krebs

2020 Elections: Ransomware attacks on voter registration databases and systems feared by cybersecurity officials

The U.S. government will launch a program about a month from now to help state officials prevent ransomware attacks on voter registration databases and systems, ahead of the 2020 presidential election. Read the rest

Your phone is a crimewave in your pocket, and it's all the fault of greedy carriers and complicit regulators

Insider attacks, cell-site simulators, SIM-swap attacks, thriving markets in super-cheap, fine-grained location data, robocalls, fictitious coverage maps, and more: does the fact that all this terrible shit keeps happening, and only gets worse, mean that mobile companies and the FCC just don't give a fuck if your mobile phone is a crime wave you carry around with you on your pocket? Read the rest

PSA: Digital scammers will try to scam you

I got a fun reminder last night that there a lot of greasy people out there doing a whole lot of greasy shit unto others. Last night, I was taken on a walk down memory lane: I received an email with an old password I used to use in the subject line. Here's what was inside. I've removed the  password from the mix, for obvious reasons:

_________ is yoũr passphrasęs. Lets get right to the point. No person has paid me to check about you. You do nŏt know me and you're mŏst likely wondęrİng why you're getting this e-mail?

İ installed a softwāre on thę adũlt vidęo clips (porno) web-site and gũess what, yoũ visited this site to have fun (yŏu know what i mean). While yŏu were vİęwing vidęŏ clİps, yŏur internet browsęr startęd working as a RDP that has a kęy logger which prŏvided me with āccessİbİlity to your screen ās well as cām. Jũst aftęr thāt, my software gāthered all yoũr cŏntacts from your Messenger, socİal networks, as well ās e-maİlaccount. after thāt i created ā video. 1st part shows the video yoũ were vİewing (you've got a nice tastę lmao), ānd nęxt part displays the ręcordİng ŏf your web cām, yea its yoũ.

Yŏũ actually hāvę two diffęręnt possİbilities. Shall we explŏre these types ŏf choices in āspęcts:

First optİon is tŏ neglect this messāgę. in thİs case, i ām going to sęnd your vęry own video to each one of yoũr contacts and also yoũ can easİly İmāgine ręgarding the humiliātİŏn you will definitely get.

Read the rest

Real estate title insurance company exposed 885,000,000 customers' records, going back 16 years: bank statements, drivers' licenses, SSNs, and tax records

First American Financial Corp is a Fortune 500 company that insures titles on peoples' property; their insecure website exposed 885,000,000 records for property titles, going back 16 years, including bank accounts (with scanned statements), Social Security numbers, wire transaction receipts, scanned drivers' licenses, tax records, mortgage records, etc -- when notified of the error, the company (which employs 18,000 people and grossed more than $5.7B last year) closed the misconfiguration. Read the rest

Notorious forum for account-thieves hacked, login and messages stolen and dumped

OG Users is a forum for people who steal login credentials for online services, mostly to sell desirable login-names for popular services like Instagram; it attained notoriety when Motherboard's Lorenzo Franceschi-Bicchierai linked the forum to an epidemic of SIM-swapping attacks; a few months later, the Reply All podcast devoted an episode to the forum. Read the rest

Facebook stored millions of passwords as plain text

"Change your Facebook password right now" is the instructive title of a news story at Wired today, sourced to a report at Krebs on Security. Read the rest

Washington State sheriff used courtroom camera to zoom in on defense attorney and juror's private notes

A San Juan county assault case has been thrown out after it was revealed that Sheriff Ron Krebs had used the courtroom's cameras to zoom in on the notes of the defense attorney and a juror. Read the rest

Leaked FBI memo warns banks of looming "unlimited ATM cashout"

When scammers get inside of the networks of financial institutions, they sometimes stage "cashouts" where they recruit confederates around the world to all hit ATMs at the same time with cards tied to hacked accounts and withdraw the maximum the ATMs will allow; but the wilier criminals first disable the anti-fraud and withdrawal maximum features in the banks' systems, enabling confederates to drain ATMs of all the cash they contain. This is called an "unlimited cashout." Read the rest

New sextortion phishing scam uses target's harvested password

A new twist on an old email scam making the rounds addresses its recipients by name and uses an actual password (hopefully deprecated). They attempt to blackmail victims, and it's definitely a little anxiety-inducing to see an old password written out. Read the rest

Tech giants met with intel chiefs at Facebook HQ to discuss Russian attacks on midterm elections

Representatives from 8 of America's largest technology companies met with U.S. intelligence officials in May to talk about how to respond to the ongoing Russian cyber-attacks and foreign influence campaigns that affected our 2016 elections, and could alter the course of year’s midterms. Read the rest

A data-broker has been quietly selling realtime access to your cellphone's location, and they suck, so anyone could get it for free

Last week, the New York Times revealed that an obscure company called Securus was providing realtime location tracking to law enforcement, without checking the supposed "warrants" provided by cops, and that their system had been abused by a crooked sheriff to track his targets, including a judge (days later, a hacker showed that Securus's security was terrible, and their service would be trivial to hack and abuse). Read the rest

Equifax lets identity thieves raid "frozen" credit reports through its shady, obscure secondary credit bureau

If you've had your identity stolen or if you're worried about having been doxxed by Equifax, you can freeze your credit record, and then Equifax, Experian, Trans Union and Innovis will block any requests to access your credit report. Read the rest

The .cm typosquatters accidentally exposed their logs, revealing the incredible scale of typojacking

.cm is the top-level domain for Cameroon, and the major use-case for .cm domains is typosquatting -- registering common .com domains as .cm domains (like microsoft.cm or apple.cm), in the hopes of nabbing traffic from users who fatfinger while typing a domain, and sometimes serving them malware or directing them to scams. Read the rest

They're just like us: Feds fear their phone calls and texts are being monitored

The use of fake cellphone towers, known as Stingrays or IMSI catchers, plays well with the nation's spy agencies and in some police jurisdictions. The authorities just can't get enough of being able to locate or listen in on private phone calls! But when it comes to members of the government being surveilled, well that's a different story.

According to Ars Technica, the Feds are are pretty, pretty sure that their mobile phone calls are being monitored by Stingray hardware set up by bad dudes, but they have no idea of who those bad dudes might be, or how to stop them. In a letter brought to light by the Associated Press on Tuesday, the Department of Homeland Security's National Protection and Programs Directorate hasn't got a clue of who's responsible for setting up the elicit Stingray hardware and hasn't got any ideas of how they might shut them down:

"NPPD is aware of anomalous activity outside the [National Capital Region] that appears to be consistent with IMSI catchers," Krebs also wrote. "NPPD has not validated or attributed this activity to specific entities or devices. However, NPPD has shared this information with Federal partners."

Maybe they should ask moose and squirrel a lead. I dunno.

Normally, I'd be worried about a foreign or domestic agency spying on the doings of one of the most powerful governments in the world. But the feeling that comes from hearing about the Feds getting a taste of their own medicine makes it really hard to focus on that. Read the rest

Eight months ago, Panera Bread was warned that they were leaking up to 7 million customers' data. They fixed it yesterday. Kinda.

On August 2, 2017, security researcher Dylan Houlihan contacted Panera Bread to warn them that their customer loyalty website had a serious defect that allowed attackers to retrieve the names, email and physical addresses, birthdays and last-four of the credit cards for up to seven million customers. Read the rest

Clocks in Europe running six minutes slow because of a power-grid dispute

This is fascinating: Millions of clocks across Europe have lost time, because of a dispute over electricity generation.

Citizens across Europe had been noticing that clocks in certain devices -- LED-style alarm clocks, stoves, and microwaves -- had been gradually losing time over the last few weeks. Why? Because those devices keep time based on the frequency of the European electrical grid, which is normally 50 hertz.

But in the past few weeks, the frequency of the grid has dropped slightly -- it's down to 49.996 hertz. So all those clocks have gradually run more and more slowly. People had noticed ...

Okay, so ... why has the grid's frequency dropped? As NPR explains, it's because of a political fight:

The problem, affecting some two dozen countries from Spain to Turkey, originates from a political disagreement between Kosovo and Serbia, ENTSO-E said.

Reuters reports Kosovo was using more power than it generated and Serbia, responsible for righting an imbalance, failed to do so, resulting in the deviation.

Tensions have been rising between the two for some time. Kosovo broke away from Serbia in 2008 after the brutal war of the 1990s, but Belgrade still does not recognize Kosovo's independence. And Reuters reports that while Serbia and Kosovo agreed to jointly operate a power grid in 2015, disagreements over distribution have stalled implementation of the deal.

ENTSO-E spokeswoman Susanne Nies told NPR on Wednesday that Kosovo began producing enough power for its population on Tuesday, thus stopping the deviation.

Read the rest

Criminals are laundering money by selling books of computer-generated gibberish on Amazon

Lower Days Ahead is an Amazon print on demand paperback book filled with nonsense sentences, the kind found in spam email to make its way past Bayesian filters. The author is "Patrick Reames" but when Reames received a 1099 form from Amazon he made $24,000 selling the book he was surprised, because he didn't write it or get any money from the sale of the book. It's likely that criminals are using Amazon's print on demand program to launder money.

From Krebs on Security:

Reames said he suspects someone has been buying the book using stolen credit and/or debit cards, and pocketing the 60 percent that Amazon gives to authors. At $555 a pop, it would only take approximately 70 sales over three months to rack up the earnings that Amazon said he made.

“This book is very unlikely to ever sell on its own, much less sell enough copies in 12 weeks to generate that level of revenue,” Reames said. “As such, I assume it was used for money laundering, in addition to tax fraud/evasion by using my Social Security number. Amazon refuses to issue a corrected 1099 or provide me with any information I can use to determine where or how they were remitting the royalties.”

Read the rest

Next page

:)