Category: General

Don’t Be Fodder for China’s ‘Great Cannon’

China has been actively diverting unencrypted Web traffic destined for its top online search service — Baidu.com — so that some visitors from outside of the country were unwittingly enlisted in a novel and unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools, according to research released this week.

Hacking ATMs, Literally

Most of the ATM skimming attacks written about on this blog conclude with security personnel intervening before the thieves manage to recover their skimmers along with the stolen card data and PINs. However, an increasingly common form of ATM fraud — physical destruction — costs banks plenty, even when crooks walk away with nothing but bruised egos and sore limbs

Sign Up at irs.gov Before Crooks Do It For You

If you’re an American and haven’t yet created an account at irs.gov , you may want to take care of that before tax fraudsters create an account  in your name and steal your personal and tax data in the process. Recently, KrebsOnSecurity heard from Michael Kasper , a 35-year-old reader who tried to obtain a copy of his most recent tax transcript with the Internal Revenue Service (IRS).

Who Is the Antidetect Author?

Earlier this month I wrote about Antidetect , a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video  for Antidetect showing the software being used to buy products online with stolen credit cards.

Tax Fraud Advice, Straight from the Scammers

Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires.

Kreditech Investigates Insider Breach

Kreditech , a consumer finance startup that specializes in lending to “unbanked” consumers with little or no credit rating, is investigating a data breach that came to light after malicious hackers posted thousands of applicants’ personal and financial records online. A screen shot of the Tor site that links to the documents stolen from Kreditech. Earlier this month, a source pointed KrebsOnSecurity to a Web site reachable only via Tor , a software package that directs Internet traffic through a free, global network of relays

Convicted Tax Fraudster & Fugitive Caught

Lance Ealy, an Ohio man who fled home confinement last year just prior to his conviction on charges of filing phony tax refund requests on more than 150 Americans, was apprehended in a pre-dawn raid by federal marshals in Atlanta on Wednesday. Lance Ealy, in self-portrait he uploaded to twitter before absconding. Ealy, 28, of Dayton, Ohio, was the subject of no fewer than three previous posts on this blog .

OpenSSL Patch to Plug Severe Security Holes

The world is about to get another reminder about just how much of the Internet runs on technology maintained by a handful of coders working on a shoestring budget. OpenSSL — the software used by thousands of companies to encrypt online communications — is set to get a security makeover this week: The OpenSSL Software Foundation   said it plans to release new versions of its code to fix a number of security weaknesses, including some classified as “high” severity. OpenSSL is deployed at countless organizations, including at Web giants like Facebook, Google and Yahoo — as well as broadly across U.S