krebs

Sony hack may have exposed more than movies: sensitive personal data of employees, too.

Screen shot from an internal audit report allegedly stolen from Sony and circulating on file-trading networks.

“The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures,” writes Brian Krebs. Read the rest

Afraid of swiping your card at retail stores during holiday shopping? LOL, you should be.

There are many points of security failure along the way that leave your financial data vulnerable to theft.

Cybercrooks sell stolen rewards points at 99.9% discount

Enough Hilton Hhonors points to cover $1200 worth of stays can be bought for $12, and the crooks who're inside your account can use your associated credit-card to buy more points and more hotel rooms for themselves. Read the rest

Antiquated ATMs are easy pickings for "jackpotting" by fraudsters

The older machines -- about half of them running Windows XP, which no longer receives security updates -- are very vulnerable to "jackpotting" attacks where criminals trick the machines into paying out money without correctly debiting any account, to the tune of millions. Read the rest

Counterfeit money up close

Someone sent Brian Krebs an envelope of counterfeit $100 and $50 bills, apparently manufactured by Mrmouse, the counterfeiter whom Krebs outed for selling his notes openly on Reddit. Read the rest

Cyber-crooks turn to Bitcoin extortion

Security journalist Brian Krebs documents a string of escalating extortion crimes perpetrated with help from the net, and proposes that the growth of extortion as a tactic preferred over traditional identity theft and botnetting is driven by Bitcoin, which provides a safe way for crooks to get payouts from their victims. Read the rest

Cops bust cybercrook who sent heroin to Brian Krebs

Sergei "Fly" Vovnenko, a Russo-Ukrainian cybercrook who stalked and harassed security journalist Brian Krebs -- at one point conspiring to get him arrested by sending him heroin via the Silk Road -- has been arrested. According to Krebs, Vovnenko was a prolific credit-card crook, specializing in dumps of stolen Italian credit-card numbers, and faces charges in Italy and the USA. Krebs documents how Vovnenko's identity came to light because he installed a keylogger on his own wife's computer, which subsequently leaked her real name, which led to him. Read the rest

Criminal website selling thousands of credit cards hijacked from PF Chang's diners

In an echo of the massive breach of credit-card numbers from Target, credit-card numbers from thousands of PF Chang's customers who used their cards at the restaurant between March and May 2014 are being sold on the criminal underground. Rescator, the criminal selling the PF Chang's customers' card, has branded his product "Ronald Reagan", and offers cards at different prices based on whether they're regular, gold or platinum cards. Read the rest

Mysterious announcement from Truecrypt declares the project insecure and dead

The abrupt announcement that the widely used, anonymously authored disk-encryption tool Truecrypt is insecure and will no longer be maintained shocked the crypto world--after all, this was the tool Edward Snowden himself lectured on at a Cryptoparty in Hawai'i. Cory Doctorow tries to make sense of it all.

16 year old Canadian arrested for over 30 "swattings"

A 16-year-old Canadian male has been arrested for calling in over 30 "swattings," bomb threats and other hoax calls to emergency services in North America. The young man is alleged to be the operator of @ProbablyOnion on Twitter, which had previously advertised swattings (sending SWAT teams to your enemies' homes by reporting phony hostage-takings there, advising police that someone matching your victim's description is on the scene, armed and out of control) as a service, and had bragged of swatting computer crime journalism Brian Krebs twice. Krebs had previously caught a kid who swatted him, and outed him to his father -- this may have made him a target for other swatters. Read the rest

Details about the malware used to attack Target's point-of-sale machines

The news that Target stores lost 110 million customers' credit card details in a hacker intrusion has illustrated just how grave a risk malicious software presents to the average person and the businesses they patronize. Brian Krebs has good, early details on the software that the hackers used on infected point-of-sale terminals at Target, and some good investigative guesses about who planted it there and how they operated it.

Krebs suggests that a Russian hacker called "Antikiller" may be implicated in the Target hack, and that Antikiller is, in any event, the author of the malware used against the point-of-sale systems. Read the rest

In latest US retail data breach, hackers steal info from Neiman Marcus

"Responding to inquiries about a possible data breach involving customer credit and debit card information, upscale retailer Neiman Marcus acknowledged today that it is working with the U.S. Secret Service to investigate a hacker break-in that has exposed an unknown number of customer cards," Reports Brian Krebs, at Krebs on Security blog. Read the rest

40m card numbers stolen from Target

Security researcher Brian Krebs reported yesterday that Target was investigating a data breach "potentially involving millions of customer credit and debit card records." Target confirmed this morning that 40 million such records were stolen.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

Since this was apprently being leaked to security researchers before they admitted it publicly, I guess Target's idea of "moved swiftly" is a little different to that of, oh, say, a quarter of the adult population of America. Read the rest

Mandatory bug-bounties from major vendors

Brian Krebs proposes that software vendors should be forced to pay a bounty on all newly discovered vulnerabilities in their products at rates that exceed those paid by spy agencies and criminal gangs. He says that the bill for this would be substantially less than one percent of gross revenues, and that it would represent a massive overall savings when you factor in the cost to all the businesses and individuals who are harmed by security vulnerabilities. He doesn't explain what to do with popular, free/open software though. Read the rest

Experian sold consumer data to identity thieves' service

Experian, the massive data-broker with far-reaching influence over your ability to get a mortgage, credit-card, or job, sold extensive consumer records to an identity thieves' service called Superget.info. Superget specialized in supplying identity thieves with "fullz" -- full records of their victims, useful for impersonating them and for knowing where their assets are. Experian sold the data through a third part called "Court Ventures" -- which they later acquired -- and the sales continued for about a year. Experian bills itself as a service for people worried about identity theft. It's not clear whether Experian will face any penalty for the wrongdoing. Read the rest

Where the Silk Road ends: Feds arrest 'Dread Pirate Roberts,' alleged founder of largest Bitcoin drug market

What users who attempt to connect to the Silk Road marketplace see now (HT: Adrian Chen)

Looks like the government shutdown didn't stop federal agents from shutting down the most popular "deep web" illegal drug market. In San Francisco, federal prosecutors have indicted Ross William Ulbricht, who is said to be the founder of Silk Road. The internet marketplace allowed users around the world to buy and sell drugs like heroin, cocaine, and meth.

The government announced that it seized about 26,000 Bitcoins worth roughly USD$3.6 million, making this the largest Bitcoin bust in history. There were nearly 13,000 listings for controlled substances on the Silk Road site as of Sept. 23, 2013, according to the FBI, and the marketplace did roughly USD$1.2 billion in sales, yielding some $80 million in commissions.

According to the complaint, the service was also used to negotiate murder-for-hire: "not long ago, I had a clean hit done for $80k," the site's founder is alleged to have messaged an associate.

Ulbricht, 29, is also known as "Dread Pirate Roberts." Read the rest

Keylogger service provides peek inside Nigerian 419 scammers' tactics

Security researcher Brian Krebs has had a look at the contents of "BestRecovery" (now called "PrivateRecovery") a service used by Nigerian 419 scammers to store the keystrokes of victims who have been infected with keyloggers. It appears that many of the scammers -- known locally as "Yahoo Boys" -- also plant keyloggers on each other, and Krebs has been able to get a look at the internal workings of these con artists. He's assembled a slideshow of the scammers' Facebook profiles and other information. Read the rest

Previous PageNext page