Hola mis amigos!
Right about now I should be receiving tons of money since I – OK, only in a way, but still – had predicted this week’s greatest online tragedy. Didn’t I tell you that last week’s silence was nothing but an ominous sign of things to come?
I did, didn’t I? And did you listen to me, amigos? I honestly hope so. I hope that you had caught wind of what was going on with Liberty Reserve, the biggest story this week, and took the necessary precautions.
No new programs to introduce this time, amigos. It’s been tough, as you know, so we’re going to concentrate on the Liberty Reserve issue, which is a story that keeps on giving, unfortunately. Let’s go back and see what exactly happened.
We started the week with an article on the possible demise of Liberty Reserve since LR’s website wasn’t working for a couple of days and the rumors about its owner arrest kept on spreading.
LIBERTY RESERVE DEAD, OWNER ARTHUR RUDOVSKY ARRESTED?
First of all, what has to be said is that it’s not the first time such malfunction has appeared. However, usually a similar situation seemed planned, because LR had informed the users beforehand on its blog or, in instances when it was simply an unforeseen fault, such piece of information would appear in a matter of hours. What is different this time is that neither the website, nor the official blog – which, by the way, was not working properly for some time as well – provide us with any kind of update on the situation.
The domain, libertyreserve.com, is practically not even resolving DNS names into the IP addresses.
Here’s the up-to-date whois information:
Domain Name: libertyreserve.com Created On: 2001-07-27 Expiration Date: 2018-07-27
Registered via: XS Global Trade & Service B.V. Registrant Name: Allan Garcia
Registrant Organization: Liberty Reserve S.A. Registrant Street: Edificio 4 Registrant City: Santa Ana Registrant Postal Code: 1000 Registrant Country: cr
Registrant Phone: +506.88462868
Name Server: ns1.sinkhole.shadowserver.org
Name Server: ns2.sinkhole.shadowserver.org
As you can see, what we seem to have here is a major change of DNS servers from dynect.net to sinkhole.shadowserver.org. Furthermore, the owner of the shadowserver.org is The Shadowserver Foundation, which is known as an agency fighting cybercrime. Thus, the question remains, whether the FBI has taken over Liberty Reserve’s domain since such rumours were appearing each time LR failed to perform in the past. Why should it be anything more than gossip this time? Because as soon as LR’s website went down, the news coverage started suggesting that LR’s owner, Arthur Budovsky, was in fact arrested.
According to the sources such as ticotimes.net and teletica.com, as a result of Spanish and Costa Rican police cooperation regarding an investigation into money laundering, Arthur Budovsky was taken into custody on May 24 in Spain. What’s more, as ticotimes.net and teletica.com claim, Budovsky’s Costa Rican estate, offices, servers, documents, computers and telephones were also secured by the police.
The case against Bydovsky, a Costa Rican citizen born in Ukraine, was launched in 2011 by the New York district attorney. Due to the fact that Budovski’s business was supposedly thought to have been financed by child pornography websites and drug trafficking, the major focus seemed to be the payment processor and its financing. What still seems unclear, however, is whether Arthur Budovsky is, in fact, the owner of Liberty Reserve.
We managed to track down an interview dating back to May 20, 2002, conducted by no longer existing service PlanetGold. The interview, Ragnar Danneskjold, talks to a Liberty Reserve representative, that is Arthur Budovsky, who claims to be a single child of a German mother and a Ukrainian father, both of whom had emigrated to the US. One should point out, however, that Ragnar Danneskjöld is a widely recognized ficticious name of a pirate from Ayn Rand famous novel, Atlas Shrugged, a name that also appears in Victor Hugo’s Hans of Iceland. To add to this, according to another no longer existing service,ecommerce-journal.com, Ragnar Danneskjold is actually Vladimir Kats’ pseudonym.
Knowing this, the fact that – as ticotimes.net reports – according to US Department of Justice, on July 27, 2006 Budovsky and his partner, identified as Vladimir Kats, were accused by the state of New York of conducting illegal financial activities as GoldAge Incdoes not seem coincidental in any way. Consequently, one may gather that Vladimir and Artur were working closely together at some point. PlanetGold’s owner, Vladimir Kats, supported his business partner at the very beginning of Liberty Reserve’s activity by promoting LR and cooperating with him as far as GoldAge service was concerned. Thus, one may conclude, that Liberty Reserve was actually run by two co-creators, especially when you see who registered GoldAge’s domain:
Administrative Contact: Machabeli, Medea email@example.com, 1052 Prospect Stachek apt. 118 Saint-Petersburg, Russia 198303, Russian Federation, +7.01152698764 Fax
It doesn’t take Sherlock Holmes to deduce which Ragnar did the paperwork. To add to this, we can also trace this e-mail back to other domains, such as gdcaonline.org (a website moniting and ranking payment processors and exchangers):
Owner: Name: Medea Machabeli, Email: ragnar @ hush.ai, Phone: +7.01152698764, Address: 1052 Prospect Stachek apt. 118, Saint-Petersburg, Russia 198303, RU
Therefore, the statement that appears on the following website,http://www.gdcaonline.org/business.php?memberid=169, warning against LR’s main competitor, Perfect Money, does not come as a surprise:
„Fraud, libel, DDoS. Summary: This company, operated by Russian crooks, engages in fraud, DDoS attacks against competitors, libelous websites against competitors, and supports fraudulent businesses, and steals funds from clients every few years only to re-emerge as a different company”.
Another domain connected to LR, asianagold.com, is just another, currently non-existent, exchanger that fell down leaving many unresolved matters and unpaid transcations:
1052 Prospect Stachek, Apt. 118, Saint-Petersburg 198303,
Website: http://www.asianagold.com, Phone: +7-011-526-98-764, Email: firstname.lastname@example.org, email@example.com, Additional Employees: Medea Machabeli Admin
All in all, provided that all the above mentioned information will be confirmed, the future of Liberty Reserved is questionable at best. What’s also unsure is whether the users get their money back since, as we all know, users’ data were not verified and, consequently, many of them gave incorrect information. Moreover, the servers and documents secured by the police may also be extremely useful to the FBI since Liberty Reserve was commonly used by the so-called Ponzi schemes. Hopefully, we will get to know a bit more in the following couple of days.
And we did, in fact, manage to gather some more information regarding this painful issue, so our digging for the truth continued.
LIBERTYRESERVE.COM SEIZED BY US GOVERNMENT (FBI)?
We still have no confirmation from any other official sources except for csi-8.com, Consulting International Services in Costa Rica, and this is an unusual situation. One starts to wonder why people responsible for the current situation leave victims without any official update? If the Spanish police and FBI were involved in this matter why don’t they publish any official statement? One possible explanation might be that today is not a business day for the United States since it’s the Memorial Day and all offices are closed. However, there are still some questions left without any answers. First of all, why didn’t FBI publish their splash page about a domain seizure on libertyreserve domain as they usually do? Also, why sinkhole.shadowserver.org is not online? Is it really the FBI’s job or just a DDoS or hijack domain attack?
Not wanting to speculate without any proof or reliable information, one may find many pieces of information on other blogs an forums (competitors job, domain hijacking). However, after some research some interesting information can be found which proves the US government’s activity.
Let's start from the current dns information on libertyreserve.com domain:
Name Server IP Location
ns1.sinkhole.shadowserver.org 220.127.116.11 Wayne, PA, US
ns2.sinkhole.shadowserver.org 18.104.22.168 Wayne, PA, US
ns1.libertyreserve.com 22.214.171.124 Wayne, PA, US
There is the same ip address for two dns addresses, 126.96.36.199, which you can also find when you ping or nslookup the libertyreserve.com’s domain:
Name: libertyreserve.com, Address: 188.8.131.52
Let's verify this ip:
Let's reverse this IP to check what other domains are using this host:
Reverse IP Lookup Results: 3 domains hosted on IP address 184.108.40.206: drezpass.com, ezpasstag.com, yourcondoco.com
The domains are offline but if you google them, you can verify that all these domains were seized by US government:
"According to the Complaint, from November 2008 to the present, Khandakar and Saelim used at least 50 stolen American Express credit cards to purchase EZ Pass tags and credits, which were resold through the drezpass.com and www.ezpasstag.com websites that they created. "
"Drezpass.com offered discounted E-ZPass tags using stolen credit cards, say Manhattan federal prosecutors who tallied the ripoff to E-ZPass at more than $100,000. The feds identified the cyber-scammers as Rana Khandakar and Usawan Saelim, both 27 and from Brooklyn.”
One may doubt whether these crooks are connected to LibertyReserve owners but both were operating in Brooklyn.
If you’re still hesistant, you may visit the following page, http://tvshack.net, and see an FBI splash page.
Since tvshack.net’s domain was also redirected before to the warning-placeholder IP address: 220.127.116.11, it may seem that it’s only a matter of time when we see the same image on libertyreserve’s domain.
For those who want to check for themselves, go to http://www.yougetsignal.com/tools/web-sites-on-web-server/ and check as domain 18.104.22.168. You will find 21 domains hosted on the same web server as 22.214.171.124.
callservice.biz - also seized by U.S. authorities
community.tvshack.net - also seized by U.S. authorities
filespump.com- also seized by U.S. authorities
livewaresystems.com - also seized by U.S. authorities
movies-links.tv - also seized by U.S. authorities
now-movies.com - also seized by U.S. authorities
planetmoviez.com - also seized by U.S. authorities
thepiratecity.org -also seized by U.S. authorities
tvshack.net - also seized by U.S. authorities
www.now-movies.com - also seized by U.S. authorities
www.planetmoviez.com - also seized by U.S. authorities
www.zml.com - also seized by U.S. authorities
zml.com - also seized by U.S. authorities
Some further evidence: http://www.dslreports.com/forum/remark,25218295
"I know that the US gov't has been seizing domain names, which is why tvshack.net moved to tvshack.cc.
It now appears that the US gov't can somehow seize or control the DNS records for .cc domains (and I invite anyone here to explain how they can do that).
But the larger issue here is that I'm trying to access tvshack.cc's website by going directly to their last known IP address which is 126.96.36.199, and EVEN HERE we see that it's being redirected to the warning-placeholder IP address 188.8.131.52.
Can someone explain how pointing my web browser to 184.108.40.206 is being re-directed to 220.127.116.11 ?"
Also, read the first comment here: http://ddos.arbornetworks.com/2010/07/takedown/
"Curious about how this was implemented, which I think is part of the legality question. Some of the seized domains point to a 1and1.com ip address, which is apparently also hosting a number of sites that weren’t seized (or at least don’t have the fancy DoJ welcome message):
There’s no redirect or anything either – it looks like 18.104.22.168 is serving up the DoJ notice. So they “seized” the domain but still leave it running on a private hosting company rather than a government server? Odd."
Consequently, there seems to be no doubt that libertyreserve.com domain was seized by the US agents. Perhaps, the work has not been finished yet or maybe they haven’t decided what to do with this service. In other words, they arrested the owner but LibertyReserve company is under a different jurisdiction and has its own legal personality which could be a barrier to seize the whole company.
It's also worth noticing that the biggest competitor of LibertyReserve, PerfectMoney, stopped accepting US members at the same time as LibertyReserve website went down. We could read the following info on their website:
"Dear Perfect Money Customers,
We bring to your attention that due to changes in our policy we forbid new registrations from individuals or companies based in the United States of America. This includes US citizens residing overseas. If you fall under the above mentioned category, please do not register an account with us.
We apologize for inconvenience caused."
Is it a coincidence? PerfectMoney website is currently offline or loading very slow and this is also not a good signal for its members.
Summarizing, while still judging by the unconfirmed information and speculations, the whole situation doesn't look good. Even if the owner is arrested one may hope that the company will not be closed. Even if LibertyReserve is not without any money, the process (if any) for recovering the money will be very complicated and time consuming since there is no complete base of members or there are fake profiles.
Finally, on Tuesday, the following article was penned by ivaho.
LIBERTYRESERVE DOMAIN SEIZED, OWNER AND ASSOCIATES INDICTED
It’s official: libertyreserve domain was seized by US goverment (oficially by the United States Global Illicit Financial Team.)
Liberty Reserve, its founder and associates (Vladimir Kats) have been indicted in the U.S. District Court of the Southern District of New York (Manhattan).
According to the indictment, the following people are involved in this matter: Arthur Budovsky, using the aliases “Eric Paltz” and “Arthur Belanchuk,”, Vladimir Kats vel "Ragnar", Ahmed Yassine Abdelghani vel "Alex", Allan Esteban Hildago Jimenez vel "Allen Garcia", Azzeddine El Amine and Mark Marmilev, also known as "Marko".
According to the indictment, LibertyReserve was managed by people who "intentionally created, structured and operated Liberty Reserve as a criminal business venture, one designed to help criminals conduct illegal transactions and launer the proceeds of their crimes".
The United States goverment has seized the Liberty Reserve domain name and five others: ExchangeZone.com; SwiftExchanger.com; MoneyCentralMarket.com; and Asianagold.com.
Liberty Reserve and its cooperators are accused of such crimes as: “credit card fraud, identity theft, investment fraud, computer hacking, child pornography, and narcotics trafficking.”
According to the indictment, between 2006 and May 2013, Liberty Reserve processed an estimated 55 million transactions and is believed “to have laundered more than $6 billion in criminal proceeds.”
Detailed documents regarding this case can be found here: http://www.justice.gov/usao/nys/pressreleases/May13/LibertyReserveetalDocuments.php
All in all, one may say that while fighting freud is, naturally, honorable and necessary, most Liberty Reserve users were/are regular people who have nothing to do with the crimes that were supposedly committed by the accused. What’s more, it will probably be the users who are going to suffer the most since it still remains unclear whether their money will be returned to them at any point. Catching a criminal, after all, is just the first step and it is usually the true victims who tend to be overlooked by the system.
To add to this controversy, we can now witness the process of putting the blame on everybody that comes as close as having a somewhat similar job description to the crooks apprehended in the LR case. What is happening now is targeting any “illicit financial activity wherever it occurs”, to quote Under Secretary for Terrorism and Financial Intelligence David S. Cohen. Thus, next in line, so it seems, are all online exchangers. Consequently, it may be said, one of the biggest players, http://goldexpay.com, is now “unavailable because of reorganization”. Coincidence?
The Liberty Reserve drama was noticeable all over the Internet and the newsletters reflected this situation. AYOP, ROULETTE GURU, SILVER OZ and FINANCIAL FREEDOM all wrote about their takes on LR scandal. AYOP was hopeful: “we are unable to process any withdrawals to Liberty Reserve until it is back up”. AYOP advised those who “have an investment with us using LR” to “wait for the latest news and see what happens next”. Roulette GURU was still apprehensive since they believed that “a lot of rumors came up -- but unfortunately nothing official, nothing verifiable”.
Still, Roulette decided to “terminate the acceptance of Liberty Reserve”. The unfortunate users of LR could “freely exchange your Liberty Reserve earnings to any of the other accepted payment processors”, but with “a 25% exchange fee [...], due to the uncertain situation with Liberty Reserve”. Silver OZ was quick and radical: “as the site Liberty Reserve officially stopped its existence we obliged to delete this payment system from our list of supported EPS”. The LR users were given the option of converting “the existent profit with the 75% fee until the 1st of June 2013 and with the 90% fee after that until the 7th of June”.
Financial Freedom seemed fully aware of the gravity of the situation and the admin literally said “I told you so!” as “in several newsletters before, he did warn you from using LR at all, with their total lack of adequate support, if any”. Still, FF has “lost a good amount of money that was in place for withdrawals”. As a result, “all LR deposits will be reduced with 20% and converted to Perfect Money. Then all plans have restarted from day 0 on the 28th of May. In reality, it’s like if everybody invested right now with 80% if their deposits”.
The only exception from the LR madness was UInvest with a rather optimistic newsletter on the LA conference, Smart Exchange and many more.
UINVEST: LA THOUGHTS AND SE IMPLEMENTATION
To thank all those who took time to travel to UInvest’s Los Angeles-based conference, a promo video was posted on youtube (http://www.youtube.com/watch?v=q3DfGafaK2w) depicting “colorful videos from the greatest U-event of the year - UICC 2013 that took place in sunny Los Angeles, CA”.
Also, UInvest seems to try to spark some interest in Smart Exchange. According to the newsletter, “in the beginning of June UInvest is planning to implement SE”, which will be “more user-friendly, easier to navigate through, and enjoyable for managing finances”.
With LR gone, we’ve decided to give programs some time to adjust to the new online reality: they have until the end of the week when we will verify their possible future activities.
The only one that’s going to be mentioned this week is ADRO Capital due to the fact that its website is not working.
To sum up, it’s been one of the most important and, at the same time, excruciating weeks in our history, amigos. Let’s hope it will not be repeated...