Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

A Day in the Life of a Stolen Healthcare Record

April 28, 2015

When your credit card gets stolen because a merchant you did business with got hacked, it’s often quite easy for investigators to figure out which company was victimized. The process of divining the provenance of stolen healthcare records, however, is far trickier because these records typically are processed or handled by a gauntlet of third party firms, most of which have no direct relationship with the patient or customer ultimately harmed by the breach.

SendGrid: Employee Account Hacked, Used to Steal Customer Credentials

April 27, 2015

14 Comments

Sendgrid, an email service used by tens of thousands of companies — including Silicon Valley giants as well as Bitcoin exchange Coinbase — said attackers compromised a Sendgrid employee’s account, which was then used to steal the usernames, email addresses and (hashed) passwords of customer and employee accounts. The announcement comes several weeks after Sendgrid sought to assure customers that the breach was limited to a single customer account.

What’s Your Security Maturity Level?

April 27, 2015

37 Comments

Not long ago, I was working on a speech and found myself trying to come up with a phrase that encapsulates the difference between organizations that really make cybersecurity a part of their culture and those that merely pay it lip service and do the bare minimum (think ’15 pieces of flair’). When the phrase “security maturity” came to mind, I thought for sure I’d conceived of an original idea and catchy phrase. It turns out this is already a thing. And a really notable thing at that.

Taking Down Fraud Sites is Whac-a-Mole

April 20, 2015

63 Comments

I’ve been doing quite a bit of public speaking lately — usually about cybercrime and underground activity — and there’s one question that nearly always comes from the audience: “Why are these fraud Web sites allowed to operate, and not… Read More »

POS Providers Feel Brunt of PoSeidon Malware

April 15, 2015

71 Comments

“PoSeidon,” a new strain of malicious software designed to steal credit and debit card data from hacked point-of-sale (POS) devices, has been implicated in a number of recent breaches involving companies that provide POS services primarily to restaurants, bars and hotels. The shift by the card thieves away from targeting major retailers like Target and Home Depot to attacking countless, smaller users of POS systems is giving financial institutions a run for their money as they struggle to figure out which merchants are responsible for card fraud.

Don’t Be Fodder for China’s ‘Great Cannon’

April 10, 2015

57 Comments

China has been actively diverting unencrypted Web traffic destined for its top online search service — Baidu.com — so that some visitors from outside of the country were unwittingly enlisted in a novel and unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools, according to research released this week.

FBI Warns of Fake Govt Sites, ISIS Defacements

April 7, 2015

28 Comments

The Federal Bureau of Investigation (FBI) is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams (ISIS) are mass-defacing Websites using known vulnerabilities in WordPress. The FBI also issued an alert advising that criminals are hosting fraudulent… Read More »

Sign Up at irs.gov Before Crooks Do It For You

March 30, 2015

286 Comments

If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Recently, KrebsOnSecurity… Read More »

Tax Fraud Advice, Straight from the Scammers

March 25, 2015

41 Comments

Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires. Few topics so reliably generate discussion on crime forums around this time of year as tax return fraud, as we’ll see in the conversations highlighted in this post.

Kreditech Investigates Insider Breach

March 24, 2015

22 Comments

Kreditech doesn’t appear to operate in the United States, nor in Germany where it is based. According to a cursory overview of the documents leaked online, the bulk of Kreditech’s customers/applicants are from Brazil, the Czech Republic, Dominican Republic, Mexico, Poland, Russia, Spain and Romania.