China has been actively diverting unencrypted Web traffic destined for its top online search service — Baidu.com — so that some visitors from outside of the country were unwittingly enlisted in a novel and unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools, according to research released this week.
FBI Warns of Fake Govt Sites, ISIS Defacements
The Federal Bureau of Investigation (FBI) is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams (ISIS) are mass-defacing Websites using known vulnerabilities in WordPress .
Hacking ATMs, Literally
Most of the ATM skimming attacks written about on this blog conclude with security personnel intervening before the thieves manage to recover their skimmers along with the stolen card data and PINs. However, an increasingly common form of ATM fraud — physical destruction — costs banks plenty, even when crooks walk away with nothing but bruised egos and sore limbs
‘Revolution’ Crimeware & EMV Replay Attacks
In October 2014, KrebsOnSecurity examined a novel “replay” attack that sought to exploit implementation weaknesses at U.S. financial institutions that were in the process of transitioning to more secure chip-based credit and debit cards
Sign Up at irs.gov Before Crooks Do It For You
If you’re an American and haven’t yet created an account at irs.gov , you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Recently, KrebsOnSecurity heard from Michael Kasper , a 35-year-old reader who tried to obtain a copy of his most recent tax transcript with the Internal Revenue Service (IRS).
Who Is the Antidetect Author?
Earlier this month I wrote about Antidetect , a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video for Antidetect showing the software being used to buy products online with stolen credit cards.
Tax Fraud Advice, Straight from the Scammers
Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires.
Kreditech Investigates Insider Breach
Kreditech , a consumer finance startup that specializes in lending to “unbanked” consumers with little or no credit rating, is investigating a data breach that came to light after malicious hackers posted thousands of applicants’ personal and financial records online. A screen shot of the Tor site that links to the documents stolen from Kreditech. Earlier this month, a source pointed KrebsOnSecurity to a Web site reachable only via Tor , a software package that directs Internet traffic through a free, global network of relays
Convicted Tax Fraudster & Fugitive Caught
Lance Ealy, an Ohio man who fled home confinement last year just prior to his conviction on charges of filing phony tax refund requests on more than 150 Americans, was apprehended in a pre-dawn raid by federal marshals in Atlanta on Wednesday. Lance Ealy, in self-portrait he uploaded to twitter before absconding. Ealy, 28, of Dayton, Ohio, was the subject of no fewer than three previous posts on this blog .
OpenSSL Patch to Plug Severe Security Holes
The world is about to get another reminder about just how much of the Internet runs on technology maintained by a handful of coders working on a shoestring budget. OpenSSL — the software used by thousands of companies to encrypt online communications — is set to get a security makeover this week: The OpenSSL Software Foundation said it plans to release new versions of its code to fix a number of security weaknesses, including some classified as “high” severity. OpenSSL is deployed at countless organizations, including at Web giants like Facebook, Google and Yahoo — as well as broadly across U.S