Posts Tagged: Associated Press


24
May 18

3 Charged In Fatal Kansas ‘Swatting’ Attack

Federal prosecutors have charged three men with carrying out a deadly hoax known as “swatting,” in which perpetrators call or message a target’s local 911 operators claiming a fake hostage situation or a bomb threat in progress at the target’s address — with the expectation that local police may respond to the scene with deadly force. While only one of the three men is accused of making the phony call to police that got an innocent man shot and killed, investigators say the other two men’s efforts to taunt and deceive one another ultimately helped point the gun.

Tyler “SWAuTistic” Barriss. Photo: AP

According to prosecutors, the tragic hoax started with a dispute over a match in the online game “Call of Duty.” The indictment says Shane M. Gaskill, a 19-year-old Wichita, Kansas resident, and Casey S. Viner, 18, had a falling out over a $1.50 game wager.

Viner allegedly wanted to get back at Gaskill, and so enlisted the help of another man — Tyler R. Barriss — a serial swatter known by the alias “SWAuTistic” who’d bragged of “swatting” hundreds of schools and dozens of private residences.

The federal indictment references transcripts of alleged online chats among the three men. In an exchange on Dec. 28, 2017, Gaskill taunts Barriss on Twitter after noticing that Barriss’s Twitter account (@swattingaccount) had suddenly started following him.

Viner and Barriss both allegedly say if Gaskill isn’t scared of getting swatted, he should give up his home address. But the address that Gaskill gave Viner to pass on to Barriss no longer belonged to him and was occupied by a new tenant.

Barriss allegedly then called the emergency 911 operators in Wichita and said he was at the address provided by Viner, that he’d just shot his father in the head, was holding his mom and sister at gunpoint, and was thinking about burning down the home with everyone inside.

Wichita police quickly responded to the fake hostage report and surrounded the address given by Gaskill. Seconds later, 28-year-old Andrew Finch exited his mom’s home and was killed by a single shot from a Wichita police officer. Finch, a father of two, had no party to the gamers’ dispute and was simply in the wrong place at the wrong time.

Just minutes after the fatal shooting, Barriss — who is in Los Angeles  — is allegedly anxious to learn if his Kansas swat attempt was successful. Someone has just sent Barriss a screenshot of a conversation between Viner and Gaskill mentioning police at Gaskill’s home and someone getting killed. So Barriss allegedly then starts needling Gaskill via instant message:

Defendant BARRISS: Yo answer me this
Defendant BARRISS: Did police show up to your house yes or no
Defendant GASKILL: No dumb fuck
Defendant BARRISS: Lmao here’s how I know you’re lying

Prosecutors say Barriss then posted a screen shot showing the following conversation between Viner and Gaskill:

Defendant VINER: Oi
Defendant GASKILL: Hi
Defendant VINER: Did anyone show @ your house?
Defendant VINER: Be honest
Defendant GASKILL: Nope
Defendant GASKILL: The cops are at my house because someone ik just killed his dad

Barriss and Gaskill then allegedly continued their conversation:

Defendant GASKILL: They showed up to my old house retard
Defendant BARRISS: That was the call script
Defendant BARRISS: Lol
Defendant GASKILL: Your literally retarded
Defendant GASKILL: Ik dumb ass
Defendant BARRISS: So you just got caught in a lie
Defendant GASKILL: No I played along with you
Defendant GASKILL: They showed up to my old house that we own and rented out
Defendant GASKILL: We don’t live there anymore bahahaha
Defendant GASKILL: ik you just wasted your time and now your pissed
Defendant BARRISS: Not really
Defendant BARRISS: Once you said “killed his dad” I knew it worked lol
Defendant BARRISS: That was the call lol
Defendant GASKILL: Yes it did buy they never showed up to my house
Defendant GASKILL: You guys got trolled
Defendant GASKILL: Look up who live there we moved out almost a year ago
Defendant GASKILL: I give you props though you’re the 1% that can actually swat babahaha
Defendant BARRISS: Dude MY point is You gave an address that you dont live at but you were acting tough lol
Defendant BARRISS: So you’re a bitch

Later on the evening of Dec. 28, after news of the fatal swatting started blanketing the local television coverage in Kansas, Gaskill allegedly told Barriss to delete their previous messages. “Bape” in this conversation refers to a nickname allegedly used by Casey Viner: Continue reading →


14
May 18

Detecting Cloned Cards at the ATM, Register

Much of the fraud involving counterfeit credit, ATM debit and retail gift cards relies on the ability of thieves to use cheap, widely available hardware to encode stolen data onto any card’s magnetic stripe. But new research suggests retailers and ATM operators could reliably detect counterfeit cards using a simple technology that flags cards which appear to have been altered by such tools.

A gift card purchased at retail with an unmasked PIN hidden behind a paper sleeve. Such PINs can be easily copied by an adversary, who waits until the card is purchased to steal the card’s funds. Image: University of Florida.

Researchers at the University of Florida found that account data encoded on legitimate cards is invariably written using quality-controlled, automated facilities that tend to imprint the information in uniform, consistent patterns.

Cloned cards, however, usually are created by hand with inexpensive encoding machines, and as a result feature far more variance or “jitter” in the placement of digital bits on the card’s stripe.

Gift cards can be extremely profitable and brand-building for retailers, but gift card fraud creates a very negative shopping experience for consumers and a costly conundrum for retailers. The FBI estimates that while gift card fraud makes up a small percentage of overall gift card sales and use, approximately $130 billion worth of gift cards are sold each year.

One of the most common forms of gift card fraud involves thieves tampering with cards inside the retailer’s store — before the cards are purchased by legitimate customers. Using a handheld card reader, crooks will swipe the stripe to record the card’s serial number and other data needed to duplicate the card.

If there is a PIN on the gift card packaging, the thieves record that as well. In many cases, the PIN is obscured by a scratch-off decal, but gift card thieves can easily scratch those off and then replace the material with identical or similar decals that are sold very cheaply by the roll online.

“They can buy big rolls of that online for almost nothing,” said Patrick Traynor, an associate professor of computer science at the University of Florida. “Retailers we’ve worked with have told us they’ve gone to their gift card racks and found tons of this scratch-off stuff on the ground near the racks.”

At this point the cards are still worthless because they haven’t yet been activated. But armed with the card’s serial number and PIN, thieves can simply monitor the gift card account at the retailer’s online portal and wait until the cards are paid for and activated at the checkout register by an unwitting shopper.

Once a card is activated, thieves can encode that card’s data onto any card with a magnetic stripe and use that counterfeit to purchase merchandise at the retailer. The stolen goods typically are then sold online or on the street. Meanwhile, the person who bought the card (or the person who received it as a gift) finds the card is drained of funds when they eventually get around to using it at a retail store.

The top two gift cards show signs that someone previously peeled back the protective sticker covering the redemption code. Image: Flint Gatrell.

Traynor and a team of five other University of Florida researchers partnered with retail giant WalMart to test their technology, which Traynor said can be easily and quite cheaply incorporated into point-of-sale systems at retail store cash registers. They said the WalMart trial demonstrated that researchers’ technology distinguished legitimate gift cards from clones with up to 99.3 percent accuracy.

While impressive, that rate still means the technology could still generate a “false positive” — erroneously flagging a legitimate customer as using a fraudulently obtained gift card in a non-trivial number of cases. But Traynor said the retailers they spoke with in testing their equipment all indicated they would welcome any additional tools to curb the incidence of gift card fraud.

“We’ve talked with quite a few retail loss prevention folks,” he said. “Most said even if they can simply flag the transaction and make a note of the person [presenting the cloned card] that this would be a win for them. Often, putting someone on notice that loss prevention is watching is enough to make them stop — at least at that store. From our discussions with a few big-box retailers, this kind of fraud is probably their newest big concern, although they don’t talk much about it publicly. If the attacker does any better than simply cloning the card to a blank white card, they’re pretty much powerless to stop the attack, and that’s a pretty consistent story behind closed doors.” Continue reading →


17
Aug 15

IRS: 330K Taxpayers Hit by ‘Get Transcript’ Scam

The Internal Revenue Service (IRS) disclosed today that identity thieves abused a feature on the agency’s Web site to pull sensitive data on more than 330,000 potential victims as part of a scheme to file fraudulent tax refund requests. The new figure is far larger than the number of Americans the IRS said were potentially impacted when it first acknowledged the vulnerability in May 2015 — two months after KrebsOnSecurity first raised alarms about the weakness.

Screenshot 2015-03-29 14.22.55In March 2015, I warned readers to Sign Up at IRS.gov Before Crooks Do It For You — which tracked the nightmarish story of Michael Kasper, one of millions of Americans victimized by tax refund fraud each year. When Kasper tried to get a transcript of the fraudulent return using the “Get Transcript” function on IRS.gov, he learned that someone had already registered through the IRS’s site using his Social Security number and an unknown email address.

Two months later, IRS Commissioner John Koskinen publicly acknowledged that crooks had used this feature to pull sensitive data on at least 110,000 taxpayers. Today, the Associated Press and other news outlets reported that the IRS is now revising those figures, estimating that an additional 220,000 potential victims had Social Security numbers and information from previous years’ tax filings stolen via the IRS Web site.

“In all, the thieves used personal information from about 610,000 taxpayers in an effort to access old tax returns,” the AP story notes. “They were successful in getting information from about 334,000 taxpayers.”

A BROKEN PROCESS

The IRS’s experience should tell consumers something about the effectiveness of the technology that the IRS, banks and countless other organizations use to screen requests for sensitive information.

As I reported in March, taxpayers who wished to obtain a copy of their most recent tax transcript had to provide the IRS with the following information: The applicant’s name, date of birth, Social Security number and filing status. After that data is successfully supplied, the IRS uses a service from credit bureau Equifax that asks four so-called “knowledge-based authentication” (KBA) questions. Anyone who succeeds in supplying the correct answers can see the applicant’s full tax transcript, including prior W2s, current W2s and more or less everything one would need to fraudulently file for a tax refund.

These KBA questions — which involve multiple choice, “out of wallet” questions such as previous address, loan amounts and dates — can be successfully enumerated with random guessing. But in practice it is far easier, as we can see from the fact that thieves were successfully able to navigate the multiple questions more than half of the times they tried.

If any readers here doubt how easy it is to buy personal data on just about anyone, check out the story I wrote in December 2014, wherein I was able to find the name, address, Social Security number, previous address and phone number on all current members of the U.S. Senate Commerce Committee. This information is no longer secret (nor are the answers to KBA-based questions), and we are all made vulnerable to identity theft as long as institutions continue to rely on static information as authenticators.

Unfortunately, the IRS is not the only government agency whose reliance on static identifiers actually makes them complicit in facilitating identity theft against Americans. The same process described to obtain a tax transcript at irs.gov works to obtain a free credit report from annualcreditreport.com, a Web site mandated by Congress. In addition, Americans who have not already created an account at the Social Security Administration under their Social Security number are vulnerable to crooks hijacking SSA benefits now or in the future. For more on how crooks are siphoning Social Security benefits via government sites, check out this story.

THE IRS IS STILL VULNERABLE

The IRS has responded to the problem of tax ID theft partly by offering Identity Protection PINs (IP PINs) to affected taxpayers that must be supplied on the following year’s tax application before the IRS will accept the return. However, according to Kasper — the tax ID theft victim whose story first prompted my reporting on the Get Transcript abuse problem back in March — the IRS.gov Web site allows consumers who have lost their IP PINs to recover them, and incredibly that feature is still using the same authentication method relied upon by  the IRS’s flawed Get Transcript function.

Continue reading →


26
May 15

IRS: Crooks Stole Data on 100K Taxpayers Via ‘Get Transcript’ Feature

In March 2015, KrebsOnSecurity broke the news that identity thieves engaged in filing fraudulent tax refund requests with the Internal Revenue Service (IRS) were using the IRS’s own Web site to obtain taxpayer data needed to complete the phony requests. Today, IRS Commissioner John Koskinen acknowledged that crooks used this feature to pull sensitive data on more than 100,000 taxpayers this year.

Screenshot 2015-03-29 14.22.55That March story — Sign Up at IRS.gov Before Crooks Do It For You — tracked the nightmarish story of Michael Kasper, one of millions of Americans victimized by tax refund fraud each year. When Kasper tried to get a transcript of the fraudulent return using the “Get Transcript” function on IRS.gov, he learned that someone had already registered through the IRS’s site using his Social Security number and an unknown email address.

Koskinen was quoted today in an Associated Press story saying the IRS was alerted to the thieves when technicians noticed an increase in the number of taxpayers seeking transcripts. The story noted that the IRS said they targeted the system from February to mid-May, and that the service has been temporarily shut down. Prior to that shutdown, the IRS estimates that thieves used the data to steal up to $50 million in fraudulent refunds.

“In all, about 200,000 attempts were made from questionable email domains, with more than 100,000 of those attempts successfully clearing authentication hurdles,” the IRS said in a statement. “During this filing season, taxpayers successfully and safely downloaded a total of approximately 23 million transcripts.” Continue reading →


23
Sep 11

Arrested LulzSec Suspect Pined for Job at DoD

A 23-year-old Arizona man arrested on Thursday in connection with the hack of Sony Pictures Entertainment last May was a model student who saw himself one day defending networks at the Department of Defense and the National Security Agency.

Wired.com’s Threat Level, the Associated Press, and other news outlets are reporting that Tempe, Ariz. based Cody Andrew Kretsinger is believed to be a member of the LulzSec group, an offshoot of the griefer collective Anonymous. According to the indictment against Kretsinger, he was involved in executing and later promoting the high-profile and costly attack on Sony’s networks. Sony estimates that the breaches would cost it more than $170 million this year.

UAT interview with Kretsinger

Kretsinger is a network security student at Tempe, Ariz. based University of Advancing Technology, according to Robert Wright, director of finance for UAT.  A cached page from UAT’s Web site shows that Kretsinger was named student of the month earlier this year. That page, which indicates Kretsinger was to graduate from the institution in the Fall semester of 2011, includes an interview with the suspected LulzSec member. In it, Kretsinger says he would like to work at the DoD after graduating.

Where do you want to work after graduation?

“I hope that I’ll be able to work for the Department of Defense. From what I hear, they’re pretty good at what I want to do.

Where do you see yourself in 5 years?

“Traveling, doing Network Security as a profession with the Department of Defense. While I wouldn’t mind being a penetration tester, I think it’s a lot more fun to try to build and secure a network and its devices from the ground up. I suppose I wouldn’t mind being in management, either.”

Continue reading →