I recently returned from a trip to Russia, where I traveled in part to interview a few characters involved in running the world’s biggest illicit online pharmacies. I arrived just days after the real fireworks, when several truckloads of masked officers from Russian drug enforcement bureaus raided a party thrown exclusively for the top moneymakers of Rx-Promotion, a major e-pharmacy program co-owned by one of the men I went to meet.
On February 8, 2009, a customer at an ATM at a Bank of America branch in Sun Valley, Calif., spotted something that didn’t look quite right about the machine: A silver, plexiglass device had been attached to the ATM’s card acceptance slot, in a bid to steal card data from unsuspecting ATM users.
But the customer and the bank’s employees initially overlooked a secondary fraud device that the unknown thief had left at the scene: A sophisticated, battery operated and motion activated camera designed to record victims entering their personal identification numbers at the ATM.
Late this week, I heard from several anti-spam activists who alerted me to a nice reminder that spammers don’t always win: Spammers have been promoting their rogue pharmacy sites via images uploaded to free image hosting service imageshack.com. In response, the company appears to have simply replaced those images with the following subtle warning:
Online dating giant eHarmony has begun urging users to change their passwords, after being alerted by KrebsOnSecurity.com to a potential security breach of customer information. Once again, the individual responsible for all the ruckus is an Argentinian hacker who recently claimed responsibility for a similar breach at competing e-dating site PlentyOfFish.com.
A company that is helping the federal government track down cyberactivists who have been attacking business that refused to support Wikileaks has itself been hacked by the very same activists it is investigating.
At the center of the storm is a leaderless and anarchic Internet group called Anonymous, which more recently has been coordinating attacks against Egyptian government Web sites. Late last month, authorities in the U.K. and the U.S. moved against at least 45 suspected Anonymous activists. Then, on Saturday, the Financial Times ran a story quoting Aaron Barr, the head of security services firm HBGary Federal, saying he had uncovered the identities of Anonymous’ leaders using social networking sites and planned to release his findings at a security conference in San Francisco next week.
In October 2010, I discovered that the authors of the SpyEye and ZeuS banking Trojans — once competitors in the market for botnet creation and management kits — were killing further development of ZeuS and planning to fuse the two malware families into one supertrojan. Initially, I heard some skepticism from folks in the security community about this. But three months later, security experts are now starting to catch glimpses of this new hybrid Trojan in the wild, as the author(s) begins shipping a series of beta releases that include updated features on a nearly-daily basis.
Egyptian citizens calling for besieged President Hosni Mubarak to step down may have been cut off from using the Web, but spammers have been busy cutting the government off from its own Internet address space: Earlier this month, junk e-mail artists hijacked a swath of Internet addresses assigned to Mubarak’s wife.
Hackers have breached the database of online dating site PlentyOfFish.com, exposing personal and password information on nearly 30 million users, including its founder and administrators. In response, the company has implied that the editor of KrebsOnSecurity.com was involved in an elaborate extortion plot.
Getting hacked is no fun. Learning that you’ve been hacked when a reporter calls is probably even less fun. But for better or worse, I have notified dozens of companies about various breaches over the years, and I’ve learned a few things about how victims respond. Usually, when the company in question responds by implicating you in an alleged extortion scheme, two things become clear:
1) You’re probably not going to get any real answers to your direct questions about the incident, and;
2) The company almost certainly did have a serious breach.
Media attention to crimes involving ATM skimmers may make consumers more likely to identify compromised cash machines, which involve cleverly disguised theft devices that sometimes appear off-color or out-of-place. Yet, many of today’s skimmer scams can swipe your card details and personal identification number while leaving the ATM itself completely untouched, making them far more difficult to spot.
The most common of these off-ATM skimmers can be found near cash machines that are located in the antechamber of a bank or building lobby, where access is controlled by a key card lock that is activated when the customer swipes his or her ATM card. In these scams, the thieves remove the card swipe device attached to the outside door, add a skimmer, and then reattach the device to the door. The attackers then place a hidden camera just above or beside the ATM, so that the camera is angled to record unsuspecting customers entering their PINs.
As many readers no doubt know, the Egyptian government on Thursday severed the nation’s ties with the rest of the Internet, in an apparent effort to disrupt political protests calling for an end to the 30-year rule of Egyptian leader Hosni Mubarak.
I’ve been tweeting new developments as they arise, but I wanted to point to a few of the more dramatic graphs that different sources have drawn up to show the precipitous decline in Internet traffic and connectivity from Egypt as leaders there sought to isolate phone and computer networks from the rest of the world.
