Internet threat news
You may think your computer is safe because you have the latest antivirus software, all required operating system patches and a relatively strong understanding of Internet best practices. Until recently, this would probably be enough to protect your computer from most threats; however, a new threat has been successfully created that could change the rules completely. A lab-created proof of concept was recently documented in the Journal of Communications that proves computers can communicate without wires or wireless networks. In fact, this software makes it possible for hackers to control a computer that is not connected to the network at all. Using a pair of Lenovo speakers with built-in microphones, researchers discovered a way to transmit data up to 65 feet to other computers. The technology relies on sound waves and software that was originally created for underwater communications systems. High frequency signals are transmitted from the host computer.
Bitcoins have become an extremely hot topic. Financial news channels can’t stop talking about the rise of value in Bitcoins. Just last week, Bitcoins went over $1,000 USD each (although it has dropped since then). This blog has been discussing the rise of Bitcoins for even longer. For a couple of years, Bitcoins have been the preferred currency of international criminals around the world. The Silk Road, a notorious drug trafficking website that was shut down by the FBI recently, relied heavily on the exchange of Bitcoins for transactions ranging from drugs to prostitution to murder-for-hire. Many Russian crime syndicates also rely on the anonymity provided by this digital currency. So, it should come as no surprise that criminals are beginning to capitalize on the Bitcoin craze.
Two young brothers were taken into custody in Northern California late last month after authorities allege that they have been responsible for millions of dollars in wire fraud over the last couple of years. Although some of the fraudulent activity traces its roots back to traditional online banking fraud, most of the brothers’ income came from hijacked online brokerage accounts in the United States. Basically, Adrian and Gheorghe Baltaga (aged 25 and 26) have been charged with stealing login credentials from online brokerage powerhouse Fidelity Investments. Once an account was successfully compromised, the Baltaga’s would set up fake Automated Clearing House (ACH) links between the compromised accounts and prepaid debit card accounts controlled by the hackers.
This website has reported on the possibility of Smart TV web cameras potentially being hacked in the future. Although the web camera preinstalled on many new TVs is not at fault in this case, your smart TV could be invading your privacy right now. It appears that many of the new smart TVs being offered by LG have tracking software built-in that track and report the usage of smart TVs and collect files names associated with the USB drive of the TV. This alarming behavior was first detected by a UK-based developer known as DoctorBeet. Although LG has publicly denied any such privacy violation, it’s clear that this information is being collected as part of LG’s Smart Ad campaign. Like many other smart TV manufacturers, this technology is designed to display advertisements tailored specifically to the interests of the household where the TV is installed.
Windows users have a new threat to worry about. This malware infection is capable of holding your personal files (including music, pictures and documents) until a ransom is paid to the hackers who created the scam. Known as CryptoLocker, this new version of malware is a simply a new version of an old scam; however, it has been highly effective so far. Once downloaded, the program immediately encrypts all personal files on the compromised machine. The encryption algorithm is rock-solid and nearly impossible to crack. A countdown timer informs victims that they have 72 hours to pay a ransom ranging from $100 to $300. This ransom is only payable in Bitcoins or MoneyPak. This is a unique twist on the old ransom scam for a couple reasons.
Last month, this website reported the massive data breach experienced by Adobe. Personal information from millions of Adobe users was compromised following an attack that was exploiting a vulnerability in Adobe’s own product – Cold Fusion. Found on the same server as the compromised Adobe data was information from a company known as CorporateCarOnline. The same group of hackers responsible for these attacks was also implicated in the theft of information from PR Newswire. The Adobe incident has had far-reaching consequences. The popular social media site Facebook was given a copy of the stolen data and compared the username/password combinations to existing Facebook users. Any users that were using the same combinations for both Facebook and Adobe products were forced to change their Facebook login information and answer additional security questions to prove their identity before logging into the site.
As the economy continues to rumble at a rough idle without moving much since 2008, many people have turned to alternative financing for many large purchases. Computers are at the top of this list and are big business for rent-to-own companies throughout the country. The two largest names in rent-to-own nationwide are Aaron’s and Rent-A-Center; however, there are also many online-only companies that sell computers using a rent to own payment model (sometimes referred to as a lease). Aaron’s recently settled with the Federal Trade Commission after coming under fire from consumers about software being installed on new machines before being rented to customers. This spyware was knowingly installed at the corporate level and used in franchises nationwide to track customer location, take photos with the computer webcam, and activate keyloggers that were able to capture login credentials for everything from email to social media to banking sites.
For those who are not familiar with credit reporting in the United States, the task is handled primarily by three agencies: Experian, Trans Union, and Equifax. In a recent investigation, it was reported that Experian sold sensitive personal information about millions of consumers to an identity theft service based in Vietnam. The illicit site, known as hxxp://Superget.info, is an underground service marketing the ability to look up full Social Security numbers, birthdays, driver’s license information, and financial records on millions of Americans. Registration for this service is free and searches are funded using virtual currencies including Bitcoin and WebMoney; currency that is notoriously used for cybercrime. In Experian’s defense, the data was actually sold to the identity theft website via Court Ventures, a third-party company that was acquired by Experian in March 2012. This company had full access to all of Experian’s records and sold them to other information companies including US Search Info.
Snapchat has become a very popular photo sharing application with Android and iOS users. Basically, Snapchat works by sending recipients images from other users that can only be viewed for up to 10 seconds before they are “permanently” deleted from the device on which they were received. Snapchat has been relied on for many uses and has become especially known for sending lewd pictures to significant others because they are less likely to be saved and possibly shared via social media at a later date. Snapchat is also popular with criminals who wish to share information about illegal activities without the risk of photographs falling into the hands of law enforcement.
The hackers responsible for breaking into large computer networks usually get all the notoriety in the computer security world; however, there are quite a few hackers who spend their time working with embedded systems. Although it may not seem as glamorous on the surface, these individuals try to tweak wireless routers, set-top boxes, and other proprietary hardware/firmware combinations for fun, profit, and sometimes malicious activity. There have been many discussions about recent flaws discovered within embedded devices. Just last month, serious flaws in many popular consumer grade wireless routers allow hackers to access a root command line and make administrative changes from outside the LAN. There have been many other serious flaws as of late including a botnet that unlawfully mapped the entire Internet by jumping from router to router and taking measurements and a flaw that allows hackers to open up the administrative interface of the router to the Internet.
Apparently people are not the only targets when it comes to hacking information for profit. The Internet has facilitated explosive growth in the wildlife trafficking niche and one of the latest exploits is targeting endangered tigers which can fetch as much as $50,000 a piece on the black market. Especially in many Asian countries, tiger parts are valued for their alleged medicinal value and criminals are quick to cash in. In fact, the World Wildlife Fund (WWF) estimates that the wildlife trafficking industry is worth approximately $10 billion per year. Officially known as cyber poaching, this latest attack occurred when a professional email account at the Panna Tiger Reserve in central India was hacked. This account contains the encrypted geographic location of a GPS collar Bengal tiger.
In terms of the risks faced by Internet users every day regarding around identity theft, most of the focus is on phishing sites and malware designed to log keystrokes from unsuspecting users. Powerful malware such as the Citadel banking Trojan have made headlines time and again as various hacking groups deploy the software and ultimately funnel millions of dollars away from bank accounts in the United States and around the world. There have always been other threats such as scam artists who deploy credit and debit card skimmers at ATM machines, but these events have never been as prominent as they are today. And it’s not just ATMs that are affected anymore either. Last weekend, the popular retail department store Nordstrom reported that it had found six inexpensive skimmer devices that had been discreetly affixed to cash registers at a store in Adventura, Florida.
Adobe Systems is one of the largest and most successful software companies in the entire world. The company is responsible for creating the Adobe Creative Suite which includes programs such as Photoshop, Dreamweaver, Flash, and many others. Hackers have broken into major servers at the Adobe headquarters and stolen source code for an undetermined number of software titles including the ColdFusion web application platform and the Acrobat family of products. In addition, the company has reported that hackers also accessed almost 3 million customer credit card records and stole login information for an undetermined number of Adobe users.
Federal agents have finally seized and shut down the Silk Road. This site has been mentioned briefly on this blog in the past due to its ties with a host of criminals and hackers. Often referred to as the “eBay of drugs,” the Silk Road is an online black-market that even as late as last month was hosting nearly 13,000 sales listings for controlled substances including marijuana, LSD, heroin, cocaine, and ecstasy. Similar to the popular auction platform, merchants on the Silk Road mail their customers the illicit merchandise and receive feedback from these customers about the quality of the products and service. In addition to a large drug market, the Silk Road also offered visitors digital goods including banking Trojans, pirated content, and hacked Netflix accounts to name a few.
Page 1 of 5<< Start < Prev 1 2 3 4 5 Next > End >>