Monthly Archives: January 2011

PlentyofFish.com Hacked, Blames Messenger

January 31, 2011

Hackers have breached the database of online dating site PlentyOfFish.com, exposing personal and password information on nearly 30 million users, including its founder and administrators. In response, the company has implied that the editor of KrebsOnSecurity.com was involved in an elaborate extortion plot.

Getting hacked is no fun. Learning that you’ve been hacked when a reporter calls is probably even less fun. But for better or worse, I have notified dozens of companies about various breaches over the years, and I’ve learned a few things about how victims respond. Usually, when the company in question responds by implicating you in an alleged extortion scheme, two things become clear:

1) You’re probably not going to get any real answers to your direct questions about the incident, and;

2) The company almost certainly did have a serious breach.

ATM Skimmers That Never Touch the ATM

January 31, 2011

Media attention to crimes involving ATM skimmers may make consumers more likely to identify compromised cash machines, which involve cleverly disguised theft devices that sometimes appear off-color or out-of-place. Yet, many of today’s skimmer scams can swipe your card details and personal identification number while leaving the ATM itself completely untouched, making them far more difficult to spot.

The most common of these off-ATM skimmers can be found near cash machines that are located in the antechamber of a bank or building lobby, where access is controlled by a key card lock that is activated when the customer swipes his or her ATM card. In these scams, the thieves remove the card swipe device attached to the outside door, add a skimmer, and then reattach the device to the door. The attackers then place a hidden camera just above or beside the ATM, so that the camera is angled to record unsuspecting customers entering their PINs.

Egypt Unplugged from the Internet

January 28, 2011

As many readers no doubt know, the Egyptian government on Thursday severed the nation’s ties with the rest of the Internet, in an apparent effort to disrupt political protests calling for an end to the 30-year rule of Egyptian leader Hosni Mubarak.

I’ve been tweeting new developments as they arise, but I wanted to point to a few of the more dramatic graphs that different sources have drawn up to show the precipitous decline in Internet traffic and connectivity from Egypt as leaders there sought to isolate phone and computer networks from the rest of the world.

Battling the Zombie Web Site Armies

January 26, 2011

Peter Bennett first suspected his own Web site might have been turned into a spam-spewing zombie on Nov. 11, the night he discovered that a tiny program secretly uploaded to his site was forcing it to belch ads for rogue Internet pharmacies.

Bennett’s site had been silently “infected” via an unknown (at the time) vulnerability in a popular e-commerce software package. While most site owners probably would have just cleaned up the mess and moved on, Bennett — a longtime anti-spam vigilante — took the attack as a personal challenge.

Ready for Cyberwar?

January 21, 2011

With all of the media and public fascination with threats like Stuxnet and weighty terms like “cyberwar,” it’s easy to overlook the more humdrum and persistent security threats, such as Web site (in)security. But none of that should excuse U.S. military leaders from making sure their Web sites aren’t trivially hackable by script kiddies.

ATM Skimmers, Up Close

January 17, 2011

Recently, I found a guy on an exclusive online scammer forum who has hawking variety of paraphernalia used in ATM skimmers, devices designed to be stuck on the outside of cash machines and steal ATM card and PIN data from bank customers. I wasn’t sure whether I could take this person seriously, but his ratings on the forum — in which fellow members leave feedback for others based on positive or negative experiences with previous transactions — were positive enough that I figured he must be one of the relatively few guys on this particular forum who was actually selling ATM skimmers, as opposed to just scamming other scammers.