A man identified as one of the world’s top purveyors of junk e-mail has been imprisoned in Russia for allegedly having sex with underage girls, KrebsOnSecurity.com has learned.
According to multiple sources, Leonid “Leo” Aleksandorovich Kuvayev, 38, was sent to a prison in the Russian Federation roughly six months ago. It is not clear how long his sentence is or precisely where he is being held.
A California escrow firm has been forced to take out a pricey loan to pay back $465,000 that was stolen when hackers hijacked the company’s online bank account earlier this year.
In March, computer criminals broke into the network of Redondo Beach-based Village Escrow Inc. and sent 26 consecutive wire transfers to 20 individuals around the world who had no legitimate business with the firm.
Most computer users understand the concept of security flaws in common desktop software such as media players and instant message clients, but those same users often are surprised to learn that the very software tools attackers use to break into networks and computers typically are riddled with their own hidden security holes. Indeed, bugs that reside in attack software of the sort sold to criminals are extremely valuable to law enforcement officials and so-called “white hat” hackers, who can leverage these weaknesses to spy on the attackers or interfere with their day-to-day operations.
Keystroke-logging computer viruses let crooks steal your passwords, and sometimes even read your e-mails and online chats. Recently, however, anonymous criminals have added insult to injury, releasing a keylogger that publishes stolen information for all the world to see at online notepad sharing sites such as pastebin.com.
ATM skimmers, fraud devices that criminals attach to cash machines in a bid to steal and ultimately clone customer bank card data, are marketed on a surprisingly large number of open forums and Web sites. For example, ATMbrakers operates a forum that claims to sell or even rent ATM skimmers. Tradekey.com, a place where you can find truly anything for sale, also markets these devices on the cheap.
The truth is that most of these skimmers openly advertised are little more than scams designed to separate clueless crooks from their ill-gotten gains. Start poking around on some of the more exclusive online fraud forums for sellers who have built up a reputation in this business and chances are eventually you will hit upon the real deal.
David Green normally only accessed his company’s online bank account from his trusty Mac laptop. Then one day this April while he was home sick, Green found himself needing to authorize a transfer of money out of his firm’s account. Trouble was, he’d left his Mac at work. So he decided to log in to the company’s bank account using his wife’s Windows PC.
Unfortunately for Green, that PC was the same computer his kids used to browse the Web, chat, and play games online. It was also the same computer that organized thieves had already compromised with a password-stealing Trojan horse program.
A few days later, the crooks used those same credentials to steal nearly $100,000 from the company’s online accounts, sending the money in sub- $10,000 and sub-$5,000 chunks to 14 individuals across the United States.
Not long after I launched this blog, I wrote about the damage wrought by the Eleonore Exploit Kit, an increasingly prevalent commercial hacking tool that makes it easy for criminals to booby-trap Web sites with malicious software. That post generated tremendous public interest because it offered a peek at the statistics page that normally only the criminals operating these kits get to see.
I’m revisiting this topic again because I managed to have a look at another live Eleonore exploit pack panel, and the data seems to reinforce a previous hunch: Today’s attackers care less about the browser you use and more about whether your third-party browser add-ons and plugins are up-to-date.
Carders.cc, an German-language online forum dedicated to helping criminals trade and sell consumer data stolen through hacking, has itself been hacked. The once-guarded contents of its servers are now being traded on public file-sharing networks, leading to the exposure of identifying information on both the forum’s users and countless passwords, credit and debit cards swiped from unsuspecting victims.
A leading Russian politician has accused a prominent Moscow businessman of running an international spam and online pharmacy operation while serving as an anti-spam adviser to the Russian government. Russian investigators now say they plan to create a special task force to look into the allegations.
Phishing may not be the most sophisticated form of cyber crime, but it can be a lucrative trade for those who decide to make it their day jobs. Indeed, data secretly collected from an international phishing operation over the last 18 months suggests that criminals who pursue a career in phishing can steal millions of dollars a year, even if they only manage to snag just a few victims per scam.
