fraud
Latest
Fake Pokemon Yellow ends up on iOS App Store
A fraudulent version of the Game Boy Color classic Pokemon Yellow has somehow made it through Apple's approval gauntlet and wound up on the App Store. Published by "Home of Anime" with Daniel Burford listed as the author, the "game" runs for $0.99 and has a one-and-a-half star rating after 1,352 reviews. According to said reviews, the app crashes after the title screen and cannot actually be played.As if the simple existence of a Pokemon game on the App Store weren't enough of a red flag, the listing's screenshots aren't even from Pokemon Yellow, they're actually from Pokemon Fire Red/Leaf Green. The app's description also contains unattributed "press quotes" and a statement that "all trademarks and copyrights are owned by their respective owners," because everyone knows that admitting your copyright infringement absolves you of all responsibility, right? We've reached out to Apple for comment.Editor's Note: My faulty, old-man brain confused the fact that Pokemon Yellow launched with a Poke-themed Game Boy Color, with it actually being a Game Boy Color game (which it was not). I've exploded an Electrode in penance.
Former Olympus chairman Tsuyoshi Kikukawa comes down from the mount, into police custody
If you've been following the latest camera industry accounting scandal, then you're probably well aware that all is not well at Olympus. The Japanese company took its latest blow today when former chairman Tsuyoshi Kikukawa was arrested in Tokyo on suspicion of having falsified financial statements. The Tokyo prosecutor's office released a statement saying that two other former execs were also brought into police custody, including Hisashi Mori, a former executive vice president, and Hideo Yamada, a former auditor. Olympus is also faced with the possibility of being delisted from the Tokyo Stock Exchange -- the decision has been deferred awaiting further evidence. So what does all this mean for the scandal-ridden camera maker's position in the industry? Little, perhaps, from a consumer perspective, considering that Olympus has continued to announce and ship new products, including the well-received EM-5. The fate of its former executives, however, is less auspicious.
Google Wallet gets prepaid security fix, but 'brute-force' issue still hangs in the air
Google says it's fixed a Wallet security flaw that potentially allowed a phone thief to spend a user's prepaid balance. The ability to provision new prepaid cards had been suspended pending the update, but has now been restored. Things aren't quite back to normal in the Big G's world of mobile money, however. Users still find themselves caught between two competing arguments over an entirely different vulnerability, which involves a 'brute-force' attack on rooted devices. Google insists that this isn't a major concern, so long as Wallet users refrain from rooting, and that the system still "offers advantages over the plastic cards and folded wallets in use today." On the other hand, the company that discovered this issue -- zvelo -- has come back at Google with an equally blunt response. It acknowledges that a handset must be rooted to be vulnerable, but crucially its researchers also say that a device doesn't have to be rooted before it's stolen. In other words, they allege that a savvy thief can potentially steal a phone and then root it themselves, and they won't be happy with Wallet until it requires longer PIN number. Whichever argument sways you, it's worth bearing in mind that there's no evidence that anyone has yet managed to exploit these weaknesses for criminal purposes.
PSA: Google Wallet vulnerable to 'brute-force' PIN attacks (update: affects rooted devices)
Security hounds over at zvelo have discovered a vulnerability in Google Wallet that means your precious PIN can be "easily revealed." Digging through the app's code and using Google's open resources to reveal its contents, they uncovered a piratical treasure trove of data: unique user IDs, Google account information, and the PIN stored as a SHA256 hex-encoded string. Since this string is known to carry four digits, it only takes a "trivial" brute-force attack involving a maximum of 10,000 calculations to decode it. To prove their point, the researchers made a Wallet Cracker app -- demoed after the break -- that does the job quicker than you can say "unexpected overdraft."Google has been receptive to these findings, but its attempts at a fix have so far been hampered by the need to coordinate with the banks, since changing the way the PIN is stored could also change which agency is responsible for its security. In the meantime, zvelo advises that there are some measures users can take themselves, aside from putting a protective hand over their pockets: refrain from rooting your phone, enable your lock screen, disable USB debugging, enable Full Disk Encryption and keep your handset up-to-date.Update: Google has responded by emphasizing that it's only users of rooted devices who are at risk. In a statement to TNW it said: "We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone."[Thanks to everyone who sent this in.]
Rumor: Bot farming used to boost App Store ranking, Apple warns of punishment
A Touch Arcade forum user is making allegations that a company is offering to boost the ranking of free App Store apps using bots. According to "walterkaman," the unnamed company will set up automated, repeated downloads of a client's app in order to push it into Apple's Top Free charts. A representative from the shady ad company pointed out eight games on the Top 25 Free chart that were promoted in this manner, walterkaman said.The company was not named, and the forum user's story remains unverified. However, Apple is definitely upset about some kind of chart manipulation on the App Store. In a brief update on the Apple Developer site, the company warned developers against using ad services that guarantee placement. "Even if you are not personally engaged in manipulating App Store chart rankings or user reviews, employing services that do so on your behalf may result in the loss of your Apple Developer Program membership."
Apple warns of crackdown on App Store rankings manipulation
Apple has issued a reminder to developers that it will not tolerate use of third party services to manipulate app rankings in the App Store. "When you promote your app, you should avoid using services that advertise or guarantee top placement in App Store charts," the reminder states. "Even if you are not personally engaged in manipulating App Store chart rankings or user reviews, employing services that do so on your behalf may result in the loss of your Apple Developer Program membership." This reminder could very well be in response to a well-trafficked post in Touch Arcade where an iOS developer revealed that an ad network guaranteed his app placement in the top 25 apps in exchange for $5000. This third-party service allegedly employs bots to automatically download the targeted app multiple times, automatically increasing the app's ranking and granting the app greater exposure to potential human downloaders. 8 of the top 25 apps were allegedly developed by clients of this bot service. If true, this represents a serious problem to the legitimacy of App Store rankings, and it's therefore no wonder that Apple is reminding developers of its aggressive stance on the issue.
Olympus turns to Sony to help it get its feet back on the ground (updated)
Olympus might have some good news soon: it might have found a hero to rescue it from its woes. The "troubled" (read: it hid $1.7 billion worth of accounting losses, was nearly de-listed from the Tokyo Stock Exchange and is currently suing its leadership team for fraud) company is reportedly about to negotiate a capital-and-business alliance with Sony. The TSE gave the optics-maker three years to clean up its act, which it's hoping Big S (that already owns a 0.03 percent stake in the company) will assist with some know-how, a big pot of cash, and maybe loaning them a competent accountant, or something. Whatever happens, the rumors are that all will be revealed at a press conference next week, we're just hoping Will Smith turns up to announce it. Update: The Nikkei is reporting that Sony could be interested in buying up between 20 and 30 percent of Olympus in order to get at its medical imaging business. It also mentioned that it's not a done-deal just yet, Fujifilm and (medical gear maker) Terumo are still circling in the hope of biting off a piece of the action.
Olympus sues its own president, executives over accounting scandal
Remember that super crazy Olympus accounting scandal we told you about a couple of weeks back? Yeah, well, it just got a lot crazier. The camera maker filed suit in Japan yesterday against its own president, Shuichi Takayama and 18 other past and present executives over the deal in which it worked to conceal $1.7 billion in loses. On top of that, current board members have agreed to resign, moving aside for investors to vote on new management for the company.
Google pulls Android Market malware that exploits SMS hole
Google's reportedly pulled 22 malicious apps after two security firms tipped them off that the malware was tricking users into sending SMS messages to premium-rate phone lines. Android.RuFraud poses as popular games like Angry Birds, Assassins Creed or Tetris and can affect users across Europe and Russia. Fortunately the apps are easily spotted and deleted, but were downloaded 14,000 times before being pulled -- so if you see anyone experiencing similar issues, you can let 'em know how to solve it.
Massachusetts Attorney General investigating iTunes scams
We get several emails every week from readers claiming to have been hit with fraudulent charges on their iTunes accounts. It seems as though scammers have found a neatly exploitable hole in iTunes accounts, but they may have bitten off more than they can chew with their latest victim. Massachusetts Attorney General Martha Coakley said her stolen credit card info was recently used to make fraudulent purchases on iTunes, and she wants answers from Cupertino. According to Threat Post, after having her credit card info stolen during a New Hampshire skiing trip, the thieves tried to purchase a laptop from Dell, who noted the transaction was fraudulent and contacted Coakley about it. Apple was not so diligent; thieves quickly emptied Coakley's account via iTunes transactions. While Coakley's response (seeking answers from Apple) may seem a bit reactionary at first, the slow trickle of reports we've received over the months concerning fraudulent iTunes purchases signifies that this problem is far greater in scope than one person's stolen credit card. We keep hearing the same stories again and again: "Purchases showed up on my account that I had nothing to do with. Apple hasn't gotten back to me. What do I do?" It's been happening often enough that there's clearly a real issue, and it's something that Apple, as operator of one of the world's largest repositories of credit card info, has a responsibility to address.
Got acne? There used to be an app for that
The iPhone is pretty special, but apparently its magic does not extend to curing blemishes. The Federal Trade Commission has reached a settlement with the developers of AcneApp. The marketers of the app claimed that it "was developed by a dermatologist.... A study published by the British Journal of Dermatology showed blue and red light treatments eliminated p-acne bacteria (a major cause of acne) and reduces [sic] skin blemishes by 76%." There were approximately 11,600 downloads of AcneApp from the iTunes store, where it sold for $1.99. The FTC charged the acne treatment claims made for both the iPhone and a similar Android app were unsubstantiated. It also charged that the marketers of AcneApp falsely claimed that the study in the British Journal of Dermatology proves that blue and red light therapy, such as the type provided by AcneApp, is an effective acne treatment. Our own Chris Rawson was pretty sure the iPhone's oleophobic screen would take care of acne on its own, but apparently it is only good at resisting greasy fingerprints and ear wax. A couple of mysteries here: First, how did this kind of snake oil make it past the iPhone app store vetting, and why on earth did 11,600 people download it? Just thinking about this makes my face itch. Oh, if you still need some kind of acne fix, there is a free app called Acne Eraser that will gives you info and tips on getting rid of the facial blight. For our more light-hearted readers there is a free iOS game called Pimple Popper. You can figure out the rest. As they say, once you pop, you cannot stop.
Black Hat hackers demo Square card skimmer, feed it stolen credit card numbers
Here's some more fun out of Vegas, this time involving Jack Dorsey's Square and a little thing we like to call credit card fraud. Researchers from Aperture Labs (seriously) held two demonstrations at the Black Hat Conference. The first used a script, written by Adam Laurie, to convert stolen credit card data into a series of audio tones that were then fed to the Square app via the headphone jack on a phone -- removing the need to have a physical card. A second avenue of fraud, also using code authored by Laurie, turned the Square dongle into a skimmer. It intercepted incoming data, which is unencrypted, and spit out human readable numbers that could easily be used to clone a card. New hardware that encrypts information pulled from the magnetic strip is in the pipeline but, until then, it seems everyone's favorite smartphone-based payment service has some troublesome holes to fill.
Netswipe turns your webcam into a credit card reader, brings POS payments to the desktop
Credit card fraud costs the banking industry billions of dollars every year, and with companies yet to find an entirely secure system for processing payments online, there's no end in sight for unauthorized transactions. Jumio hopes to bring both security and convenience to the world of online payments, however, with its webcam-based Netswipe secure card reader solution. The system replicates the point of sale (POS) transactions you experience when making in-store purchases, prompting cardholders to scan the front on their credit card, then enter their CVV code using a tamperproof mouse-controlled interface. We're not sure how the software is able to distinguish a physical credit card from, say, a photocopy of a card, but it certainly sounds more secure than the standard input form we use today. It also reduces card number theft from insecure forms and website spoofing, by verifying details through a live video stream. Jump past the break for the full press release, along with video overviews of Netswipe and Jumio, which recently secured $6.5 million in initial funding and is backed by Facebook co-founder Eduardo Saverin.
iTunes fraud surge hits gift card balances, PayPal accounts
The frustration and questions surrounding iTunes App Store purchase fraud are (unfortunately) continuing. Over the past three weeks, we've received several first-hand reports of accounts with positive gift card balances being unexpectedly drained; often the charges are for in-app purchases for apps such as Section8's World War, Sega's Kingdom Conquest or Kamagames' Texas Poker. Even as Apple is pushing forward with iCloud, questions remain about the security and safety of those millions of accounts. You can read the examples on Apple's discussion boards (stretching from November of 2010 until this week), a series of posts over at Betanews, or coverage at PC Pro -- but many of the stories are similar to the one below. Users who funded their accounts with gift cards saw those balances chewed through with unauthorized purchases; one user with PayPal funding for his account saw over $500 in fake purchases. The in-app buys were for apps the users never downloaded; most claim that their passwords were never compromised and only used for iTunes. Even if phishing or password compromises can explain some of the purchases, it's hard to imagine that all of these accounts were cracked. Here's our first example, from mid-May. If you have similar instances, let us know in the comments or send us a tip. We're asking Apple's media team for answers, if there are any to be had. I bought a $15 iTunes gift card from Apple so I could buy a chat app (Verbs). I also purchased some other apps (Monopoly, mostly because it's cheap, Bumpy Road and loaded a few free apps) which left me with roughly $7-ish dollars remaining in my account. On 5/19, the following happened: I noticed that my store credit had decreased to 51 cents when I went to purchase another app, but thought nothing of it. Actually, my initial thought was maybe a purchase from the past had caught up with me. I wasn't sure. Later that evening I received an iTunes receipt email to the tune of a $99 in-app purchase for a game called "World War". I immediately tweeted about the issue and changed my password. From that I was able to glean info that the app was purchased on 5/18 at 7:59pm. A free app called World War and then a $99 in-app purchase for "1700 honor points." The strange thing is I've never downloaded nor purchased this app myself, it doesn't even exist on my device so this is not a case of the smurf-berries. I emailed Apple support and went to bed because their human-powered support line was closed by 10:30p. Today I called Apple support and was on the line with them for close to 30-40 minutes. I explained everything above to the support person, who at the same time was IM'ing his iTunes store support contacts. They asked me when I had purchased the gift card, I told them at/around the 13th and what my first and last purchase was. I told them the first purchase was for Verbs, the last was Bumpy Road. They investigated further and noticed that prior to the free app + in-app purchase that two $50 store credits were put into my account. At which point the free app was "purchased" along with the in-app purchase of $99 (which equaled to $108 with tax). This raised a flag with them and their Support Manager and they immediately froze my account and escalated my case to Apple's Fraud Dept. The support person says this was the fastest occurrence of this that he has ever seen and he along with others had to deal with the Smurfs case. I'm convinced that they will refund the $7-ish dollars that was there before and they mentioned that the account should only be closed for 24-48 hours. During this time they will be investigating this issue and trying to piece together this on their end. Right now I'm less concerned with the refund and MORE concerned with the app developer and whatever scheme is going on. As for the advice they gave me, basically to change my password (yadda, yadda) and turn off in-app purchases in Settings. They could not, however, explain to me how a free app + in-app purchase was associated with my account. The developer of the app, Section8, are the same outfit who were sued over stealing user data.* A second example, this one featuring multiple PayPal charges totaling over $500: I basically started receiving emails from PayPal saying "You have just sent $44.95 to iTunes" and I was shocked because I did not buy anything. I immediately logged into PayPal and cancelled my payment agreement with iTunes. I received 11 charges of $44.95 each. I have filed a complaint with iTunes and PayPal but I have not received any reply yet. From what I read online, it seems like it is not clear if iTunes has been hacked or if the Sega software used for the hack (which I never downloaded) has been compromised. I never had the feeling that my account had been compromised before. Everything worked perfectly fine, never had strange emails, phishing attempts, etc. Our final report, with gift card balances being drained: Shortly after loading $50 of gift card credit on my itunes account, a remaining balance of $37 (after some earlier purchases) was wiped out by Kamagames Texas Poker chips. I googled the problem and it seems like many many people have experienced the same thing, and a snotty response from Apple about it as well. Everyone affected seems to have been gift card users, or those with a positive itunes balance, rather than money being charged to a credit card. I don't understand how this kind of fraud is being perpetrated but I am angry with Apple for not coming clean about it and explaining the problem given that it clearly seems something more specific than stolen usernames and passwords... The forum linked above is just one of many reporting this issue which seems to have started earlier this month.
Apple a part of $75B civil rights, fraud lawsuit
Apple is a defendant in an unusual lawsuit that accuses the company of "outrageous and reckless and extreme acts against the plaintiff, with the massive theft of the plaintiff's copyrighted works, grossing millions if not billions of dollars." The plaintiff, David Louis Whitehead, filed his claim in US District Court in the Western District of Arkansas and is asking for US$75 billion in relief and another $5 billion in damages. Whitehead has a long list of earlier lawsuits and cites many of these cases in this current filing. The suit takes a turn for the weird when you look at the eclectic group of defendants cited by Whitehead. The list contains businesses, celebrities, banks and Hollywood studios. Even the current President and former Presidents of the United States were cited because they supposedly appointed judges to thwart Whitehead's legal actions. Besides Apple, Whitehead also lists Oprah Winfrey, Mike Meyers, Mel Gibson, Viacom, Disney, Bank of America, Comcast, Microsoft and more in this frivolous lawsuit. The reasons for Apple's inclusion in this lawsuit were not mentioned, and Apple has not commented on this lawsuit. [Via MacObserver]
FBI raids University of Michigan apartment over possible WoW fraud
A University of Michigan student apartment became the focus of a recent investigation by the FBI, which conducted a raid on March 30th over "potentially fraudulent sales or purchases of virtual currency that people use to advance in the popular online role-playing game World of Warcraft." While the FBI did not make any arrests, it did confiscate several items, including computers, video game equipment, and credit cards. The Bureau is checking out whether one or both of the students were involved in a fraudulent scheme to buy or sell virtual gold, and the agency is looking for online transaction records with various online banks and websites. The two students who share the apartment claim that they do not play WoW and are confident that they are innocent. One of the unnamed students commented: "They thought we were involved in some kind of fraud. I'm pretty sure they have the wrong people, but they took all my stuff."
Former Apple employee admits he sold confidential info, cost the company in excess of $2 million
Paul Devine, the man who last August collected a pretty lengthy list of charges against his name from the FBI and IRS -- which collectively amounted to an accusation of "screwing Apple" -- has now admitted his guilt. Specifically, Devine has fessed up to wire fraud, conspiracy and money laundering, in which he engaged while exchanging confidential information about upcoming Apple products for cold hard cash from interested parts suppliers. He's now having to forfeit $2.28 million in money and property that resulted from his nefarious exploits, with sentencing scheduled for June 6th. Devine's lawyer is quoted as saying he's a "good man who made a mistake, and now he's trying to make amends." Indeed, the mistake of getting caught and the amends of trying not to go to prison. Jump past the break for a full statement on the matter from the US Department of Justice.
Perpetuum reels from robot insurance fraud
In an MMO so dependent on its economy, it's crucial to keep a tight rein on the flow of money so that the whole mechanism doesn't spin out of control. Unfortunately, it appears this started to happen in the relatively new Perpetuum when a number of profiteers began to unbalance the economy by manipulating the market on insured robots. According to a Perpetuum dev blog, the fraud came about when players figured out how to game the insurance system. The game's robots are insured not according to a fixed amount, but in relation to the global market average. Developer "Zoom" explains what happened next: "Due to some additional flaws in the mechanism, with good skills and good facilities it became very profitable to manufacture robots with the sole purpose of insuring them and blowing them up as soon as they roll out of the factory." While the dev team initially sanctioned the action as part of a free market economy, this post represents a changed stance toward such practices. Players have written to Massively telling of how their wallets were sucked completely dry by the company after months of what they assumed to be legitimate market techniques. The team retrieved over a billion NIC (Perpetuum's currency) from players and called out a number of corporations involved in these actions. Ultimately, the team elected not to ban any of the associated parties for the time being. Instead, all players should be seeing a modified version of this insurance feature within the week. [Thanks for all the tips sent in on this one!]
iTunes gifting grifter cleaning out British bank accounts
On January 25th, The Register reported that one unlucky bloke saw his bank account emptied through a series of iTunes monthly gift purchases sent to an unknown Hotmail account. He was informed of the theft by an e-mail from Apple, saying his gift purchase had been confirmed, but alas, he'd already been taken to the tune of £1,000. It's been over a week since the story appeared, but accounts continue to pour into an Apple customer support forum, echoing the accusations made to The Register -- and, boy are people mad. Apparently, customers seeking Apple's help have received a pat response that sounds awfully familiar: cancel your credit card and report the charges to your bank. We've yet to hear of this happening anywhere outside the UK, but we're still interested to see how the great iTunes heist shakes out. If a suspicious Hotmail account is sucking you dry, we want all the sordid details.
Organized ring charged with using fake credit cards at Apple Stores
Prosecutors in New York City have charged 27 people with organizing and running a ring of credit card fraud that was used to rip off Apple Stores around the United States. The thieves were able to buy over $1 million of Apple gear by obtaining stolen credit card numbers and manufacturing IDs and credit cards to go along with them, which were then used to simply purchase computers and devices straight from Apple. Those devices were then sold through a fence in Brooklyn, NY. NPR also says that three guns, $300,000 in cash and various bank accounts were seized during the investigation, which apparently went on so long that even when the original ringleader was arrested and placed in jail, he passed messages to his girlfriend about how to keep the ring going. The charges filed involve incidents from June 2008 up to last December, so like a lot of other Apple-related thefts we've seen, the items "purchased" were likely iPhones, iPads and MacBooks. [via MacObserver]
