Mules are the “last mile” in many online fraud operations: the unwitting dupes, or witting co-conspirators who lend their legitimate bank account (and reputation) to fraudsters who are looking for a way to cash out funds from a compromised account. Mules – often lured with promises of “work-from-home” riches receive fraudulent transactions, then immediately withdraw the funds and wire them to the fraudsters, minus a healthy “commission.” In recent years, there has been ample coverage in the media of cyber crime and fraud and the role of money mules in scams. (I note Brian Krebs excellent reporting on the mule problem on his blog.) And yet, the supply of mules seems to be endless. Or is it? According to researchers at the security firm RSA, bank account cash-out attacks are becoming less common online, and a sharp increase in busts on money mules may be the cause. Writing on […]
Business
Could Ad Networks Power Massive, Browser-Based Botnets?
When it comes to security, the web is insecure-by-design. We’ve known that for a long time – what with “man in the middle” attacks like FireSheep, drive-by download attacks and more. The problem has always been how to scale web based attacks. At the end of the day, having an attack web page is great but, like every other website owner, you still have to figure out how to get people to visit your site! Now researchers at WhiteHat security say they’ve found an easy way around the “scale” problem: ad networks. In a presentation at Black Hat this week, Jeremiah Grossman, the CTO of WhiteHat Security, and Matt Johansen, the Manager of Threat Research there, will show how would-be attackers can parlay a small cash outlay into a sizeable browser-based botnet that could be used to send out spam, spread malicious code or launch denial of service attacks on other web […]
Podcast: Black Hat Preview With Trustwave’s Nick Percoco
Next week, the world’s attention will shift to Las Vegas for the annual Black Hat and DEFCON hacking conferences. What will be the big trends this year? We sat down last week with Nicholas Percoco of Trustwave’s Spider Labs to get his thoughts on the show. Nick is a regular at Black Hat and other events – both in the audience and on the stage. He said one of the big themes this year will be hacks on consumer electronics and home automation systems. As we reported, two Trustwave researchers have delved into the security of a wide range of “smart home” technologies, including home automation gateways and even a bluetooth enabled “smart toilet.” Percoco said that manufacturers of these devices need to pay more attention to security, and can’t assume that the people buying their devices are technically sophisticated enough to understand how to safely deploy or manage Internet […]
Breaking And Entering: Hackers Say “Smart” Homes Are Easy Targets
In just the last two years, the price of home automation technology has come way down, while variety has exploded. Smart home technology goes way beyond niche products like the Nest IP-enabled thermostat or (save us) the “HAPIfork.” A growing list of vendors are selling infrastructure to support a whole network of intelligent “stuff”, enabling remote management of home security and surveillance systems, IP-enabled door locks, IP enabled lights, smart home appliances, HVAC (heat and cooling) and more. Pretty cool. And, also, pretty scary. What if that IP-enabled door lock or garage door opener could be hacked by someone outside your home and made to open on its own? Breaking and entering just got a lot easier. Or, what if a HVAC system could be hijacked and remotely disabled or forced to operate in ways that would damage the system or even cause a fire or electrical short in the […]
Security Lapse Has Tumblr Asking IPhone, IPad Users To Update -Now!
Tumblr, the blogging and content sharing web site issued an urgent warning to those using its mobile application for Apple iPhones and iPads to update their Tumblr application – ASAP – after it was apparently found to be transmitting user names and passwords in the clear. In a blog post on Tuesday, Derek Gottfrid, the Vice President of Product at the New York City-based firm, said that the company had issued an update to the iOS version of Tumblr’s mobile application to fix an issue that allowed Tumblr passwords to be sniffed in transit on certain versions of the iOS Tumblr application for iPhone and iPad. Gottfrid did not explain the reason for the sudden update. However, a report by the UK publication The Register claims that the rush update came after Tumblr was made aware that the iOS versions of its application was not using SSL (Secure Socket Layer) […]
