Spam Nation

Dec 15

When Undercover Credit Card Buys Go Bad

I recently heard from a source in law enforcement who had a peculiar problem. The source investigates cybercrime, and he was reaching out for advice after trying but failing to conduct undercover buys of stolen credit cards from a well-known underground card market. Turns out, the cybercrime bazaar’s own security system triggered a “pig alert” and brazenly flagged the fed’s transactions as an undercover purchase placed by a law enforcement officer.

Law enforcement officials and bank anti-fraud specialists sometimes purchase stolen cards from crime forums and “carding” markets online in hopes of identifying a pattern among all the cards from a given batch that might make it easy to learn who got breached: If all of the cards from a given batch were later found to be used at the same e-commerce or brick-and-mortar merchant over the same time period, investigators can often determine the source of the card breach, alert the breached company and stem the flow of stolen cards.

Of course, such activity is not something the carding shops take lightly, since it tends to cut into their criminal sales and revenues. So it is that one of the more popular carding shops — Rescator — somehow enacted a system to detect purchases from suspected law enforcement officials. Rescator and his crew aren’t shy about letting you know when they think you’re not a real criminal. My law enforcement source said he’d just placed a batch of cards into his shopping cart and was preparing to pay for the goods when the carding site’s checkout page was replaced with this image:

A major vendor of stolen credit cards tries to detect suspicious transactions by law enforcement officials. When it does, it triggers this "pig detected" alert.

A major vendor of stolen credit cards tries to detect suspicious transactions by law enforcement officials. When it does, it triggers this “pig detected” alert.

The shop from which my source attempted to make the purchase — called Rescator — is the same carding store that was the first to move millions of cards on sale that were stolen in the Target and Home Depot breaches, among others. I’ve estimated that although Rescator and his band of thieves stole 40 million credit and debit card numbers from Target, they only likely managed to sell between 1 and 3 million of those cards. Even so, at a median price of $26.85 per card and the median loss of 2 million cards, that’s still more than $50 million in revenue. It’s no wonder they want to keep the authorities out. Continue reading →

Dec 14

Be Wary of ‘Order Confirmation’ Emails

If you receive an email this holiday season asking you to “confirm” an online e-commerce order or package shipment, please resist the urge to click the included link or attachment: Malware purveyors and spammers are blasting these missives by the millions each day in a bid to trick people into giving up control over their computers and identities.

An "order confirmation" malware email blasted out by the Asprox spam botnet recently.

An “order confirmation” malware email blasted out by the Asprox spam botnet recently.

Seasonal scams like these are a perennial scourge of the holidays, mainly because the methods they employ are reliably successful. Crooks understand that it’s easier to catch would-be victims off-guard during the holidays. This goes even for people who generally know better than to click on links and attachments in emails that spoof trusted brands and retailers, because this is a time of year when many people are intensely focused on making sure their online orders arrive before Dec. 25.

This Asprox malware email poses as a notice about a wayward package from a WalMart  order.

This Asprox malware email poses as a notice about a wayward package from a WalMart order.

According to Malcovery, a company that closely tracks email-based malware attacks, these phony “order confirmation” spam campaigns began around Thanksgiving, and use both booby-trapped links and attached files in a bid to infect recipients’ Windows PCs with the malware that powers the Asprox spam botnet. Continue reading →

Nov 14

Spam Nation Book Tour Highlights

Greetings from sunny Austin, Texas, where I’m getting ready to wrap up a week-long book tour that began in New York City, then blazed through Chicago, San Francisco, and Seattle. I’ve been trying to tweet links to various media interviews about Spam Nation over the past week, but wanted to offer a more comprehensive account and to share some highlights of the tour.

For three days starting last Sunday, I was in New York City — doing a series of back-to-back television and radio interviews. Prior to leaving for New York, I taped television interviews with Jeffrey Brown at the PBS NewsHour; the first segment delves into some of the points touched on in the book, and the second piece is titled “Why it’s harder than you think to go ‘off the grid’.”


On Monday, I was fortunate to once again be a guest on Terri Gross‘s show Fresh Air, which you can hear at this link. Tuesday morning began with a five-minute appearance on CBS This Morning, which included a sit-down with Charlie Rose, Gayle King and Norah O’Donnell. Later in the day, I was interviewed by the MarketPlace Tech ReportMSNBC’s The Cycle, as well as the Tavis Smiley show. Wednesday was a mercifully light day, with just two interviews: KGO-AM and the Jim Bohannon Radio Show. Continue reading →

Nov 14

Amazon: Spam Nation one of “Best of Month”

A quick update on my new book, Spam Nation, The Inside Story of Organized Cybercrime — From Global Epidemic to Your Front Door debuting on bookstore shelves  Tuesday, Nov. 18: Amazon has selected Spam Nation as one of their “Best Books of the Month” picks for November, listed alongside such notable authors as Stephen King and Nora Roberts.

abbotm-cIn addition, my publisher has graciously extended the freeZeusGard offer until Nov. 25 for the next 500 people who order more than one copy of the book.

In early October we launched a promotion in which the first 1,000 readers to preorder more than one copy of the book, audio recording and/or e-book version of Spam Nation would receive a free, KrebsOnSecurity-branded ZeusGard, a USB-based technology that’s designed to streamline the process of adopting the Live CD approach for online banking.

Approximately 500 readers took us up on this offer, but that means we still have about 500 left! Thankfully, my publisher (Sourcebooks) has agreed to extend this offer by one week (until Nov. 25, 2014).

Finally, if you live in Chicago, San Francisco, Seattle or Austin and would like a personalized copy of Spam Nation, please consider joining me this week as I drop by a local bookstore near you! See the tour schedule for dates, times and locations.

Oct 14

‘Spam Nation’ Publisher Discloses Card Breach

In the interests of full disclosure: Sourcebooks — the company that on Nov. 18 is publishing my upcoming book about organized cybercrime — disclosed last week that a breach of its Web site shopping cart software may have exposed customer credit card and personal information.

Fortunately, this breach does not affect readers who have pre-ordered Spam Nation through the retailers I’ve been recommending — Amazon, Barnes & Noble, and Politics & Prose.  I mention this breach mainly to get out in front of it, and because of the irony and timing of this unfortunate incident.

From Sourcebooks’ disclosure (PDF) with the California Attorney General’s office:

“Sourcebooks recently learned that there was a breach of the shopping cart software that supports several of our websites on April 16, 2014 – June 19, 2014 and unauthorized parties were able to gain access to customer credit card information. The credit card information included card number, expiration date, cardholder name and card verification value (CVV2). The billing account information included first name, last name, email address, phone number, and address. In some cases, shipping information was included as first name, last name, phone number, and address. In some cases, account password was obtained too. To our knowledge, the data accessed did not include any Track Data, PIN Number, Printed Card Verification Data (CVD). We are currently in the process of having a third-party forensic audit done to determine the extent of this breach.”

So again, if you have pre-ordered the book from somewhere other than Sourcebook’s site (and that is probably 99.9999 percent of you who have already pre-ordered), you are unaffected.

I think there are some hard but important lessons here about the wisdom of smaller online merchants handling credit card transactions. According to Sourcebooks founder Dominique Raccah, the breach affected approximately 5,100 people who ordered from the company’s Web site between mid-April and mid-June of this year. Raccah said the breach occurred after hackers found a security vulnerability in the site’s shopping cart software.

Shopping-Cart-iconExperts say tens of thousands of businesses that rely on shopping cart software are a major target for malicious hackers, mainly because shopping cart software is generally hard to do well.

“Shopping cart software is extremely complicated and tricky to get right from a security perspective,” said Jeremiah Grossman, founder and chief technology officer for WhiteHat Security, a company that gets paid to test the security of Web sites.  “In fact, no one in my experience gets it right their first time out. That software must undergo serious battlefield testing.”

Grossman suggests that smaller merchants consider outsourcing the handling of credit cards to a solid and reputable third-party. Sourcebooks’ Raccah said the company is in the process of doing just that. Continue reading →

Oct 14

Spam Nation Book Offer + Tour Details

As many of you know, my first book — Spam Nation — hits bookstore shelves on Nov. 18. I want to thank those of you who have already pre-ordered the book, and offer a small enticement for those who have yet to secure a copy.

Pre-order two or more copies of Spam Nation and get this "Krebs Edition" branded ZeusGard.

Pre-order two or more copies of Spam Nation and get this “Krebs Edition” branded ZeusGard.

Spam Nation is a true story about organized cybercriminals, some of whom are actively involved in using malware-laced spam to empty bank accounts belonging to small- and medium-sized businesses in the United States and Europe. I’ve written extensively about organizations that have lost tens of millions of dollars from these cyberheists. I’ve also encouraged online banking customers to take advantage of various “Live CD” technologies that allow users to sidestep the very malware that powers these cyberheists.

In July, I wrote about ZeusGard, one such technology that’s designed to streamline the process of adopting the Live CD approach for online banking. The makers of ZeusGard got such a positive response from that story that they offered to partner with Yours Truly in promoting Spam Nation!

I’m pleased to report that the first 1,000 customers to purchase two or more copies of Spam Nation — including any combination of digital, physical and/or audio versions of the book — before the official book launch on Nov. 18 will receive a complimentary KrebsOnSecurity-branded version of ZeusGard (pictured above)! Continue reading →