Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

When Security Takes a Backseat to Productivity

June 17, 2020
48 Comments

“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” -CIA’s Wikileaks Task Force.

So ends a key section of a report the U.S. Central Intelligence Agency produced in the wake of a mammoth data breach in 2016 that led to Wikileaks publishing thousands of classified documents stolen from the agency’s offensive cyber operations division. The analysis highlights a shocking series of security failures at one of the world’s most secretive organizations, but the underlying weaknesses that gave rise to the breach also unfortunately are all too common in many organizations today.

REvil Ransomware Gang Starts Auctioning Victim Data

June 2, 2020
22 Comments

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. The move marks an escalation in tactics aimed at coercing victims to pay up — and publicly shaming those don’t. But it may also signal that ransomware purveyors are searching for new ways to profit from their crimes as victim businesses struggle just to keep the lights on during the unprecedented economic slowdown caused by the COVID-19 pandemic.

Career Choice Tip: Cybercrime is Mostly Boring

May 29, 2020
40 Comments

When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offenders toward a better path.

This Service Helps Malware Authors Fix Flaws in their Code

May 18, 2020
32 Comments

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne’er-do-wells to liberate or else seize control over already-hacked systems. Here’s a look at one long-lived malware vulnerability testing service that is used and run by some of the Dark Web’s top cybercriminals.

Meant to Combat ID Theft, Unemployment Benefits Letter Prompts ID Theft Worries

May 8, 2020
38 Comments

Millions of Americans now filing for unemployment will receive benefits via a prepaid card issued by U.S. Bank, a Minnesota-based financial institution that handles unemployment payments for more than a dozen U.S. states. Some of these unemployment applications will trigger an automatic letter from U.S. Bank to the applicant. The letters are intended to prevent identity theft, but many people are mistaking these vague missives for a notification that someone has hijacked their identity.

Tech Support Scam Uses Child Porn Warning

May 7, 2020
83 Comments

A new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography. The message claims to have been sent from Microsoft Support, and says the recipient’s Windows license will be suspended unless they call an “MS Support” number to reinstate the license, but the number goes to a phony tech support scam that tries to trick callers into giving fraudsters direct access to their PCs.

When in Doubt: Hang Up, Look Up, & Call Back

April 23, 2020
144 Comments

Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.

Who’s Behind the “Reopen” Domain Surge?

April 20, 2020
242 Comments

The past few weeks have seen a large number of new domain registrations beginning with the word “reopen” and ending with U.S. city or state names. The largest number of them were created just hours after President Trump sent a series of all-caps tweets urging citizens to “liberate” themselves from new gun control measures and state leaders who’ve enacted strict social distancing restrictions in the face of the COVID-19 pandemic. Here’s a closer look at who and what appear to be behind these domains.

Microsoft Buys Corp.com So Bad Guys Can’t

April 7, 2020
65 Comments

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing have shown whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe. This week, Microsoft Corp. agreed to buy the domain in a bid to keep it out of the hands of those who might abuse its awesome power.

‘War Dialing’ Tool Exposes Zoom’s Password Problems

April 2, 2020
76 Comments

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong. And according to data gathered by a new automated Zoom meeting discovery tool dubbed “zWarDial,” a crazy number major corporations are setting up meetings without passwords enabled.