Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

Coinhive Exposé Prompts Cancer Research Fundraiser

March 30, 2018

A story published here this week revealed the real-life identity behind the original creator of Coinhive — a controversial cryptocurrency mining service that several security firms have recently labeled the most ubiquitous malware threat on the Internet today. In an unusual form of protest against that story, members of a popular German language image-posting board founded by the Coinhive creator have vented their dismay by donating tens of thousands of euros to local charities that support cancer research.

On Monday KrebsOnSecurity published Who and What is Coinhive, an in-depth story which proved that the founder of Coinhive was indeed the founder of the German image hosting and discussion forum pr0gramm[dot]com (not safe for work). I undertook the research because Coinhive’s code primarily is found on tens of thousands of hacked Web sites, and because the until-recently anonymous Coinhive operator(s) have been reluctant to take steps that might curb the widespread abuse of their platform.

Omitting the “o” in .com Could Be Costly

March 29, 2018

67 Comments

Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go. For example, if you try to visit some of the most popular destinations on the Web but omit the “o” in .com (and type .cm instead), there’s a good chance your browser will be bombarded with malware alerts and other misleading messages — potentially even causing your computer to lock up completely. As it happens, many of these domains appear tied to a marketing company whose CEO is a convicted felon and once self-proclaimed “Spam King.”

Who and What Is Coinhive?

March 26, 2018

113 Comments

Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive’s computer code to be used on hacked Web sites to steal the processing power of its visitors’ devices. This post looks at how Coinhive vaulted to the top of the threat list less than a year after its debut, and explores clues about the possible identities of the individuals behind the service.

Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37

March 18, 2018

72 Comments

Adrian Lamo, the hacker probably best known for breaking into The New York Times’s network and for reporting Chelsea Manning’s theft of classified documents to the FBI, was found dead in a Kansas apartment on Wednesday. Lamo was widely reviled and criticized for turning in Manning, but that chapter of his life eclipsed the profile of a complex individual who taught me quite a bit about security over the years.

Adrian Lamo, in 2006. Source: Wikipedia.
I first met Lamo in 2001 when I was a correspondent for Newsbytes.com, a now-defunct tech publication that was owned by The Washington Post at the time. A mutual friend introduced us over AOL Instant Messenger, explaining that Lamo had worked out a simple method allowing him to waltz into the networks of some of the world’s largest media companies using nothing more than a Web browser.

What Is Your Bank’s Security Banking On?

March 6, 2018

93 Comments

A large number of banks, credit unions and other financial institutions just pushed customers onto new e-banking platforms that asked them to reset their account passwords by entering a username plus some other static identifier — such as the first six digits of their Social Security number, or a mix of partial SSN, date of birth or surname. Here’s a closer look at what may be going on (spoiler: small, regional banks and credit unions have grown far too reliant on the whims of just a few major online banking platform providers).

You might think it odd that any self-respecting financial institution would seek to authenticate customers via static data like partial SSN for passwords, and you’d be justified for thinking that, too. Nobody has any business using these static identifiers for authentication because it’s all for sale on most Americans quite easily and cheaply in the cybercrime underground. The Equifax breach might have “refreshed” some of those data stores for identity thieves, but most U.S. adults have had their static details on sale for years now.

On Feb. 16, KrebsOnSecurity reader Brent Hoeft shared a copy of an email he’d just received from his financial institution Associated Bank, which at $30+ billion in assets happens to be Wisconsin’s largest by asset size.

Powerful New DDoS Method Adds Extortion

March 2, 2018

31 Comments

Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using it to launch record-breaking DDoS assaults over the past week. Now evidence suggests this novel attack method is fueling digital shakedowns in which victims are asked to pay a ransom to call off crippling cyberattacks.

Bot Roundup: Avalanche, Kronos, NanoCore

February 27, 2018

8 Comments

It’s been a busy few weeks in cybercrime news, justifying updates to a couple of cases we’ve been following closely at KrebsOnSecurity. In Ukraine, the alleged ringleader of the Avalanche malware spam botnet was arrested after eluding authorities in the wake of a global cybercrime crackdown there in 2016. Separately, a case that was hailed as a test of whether programmers can be held accountable for how customers use their product turned out poorly for 27-year-old programmer Taylor Huddleston, who was sentenced to almost three years in prison for making and marketing a complex spyware program.

USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online

February 26, 2018

107 Comments

In October 2017, KrebsOnSecurity warned that ne’er-do-wells could take advantage of a relatively new service offered by the U.S. Postal Service that provides scanned images of all incoming mail before it is slated to arrive at its destination address. We advised that stalkers or scammers could abuse this service by signing up as anyone in the household, because the USPS wasn’t at that point set up to use its own unique communication system — the U.S. mail — to alert residents when someone had signed up to receive these scanned images.

The USPS recently told this publication that beginning Feb. 16 it started alerting all households by mail whenever anyone signs up to receive these scanned notifications of mail delivered to that address. The notification program, dubbed “Informed Delivery,” includes a scan of the front and back of each envelope or package destined for a specific address.

Chase ‘Glitch’ Exposed Customer Accounts

February 22, 2018

39 Comments

Multiple Chase.com customers have reported logging in to their bank accounts, only to be presented with another customer’s bank account details. Chase has acknowledged the incident, saying it was caused by a two an internal “glitch” Wednesday evening that did not involve any kind of hacking attempt or cyber attack.

Money Laundering Via Author Impersonation on Amazon?

February 20, 2018

109 Comments

Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he’d made almost $24,000 selling books via Createspace, the company’s on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that’s full of nothing but gibberish.