Sergei "Fly" Vovnenko, a Russo-Ukrainian cybercrook who stalked and harassed security journalist Brian Krebs -- at one point conspiring to get him arrested by sending him heroin via the Silk Road -- has been arrested. According to Krebs, Vovnenko was a prolific credit-card crook, specializing in dumps of stolen Italian credit-card numbers, and faces charges in Italy and the USA. Krebs documents how Vovnenko's identity came to light because he installed a keylogger on his own wife's computer, which subsequently leaked her real name, which led to him.
Read the rest
Kaspersky Labs (Russia) and Citizen Lab (University of Toronto) have independently published details of phone-hacking tools sold to police departments worldwide by the Italian firm Hacking Team (here's Kaspersky's report and Citizen Lab's). The tools can be used to attack Android, Ios, Windows Mobile and Blackberry devices, with the most sophisticated attacks reserved for Android and Ios.
The spyware can covertly record sound, images and keystrokes, capture screenshots, and access the phones' storage and GPS. The tools are designed to detect attempts to search for them and to delete themselves without a trace if they sense that they are under attack.
Hacking Team insists that its tools are only sold to "democratic" police forces, but Citizen Lab's report suggests that the tool was used by the Saudi government to target dissidents.
The means of infection is device-specific. If police have physical access, it's simple. Android devices can be attacked by infecting a PC with a virus that installs the police malware when the device is connected to it. This attack also works on jailbroken Iphones.
Read the rest
Rebecca from EFF writes, "How would you feel about having your computer taken over by online test-taking software - complete with proctors peering through your laptop camera? Reporters at the Spartan Daily (the student paper for San Jose State University) have an interesting story about new software in use there
, and the legitimate concerns that some students have. The data-broker connection is especially chilling to those worried about their personal information." The company's response? "We're a customer service business, so it’s really not advantageous for us to violate that trust." Oh, well, so long as that's sorted out then.
A London court has found a man named Andrew Meldrum guilty of "unauthorised access to computer material" and "voyeurism." Meldrum "helped" young women fix their computers and covertly installed snoopware on them, and subsequently spied on them via their webcams. He is to be sentenced in April. A forensics expert claims that this sort of thing is "very common."
Read the rest