President Obama on Monday outlined a proposal that would require companies to inform their customers of a data breach within 30 days of discovering their information has been hacked. But depending on what is put in and left out of any implementing legislation, the effort could well could lead to more voluminous but less useful disclosure
Lizard Stresser Runs on Hacked Home Routers
The online attack service launched late last year by the same criminals who knocked Sony and Microsoft ’s gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers, KrebsOnSecurity.com has discovered. Just days after the attacks on Sony and Microsoft , a group of young hoodlums calling themselves the Lizard Squad took responsibility for the attack and announced the whole thing was merely an elaborate commercial for their new “booter” or “stresser” site — a service designed to help paying customers knock virtually any site or person offline for hours or days at a time. As it turns out, that service draws on Internet bandwidth from hacked home Internet routers around the globe that are protected by little more than factory-default usernames and passwords
Thieves Jackpot ATMs With ‘Black Box’ Attack
Previous stories on KrebsOnSecurity about ATM skimming attacks have focused on innovative fraud devices made to attach to the outside of compromised ATMs. Security experts are now warning about the emergence of a new class of skimming scams aimed at draining ATM cash deposits via a novel and complex attack. The attackers responsible for this “black box” ATM hack relied on a mobile device and a USB-based circuit board.
Banks: Card Breach at Some Chick-fil-A’s
Sources at several U.S.
Target Hackers Hit OneStopParking.com
Parking services have taken a beating this year at the hands of hackers bent on stealing credit and debit card data. This week’s victim — onestopparking.com — comes compliments of the same organized crime gang thought to be responsible for stealing tens of millions of card numbers from shoppers at Target and Home Depot . Late last week, the cybercrime shop best known for being the first to sell cards stolen in the Target and Home Depot breach moved a new batch of cards taken from an unknown online merchant.
Happy 5th Birthday, KrebsOnSecurity!
It’s hard to believe, but KrebsOnSecurity turns five years old today! How time flies! Probably the most rewarding part about being an independent reporter (for my part, anyway) is watching your readership grow and mature into a community that not only adds perspective and balance but also helps educate other readers. I’m very proud of the community that’s sprung up around this site, and I’m extremely grateful for all of the support and encouragement from you, Dear Reader. A few dozen readers have sent PayPal or Bitcoin donations, but most have supported this site with their time, expertise and tips (keep those coming, please).
Cowards Attack Sony PlayStation, Microsoft xBox Networks
A gaggle of young misfits that has long tried to silence this Web site now is taking credit for preventing millions of users from playing Sony Playstation and Microsoft Xbox Live games this holiday season. The group, which calls itself LizardSquad , started attacking the gaming networks on or around Christmas Day.
Payday Loan Network Sold Info to Scammers
The Federal Trade Commission announced this week it is suing a consumer data broker that sold payday loan application data to scammers who used the information to pull money out of consumer bank accounts. The scam brings to mind an underground identity theft service I wrote about in 2012 that was gathering its data from a network of payday loan sites.
Alleged Counterfeiter “Willy Clock” Arrested
In September 2014, I wrote about receiving a package of $500 in counterfeit U.S.
Gang Hacked ATMs from Inside Banks
An organized gang of hackers from Russia and Ukraine has broken into internal networks at dozens of financial institutions and installed malicious software that allowed the gang to drain bank ATMs of cash. While none of the victim institutions were in the United States or Western Europe, experts say the stealthy methods used by the attackers in these heists would likely work across a broad range of western banks.