“The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures,” writes Brian Krebs. Read the rest
Enough Hilton Hhonors points to cover $1200 worth of stays can be bought for $12, and the crooks who're inside your account can use your associated credit-card to buy more points and more hotel rooms for themselves. Read the rest
The older machines -- about half of them running Windows XP, which no longer receives security updates -- are very vulnerable to "jackpotting" attacks where criminals trick the machines into paying out money without correctly debiting any account, to the tune of millions. Read the rest
Someone sent Brian Krebs an envelope of counterfeit $100 and $50 bills, apparently manufactured by Mrmouse, the counterfeiter whom Krebs outed for selling his notes openly on Reddit. Read the rest
Security journalist Brian Krebs documents a string of escalating extortion crimes perpetrated with help from the net, and proposes that the growth of extortion as a tactic preferred over traditional identity theft and botnetting is driven by Bitcoin, which provides a safe way for crooks to get payouts from their victims. Read the rest
Sergei "Fly" Vovnenko, a Russo-Ukrainian cybercrook who stalked and harassed security journalist Brian Krebs -- at one point conspiring to get him arrested by sending him heroin via the Silk Road -- has been arrested. According to Krebs, Vovnenko was a prolific credit-card crook, specializing in dumps of stolen Italian credit-card numbers, and faces charges in Italy and the USA. Krebs documents how Vovnenko's identity came to light because he installed a keylogger on his own wife's computer, which subsequently leaked her real name, which led to him. Read the rest
In an echo of the massive breach of credit-card numbers from Target, credit-card numbers from thousands of PF Chang's customers who used their cards at the restaurant between March and May 2014 are being sold on the criminal underground. Rescator, the criminal selling the PF Chang's customers' card, has branded his product "Ronald Reagan", and offers cards at different prices based on whether they're regular, gold or platinum cards. Read the rest
A 16-year-old Canadian male has been arrested for calling in over 30 "swattings," bomb threats and other hoax calls to emergency services in North America. The young man is alleged to be the operator of @ProbablyOnion on Twitter, which had previously advertised swattings (sending SWAT teams to your enemies' homes by reporting phony hostage-takings there, advising police that someone matching your victim's description is on the scene, armed and out of control) as a service, and had bragged of swatting computer crime journalism Brian Krebs twice. Krebs had previously caught a kid who swatted him, and outed him to his father -- this may have made him a target for other swatters. Read the rest
The news that Target stores lost 110 million customers' credit card details in a hacker intrusion has illustrated just how grave a risk malicious software presents to the average person and the businesses they patronize. Brian Krebs has good, early details on the software that the hackers used on infected point-of-sale terminals at Target, and some good investigative guesses about who planted it there and how they operated it.
Krebs suggests that a Russian hacker called "Antikiller" may be implicated in the Target hack, and that Antikiller is, in any event, the author of the malware used against the point-of-sale systems. Read the rest
Security researcher Brian Krebs reported yesterday that Target was investigating a data breach "potentially involving millions of customer credit and debit card records." Target confirmed this morning that 40 million such records were stolen.
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Since this was apprently being leaked to security researchers before they admitted it publicly, I guess Target's idea of "moved swiftly" is a little different to that of, oh, say, a quarter of the adult population of America. Read the rest
Experian, the massive data-broker with far-reaching influence over your ability to get a mortgage, credit-card, or job, sold extensive consumer records to an identity thieves' service called Superget.info. Superget specialized in supplying identity thieves with "fullz" -- full records of their victims, useful for impersonating them and for knowing where their assets are. Experian sold the data through a third part called "Court Ventures" -- which they later acquired -- and the sales continued for about a year. Experian bills itself as a service for people worried about identity theft. It's not clear whether Experian will face any penalty for the wrongdoing. Read the rest