Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

Fool Me Once…

April 2, 2013

When you’re lurking in the computer crime underground, it pays to watch your back and to keep your BS meter set to ‘maximum.’ But when you’ve gained access to an elite black market section of a closely guarded crime forum to which very few have access, it’s easy to let your guard down. That’s what I did earlier this year, and it caused me to chase a false story. This blog post aims to set the record straight on that front, and to offer a cautionary (and possibly entertaining) tale to other would-be cybersleuths.

DHS Warns of ‘TDos’ Extortion Attacks on Public Emergency Networks

April 1, 2013

37 Comments

As if emergency responders weren’t already overloaded: Increasingly, extortionists are launching debilitating attacks designed to overwhelm the telephone networks of emergency communications centers and personnel, according to a confidential alert jointly issued by the Department of Homeland Security and the FBI.

Cash Claws, Fake Fascias & Tampered Tickets

March 28, 2013

33 Comments

Credit and debit card skimmers aren’t just for ATMs anymore. According to European anti-fraud experts, innovative skimming devices are being found on everything from train ticket kiosks to parking meters and a host of other unattended payment terminals.

Privacy 101: Skype Leaks Your Location

March 21, 2013

55 Comments

The events of the past week reminded me of a privacy topic I’ve been meaning to revisit: That voice-over-IP telephony service Skype constantly exposes your Internet address to the entire world, and that there are now numerous free and commercial tools that can be used to link Skype user account names to numeric Internet addresses.

The Obscurest Epoch is Today

March 18, 2013

198 Comments

To say that there is a law enforcement manhunt on for the individuals responsible for posting credit report information on public figures and celebrities at the rogue site exposed.su would be a major understatement. I like to think that when that investigation is completed, some of the information I’ve helped to uncover about those affiliated with the site will come to light. For now, however, I’m content to retrace some of my footwork this past weekend that went into tracking individuals who may have been responsible for attacking my site and SWATing my home last Thursday.

The World Has No Room For Cowards

March 15, 2013

199 Comments

It’s not often that one has the opportunity to be the target of a kinetic and cyber attack at the same time. But that is exactly what’s happened to me and my Web site over the past 24 hours. On Thursday afternoon, my site was the target of a fairly massive denial of service attack. That attack was punctuated by a visit from a heavily armed local police unit that was tricked into responding to a 911 call spoofed to look like it came from my home.

Credit Reports Sold for Cheap in the Underweb

March 13, 2013

38 Comments

Following the online publication of Social Security numbers and other sensitive data on high-profile Americans, the three major credit reporting bureaus say they’ve uncovered cases where hackers gained access to users’ information, Bloomberg reports. The disclosure, while probably discomforting for many, offers but a glimpse of the sensitive data available to denizens of the cybercrime underworld, which hosts several storefronts that sell cheap, illegal access to consumer credit reports.

Mobile Malcoders Pay to (Google) Play

March 6, 2013

36 Comments

An explosion in malware targeting Android users is being fueled in part by a budding market for mobile malcode creation kits, as well as a bustling market for hijacked or fraudulent developer accounts at Google Play that can be used to disguise malware as legitimate apps for sale.

Bit9 Breach Began in July 2012

February 20, 2013

24 Comments

Cyber espionage hackers who broke into security firm Bit9 initially breached the company’s defenses in July 2012, according to evidence being gathered by security experts investigating the incident. Bit9 remains reluctant to name customers that were impacted by the intrusion, but the custom-made malicious software used in the attack was deployed last year in highly targeted attacks against U.S. Defense contractors.

Exploit Sat on LA Times Website for 6 Weeks

February 13, 2013

39 Comments

The Los Angeles Times has scrubbed its Web site of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks.