Security reporter Brian Krebs has a fascinating piece up on Pavel Vrublevsky, founder of Russia's biggest online payment processor, ChronoPay. Krebs reports that this man also co-owns Rx-Promotion, an online pharmacy that sells tens of millions of US dollars worth of controlled pills to Americans each year: Valium, Percocet, Tramadol, Oxycodone, and other substances with high street resale value. Just before Krebs arrived in Russia to meet with Vrublevsky, "several truckloads of masked officers from Russian drug enforcement bureaus" raided a private party thrown for the top moneymakers of Rx-Promotion (that's their promotional banner, above). Snip:
Read the rest
I hadn't told Vrublevsky that I was coming to Russia before I arrived on Feb. 8. But I wasted no time in phoning him via Skype, using the line he normally calls me on several times a week.
"Duuuuuuuudddde!," he answers. "It's 7 a.m. where you are, who died?"
I reply that I am in fact in his time zone and that we should meet. After another long "Duuuuuuuuddde!" Vrublevsky promises to send a car if I will wait in the hotel lobby. He tells me he'll be sending along with the driver his receptionist, named Vera. He proceeds to describe Vera as this grossly overweight, unattractive older lady but, hey, she speaks English and knows how to deal with Westerners, so she's coming, he says.
Fifteen minutes later, I am seated in the lobby waiting for Vera, watching incoming guests as they stomp off snow and trudge through the hotel's revolving door. I find it difficult to avoid staring at this unusually attractive, slender, dark-haired young woman standing nervously just beside the door.
Brian Krebs reports on a new wrinkle in ATM skimmer design: if the ATM is in its own lobby, crooks can steal your card number and PIN without ever touching the ATM. Instead, they attach the skimmer to the door-lock
(you know those doors that only open if you swipe your card?) and then use a hidden camera to record you keying in your PIN. Clever, in a horrible way, especially since ATMs in their own lobby feel more secure.
On July 24, 2009, California police officers responded to a report that a customer had uncovered a camera hidden behind a mirror that was stuck to the wall above an ATM at a bank in Sherman Oaks, Calif. There were two ATMs in the lobby where the camera was found, and officers discovered that the thieves had placed an "Out of Order" sign on the ATM that did not have the camera pointed at its PIN pad. The sign was a simple ruse designed to trick all customers into using the cash machine that was compromised.
Read the rest
Bank security cameras at the scene of the crime show the fake mirror installed over the ATM on the right...
The attackers hitting this ATM were either very persistent, or varied: A source familiar with the July 24 incident said this particular door lock would be stolen and modified a total of nine times in 2009.
The camera used in this attack retails for about $150, can record up to 2 GB (about two hours worth) of video, and runs on a rechargeable lithium ion battery.
This. Note the dot-mil and dot-govs, and good heavens, the affordable pricing. Fascinating story behind the screengrab over at Krebs on Security. Read the rest
Brian Krebs tracked down a black-market retailer of mobile-phone-based ATM skimmers that capture your PIN and transmit it to fraudsters over the GSM network. The vendor gave him the whole sales-pitch for the efficiency and safety (for the criminals) of GSM-based skimmers. It's a fascinating read, unless you use ATMs, in which case, it's a terrifying one.
So we potentially have already about 20k dollars. Also imagine that if was not GSM sending SMS and to receive tracks it would be necessary to take the equipment from ATM, and during this moment, at 15:00 there comes police and takes off the equipment.
Read the rest
And what now? All operation and your money f#@!&$ up? It would be shame!! Yes? And with GSM the equipment we have the following: Even if there comes police and takes off the equipment, tracks are already on your computer. That means they are already yours, and also mean this potential 20k can be cash out asap. In that case you lose only the equipment, but the earned tracks already sent. Otherwise without dumps transfer - you lose equipment, and tracks, and money.
That's not all: There is one more important part. We had few times that the police has seen the device, and does not take it off, black jeeps stays and observe, and being replaced by each hour. But the equipment still not removed. They believe that our man will come for it. And our observers see this circus, and together with it holders go as usual, and tracks come with PINs as usual.
Brian Krebs reports on "bulletproof hosting" providers that offer malware/spyware creeps, spammers, rip-off artists and other Mos Eisley cantina-dwellers a place to park a website where takedown notices, search warrants, and the law can't reach.
Of course, just how insulated this particular provider's services are and how much illicit activity you can get away with while using them depends largely on how much you're willing to shell out each month. For example, an entry level "default bulletproof server" allows customers to host things like rogue online pharmacies, replica, gambling, and MP3 sites for $270 per month. But this service level bars customers from hosting nastier content, such as malware, spyware, adware, exploits, viruses, and phishing sites.
Body Armor for Bad Web Sites
Phishing as a day-job
Phishing scheme goes after carbon credits
New eBay phishing trick
How I got phished
Verified by Visa: British banks phish their own customers - Boing ... Read the rest
Upgrade to the "Super BulletProof Virtual Dedicated Servers in China" -- and pay almost $500 a month -- and the only activities that are prohibited are sending spam and hosting any type of porn.
The provider pictured here also upsells potential customers by offering a variety of handy add-on services. For extra coin each month, one can rent a bulletproof server with a license for XRumer, a black hat search engine manipulation tool that automates the registration of new Web forum accounts and the spamming of links on those forums, all in a bid to boost the search engine rankings of the spamvertized site. If you operate a blog and have had to deal with what appear to be automated, link-filled comments, chances are good that XRumer was involved in some way.
[image: PartyPoker founder Ruth Parasol]
I know what patriotic Americans reading about the lucrative feats being pulled off by organized cyber criminals in Russia, Ukraine and elsewhere are thinking. Can't mobsters from the good old U.S. of A. compete in today's fast-moving global marketplace?
It's a sad fact that the West is lagging behind in giant-scale Internet fraud. But I don't think we need to lobby for a Five Families bailout just yet, especially if the Republicans capture the House tomorrow and kill Rep. Barney Frank's effort to legalize online gambling.
True, the other side has unfair advantages, including stunningly
corruptible business-oriented law enforcement and the lack of a Silicon Valley to siphon
off programming talent with high-paying straight jobs. In fact, some countries essentially sport a pre-fabbed mob infrastructure. Even legitimate enterprises typically hire their own mafia patron to negotiate cop-shakedowns and fend off other mobsters wanting handouts, so a greater union is pretty much the natural course of things once a hacking group gets big.
Read the rest
As a book freak (bibliophile is just too refined to describe my love for certain bound publications) I have been researching the case of a particular poetry volume for a few years now. Recently, Xeni posted on the U.S. government's purchase and destruction of upwards of 10,000 books that reminded me of the case I am researching and I found the parallels between the two instances eerie. I am going to request a suspension of Godwin's law for the time that you read this piece as the unintentional but unavoidable comparison to the Nazis cannot be hidden.
Gottfried Benn: German poet, medical doctor, and Nazi sympathizer, published a collection of his poems in May 1936 entitled "Selected Poems - Ausgewählte Gedichte". Although authorized for publication under the Nazis, upon a closer reading of the poems the authorities quickly changed their minds. The Black Corps - Das Schwarze Korps, the official weekly propaganda newspaper of the SS, vilified the publication by calling Benn a Selbsterrreger (Self-agitator or Masturbator). Some of his early expressionist poems were deemed to be inappropriate for a Nazi audience and the newspaper advised him, "Give it up, poet Benn, the times for such disgusting things (Ferkeleien - literally 'acts of piglets') are permanently gone".
This created such a furor over the poetry volume that the book was banned at the beginning of the summer of 1936. The copies in existence were systematically rounded up and destroyed by the government.
Unlike previous instances of Nazi book burning that were largely symbolic but did not represent a complete extermination of a particular work, this instance of publication, review, recall, and destruction eliminated almost all of the original first editions printed. Read the rest
Brian Krebs brings us a fascinating look at the inner workings of a site that sells stolen credit card numbers to fraudsters; the site is structured like a bizarro-world PayPal, with soft come-ons, hidden fees, and lots of upsell pressure.
The trouble is, the minute you seek to narrow your search using the built-in tools, the site starts adding all these extra convenience fees (sound familiar?). For example, if I were going to buy a card stolen from anyone around the Washington, D.C. area, it would probably be from a resident of McLean, Va., which is more or less a tony place where plenty of well-to-do folk reside. Anyway, the site found me a card (a MasterCard) belonging to a McLean resident alright, but then the service wanted to tack on an extra $.60 just because I isolated my search by city and state -- raising the cost in my shopping cart to $2.10! No way, Jose. Not this bargain shopper.
I'll Take 2 MasterCards and a Visa, Please
World's "most prolific" bank card broker busted in France, says ...
How to stop restaurant tip fraud
Inside organized credit-card fraud
Visa claims teen spent $23148855308184500.00 on prepaid credit ...
What really happens when you select "debit" or "credit" with your ...
Chip-and-PIN is broken
Beware of FYE's VIP Backstage Pass program Read the rest
Brian Krebs continues his excellent series of posts on ATM skimmers, this time with a report on the state of the art in commercially available artisan-crafted skimmers that can be bought through the criminal underground (accept no imitations!):
Generally, these custom-made devices are not cheap, and you won't find images of them plastered all over the Web. Take these pictures, for instance, which were obtained directly from an ATM skimmer maker in Russia. This custom-made skimmer kit is designed to fit on an NCR ATM model 5886, and it is sold on a few criminal forums for about 8,000 Euro -- shipping included. It consists of two main parts: The upper portion is a carefully molded device that fits over the card entry slot and is able to read and record the information stored on the card's magnetic stripe (I apologize for the poor quality of the pictures: According to the Exif data included in these images, they were taken earlier this year with a Nokia 3250 phone).
ATM Skimmers: Separating Cruft from Craft
ATM skimmer -- could you spot it in the wild?
Accused ATM-skimmer swallows USB drive in custody, doctors remove ...
HOWTO build an RFID skimmer
ATM skimmers: man, these things are scary
Local man finds card skimmer on ATM Gadgets Read the rest
The second component is a PIN capture device that is essentially a dummy metal plate with a look-alike PIN entry pad designed to rest direct on top of the actual PIN pad, so that any keypresses will be both sent to the real ATM PIN pad and recorded by the fraudulent PIN pad overlay.
A single person in Nigeria is responsible for creating 1,100 phishing sites, as reported by Phishlabs after clever experiment that allowed them to monitor the use of phishing toolkits in the wild. The fraudster set up two to three phishing sites a week.
Meanwhile, the Anti-Phishing working group attributes two thirds of phishing attacks to a gang called "Avalanche."
About a year and a half ago, investigators at Charleston, S.C. based PhishLabs found that one particular backdoor that showed up time and again in phishing attacks referenced an image at a domain name that was about to expire. When that domain finally came up for grabs, PhishLabs registered it, hoping that they could use it to keep tabs on new phishing sites being set up with the same kit...
Read the rest
PhishLabs determined that most of the phishing sites were likely set up by a single person -- a man in Lagos, Nigeria that PhishLabs estimates was responsible for about 1,100 of the phishing sites the company tracked over the 15 month experiment.
"This guy was setting up two to three new phishing sites each day," Phishlabs founder and president John LaCour said. "If you accept conservative estimates, that this guy is stealing about 10 [sets of] banking credentials per phish, and that conservatively each of these stolen credentials causes $500 in losses, we're talking about more than $4 million a year he's probably making."
When PhishLabs plotted the guy's daily online activity, the resulting graph displayed like a bell curve showing the sort of hourly workload you'd typically see in a regular 9-5 job, LaCour said.
Running Windows and have at apps from least 22 vendors installed? Be prepared to install a security update every five days, or live in danger of losing control over your OS, bank details, webcam, and contents of your fridge (the median number of apps on users' PCs in this study is 66).
Of course, the study comes from a company that makes a tool to make it easier to install security updates, so there is that. And they give it away for free, and Brian Krebs, who knows from security, likes it.
The average Microsoft Windows user has software from 22 vendors on her PC, and needs to install a new security update roughly every five days in order to use these programs safely, according to an insightful new study released this week.
Yep, There's a Patch for That
Previously:Report: security glitch exposes Mac OS X passwords
"Microsoft Update Quietly Installs Firefox Extension"
Microsoft "Genuine Advantage" cracked in 24h: window ...
MSFT's braindead back-door reveals sneaky spyware ...
Read the rest
The figures come from security research firm Secunia, which looked at data gathered from more than two million users of its free Personal Software Inspector tool. The PSI is designed to alert users about outdated and insecure software that may be running on their machines, and it is an excellent application that I have recommended on several occasions.
Brian Krebs continues to scare the pants off of me with his ongoing series on sophisticated ATM skimmers (devices that capture your card number, working with a hidden camera to catch your PIN). His slideshow of next-gen skimmers has me convinced that there's no way I'd notice a skimmer on an ATM that I was using: "According to Doten, the U.S. Secret Service estimates that annual losses from ATM fraud totaled about $1 billion in 2008, or about $350,000 each day. Card skimming, where the fraudster affixes a bogus card reader on top of the real reader, accounts for more than 80 percent of ATM fraud, Doten said."
ATM Skimmers, Part II
ATM card skimmer in real life -- Boing Boing Gadgets
ATM skimmer -- could you spot it in the wild?
Read the rest
Brian Krebs's "Krebs on Security" features an ATM skimmer that is chillingly well-camouflaged. After seeing photos of early, crude skimmers -- devices that capture your card number and work in concert with a hidden camera that records you punching in your PIN -- I assumed that I could rely on my own powers of observation to keep from falling victim to one. Now I don't think I can be so sanguine. Be sure to follow some of the links in the post for some hair-raising examples of the form.
This particular skimmer was found Dec. 6, 2009, attached to the front of a Citibank ATM in Woodland Hills, Calif. Would you have been able to spot this?
Would You Have Spotted the Fraud?
This is fairly professional job: Notice how the bulk of the electronics fit into the flap below the card acceptance slot. Also, check out the tiny pinhole camera (pictured below), ostensibly designed to switch on and record the victim's movements as he or she enters their PIN at the ATM.
Previously:Mouse nesting in ATM Boing Boing
African ATM offers eight languages - Boing Boing
Boing Boing: Fake ATM receipts for sale
Citibank PIN/ATM fiasco "worst ever," involves more banks - Boing ...
UK ATM cards' chips defeated with discount airfares - Boing Boing
Ripoff: Visa/Mastercard's "Foreign transaction fee" - Boing Boing
Boing Boing: Crook reprograms ATM in PA to think $20s are $1s Read the rest
Kevin Poulsen at Threat Level
has a great item up about the growing menace of "money mules
." The term refers to bank customers who've been conned into unwittingly laundering cash that hackers have stolen from business bank accounts. The con and the funny phrase have been around for a while, but the US Federal Deposit Insurance Corporation
issued a new warning to American financial institutions about the increasing spread on Thursday. Snip:
Using specialized Trojan horse malware, cybercrooks have been intercepting web-banking credentials from the computers of small and midsize businesses, and then initiating wire transfers to mules around the country. The mules are consumers who’ve been lured into fake work-at-home scams, in which their employment involves receiving money transfers and then forwarding the funds to Eastern Europe, either directly or through other mules.
FDIC Warns Banks to Watch for 'Money Mules' Duped by Hackers [ Threat Level via @glennf ]
The scheme has exploded in the last year, with the FBI estimating losses at $40 million so far, according to a recent story from WashingtonPost.com reporter Brian Krebs, who’s been closely following the attacks.
[ Image: Bank Safe Online UK ] Read the rest