Turning Hot Credit Cards into Hot Stuff

Would that all cybercriminal operations presented such a tidy spreadsheet of the victim and perpetrator data as comprehensively as profsoyuz.biz, one of the longest-running criminal reshipping programs on the Internet. Launched in 2006 under a slightly different domain name, profsoyuz.biz is marketed on invite-only forums to help credit card thieves “cash out” compromised credit and … Читать далее

Chasing APT: Persistence Pays Off

The IT director for an international hedge fund received the bad news in a phone call from a stranger: Chinese hackers were running amok on the fund’s network. Not seeing evidence of the claimed intrusion, and unsure about the credibility of the caller, the IT director fired off an email to a reporter. “So do … Читать далее

Who Else Was Hit by the RSA Attackers?

The data breach disclosed in March by security firm RSA received worldwide attention because it highlighted the challenges that organizations face in detecting and blocking intrusions from targeted cyber attacks. The subtext of the story was that if this could happen to one of the largest and most integral security firms, what hope was there … Читать далее

How Much is That Phished PayPal Account?

Compromised PayPal accounts are a valuable commodity in the criminal underground, and crooks frequently trade them in shadowy online forums. But it wasn’t until recently that I finally encountered a proper Web site dedicated to selling hacked PayPal accounts. Compromised PayPal accounts for sale at iProfit.su Many of the PayPal accounts for sale at iProfit.su … Читать далее

Critical Java Update Fixes 20 Flaws

Oracle Corp. released a critical update to plug at least 20 security holes in versions of its ubiquitous Java software. Nearly all of the Java vulnerabilities can be exploited remotely to compromise vulnerable systems with little or no help from users. If you use Java, take some time to update the program now. According to … Читать далее

Software Pirate Cracks Cybercriminal Wares

Make enough friends in the Internet security community and it becomes clear that many of the folks involved in defending computers and networks against malicious hackers got started in security by engaging in online illegal activity of one sort or another. These gradual mindset shifts are sometimes motivated by ethical, karmic or personal safety reasons, … Читать далее

ATM Skimmer Powered by MP3 Player

Almost a year ago, I wrote about ATM skimmers made of parts from old MP3 players. Since then, I’ve noticed quite a few more ads for these MP3-powered skimmers in the criminal underground, perhaps because audio skimmers allow fraudsters to sell lucrative service contracts along with their theft devices. Using audio to capture credit and … Читать далее

Shady Reshipping Centers Exposed, Part I

Last week, authorities in New York indicted more than 100 people suspected of being part of a crime ring that used forged credit cards to buy and resell an estimated $13 million worth of Apple products and other electronics overseas. In this post, I offer readers a behind-the-scenes look at a somewhat smaller but similar … Читать далее

Identity Theft More Profitable Than Car Theft

Buying a car or making any other expensive purchase can be a hassle. And when it’s necessary to finance a purchase, there’s one more hurdle. If you want merchant financing, you’ll often be required to fill out a credit application or, at the least, to provide information like a credit card or your Social Security … Читать далее

ZeuS Trojan Gang Faces Justice

Authorities in the United Kingdom have convicted the 13th and final defendant from a group arrested last year and accused of running an international cybercrime syndicate that laundered millions of dollars stolen from consumers and businesses with the help of the help of the ZeuS banking Trojan. The news comes days after U.S. authorities announced … Читать далее