Looks like the government shutdown didn't stop federal agents from shutting down the most popular "deep web" illegal drug market. In San Francisco, federal prosecutors have indicted Ross William Ulbricht, who is said to be the founder of Silk Road. The internet marketplace allowed users around the world to buy and sell drugs like heroin, cocaine, and meth. — Read the rest
Security researcher Brian Krebs has had a look at the contents of "BestRecovery" (now called "PrivateRecovery") a service used by Nigerian 419 scammers to store the keystrokes of victims who have been infected with keyloggers. It appears that many of the scammers — known locally as "Yahoo Boys" — also plant keyloggers on each other, and Krebs has been able to get a look at the internal workings of these con artists. — Read the rest
A pair of researchers — one a grad student working at Twitter — bought $5,000 worth of fake Twitter accounts (with Twitter's blessing) and developed a template for identifying spam Twitter accounts. The spammers were using cheap overseas labor to solve Twitter's CAPTCHAs, registering the new accounts with automatically created email boxes from Hotmail and Mail.ru, — Read the rest
A pair of crooks in Oklahoma made more than $400,000 with a whisper-thin gas-pump credit-card skimmer that they installed in Wal-Mart gas stations, using rental cars while they were doing the installation. Kevin Konstantinov and Elvin Alisuretove allegedly harvested their skimmers every two months or so, creating bogus credit cards with the data and then withdrawing cash at ATMs or sharing it with crooks in Russia and the former USSR. — Read the rest
Defcon is an astounding hacker convention held annually in Las Vegas, and is known as an extraordinary environment in which spooks and hackers mix freely — last year, the head of the NSA gave a keynote in which he called for cooperation between security professionals and America's spies. — Read the rest
Brian Krebs reports on the Russian arrest of Pavel Vrublevsky, owner of the ChronoPay service (about whom Krebs has written an upcoming book) for witness intimidation. Vrublevsky is on trial for hiring hackers to attack a ChronoPay competitor called Assist, and he admitted that he phoned a witness in the trial and offered that person money; the witness said "he felt pressured and threatened by the offer." — Read the rest
Brian Krebs offers an in-depth look at a "cashout" service used by ransomware crooks to get money from their victims. Ransomware is malicious software that encrypts your personal files and demands that you pay a ransom for the key to decrypt them; the crooks who run the attacks demand that their victims buy prepaid MoneyPak cards and send the numbers for them by way of payment. — Read the rest
Brian Krebs delves into the world of "booter" services, low-level, amateurish denial-of-service websites where you can use PayPal to have your video-game enemies' computers knocked off the Internet by floods of traffic. Many booter services run off the same buggy codebase, and Krebs was apparently able to get inside the administrative interfaces for them and get some insight into their business. — Read the rest
ATM skimming isn't limited to ATMs! There are lots of terminals that ask you to swipe your card and/or enter a PIN, and many of them are less well-armored and -policed than actual cashpoints. Skimmers have been found on train-ticket machines, parking meters and other payment terminals. — Read the rest
It's been more than a year since the WSJ reported that Skype leaks its users' IP addresses and locations. Microsoft has done nothing to fix this since, and as Brian Krebs reports, the past year has seen the rise of several tools that let you figure out someone's IP address by searching for him on Skype, then automate launching denial-of-service attacks on that person's home. — Read the rest
It's not often that one has the opportunity to be the target of a cyber and kinetic attack at the same time. But that is exactly what's happened to me and my Web site over the past 24 hours.
"The Los Angeles Times has scrubbed its Web site of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks," reports Brian Krebs. The paper's statement on the matter is a model of how not to handle security clusterfucks.
Brian Krebs writes about how hackers have expanded the ways they extract value from compromised PCs. No longer is a compromised machine merely good for forming part of a botnet or forwarding spam. New strains of malware extract all your login/passwords for ecommerce sites, and these are then put on sale at $2 a throw on sites like Freshtools. — Read the rest
Security researcher Brian Krebs picks out some choice exchanges out of a dump from an elite Russian spammer message-board, and suggests that this contains clues to the identities of the world's most prolific spammers.
"Everything is all right with John. We drank with him recently in Europe.
Brian Krebs has published an ad from "Foreign Agents," a notorious Russian crime service. They're advertising the availability of foot soldiers in the USA who can help cash out hacked bank accounts and credit cards. Unlike traditional bank-fraud mules, who don't know that they're part of a scam, these "associates" are "неразводные" ("nerazvodni" or "not deceived"). — Read the rest
Brian Krebs has located and published a sales pitch from a hacker who has found a zero-day exploit allowing him to steal cookies from Yahoo webmail users, granting access to their accounts.
"I'm selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers," wrote the vendor of this exploit, using the hacker handle 'TheHell.'
Brian Krebs revisits his must-see chart on the ways that hacked PCs can be valuable to criminals, which is meant to help explain the importance of security to people who think that their old PCs aren't worth enough for crooks to bother with. — Read the rest
Brian Krebs, who has written many excellent investigative pieces on ATM skimmers, spent several hours watching footage seized from hidden skimmer cameras, and has concluded that covering your hand while you enter your PIN really works in many cases — and that many people don't bother to take this elementary step. — Read the rest
Brian Krebs interviews Joe Stewart, a security researcher "who's spent 18 months cataloging and tracking malicious software that was developed and deployed specifically for spying on governments, activists and industry executives." Speaking at Defcon in Las Vegas, Stewart says the "complexity and scope of these cyberspy networks now rivals many large conventional cybercrime operations. — Read the rest