eBay PayFlow Checkout, Hacker Approved?? 26 March 2009 EventHorizon1984
eBay plans to deactivate 3rd party checkout around June 2009. Meaning eBay Sellers with Merchant Accounts (using 3rd party checkout), allowing non-PayPal credit card payments, are required to sign up for a mandatory PayFlow account beginning March 1st 2009.
Well an event that appears interestingly timed with eBay's new PayFlow checkout occurred. It appears that someone may have conducted the first large scale test of the vulnerability of eBay's new eBay/PayFlowcheckout.
"There were several disturbing characteristics of this attack. It appears that scammers could use bogus information (including email address, physical address, and phone number) to send payments with credit cards that were, one would conclude, compromised or stolen. In some of those cases, it seems PayPal failed to identify them as suspicious to the merchant in a timely fashion."
"But we know that when one incident surfaces, they are bound to be followed by more, so keep an eye out for strange activity in your PayPal account, and keep a close eye on your credit cards!"
Not that we find this surprising.
Look up active registered eBay Developer spopa2006 ( 3 ) sometime, as we blog back in time.
"According to the affidavit, Popa was sentenced to 71 days in jail in Michigan in 2006 after being charged for using a hijacked eBay account to defraud someone into paying $1,448 for an item that didn't exist."
Remember, eBay code monkeys and Developers are working on and implementing software to allow buyers to input their credit card information directly on the eBay site and through eBay owned PayPal/PayFlow.
Hey there. I wrote a similar project in C++ by using pointers. However, the implemented network interface i used in C++ is no longer supported and I am not a C# guru as I am in c++. Tell me whether or not you got your solution. You can email me at [email protected]
"A Romanian immigrant was indicted Tuesday in federal court in Minneapolis on charges that he operated a computerized "phishing" scheme for several years that raked in financial records and personal identification from thousands of individuals, including many from Minnesota."
"Sergiu Daniel Popa, 20, of Shelby Township, Mich., was indicted on three counts of possessing 15 or more devices designed to collect data on the Internet without authorization, and three counts of aggravated identity theft."
"According to {FBI Special Agent Theodore} Theisen's affidavit and the indictment:"
"Popa had more than 7,000 identities of victims of various phishing schemes, together with bank account, credit card and Social Security numbers, and passwords for some eBay, online banking and e-mail accounts. He offered to sell the stolen information to others."
"Popa was convicted of larceny by conversion on June 12, 2006, stemming from a case in Saline, Mich. He was accused of using a hijacked eBay account to trick an individual into sending him $1,448 to buy a product that didn't exist. He served 71 days, Theisen said."
spopa2006 (2 ) View Listings | Report Jun-26-07 13:34 PDT 3 of 3 Listen guys. I am Sergiu D. Popa. I am that horrible guy!
Now let me make things a bit clear for you. First and foremost, I think that the Feds are a bit mentally challenged to put me behind bars because I have access to a lot of databases and I can predict every single move one tries to make against me.
And by the way, employing the described techniques by the newspaper article I successfully obtained about 1.1 Million dollars. I never run a Western Union Scheme as the newspaper says. I run an insurance scheme and therefore there shouldn't be any complaints. Insurances have plenty of money.
They also fail to mention in the newspapers reports who I really am in terms of my education and my real story. If you would really know my background and my level of education, you would probably realize that I can listen to your phone conversation, or maybe take a refinance loan on your house without you knowing. I am really appalled by the fact that you guys are making such comments on my behalf. Who are you to judge me? You guys make me laugh.
They also failed to say that I used to work as a mortgage broker and I regret the mistakes I made by scamming insurance companies but I was only 16 at the time I was doing it. I also offered to pay restitution to the Government. However, they always have to win, and they will never accept restitution because they want to prosecute me.
I have also seen a newspaper article where I was described as speaking a broken English. Let's analyze that for a second. At 14 I was teaching Differential Equations and Mechanics at a 4 yr college in New Hampshire, and by the time I was 15 I graduated high school. I am not a wannabe. As a matter of fact, I think I read more books in my life than the whole FBI Minnesota office. If the newspapers are going to write an article about me, I ask them to tell the whole truth. Call my college professors and ask them who I really am.
I know FBI, NASA, BOP and all those other government bonehead agencies are not happy when a kid who immigrated from another country penetrates their systems, but such is life. Get used to it. If in this life, we would all have an equal level of intelligence the world would come to an end. But how would you guys know that? I bet you guys never actually read a sociology, philosophy or psychology book and actually made something out of it.
But here is a warning to everybody who will post bogus information about me:
I will make your life a hell. Do not test me. Do not post information that is not accurate. I already have enough bad publicity and I do not want more. I want to be left alone.
This also applies to the Feds. I have been a nice guy with you, but once again, you are not smart enough to catch me for one, and I would really hate to see you guys back to stone age. How much would the Feds loose if one of their databases were to be completely deleted?
I am not an evil person, but I could be if I wanted to. Let's all live in peace and harmony. Mind your own business and I will mind my own.
Very Truly Yours, Sergiu D. Popa
.
spopa2006 (2 ) View Listings | Report Jun-26-07 23:56 PDT 5 of 5 Why would you think it is a joke? Better yet, what are the reasons for which you think this is a joke?
"Sergiu Daniel Popa, who for the past seven years has lived in New York and Michigan, pleaded guilty in federal court in Minneapolis to two felonies related to the scheme. He faces a maximum of 10 years in federal prison and a fine of $500,000. Sentencing has not yet been scheduled."
"According to Popa's plea agreement, the scheme snagged the identities of 7,000 individuals who suffered a net loss of about $700,000. When his house was searched earlier this year, authorities found a machine for imprinting graphics on blank plastic cards, foil ribbons for making holographic images that appear on finished cards, blank cards, and partially created fraudulent drivers' licenses."
Popa also possessed pre-built websites spoofing the online destinations of multiple financial institutions, such as PayPal, SunTrust Bank, and CitiBank, according to an affidavit filed in the case. He offered to sell phishing kits with step-by-step instructions for $1,500 and software and hardware capable of counterfeiting credit cards.
According to the affidavit, Popa was sentenced to 71 days in jail in Michigan in 2006 after being charged for using a hijacked eBay account to defraud someone into paying $1,448 for an item that didn't exist.
eBay PayFlow Checkout, Hacker Approved?? 26 March 2009 EventHorizon1984
eBay plans to deactivate 3rd party checkout around June 2009. Meaning eBay Sellers with Merchant Accounts (using 3rd party checkout), allowing non-PayPal credit card payments, are required to sign up for a mandatory PayFlow account beginning March 1st 2009.
Well an event that appears interestingly timed with eBay's new PayFlow checkout occurred. It appears that someone may have conducted the first large scale test of the vulnerability of eBay's new eBay/PayFlowcheckout.
"There were several disturbing characteristics of this attack. It appears that scammers could use bogus information (including email address, physical address, and phone number) to send payments with credit cards that were, one would conclude, compromised or stolen. In some of those cases, it seems PayPal failed to identify them as suspicious to the merchant in a timely fashion."
"But we know that when one incident surfaces, they are bound to be followed by more, so keep an eye out for strange activity in your PayPal account, and keep a close eye on your credit cards!"
Not that we find this surprising.
Look up active registered eBay Developer spopa2006 ( 3 ) sometime, as we blog back in time.
"According to the affidavit, Popa was sentenced to 71 days in jail in Michigan in 2006 after being charged for using a hijacked eBay account to defraud someone into paying $1,448 for an item that didn't exist."
Remember, eBay code monkeys and Developers are working on and implementing software to allow buyers to input their credit card information directly on the eBay site and through eBay owned PayPal/PayFlow.
Hey there. I wrote a similar project in C++ by using pointers. However, the implemented network interface i used in C++ is no longer supported and I am not a C# guru as I am in c++. Tell me whether or not you got your solution. You can email me at [email protected]
"A Romanian immigrant was indicted Tuesday in federal court in Minneapolis on charges that he operated a computerized "phishing" scheme for several years that raked in financial records and personal identification from thousands of individuals, including many from Minnesota."
"Sergiu Daniel Popa, 20, of Shelby Township, Mich., was indicted on three counts of possessing 15 or more devices designed to collect data on the Internet without authorization, and three counts of aggravated identity theft."
"According to {FBI Special Agent Theodore} Theisen's affidavit and the indictment:"
"Popa had more than 7,000 identities of victims of various phishing schemes, together with bank account, credit card and Social Security numbers, and passwords for some eBay, online banking and e-mail accounts. He offered to sell the stolen information to others."
"Popa was convicted of larceny by conversion on June 12, 2006, stemming from a case in Saline, Mich. He was accused of using a hijacked eBay account to trick an individual into sending him $1,448 to buy a product that didn't exist. He served 71 days, Theisen said."
spopa2006 (2 ) View Listings | Report Jun-26-07 13:34 PDT 3 of 3 Listen guys. I am Sergiu D. Popa. I am that horrible guy!
Now let me make things a bit clear for you. First and foremost, I think that the Feds are a bit mentally challenged to put me behind bars because I have access to a lot of databases and I can predict every single move one tries to make against me.
And by the way, employing the described techniques by the newspaper article I successfully obtained about 1.1 Million dollars. I never run a Western Union Scheme as the newspaper says. I run an insurance scheme and therefore there shouldn't be any complaints. Insurances have plenty of money.
They also fail to mention in the newspapers reports who I really am in terms of my education and my real story. If you would really know my background and my level of education, you would probably realize that I can listen to your phone conversation, or maybe take a refinance loan on your house without you knowing. I am really appalled by the fact that you guys are making such comments on my behalf. Who are you to judge me? You guys make me laugh.
They also failed to say that I used to work as a mortgage broker and I regret the mistakes I made by scamming insurance companies but I was only 16 at the time I was doing it. I also offered to pay restitution to the Government. However, they always have to win, and they will never accept restitution because they want to prosecute me.
I have also seen a newspaper article where I was described as speaking a broken English. Let's analyze that for a second. At 14 I was teaching Differential Equations and Mechanics at a 4 yr college in New Hampshire, and by the time I was 15 I graduated high school. I am not a wannabe. As a matter of fact, I think I read more books in my life than the whole FBI Minnesota office. If the newspapers are going to write an article about me, I ask them to tell the whole truth. Call my college professors and ask them who I really am.
I know FBI, NASA, BOP and all those other government bonehead agencies are not happy when a kid who immigrated from another country penetrates their systems, but such is life. Get used to it. If in this life, we would all have an equal level of intelligence the world would come to an end. But how would you guys know that? I bet you guys never actually read a sociology, philosophy or psychology book and actually made something out of it.
But here is a warning to everybody who will post bogus information about me:
I will make your life a hell. Do not test me. Do not post information that is not accurate. I already have enough bad publicity and I do not want more. I want to be left alone.
This also applies to the Feds. I have been a nice guy with you, but once again, you are not smart enough to catch me for one, and I would really hate to see you guys back to stone age. How much would the Feds loose if one of their databases were to be completely deleted?
I am not an evil person, but I could be if I wanted to. Let's all live in peace and harmony. Mind your own business and I will mind my own.
Very Truly Yours, Sergiu D. Popa
.
spopa2006 (2 ) View Listings | Report Jun-26-07 23:56 PDT 5 of 5 Why would you think it is a joke? Better yet, what are the reasons for which you think this is a joke?
"Sergiu Daniel Popa, who for the past seven years has lived in New York and Michigan, pleaded guilty in federal court in Minneapolis to two felonies related to the scheme. He faces a maximum of 10 years in federal prison and a fine of $500,000. Sentencing has not yet been scheduled."
"According to Popa's plea agreement, the scheme snagged the identities of 7,000 individuals who suffered a net loss of about $700,000. When his house was searched earlier this year, authorities found a machine for imprinting graphics on blank plastic cards, foil ribbons for making holographic images that appear on finished cards, blank cards, and partially created fraudulent drivers' licenses."
Popa also possessed pre-built websites spoofing the online destinations of multiple financial institutions, such as PayPal, SunTrust Bank, and CitiBank, according to an affidavit filed in the case. He offered to sell phishing kits with step-by-step instructions for $1,500 and software and hardware capable of counterfeiting credit cards.
According to the affidavit, Popa was sentenced to 71 days in jail in Michigan in 2006 after being charged for using a hijacked eBay account to defraud someone into paying $1,448 for an item that didn't exist.
eBay PayFlow Checkout, Hacker Approved??
eBay PayFlow Checkout, Hacker Approved??
26 March 2009
EventHorizon1984
eBay plans to deactivate 3rd party checkout around June 2009. Meaning eBay Sellers with Merchant Accounts (using 3rd party checkout), allowing non-PayPal credit card payments, are required to sign up for a mandatory PayFlow account beginning March 1st 2009.
Well an event that appears interestingly timed with eBay's new PayFlow checkout occurred. It appears that someone may have conducted the first large scale test of the vulnerability of eBay's new eBay/PayFlow checkout.
Cyber Attack: Unsolicited, Unstoppable PayPal Payments
By: Ina Steiner
Wed Mar 18 2009 22:42:14
Not that we find this surprising.
Look up active registered eBay Developer spopa2006 ( 3 ) sometime, as we blog back in time.
Remember, eBay code monkeys and Developers are working on and implementing software to allow buyers to input their credit card information directly on the eBay site and through eBay owned PayPal/PayFlow.
So your credit card can be safe.
"What's in Your wallet?"*
* What can we say, we like the Capital One commercials.
//
spopa2006
Re: Mail address of an ebay User ?
Posted: Jun 7, 2007 12:41 AM
Hey there. I wrote a similar project in C++ by using pointers. However, the implemented network interface i used in C++ is no longer supported and I am not a C# guru as I am in c++. Tell me whether or not you got your solution. You can email me at [email protected]
//
Suspect in 'phishing' scheme indicted
A Romanian immigrant is accused of using e-mails to dupe thousands of people into sharing financial records.
By Dan Browning, Star Tribune
Last update: June 20, 2007 – 9:55 PM
"Popa had more than 7,000 identities of victims of various phishing schemes, together with bank account, credit card and Social Security numbers, and passwords for some eBay, online banking and e-mail accounts. He offered to sell the stolen information to others."
//
From eBay Stores Forum
Phisher Indicted - check out this article
spopa2006 (2 ) View Listings | Report Jun-26-07 13:34 PDT 3 of 3
Listen guys. I am Sergiu D. Popa. I am that horrible guy!
Now let me make things a bit clear for you. First and foremost, I think that the Feds are a bit mentally challenged to put me behind bars because I have access to a lot of databases and I can predict every single move one tries to make against me.
And by the way, employing the described techniques by the newspaper article I successfully obtained about 1.1 Million dollars. I never run a Western Union Scheme as the newspaper says. I run an insurance scheme and therefore there shouldn't be any complaints. Insurances have plenty of money.
They also fail to mention in the newspapers reports who I really am in terms of my education and my real story. If you would really know my background and my level of education, you would probably realize that I can listen to your phone conversation, or maybe take a refinance loan on your house without you knowing. I am really appalled by the fact that you guys are making such comments on my behalf. Who are you to judge me? You guys make me laugh.
They also failed to say that I used to work as a mortgage broker and I regret the mistakes I made by scamming insurance companies but I was only 16 at the time I was doing it. I also offered to pay restitution to the Government. However, they always have to win, and they will never accept restitution because they want to prosecute me.
I have also seen a newspaper article where I was described as speaking a broken English. Let's analyze that for a second. At 14 I was teaching Differential Equations and Mechanics at a 4 yr college in New Hampshire, and by the time I was 15 I graduated high school. I am not a wannabe. As a matter of fact, I think I read more books in my life than the whole FBI Minnesota office. If the newspapers are going to write an article about me, I ask them to tell the whole truth. Call my college professors and ask them who I really am.
I know FBI, NASA, BOP and all those other government bonehead agencies are not happy when a kid who immigrated from another country penetrates their systems, but such is life. Get used to it. If in this life, we would all have an equal level of intelligence the world would come to an end. But how would you guys know that? I bet you guys never actually read a sociology, philosophy or psychology book and actually made something out of it.
But here is a warning to everybody who will post bogus information about me:
I will make your life a hell. Do not test me. Do not post information that is not accurate. I already have enough bad publicity and I do not want more. I want to be left alone.
This also applies to the Feds. I have been a nice guy with you, but once again, you are not smart enough to catch me for one, and I would really hate to see you guys back to stone age. How much would the Feds loose if one of their databases were to be completely deleted?
I am not an evil person, but I could be if I wanted to. Let's all live in peace and harmony. Mind your own business and I will mind my own.
Very Truly Yours,
Sergiu D. Popa
.
spopa2006 (2 ) View Listings | Report Jun-26-07 23:56 PDT 5 of 5
Why would you think it is a joke? Better yet, what are the reasons for which you think this is a joke?
//
Romanian national cops to $700,000 phishing trip
Who's your underworld Popa?
By Dan Goodin in San Francisco
Posted in Crime, 9th October 2008 18:47 GMT
/*
Technorati Profile
EventHorizon1984 Log
//
Posted at 12:45 in Commentary, eBay, eBay Customer Service, Legal, PayPal | Permalink
Tags: Capital One, checkout, credit card, credit card, Dan Goodlin, eBay, [email protected], gateway, hacker, merchant account, Michigan, PayFlow, PayFlow Pro, payment, payment gateway, PayPal, Popa, Romania, scammer, Sergiu Daniel Popa, Sergiu Popa, spopa2006, Star Tribune, What's In Your Wallet
| Reblog (0)