Brian Krebs writes about how hackers have expanded the ways they extract value from compromised PCs. No longer is a compromised machine merely good for forming part of a botnet or forwarding spam. New strains of malware extract all your login/passwords for ecommerce sites, and these are then put on sale at $2 a throw on sites like Freshtools.
Increasingly, miscreants are setting up their own storefronts to sell stolen credentials for an entire shopping mall of online retail establishments. Freshtools, for example, sells purloined usernames and passwords for working accounts at overstock.com, dell.com, walmart.com, all for $2 each. The site also sells fedex.com and ups.com accounts for $5 a pop, no doubt to enable fraudulent reshipping schemes. Accounts that come with credentials to the email addresses tied to each site can fetch a dollar or two more.
Another store widely advertised in the Underweb (see screenshot above) pimps credentials for a far broader array of retailers, most of which can be had for $2, including amazon.com, apple.com, autotrader.co.uk, bestbuy.com, bloomgingdales.com, bol.com, cdw.com, drugstore.com, ebay.co.uk, ebay.com, facebook.com, gamestop.com, gumtree.com, kohls.com, logmein.com, lowes.com, macys.com, mylikes.com, newegg.com, next.co.uk.com, okpay.com, paypal.com, payza.com, runescape.com, sephora.com, skype.com, target.com, toysrus.com, ukash.com, verizon.com, walmart.com, xoom.com and zappos.com. Accounts at these retailers that have credit cards or bank accounts tied to them command higher prices.
This a glimpse into the complex ecosystem of online crime. The person who writes the malware sells it to someone who's got a useful vector (a hacked website, say) for distributing it. The distributor extracts the ecommerce logins and flogs them to someone else who has access to a stooge who does freight forwarding. The freight forwarder acts as a dead-drop for some other crook who's wholesaling to dirty retailers, and so on. It's like a distributed badware version of Adam Smith's pin factory.
Exploring the Market for Stolen Passwords
Uganda is so poor that few can afford medical care, giving it one of the lowest life-expectancies on the planet — this toxic combination made the country ripe for infiltration by Tiens, a Chinese Multi-Level-Marketing “nutritional supplements” cult whose members set up fake medical clinics that diagnose fake ailments and proscribe fake medicines, then rope […]
Yahoo’s sale to Verizon means that Yahoo’s sub-companies — Flickr, Tumblr and a host of others — are now divisions of a phone company, and as you might expect, being on the payroll of a notorious neutracidal maniac with a long history of sleazy, invasive, privacy-destroying, monopolistic, deceptive, anti-competitive, scumbag shakedowns has changed the public […]
What was last week posed as an indefinite leave of absence is now for good: Travis Kalanick, CEO of scandal-wracked rideshare company Uber, announced that he is leaving the company. “I love Uber more than anything in the world and at this difficult moment in my personal life I have accepted the investors request to […]
Although flagship smartphones are unlikely to adopt heavy-duty outer casing anytime soon, you can always prepare your device for the outdoors with a beefy case and and an external battery like this Nomad Tile Trackable PowerPack, available in the Boing Boing Store for $119.95.The Nomad Tile can fully recharge an iPhone 7 over three times […]
Even though credit cards now feature an EMV chip for securing transactions, they still have to include the magnetic strip for compatibility with older point of sale systems. Because of this, there’s no way for the chip’s new security capabilities to protect against card skimmers in the wild.How do you protect yourself from legacy-technology-induced fraud? […]
As the old saying goes, “You should sit in meditation for 30 minutes every day. Unless you are too busy, in which case you should meditate for an hour.” Since most of us have an endless list of things to do and people to see, carving out quiet time can feel impossible, especially when most […]