead marries the words “receiver” and “fraud” and asks, “Are you a victim of Robb Evans?”

    “We want to hear from you!” the ad exclaims.

    Evans is one of the financial analysts who helped unravel the infamous BCCI banking scandal in the 1990s. His bona fides are firmly established in the courts, and he has been a receiver or fiduciary in numerous cases.

    Receiver’s Feb. 3 Update To The Court

    Scores of business entities effectively were used as chess pieces to stymie investigators, keep the money wheels of key Johnson associates greased and disguise and conceal the ownership of assets, according to the report.

    At least six people with business and/or personal ties to Johnson either have invoked their Fifth Amendment right against self-incrimination or informed the receiver that they would if asked questions about certain transactions, according to the report.

    Included among this group were Johnson’s parents, a CPA, a notary public, a former banker and a man who’d served jail time for a previous felony conviction, according to the report.

    Among the former convict’s duties was to open domestic bank or trading accounts at the prompting of other Johnson business associates, according to the report.

    Through the efforts of yet another Johnson business associate, millions of dollars ended up in places such as Cyprus and Andorra, a small principality in southwest Europe bordered by France and Spain. The associate claimed to have conducted a “world tour” to open bank accounts, according to the report.

    Here is how Evans, referring to both an earlier report to U.S. District Judge Roger L. Hunt  and the new report issued last week, described his actions to date in reverse-engineering the alleged fraud. (Italics/emphasis added):

    “This process thus far has included an analysis and review of more than 265 bank accounts and other records from 35 financial institutions and 25 other businesses. In addition to 115 affiliated entities and shell companies of the Receivership Defendants as reported in the Receiver’s first report, the Receiver also discovered at least another 65 entities that were involved in moving funds and concealing the assets of Receivership Defendants.”

    And here is one of the receiver’s conclusions:

    “There can be no commercially reasonable explanation for the number of entities and individuals through which funds were routed and re-routed. The only plausible explanation is that these funds are assets of Jeremy Johnson and some of the individuals were paid to shield those assets.”

    There can be no doubt that the report will raise alarm bells in the U.S. Congress and official Washington because of the security implications of an alleged fraud scheme in which proceeds also made their way into a troubled Utah bank already reeling from the recession and stress on real-estate prices. The bank later failed, but not until Johnson allegedly had acquired a 19 percent stake in part through alleged nominee purchases of stock by relatives and “structured” transactions designed to ward off the FDIC.

    Among other things, the report by Evans ties both Johnson and SunFirst Bank of St. George to the poker scandal playing out in New York amid Ponzi allegations. Johnson allegedly paid a bribe to John Campos, a former SunFirst banker indicted in the poker case, according to the report.

    What allegedly happened at Sun First Bank, however, was only one of the events addressed in the report.

    Read the receiver’s Feb. 3, 2012, report.

    Prosecutors Say New Criminal Charges Coming

    In a separate court filing in Nevada last month, federal prosecutors advised Hunt that the government is “conducting an extensive criminal investigation for the purpose of superseding the original indictment with a more comprehensive indictment charging Johnson, iWorks, Inc., and others with a widespread pattern of federal criminal violations.”

    The others were not named in the prosecution filing.

    Johnson currently is facing a single count of mail fraud, in addition to the FTC’s civil charges.

    Separately, the FTC said in court filings last month that Johnson had engaged in an improper subpoena blitz in the civil case while discovery was stayed by the Nevada federal court.

    Johnson, according to the FTC, sent a subpoena to the private, D.C. metro-area residence of FTC Chairman Jon Leibowitz. The subpoena, which was quashed, demanded that Leibowitz appear in St. George at 9 a.m. on Jan. 27 to be deposed.

    Johnson also improperly sought to subpoena FTC commissioner Julie Brill, demanding that she appear in St. George  to attend a deposition a few days after Leibowitz, according to the FTC’s filing. That subpoena also was quashed.

    Like all FTC commissioners, Leibowitz and Brill are Presidential appointees. Neither is required to jump on cue from Johnson. Discovery will continue when the stay is lifted on a schedule the court — rather than Johnson — sets.

    See earlier editorial that lists some of the domain names that use the names of the FTC or FTC officials in forming all or parts of their roots. The domains allegedly were acquired by Johnson or persons in his camp. At least one domain that used the name of the FDIC was formed, according to court filings: EvilFDIC.

    Among the many domains that use the FTC’s name is CorruptFTC, along with at least three domains formed with the proper names of FTC staff attorneys.

    Each of the domains allegedly was acquired before the receiver filed his Feb. 3 report.

     

  • FTC Charges Founder, CEO Of LifeLock In Deceptive Claims And Privacy Case; Company Agrees To $12 Million Settlement With Agency, 35 State Attorneys General

    Screen shot: From Exhibit 1 in FTC case against LifeLock, whose CEO, Todd Davis, appeared in ads that published his Social Security number to demonstrate his confidence in the company's services. (The PP Blog added the red highlight. Court filings obscure the number, which LifeLock published openly while prompting customers of its $10-a-month service to "Always protect your social security number. Do not share it unless necessary.")

    LifeLock Inc. and its principals have been barred from making deceptive claims and required to take more stringent measures to safeguard the personal information collected from customers, the FTC said.

    The FTC charged LifeLock and its co-founders — CEO Richard Todd Davis and former COO Robert J. Maynard Jr. — in the civil case. The case, which has been settled in U.S. District Court for the District of Arizona, alleged that LifeLock “used false claims to promote its identity theft protection services” and “made claims about its own data security that were not true.”

    LifeLock agreed to pay $12 million to settle the case, which the FTC described as “one of the largest FTC-state coordinated settlements on record.” The company, Davis and Maynard settled without admitting the allegations were true.

    “While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said FTC Chairman Jon Leibowitz.

    LifeLock said it welcomed the settlement.

    “LifeLock is pleased with this agreement, which, for the very first time, works to set advertising guidelines for the entire industry,” said LifeLock Chairman and CEO Todd Davis. “We welcome federal and state efforts to regulate our industry, because doing so helps to protect consumers from the risks of identity theft.”

    In court filings, the FTC said LifeLock did not take adequate steps to protect data it collected from customers — even though Davis appeared in ads that published his own Social Security number to demonstrate his confidence in the company’s ability to prevent identity theft.

    “I’m Todd Davis, CEO of LifeLock, and yes, that’s my real social security number,” the ad read.

    Illinois Attorney General Lisa Madigan said there is no foolproof way to protect against identity theft.

    “This agreement effectively prevents LifeLock from misrepresenting that its services offer absolute prevention against identity theft because there is unfortunately no foolproof way to avoid ID theft,” Madigan said. “Consumers can take definitive steps to minimize the chances of having their personal information stolen, and this settlement will help them make more informed decisions about whether to enroll in ID theft protection services.”

    The FTC said LifeLook “routinely collected sensitive information from its customers, including their social security numbers and credit card numbers,” but did not adequately protect the data.

    Among the LifeLock claims, according to FTC court filings:

    • “Only authorized employees of LifeLock will have access to the data that you provide to us, and that access is granted only on a ‘need to know’ basis.”
    • “All stored personal data is electronically encrypted.”
    • “LifeLock uses highly secure physical, electronic, and managerial procedures to safeguard the confidentiality and security of the data you provide to us.”

    But the FTC alleged that “LifeLock’s data was not encrypted, and sensitive consumer information was not shared only on a ‘need to know’ basis. In fact, the agency charged, the company’s data system was vulnerable and could have been exploited by those seeking access to customer information.”

    Employees and vendors “working from their homes or other locations beyond the Defendants’ headquarters could access the network remotely,” the FTC alleged.

    “[U]ntil at least September 2007, Defendants engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security to prevent unauthorized access to personal information stored on its corporate network, in transit through its corporate network or over the internet, or maintained in Defendants’ offices,” the FTC alleged.

  • Noobing-Connected Firm Discussed In Senate Hearing

    Jon Leibowitz, FTC chairman
    Jon Leibowitz, FTC chairman

    The head of the Federal Trade Commission told a Senate panel yesterday that a firm associated with the Noobing autosurf embarked on a scheme to sell a $59 book and then used a telemarketing company to upsell customers to an expensive program that fraudulently sold “guaranteed” government grants from economic-stimulus funds.

    “Just last week, some of the defendants allegedly responsible for the ‘Grant Writers Institute’ [GWI] grant scam agreed to a preliminary injunction halting their operation pending final resolution of the matter by the court,” FTC Chairman Jon Leibowitz told the Senate Committee on Homeland Security and Governmental Affairs.

    Noobing, which pitched itself to deaf consumers and was promoted by members of AdSurfDaily (ASD), went offline in the aftermath of the FTC lawsuit against Affiliate Strategies Inc., GWI and related companies.

    “The complaint charged that GWI falsely claimed that consumers were eligible for grants as part of the recently announced economic stimulus package,” Leibowitz told the panel. “For example, consumers who called GWI in response to a mass-mailed postcard heard a recording that said, ‘If you’ve been reading the papers you know that recently our government released $700 billion into the private sector. What you probably don’t know is that there is another $300 billion that must be given away this year to people just like you.’ The recording continued, ‘And if you’re one of the lucky few who knows how to find and apply for these grants, you will receive a check for $25,000 or more, and we guarantee it . . . If you don’t get a check for $25,000 or more, you pay nothing.”

    Sen. Joseph Leiberman, chairman,
    Sen. Joseph Lieberman, chairman, Senate Committee on Homeland Security and Governmental Affairs.

    Sen. Joe Lieberman, ID-Conn., presided over the hearing, which was titled “Follow the Money: An Update on Stimulus Spending, Transparency, and Fraud Prevention.”

    Leibowitz updated Lieberman’s panel on efforts by “[c]on artists [who] have sought to exploit the American Recovery and Reinvestment Act of 2009,” according to his testimony.

    He noted that some fraudsters had used images of “President Obama and Vice President Biden to add legitimacy to their misrepresentations.”

    In a forfeiture case against ASD, a Florida company accused of operating an international Ponzi scheme from a former flower shop in a small town, federal prosecutors said promoters of the scheme falsely claimed that ASD President Andy Bowdoin had received an award for a business achievement from President George W. Bush.

    Rather than let the wire-fraud, money-laundering and securities investigation proceed until all the facts of ASD’s business practices were known, some ASD members embarked on a letter-writing campaign to the Senate and asked members of Congress to investigate the prosecutors, not the alleged schemers.

    Others filed court motions that accused a federal judge and the prosecutors of crimes.

    See Reuters story on the Senate hearing.