[IP] blackmail / real world stego use

Dave Farber dave at farber.net
Mon Aug 25 17:35:58 PDT 2003


>Date: Sat, 23 Aug 2003 00:00:11 +0200
>From: Barry Wels <b.wels at nah6.com>
>Subject: blackmail / real world stego use
>Sender: owner-cryptography at metzdowd.com
>To: cryptography at metzdowd.com
>
>
>Hi,
>
>So far I have only found one English item in the news about this.
>
>http://www.expatica.com/index.asp?pad=2,18,&item_id=33655
>
>So let me translate some of the dutch information about this
>interesting case :
>
>A 45-year old chip designer from Utrecht was arrested June 3.
>He confessed to have tried to blackmail the 'Campina' food company.
>He had threatened to poison their products, and demanded 200.000 euro.
>The most remarkable thing about this case is however how he
>communicated with Campina, and how he thought to receive the money.
>
>He forced Campina to open a bank account, and get a 'world card' with
>it. Then they had to deposit 200.000 Euro on it (about 185.000
>US dollar). He ordered them to buy a credit card reader, and read the
>information off the magnetic-stripe of the 'world card'.
>Then they had to send him the output of the card reader, together with
>the pin code. With this information, he then could create a copy of
>the 'world card' using a card-writer and a blank card.
>
>To send him the information, he made them use steganography!
>Campina received an envelope via snailmail containing a floppy with a
>stego program and instructions.
>They had to encode the 'world card' info into a picture of a red VW
>golf, using the stego program, and a fixed crypto key that was
>included in the envelope.
>Finally, they had to place the picture in a fake add on a website
>where large amounts of people sell/buy second hand cars.
>He would then read the add, and make a copy of the picture.
>Decode the stego info out of it, write his own copy of the card,
>and withdraw money. Without ever having personal contact with Campina
>(or the police). To be real clever, he did not approach the website
>with the car adds directly. Police found out the add was approached
>trough a US anonymizer called SURFOLA.com. SURFOLA.com claims on their 
>website :
>"We will not give out your name, residence address, or e-mail address
>to any third parties without your permission, for any reason, at any
>time, ever."
>
>The Utrecht police informed the FBI, and asked for assistance. Within
>24 hours, the FBI cracked the case, supplying the Dutch police with
>a '@wxs.nl' e-mail address and some paypal.com financial data.
>This data led to the 45 year old chip programmer.
>After his identity was known, the police ofcourse started surveillance on
>him. The 'desert terrorist' was arrested red-handed when he withdrew money
>from an ATM using the world-card copy....
>
>Greetings,
>
>Barry Wels.
>
>
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

-------------------------------------
You are subscribed as adam at homeport.org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

----- End forwarded message -----

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





More information about the cypherpunks-legacy mailing list