Author Archives: BrianKrebs

Tracking a Bluetooth Skimmer Gang in Mexico

September 14, 2015

-Sept. 9, 12:30 p.m. CT, Yucatan Peninsula, Mexico: Halfway down the southbound four-lane highway from Cancun to the ancient ruins in Tulum, traffic inexplicably slowed to a halt. There was some sort of checkpoint ahead by the Mexican Federal Police. I began to wonder whether it was a good idea to have brought along the ATM skimmer instead of leaving it in the hotel safe. If the cops searched my stuff, how could I explain having ultra-sophisticated Bluetooth ATM skimmer components in my backpack?

Ex-Ashley Madison CTO Threatens Libel Suit

September 9, 2015

109 Comments

Last month, KrebsOnSecurity posted an exclusive story about emails leaked from AshleyMadison that suggested the company’s former chief technology officer Raja Bhatia hacked into a rival firm in 2012. Now, an attorney for the former executive is threatening a libel lawsuit against this author unless the story is retracted.

Microsoft Pushes a Dozen Security Updates

September 8, 2015

32 Comments

Microsoft today released a dozen security updates for computers running supported versions of its Windows operating system. Five of the patches fix flaws that could get PCs compromised with little to no help from users, and five of the bulletins have vulnerabilities that were publicly disclosed before today (including one has been detected in exploits in the wild). Separately, Adobe is pushing a security update for its Shockwave Player – a browser plugin that I’ve long urged readers to junk.

Arrests Tied to Citadel, Dridex Malware

September 7, 2015

31 Comments

Authorities in Europe have arrested alleged key players behind the development and deployment of ultra-sophisticated banking malware, including Citadel and Dridex. The arrests involved a Russian national and a Moldovan man, both of whom were traveling outside of their native countries and are now facing extradition to the United States.

More ATM “Insert Skimmer” Innovations

September 3, 2015

51 Comments

Most of us know to keep our guard up when withdrawing cash from an ATM and to look for any signs that the machine may have been tampered with. But ATM fraud experts say they continue to see criminal innovations with “insert skimmers,” wafer-thin data theft devices that fit inside the ATM’s card acceptance slot and do not alter the outward appearance of a compromised cash machine.

OPM (Mis)Spends $133M on Credit Monitoring

September 2, 2015

71 Comments

The Office of Personnel Management (OPM) has awarded a $133 million contract to a private firm in an effort to provide credit monitoring services for three years to nearly 22 million people who had their Social Security numbers and other sensitive data stolen by cybercriminals. But perhaps the agency should be offering the option to pay for the cost that victims may incur in “freezing” their credit files, a much more effective way of preventing identity theft.

Like Kaspersky, Russian Antivirus Firm Dr.Web Tested Rivals

September 1, 2015

41 Comments

A recent Reuters story accusing Russian security firm Kaspersky Lab of faking malware to harm rivals prompted denials from the company’s eponymous chief executive — Eugene Kaspersky — who called the story “complete BS” and noted that his firm was a victim of such activity. But according to interviews with the CEO of Dr.Web — Kaspersky’s main competitor in Russia — both companies experimented with ways to expose antivirus vendors who blindly accepted malware intelligence shared by rival firms.

Six Nabbed for Using LizardSquad Attack Tool

August 28, 2015

22 Comments

Authorities in the United Kingdom this week arrested a half-dozen young males accused of using the Lizard Squad’s Lizard Stresser tool, an online service that allowed paying customers to launch attacks capable of taking Web sites offline for up to eight hours at a time.

FBI: $1.2B Lost to Business Email Scams

August 27, 2015

26 Comments

The FBI today warned about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers. According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015.

Who Hacked Ashley Madison?

August 26, 2015

361 Comments

AshleyMadison.com, a site that helps married people cheat and whose slogan is “Life is Short, have an Affair,” recently put up a half million (Canadian) dollar bounty for information leading to the arrest and prosecution of the Impact Team, the name chosen by the hacker(s) who released data on more than 30 million Ashley Madison users. Here is the first of likely several posts examining individuals who appear to be closely connected to this attack.