Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

‘Biggest Cybercriminal Takedown in History’

November 9, 2011
16 Comments

The proprietors of shadowy online businesses that have become synonymous with cybercrime in recent years were arrested in their native Estonia on Tuesday and charged with running a sophisticated click fraud scheme that infected with malware more than four million computers in over 100 countries — including an estimated 500,000 PCs in the United States. The law enforcement action was the result of a multi-year investigation, and is being called the “biggest cybercriminal takedown in history.”

How Much Is Your Identity Worth?

November 8, 2011
21 Comments

How much does it cost for thieves to discover the data that unlocks a person’s identity for creditors, such as your Social Security number, birthday, or mother’s maiden name? Would it surprise you to learn that crooks are selling this data to any and all comers for pennies on the dollar?

At least, that’s the going price at superget.info. This fraudster-friendly site has been operating since July 2010, and markets the ability to look up SSNs, DOBs, birthdays and other sensitive information on millions of Americans. Registration is free, and accounts are funded via WebMoney and Liberty Reserve, virtual currencies that are popular in the cybercriminal underground.

Once your account is funded, Superget lets users search for specific individuals by name, city, and state. Each “credit” costs USD$1, and a successful hit on a Social Security number or date of birth costs 3 credits each. Of course, the more credits you buy, the cheaper the searches are per credit. Six credits cost $4.99; 35 credits cost $20.99, and $100.99 buys you 230 credits. Customers with special needs to can avail themselves of the “reseller plan,” which promises 1,500 credits for $500.99, and 3,500 credits for $1000.99.

Are You on the Pwnedlist?

November 2, 2011
36 Comments

2011 has been called the year of the data breach, with hacker groups publishing troves of stolen data online almost daily. Now a new site called pwnedlist.com lets users check to see if their email address or username and associated information may have been compromised.

Pwnedlist.com is the creation of Alen Puzic and Jasiel Spelman, two security researchers from DVLabs, a division of HP/TippingPoint. Enter a username or email address into the site’s search box, and it will check to see if the information was found in any of these recent public data dumps.

Jailed ChronoPay Co-Founder Denied Bail

November 1, 2011
13 Comments

A Moscow court on Monday denied bail for Pavel Vrublevsky, a Russian businessman who was charged earlier this year with hiring hackers to launch costly online attacks against his rivals. The denial came even after Vrublevsky apparently admitted his role… Read More »

Turning Hot Credit Cards into Hot Stuff

October 31, 2011
12 Comments

Would that all cyber crimes presented such a tidy spreadsheet of the victim and perpetrator data as neatly as does profsoyuz.biz, one of the longest-running criminal reshipping programs on the Internet.

Launched in 2006 under a slightly different domain name, Profsoyuz is a business marketed on invite-only cybercriminal forums to help credit card thieves “cash out” compromised accounts by purchasing and selling merchandise online. Most Western businesses will not ship to Russia and Eastern Europe due to high fraud rates in those areas, so businesses like Profsoyuz hire Americans to receive stolen merchandise and reship it to those embargoed regions.

Chasing APT: Persistence Pays Off

October 27, 2011
30 Comments

The IT director for an international hedge fund received the bad news in a phone call from a stranger: Chinese hackers were running amok on the fund’s network. Not seeing evidence of the claimed intrusion, and unsure of the credibility of the caller, the IT director fired off an email to a reporter.

“So do you think this is legit, or is the guy trying to scare us?” the IT director asked in an email to KrebsOnSecurity.com, agreeing to discuss the incident if he and his company were not named. “He has sent me the logs for the connections to the infected server. I checked the firewall and am not seeing any active connections.”

Who Else Was Hit by the RSA Attackers?

October 24, 2011
94 Comments

The data breach disclosed in March by security firm RSA received worldwide attention because it highlighted the challenges that organizations face in detecting and blocking intrusions from targeted cyber attacks. What’s more, the subtext of the intrusion was that if this could happen to one of the largest security firms, what hope was there for organizations that aren’t focused on security?

Security experts have said that RSA wasn’t the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure. But so far, no one has been willing to say publicly which additional companies may have been hit. Today’s post features a never-before-published list of those victim organizations. The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list.

Software Pirate Cracks Cybercriminal Wares

October 17, 2011
25 Comments

Make enough contacts in the Internet security community and you will probably learn that many of the folks involved in defending computers and networks against criminals got started in security by engaging in online illegal activity of one sort or another. These personal shifts are sometimes motivated by ethical and personal safety reasons, but just as often grey- and black hat hackers gravitate toward the defensive side simply because it is more intellectually challenging.

ATM Skimmer Powered by MP3 Player

October 13, 2011
7 Comments

Almost a year ago, I wrote about ATM skimmers made of parts cannibalized from old MP3 players. Since then, I’ve noticed quite a few more ads for these MP3-powered skimmers in the criminal underground, perhaps because audio skimmers allow fraudsters to sell lucrative service contracts along with their theft devices.

Using audio to capture credit and debit card data is not a new technique, but it is becoming vogue: Square, an increasingly popular credit card reader built for the iPhone, works by plugging into the headphone jack on the iPhone and converting credit card data stored on the card into audio files.

Shady Reshipping Centers Exposed, Part I

October 12, 2011
50 Comments

Last week, authorities in New York indicted more than 100 people suspected of being part of a crime ring that used forged credit cards to buy and resell an estimated $13 million worth of Apple products and other electronics overseas.… Read More »