Category Archives: The Coming Storm

This category includes blog posts about computer and Internet security threats now and on the horizon.

Mail from the (Velvet) Cybercrime Underground

July 30, 2013

Over the past six months, “fans” of this Web site and its author have shown their affection in some curious ways. One called in a phony hostage situation that resulted in a dozen heavily armed police surrounding my home. Another opened a $20,000 new line of credit in my name. Others sent more than $1,000 in bogus PayPal donations from hacked accounts. Still more admirers paid my cable bill for the next three years using stolen credit cards. Malware authors have even used my name and likeness to peddle their wares. But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police in advance of the delivery.

Toward A Greater Mobile Mal-Awareness

July 24, 2013

18 Comments

Several recent developments in mobile malware are conspiring to raise the threat level for Android users, making it easier for attackers to convert legitimate applications into malicious apps and to undermine the technology that security experts use to tell the difference.

DEF CON To Feds: We Need Some Time Apart

July 10, 2013

86 Comments

One of the more time-honored traditions at DEF CON — the massive hacker convention held each year in Las Vegas — is “Spot-the-Fed,” a playful and mostly harmless contest to out undercover government agents who attend the show. But that game might be a bit tougher when the conference rolls around again next month: In an apparent reaction to recent revelations about far-reaching U.S. government surveillance programs, DEF CON organizers are asking feds to just stay home.

Microsoft to Offer Standing Bug Bounty

June 19, 2013

19 Comments

Microsoft said today it will pay up to $100,000 to security researchers who find and report novel methods for bypassing the security built into the latest version of the company’s flagship operating system. Researchers who go the extra mile and can also demonstrate a way to block the new attack method they’ve reported can earn an extra $50,000.

Double Cashing With Mobile Banking

June 17, 2013

55 Comments

The case of a Kentucky man arrested this month for using mobile banking to steal thousands of dollars from a local supermarket chain highlights the security loopholes that thieves can exploit in mobile check deposit schemes being deployed by financial institutions across the country.

Iranian Elections Bring Lull in Bank Attacks

June 14, 2013

20 Comments

For nearly nine months, hacker groups thought to be based in Iran have been launching large-scale cyberattacks designed to knock U.S. bank Websites offline. But those assaults have subsided over the past few weeks as Iranian hacker groups have begun turning their attention toward domestic targets, launching sophisticated phishing attacks against fellow citizens leading up to today’s presidential election there.

MtGox Phishing Campaign Hits Bing, Yahoo!

June 13, 2013

23 Comments

An active phishing campaign targeting account holders at popular Bitcoin exchange MtGox.com has hijacked the top search results at Bing and Yahoo.com, redirecting unwary clickers to mtpox.com, a look-alike domain and Web site that was registered on June 12, 2013, less than 24 hours ago.

DHS: ‘OpUSA’ May Be More Bark Than Bite

May 2, 2013

30 Comments

The U.S. Department of Homeland Security is warning that a group of mostly Middle East- and North Africa-based criminal hackers are preparing to launch a cyber attack campaign next week known as “OpUSA” against websites of high-profile US government agencies, financial institutions, and commercial entities. But security experts remain undecided on whether this latest round of promised attacks will amount to anything more than a public nuisance.

Dutchman Arrested in Spamhaus DDoS

April 26, 2013

70 Comments

A 35-year-old Dutchman thought to be responsible for launching what’s been called “the largest publicly announced online attack in the history of the Internet” was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as “SK,” was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization.

Sources: Tea Leaves Say Breach at Teavana

April 22, 2013

31 Comments

Multiple sources in law enforcement and the financial community are warning about a possible credit and debit card breach at Teavana, a nationwide tea products retailer. Seattle-based coffee giant Starbucks, which acquired Teavana last year, declined to confirm a breach at Teavana, saying only that the company is currently responding to inquiries from card-issuing banks and credit card brands.