1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29  |  30  |  31  |  32  |  33  |  34  |  35  |  36  |  37  |  38  |  39  |  40  |  41  |  42  |  43  |  44  |  45  |  46  |  47  |  48  |  49  |  50  |  51  |  52  |  53  |  54  |  55  |  56  |  57  |  58  |  59  |  60  |  61  |  62  |  63  |  64  |  65 

July 30, 2013

Russian hackers used bitcoin to plant heroin in a security expert's house

Mail from the (Velvet) Cybercrime Underground — Krebs on Security
But the most recent attempt to embarrass and fluster this author easily takes the cake as the most elaborate: Earlier this month, the administrator of an exclusive cybercrime forum hatched and executed a plan to purchase heroin, have it mailed to my home, and then spoof a phone call from one of my neighbors alerting the local police. Thankfully, I had already established a presence on his forum and was able to monitor the scam in real time and alert my local police well in advance of the delivery. This would-be smear campaign was the brainchild of a fraudster known variously online as “Fly,” “Flycracker,” and MUXACC1 (muxa is transliterated Russian for “муха” which means “fly”). Fly is the administrator of the fraud forum “thecc[dot]bz,” an exclusive and closely guarded Russian language board dedicated to financial fraud and identity theft. On July 14, Flycracker posted a new forum discussion thread titled, “Krebs Fund,” in which he laid out his plan: He’d created a bitcoin wallet for the exclusive purpose of accepting donations from other members. The goal: purchase heroin in my name and address from a seller on the Silk Road, an online black market that is only reachable via the Tor network. . . .

July 03, 2013

The Post Office is spying on you, too

U.S. Postal Service Logging All Mail for Law Enforcement - NYTimes.com
Mr. Pickering was targeted by a longtime surveillance system called mail covers, but that is only a forerunner of a vastly more expansive effort, the Mail Isolation Control and Tracking program, in which Postal Service computers photograph the exterior of every piece of paper mail that is processed in the United States — about 160 billion pieces last year. It is not known how long the government saves the images. Together, the two programs show that snail mail is subject to the same kind of scrutiny that the National Security Agency has given to telephone calls and e-mail. The mail covers program, used to monitor Mr. Pickering, is more than a century old but is still considered a powerful tool. At the request of law enforcement officials, postal workers record information from the outside of letters and parcels before they are delivered. (Actually opening the mail requires a warrant.) The information is sent to whatever law enforcement agency asked for it. Tens of thousands of pieces of mail each year undergo this scrutiny. The Mail Isolation Control and Tracking program was created after the anthrax attacks in late 2001 that killed five people, including two postal workers. Highly secret, it seeped into public view last month when the F.B.I. cited it in its investigation of ricin-laced letters sent to President Obama and Mayor Michael R. Bloomberg. It enables the Postal Service to retroactively track mail correspondence at the request of law enforcement. No one disputes that it is sweeping. “In the past, mail covers were used when you had a reason to suspect someone of a crime,” said Mark D. Rasch, the former director of the Justice Department’s computer crime unit, who worked on several fraud cases using mail covers. “Now it seems to be ‘Let’s record everyone’s mail so in the future we might go back and see who you were communicating with.’ Essentially you’ve added mail covers on millions of Americans.” . . .

June 27, 2013

Number two man in the U.S. military leaked classified cyberattack data

Ex-Pentagon general target of leak investigation, sources say - Investigations
Legal sources tell NBC News that the former second-highest-ranking officer in the U.S. military is now the target of a Justice Department investigation into an alleged leak of classified information about a covert U.S. cyberattack on Iran’s nuclear program. . . .

June 23, 2013

Facebook bug reveals they maintain "shadow profiles" of every user

The bug not only exposed the personal information of six million people for over a year, it revealed that Facebook keeps secret profiles attached to accounts that contain info Facebook secretly gathers on people--like their phone numbers, even if they never shared that with Facebook. Anger mounts after Facebook's 'shadow profiles' leak in bug | ZDNet
The personal information leaked by the bug is information that had not been given to Facebook by the users - it is data Facebook has been compiling on its users behind closed doors, without their consent. A growing number of Facebook users are furious and demand to know who saw private information they had expressly not given to Facebook. Facebook was accidentally combining user's shadow profiles with their Facebook profiles and spitting the merged information out in one big clump to people they 'had some connection to' who downloaded an archive of their account with Facebook's Download Your Information (DYI) tool. According to the admissions in its blog, posted late Friday afternoon, Facebook appears to be obtaining users' offsite email address and phone numbers and attempting to match them to other accounts. It appears that the invisible collected information is then being stored in each user's 'shadow profile' that is somehow attached to accounts. Users were clearly unaware that offsite data about them was being collected, matched to them, and stored by Facebook.