When security-researcher/hornet-nest-kicker Brian Krebs outed Sergey "Flycracker" Vovnenko as administrator of a darknet crime site and botmaster of a 13,000-PC-strong botnet used to attack sites and launder stolen data, Vovnenko allegedly masterminded a plot to frame Krebs by mailing him heroin.

In Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door, Brian Krebs offers a fascinating look at the mass-scale cybercrime that underpins the spam in your inbox and provides an inside peek at a violent fight among its principle players. Cory Doctorow reviews.

Sergei "Fly" Vovnenko, a Russo-Ukrainian cybercrook who stalked and harassed security journalist Brian Krebs — at one point conspiring to get him arrested by sending him heroin via the Silk Road — has been arrested. According to Krebs, Vovnenko was a prolific credit-card crook, specializing in dumps of stolen Italian credit-card numbers, and faces charges in Italy and the USA. — Read the rest

Brian Krebs is a security expert and investigative journalist who has published numerous ground-breaking stories about the online criminal underground, much to the consternation of the criminal underground. Krebs has been the victim of much harassment, including a dangerous SWATting (where someone called a SWAT team to Krebs's door, having told them that an armed gunman was inside). — Read the rest

Last week, I blogged Brian Krebs's amazing piece on AsylumBooter, a cheesy denial-of-service-for-hire site apparently run by a 17-year-old Chicago-area honor-roll student named Chandler Downs, whose PayPal account was flush with more than $30,000 paid by people who'd launched more than 10,000 online attacks. — Read the rest

Last week, Brian Krebs (a respected security researcher and journalist who often publishes details about high-tech crime) was SWATted — that is, someone defrauded his local police department into sending a SWAT team to his house, resulting in his getting confronted by gun-wielding, hair-trigger cops who had him lie on the ground and cuffed him before it was all sorted out. — Read the rest

Well perhaps unsurprisingly the accused Twitter hacker-Bitcoin thief's first (virtual) hearing was shut down within 25 minutes due to relentless Zoombombing. (It ended a minute after this when someone screenshared a Porn Hub video.) pic.twitter.com/fGiceq4WfN

— Jen Wieczner (@jenwieczner) August 5, 2020

The Zoom bond hearing for Graham Clark, 17, who is accused of hijacking famous people's Twitter accounts in a cryptocurrency scam, was interrupted this morning by Zoombombers "shouting racial slurs, playing music and showing pornographic images," according to ABC News. — Read the rest

Simon Chandler writes on Forbes:

Gun advocacy and conservative groups are responsible for astroturfing the reopen America campaign that has swept the US in recent days, according to research from cybersecurity experts.

Since April 15, protests against coronavirus lockdown measures have been sweeping across various American states.

Insider attacks, cell-site simulators, SIM-swap attacks, thriving markets in super-cheap, fine-grained location data, robocalls, fictitious coverage maps, and more: does the fact that all this terrible shit keeps happening, and only gets worse, mean that mobile companies and the FCC just don't give a fuck if your mobile phone is a crime wave you carry around with you on your pocket?

I got a fun reminder last night that there a lot of greasy people out there doing a whole lot of greasy shit unto others. Last night, I was taken on a walk down memory lane: I received an email with an old password I used to use in the subject line. — Read the rest

First American Financial Corp is a Fortune 500 company that insures titles on peoples' property; their insecure website exposed 885,000,000 records for property titles, going back 16 years, including bank accounts (with scanned statements), Social Security numbers, wire transaction receipts, scanned drivers' licenses, tax records, mortgage records, etc — when notified of the error, the company (which employs 18,000 people and grossed more than $5.7B last year) closed the misconfiguration.

OG Users is a forum for people who steal login credentials for online services, mostly to sell desirable login-names for popular services like Instagram; it attained notoriety when Motherboard's Lorenzo Franceschi-Bicchierai linked the forum to an epidemic of SIM-swapping attacks; a few months later, the Reply All podcast devoted an episode to the forum.

When scammers get inside of the networks of financial institutions, they sometimes stage "cashouts" where they recruit confederates around the world to all hit ATMs at the same time with cards tied to hacked accounts and withdraw the maximum the ATMs will allow; but the wilier criminals first disable the anti-fraud and withdrawal maximum features in the banks' systems, enabling confederates to drain ATMs of all the cash they contain. — Read the rest

Last week, the New York Times revealed that an obscure company called Securus was providing realtime location tracking to law enforcement, without checking the supposed "warrants" provided by cops, and that their system had been abused by a crooked sheriff to track his targets, including a judge (days later, a hacker showed that Securus's security was terrible, and their service would be trivial to hack and abuse).

If you've had your identity stolen or if you're worried about having been doxxed by Equifax, you can freeze your credit record, and then Equifax, Experian, Trans Union and Innovis will block any requests to access your credit report.

.cm is the top-level domain for Cameroon, and the major use-case for .cm domains is typosquatting — registering common .com domains as .cm domains (like microsoft.cm or apple.cm), in the hopes of nabbing traffic from users who fatfinger while typing a domain, and sometimes serving them malware or directing them to scams.

On August 2, 2017, security researcher Dylan Houlihan contacted Panera Bread to warn them that their customer loyalty website had a serious defect that allowed attackers to retrieve the names, email and physical addresses, birthdays and last-four of the credit cards for up to seven million customers.

Amazon reported to the IRS that Patrick Reames had made $24,000 selling books on its Createspace self-publishing platform, but Patrick Reames never got a dime of that money; it appears that a money-launderer who had Reames's Social Security Number used a fake book to cash out money from stolen credit cards by buying the garbage book repeatedly and pocketing the 70% from each sale.

Swatting is the practice of tricking police SWAT teams into storming your victim's home by phoning in fake hostage situations; it's especially prominent among cybercriminals, gamers and was a favored tactic of Gamergater trolls.

Last year, the Mirai botnet harnessed a legion of badly secured internet of things devices and turned them into a denial of service superweapon that brought down critical pieces of internet infrastructure (and even a country), and now its creators have entered guilty pleas to a Computer Fraud and Abuse Act federal case, and explained that they created the whole thing to knock down Minecraft servers that competed with their nascent Minecraft hosting business.