washingtonpost.com
Web Scammers Strike Before Hurricane Does

By Brian Krebs
Special to The Washington Post
Saturday, September 24, 2005

In a spree mirroring the online gold rush that accompanied Hurricane Katrina, online speculators are scooping up hundreds of Hurricane Rita-related Web domain names, and Rita-themed Internet auctions have begun.

Scammers often use such Web sites to trick people into making donations, authorities said. The quick proliferation of questionable activities spurred the federal government to work with Internet service providers, computer security companies and anti-spam groups to shut down and prosecute owners of fraudulent sites, according to several participants in the ad hoc task force.

The group has already closed more than 40 Web sites falsely claiming to raise money for relief organizations, said Tom Liston, a security consultant with Washington-based Intelguardians.com and an incident handler with the SANS Internet Storm Center, a nonprofit group that tracks online-hacking trends.

Liston began tracking new Web site registrations containing the word "Rita" on Monday and as of yesterday had found more than 1,100 such sites, he said.

On Thursday, someone used eBay to begin auctioning off a burnt piece of toast with the meteorological symbol for a hurricane and the word "Rita" scraped onto it, promising to donate 40 percent of the final auction price to storm victims. EBay shut down the auction later that day.

Several Rita-related domain names were for sale on eBay yesterday, including one for RitaAid.net that started the bidding at $10,000. The auction did not claim that any of the proceeds would benefit relief efforts.

"I expect we're going to probably see just as many attempts at fraud with Rita as we did with Katrina, and the fact that both of these hurricanes hit at the same time is going to increase amount of scams out there," Liston said. "Because [the hurricane] is such a newsworthy issue and people constantly have this in front of them, unfortunately that's going to help these lowlifes out there to succeed in what they're doing."

Organizations that said they were members of the ad hoc Rita task force working with the Department of Homeland Security's Computer Emergency Readiness Team, or US-CERT, include the SANS Internet Storm Center, the Spamhaus Project, the Anti-Phishing Working Group and San Diego Internet-security firm Websense Inc.

Officials of the Homeland Security Department did not respond to interview requests for this story.

After Katrina, scam artists set up dozens of Web sites asking for PayPal donations but offering little or no information about what they planned to do with the money. As the massive neared land, registrations of new Internet domain names containing the name "Katrina" skyrocketed, and hundreds of Katrina-related auctions emerged on eBay that flouted the auction site's rules for charitable giving.

Virus writers also took advantage of the disaster by e-mailing malicious attachments posing as photographs of the storm's devastation.

The scams prompted U.S. Attorney General Alberto R. Gonzales to outline anti-fraud priorities for the FBI and the Justice Department. State attorneys general in Florida and Missouri also sued people who were fraudulently accepting donations for hurricane victims.

Krebs is a staff writer for washingtonpost.com.

© 2005 The Washington Post Company