Exploit This

Security News, Exploits, and Vulnerabilities.

Who Is Marcus Hutchins?

In early August 2017, FBI agents in Las Vegas arrested 23-year-old U.K. resident Marcus Hutchins on suspicion of authoring and/or selling “Kronos,” a strain of malware designed to steal online banking credentials. Hutchins was virtually unknown to most in the security community until May 2017, when a British newspaper revealed him as the “accidental hero” who inadvertently halted the global spread of WannaCry, a ransomware contagion that had taken the world by storm just days before.

Relatively few knew it before his arrest, but Hutchins for many years authored the popular cybersecurity blog MalwareTech. When this fact became more widely known — combined with his hero status for halting Wannacry — a great many MalwareTech readers quickly leapt to his defense to denounce his arrest. They reasoned that the government was overstepping on flimsy evidence, noting that Hutchins has worked tirelessly to expose cybercriminals and their malicious tools. To date, some 226 supporters have donated more than $14,000 to his defense fund.

At first, I did not believe the charges against Hutchins would hold up under scrutiny. But as I began to dig deeper into the history tied to dozens of hacker forum pseudonyms, email addresses and domains he apparently used over the past decade, a very different picture began to emerge.

In this post, I will attempt to describe and illustrate more than three weeks’ worth of connecting the dots from what appear to be Hutchins’ earliest hacker forum accounts to his real-life identity. The clues suggest that Hutchins began developing and selling malware in his mid-teens — only to later develop a change of heart and earnestly endeavor to leave that part of his life squarely in the rearview mirror.

How a Citadel Trojan Developer Got Busted

A U.S. District Court judge in Atlanta last week handed a five year prison sentence to Mark Vartanyan, a Russian hacker who helped develop and sell the once infamous and widespread Citadel banking trojan. This fact has been reported by countless media outlets, but far less well known is the fascinating backstory about how Vartanyan got caught.

Who Ran Leakedsource.com?

Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn, Myspace, and Yahoo.

In a development that may turn out to be deeply ironic, it seems that the real-life identity of Leakedsource’s principal owner may have been exposed by many of the same stolen databases he’s been peddling.

‘Top 10 Spammer’ Indicted for Wire Fraud

Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email purveyor tagged as one of the World’s Top 10 Worst Spammers, was indicted this week on federal wire fraud charges tied to an alleged spamming operation.

IRS: Scam Blends CEO Fraud, W-2 Phishing

Most regular readers here are familiar with CEO fraud — e-mail scams in which the attacker spoofs the boss and tricks an employee at the organization into wiring funds to the fraudster. Loyal readers also have heard an earful about W-2 phishing, in which crooks impersonate the boss and request a copy of all employee tax forms. According to a new “urgent alert” issued by the U.S. Internal Revenue Service, scammers are now combining both schemes and targeting a far broader range of organizations than ever before.

A Shakeup in Russia’s Top Cybercrime Unit

A chief criticism I heard from readers of my book, Spam Nation: The Inside Story of Organized Cybercrime, was that it dealt primarily with petty crooks involved in petty crimes, while ignoring more substantive security issues like government surveillance and cyber war. But now it appears that the chief antagonist of Spam Nation is at the dead center of an international scandal involving the hacking of U.S. state electoral boards in Arizona and Illinois, the sacking of Russia’s top cybercrime investigators, and the slow but steady leak of unflattering data on some of Russia’s most powerful politicians.

DNI: Putin Led Cyber, Propaganda Effort to Elect Trump, Denigrate Clinton

Russian President Vladimir Putin directed a massive propaganda and cyber attack operation aimed at discrediting Hillary Clinton and getting Donald Trump elected, the top U.S. intelligence agencies said in a remarkable yet unshocking report released on Friday.

‘Operation Tarpit’ Targets Customers of Online Attack-for-Hire Services

Federal investigators in the United States and Europe last week arrested nearly three-dozen people suspected of patronizing so-called “booter” services that can be hired to knock targeted Web sites offline. The global crackdown is part of an effort by authorities to weaken demand for these services by impressing upon customers that hiring someone to launch cyberattacks on your behalf can land you in jail.

‘Avalanche’ Global Fraud Ring Dismantled

In what’s being billed as an unprecedented global law enforcement response to cybercrime, federal investigators in the United States, United Kingdom and Europe today say they’ve dismantled a sprawling cybercrime machine known as “Avalanche” — a distributed, cloud-hosting network that for the past seven years has been rented out to fraudsters for use in launching countless malware and phishing attacks.

Hackforums Shutters Booter Service Bazaar

Perhaps the most bustling marketplace on the Internet where people can compare and purchase so-called “booter” and “stresser” subscriptions — attack-for-hire services designed to knock Web sites offline — announced last week that it has permanently banned the sale and advertising of these services.

%d bloggers like this: