Archive for the ‘Criminal Techniques’ Category

‘Patriot Act’ Phishing E-mails Resurface, FDIC Warns

January 13, 2011

‘Patriot Act’ Phishing E-mails Resurface, FDIC Warns: “Scammers are trying to steal banking information using fake e-mails that look like they’ve come from the U.S. Federal Deposit Insurance Corporation, the FDIC…

(Via PC World Latest Technology News.)

Advertisements

Cops Pull Plug on Rent-a-Fraudster Service for Bank Thieves

April 20, 2010

Cops Pull Plug on Rent-a-Fraudster Service for Bank Thieves: “

callservicebiz

Two Belarusian nationals suspected of operating a rent-a-fraudster service for bank and identity thieves have been arrested overseas, according to New York authorities, who unsealed an indictment for one of the suspects on Monday.

Dmitry Naskovets, 25, and Sergey Semashko, 25, are suspected of creating and operating CallService.biz, a Russian-language site for identity criminals who trafficked in stolen bank-account data and other information. The website displayed an FBI logo Monday and the message, ‘This domain has been seized by the Federal Bureau of Investigation.’

Naskovets has been charged in U.S. District Court for Southern New York with one count each of aggravated identity theft and conspiracy to commit wire fraud and credit card fraud. Semashko has been charged by Belarusian authorities.

Naskovets was arrested in the Czech Republic last Thursday, at the request of U.S. authorities who have filed for extradition. Semashko was arrested the same day in Belarus.

According to the indictment (.pdf), the two entrepreneurs launched the site in Lithuania in June 2007 and filled a much-needed niche in the criminal world — providing English- and German-speaking ‘stand-ins’ to help crooks thwart bank security screening measures.

In order to conduct certain transactions — such as initiating wire transfers, unblocking accounts or changing the contact information on an account — some financial institutions require the legitimate account holder to authorize the transaction by phone.

Thieves could provide the stolen account information and biographical information of the account holder to CallService.biz, along with instructions about what needed to be authorized. The biographical information sometimes included the account holder’s name, address, Social Security number, e-mail address and answers to security questions the financial institution might ask, such as the age of the victim’s father when the victim was born, the nickname of the victim’s oldest sibling or the city where the victim was married.

The thieves obtained the information through various means, such as phishing attacks and malware placed on victims’ computers to log their keystrokes.

CallService.biz would then have someone who matched the legitimate account holder’s gender and was proficient in the needed language, pose as the account holder and call the financial institution to authorize the fraudulent transaction.

One client, for example, requested assistance in July 2007 with illegally siphoning $35,000 from a checking account owned by someone in Westchester County, New York. The wire transfer occurred July 17.

The site boasted that its purveyors had served more than 2,000 criminal customers. Authorities wouldn’t say what fees the two allegedly charged or how much they earned from their scheme.

The two advertised their services on other carding sites, such as CardingWorld.cc, which was also operated by Semashko. The ads boasted that their team had conducted more than 5,400 ‘confirmation calls’ to banks.

The FBI seized the domain name pursuant to a seizure warrant.

Additional co-conspirators were also arrested overseas, though authorities didn’t indicate how many.

U.S. Attorney Preet Bharara said in a statement that the site ‘was especially dangerous because it allegedly was specifically designed to bypass the usual security measures that bank and business customers have come to rely on.’

The Department of Justice’s office of international affairs worked with the Belarusian Ministry of Internal Affairs’ high-tech–crime department, the Police Presidium of the Czech Republic and the Lithuanian Criminal Police Bureau Cybercrime Board to coordinate the investigations and arrests.

If convicted on all three counts, Naskovets faces a maximum sentence of 39½ years in prison.


(Via Wired: Threat Level.)

Report: Google Hackers Stole Source Code of Global Password System

April 20, 2010

Report: Google Hackers Stole Source Code of Global Password System: “

The hackers who breached Google’s network last year were able to nab the source code for the company’s global password system, according to the New York Times.

The Single Sign-On password system, which Google referred to internally as Gaia, allows users to log into a constellation of services the company offers — GMail, search, business applications and others — using one password.

The hackers, who are still unknown, were able to steal the code after gaining access to the company’s software repository, which stores the crown jewels for its search engine and other programs.

Because the hackers grabbed the software, and do not appear to have grabbed customer passwords, users aren’t directly affected by the theft. But the hackers could study the software for security vulnerabilities to devise ways to breach the system that could later affect users.

Google announced in January that it and numerous other companies had been hacked in a sophisticated attack. The hackers had targeted source code repositories at many of the companies, including Google.

According to the Times, the theft began when an instant message was sent to a Google employee in China who was using Windows Messenger  The message included a link to a malicious website. Once the employee clicked on the link, the intruders were able to gain access to the employee’s computer and from there to computers used by software developers at Google’s headquarters in California.

The intruders seemed to know the names of the Gaia software developers, according to the Times. The intruders had access to an internal Google corporate directory known as Moma, which lists the work activities of every Google employee.

They initially tried to access the programmer’s work computers and ‘then used a set of sophisticated techniques to gain access to the repositories where the source code for the program was stored.’

The Times doesn’t elaborate on the set of sophisticated techniques the hackers used to access the source code, but in March, security firm McAfee released a white paper in relation to the Google hack that describes serious security vulnerabilities it found in softeware configuration management systems (SCMs) used by companies that were targeed in the hacks.

‘[The SCMs] were wide open,’ Dmitri Alperovitch, McAfee’s vice president for threat research told Threat Level at the time. ‘No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways — much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting.’

Many of the companies that were attacked used the same source-code management system made by Perforce, a California-based company, according to McAfee. The paper didn’t indicate, however, whether Google used Perforce or had another system in place with vulnerabilities.

According to McAfee’s earlier report, the malicious website the hackers used in the Google hack was hosted in Taiwan. Once the victim clicked on a link to the site, the site downloaded and executed a malicious JavaScript, with a zero-day exploit that attacked a vulnerability in the user’s Internet Explorer browser.

A binary disguised as a JPEG file then downloaded to the user’s system and opened a backdoor onto the computer and set up a connection to the attackers’ command-and-control servers, also hosted in Taiwan.

From that initial access point, the attackers obtained access to the source-code management system or burrowed deeper into the corporate network to gain a persistent hold.

According to the paper, the hackers were successful at accessing source code because many SCMs are not secured out of the box and do not maintain sufficient logs to help forensic investigators examining an attack.

‘Additionally, due to the open nature of most SCM systems today, much of the source code it is built to protect can be copied and managed on the endpoint developer system,’ the whie paper states. ‘It is quite common to have developers copy source code files to their local systems, edit them locally, and then check them back into the source code tree…. As a result, attackers often don’t even need to target and hack the backend SCM systems; they can simply target the individual developer systems to harvest large amounts of source code rather quickly.’

Alperovitch told Threat Level his company had seen no evidence to indicate that source code at any of the hacked companies had been altered.


(Via Wired: Threat Level.)

Open Source Keykeriki Captures Wireless Keyboard Traffic

April 1, 2010

Open Source Keykeriki Captures Wireless Keyboard Traffic: “Another interesting attack, rather than going after the PC/Server this one goes after the data sent by wireless devices such as the wireless keyboards sold by Microsoft. The neat thing is by using a replay attack you could also send rogue inputs to the device.
But then it serves Microsoft right for using XOR encryption for […]

Read the full post at darknet.org.uk

(Via Darknet – The Darkside.)

Gulf Times – Qatar’s top-selling English daily newspaper – Qatar

April 1, 2010

Gulf Times – Qatar’s top-selling English daily newspaper – Qatar: ”
Daily Newspaper published by Gulf Publishing & Printing Co. Doha, Qatar

Homepage \Qatar: Latest Update: Monday22/3/2010March, 2010, 01:08 AM Doha Time

Criminals are devising new threat paths, says IT expert
By Sarmad Qazi

Dr K Rama Subramaniam
Sophisticated cyber criminals are successfully finding new threat paths that are going undetected, a cyber criminologist said yesterday.
Dr K Rama Subramaniam, director at Valiant Technologies, India, and Baker Tilly MKM, Abu Dhabi, who is a visiting professor of Cyber Criminology at the University of Madras, further said that cyber crime was no longer about fun.
‘The players now include terrorists, white collar crimin”

(Via .)

Malware delivered by Yahoo, Fox, Google ads | InSecurity Complex – CNET News

March 23, 2010

Malware delivered by Yahoo, Fox, Google ads | InSecurity Complex – CNET News: ”

Home News InSecurity Complex
InSecurity Complex
March 22, 2010 12:57 PM PDT
Malware delivered by Yahoo, Fox, Google ads
by Elinor Mills
Font size
Print
E-mail
Share
36 comments

Share
168

These charts show incidences of malware distributed by a number of ad delivery platforms over a six-day period last month that were detected by Avast. Yahoo and Fox have the highest counts.
(Credit: Avast)
Malware that exploits holes in popular applications is being delivered by big ad delivery platforms including those run by Yahoo, Fox, and Google, according to Prague-based antivirus firm Avast.
Viruses and other malware were found to be lurking in ads last year on high-profile sites like The New York Times and conservative news aggregator Drudge Report.com, and this year on Drudge, TechCrunch and WhitePage”

(Via .)

Police Find Skimming Devices Inside Pumps at 180 Gas Stations in Utah

March 23, 2010

Police Find Skimming Devices Inside Pumps at 180 Gas Stations in Utah: “This is news regardless of where you live. Why? The use of skimming devices by identity criminals is not limited to Utah. ABC 4 television news reported: ‘Utah police investigators said crooks have installed electronic ‘skimming’ devices at 180 gas stations from Salt Lake to Provo in an attempt to…

(Via I’ve Been Mugged.)

Cybercrime losses almost double

March 23, 2010

Cybercrime losses almost double: “

FBI figures show huge rise in online miscreantage

US net crime loss complaints almost doubled in value from $265m in 2008 to reach $560m last year, according to official figures.…

(Via The Register – Security.)

Exploit code with DNS tunnel

March 23, 2010

Exploit code with DNS tunnel: “A hacker has written exploit code which can tunnel a shell connection through firewalls via DNS

(Via The H Security.)

Malicious Spam Jumps to 3 Billion Messages Per Day

February 16, 2010

Malicious Spam Jumps to 3 Billion Messages Per Day: “

Last year was an interesting year in the security industry in a number of ways, but perhaps none more so than the monstrous increase in the volume of malicious spam. In the second half of 2009, the number of spam messages sent per day skyrocketed from 600 million to three billion, according to new research.

Shorten URL: http://threatpost.com/en_us/3v4. Click to copy to clipboard or post to Twitter

ZeroClipboard.setMoviePath( ‘http://threatpost.com/sites/all/modules/threatpost_tweaks/ZeroClipboard.swf’ );
var clip = new ZeroClipboard.Client();
clip.setHandCursor( true );
clip.setText(‘http://threatpost.com/en_us/3v4’);
clip.glue( ‘short_url_link’ , ‘short_url_cont’ );

(Via threatpost – The First Stop for Security News.)