ICG Technology

ICG Technology Fraud

Don't Bear Internet Fraud

This ICG Technology fraud as usual rips off the website of a well-known company, (Anders Electronics). and retitles it as a bogus company "ICG Technology" which is incidentally a biotechnology term for "Impedance CardioGraphy Technology". My attention was first drawn to these criminals because they are currently sharing the same criminal network as the Cronos Investment crooks which is a bit of a giveaway. They may not stay on the same network, of course, but the fact that they are at the moment is certain proof of the relationship between Cronos Investment and ICG Technology, not to mention the 'rockphish' gang as the host IP, (221.12.43.189), generates the characteristic 'rockphish' bogus error "209 Host Locked" if directly accessed.

Looking up the 2 icg-technology.com parent servers DNS Details:

Nameserver	'A' Record Response
dns2.gosperti.com [202.74.32.13]	221.12.43.189
dns1.gosperti.com [200.72.139.67]	221.12.43.189

If further proof were needed there is the usual bogus job under the usual 'Careers' tab accepting stolen or counterfeit funds into your account and wiring it back out less 5%, (a bit mean this time....), to the crooks via Moneygram or Western Union. It seems to be targeting the folks down under this time. Don't be fooled!

ICG Technology : Evidence of Criminal Fraud

i) The ICG Technology criminal fraudsters are currently using exactly the same criminal nameservers and host as the Cronos Investment fraudsters and the host IP, (221.12.43.189), generates the bogus error "209 Host Locked" if directly accessed which is a confirmed characterstic of the 'Rockphish' criminals IPs - certain proof they are one and the same. However, if you want more:

ii) The criminal's website is a rip-off of the genuine UK company, Anders Electronics website.

iii) The criminal's site has a 'Career' menu option which is spamvertising the usual money laundering mule 'job' as follows:

How it works?
When the prospective client intends to buy our products or services he signs a contract and sends an international wire from his local bank. The central problem of our activity in Australia is the prolonged duration of funds transfers from our clients to us. As a result our client waits from one week to over month until his transfer reaches our account and our Managers give an order to ship products to a customer. Our newly employed agents will solve this problem by means of there geographical position close to the client.

The Process
1. Our customer (located in your area) informs us about his wish to buy specified products or services..
2. We supply our client with your contact details and he transfers funds directly to you (cheque sent to postal address specified by you or via bank transfer to your bank account). You inform us the moment the funds arrive.
3. We immediately give an order to ship products to the customer. In most cases this will allow us to ship client's order on the same or next business day.
4. You then transfer the client’s funds to our bank account (or follow other transferring methods as will be stated in your instructions).

How much we pay
We pay you a 5% commission from the total amount of the funds transferred to you from our clients. You simply deduct the commission from the received amount. We cover all other bank fees and transfer costs.

We can afford this commission as our clients compensate for it and we save greater amounts avoiding the 10% Tax on Foreign Trade here in Hong Kong. You are not obliged to pay any taxes in Australia until you are acting as an agent.

or, to put it another way:

How it Actually works

We advertise non-existent goods on Ebay and the poor sap who falls for the bogus auction sends you the money which you put in your account and immediately wire to us in Poland via Moneygram or Western Union then all you have to do is sit back and wait for the irate auction winner to write to you: "WHERE IS MY COMPUTER YOU *******" and the police to call.

iv) As per usual, the bogus site has the claim of being in business since 1982, but Google has never heard of them and the criminal's domains were registered in the last few days.

more to come....

The above evidence clearly demonstrates beyond any doubt that this stolen ICG Technology website has been stolen from Anders Electronics & has been set up by money laundering criminals purely for the purpose of spamvertising an illegal money laundering 'mule' job and is undoubtedly related to Cronos Investment, Draper Investment, Harvey Investment, Adamant Global, Sydney Car Centre and the rest of the money laundering criminal fraudsters' aliases documented here, not to mention the 'rockphish' phishing gang. If you are an abuse team that has received an abuse report regarding these fraudsters, please consider immediate termination of their services in view of the absolutely undeniable evidence of site theft, copyright offences, criminal money laundering activity and spamming - please don't delay - these criminals will not respond to any communication from you, (all their whois data is false), but will simply take advantage of any attempt at communication as a delaying tactic to allow them time to carry on their criminal activity and prepare their next network.
Do not be misled - these are professional criminals with a long history of fraud as detailed on the General Information page and are the same criminals as the 'rockphish' phishing fraudsters, so if a host or registrar shelters these crooks then they are also sheltering them and aiding and abetting their criminal 'phishing' fraud activities.

ICG Technology Fraudsters - current hosting details [Updated 18th. October 2007]

Current Hosts

Unhosted

Current Main Domains and Registrars

icg-technology.com - PUBLICDOMAINREGISTRY.COM

See table below for the full list of known active & suspended main domains for this criminal.

Current Botnet Nameserver Domains and Registrars

Not botnet hosted at present - Current DNS data below. See table below for the full list of known active & suspended nameserver domains for this criminal.

The Spam Headers

Someone please send me some spam source code (i.e. headers and body) - thanks

The Spam Content

To follow

The Zombie Botnet

The criminal as not using a zombie botnet at this time. Normal DNS Data below.

Initial DNS Data
Looking up the 2 icg-technology.com parent servers DNS Details:

Nameserver	'A' Record Response
dns2.gosperti.com [202.74.32.13]	221.12.43.189
dns1.gosperti.com [200.72.139.67]	221.12.43.189

The DNS data shows the criminals hosting on IP 221.12.43.189 which is an IP belonging to CNC Group Zhejiang Province Network

These criminals are experienced liars, thieves and professional confidence tricksters. Do not be fooled - do not believe them. The evidence of criminal fraud is undeniable. I'd like to thank the many honest & ethical hosts who have disconnected these fraudsters within an hour of receiving my abuse report, (several in c. 20 minutes). However, the zombie botnet controlling nameservers seem to be occasionally hosted by Colocation/VPS service providers who do not respond to criminal fraud abuse reports. The honest & ethical SPs will respond with an immediate, (preferably not 24 hours or 48 hours & certainly not never...), disconnection on receipt of a criminal abuse report, having considered the evidence below & investigated, but more and more frequently service providers stall or simply ignore abuse reports. This latter minority of uncaring & unethical hosts are aiding and abetting criminal fraud and the victims suffer because of it.

Knowingly supplying services to these fraudsters is a criminal offence in the UK under the UK Proceeds of Crime act (2002) Section 328 "A person commits an offence if he enters into or becomes concerned in an arrangement which he knows or suspects facilitates (by whatever means) the acquisition, retention, use or control of criminal property by or on behalf of another person". The notification level for this offence is low. Would all hosts and registrars with a UK presence, (other countries will undoubtedly have similar provisions), please bear this in mind and please do not ignore any criminal fraud abuse reports you may receive or if you do, please don't be surprised or offended if I file a crime complaint against you with local law enforcement agencies after a reasonable period of notice of abuse - the victims, (who could be your mother, father, grandmother, grandfather, the helpless, the disabled or any loved one - these criminals are exactly the same as doorstep conmen), deserve better.

The unethical hosts, (and registrars), should appreciate that taking the 'blind eye' approach involves them in the crime, creates a great deal of ill-will, bad publicity & hurts everybody, especially the victims of these fraudsters. They should also bear in mind that these crooks pay for their services using Paypal linked to stolen credit card details so they are likely to get a charge-back which will also leave them out of pocket, unless, of course, they have a more intimate relationship with the criminals.

A CEO of a Credit Union tells me of clients who have lost thousands of pounds cashing counterfeit money orders for these criminals, & I myself have had letters from worried victims, so do not under any circumstances get involved with them and also please think twice about doing business with the unethical service providers who continue to provide this criminal with the means to perpetrate his crime despite being notified of the criminal activity.

Blocking The spam

I have had quite a few queries about how to block the criminal's spam in Outlook Express. Fortunately they are easily detected using the OE 'Mail Rules' (Tools - Message Rules - Mail).

Rules based on the From, To etc addresses will never work as the header data is all forged. The message body remains constant, however & that can be used to detect them.

Use the rule "Where the message body contains specific words" and use "ICG Technology" as the search item then choose 'delete' (or whatever action you prefer) as the action then that will definitely detect every single one of these spams.

If you find this site helpful then please feel free to link to it on your website by inserting the following HTML code, (opens site in new window):
<a href="http://www.bobbear.co.uk" target="_blank">Money Laundering Fraud Websites</a>

Here are all the known domains that are/have been used for the Cronos Investment fraud:

Domain

icg-technology.com

Nameserver Domains

Status

Active

Registrar

PUBLICDOMAINREGISTRY.COM

Please notify me of any errors or domains not listed here.

Notes for Registrars

i) All of the ICG Technology criminal's domains have different false whois data as is always the case for these fraudsters.

ii) The criminal will not respond to your challenge, but will use the notice to prepare a new network - immediate suspension is requested please, if allowed for by your AUP for these serious criminal offences of site theft, money laundering fraud and prolific spamming.

If you have been a victim of this or any other of these fraudsters & would like to tell your story on these pages as a warning & to help others, please contact me.

Fraud Blog

Initial entry 18th. October 2007

***Latest News*** 26th. October 2007

The domain icg-technology.com is not resolving and is returning an 'A' record of 1.1.1.1 from the nameservers dns1.gosperti.com and dns2.gosperti.com because the nameserver domain gosperti.com has been suspended by Estdomains.