Cops bust cybercrook who sent heroin to Brian Krebs

Sergei "Fly" Vovnenko, a Russo-Ukrainian cybercrook who stalked and harassed security journalist Brian Krebs — at one point conspiring to get him arrested by sending him heroin via the Silk Road — has been arrested. According to Krebs, Vovnenko was a prolific credit-card crook, specializing in dumps of stolen Italian credit-card numbers, and faces charges in Italy and the USA. — Read the rest

Brian Krebs talks to hacker who may have SWATted him and attacked Wired's Mat Honan

Last week, Brian Krebs (a respected security researcher and journalist who often publishes details about high-tech crime) was SWATted — that is, someone defrauded his local police department into sending a SWAT team to his house, resulting in his getting confronted by gun-wielding, hair-trigger cops who had him lie on the ground and cuffed him before it was all sorted out. — Read the rest

Twitter hacker's bond hearing "hacked" by Zoombombers



The Zoom bond hearing for Graham Clark, 17, who is accused of hijacking famous people's Twitter accounts in a cryptocurrency scam, was interrupted this morning by Zoombombers "shouting racial slurs, playing music and showing pornographic images," according to ABC News.Read the rest

Your phone is a crimewave in your pocket, and it's all the fault of greedy carriers and complicit regulators

Insider attacks, cell-site simulators, SIM-swap attacks, thriving markets in super-cheap, fine-grained location data, robocalls, fictitious coverage maps, and more: does the fact that all this terrible shit keeps happening, and only gets worse, mean that mobile companies and the FCC just don't give a fuck if your mobile phone is a crime wave you carry around with you on your pocket?

Real estate title insurance company exposed 885,000,000 customers' records, going back 16 years: bank statements, drivers' licenses, SSNs, and tax records

First American Financial Corp is a Fortune 500 company that insures titles on peoples' property; their insecure website exposed 885,000,000 records for property titles, going back 16 years, including bank accounts (with scanned statements), Social Security numbers, wire transaction receipts, scanned drivers' licenses, tax records, mortgage records, etc — when notified of the error, the company (which employs 18,000 people and grossed more than $5.7B last year) closed the misconfiguration.

Leaked FBI memo warns banks of looming "unlimited ATM cashout"

When scammers get inside of the networks of financial institutions, they sometimes stage "cashouts" where they recruit confederates around the world to all hit ATMs at the same time with cards tied to hacked accounts and withdraw the maximum the ATMs will allow; but the wilier criminals first disable the anti-fraud and withdrawal maximum features in the banks' systems, enabling confederates to drain ATMs of all the cash they contain. — Read the rest

A data-broker has been quietly selling realtime access to your cellphone's location, and they suck, so anyone could get it for free

Last week, the New York Times revealed that an obscure company called Securus was providing realtime location tracking to law enforcement, without checking the supposed "warrants" provided by cops, and that their system had been abused by a crooked sheriff to track his targets, including a judge (days later, a hacker showed that Securus's security was terrible, and their service would be trivial to hack and abuse).

Man discovers he has been impersonated on Amazon by a money-launderer selling $555 "books" full of computer-generated word salad

Amazon reported to the IRS that Patrick Reames had made $24,000 selling books on its Createspace self-publishing platform, but Patrick Reames never got a dime of that money; it appears that a money-launderer who had Reames's Social Security Number used a fake book to cash out money from stolen credit cards by buying the garbage book repeatedly and pocketing the 70% from each sale.

Mirai's creators plead guilty, reveal that they created a DDoS superweapon to get a competitive edge in the Minecraft server industry

Last year, the Mirai botnet harnessed a legion of badly secured internet of things devices and turned them into a denial of service superweapon that brought down critical pieces of internet infrastructure (and even a country), and now its creators have entered guilty pleas to a Computer Fraud and Abuse Act federal case, and explained that they created the whole thing to knock down Minecraft servers that competed with their nascent Minecraft hosting business.