When security-researcher/hornet-nest-kicker Brian Krebs outed Sergey "Flycracker" Vovnenko as administrator of a darknet crime site and botmaster of a 13,000-PC-strong botnet used to attack sites and launder stolen data, Vovnenko allegedly masterminded a plot to frame Krebs by mailing him heroin.
Sergei "Fly" Vovnenko, a Russo-Ukrainian cybercrook who stalked and harassed security journalist Brian Krebs — at one point conspiring to get him arrested by sending him heroin via the Silk Road — has been arrested. According to Krebs, Vovnenko was a prolific credit-card crook, specializing in dumps of stolen Italian credit-card numbers, and faces charges in Italy and the USA. — Read the rest
Brian Krebs is a security expert and investigative journalist who has published numerous ground-breaking stories about the online criminal underground, much to the consternation of the criminal underground. Krebs has been the victim of much harassment, including a dangerous SWATting (where someone called a SWAT team to Krebs's door, having told them that an armed gunman was inside). — Read the rest
Last week, I blogged Brian Krebs's amazing piece on AsylumBooter, a cheesy denial-of-service-for-hire site apparently run by a 17-year-old Chicago-area honor-roll student named Chandler Downs, whose PayPal account was flush with more than $30,000 paid by people who'd launched more than 10,000 online attacks. — Read the rest
Last week, Brian Krebs (a respected security researcher and journalist who often publishes details about high-tech crime) was SWATted — that is, someone defrauded his local police department into sending a SWAT team to his house, resulting in his getting confronted by gun-wielding, hair-trigger cops who had him lie on the ground and cuffed him before it was all sorted out. — Read the rest
Well perhaps unsurprisingly the accused Twitter hacker-Bitcoin thief's first (virtual) hearing was shut down within 25 minutes due to relentless Zoombombing. (It ended a minute after this when someone screenshared a Porn Hub video.) pic.twitter.com/fGiceq4WfN
The Zoom bond hearing for Graham Clark, 17, who is accused of hijacking famous people's Twitter accounts in a cryptocurrency scam, was interrupted this morning by Zoombombers "shouting racial slurs, playing music and showing pornographic images," according to ABC News. — Read the rest
Gun advocacy and conservative groups are responsible for astroturfing the reopen America campaign that has swept the US in recent days, according to research from cybersecurity experts.
Since April 15, protests against coronavirus lockdown measures have been sweeping across various American states.
I got a fun reminder last night that there a lot of greasy people out there doing a whole lot of greasy shit unto others. Last night, I was taken on a walk down memory lane: I received an email with an old password I used to use in the subject line. — Read the rest
First American Financial Corp is a Fortune 500 company that insures titles on peoples' property; their insecure website exposed 885,000,000 records for property titles, going back 16 years, including bank accounts (with scanned statements), Social Security numbers, wire transaction receipts, scanned drivers' licenses, tax records, mortgage records, etc — when notified of the error, the company (which employs 18,000 people and grossed more than $5.7B last year) closed the misconfiguration.
When scammers get inside of the networks of financial institutions, they sometimes stage "cashouts" where they recruit confederates around the world to all hit ATMs at the same time with cards tied to hacked accounts and withdraw the maximum the ATMs will allow; but the wilier criminals first disable the anti-fraud and withdrawal maximum features in the banks' systems, enabling confederates to drain ATMs of all the cash they contain. — Read the rest
Last week, the New York Times revealed that an obscure company called Securus was providing realtime location tracking to law enforcement, without checking the supposed "warrants" provided by cops, and that their system had been abused by a crooked sheriff to track his targets, including a judge (days later, a hacker showed that Securus's security was terrible, and their service would be trivial to hack and abuse).
If you've had your identity stolen or if you're worried about having been doxxed by Equifax, you can freeze your credit record, and then Equifax, Experian, Trans Union and Innovis will block any requests to access your credit report.
.cm is the top-level domain for Cameroon, and the major use-case for .cm domains is typosquatting — registering common .com domains as .cm domains (like microsoft.cm or apple.cm), in the hopes of nabbing traffic from users who fatfinger while typing a domain, and sometimes serving them malware or directing them to scams.
On August 2, 2017, security researcher Dylan Houlihan contacted Panera Bread to warn them that their customer loyalty website had a serious defect that allowed attackers to retrieve the names, email and physical addresses, birthdays and last-four of the credit cards for up to seven million customers.
Amazon reported to the IRS that Patrick Reames had made $24,000 selling books on its Createspace self-publishing platform, but Patrick Reames never got a dime of that money; it appears that a money-launderer who had Reames's Social Security Number used a fake book to cash out money from stolen credit cards by buying the garbage book repeatedly and pocketing the 70% from each sale.
Swatting is the practice of tricking police SWAT teams into storming your victim's home by phoning in fake hostage situations; it's especially prominent among cybercriminals, gamers and was a favored tactic of Gamergater trolls.
Last year, the Mirai botnet harnessed a legion of badly secured internet of things devices and turned them into a denial of service superweapon that brought down critical pieces of internet infrastructure (and even a country), and now its creators have entered guilty pleas to a Computer Fraud and Abuse Act federal case, and explained that they created the whole thing to knock down Minecraft servers that competed with their nascent Minecraft hosting business.