Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

‘White House’ eCard Dupes Dot-Gov Geeks

January 3, 2011

A malware-laced e-mail that spoofed seasons greetings from The White House siphoned gigabytes of sensitive documents from dozens of victims over the holidays, including a number of government employees and contractors who work on cybersecurity matters, KrebsOnSecurity.com has learned.

The attack appears to be the latest salvo from ZeuS malware gangs whose activities over the past year have blurred the boundaries between online financial crime and espionage, by stealing financial data and documents from victim machines. This activity is unusual because most criminals using ZeuS are interested in money-making activities – such as stealing banking passwords and creating botnets – whereas the hoovering up of sensitive government documents is typically associated with threats from China that are deployed to gather industrial or military intelligence.

Russian e-Payment Giant ChronoPay Hacked

December 29, 2010

15 Comments

Criminals this week hijacked ChronoPay.com, the domain name for Russia’s largest online payment processor, redirecting hundreds of unsuspecting visitors to a fake ChronoPay page that stole customer financial data.

ChronoPay chief executive Pavel Vrublevsky said the bogus payment page was up for several hours on Christmas day, during which time the attackers collected roughly 800 credit card numbers from customers visiting the site to make payments for various services that rely on ChronoPay for processing.

Carders.cc, Backtrack-linux.org and Exploit-db.org Hacked

December 25, 2010

29 Comments

Carders.cc, a German security forum that specializes in trading stolen credit cards and other purloined data, has been hacked by security vigilantes for the second time this year. Also waking up to “you’ve been owned” calling cards this Christmas are… Read More »

The Cyberwar Will Not Be Streamed

December 20, 2010

42 Comments

In early 2000 — ages ago in Internet time — some of the biggest names in e-commerce were brought to their knees by a brief but massive assault from a set of powerful computers hijacked by a glory-seeking young hacker. The assailant in that case, known online as Mafiaboy, was a high school student from a middle-class suburban area of Canada who was quickly arrested after bragging about his role in the attacks.

It wasn’t long before the antics from novice hackers like Mafiaboy were overshadowed by more discrete attacks from organized cyber criminal gangs, which began using these distributed denial-of-service (DDoS) assaults to extort money from targeted businesses. Fast-forward to today, and although vanity DDoS attacks persist, somehow elements in the news media have begun conflating them with the term “cyberwar,” a vogue but still-squishy phrase that conjures notions of far more consequential, nation-state level conflicts.

Russian Police Only Translate the Good News

December 16, 2010

28 Comments

Internet security and cybercrime experts often complain that Russian law enforcement agencies don’t place a high priority on investigating and arresting hackers in that country. While that criticism may be fair, it may also be that Russian bureaucrats simply do not wish to call any attention to any sort of crime in their country — at least not to Westerners’ view.

Fallout from Recent Spear Phishing Attacks?

December 15, 2010

29 Comments

McDonald’s and Walgreens this week revealed that data breaches at partner marketing firms had exposed customer information. There has been a great deal of media coverage treating these and other similar cases as isolated incidents, but all signs indicate they are directly tied to a spate of “spear phishing” attacks against e-mail marketing firms that have siphoned customer data from more than 100 companies in the past few months.

Why GSM-Based ATM Skimmers Rule

December 13, 2010

55 Comments

Earlier this year, KrebsOnSecurity featured a post highlighting the most dangerous aspects of GSM-based ATM skimmers, fraud devices that let thieves steal card data from ATM users and have the purloined digits sent wirelessly via text message to the attacker’s… Read More »

Reintroducing Scanlab (a.k.a Scamlab)

December 7, 2010

13 Comments

Many sites and services require customers to present “proof” of their identity online by presenting scanned copies of important documents, such as passports, utility bills, or diplomas. But these requests don’t really prove anything, as there are a number of online services that will happily forge these documents quite convincingly for a small fee.

Cable: No Cyber Attack in Brazilian ’09 Blackout

December 3, 2010

9 Comments

The Nov. 2009 blackout that plunged millions of Brazilians into darkness for up to six hours was not the result of cyber saboteurs, but instead an unusual confluence of independent factors that conspired to cause a cascading power failure, according to a classified cable from the U.S. embassy in Brazil.

Cybercrime Untouchables?

November 30, 2010

23 Comments

The text above was the lead for a story published April 3, 2006 in The New York Times. It described Zo0mer as a “kingpin” of the criminal underworld market for stolen identities and credit cards.

What’s remarkable is how — almost four years later — Zo0mer’s business is now stronger than ever.