Friday, August 21, 2009

Capitalism: A Love Story

Via Crooks and Liars.

- ferg

Thursday, August 20, 2009

Eight Indicted For $22M Identity Theft Scam Against AT&T, T-Mobile

Tim Wilson writes on Dark Reading:

Eight defendants were arraigned in a Brooklyn court yesterday for allegedly using the stolen identities of AT&T, T-Mobile, and Asurion customers to steal some $22 million worth of wireless equipment and services.

An indictment was unsealed in Brooklyn federal court yesterday morning charging Courtney Beckford, Gabe Beizem, Rawl Davis, Lennox Lambert, Marsha Montayne, Saul Serrano, Ron Shealey, and Rohan Stewart, with conspiracy to commit mail fraud and wire fraud. Beizem, Montayne, and Stewart were also charged with wire fraud and aggravated identity theft.

According to the indictment, between February 2005 and July 2009, Beizem -- an owner of Got Wireless (aka USA Wireless), a former authorized AT&T and T-Mobile dealer that operated in Brooklyn -- obtained dealer access codes for AT&T's and T-Mobile's online customer databases. Stewart, the owner of KP Wireless -- an authorized T-Mobile wireless device dealer operating in West Palm Beach, Florida -- also obtained dealer access codes for T-Mobile's customer database.

Using these access codes, Beizem, Stewart, and Montayne, and others, allegedly obtained existing customer information from the customer databases, including customers' names, addresses, and personal identifying information, the indictment says. Montayne, and others, then fraudulently assumed the identities of existing customers and obtained new wireless devices without payment and without the customers' permission.

More here.

Bot-Brokering: It's All About Infecting, Selling Big Batches of Bots

Kelly Jackson Higgins writes on Dark Reading:

Researchers at Cisco recently got a rare glimpse of the inner workings of the botnet underworld after going undercover and meeting an actual botmaster online: the botmaster, who ran a botnet that had infected dozens of machines at a Cisco customer site, said his main job is to compromise a few thousand machines and then sell them off in bulk.

He told a Cisco researcher posing as a fellow botmaster that the market rate for a bot is between 10 cents to 25 cents per machine, and that he recently made $800 off of a sale of 10,000 bots.

But that rate is likely a moving target, says Joe Dallatore, senior manager in Cisco's security research and operations group. "At this point we have a snapshot [in time]" of the botnet market rate, Dallatore says. "There is an economy for these things, and it changes over time this is a form of commerce, with supply and demand."

And the botmaster isn't out to perform identity theft -- just bot-brokering. "He was not in the business of using information [on the bots]. Just in creating bots and selling them to someone else," Dallatore says.

More here.

Note: Cisco seems to be a bit late to the game -- this model of "pay-per-load" is quite well-known to most of the security research constituency, and has been around literally for years. -ferg

Mark Fiore: Rage-Ex

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

In Gonzalez Hacking Case, a High-Stakes Fight Over a Ukranian's Laptop

Kim Zetter writes on Threat Level:

When Turkish police arrested Maksym “Maksik” Yastremskiy — a Ukrainian wholesaler of stolen identity data — in July 2007, they didn’t just collar one of the most-wanted cybercriminals in the world. They also got a trove of evidence about Yastremskiy’s buyers and suppliers, all locked in an encrypted vault on his laptop computer.

Now federal prosecutors are hoping to introduce a copy of Yastremskiy’s files in its case against accused hacker Albert “Segvec” Gonzales. Chat logs and other information on the disk allegedly show that Gonzalez was Yastremskiy’s major supplier of credit and debit card numbers.

But Gonzalez’s attorney is fighting to keep the data, and similar information seized from a server in Latvia, far away from the New York court room where Gonzalez is scheduled to stand trial next month on the first of three federal indictments. The argument unfolding over the disks illustrates the challenges and controversies of using electronic evidence gathered in foreign jurisdictions, and sheds more light on the unusual methods used to investigate what authorities have called the largest identity theft case in U.S. history.

Gonzalez and his co-conspirators staged high-profile breaches at TJX, Heartland Payment Systems, Dave & Buster’s and other retailers and payment processors.

One notable revelation in the government’s own filings [.pdf] is that Yastremskiy’s arrest did not mark the first time the Secret Service gained access to his computer files. On June 14, 2006 the Secret Service worked with local authorities to conduct a “sneak-and-peek” search of Yastremskiy’s laptop while he was traveling through Dubai, in the United Arab Emirates. The agency secretly obtained a copy of the man’s hard drive in the search.

More here.

Stolen Credit Card Data Goes for Cheap on Cyber-Black Market

Brian Prince writes on eWeek:

The black market economy of the cyber-world is always busy, especially in an age of massive data breaches like the ones that occurred at Heartland Payment Systems and Hannaford Brothers.

According to research from Kaspersky Lab posted Aug. 17, U.S. credit cards are not worth as much as you might think. While analyzing malware, Kaspersky Lab virus analyst Dmitry Bestuzhev came across a Website with pricing information for the credit cards swiped by cyber-crooks. The highest prices belonged to German credit cards, which sold for $6 (USD) a piece. U.S. Visa cards sold for $2.

"It's certainly difficult to say how many sites like this there are now," Bestuzhev said. "I believe it's not very many because the bad guys don't need to largely market their business. Their customers know them already and if there is a new one, it is passed along by others. It's a kind of club where cyber-criminals 'know each other' in terms of online life."

They also provide customer service—there was technical support available in German and English.

More here.

Gonzalez's Lawyer to Contend He Was Not The Kingpin of Heartland, Hannaford Breaches

Jaikumar Vijayan writes in ComputerWorld:

The attorney for Albert Gonzalez, the man indicted Monday on charges related to the massive data thefts at Heartland Payment Systems and four other retailers, claims it was another member of Gonzalez's gang who was the real leader of the heists.

In an interview with the New York Times, Gonzalez's lawyer, Rene Palomino, said he was prepared to argue that the person who organized the break-ins at Heartland and elsewhere was really Damon Patrick Toey of Miami.

Palomino said Toey is the individual who was identified only as "P.T," an unindicted co-conspirator in Monday's indictment papers. Palomino also told the Times that one of the unnamed Russian conspirators mentioned in the indictment is an individual named Maksym Yastremskiy, who is currently serving a 30-year sentence in a Turkish prison.

Toey was one of 11 individuals, including Gonzalez, who were indicted last year on charges related to the data thefts at TJX Companies Inc., Dave & Busters, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.

More here.

How Hackers Snatch Real-Time Security ID Numbers

Saul Hansell writes on the New York Time's "Bits" Blog:

The world’s savviest hackers are on to the “real-time Web” and using it to devilish effect. The real-time Web is the fire hose of information coming from services like Twitter. The latest generation of Trojans — nasty little programs that hacking gangs use to burrow onto your computer — sends a Twitter-like stream of updates about everything you do back to their controllers, many of whom, researchers say, are in Eastern Europe. Trojans used to just accumulate secret diaries of your Web surfing and periodically sent the results on to the hacker.

The security world first spotted these new attacks last year. I ran into it again while reporting an article in Thursday’s Times about a lawsuit meant to help track down the perpetrators of these attacks.

By going real time, hackers now can get around some of the roadblocks that companies have put in their way. Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA’s SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula.

More here.

Wednesday, August 19, 2009

Gonzalez Lived Large in Miami

Albert Gonzales

An AP newswire article by Tamara Lush, via, reports that:

Nestled near a row of sultry, silvery-green palm trees and a 205-foot-long infinity pool, room 1508 at the National Hotel on South Beach is a portrait of Art Deco luxury. It is also where, on May 7, 2008, federal agents seized two computers, $22,000 in cash and a Glock 9 gun from a man known on the Internet as "soupnazi."

His real name is Albert Gonzalez, and he was with his girlfriend when federal agents arrived. Just as the setting was not run-of-the-mill, neither was the arrest. Gonzalez was charged with hacking into business computer networks and stealing credit and debit card accounts — and in an embarrassing twist, he had once been an informant for the U.S. Secret Service.

This week, Gonzalez, 28, was indicted in New Jersey on more federal charges. Now the biggest credit card hacks of the decade — totaling 170 million accounts — have been pinned on Gonzalez.

Industry analysts marveled at the scope of the operation — which Gonzalez allegedly dubbed "Get Rich or Die Tryin'." One compared it to a hackers' version of the 1980s gangster movie "Scarface."

"Albert Gonzalez is definitely the Tony Montana of credit card theft," said Sean Arries, a computer security expert at the Miami-based Internet technology company Terremark.

More here.

A Different Kind of Sci-Fi: District 9

District 9

I played hooky from work for a couple of hours this afternoon to go and see District 9 -- and I have to tell you, I really enjoyed it.

I mean, not like Star Trek (which I really loved, by the way, but it was more action/adventure foo), but in a different, more "honest & respectful" Sci-Fi kind-of-weird-way. It was definitely different, and I can't explain why, but Sci-Fi affectionados who have seen it can probably articulate it better than I can.

Worth an afternoon matinée ticket price.


- ferg

Lawsuit Tries to Get at Hackers Through the Banks They Attack

Saul Hansell writes in The New York Times:

A lawsuit filed on Wednesday against some of the most shadowy Internet criminals — gangs based in Eastern Europe that electronically break into business computers, steal banking passwords and transfer themselves money — is being used to pry information from a group that is nearly as reclusive as the hackers: banks whose computers have been compromised.

The suit by Unspam Technologies, which organizes volunteers to track down information about spammers and other online rogues, was filed in United States District Court for the Eastern District of Virginia.

The lawyer for Unspam, Jon L. Praed, concedes he is unlikely ever to discover the names of the hackers. But he hopes to get the details of the thefts, the names of victims and other information from the banks that can be used to improve security and possibly identify the hackers.

Mr. Praed, the head of the Internet Law Group, which is based in Arlington, Va., has used the technique successfully on behalf of AOL and Verizon to identify people sending spam to their customers. The same legal method was used by the recording industry to force Internet providers to name customers who were exchanging copyrighted songs.

More recently, Mr. Praed has used these “John Doe suits” — so called because the unnamed defendant is identified only as John Doe — to get information from third parties that can then be passed to law enforcement officials and online security experts and used as the basis for other civil suits.

More here.

Tuesday, August 18, 2009

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Tuesday, Aug. 18, 2009, at least 4,332 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes nine military civilians killed in action. At least 3,465 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is three fewer than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

As of Tuesday, Aug. 18, 2009, at least 708 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Tuesday at 10 a.m. EDT.

Of those, the military reports 536 were killed by hostile action.

More here and here.

Honor the Fallen.

Opportunistic Advertising? Or Sheer Genius?


Via Scott Beale over at Laughing Squid.

- ferg

Toon of The Day: Hippocratic Oaf

We love Mr. Fish.


- ferg

FBI Launches $80 Million Credit Card Fraud Investigation in Colorado

Dave Young writes on

A major FBI investigation is underway in Colorado, involving bank and credit card fraud. This investigation could involve as much as $80 million in fraudulent transactions.

Four people were arrested Friday and many more arrests are expected as this investigation continues. Two of those people arrested two women with Russian backgrounds appeared in federal court here this afternoon.

And while the Feds are being tight-lipped about their investigation it's apparently a very large scale organized operation.

Federal agents with police raid an Aurora car dealership and at least a dozen other locations across the metro area looking for evidence connected to a much larger bank fraud investigation.

More here.

Hat-tip: DHS Daily Open Source Infrastructure Report

FTC Extends Breach Notification to Web-Bsed Health Repositories


The Federal Trade Commission has issued a rule that broadens the reach of data breach notification rules covered by the Health Insurance Portability and Accountability Act (HIPAA). The new FTC rule applies to companies that provide an online repository of health information, such as vendors that provide Web-based tools that track and maintain blood pressure readings and other health related data.

Typically, web-based companies that collect health information are not covered under HIPAA. The new FTC rule applies only to these companies and requires vendors of personal health records and their service providers to notify consumers following a data security breach. If the breach involves more than 500 people, the company must give notice to the media, the FTC said.

The FTC said it is attempting to address a new wave of gadgets that enable consumers to upload data into their personal health records on the Internet such as readings from blood pressure cuffs and pedometers. The rule also covers Web-based tools such as HealthVault and Google Health as well as websites such as WebMD, which may collect and retain certain health information.

More here.

In Passing: Robert Novak

Robert Novak
February 26, 1931 - August 18, 2009

Monday, August 17, 2009

Cyber Heist Crushes Bank

Kevin Coleman writes on Defense Tech:

Dwelling House Savings and Loan, a 119-year-old thrift, was shut down by federal regulators on Friday August 14th. The small thrift was said to have had only about $13.8 million in deposits. Federal regulators have been concerned about account security at Dwelling House Savings & Loan for several years.

The S&L suffered a severe blow to its viability late in 2008 when federal auditors uncovered that around $3 million had been electronically drained out of its capital account and that the bank was actually operating with $500,000 in a negative equity position. The cyber theft equated to 21.7 percent of the S&L’s deposit assets.

According to bank officers, cyber thieves (10 to 12 individuals) were behind the heist via electronic bank transfers that are now being given as the biggest reason the institution became insolvent and ultimately failed. Bank officers blamed the heavy losses on the work of a ring of cyber thieves. Pittsburgh police and FBI agents are investigating the case.

More here.

Australia: Hackers Break Into Police Computer as Sting Backfires

Asher Moses writes on The Age:

An Australian Federal Police boast, on the ABC's Four Corners program last night, about officers breaking up an underground hacker forum, has backfired after hackers broke into a federal police computer system.

Security consultants say police appear to have been using the computer as a honeypot to collect information on members of the forum but the scheme came undone after the officers forgot to set a password.

Last Wednesday, federal police officers in co-operation with Victoria Police executed a search warrant on premises in Brighton, Melbourne, connected to the administrator of an underground hacking forum,, which had about 5000 members.

Many details of the investigation were revealed for the first time on Four Corners last night.

After the raid, the federal police covertly assumed control of the forum and began using it to gather evidence about members.

"We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration," Neil Gaughan, national manager of the federal police's High Tech Crimes Operation, told Four Corners.

However, what the federal police did not know was that hackers had already cottoned on to their plan.

More here.

Image of The Day: 4 Out of 5 Cyber Attacks....

Via I Can Has Cheezburger.

- ferg

TJX Hacker Charged with Heartland, Hannaford Breaches

Kim Zetter writes on Threat Level:

The constellation of hacks connected to the TJX hacker is growing.

Albert “Segvec” Gonzalez, a former Secret Service informant who is already awaiting trial over his involvement in the TJX hack, has been indicted by a federal grand jury in New Jersey, along with two unnamed Russia-based conspirators, with hacking into Heartland Payment Systems, the New Jersey based card processing company, as well as Hannaford Brothers, 7-Eleven, Inc, and two unnamed national retailers, according to the indictment unsealed Monday.

Prosecutors say they’re investigating other breaches and have not ruled out Gonzalez’s involvement in even more intrusions.

“[The fact that] we’re not seeing a huge array of hackers capable of doing this, but rather a more select group, demonstrates that there is a level of sophistication involved in these hacks,” said Assistant U.S. Attorney Erez Liebermann from the Justice Department’s New Jersey district office.

According to the court document, the hackers stole more than 130 million credit and debit card numbers from Heartland and Hannaford combined, which authorities believe constitutes the largest data breach and identity theft case ever prosecuted in the U.S. But these are just the latest in a string of high-profile breaches that have been connected to Gonzalez.

More here.

Georgia Cyber Attacks Linked to Russian Organized Crime

Jeremy Kirk writes on ComputerWorld:

The cyberattacks against Georgia a year ago were conducted in close connection with Russian criminal gangs, and the attackers likely were tipped off about Russia's intent to invade the country, according to a new technical analysis, much of which remains secret.

The stunning conclusions come from the U.S. Cyber Consequences Unit, an independent nonprofit research institute that assesses the impact of cyber attacks. A 100-page technical analysis is only being made available to the U.S. government and some cybersecurity professionals, but the organization did release a nine-page summary early Monday.

The report in part confirms some of the suspicions of observers, who theorized that the distributed denial-of-service attacks (DDOS), which crippled many Georgian Web sites, had its roots in Russia.

The report was chiefly produced through investigations by the CTO of the U.S. Cyber Consequences Unit, John Bumgarner. It involved analyzing a raft of data collected as the attacks were going on and afterwards. The data included server logs from a variety of stakeholders, some of whom would not share information with each other, said Scott Borg, director and chief economist of the institute.

More here.

Sunday, August 16, 2009

Classic xkcd: Browsing Without Adblock

Click for larger image.

We love xkcd.

- ferg

Mark Fiore: Reform Madness

More Mark Fiore brilliance.

Via The San Francisco Chronicle.


- ferg

p.s. I'm back from Munich -- blogging should be back to normal starting now.