In October 2014, KrebsOnSecurity examined a novel “replay” attack that sought to exploit implementation weaknesses at U.S. financial institutions that were in the process of transitioning to more secure chip-based credit and debit cards
‘AntiDetect’ Helps Thieves Hide Digital Fingerprints
As a greater number of banks in the United States shift to issuing more secure credit and debit cards with embedded chip technology, fraudsters are going to direct more of their attacks against online merchants. No surprise, then, that thieves increasingly are turning to an emerging set of software tools to help them evade fraud detection schemes employed by many e-commerce companies
Hacked Hotel Phones Fueled Bank Phishing Scams
A recent phishing campaign targeting customers of several major U.S. banks was powered by text messages directing recipients to call hacked phone lines at Holiday Inn locations in the south
Lizard Stresser Runs on Hacked Home Routers
The online attack service launched late last year by the same criminals who knocked Sony and Microsoft ’s gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers, KrebsOnSecurity.com has discovered. Just days after the attacks on Sony and Microsoft , a group of young hoodlums calling themselves the Lizard Squad took responsibility for the attack and announced the whole thing was merely an elaborate commercial for their new “booter” or “stresser” site — a service designed to help paying customers knock virtually any site or person offline for hours or days at a time. As it turns out, that service draws on Internet bandwidth from hacked home Internet routers around the globe that are protected by little more than factory-default usernames and passwords
Treasury Dept: Tor a Big Source of Bank Fraud
A new report from the U.S. Treasury Department found that a majority of bank account takeovers by cyberthieves over the past decade might have been thwarted had affected institutions known to look for and block transactions coming through Tor , a global communications network that helps users maintain anonymity by obfuscating their true location online. The findings come in a non-public report obtained by KrebsOnSecurity that was produced by the Financial Crimes Enforcement Network (FinCEN), a Treasury Department bureau responsible for collecting and analyzing data about financial transactions to combat domestic and international money laundering, terrorist financing and other financial crimes.
Black Friday, Cyber Monday for Crooks, Too!
Underground cybercrime shops that sell credit and debit card accounts stolen from retailers are slashing prices and promoting their own Black Friday and Cyber Monday sales as fraudsters gear up for the busy holiday shopping season. Card data stolen from main street retailers, a.k.a.
‘Microsoft Partner’ Claims Fuel Support Scams
You can’t make this stuff up: A tech support company based in the United States that outsources its work to India says its brand is being unfairly maligned by — wait for it…..tech support scammers based in India.
Network Hijackers Exploit Technical Loophole
Spammers have been working methodically to hijack large chunks of Internet real estate by exploiting a technical and bureaucratic loophole in the way that various regions of the globe keep track of the world’s Internet address ranges. Last week, KrebsOnSecurity featured an in-depth piece about a well-known junk email artist who acknowledged sending from two Bulgarian hosting providers . These two providers had commandeered tens of thousands of Internet addresses from ISPs around the globe, including Brazil, China, India, Japan, Mexico, South Africa, Taiwan and Vietnam
Feds Arrest Alleged ‘Silk Road 2′ Admin, Seize Servers
Federal prosecutors in New York today announced the arrest and charging of a San Francisco man they say ran the online drug bazaar and black market known as Silk Road 2.0 . In conjunction with the arrest, U.S. and European authorities have jointly seized control over the servers that hosted Silk Road 2.0 marketplace.
‘Replay’ Attacks Spoof Chip Card Charges
An odd new pattern of credit card fraud emanating from Brazil and targeting U.S. financial institutions could spell costly trouble for banks that are just beginning to issue customers more secure chip-based credit and debit cards. Over the past week, at least three U.S.