Saturday, June 28, 2014

Well's Fargo attacks Indybay.org newswire for publishing bank manual describing systematic forgery of foreclosure documents

Also see:
* "Well's Fargo manual shows common use of forging foreclosure documents" [link].
* Wells-Fargo Foreclosure Manual (Pub. 2011-11-09, current 2012) [link]

A note about the following story: Well's Fargo has hired PhishLabs to harrass Indybay.org and demand that the Well's Fargo document be taken down from their website. PhishLabs does not cite any apparent legal violation cited in Phishlabs' emails. They just say that it's an "unauthorized" posting.
---
"Wells Fargo Wants Indybay.org Disabled As Soon As Possible"
2014-06-28 by Throwing Stones for "Indybay.org" [https://www.indybay.org/newsitems/2014/06/28/18757993.php?show_comments=1#comments]:
"A peaceful place or so it looks from space, A closer look reveals the human race." - Grateful Dead, Throwing Stones
Wells Fargo, a client of PhishLabs Security Operations, wants the “Wells Fargo foreclosure manual” removed from Indybay.org as soon as possible [https://www.indybay.org/newsitems/2014/03/22/18752950.php].
On March 12, 2014, the New York Post reported [http://nypost.com/2014/03/12/wells-fargo-made-up-on-demand-foreclosure-papers-plan-court-filing-charges/], "Wells Fargo, the nation’s biggest mortgage servicer, appears to have set up detailed internal procedures to fabricate foreclosure papers on demand, according to allegations in papers filed Tuesday in a New York federal court."
On March 17, 2014, The Washington Post [http://www.washingtonpost.com/business/economy/wells-fargo-foreclosure-manual-under-fire/2014/03/17/25cd383c-ae00-11e3-96dc-d6ea14c099f9_story.html] published Wells Fargo's 150-page manual to attorneys for fabricating foreclosure papers [http://apps.washingtonpost.com/g/documents/business/wells-fargo-foreclosure-manual/879/]. The Post states, "Wells Fargo created an elaborate guide for how to produce missing documents to foreclose on homeowners, according to a lawsuit that has caught the attention of state and federal regulators."
The Wells Fargo manual is marked as "Foreclosure Attorney Procedures Manual – internal use only. This is intended only for privileged confidential use." The manual instructs Wells Fargo lawyers how to process foreclosures when a key document, known as an endorsement, is missing.
On March 21, 2014, Linda Tirelli, an attorney representing clients being foreclosed on by Wells Fargo, was interviewed by Amy Goodman and Juan González for Democracy Now! [http://www.democracynow.org/2014/3/21/as_wells_fargo_is_accused_of]. During the interview, Tirelli described the manual:
"[I]t’s actually entitled the 'Wells Fargo Home Mortgage Foreclosure Attorney [Procedure] Manual, Version 1.' And it says on it that it’s last published 2/24/2012. Mind you, the national mortgage settlement agreement was announced a week prior, on 2/19/2012.
"The way I obtained it, it was actually sitting right there on the Internet, of all things. A colleague of mine, through a Max Gardner’s Bankruptcy Boot Camp, which I am a member, an active member, gave it to me and said, 'Hey, I found this online, and I know you’re doing a lot of Wells Fargo cases. Maybe you can use this.'
"Reading it, my jaw just dropped. As I see it, it’s clearly outlining procedures, not just for the $12-an-hour robo-signers that we’ve heard about all these years, but for the lawyers, who need to be held accountable to a much higher degree. It’s the manual for the lawyers to actually fabricate documents, as I see it, and request that documents that are lacking be fabricated by Wells Fargo. It’s absolutely appalling."
On March 22, 2014, Wells Fargo's manual for fabricating foreclosure papers was published on Indybay.org by IndyRadio in a post titled, "Wells Fargo instructions for fabricating foreclosure documents" [https://www.indybay.org/newsitems/2014/03/22/18752950.php].
On June 12, 2014, Eric George of PhishLabs Security Operations contacted the San Francisco Bay Area Independent Media Center (Indybay) and recorded a voice message. In the message, George states that Wells Fargo is a client of PhishLabs, and that "wells-fargo-foreclosure-manual.pdf [https://www.indybay.org/uploads/2014/03/22/wells-fargo-foreclosure-manual.pdf] needs to be removed as soon as possible."
After recording a voice message, Eric George of PhishLabs emailed Indybay on June 12, 2014, and wrote, "Our company investigates computer crime incidents on behalf of banks and other companies. We have discovered that your web site, www.indybay.org , is hosting material that is confidential in nature and bears the Wells Fargo name without authorization. We kindly request that you remove this material as soon as possible."
On June 25, 2014, Marnie King of PhishLabs Security Operations emailed Indybay, as well as the Telx data center, and wrote, "Our company investigates computer crime incidents on behalf of banks and other companies. We have discovered that your web site, www.indybay.org , is hosting material (PDF file) that is confidential in nature and bears the Wells Fargo name without authorization. We kindly request that you remove this material as soon as possible."
On June 27, 2014, Israel Perez of PhishLabs Security Operations emailed Indybay, as well as Telx and domain name provider worldnic.com (Network Solutions), and wrote, "Our company investigates computer crime incidents on behalf of banks and other companies. A site containing unauthorized material was found to be operating on your network and displaying Wells Fargo material.
"If possible, please provide the following information to assist our investigation:
"- Web server and FTP server log files for the past several days
- Copies of all phishing files, hack tools, or other hacker files
"Finally, we kindly request that you disable or remove the site as soon as possible."
As of June 28, 2014, there are no updates to report.

Voice Message (+1 304 951 0269) from PhishLabs Security Operations to Indybay.org, 2014-06-12:


---

From: soc [at] phishlabs.com
To: sfbay [at] indymedia.org, sfbay-web [at] lists.indymedia.org
Subject: [PL-182025] Confidential material on your site - hXXp://http://www.indybay.org/uploads/2014/03/22/wells-fargo-foreclosure-manual.pdf
Date: 6/12/14
Our company investigates computer crime incidents on behalf of banks and other companies.
We have discovered that your web site, http://www.indybay.org , is hosting material that is confidential in nature and bears the Wells Fargo name without authorization.
hXXp://http://www.indybay.org/uploads/2014/03/22/wells-fargo-foreclosure-manual.pdf
We kindly request that you remove this material as soon as possible.
If you believe we have contacted you in error, or if we can provide any assistance with this incident, please contact us and let us know.
Thank you for your assistance with this matter,
Eric George
PhishLabs Security Operations
soc [at] phishlabs.com
+1.202.386.6001
http://www.phishlabs.com/

---

From: soc [at] phishlabs.com
To: abuse [at] telx.com, ipadmin [at] telx.com, sfbay [at] indymedia.org, sfbay-web [at] lists.indymedia.org
Subject: [PL-182025] Unauthorized Material on your website: indybay.org / 192.235.78.70
Date: 6/25/14
Hello,
Our company investigates computer crime incidents on behalf of banks and other companies.
We have discovered that your web site, http://www.indybay.org , is hosting material (PDF file) that is confidential in nature and bears the Wells Fargo name without authorization.
Link to content:
http://www.indybay.org/uploads/2014/03/22/wells-fargo-foreclosure-manual.pdf
IP: 192.235.78.70
We kindly request that you remove this material as soon as possible.
If you believe we have contacted you in error, or if we can provide any assistance with this incident, please contact us and let us know.
Thank you for your assistance with this matter.
Regards,
Marnie King
PhishLabs Security Operations
soc [at] phishlabs.com
+1.202.386.6001
http://www.phishlabs.com/

---

From: soc [at] phishlabs.com
To: sfbay [at] indymedia.org, ipadmin [at] telx.com, namehost [at] worldnic.com, tie [at] telx.com, sfbay-web [at] lists.indymedia.org, abuse [at] telx.com
Subject: [PL-182025] Phishing hosted on http://www.indybay.org
Date: 6/27/14
Our company investigates computer crime incidents on behalf of banks and other companies.
A site containing unauthorized material was found to be operating on your network and displaying Wells Fargo material:
192.235.78.70 - j0.ramona.indybay.org
hXXp://http://www.indybay.org/uploads/2014/03/22/wells-fargo-foreclosure-manual.pdf
If possible, please provide the following information to assist our investigation:
- Web server and FTP server log files for the past several days
- Copies of all phishing files, hack tools, or other hacker files
Finally, we kindly request that you disable or remove the site as soon as possible.
If we have contacted you in error, or there is a better way for us to report this incident, please let us know.
Thank you for your assistance,
Israel Perez
PhishLabs Security Operations
soc [at] phishlabs.com
+1.202.386.6001
http://www.phishlabs.com/

No comments:

Post a Comment