A 24-year-old Algerian man arrested in Thailand earlier this year on suspicion of co-developing and selling the infamous SpyEye banking trojan was extradited this week to the United States, where he faces criminal charges for allegedly hijacking bank accounts at more than 200 financial institutions.
Many readers have been asking for an update on the “SWATting” incident at my home last month, in which someone claiming to be me called in a phony home invasion in progress at my address, prompting a heavily armed police response. There are two incremental developments on this story. The first is I’ve learned more about how the hoax was perpetrated. The second is that new evidence suggests that the same party or parties responsible also have been SWATting Hollywood celebrities and posting their personal information on site called exposed.re.
To say that there is a law enforcement manhunt on for the individuals responsible for posting credit report information on public figures and celebrities at the rogue site exposed.su would be a major understatement. I like to think that when that investigation is completed, some of the information I’ve helped to uncover about those affiliated with the site will come to light. For now, however, I’m content to retrace some of my footwork this past weekend that went into tracking individuals who may have been responsible for attacking my site and SWATing my home last Thursday.
Following the online publication of Social Security numbers and other sensitive data on high-profile Americans, the three major credit reporting bureaus say they’ve uncovered cases where hackers gained access to users’ information, Bloomberg reports. The disclosure, while probably discomforting for many, offers but a glimpse of the sensitive data available to denizens of the cybercrime underworld, which hosts several storefronts that sell cheap, illegal access to consumer credit reports.
An explosion in malware targeting Android users is being fueled in part by a budding market for mobile malcode creation kits, as well as a bustling market for hijacked or fraudulent developer accounts at Google Play that can be used to disguise malware as legitimate apps for sale.
Nate Anderson at Ars Technica has a good story about how investigators tracked down “Virus,” the nickname allegedly used by a Romanian man accused by the U.S. Justice Department of running the Web hosting operations for a group that created and marketed the Gozi banking Trojan. Turns out, I’ve been sitting on some fascinating details about this hosting provider for many months without fully realizing what I had.
Not long ago, PCs compromised by malware were put to a limited number of fraudulent uses, including spam, click fraud and denial-of-service attacks. These days, computer crooks are extracting and selling a much broader array of data stolen from hacked systems, including passwords and associated email credentials tied to a variety of online retailers.
An online service boldly advertised in the cyber underground lets miscreants hire accomplices in several major U.S. cities to help empty bank accounts, steal tax refunds and intercept fraudulent purchases of high-dollar merchandise.
An increasing number of services offered in the cybercrime underground allow miscreants to purchase access to hacked computers at specific organizations. For just a few dollars, these services offer the ability to buy your way inside of Fortune 500 company networks.
Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSA’s advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. I’m weighing in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about why online attacks are becoming bolder and more brash toward Western targets.
