blackmail / real world stego use

Barry Wels b.wels at nah6.com
Fri Aug 22 18:00:11 EDT 2003 

Hi,

So far I have only found one English item in the news about this.

http://www.expatica.com/index.asp?pad=2,18,&item_id=33655

So let me translate some of the dutch information about this
interesting case :

A 45-year old chip designer from Utrecht was arrested June 3.
He confessed to have tried to blackmail the 'Campina' food company.
He had threatened to poison their products, and demanded 200.000 euro.
---
The most remarkable thing about this case is however how he
communicated with Campina, and how he thought to receive the money.

He forced Campina to open a bank account, and get a 'world card' with
it. Then they had to deposit 200.000 Euro on it (about 185.000
US dollar). He ordered them to buy a credit card reader, and read the
information off the magnetic-stripe of the 'world card'.
Then they had to send him the output of the card reader, together with
the pin code. With this information, he then could create a copy of
the 'world card' using a card-writer and a blank card.

To send him the information, he made them use steganography!
Campina received an envelope via snailmail containing a floppy with a
stego program and instructions.
They had to encode the 'world card' info into a picture of a red VW
golf, using the stego program, and a fixed crypto key that was
included in the envelope.
Finally, they had to place the picture in a fake add on a website
where large amounts of people sell/buy second hand cars.
He would then read the add, and make a copy of the picture.
Decode the stego info out of it, write his own copy of the card,
and withdraw money. Without ever having personal contact with Campina
(or the police). To be real clever, he did not approach the website
with the car adds directly. Police found out the add was approached
trough a US anonymizer called SURFOLA.com. SURFOLA.com claims on their website :
"We will not give out your name, residence address, or e-mail address
to any third parties without your permission, for any reason, at any
time, ever."

The Utrecht police informed the FBI, and asked for assistance. Within
24 hours, the FBI cracked the case, supplying the Dutch police with
a '@wxs.nl' e-mail address and some paypal.com financial data.
This data led to the 45 year old chip programmer.
After his identity was known, the police ofcourse started surveillance on
him. The 'desert terrorist' was arrested red-handed when he withdrew money
from an ATM using the world-card copy....
---

Greetings,

Barry Wels.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list