Mystery twitterer linked to Ashley Madison dump


Security blogger Brian Krebs is among those hot on the trail, and he "may have a new lead," according to the New York Times.

On Wednesday, Brian Krebs, the well-known security blogger posited a new theory about who may have hacked the site, which helps arrange extramarital affairs. Mr. Krebs zeroed in on a Twitter user named Thadeus Zu (@deuszu), who posted a link to Ashley Madison’s stolen, proprietary source code before the information was made public this month.

Some apparent problems with this hypothesis have already been noted, but the operator of the @deuszu account is doing his or her best to look guilty.

Reminder: the site was probably just a scam with only a handful of legitimate female participants. Little can be implied about its users beyond stupidity. Read the rest

Claim: Ashley Madison exec "hacked competitor" and stole personal data


Emails sent by the "have an affair" dating network's CEO suggest the firm "hacked" rival in 2012, taking its user database.

Brian Krebs:

“They did a very lousy job building their platform. I got their entire user base,” [Ashley Madison CTO Raja] Bhatia told [CEO Noel] Biderman via email, including in the message a link to a Github archive with a sample of the database. “Also, I can turn any non paying user into a paying user, vice versa, compose messages between users, check unread stats, etc.”

Neither Bhatia nor Biderman could be immediately reached for comment. spoke with Bhatia last week after the Impact Team made good on its threat to release the Ashley Madison user database. At the time, Bhatia was downplaying the leak, saying that his team of investigators had found no signs that the dump of data was legitimate,

Alas, it was for real. Ashley Madison charged its users to have their personal data wiped, but did not do so, and now that data is out in the wild. Read the rest

Mobile ad

Love cheats' hookup site hacked, user data purloined


Ashley Madison is a social network for people who want to cheat on their spouses. It's been hacked and "large caches of user data posted online," reports Krebs on Security.

The privacy of some 37 million account-holders is at stake, though the bulk of the dataset is apparently being withheld and its contents remain uncharted territory.

The social network's boss, bless his stupid nylon socks, thinks that he'll be able to take their "intellectual property" off the 'net.

Reached by KrebsOnSecurity late Sunday evening, ALM Chief Executive Noel Biderman confirmed the hack, and said the company was “working diligently and feverishly” to take down ALM’s intellectual property. Indeed, in the short span of 30 minutes between that brief interview and the publication of this story, several of the Impact Team’s Web links were no longer responding.

“We’re not denying this happened,” Biderman said. “Like us or not, this is still a criminal act.”

The claimed hackers say they were motivated by the site's hypocrisy. Ashley Madison apparently had a "remove your data from our servers for a fee" wheeze going on—a practice unnervingly reminiscent of some revenge porn operators.

The Next Web's Abhimanyu Ghoshal.

The Impact Team said that the ‘full delete’ feature didn’t actually wipe profiles as advertised and that it brought ALM $1.7 million in revenue last year.

The hackers said:

Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.

Read the rest

Crowdfunding medical MDMA and magic mushrooms

An activist couple (she's a neurscientist, he's a psychologist who successfully treated his depression with psychedelics) (they fight crime!) are raising $1M on Indiegogo to fund production of medical-grade MDMA and psilocybin. Read the rest

Sony Hack: Could secretive group of ethnic North Koreans in Japan be to blame?

"A group of ethnic North Koreans residing in Japan known as the Chongryon are critical to North Korea’s cyber and intelligence programs, and help generate hard currency for the regime. "

Brian Krebs's "Spam Nation"

In Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door, Brian Krebs offers a fascinating look at the mass-scale cybercrime that underpins the spam in your inbox and provides an inside peek at a violent fight among its principle players. Cory Doctorow reviews.

Sony hack may have exposed more than movies: sensitive personal data of employees, too.

Screen shot from an internal audit report allegedly stolen from Sony and circulating on file-trading networks.

“The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures,” writes Brian Krebs. Read the rest

Mobile ad

Cybercrooks sell stolen rewards points at 99.9% discount

Enough Hilton Hhonors points to cover $1200 worth of stays can be bought for $12, and the crooks who're inside your account can use your associated credit-card to buy more points and more hotel rooms for themselves. Read the rest

Antiquated ATMs are easy pickings for "jackpotting" by fraudsters

The older machines -- about half of them running Windows XP, which no longer receives security updates -- are very vulnerable to "jackpotting" attacks where criminals trick the machines into paying out money without correctly debiting any account, to the tune of millions. Read the rest

Counterfeit money up close

Someone sent Brian Krebs an envelope of counterfeit $100 and $50 bills, apparently manufactured by Mrmouse, the counterfeiter whom Krebs outed for selling his notes openly on Reddit. Read the rest

Cyber-crooks turn to Bitcoin extortion

Security journalist Brian Krebs documents a string of escalating extortion crimes perpetrated with help from the net, and proposes that the growth of extortion as a tactic preferred over traditional identity theft and botnetting is driven by Bitcoin, which provides a safe way for crooks to get payouts from their victims. Read the rest

Cops bust cybercrook who sent heroin to Brian Krebs

Sergei "Fly" Vovnenko, a Russo-Ukrainian cybercrook who stalked and harassed security journalist Brian Krebs -- at one point conspiring to get him arrested by sending him heroin via the Silk Road -- has been arrested. According to Krebs, Vovnenko was a prolific credit-card crook, specializing in dumps of stolen Italian credit-card numbers, and faces charges in Italy and the USA. Krebs documents how Vovnenko's identity came to light because he installed a keylogger on his own wife's computer, which subsequently leaked her real name, which led to him. Read the rest

Criminal website selling thousands of credit cards hijacked from PF Chang's diners

In an echo of the massive breach of credit-card numbers from Target, credit-card numbers from thousands of PF Chang's customers who used their cards at the restaurant between March and May 2014 are being sold on the criminal underground. Rescator, the criminal selling the PF Chang's customers' card, has branded his product "Ronald Reagan", and offers cards at different prices based on whether they're regular, gold or platinum cards. Read the rest

Mysterious announcement from Truecrypt declares the project insecure and dead

The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i. Cory Doctorow tries to make sense of it all.

16 year old Canadian arrested for over 30 "swattings"

A 16-year-old Canadian male has been arrested for calling in over 30 "swattings," bomb threats and other hoax calls to emergency services in North America. The young man is alleged to be the operator of @ProbablyOnion on Twitter, which had previously advertised swattings (sending SWAT teams to your enemies' homes by reporting phony hostage-takings there, advising police that someone matching your victim's description is on the scene, armed and out of control) as a service, and had bragged of swatting computer crime journalism Brian Krebs twice. Krebs had previously caught a kid who swatted him, and outed him to his father -- this may have made him a target for other swatters. Read the rest