Since the dawn of the Internet, tutorials showing would-be scammers how to fleece others have been available online, and there is a growing catalog of fraud instructional videos as well. But for novices who who can’t be bothered to scour the ‘Net for these far flung free resources, the tricks of the trade can now be learned through intensive one-on-one apprenticeships that are sold online like community college classes in e-thievery.
A group tasked with devising strategies to deter cyber attacks is calling for mandatory public disclosure of fraud and hacking incidents by governments and organizations of all sizes, including banks.
Authorities in the United States, United Kingdom and Ukraine launched a series of law enforcement sweeps beginning late last month against some of the world’s most notorious gangs running botnets powered by ZeuS, a powerful password-stealing Trojan horse program. ZeuS botnet activity worldwide took a major hit almost immediately thereafter, but it appears to be already on the rebound, according to one prominent ZeuS-watching site.
Spam trackers are seeing a fairly dramatic drop in junk e-mail sent over the past few days, specifically spam relayed by the one of the world’s largest spam botnets – although security experts disagree on exactly which botnet may be throttling back or experiencing problems.
Authorities in the United Kingdom on Tuesday arrested 19 Eastern Europeans alleged to be connected to a massive fraud ring that has stolen tens of millions of dollars from hundreds of consumers and small to mid-sized businesses in the U.K. and the United States.
The “Stuxnet” computer worm made international headlines in July, when security experts discovered that it was designed to use a previously unknown security hole in Microsoft Windows computers to steal industrial secrets and potentially disrupt operations of critical information networks. But new information about the worm shows that it leverages at least three other previously unknown security holes in Windows PCs, including a vulnerability that Redmond fixed in a software patch released today.
“Our dependence on all things cyber as a society is now inestimably irreversible and irreversibly inestimable.”
Yeah, I had to re-read that line a few times, too. Which is probably why I’ve put off posting a note here about the article from which the above quote was taken, a thought-provoking essay in the Harvard National Security Journal by Dan Geer, chief information security philosopher officer for In-Q-Tel, the not-for-profit venture capital arm of the Central Intelligence Agency.
Security researchers have dealt a mighty blow to a spam botnet known as Pushdo, a massive grouping of hacked PCs that until recently was responsible for sending more than 10 percent of all e-mail worldwide.
McAfee just published the sixth edition of its Security Journal, which includes a lengthy piece I wrote about the pros and cons of taking down Internet service providers and botnets that facilitate cyber criminal activity. The analysis focuses on several historical examples of what I call “shuns” and “stuns,” or taking out rogue networks either by ostracizing them, or by kneecapping their infrastructure in a coordinated surprise attack, respectively.
Operating and planting an ATM skimmer — cleverly disguised technology that thieves attach to cash machines to intercept credit and debit card data — can be a risky venture, because the crooks have to return to the scene of the crime to retrieve their skimmers along with the purloined data. Increasingly, however, criminals are using ATM skimmers that eliminate much of that risk by relaying the information via text message.
