The raw data itself — which ranked the Best Recovery users on number of connections they had to other users — was potentially useful, but difficult to parse into meaningful chunks.Oddly enough, as I was poring over that data I heard from Chris Ahlberg, the CEO of Recorded Future Inc., a Cambridge, Mass.The schemes themselves violate Section 419 of the Nigerian criminal code, hence the name. More traditionally, these miscreants pretend to be an employee at a Nigerian bank or government institution and claim to need your help in spiriting away millions of dollars.Nigerian romance scammers often will troll online dating sites using stolen photos and posing as attractive U. Those who fall for the ruses are strung along and milked for increasingly large money transfers, supposedly to help cover taxes, bribes and legal fees.The information leaked from that service has revealed a network of several thousand Nigerian email scammers and offers a fascinating glimpse into an entire underground economy that is seldom explored.At issue is a service named “Best Recovery” (recently renamed Private Recovery).When I first became aware of this business several months ago, I had a difficult time understanding why anyone would pay the to per month fee to use the service, which is visually quite amateurish and kludgy (see screenshot at right).But that was before I shared a link to the site with a grey hat hacker friend, who replied in short order with the entire username and password database of more than 3,000 paying customers.
“While such an invitation impresses most law-abiding citizens as a laughable hoax, millions of dollars in losses are caused by these schemes annually,” the FBI warns.
A closer look at the logs revealed that a huge number of the users appear to be Nigerian 419 scammers using computers with Internet addresses in Nigeria.
Also known as “advance fee” and “Nigerian letter” scams, 419 schemes have been around for many years and are surprisingly effective at duping people. residents working in Nigeria or Ghana, asking for money to further their studies, care for sick relatives, or some such sob story.
New victims are indexed by date, time, Internet address, country, and PC name.
Each keylogger instance lets the user specify a short identifier in the “note” field (failing to manually enter an identifier in the note field appears to result in that field being populated by the version number of the keylogger used).