Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

November 14, 2018

A California man who pleaded guilty Tuesday to causing dozens of swatting attacks — including a deadly incident in Kansas last year — now faces 20 or more years in prison. Tyler Raj Barriss, in an undated selfie. Tyler Barriss, 25, went by the nickname SWAuTistic on Twitter, and reveled in perpetrating “swatting” attacks. These dangerous hoaxes involve making false claims to emergency responders about phony hostage situations or bomb…

Read More >>

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

November 13, 2018

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers. For nearly 10 years, Portland, Ore. resident Julie Randall posted pictures for…

Read More >>

Bug Bounty Hunter Ran ISP Doxing Service

November 9, 2018

A Connecticut man who’s earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned. In May 2018, ZDNet ran a story about the discovery of a glaring vulnerability in the Web site for wireless provider T-Mobile that let anyone look up customer home addresses…

Read More >>

Busting SIM Swappers and SIM Swap Myths

November 7, 2018

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims. Snippets from that fascinating conversation are recounted below,…

Read More >>

Who’s In Your Online Shopping Cart?

November 4, 2018

Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that was obvious even to the untrained eye. These days, a compromised e-commerce site is more likely to be seeded with a tiny snippet of code that invokes a hostile…

Read More >>

SMS Phishing + Cardless ATM = Profit

November 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works. A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones. But this also creates an avenue of fraud for bad guys, who can leverage phished or stolen…

Read More >>

Equifax Has Chosen Experian. Wait, What?

November 1, 2018

A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor — Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax…

Read More >>

Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks

October 26, 2018

The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University, his former alma mater. Paras Jha, in an undated photo from his former LinkedIn profile. Paras Jha, a 22-year-old computer whiz from Fanwood, N.J., was studying computer…

Read More >>

How Do You Fight a $12B Fraud Problem? One Scammer at a Time

October 25, 2018

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Combating such a multifarious menace can seem daunting, and it calls for concerted efforts to tackle the problem from many different angles. This post examines the work of a large, private group of volunteers dedicated to doing…

Read More >>

Who Is Agent Tesla?

October 22, 2018

A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malware’s apparent creator seems to have done little to hide his…

Read More >>