Tuesday, 31 March 2009

Foreign Phisher Sentenced to 50 Months in U.S. Prison

Source: Threat Level from Wired.com

"The first foreigner convicted of phishing in the United States was sentenced to 50 months in federal prison Monday."

Monday, 30 March 2009

Vast Spy System Loots Computers in 103 Countries

Source: NYTimes.com

Researchers have obtained an inside look into a vast, strategic network of computers which have been compromised in targeted attacks (rather than the usual opportunistic attacks). The network consists of "at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York." The back doors in the computers are being controlled by computers based almost exclusively in China, leading to speculation that the Chinese government is behind the espionage.

Saturday, 28 March 2009

'Cybercrime exceeds drug trade' myth exploded

Source: The Register

Ed Amoroso, Senior Vice President and Chief Security Officer of AT&T, recently told a Congressional Committee that cybercrime was a trillion dollar a year business. This was supposed to be based on an FBI report, but the FBI has made no such claim. Instead, it seems to be more of an urban myth. This article attempts to put some perspective on the inflated claim, and find out how the myth got started.

Wednesday, 25 March 2009

'The Analyzer' Hack Probe Widens; $10 Million Allegedly Stolen From U.S. Banks

Source: Threat Level from Wired.com

Threat Level has an interesting article covering the cybercrime activities of Ehud Tenenbaum, also known as "The Analyzer", who was arrested in Canada last year for allegedly stealing about $1.5 million from Canadian banks. He also allegedly hacked two U.S. banks, a credit and debit card distribution company and a payment processor in what U.S. authorities are calling a global "cashout" conspiracy. The U.S. hacks have resulted in at least $10 million in losses, and are just part of a larger international conspiracy to hack financial institutions in the United States and abroad.

Tuesday, 24 March 2009

Web Fraud 2.0: Data Search Tools for ID Thieves

Source: Security Fix

"Cyber crooks are providing cheap, instant access to detailed consumer databases, offering identity thieves the ability to find missing data as they compile dossiers on targeted individuals." "It's unclear how these sites are obtaining this kind of information. It may be that they're relying on insiders at companies with access to this data. Alternatively, perhaps the services are making use of using stolen credentials needed to access sensitive online databases. More likely, it is a mixture of both."

Monday, 23 March 2009

Hacked page hauls estimated at $10,000 a day

Source: vnunet.com

Fake antivirus products continue to prove themselves the Next Big Thing in cybercrime. Security firm Finjan estimates that search engine gaming techniques on popular search terms can earn the perpetrators more than ten thousand US dollars per day in referral fees.

Saturday, 21 March 2009

Rogue Antivirus Distribution Network Dismantled

Source: Security Fix

Hot on the heels of a report on TrafficConverter2.biz by Security Fix earlier this week, the site has lost its ability to receive payments through Visa and MasterCard thanks to investigations being conducted by those companies. Traffic Converter is an affiliate program for the fake antivirus program AntiVirus2009 and others. These programs extort money out of those parties unfortunate enough to find them installed on their computer by throwing up increasingly alarming error messages, and requesting that the user pay for the "full version" of the software to fix the problem.

Costly Online Organ-Transplant Scam Results in Death, Arrest

Source: Threat Level from Wired.com

Advance fee fraud is nothing new, but this could well be a new low. The site liver4you.org sells organ transplants, or so it claims. A Canadian man paid $70,000 and was told he'd receive a liver transplant at a hospital in the Philippines. There was no liver, and no transplant, and the man died in the hospital where he thought his life would be saved. Jerome Feldman, age 67, has been arrested on charges of operating the scam.

Friday, 20 March 2009

Antivirus2009 Holds Victim's Documents for Ransom

Source: Security Fix

The fake anti-virus program Antivirus2009 is now using its deceptive error messages to frighten users into downloading a program called FileFixerPro, under the pretext that certain files in the "My Documents" folder are corrupt. Antivirus2009 actually encrypts the files in question, and FileFixerPro will decrypt them only after a $50 fee is paid. File encryption has been used in the past, attracting the name "ransomware", but this is perhaps the first time that the technique has been used stealthily in conjunction with "scareware" like Antivirus2009, as opposed to blatant blackmail.

2008 fraud figures announced by APACS

Source: APACS

The UK payments association, APACS, has announced UK fraud figures for 2008. "The two main areas of fraud were on transactions not protected by chip and PIN: specifically internet, phone and mail order fraud; and fraud abroad - committed by criminals using stolen UK card details in countries yet to upgrade to chip and PIN - which has nearly doubled in two years." "Online banking fraud losses totalled £52.5m in 2008 – a 132 per cent increase from 2007 losses. Although phishing incidents continue to increase, online banking customers are increasingly being targeted by malware..."

Friday, 13 March 2009

Hacking iTunes Gift Cards, and an iTunes Update

Source: Security Fix

There is some question as to whether the iTunes voucher code system has actually been broken (as reported recently). The basis for doubt is that the vouchers must be activated at the point of sale before they can be redeemed. Even so, the iTunes codes offered for sale are definitely working. One theory is that the codes are simply being purchased online using stolen credit card data, then on-sold.

Police in Romania detain 20 alleged hackers

Source: International Herald Tribune

Police in Romania on Wednesday detained 20 people on suspicion of phishing. The phishing incidents in question targeted victims in Italy and Spain.

Wednesday, 11 March 2009

The Chinese iTunes Gift Voucher Trick

Source: Outdustry

Hackers have cracked the iTunes gift voucher code and are selling the codes so generated to Chinese counterfeiters who then on-sell to the public. Current market rates result in $200 gift card codes being obtainable for around $2.60.

Thursday, 5 March 2009

German cops bust cybercrime forum

Source: The Register

"German police have arrested several members of a hacking forum linked to the distribution of Trojan horse software that infected 80,000 computers."