PatrickPretty.com

Tag: Star Tribune

  • Star Tribune, Minnesota’s Largest Newspaper, Targeted In International ‘Scareware’ Cyberattack; 2 Suspects Arrested In Latvia; Bogus Ad Agency Purportedly Based In Miami Allegedly Used To Dupe Famous American Publishing Company

    EDITOR’S NOTE: This is one of those stories that can cause people to scream. The U.S. publishing industry has been deeply affected by the Internet. Print advertisers — the people who pay the bills — now can communicate directly and immediately with readers, a development that is sucking the life out of traditional print publishers. Publishers large and small are seeking ways to monetize electronic versions of print publications because that’s what much of the audience prefers.

    But switching in whole or in part to electronic publications has exposed the industry to a whole new set of problems, including wanton theft of entire editorial wells, theft of other intellectual property and trademark infringement. The story below details another new threat: the targeting of a famous journalism brand to drive traffic to an electronic fraud scheme.

    In 2009, the PP Blog suspended publication of a companion Blog on Ponzi schemes and securities fraud because of the theft of its entire editorial well. Earlier this year, the Blog suspended the publication of ads provided by Google because of chronic harassment directed at the Blog and some of its readers by a cyberstalker on YouTube. The PP Blog also has experienced sustained DDoS attacks, threats of “war” and threats believed to have originated with people sympathetic to online criminals.

    On April 6, the PP Blog reported such an incident to a federal law-enforcement agency.

    One of the most prominent publishing companies in America’s heartland was duped in a scheme  in which international criminals fabricated an “advertising agency” purportedly based in Miami and placed an ad by posing as media buyers for a major hotel chain, federal prosecutors said.

    When the Star Tribune newspaper tested the ad, the criminals initially covered their tracks by causing the ad to appear to be a normal ad for the Best Western hotel chain, the purported client of the purported advertising agency.

    Within two days of the Feb. 19, 2010, placement of the “ad,” however, Star Tribune readers interested in what they believed was a Best Western offering were subjected to a browser hijack in the Netherlands and Latvia that caused their computers to freeze and display pop-up messages for a purported “antivirus” software product.

    Such “scareware” attacks have been responsible for tens of millions of dollars in losses globally by duping computer-users into believing their machines have been infected with a virus or malware and making purchases of software to eliminate the problem.

    After the Star Tribune realized it had been duped, the newspaper pulled all of its online ads, isolated the problem, contacted law enforcement “immediately” and let its readers know about the infected ad.

    Federal prosecutors now say “RevolTech Marketing,” the purported  “advertising agency” in Miami, was bogus. The ad allegedly was placed by a media buyer who identified herself as “Lisa Polowski.”

    Moreover, Best Western “had not retained RevolTech to place online advertisments on its behalf,” according to prosecutors. They added that losses from the scam targeted at the Star Tribune and its readers totaled “at least” $2 million.

    Two people — Peteris Sahurovs, 22, and Marina Maslobojeva, 23 — were arrested yesterday in Rezekne, Latvia, federal prosecutors said. They are charged with wire fraud, conspiracy and computer fraud for creating the phony agency, falsely claiming they represented Best Western, duping the Star Tribune and causing scareware to load on the personal computers of its readers.

    The Star Tribune is Minnesota’s largest newspaper. It covers news in multiple categories across the Minneapolis/St. Paul region, state, nation and world, and in recent years has been covering spectacular local Ponzi scheme cases with wide readership interest, including the Tom Petters’ and Trevor Cook cases.

    Prosecutors did not say why the Star Tribune had been targeted in the cyberattack. Scammers, spammers and online criminals, however, are known to monitor publications for cultural references and specific “keywords” — and then seek ways to use the publications to drive traffic to fraud schemes.

    The PP Blog, for instance, has received 2,859 unwanted communications in June 2011 alone, mostly from keyword spammers trying to publish ads on the Blog and leech off its traffic. In the Internet Age, criminal networks monitor coverage of any number of topics and seek ways to piggyback off the topics to create illegal profits.

    “The global reach of the Internet makes every computer user in the world a potential victim of cybercrime,” said U.S. Attorney B. Todd Jones of the District of Minnesota. “Addressing cybercrime requires international cooperation; and in this case, the FBI, collaborating with our international law enforcement and prosecution partners, has worked tirelessly to disrupt two significant cybercriminal networks. Their efforts demonstrate that no matter the country, Internet criminals will be pursued, caught and prosecuted.”

    Jones’ reference to a second disruption of international cybercrime was in the context of a case brought in Washington state in which the United States seized 22 domestic computers and servers and arranged to have 25 international computers and servers disabled in a scareware probe known as “Operation Trident Tribunal.”

    Federal prosecutors said a scareware network had racked up $72 million in sales over three years by duping people into buying fake antivirus software.

    At least 960,000 computer users were duped in the scareware fraud, prosecutors said. Latvian authorities seized at least five bank accounts linked to the scheme.

    “This case shows that strong national and global partners can ensure there is no sanctuary
    for cyber-crooks,” said U.S. Attorney Jenny A. Durkan of the Western District of Washington.

    Read the Minnesota indictment.

  • Spokesman For Renner-Related Company Did Not Disclose Tie In Opinion Piece That Attacked Star-Tribune Newspaper; Name Is Referenced In Secret Service Affidavit; Declines To Answer Questions From PP Blog

    UPDATED 2:25 P.M. ET (March 2, U.S.A.) The vice president and director of public relations for V-Newswire — a company in Steve Renner’s INetGlobal family — authored an opinion piece lambasting a Minnesota newspaper’s coverage of a Secret Service raid at INetGlobal’s Minneapolis offices last week on his personal Blog, but did not disclose his tie to the firm.

    Donald W.R. Allen II operates a Blog known as The Independent Business News Network (IBNN). Allen did not disclose his INetGlobal tie when authoring an editorial titled, “Minneapolis’ Star Tribune newspaper’s bias reporting causes defamatory speculation at Internet marketing firm.”

    The piece began, “If the Star Tribune newspaper can use its ‘power’ to taint a company’s image prior to investigation by authorities, whose (sic) to say the news you get is true and accurate?”

    The Star-Tribune was among the first media outlets to report that federal agents believed INetGlobal was operating a Ponzi scheme.

    Information gleaned during the federal probe led to allegations that INetGlobal also was engaging in wire fraud and money-laundering.

    Allen, whose name is referenced in a search-warrant application in the INetGlobal case, now says he should have disclosed the tie in the IBNN editorial.

    “I will give full disclosure on the iNetGlobal piece today because I have 3 more follow up stories,” he said this morning. He asserted that the IBNN domain, which is registered in Renner’s name under the organization of V-Webs LLC, “has nothing to do with iNetGlobal other than being registered by the company as part of my employment agreement.”

    Allen defined the IBNN Blog as a “Civil Rights, Politics and News Blog for mostly the Twin Cities area.” IBBN’s site content includes an endorsement of the Tea Party Movement in the United States and a “Declaration of Tea Party Independence.”

    Allen emailed the PP Blog Sunday after appearing at the Blog, posting comments and using the IBNN URL, not a URL associated with the Renner companies. He dismissed the Blog as “minor league,” writing it was engaging in a “witch hunt.” The Blog responded to Allen’s email by asking him to comment on a number of issues concerning INetGlobal and inquiring why he was using the IBNN URL if he was a spokesman for a Renner entity.

    Later in the day, Allen responded to the Blog’s questions by saying he would answer questions about his role at V-Newswire, but he did not address the questions the Blog asked previously.

    The Blog then resubmitted the questions, adding several more questions to a list of four it previously had asked. Allen responded to the email, but chose not to answer a number of questions.

    Among the questions Allen declined to answer was whether INetGlobal, in the aftermath of the Ponzi scheme allegations, believed it should inform members about Steve Renner’s December conviction on four felony counts of income-tax evasion. Allen also declined to answer a question on whether INetGlobal had a duty to inform members that Cash Cards International (CCI) — a payment processing firm once operated by Renner — could not return money to Ponzi scheme victims in a case brought by the SEC against a California company known as Learn Waterhouse because Renner had spent the customers’ money.

    Allen did say he saw “nothing illegal with V-Newswire or the V-News Network.”

    The Blog asked Allen whether he was the “Donny Allen” referred to in an INetGlobal news release and the “Donald Allen” referred to in a Secret Service affidavit that alleged “Donald Allen” provided confusing information to a person who attended an INetGlobal function in New York.

    Allen did not answer the question, which the Blog posed twice.

    Undercover Secret Service agents also attended the New York function, according to the affidavit.

    The PP Blog also asked Allen whether he believed he should disclose his tie to INetGlobal when responding to Blog and forum posts. He declined to answer the question, which was posed twice.

    He also declined to answer a question about how it served INetGlobal’s PR ends to dismiss as “minor league” Blogs that report the serious allegations against the company.

    AdSurfDaily, a Florida company implicated in a $100 million Ponzi scheme, employed a similar PR approach. The ASD case is referenced in the Secret Service affidavit, amid allegations that an ASD member described INetGlobal as a wink-nod enterprise and attempted to have an undercover Secret Service agent participate in a three-way call with the ASD members’ sponsor for the purpose of recruiting the agent into INetGlobal.

    Allen also declined to answer a question on whether he was the author of an INetGlobal news release after the raid that said federal agents had arrived at Renner’s offices “looking for something to substantiate their claim that illegal activity was occurring in the business.”

    The news release used Allen’s email address, which he described as temporary in an email to the PP Blog, but did not mention Renner’s income-tax conviction and the allegations that Renner had spent money belonging to CCI customers.