Category Archives: The Coming Storm

This category includes blog posts about computer and Internet security threats now and on the horizon.

ISIS Jihadi Helpdesk Customer Log, Nov. 20

November 20, 2015
55 Comments

From NBC News come revelations that ISIS has its very own web-savvy, 24-hour Jihadi Help Desk manned by a half-dozen senior operatives to assist foot soldiers in spreading their message far and wide. My first reaction to this story was disbelief, then envy (hey, where the heck is my 24/7 support?). But soon my mind began racing with other possibilities.

Imagine the epic trolling opportunities available to a bored or disgruntled Jihadi Help Desk operator. For this persona, we need to reach way back into the annals of Internet history, to the Bastard Operator from Hell (BOFH) — a megalomaniacal system administrator who constantly toyed with the very co-workers he was paid to support….

[RECORDED MESSAGE]: Thank you for contacting the ISIS Jihadi Help Desk. We are currently experiencing higher than normal call volume. Please wait and your inquiry will be answered in the order that it was received. This call may be monitored for customer service and Jihadi training purposes.

Paris Terror Attacks Stoke Encryption Debate

November 17, 2015
111 Comments

U.S. state and federal law enforcement officials appear poised to tap into public concern over the terror attacks in France last week to garner support for proposals that would fundamentally weaken the security of encryption technology used by U.S. corporations and citizens. Here’s a closer look at what’s going on, and why readers should be tuned in and asking questions.

The Lingering Mess from Default Insecurity

November 12, 2015
60 Comments

The Internet of Things is fast turning into the Internet-of-Things-We-Can’t-Afford. Almost daily now we are hearing about virtual shakedowns wherein attackers demand payment in Bitcoin virtual currency from a bank, e-retailer or online service. Those who don’t pay the ransom see their sites knocked offline in coordinated cyberattacks. This story examines one contributor to the problem, and asks whether we should demand better security from ISPs, software and hardware makers.

Ransomware Now Gunning for Your Web Sites

November 9, 2015
66 Comments

One of the more common and destructive computer crimes to emerge over the past few years involves ransomware — malicious code that quietly scrambles all of the infected user’s documents and files with very strong encryption. A ransom, to be paid in Bitcon, is demanded in exchange for a key to unlock the files. Well, now it appears fraudsters are developing ransomware that does the same but for Web sites — essentially holding the site’s files, pages and images for ransom.

TalkTalk, Script Kids & The Quest for ‘OG’

November 5, 2015
52 Comments

So you’ve got two-step authentication set up to harden the security of your email account (you do, right?). But when was the last time you took a good look at the security of your inbox’s recovery email address? That may well be the weakest link in your email security chain, as evidenced by the following tale of a IT professional who saw two of his linked email accounts recently hijacked in a bid to steal his Twitter identity.

Earlier this week, I heard from Chris Blake, a longtime KrebsOnSecurity reader from the United Kingdom. Blake reached out because I’d recently written about a character of interest in the breach at British phone and broadband provider TalkTalk: an individual using the Twitter handle “@Fearful”. Blake proceeded to explain how that same Fearful account had belonged to him for some time until May 2015, when an elaborate social engineering attack on his Internet service provider (ISP) allowed the current occupant of the account to swipe it out from under him.

Arrest of Chinese Hackers Not a First for U.S.

October 13, 2015
8 Comments

The Washington Post reported last week that the Chinese government has quietly arrested a handful of hackers at the urging of the U.S. government, a move described as “an unprecedented step to defuse tensions with Washington at a time when the Obama administration has threatened economic sanctions.” While this a welcome and encouraging development, this is not the first time Beijing has arrested Chinese hackers in response to pressure from the U.S. government.

Ex-Ashley Madison CTO Threatens Libel Suit

September 9, 2015
109 Comments

Last month, KrebsOnSecurity posted an exclusive story about emails leaked from AshleyMadison that suggested the company’s former chief technology officer Raja Bhatia hacked into a rival firm in 2012. Now, an attorney for the former executive is threatening a libel lawsuit against this author unless the story is retracted.

OPM (Mis)Spends $133M on Credit Monitoring

September 2, 2015
71 Comments

The Office of Personnel Management (OPM) has awarded a $133 million contract to a private firm in an effort to provide credit monitoring services for three years to nearly 22 million people who had their Social Security numbers and other sensitive data stolen by cybercriminals. But perhaps the agency should be offering the option to pay for the cost that victims may incur in “freezing” their credit files, a much more effective way of preventing identity theft.

FBI: $1.2B Lost to Business Email Scams

August 27, 2015
26 Comments

The FBI today warned about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers. According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015.

AshleyMadison: $500K Bounty for Hackers

August 24, 2015
62 Comments

AshleyMadison.com, an online cheating service whose motto is “Life is Short, Have an Affair,” is offering a $500,000 reward for information leading to the arrest and prosecution of the individual or group of people responsible for leaking the highly personal information on the company’s more than 30 million users.