Allysa Myers at McAfee blogged about this FBI press release announcing criminal charges against 38 alleged baddies from the U.S. and overseas.

According to the indictment, the Romania-based members of the enterprise obtained thousands of credit and debit card accounts and related personal information by phishing, with more than 1.3 million spam emails sent in one phishing attack. Once directed to a bogus site, victims were then prompted at those sites to enter access device and personal information. The Romanian “suppliers” collected the victims’ information and sent the data to U.S.-based “cashiers” via Internet “chat” messages. The domestic cashiers used hardware called encoders to record the fraudulently obtained information onto the magnetic strips on the back of credit and debit cards, and similar cards such as hotel keys. Cashiers then directed “runners” to test the fraudulent cards by checking balances or withdrawing small amounts of money at ATMs. The cards that were successfully tested, known as “cashable” cards, were used to withdraw money from ATMs or point of sale terminals that the cashiers had determined permitted the highest withdrawal limits. A portion of the proceeds was then wire transferred to the supplier who had provided the access device information.

It’s great to see that the Romanian and U.S. authorities were able to successfully work together to bring down what sounds like a pretty serious criminal enterprise.

The U.S. Federal Trade Commission (FTC) has a quite good educational site, OnGuard Online, with online and print materials for educating consumers about malware, phishing, identity theft, and other online hazards.

They also just released a few entertaining videos that promote the site while explaining the concept of phishing.

Wired has an article about the U.S. government’s lack of a transparent, responsive process for individuals who are on the terrorist watch list to request removal if they are innocent. According to the article, even the process they do have, which only addresses a subset of the people affected, has resolved only half of its cases since February. Others are left confused, with little information about the process or the individual’s current status.

BBC columnist Bill Thompson recently raised questions about the responsiveness of StopBadware’s own review process that helps site owners flagged by Google get their sites removed from Google’s list. He even suggested that perhaps the authorities should be the ones keeping a URL blacklist and managing the appeals process.

Apart from the jurisdictional issues, which Mr. Thompson acknowledges as being a show-stopper, the example set by the U.S. government isn’t exactly an encouraging sign for the future of a government-run blacklist.

At StopBadware, we believe that transparency and responsiveness are key to the success of our efforts. This is why we explain our review process in our FAQ. It’s why anyone who submits a request for review of their site can return to our site at any time while the review is in progress to see its status. And it’s why the average time for a review to be completed is under three days (typically shorter for sites that are, in fact, clean when they are submitted for review and a bit longer for those that are not).

There’s still more to be done, of course. We encourage all security vendors and blacklist providers to offer a transparent and responsive process. We continue to improve our own process and communications to provide the most information as clearly and quickly as possible. And, over the next several months, we’ll be doing even more to involve the community in our efforts.

Meanwhile, millions of users are being protected from badware every day, all without the bureaucracy that often comes with government security efforts.