Cyber-Looters Capitalize on Katrina

Within hours of the storm's landfall, scam artists snapped up Katrina-related Web domains and began using them to siphon money from unwitting Web surfers.

The distressing images of looters carrying off electronics, food and whatever other goods they could find in the aftermath of Hurricane Katrina have become all too familiar, but the online "looting" that has cropped up in the storms wake may prove to be more financially damaging than the thefts occurring on the ground in New Orleans.

Within hours of the storms landfall late last month, scam artists snapped up Katrina-related Web domains and began using them to siphon money from unwitting Web surfers.

State attorneys general in Missouri and Florida both took action last week to shut down Web sites with names such as and, which were using the tragedy to direct money to dubious organizations. But countless other online scams may still be operating and are similar to those that sprang up in the wake of the Asian tsunami in December.

/zimages/6/28571.gifClick here to read more about one tsunami-related phishing scam.

The wave of scams comes amid reports that the fear of cyber-crime is denting public interest in online services such as banking and shopping, prompting some to worry that the public could lose confidence in the Internet as a medium for commerce.

More than 2,500 storm-related sites have been registered since August. On Sept. 3 alone, about 450 domains with the word "Katrina" in them were registered, according to The SANS Institutes Internet Storm Center, in Bethesda, Md.

The majority of those sites are still "under construction," said Johannes Ullrich, chief technology officer at ISC. Still others are well-meaning sites set up by individuals collecting money for hurricane relief or were registered far in advance of the hurricane.

But many Web sites are engaged in what SANS called cyber-looting: taking advantage of the online outpouring of sympathy for hurricane victims to make money.

/zimages/6/28571.gifThe anonymity of the Web makes it easy for scammers to take advantage of donors generosity. Click here to read more.

Those include four sites that are the subject of a civil lawsuit filed in Nassau County Circuit Court in Florida by state Attorney General Charlie Crist. On Sept. 2, Crist filed the suit against Robert Moneyhan, aka "Demon Moon," the Webmaster for katrinahelp. com,, and, which the attorney general alleges were used to direct donations to Moneyhans private PayPal account.

The scams, which received wide attention in the media, could dampen hurricane relief donations in the same way that phishing attacks have dampened use of online banking and e-commerce, said Avivah Litan, an analyst at Gartner Inc., in Stamford, Conn.

But cracking down on bogus Web sites is difficult. Domain registrars such as Network Solutions LLC, which has sold more than 300 Katrina- or hurricane-related Web domains since the storm hit, dont track what people do with them, according to Susan Wade, a spokesperson for Network Solutions, in Herndon, Va.

One solution is an online reputation system for Web pages, akin to those used to weed out spam, said Patrick Peterson, vice president of technology at IronPort Systems Inc., of San Bruno, Calif.

IronPort operates the SenderBase e-mail reputation service, which tracks domains that send spam and viruses. That technology could be adapted to create a Web domain reputation service, Peterson said.

For example, Web sites that are hosted on compromised PCs or a segment of the Web from which viruses or spam originate would be deemed more risky than sites hosted elsewhere, Peterson said.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.