The illicit economy of phishers and malware perpetrators is growing more sophisticated, and more brazen. “Bulletproof” hosting sites that offered to protect their users from attacks and takedown requests now have corporate-like web pages offering a menu of a la carte services. The only limit is no spam and no porn. Hey, even they have standards. [More]
While testing out its electronic vote-by-mail program for overseas voters, the District of Columbia invited hackers to do their worst to break into the system. The programming geeks answered with decisive force, with someone making the site play the University of Michigan’s fight song after a test subject submitted the ballot. D.C. officials suspended testing before patching things up and getting back online. [More]
Several comely young Russian woman were snagged by the feds in New York yesterday for allegedly working as money mules for hackers who stole over $3 mil from American bank accounts using trojan viruses. [More]
Better not load any PDFs on your iPhone for a while, not unless you want to risk handing over total control of your device to hackers. The exploit affects all
iOS 4 iOS 3.1.2 and higher devices, including the iPod touch and the iPad. [More]
Some early iPad adopters got a special bonus prize for buying a device that’s sure to be replaced with a vastly superior model a year from now — a data breach in which hackers unearthed account info from 114,000 users, including newscaster Diane Sawyer, New York mayor Michael Bloomerg and movie kingpin Harvey Weinstein. [More]
By the time someone hacks into your Facebook account and sends all of your friends plaintive messages about being mugged in London, it’s too late to do anything about it. However, Facebook does have an early-warning system of sorts. Using a security setting, you can have the service alert you whenever your account is accessed from another location, giving you a chance to (hopefully) force the intruder out and change your password.
Albert Gonzalez, the mastermind behind most of the multi-million dollar credit card breaches in the past few years, is being sentenced this week. (Feds are asking for 25 years.) Now his former accomplice, Stephen Watt, has told Wired that while Gonzalez was busy stealing and selling credit card data he was also being paid under the table by the U.S. Secret Service to inform on others, earning as much as $75,000 in cash annually. [More]
Max Vision, the security consultant who was first sent to prison in 2001 for messing with the Pentagon, has now been sent to 13 years in prison for “stealing nearly two million credit card numbers from banks, businesses and other hackers,” reports Wired. The FBI took a renewed interest in Vision in 2006 after he successfully made a power grab on several competing black market ID theft websites. “I’ve changed,” Vision wrote in a letter to the court, and although he faced life in prison, he was given the shorter sentence partly because he’d cooperated with the government. With good behavior he’ll be back out in 2018. [More]
What constitutes adequate security for a bank? PlainsCapital Bank in Lubbock, Texas says what it currently has is enough, and if after all that some crooks still manage to steal your money, it’s not the bank’s fault. The bank has preemptively sued a business customer, Hillary Machinery, to absolve itself from any liability on what it couldn’t get back from the more than $800,000 that was stolen by foreign hackers last November. [More]
Richard, whose wife had her Hotmail account swiped by a hacker, was able to get it back by calling Xbox Live customer service, of all people.
Hey, we helped get an Ameriprise customer banned from the financial company’s consumer advisory panel! Sorry about that, Brendan.
[Note: The original headline for this post mistakenly identified Ameritrade as the subject of the post. It is actually Ameriprise Financial. I deeply regret the error.] Since March of this year, security expert Russ McRee of HolisticInfoSec.org has sent 6 messages to Ameriprise Financial warning them of easily exploitable security holes on their website. They ignored every request, while at the same time reassuring customers that “No one without the proper web browser configuration can view or modify information contained on our systems.”
Nobody knows yet whether it was planted by an attendee, or if the ATM had been there for some period of time before the event, but hackers at last week’s DefCon conference in Las Vegas discovered a rogue unit that was designed to capture customers’ credit card data with each use.
It turns out our Social Security numbering system, which launched in 1936, isn’t very foolproof against some types of hacking. The New York Times reports that researchers at Carnegie Mellon University “used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth.”
Just when you thought that you and your ATM card data were safe from criminal eyes, Scientific American brings a different sort of threat. This time, the skimmers are inside the machine. Malware within the ATM itself harvests enough data to do some very bad things.