Exploit This

Security News, Exploits, and Vulnerabilities.

Drug Charges Tripped Up Suspects In First Known ATM “Jackpotting” Attacks in the US

On Jan. 27, 2018, KrebsOnSecurity published what this author thought a scoop about the first known incidence of U.S. ATMs being hit with “jackpotting” attacks, a crime in which thieves deploy malware that forces cash machines to spit out money like a loose Las Vegas slot machine. As it happens, the first known jackpotting attacks in the United States were reported in November 2017 by local media on the west coast, although the reporters in those cases seem to have completely buried the lede.

Expert: IoT Botnets the Work of a ‘Vast Minority’

In December 2017, the U.S. Department of Justice announced indictments and guilty pleas by three men in the United States responsible for creating and using Mirai, a malware strain that enslaves poorly-secured “Internet of Things” or IoT devices like security cameras and digital video recorders for use in large-scale cyberattacks.

The FBI and the DOJ had help in their investigation from many security experts, but this post focuses on one expert whose research into the Dark Web and its various malefactors was especially useful in that case. Allison Nixon is director of security research at Flashpoint, a cyber intelligence firm based in New York City. Nixon spoke with KrebsOnSecurity at length about her perspectives on IoT security and the vital role of law enforcement in this fight.

Canadian Police Charge Operator of Hacked Password Service Leakedsource.com

Canadian authorities have arrested and charged a 27-year-old Ontario man for allegedly selling billions of stolen passwords online through the now-defunct service Leakedsource.com.

Hack of Attack-for-Hire Service vDOS Snares New Mexico Man

A New Mexico man is facing federal hacking charges for allegedly using the now defunct attack-for-hire service vDOS to launch damaging digital assaults aimed at knocking his former employer’s Web site offline. Prosecutors were able to bring the case in part because vDOS got massively hacked last year, and its customer database of payments and targets leaked to this author and to the FBI.

Who Is Marcus Hutchins?

In early August 2017, FBI agents in Las Vegas arrested 23-year-old U.K. resident Marcus Hutchins on suspicion of authoring and/or selling “Kronos,” a strain of malware designed to steal online banking credentials. Hutchins was virtually unknown to most in the security community until May 2017, when a British newspaper revealed him as the “accidental hero” who inadvertently halted the global spread of WannaCry, a ransomware contagion that had taken the world by storm just days before.

Relatively few knew it before his arrest, but Hutchins for many years authored the popular cybersecurity blog MalwareTech. When this fact became more widely known — combined with his hero status for halting Wannacry — a great many MalwareTech readers quickly leapt to his defense to denounce his arrest. They reasoned that the government was overstepping on flimsy evidence, noting that Hutchins has worked tirelessly to expose cybercriminals and their malicious tools. To date, some 226 supporters have donated more than $14,000 to his defense fund.

At first, I did not believe the charges against Hutchins would hold up under scrutiny. But as I began to dig deeper into the history tied to dozens of hacker forum pseudonyms, email addresses and domains he apparently used over the past decade, a very different picture began to emerge.

In this post, I will attempt to describe and illustrate more than three weeks’ worth of connecting the dots from what appear to be Hutchins’ earliest hacker forum accounts to his real-life identity. The clues suggest that Hutchins began developing and selling malware in his mid-teens — only to later develop a change of heart and earnestly endeavor to leave that part of his life squarely in the rearview mirror.

How a Citadel Trojan Developer Got Busted

A U.S. District Court judge in Atlanta last week handed a five year prison sentence to Mark Vartanyan, a Russian hacker who helped develop and sell the once infamous and widespread Citadel banking trojan. This fact has been reported by countless media outlets, but far less well known is the fascinating backstory about how Vartanyan got caught.

Who Ran Leakedsource.com?

Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn, Myspace, and Yahoo.

In a development that may turn out to be deeply ironic, it seems that the real-life identity of Leakedsource’s principal owner may have been exposed by many of the same stolen databases he’s been peddling.

‘Top 10 Spammer’ Indicted for Wire Fraud

Michael A. Persaud, a California man profiled in a Nov. 2014 KrebsOnSecurity story about a junk email purveyor tagged as one of the World’s Top 10 Worst Spammers, was indicted this week on federal wire fraud charges tied to an alleged spamming operation.

IRS: Scam Blends CEO Fraud, W-2 Phishing

Most regular readers here are familiar with CEO fraud — e-mail scams in which the attacker spoofs the boss and tricks an employee at the organization into wiring funds to the fraudster. Loyal readers also have heard an earful about W-2 phishing, in which crooks impersonate the boss and request a copy of all employee tax forms. According to a new “urgent alert” issued by the U.S. Internal Revenue Service, scammers are now combining both schemes and targeting a far broader range of organizations than ever before.

A Shakeup in Russia’s Top Cybercrime Unit

A chief criticism I heard from readers of my book, Spam Nation: The Inside Story of Organized Cybercrime, was that it dealt primarily with petty crooks involved in petty crimes, while ignoring more substantive security issues like government surveillance and cyber war. But now it appears that the chief antagonist of Spam Nation is at the dead center of an international scandal involving the hacking of U.S. state electoral boards in Arizona and Illinois, the sacking of Russia’s top cybercrime investigators, and the slow but steady leak of unflattering data on some of Russia’s most powerful politicians.

%d bloggers like this: