Brian Krebs writes about how hackers have expanded the ways they extract value from compromised PCs. No longer is a compromised machine merely good for forming part of a botnet or forwarding spam. New strains of malware extract all your login/passwords for ecommerce sites, and these are then put on sale at $2 a throw on sites like Freshtools.
Increasingly, miscreants are setting up their own storefronts to sell stolen credentials for an entire shopping mall of online retail establishments. Freshtools, for example, sells purloined usernames and passwords for working accounts at overstock.com, dell.com, walmart.com, all for $2 each. The site also sells fedex.com and ups.com accounts for $5 a pop, no doubt to enable fraudulent reshipping schemes. Accounts that come with credentials to the email addresses tied to each site can fetch a dollar or two more.
Another store widely advertised in the Underweb (see screenshot above) pimps credentials for a far broader array of retailers, most of which can be had for $2, including amazon.com, apple.com, autotrader.co.uk, bestbuy.com, bloomgingdales.com, bol.com, cdw.com, drugstore.com, ebay.co.uk, ebay.com, facebook.com, gamestop.com, gumtree.com, kohls.com, logmein.com, lowes.com, macys.com, mylikes.com, newegg.com, next.co.uk.com, okpay.com, paypal.com, payza.com, runescape.com, sephora.com, skype.com, target.com, toysrus.com, ukash.com, verizon.com, walmart.com, xoom.com and zappos.com. Accounts at these retailers that have credit cards or bank accounts tied to them command higher prices.
This a glimpse into the complex ecosystem of online crime. The person who writes the malware sells it to someone who's got a useful vector (a hacked website, say) for distributing it. The distributor extracts the ecommerce logins and flogs them to someone else who has access to a stooge who does freight forwarding. The freight forwarder acts as a dead-drop for some other crook who's wholesaling to dirty retailers, and so on. It's like a distributed badware version of Adam Smith's pin factory.
Exploring the Market for Stolen Passwords
When estimating his net worth, Pepe the Cheeto is apt to include a multibillion dollar valuation for the “Trump” brand-name; but new Trump Hotels will be called “Scion” hotels, “a nod to the Trump family and to the tremendous success it has had with its businesses, including Trump Hotels, while allowing for a clear distinction […]
Facebook — which accounts for as much as 75% of the traffic to popular websites — tweaked its algorithm to downrank those same publishers, who had been engaged in an arms-race to dominate Facebook users’ feeds through techniques intended to gain high rank in Facebook’s secret scoring system.
Update: According to The Verge, Facebook has verified the authenticity of the screenshot below. In what appears to be an internal Facebook post, Zuckerberg defends his company’s ongoing association with Peter Thiel — Facebook investor/board member and major donor to white-supremacist/pro-rape presidential candidate Donald Trump.
This week’s top deals from the Boing Boing Store range from lobster to wine to desk organization. 1. Get Maine Lobster (50% Off)With these discounted packages from Get Maine Lobster, you can experience the sweet, fresh flavor of world-renowned Maine lobster right at your own dinner table. There are four options to choose from, each at […]
Nothing is more frustrating than needing to edit or sign a PDF and not having access to the original document. That’s why PDFpenPRO is a must-have app in our books.With this extremely useful app, you can merge, markup, and create PDF documents without ever having to convert your PDFs into word processor file formats. Type directly onto […]
From self-driving cars to stock market predicting software to the recommendations you get on Amazon and Netflix, machine learning is at the core of modern technology. You could find yourself building technology that is literally changing the world with the skills you’ll learn in The Complete Machine Learning Bundle. This bundle of 10 courses includes 406 lessons that will teach […]