Security News

February 1, 2024

Arrests in $400M SIM-Swap Tied to Heist at FTX?

This post was originally published on this siteThree Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just filed for bankruptcy on that same day. A graphic illustrating the flow of more than $400 million in cryptocurrencies stolen from FTX on Nov. 11-12, 2022. Image: Elliptic.co. An indictment unsealed this week and first reported on by Ars Technica alleges that Chicago man Robert Powell, a.k.a. […]
January 30, 2024

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

This post was originally published on this siteOn Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022. A graphic depicting how 0ktapus leveraged one victim to attack another. Image credit: Amitai Cohen of Wiz. Prosecutors say Noah Michael Urban of Palm Coast, Fla., stole at least $800,000 […]
January 26, 2024

Who is Alleged Medibank Hacker Aleksandr Ermakov?

This post was originally published on this siteAuthorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia’s most destructive ransomware groups, but little more is shared about the accused. Here’s a closer look at the activities of Mr. Ermakov’s alleged hacker handles. Aleksandr Ermakov, 33, of Russia. Image: Australian Department of Foreign Affairs and Trade. The allegations against Ermakov […]
January 25, 2024

Using Google Search to Find Software Can Be Risky

This post was originally published on this siteGoogle continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair. Google says keeping users safe is a top priority, and that the company has a team of thousands working around the clock to create and enforce their abuse policies. And by most accounts, the threat from bad ads […]
January 19, 2024

Canadian Man Stuck in Triangle of E-Commerce Fraud

This post was originally published on this siteA Canadian man who says he’s been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name. His case appears to involve “triangulation fraud,” which occurs when a consumer purchases something online — from a seller on Amazon or eBay, for example — but the seller doesn’t actually own the item for sale. Instead, the seller purchases the item from an online retailer using stolen payment card data. In this scam, the unwitting buyer pays the scammer and receives what they ordered, and very often the only party left […]
January 17, 2024

E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop

This post was originally published on this siteThe rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as “Internet Swiping” and “Million Dollar Criminal” earning millions of views, Punchmade has leveraged his considerable following to peddle tutorials on how to commit financial crimes online. But until recently, there wasn’t much to support a conclusion that Punchmade was actually doing the cybercrime things he promotes in his songs. Images from Punchmade Dev’s Twitter/X account show him displaying bags of cash and wearing a functional […]
January 10, 2024

Here’s Some Bitcoin: Oh, and You’ve Been Served!

This post was originally published on this siteA California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant. Experts say the development could make it easier for victims of crypto heists to recover stolen funds through the […]
January 8, 2024

Meet Ika & Sal: The Bulletproof Hosting Duo from Hell

This post was originally published on this siteIn 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran the world’s top spam forum and worked closely with Russia’s most dangerous cybercriminals. From January 2005 to April 2013, there were two primary administrators of the cybercrime forum Spamdot (a.k.a Spamit), an invite-only community for Russian-speaking people in […]
December 29, 2023

Happy 14th Birthday, KrebsOnSecurity!

This post was originally published on this siteKrebsOnSecurity celebrates its 14th year of existence today! I promised myself this post wouldn’t devolve into yet another Cybersecurity Year in Review. Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. But I do want to thank you all for your continued readership, encouragement and support, without which I could not do what I do. As of this birthday, I’ve officially been an independent investigative journalist for longer than I was a reporter for The Washington Post (1995-2009). Of course, not if you count the many […]
December 19, 2023

BlackCat Ransomware Raises Ante After FBI Disruption

This post was originally published on this siteThe U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who continue to work with the crime group, and open season on everything from hospitals to nuclear power plants. A slightly modified version […]
December 14, 2023

Ten Years Later, New Clues in the Target Breach

This post was originally published on this siteOn Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string “Rescator,” which also was the handle chosen by the cybercriminal who was selling all of the cards stolen from Target customers. Ten years later, KrebsOnSecurity has uncovered new clues about the real-life identity of Rescator. Rescator, advertising a new batch of cards stolen in a 2014 breach at P.F. Chang’s. […]
December 12, 2023

Microsoft Patch Tuesday, December 2023 Edition

This post was originally published on this siteThe final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete control over a vulnerable Windows device with little or no help from users. Among the critical bugs quashed this month […]
December 6, 2023

ICANN Launches Service to Help With WHOIS Lookups

This post was originally published on this siteMore than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars. In May 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) — the nonprofit entity that manages the global domain name system — instructed all registrars to redact the customer’s name, address, phone number and email from WHOIS, the system for querying databases […]
November 29, 2023

Okta: Breach Affected All Customer Support Users

This post was originally published on this siteWhen KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users. Okta acknowledged last month that for several weeks beginning in late September 2023, intruders had access to its customer support case management system. That access […]
November 28, 2023

ID Theft Service Resold Access to USInfoSearch Data

This post was originally published on this siteOne of the cybercrime underground’s more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least February 2023, a service advertised on Telegram called USiSLookups has operated an automated bot that allows anyone to look up the SSN or background report on virtually any American. For prices ranging from $8 to $40 and payable via virtual currency, the bot will return detailed consumer background reports automatically in just a few moments. USiSLookups is […]
November 16, 2023

Alleged Extortioner of Psychotherapy Patients Faces Trial

This post was originally published on this siteProsecutors in Finland this week commenced their criminal trial against Julius Kivimäki, a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice and thousands of its patients. In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calling in bomb threats. In November 2022, Kivimäki was charged with attempting to extort money from the Vastaamo Psychotherapy Center. In […]
November 14, 2023

Microsoft Patch Tuesday, November 2023 Edition

This post was originally published on this siteMicrosoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month include CVE-2023-36025, a weakness that allows malicious content to bypass the Windows SmartScreen Security feature. SmartScreen is a built-in Windows component that tries to detect and block malicious websites and files. Microsoft’s security advisory for this flaw says attackers could exploit it by getting a Windows user to click on a […]
November 11, 2023

It’s Still Easy for Anyone to Become You at Experian

This post was originally published on this siteIn the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account. Entering my SSN and birthday at Experian showed my identity was tied to an email address I did not authorize. […]
November 6, 2023

Who’s Behind the SWAT USA Reshipping Service?

This post was originally published on this siteLast week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity of “Fearless,” the nickname chosen by the proprietor of the SWAT USA Drops service. Based in Russia, SWAT USA recruits people in the United States to reship packages containing pricey electronics that are purchased with stolen credit cards. As detailed in this Nov. 2 story, SWAT currently employs more than 1,200 U.S. residents, all […]
November 2, 2023

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

This post was originally published on this site The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service, which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards. Among the most common ways that thieves extract cash from stolen credit card accounts is through purchasing pricey consumer goods online and […]
October 31, 2023

.US Harbors Prolific Malicious Link Shortening Service

This post was originally published on this siteThe top-level domain for the United States — .US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .US domains as among the most prevalent in phishing attacks over the past year. Researchers at Infoblox say they’ve been tracking what appears to be a three-year-old link shortening service that is catering to phishers and malware purveyors. Infoblox found the domains involved are typically three to seven […]
October 23, 2023

NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison

This post was originally published on this siteA 22-year-old New Jersey man has been sentenced to more than 13 years in prison for participating in a firebombing and a shooting at homes in Pennsylvania last year. Patrick McGovern-Allen was the subject of a Sept. 4, 2022 story here about the emergence of “violence-as-a-service” offerings, where random people from the Internet hire themselves out to perform a variety of local, physical attacks, including firebombing a home, “bricking” windows, slashing tires, or performing a drive-by shooting at someone’s residence. McGovern-Allen, of Egg Harbor Township, N.J., was arrested Aug. 12, 2022 on an […]
October 20, 2023

Hackers Stole Access Tokens from Okta’s Support Unit

This post was originally published on this siteOkta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion. In an advisory sent to an undisclosed number of customers on Oct. 19, Okta said it “has identified adversarial activity that leveraged access to a […]
October 18, 2023

The Fake Browser Update Scam Gets a Makeover

This post was originally published on this siteOne of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain. In August 2023, security researcher Randy McEoin blogged about a scam he dubbed ClearFake, which uses hacked […]
October 17, 2023

Tech CEO Sentenced to 5 Years in IP Address Scheme

This post was originally published on this siteAmir Golestan, the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC, has been sentenced to five years in prison for wire fraud. Golestan’s sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean. Amir Golestan, the former CEO of Micfo. In 2018, ARIN sued Golestan and Micfo, alleging […]