Sunday, July 20, 2003

Uh Oh!
Kevin Poulsen reports on the Kinko's Keystroke Caper:
If you used a computer at a Kinko's in New York City last year, or the year before, there's a good chance that JuJu Jiang was watching.

The 25-year-old Queens resident pleaded guilty in federal court in New York last week to two counts of computer fraud and one charge of unauthorized possession of access codes for a scheme in which he planted a copy of the commercial keyboard sniffing program Invisible KeyLogger Stealth on computers at thirteen Kinko's stores sprinkled around Manhattan.

For nearly two years ending last December, Jiang's makeshift surveillance net raked in over 450 online banking passwords and user names from hapless Kinko's customers, according to the plea. He would use victims' financial information to open new accounts under their names, and then siphon money from their legitimate accounts into the new, fraudulent ones.

According to court records, the caper began unraveling last October, when Jiang had the bad luck to use a stolen GoToMyPC account to remotely control a victim's home computer while the victim was sitting in front of it. The victim, unnamed in court filings, watched as the PC's cursor began moving of its own accord, riffling through files, opening a browser window, and then establishing an account with online money transfer site Neteller.com under the victim's name. The victim had logged into the machine through GoToMyPC from a Kinko's on Seventh Avenue a few days earlier.
That would make you a tad suspicious.