Category Archives: Breadcrumbs

Who Built the Syrian Electronic Army?

August 28, 2013

A hacking group calling itself the Syrian Electronic Army (SEA) has been getting an unusual amount of press lately, most recently after hijacking the Web sites of The New York Times and The Washington Post, among others. But surprisingly little light has been shed on the individuals behind these headline-grabbing attacks. Beginning today, I’ll be taking a closer look at this organization, starting with one of the group’s core architects.

Who Wrote the Pincer Android Trojan?

August 27, 2013

Stories in this blog’s Breadcrumbs series have sought to comb through clues that point to the possible location and identities of malware authors and purveyors. But from time to time those clues lead definitively back to an individual. In today’s post, we’ll look at the author of the Pincer Trojan for Android — a 32-year-old programmer at a mobile app development firm in Russia.

How Not to DDoS Your Former Employer

August 20, 2013

Pro tip: If you’re planning to launch a debilitating denial-of-service attack against your former employer, try not to “like” the Facebook page of the DDoS-for-hire Web service that you intend to use in the assault. Tell that to Kevin Courtois, a 28-year-old from Three Rivers, Quebec who was arrested earlier this year for allegedly launching a volley of cyber attacks against his former company over a nine month period beginning in May 2012.

Styx Crypt Makers Push DDoS, Anti-Antivirus Services

July 19, 2013

I recently published a piece that examined the role of several Ukrainian men likely responsible for making and marketing the Styx Pack malware exploit kit. Today’s post will show how this same enterprise is linked to a DDoS protection scheme and a sprawling cybercrook-friendly malware scanning service that is bundled with Styx-Crypt.

Who’s Behind The Styx-Crypt Exploit Pack?

July 10, 2013

Earlier this week I wrote about the Styx Pack, an extremely sophisticated and increasingly popular crimeware kit that is being sold to help miscreants booby-trap compromised Web sites with malware. Today, I’ll be following a trail of breadcrumbs that leads back to central Ukraine and to a trio of friends who appear to be responsible for marketing (if not also making) this crimeware-as-a-service.

Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor?

May 16, 2013

On Monday, I profiled asylumbooter.com, one of several increasingly public DDoS-for-hire services posing as Web site “stress testing” services. Today, we’ll look at ragebooter.net, yet another attack service except for one secret feature which sets it apart from the competition: According the site’s proprietor, ragebooter.net includes a hidden backdoor that lets the FBI monitor customer activity.

Phoenix Exploit Kit Author Arrested In Russia?

April 8, 2013

The creator of a popular crimeware package known as the Phoenix Exploit Kit was arrested in his native Russia for distributing malicious software and for illegally possessing multiple firearms, according to underground forum posts from the malware author himself.

Who Wrote the Flashback OS X Worm?

April 3, 2013

A year ago today, Apple released a software update to halt the spread of the Flashback worm, a malware strain that infected more than 650,000 Mac OS X systems using a vulnerability in Apple’s version of Java. This somewhat dismal anniversary is probably as good a time as any to publish some clues I’ve gathered over the past year that point to the real-life identity of the Flashback worm’s creator.

Fool Me Once…

April 2, 2013

When you’re lurking in the computer crime underground, it pays to watch your back and to keep your BS meter set to ‘maximum.’ But when you’ve gained access to an elite black market section of a closely guarded crime forum to which very few have access, it’s easy to let your guard down. That’s what I did earlier this year, and it caused me to chase a false story. This blog post aims to set the record straight on that front, and to offer a cautionary (and possibly entertaining) tale to other would-be cybersleuths.

The Obscurest Epoch is Today

March 18, 2013

To say that there is a law enforcement manhunt on for the individuals responsible for posting credit report information on public figures and celebrities at the rogue site exposed.su would be a major understatement. I like to think that when that investigation is completed, some of the information I’ve helped to uncover about those affiliated with the site will come to light. For now, however, I’m content to retrace some of my footwork this past weekend that went into tracking individuals who may have been responsible for attacking my site and SWATing my home last Thursday.