Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

St. Louis Federal Reserve Suffers DNS Breach

May 18, 2015
44 Comments

The St. Louis Federal Reserve today sent a message to the banks it serves alerting them that in late April 2015 attackers succeeded in hijacking the domain name servers for the institution. The attack redirected Web searches and queries for those seeking a variety of domains run by the government entity to a Web page set up by the attackers in an apparent bid by cybercrooks to hijack online communications of banks and other entities dealing with the regional Fed office.

Starbucks Hacked? No, But You Might Be

May 18, 2015
48 Comments

When it comes to reporting on breaches involving customer accounts at major brands, the news media overall deserves an F-minus. Hardly a week goes by when I don’t hear from readers about a breathless story proclaiming that yet another household brand name company has been hacked. Upon closer inspection, the stories usually are based on little more than anecdotal evidence from customers who had their online loyalty or points accounts hijacked and then drained of value.

Mobile Spyware Maker mSpy Hacked, Customer Data Leaked

May 14, 2015
86 Comments

mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked. Last week, a huge trove of data apparently stolen from the company’s servers was posted on the Dark Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy “users.”

Who’s Scanning Your Network? (A: Everyone)

May 10, 2015
63 Comments

Not long ago I heard from a reader who wanted advice on how to stop someone from scanning his home network, or at least recommendations about to whom he should report the person doing the scanning. I couldn’t believe that people actually still cared about scanning, and I told him as much: These days there are countless entities — some benign and research-oriented, and some less benign — that are continuously mapping and cataloging virtually every devices that’s put online.

Deconstructing the 2014 Sally Beauty Breach

May 7, 2015
54 Comments

This week, nationwide beauty products chain Sally Beauty disclosed that, for the second time in a year, it was investigating reports that hackers had broken into its networks and stolen customer credit card data. That investigation is ongoing, but I recently had an opportunity to interview a former Sally Beauty IT technician who provided a first-hand look at how the first breach in 2014 breach went down.

PayIvy Sells Your Online Accounts Via PayPal

May 6, 2015
47 Comments

Normally, if one wishes to buy stolen account credentials for paid online services like Netflix, Hulu, XBox Live or Spotify, the buyer needs to visit a cybercrime forum or drop into a dark Web marketplace that only accepts Bitcoin as payment. Increasingly, however, these accounts are showing up for sale at Payivy[dot]com, an open Web marketplace that happily accepts PayPal in exchange for a variety of stolen accounts.

Harbortouch is Latest POS Vendor Breach

May 1, 2015
59 Comments

Last week, Allentown, Pa. based point-of-sale (POS) maker Harbortouch disclosed that a breach involving “a small number” of its restaurant and bar customers were impacted by malicious software that allowed thieves to siphon customer card data from affected merchants. KrebsOnSecurity has recently heard from a major U.S. card issuer that says the company is radically downplaying the scope of the breach, and that the compromise appears to have impacted more than 4,200 Harbortouch customers nationwide.

China Censors Facebook.net, Blocks Sites With “Like” Buttons

April 28, 2015
20 Comments

Chinese government censors at the helm of the “Great Firewall of China” appear to have errantly blocked Chinese Web surfers from visiting pages that call out to connect.facebook.net, a resource used by Facebook’s “like” buttons. While the apparent screw-up was quickly fixed, the block was cached by many Chinese networks — effectively preventing millions of Chinese Web surfers from visiting a huge number of sites that are not normally censored.

A Day in the Life of a Stolen Healthcare Record

April 28, 2015
57 Comments

When your credit card gets stolen because a merchant you did business with got hacked, it’s often quite easy for investigators to figure out which company was victimized. The process of divining the provenance of stolen healthcare records, however, is far trickier because these records typically are processed or handled by a gauntlet of third party firms, most of which have no direct relationship with the patient or customer ultimately harmed by the breach.

SendGrid: Employee Account Hacked, Used to Steal Customer Credentials

April 27, 2015
14 Comments

Sendgrid, an email service used by tens of thousands of companies — including Silicon Valley giants as well as Bitcoin exchange Coinbase — said attackers compromised a Sendgrid employee’s account, which was then used to steal the usernames, email addresses and (hashed) passwords of customer and employee accounts. The announcement comes several weeks after Sendgrid sought to assure customers that the breach was limited to a single customer account.