Thursday, 24 January 2008

CIA claims utilities are extortion targets

Source: SANS NewsBites

The CIA claims that power generation facilities (outside the United Sates) have been the target of disruption and associated extortion demands via the Internet.

"We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

Wednesday, 23 January 2008

"Vishing" on the rise

Source: vnunet.com

The FBI is warning of an increase in the number of "vishing" attacks in which victims are directed to a phony telephone contact point rather than a phony website. Victims are sent SMS or email asking them to call the target bank to reactivate a credit or debit card.

Friday, 18 January 2008

Sophisticated Credit Card Fraud Syndicate

Source: DSLReports forum (via Sunbelt Blog)

A cybercrime researcher has written an extensive report on a sophisticated credit card fraud syndicate. The scam is complex, involving the creation of bogus online shop-fronts, the hiring of mules in the USA to set up companies and merchant accounts, and some means of obtaining credit card details so as to create large numbers of small fraudulent transactions. The researcher has been investigating this fraud and its increasing sophistication for some years, and it is still very much a going concern.

Wednesday, 16 January 2008

Sophisticated phishing malware: "Silentbanker"

Source: vnunet.com

Researchers have discovered a new strain of malware called "Silentbanker", specifically designed to compromise online banking facilities and able to extract user data from over four hundred banks worldwide. The software is also capable of altering transactions in progress between the bank and the compromised end user computer.

Saturday, 12 January 2008

Mysterious mass website compromise spreads malware

Source: The Register

A sophisticated mass-compromise of websites ("hundreds") is posing both a serious threat and an inscrutable puzzle at this time. Unlike other mass compromises, there is no recognisable common technology through which the sites may have been breached, and the associated hostile Javascript is stored on the site itself rather than at a third party site. The incident includes a sophisticated technique to make searching for compromised sites difficult. The associated malware installs a backdoor on vulnerable systems, and is quite stealthy about it.

Chip-and-PIN card vulnerability demonstrated

Source: ZDNet Australia

Security researchers from Cambridge University have demonstrated a "chess grandmaster attack" against chip-and-PIN cards. The cards can't be duplicated using any known technique, and are thus considered highly secure, but the payment system is still vulnerable to attack from a hostile or compromised card-reader terminal. Such an attack would take serious planning and execution on the part of criminals, putting it in the domain of serious organised crime rather than opportunistic theft.

Malware spread through mass SQL injection attack

Source: The Register

A massive number of websites ("tens of thousands") have fallen victim to an SQL injection attack. The affected websites were modified with links to a domain (uc8010 dot com) which contained a cocktail of browser and media player exploits (all known and patchable) and associated key-logging malware.

Barclays chairman becomes ID fraud victim

Source: vnunet.com

An ID fraudster persuaded a call-centre worker at Barclays Bank that he was Marcus Agius, the chairman of Barclays Bank, and acquired a "replacement" Barclaycard in his name. Using this card, the fraudster withdrew ten thousand pounds from a high street branch of the bank. The bank says that the breach happened because procedures were not followed fully, and has taken measures to prevent a repeat incident.

Thursday, 10 January 2008

Five years of botnets

Source: The Register

The Register has a short article on the SoBig malware, first distributed as a Trojan email attachment five years ago. Compromised computers became part of a botnet -- a novelty at the time, but now a staple of cybercrime.

Tuesday, 8 January 2008

Jeremy Clarkson provides object lesson in ID fraud

Source: BBC News

TV presenter Jeremy Clarkson (from "Top Gear") has discovered -- the hard way -- what a problem identity theft can be. In reaction to media fuss over the loss of discs containing a database of child benefits claimants in the UK, Clarkson said the fuss was for nothing, since the data would only allow deposits into the accounts. To prove his point, he published his own bank details in two newspapers, along with a hint as to how to find his home address. Subsequently, someone has used the information to transfer five hundred pounds out of his account to the charity Diabetes UK. Clarkson has now reversed his position on the seriousness of the data leak.

Saturday, 5 January 2008

Ralsky and others charged re stock scam spam

Source: US Department of Justice

Notorious spammer, Alan Ralsky, and ten others have been indicted on various charges relating to the alleged operation of a pump-and-dump stock spam scheme after a three year investigation by the FBI and other agencies. The operation involved the manipulation of the stock prices of thinly traded Chinese penny stocks, and certain Chinese companies to whom the stocks belonged were allegedly complicit in this activity.

Wednesday, 2 January 2008

EBay fights fraud in Romania

Source: Los Angeles Times

The LA Times has a modestly detailed article on how EBay is fignting cybercrime in Romania -- the largest source of fraudulent activity directed against their service. This effort involves actually working with authorities in Romaina, and the EBay agent is protected by U.S. Secret Service agents while operating in the country.