Brian Krebs tracks down ID theft victims

Brian Krebs, one of the most switched-on infosec journalists out there at the moment, writes about personal information he recovered from 3,221 U.S. victims infected by one of the many varieties of ID theft trojans out there. Locally, Australia has been subjected to such incidents too – particularly interesting because they’re often specifically targeting Australians. A high-profile example is the ‘National Bank bankrupt‘ trojan from June 2006, which infected and captured credentials from around 10,000 machines in Australia and 35,000 worldwide.

What I found so interesting about this article though, is that Brian took it upon himself to track down some of the victims of this malware to let them know that their credentials and much of their personal information had been stolen. I’m just trying to imagine how that conversation would have played out. “Hi, you don’t know me but…. are you sitting down?”

Read the full article

Reports of planned physical attacks on UK datacentre

The Times Online reports of an Al-Qaeda plot to bring down the UK internet. There’s often precious little solid information to properly judge the true threat and the maturity of any plot through the hype (ala the liquid bomb plot), but there certainly must be a good few UK sysadmins who will be able to name their next security budget. Regardless of the feasibility and potential impact of this particular reported plot of course, any data centre as large as the one reported here should have a well-established disaster recovery plan for a situation like this anyway.

Bill O’Reilly’s web site targeted by DDoS Attack

I had a grand notion that I wasn’t going to bring politics into this blog, as politically interested as I am, yet at the tender age of post number 5, here we are:

The official Web site for Bill O’Reilly was taken down by a repeated denial-of-service attack this week.

The site for the controversial conservative pundit was hit over the course of two days, according to an advisory posted on the Web site. “BillOReilly.com was attacked repeatedly by a malicious technology called a ‘botnet,’ ” reads the statement. “This means that the site was bombarded by data that overloaded our firewalls. We had to take the site down in order to protect it, and so we could make sure that every possible countermeasure was being taken.”

What I am absolutely going to avoid is saying that this is the online equivalent of ‘cut his mike‘.

More…

Diversify your income from pump-and-dump scams

Ryan Naraine writes on eWeek, how lucrative is pump-and-dump spam?

During Moriarty’s research, he used data from pump-and-dump e-mails flooding into Trend Micro’s spam honeypots. “As soon as I see activity on a particular stock, I’ll short that and set a limit to cover after I’ve made 10%. In just over five weeks, I’ve turned a 25.6 percent profit on a $100,000 virtual portfolio. This is exactly what these spammers are doing. It’s risky business but it’s easy money,” Moriarty said in an interview.

“I made money on every transaction,” he added.

and even more interesting, relating to the SEC decision to suspend trading on companies targeted by these scams:

“Pretty soon, you’ll start seeing extortion schemes. The spammers will simply call up a company and demand money on the threat of a pump-and-dump spam run. Think about it, a spammer now has the power to control which stocks are suspended by the SEC,” Moriarty warned.

“Pretend I’m a bad guy and you’re the CEO of XYZ company. I can call you up and say, ‘hey, wire $50,000 to my eGold account or I’ll run a pump-and-dump scheme to halt trading on your stock. This is the next step,” he added.

Quite likely! More on this…

SEC halts trading in spam-touted stocks

SEC halts trading in spam-touted stocks

It’s good to see someone taking serious action against the many “pump and dump” scams doing the rounds. But quite possibly, the companies being targeted are merely the vehicles for the scam, rather than being knowingly involved. How much will this hurt their legitimate investors? More…

How do you intercept someone else’s SMS?

I’d always been interested in how this might be done – Slate has a nice high-level writeup on some of the techniques that might be employed.

Along with commercial mobile phone spyware, predictions of mobile malware surges (was last year really ‘the year’ of mobile malware?), SMS phishing, the FBI being a little sneaky with mobile phone microphones and using mobile devices for banking, it seems that those raising the alarm on these threats early like F-Secure will look fairly wise in hindsight.

ICANN releases factsheet on February 2007 root server DDoS

ICANN have released an excellent, concise analysis of the DDoS attacks against the root name servers from February this year:

ICANN Blog: Factsheet: DNS attack

It’s great to see a well-presented analysis publicly released about a high-profile incident such as this, and it even goes on to explain the operation of the root name servers (I learned a thing or two about Anycast, at least). Well worth a read, and hopefully something we’ll see more of!

RSS is the new crack

I like RSS quite a lot, but I’ve still been beaten for sheer linkages by the very busy sounding Jose Narazio:

More than 200 news sites are aggregated together and sorted by time. They are partially broken out by vulnerabilities, malware, updates and then general news. It helps me keep current and I can peek in a few times a day and get a full picture. Part of the site tracks bloggers in the infosec space. Some of the best information I have found comes from diligent bloggers digging up information and providing analysis.

…

You can download the Infosec OPML file here:

• Infosec OPML 1.0

My RSS reader of choice these days is Google Reader – it’s only fair that they see everything I do online since they make such good software.

Make sure you check out Arbor Network’s ATLAS too. Not only is it full of useful information, but it’s also got a very slick looking interface!