Category Archives: A Little Sunshine

Includes investigative blog posts meant to shine a light on the darker corners of the Internet.

Software Pirate Cracks Cybercriminal Wares

October 17, 2011
25 Comments

Make enough contacts in the Internet security community and you will probably learn that many of the folks involved in defending computers and networks against criminals got started in security by engaging in online illegal activity of one sort or another. These personal shifts are sometimes motivated by ethical and personal safety reasons, but just as often grey- and black hat hackers gravitate toward the defensive side simply because it is more intellectually challenging.

ATM Skimmer Powered by MP3 Player

October 13, 2011
7 Comments

Almost a year ago, I wrote about ATM skimmers made of parts cannibalized from old MP3 players. Since then, I’ve noticed quite a few more ads for these MP3-powered skimmers in the criminal underground, perhaps because audio skimmers allow fraudsters to sell lucrative service contracts along with their theft devices.

Using audio to capture credit and debit card data is not a new technique, but it is becoming vogue: Square, an increasingly popular credit card reader built for the iPhone, works by plugging into the headphone jack on the iPhone and converting credit card data stored on the card into audio files.

Shady Reshipping Centers Exposed, Part I

October 12, 2011
50 Comments

Last week, authorities in New York indicted more than 100 people suspected of being part of a crime ring that used forged credit cards to buy and resell an estimated $13 million worth of Apple products and other electronics overseas.… Read More »

Inside a Modern Mac Trojan

September 28, 2011
31 Comments

Mac malware is back in the news again. Last week, security firm F-Secure warned that it had discovered a Trojan built for OS X that was disguised as a PDF document. It’s not clear whether this malware is a present threat — it was apparently created sometime last year — but the mechanics of how it infects Mac systems is worth a closer look because it challenges a widely-held belief among Mac users that malicious software cannot install without explicit user permission.

MySQL.com Sold for $3k, Serves Malware

September 26, 2011
41 Comments

A security firm revealed today that mysql.com, the central repository for widely-used Web database software, was hacked and booby-trapped to serve visitors with malicious software. The disclosure caught my eye because just a few days ago I saw evidence that administrative access to mysql.com was being sold on the hacker underground for just $3,000.

Gang Used 3D Printers for ATM Skimmers

September 20, 2011
87 Comments

An ATM skimmer gang stole more than $400,000 using skimming devices built with the help of high-tech 3D printers, federal prosecutors say.

Before I get to the gang, let me explain briefly how ATM skimmers work, and why 3D printing is a noteworthy development in this type of fraud.

Cultural CAPTCHAs

September 19, 2011
32 Comments

CAPTCHAs, those squiggly and frustrating puzzles that many Web sites require users to solve before registering or leaving comments, are designed to block automated activity and deter spammers. But for some Russian-language forums that cater to spammers and other miscreants, CAPTCHAs may also be part of a vetting process designed to frustrate foreign newbie hackers and investigators.