Monthly Archives: February 2015

Webnic Registrar Blamed for Hijack of Lenovo, Google Domains

February 26, 2015

Two days ago, attackers allegedly associated with the fame-seeking group Lizard Squad briefly hijacked Google’s Vietnam domain (google.com.vn). On Wednesday, Lenovo.com was similarly attacked. Sources now tell KrebsOnSecurity that both hijacks were possible because the attackers seized control over Webnic.cc, the Malaysian registrar that serves both domains and 600,000 others.

FBI: $3M Bounty for ZeuS Trojan Author

February 25, 2015

The FBI this week announced it is offering a USD $3 million bounty for information leading to the arrest and conviction of one Evgeniy Mikhailovich Bogachev, a Russian man the government believes is responsible for building and distributing the ZeuS banking Trojan.

So much of the intelligence gathered about Bogachev and his alleged accomplices has been scattered across various court documents and published reports over the years, but probably just as much on this criminal mastermind and his associates has never seen the light of day. What follows is a compendium of knowledge — a bit of a dossier, if you will — of Bogachev and his trusted associates.

TurboTax’s Anti-Fraud Efforts Under Scrutiny

February 22, 2015

Two former security employees at Intuit — the makers of the popular tax preparation software and service TurboTax — allege that the company has made millions of dollars knowingly processing state and federal tax refunds filed by cybercriminals. Intuit says it leads the industry in voluntarily reporting suspicious returns, and that ultimately it is up to the Internal Revenue Service to develop industry-wide requirements for tax preparation firms to follow in their collective fight against the multi-billion dollar problem of tax refund fraud.

The Great Bank Heist, or Death by 1,000 Cuts?

February 16, 2015

I received a number of media requests and emails from readers over the weekend to comment on a front-page New York Times story about an organized gang of cybercriminals pulling off “one of the largest bank heists ever.” Turns out, I reported on this gang’s activities in December 2014, although my story ran minus many of the superlatives in the Times piece.

Fuel Station Skimmers: Primed at the Pump

February 13, 2015

I recall the first time I encountered an armed security guard at a local store. I remember feeling a bit concerned about the safety of the place because I made a snap assumption that it must have been robbed recently. I get the same feeling each time I fuel up my car at a filling station and notice the pump and credit card reader festooned with security tape that conjures up images of police tape around a crime scene.

Defense Contract Management Agency Probes Hack

February 10, 2015

The Defense Contract Management Agency, the U.S. federal government entity responsible for performing contract administration services for the Department of Defense, is responding to a suspected cybersecurity breach and has pulled a number of its servers offline while the investigation continues, KrebsOnSecurity has learned.

Microsoft Pushes Patches for Dozens of Flaws

February 10, 2015

Microsoft today released nine update bundles to plug at least 55 distinct security vulnerabilities in its Windows operating system and other software. Three of the patches fix bugs in Windows that Microsoft considers “critical,” meaning they can be exploited remotely to compromise vulnerable systems with little or no help from users, save for perhaps clicking a link or visiting a hostile Web site.