washingtonpost.com
NEWS | POLITICS | OPINIONS | BUSINESS | LOCAL | SPORTS | ARTS & LIVING | GOING OUT GUIDE | JOBS | CARS | REAL ESTATE |SHOPPING
Rita Brings New Wave of Net Profiteering

By Brian Krebs
washingtonpost.com Staff Writer
Friday, September 23, 2005 4:15 PM

In a spree mirroring the online gold rush that accompanied Hurricane Katrina's landfall and aftermath, online speculators are scooping up hundreds of Hurricane Rita-related Web domain names, and Rita-themed Internet auctions have begun in earnest.

The quick proliferation of questionable activities has spurred the federal government into partnering with Internet service providers, computer security companies and anti-spam groups to shut down and prosecute owners of fraudulent sites, according to several participants in the ad-hoc task force.

Tom Liston, a security consultant with Washington-based Intelguardians.com and an incident handler with the SANS Internet Storm Center, worked with ISPs and law enforcement officials to shut down more than 40 Web sites falsely claiming to raise money to benefit relief organizations helping Hurricane Katrina victims.

Liston began tracking new Web site registrations containing the word "Rita" on Monday. So far, he has found more than 1,100 such sites, and he estimates that a fair number of them will be converted for use in Rita-related fundraising schemes in the coming weeks.

On Thursday, someone began auctioning off a burnt piece of toast with the meteorological symbol for a hurricane and the word "Rita" scraped onto it, promising to donate 40 percent of the final auction price to storm victims. EBay shut down the auction later that day.

Several Rita-related domain names are also for sale on eBay, including one for RitaAid.net that starts the bidding at $10,000. The auction does not claim that any of the proceeds will go to benefit relief efforts.

"I expect we're going to probably see just as many attempts at fraud with Rita as we did with Katrina, and the fact that both of these hurricanes hit at the same time is going to increase amount of scams out there," Liston said. "Because [the hurricane] is such a newsworthy issue and people constantly have this in front of them, unfortunately that's going to help these low-lifes out there to succeed in what they're doing."

Many of the fraudulent Web sites set up after Katrina were not advertised through spam but through online newsgroup postings and other methods less likely to catch the attention of fraud watchers, said Richard Cox, chief information officer for the Spamhaus Project, a junk e-mail fighting group.

Organizations who said they were members of the ad-hoc Rita task force working with the Department of Homeland Security's Computer Emergency Response Center, or US-CERT, include: the SANS Internet Storm Center, the Spamhaus Project, the Anti-Phishing Working Group and San Diego-based Internet security firm Websense Inc.

Officials from the Homeland Security Department did not respond to interview requests for this story.

In Katrina's aftermath, scam artists erected dozens of Web sites asking for PayPal donations but offering little or no information about what they planned to do with the money. As the massive storm neared landfall, registrations of new Internet domain names containing the name "Katrina" skyrocketed, and hundreds of Katrina-related auctions emerged on Ebay that flouted the auction giant's charitable giving rules.

Virus writers also took advantage of public attention to the disaster by e-mailing virus-laden attachments posing as photographs of the storm's devastation.

The scams prompted U.S. Attorney General Alberto Gonzales to outline a series of anti-fraud priorities for the FBI and the Justice Department. State attorneys general in Florida and Missouri also sued people who were fraudulently accepting donations for hurricane victims.

© 2005 The Washington Post Company