Monthly Archives: September 2015

With Stolen Cards, Fraudsters Shop to Drop

September 28, 2015

A time-honored method of extracting cash from stolen credit cards involves “reshipping” scams, which manage the purchase, reshipment and resale of carded consumer goods from America to Eastern Europe — primarily Russia. A new study suggests that some 1.6 million credit and debit cards are used to commit at least $1.8 billion in reshipping fraud each year, and identifies some choke points for disrupting this lucrative money laundering activity.

Bidding for Breaches, Redefining Targeted Attacks

September 23, 2015

A growing community of private and highly-vetted cybercrime forums is redefining the very meaning of “targeted attacks.” These bid-and-ask forums match crooks who are looking for access to specific data, resources or systems within major corporations with hired muscle who are up to the task or who already have access to those resources.

Adobe Flash Patch, Plus Shockwave Shocker

September 21, 2015

Adobe has released a critical software update to fix nearly two-dozen security holes in its Flash Player browser plugin. Separately, I want to take a moment to encourage users who have Adobe Shockwave Player installed to finally junk this program; turns out Shockwave — which comes with its own version of Flash — is still woefully far behind in bundling the latest Flash fixes.

Inside Target Corp., Days After 2013 Breach

September 21, 2015

In December 2013, just days after a data breach exposed 40 million customer debit and credit card accounts, Target Corp. hired security experts at Verizon to probe its networks for weaknesses. The results of that confidential investigation — until now never publicly revealed — confirm what pundits have long suspected: Once inside Target’s network, there was nothing stop attackers from gaining direct and complete access to every single cash register in every Target store.

Who’s Behind Bluetooth Skimming in Mexico?

September 17, 2015

In the previous two stories, I documented the damage wrought by an organized crime gang in Mexico that has been systematically bribing ATM technicians to install Bluetooth skimming components that allow thieves to steal card and PIN data wirelessly. What follows is a look at a mysterious new ATM company in Mexico that sources say may be tied to the skimming activity.

Tracking Bluetooth Skimmers in Mexico, Part II

September 15, 2015

I spent four days last week in Mexico, tracking the damage wrought by an organized crime ring that is bribing ATM technicians to place Bluetooth skimmers inside of cash machines in and around the tourist areas of Cancun. Today’s piece chronicles the work of this gang in coastal regions farther south, following a trail of hacked ATMs from Playa Del Camen down to the ancient Mayan ruins in Tulum.

Tracking a Bluetooth Skimmer Gang in Mexico

September 14, 2015

-Sept. 9, 12:30 p.m. CT, Yucatan Peninsula, Mexico: Halfway down the southbound four-lane highway from Cancun to the ancient ruins in Tulum, traffic inexplicably slowed to a halt. There was some sort of checkpoint ahead by the Mexican Federal Police. I began to wonder whether it was a good idea to have brought along the ATM skimmer instead of leaving it in the hotel safe. If the cops searched my stuff, how could I explain having ultra-sophisticated Bluetooth ATM skimmer components in my backpack?

Ex-Ashley Madison CTO Threatens Libel Suit

September 9, 2015

Last month, KrebsOnSecurity posted an exclusive story about emails leaked from AshleyMadison that suggested the company’s former chief technology officer Raja Bhatia hacked into a rival firm in 2012. Now, an attorney for the former executive is threatening a libel lawsuit against this author unless the story is retracted.