Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

Chip & PIN vs. Chip & Signature

October 30, 2014

The Obama administration recently issued an executive order requiring that federal agencies migrate to more secure chip-and-PIN based credit cards for all federal employees that are issued payment cards. The move marks a departure from the far more prevalent “chip-and-signature” standard, an approach that has been overwhelmingly adopted by a majority of U.S. banks that are currently issuing chip-based cards. This post seeks to explore some of the possible reasons for the disparity.

How to Tell Data Leaks from Publicity Stunts

October 29, 2014

47 Comments

In an era when new consumer data breaches are disclosed daily, fake claims about data leaks are sadly becoming more common. These claims typically come from fame-seeking youngsters who enjoy trolling journalists and corporations, and otherwise wasting everyone’s time. Fortunately, a new analysis of recent bogus breach claims provides some simple tools that anyone can use to quickly identify fake data leak claims.

Seleznev Arrest Explains ‘2Pac’ Downtime

October 15, 2014

32 Comments

The U.S. Justice Department has piled on more charges against alleged cybercrime kingpin Roman Seleznev, a Russian national who made headlines in July when it emerged that he’d been whisked away to Guam by U.S. federal agents while vacationing in the Maldives. The additional charges against Seleznev may help explain the extended downtime at an extremely popular credit card fraud shop in the cybercrime underground.

Who’s Watching Your WebEx?

October 13, 2014

48 Comments

KrebsOnSecurity spent a good part of the past week working with Cisco to alert more than four dozen companies — many of them household names — about regular corporate WebEx conference meetings that lack passwords and are thus open to anyone who wants to listen in.

Huge Data Leak at Largest U.S. Bond Insurer

October 7, 2014

69 Comments

On Monday, KrebsOnSecurity notified the Municipal Bond Insurance Association — the nation’s largest bond insurer — that a misconfiguration in a company Web server had exposed countless customer account numbers, balances and other sensitive data. Much of the information had been indexed by search engines, including a page listing administrative credentials that attackers could use to access data that wasn’t already accessible via a simple Web search.

Silk Road Lawyers Poke Holes in FBI’s Story

October 2, 2014

131 Comments

New court documents released this week by the U.S. government in its case against the alleged ringleader of the Silk Road online black market and drug bazaar suggest that the feds may have some ‘splaining to do.

ID Theft Service Customer Gets 27 Months

October 1, 2014

58 Comments

A Florida man was sentenced today to 27 months in prison for trying to purchase Social Security numbers and other data from an identity theft service that pulled consumer records from a subsidiary of credit bureau Experian.

Signature Systems Breach Expands

September 26, 2014

65 Comments

Signature Systems Inc., the point-of-sale vendor blamed for a credit and debit card breach involving some 216 Jimmy John’s sandwich shop locations, now says the breach also may have jeopardized customer card numbers at nearly 100 other independent restaurants across the country that use its products.

Jimmy John’s Confirms Breach at 216 Stores

September 24, 2014

94 Comments

More than seven weeks after this publication broke the news of a possible credit card breach at nationwide sandwich chain Jimmy John’s, the company now confirms that a break-in at one of its payment vendors jeopardized customer credit and debit card information at 216 stores.

Who’s Behind the Bogus $49.95 Charges?

September 22, 2014

50 Comments

Hardly a week goes by when I don’t hear from a reader wondering about the origins of a bogus credit card charge for $49.95 or some similar amount for a product they never ordered. As this post will explain, such charges appear to be the result of crooks trying to game various online affiliate programs by using stolen credit cards.