Brian Krebs writes about how hackers have expanded the ways they extract value from compromised PCs. No longer is a compromised machine merely good for forming part of a botnet or forwarding spam. New strains of malware extract all your login/passwords for ecommerce sites, and these are then put on sale at $2 a throw on sites like Freshtools.
Increasingly, miscreants are setting up their own storefronts to sell stolen credentials for an entire shopping mall of online retail establishments. Freshtools, for example, sells purloined usernames and passwords for working accounts at overstock.com, dell.com, walmart.com, all for $2 each. The site also sells fedex.com and ups.com accounts for $5 a pop, no doubt to enable fraudulent reshipping schemes. Accounts that come with credentials to the email addresses tied to each site can fetch a dollar or two more.
Another store widely advertised in the Underweb (see screenshot above) pimps credentials for a far broader array of retailers, most of which can be had for $2, including amazon.com, apple.com, autotrader.co.uk, bestbuy.com, bloomgingdales.com, bol.com, cdw.com, drugstore.com, ebay.co.uk, ebay.com, facebook.com, gamestop.com, gumtree.com, kohls.com, logmein.com, lowes.com, macys.com, mylikes.com, newegg.com, next.co.uk.com, okpay.com, paypal.com, payza.com, runescape.com, sephora.com, skype.com, target.com, toysrus.com, ukash.com, verizon.com, walmart.com, xoom.com and zappos.com. Accounts at these retailers that have credit cards or bank accounts tied to them command higher prices.
This a glimpse into the complex ecosystem of online crime. The person who writes the malware sells it to someone who's got a useful vector (a hacked website, say) for distributing it. The distributor extracts the ecommerce logins and flogs them to someone else who has access to a stooge who does freight forwarding. The freight forwarder acts as a dead-drop for some other crook who's wholesaling to dirty retailers, and so on. It's like a distributed badware version of Adam Smith's pin factory.
Exploring the Market for Stolen Passwords
In July 2012, professional poker-player Phil Ivey won $4.8M from the baccarat tables at Atlantic City’s Borgata Hotel Casino & Spa in 17 hours; on other occasions, he took a total of $9M out of the Borgata: he did it by asking the house to deal Gemaco Borgata cards, whose backs contained minute asymmetries in […]
The five Volkswagen executives who were criminally charged in the USA for their role in the Dieselgate scandal have been advised not to travel to the USA because they are liable to arrest there: they’ve also been told that leaving Germany is risky because they might be arrested and extradited to the USA.
When you open the box for a Storm Trooper snuggie blanket, you’ll discover a card telling you that by buying the blanket, you’ve waived your right to sue the manufacturer and will subject yourself to binding arbitration if your blanket gives you cancer or burns you to death or any of the other bad things […]
Computer hacking isn’t just something happening to the DNC. Major software companies need white-hat hackers to ensure the security of their products and users, and I came across a Computer Hacker Professional Certification Package that conveniently teaches those advanced IT techniques online.This course package will prepare you for various computer security certification exams with over 60 hours […]
One of the best ways to progress a career in project management is through earning recognized certifications. These certifications carry significant clout and don’t require expensive tuition or student loans. This Ultimate Project Management Certification Bundle is a great example of an affordable way to get ahead. It includes training for 9 certifications including PMP, […]
There’s nothing quite like the rush of playing against a real human opponent. But from a developer standpoint, creating fun multiplayer experiences is incredibly complex. Fortunately, the Unity3D game engine has made all aspects of game creation, including multiplayer functionality, as accessible as ever.This Unity Course Bundle introduces all of the necessary elements of creating […]