Friday, April 18, 2008

Vladuz busted, according to eBay

Vladuz, the mysterious hacker, who seemed to take great pleasure in hacking eBay has been arrested, according to eBay.

Ina Steiner reports on the AuctionBytes blog:

A cyber-criminal who embarrassed eBay for nearly a year with claims he had hacked the site was arrested on Thursday, according to eBay. "Vladuz" had harassed eBay with his taunting from December 2006 through October 2007, when he accessed eBay servers and gained limited access to a very small number of eBay accounts on the site. (eBay said at the time that at no point did the fraudster get any access to financial information or other sensitive information.).
Thus far only eBay is confirming the arrest:

eBay spokesperson Nichola Sharpe said local Romanian law enforcement officials would have to confirm details, as they considered the case confidential until a conviction was made. Asked why eBay had issued a press release, Sharpe said eBay wanted to thank all of the law enforcement agencies involved who collaborated in the case. She also said that the community was aware of Vladuz, and said, "This is obviously great news."
eBay states that Vladuz never accessed any financial information, but I’m not certain that was his intention in the first place.

There are some, who believe his intention was to point out the massive amount of fraud occurring on auction sites and show weaknesses that could be exploited in eBay’s system.

After all, unless he is mentally disturbed, why would he make his effort so public otherwise? Most criminals prefer to remain anonymous when they are committing financial crimes. They make a lot more money that way.

Here is a previous post, I did on the mysterious, Vladuz:

Did Vladuz hack eBay, or is stockpiled stolen information being used to make it look like he did?

Thursday, April 17, 2008

Symantec releases Internet Threat Security Report

Symantec recently issued it's Internet Security Report, which covers the second half of 2007. The key findings in the report are that malicious activity has become web based, attackers are going after end users rather than computers, the underground community is maturing and consolidating and the bad guys are getting better at improvising and adapting.

The report confirms that hacker tool kits are increasingly making it easier for less sophisticated types to effective commit technical crimes. Symantec also believes that these tool kits are being professionally developed, which supports the deduction that the underground community is maturing and consolidating.

Perhaps the availability of tool kits is the reason that a 559 percent increase in phishing websites has been noted?

The report also shows that the bad guys are going after "trusted" sites, such as social networking sites.

The underground economy in stolen financial details is also on the increase. These details, which are sold in Internet forums are getting cheaper. With all the phishing going on coupled with a record amount of data breaches an over abundant supply of stolen information is likely the reason for this. The report found a wide variety of pricing on payment card numbers, ranging from .40 cents to $20 per card.

The easy availability of encoders and other portable payment card technology makes it "too easy" to counterfeit the numbers into realistic looking plastic. In addition to this, there is a thriving market in counterfeit documents, which provides a wide-array of realistic counterfeit identification to vet the counterfeit financial instruments.

Besides identities and payment card details, stolen bank accounts are becoming increasingly available. Symantec attributes the increase in bank account information to a mirror increase in banking trojans over the second half of 2007.

Besides being used to clean out an account, bank account details are useful to criminals when they commit check fraud. Anyone, who follows scams on the Internet, knows that counterfeit checks are being delivered to unsuspecting mules to cash in a variety of advance fee (419) type scams. Please note there are organized gangs, who move from area to area committing check fraud using mules, who know exactly what they are doing, also.

Recently, an International task force monitored the mail and discovered large amounts of counterfeit checks being shipped throughout North America and the European Union.

All in all this report is a very interesting read. If you are a more visual type, Symantec also did a very nice flash presentation on this, which can be seen on the page linked to in the previous sentence.

Wednesday, April 16, 2008

Corporate suits targeted in spear phishing attack!

The mainstream media is reporting that the Phishermen attempted to spear a large number of corporate executive types this week.

This form of phishing is referred to as spear phishing, or whaling. The intent of phishing is to trick an unwary human being into giving up sensitive personal or financial information, which is later used to for illicit purposes. Spear phishing or whaling is simply a more focused approach designed to target more specific targets than everyday run of the mill phishing attacks, which are sent out by the millions via spam spewing botnets.

The New York Times is reporting:

Thousands of high-ranking executives across the country have been receiving e-mail messages this week that appear to be official subpoenas from the United States District Court in San Diego. Each message includes the executive’s name, company and phone number, and commands the recipient to appear before a grand jury in a civil case.

If any of them clicked on the link directing them to a view of the full subpoena, they probably downloaded malicious software with keylogging capabilities. Once this is dropped on a system, keystrokes are recorded and transmitted back to the criminals behind the attack.

The normal intent when this done is to commit financial crime, but given the targets in this attack, corporate espionage (information theft) could be the intention, also.

The malware bundle allegedly places the victim's computer under the control of the phishermen. When this occurs, the infected computer is often referred to as a zombie.

The latest attack has prompted warnings to be placed on the websites of two California Federal Courts, as well as, the administrative office of the United States Courts.

The New York Times article speculated that this attack was of Chinese origin, while Brian Kreb's article in the Washington Post speculated the attack could be of Romanian origin. Both of these speculations came from noted industry security experts. Unfortunately in the world of cybercrime, the activity often so anonymous, all the rest of us can do is speculate as to who might actually be behind it.

Please note that speculating that the activity might have come from either China or Romania is probably a good deduction. Both countries are known to host a lot of criminal activity of a cyber nature.

It is also being reported that not all the security products out there will detect this attack.

I guess that the only solace from this fact is that if you can teach the user to recognize the social engineering aspects of these attacks, they aren't going to click on the link and infect their system.

Even though "fear" is well-known social engineering technique, if you examine the attack it doesn't make very much sense. After all, the last time I checked, a subpoena delivered via electronic communication wouldn't be legally binding. It's probably a no-brainer that federal courts wouldn't issue a subpoena via an e-mail.

Sadly, more employees fall for phishing attempts than many might realize. In fact, some organizations are now testing their own employees with scary results. Most recently, this was done by both the U.S. Army and the IRS.

Update 4/19/08: The FBI announced that a new phishy e-mail is circulating regarding a grand jury summons. Not sure if this is a tie in, but as Alex Eckelberry lamented on the Sunbelt blog -- phishing attacks are becoming more specifically targeted and the intent might be more than to steal financial information. Of course, that's not to say there isn't financial motivation involved, there normally is.

Monday, April 14, 2008

A final (???) salute to's Data Loss Database - Open Source

I came across some pretty sad news on Tom Fragala's blog that was throwing in the towel on their well respected DLDOS (Data Loss Database - Open Source).

In their own words, this is the reason why they are shutting down:

Much like's past defacement mirror, the time has come for us to say "no mas". In the past few weeks, it has come to our attention that too many people are more concerned with making a profit off of our work without any offer of acknowledgement or compensation. For those who aren't familiar with Attrition, we're a non-profit hobby site that takes on "projects" as we see fit, when we want to, and when we have time. For those who *are* familiar with Attrition, you probably know that we don't take kindly to being dealt with unfairly. Commercial entities, including "identity-theft prevention" upstarts and book authors, will gladly contact us, ask for information and advice, and then not even offer us the equivalent of a reach-around when selling their materials. We don't pimp our resources to others; they come to us. Unfortunately, more often than not, they won't even send us a "thank you". We've mentioned it in the past, but we're not going to mention it in the future. This is the last mention.
I've often mentioned the fine work the good folks at Attrition did on being a honest (not motivated by money) voice in what most of us agree is a serious problem. Because of this, I've always tried to point people directly to their work.

Perhaps, as I lamented in an earlier post, the pay for protection racket is getting a little out of hand? A good example of the frustration Attrition might feel is evidenced by some of the comment spam at the bottom of that post.

Please note for the record that I consider this blog a small one-person effort, which couldn't hope to keep up with the extensive amount of work the team put into maintaining this now "historical database."

Maybe this will be the last time, I can thank them publicly. Saying that, I will do so one last time for all they "did" for who really matters in the growing problem of too much information being stored in not very safe places. If you want to know who I am referring to, all you need to do is look in the mirror.

After all, most us have probably had our information compromised (sometimes more than once) in one of the data breaches catalouged in the Data Loss Database - Open Source.

I guess the old saying is true, "money is the root of all evil."

You can read the post from Attrition on this matter on their site, here.

Update 4/17/08: It appears that the DDLOS database might not be completely inactive. Emergent Chaos and Entering the Networked World are reporting that the database is generating new material.

If you go to Attrition's news page, Lyger has done a post "A new beginning." In it he announces a partnership with a new identity theft protection service:

Going forward, we would like to announce that we have a new partnership with Identity-Love-Sock, a trusted provider of identity theft prevention services. Not only can Identity-Love-Sock protect YOU from IDENTITY THEFT, it also provides several guarantees for your PROTECTION should YOU be affected by IDENTITY THEFT. With the services provided by Identity-Love-Sock , YOU will NEVER have to WORRY about your IDENTITY being STOLEN, MISUSED, or otherwise COMPROMISED. For more details on how YOU can be COVERED and PROTECTED, please visit Identity-Love-Sock . You'll be glad you did.

Hmmmm...I've been looking for an ehtical way to monetize this blog, I wonder if they are accepting affiliates?

Sunday, April 13, 2008

Privacy friendly Truston ID Theft prevention/recovery platform wins 2008 Tech Award

After just being named a 2008 Hot Company, Tom Fragala and the Truston team have another award under their belt.

From the Marketwire press release:

Truston®, a provider of award-winning online services for identity theft protection, announced today that Info Security Products Guide, the world’s leading publication on security-related products and technologies, has named myTruston® a winner of the 2008 Tomorrow’s Technology Today Award.

Truston has largely been launched via word of mouth and doesn't offer a lot of gimmicks. What it provides is a DIY (do it yourself) method of protecting yourself and recovering from identity theft.

The press release describes the MyTruston technology:

MyTruston is the only fully online identity theft recovery system. It is hosted web-based software that can help millions of people easily recover from and prevent identity fraud by supporting virtually any type of ID theft. MyTruston walks consumers step-by-step through the entire prevention or recovery process—dramatically reducing the time, financial cost, and emotional impact. And it can easily be embedded into a partner's own website. To read more about this award winning technology, please visit

Tom Fragala, Truston's CEO, is amongst other things an actual identity theft victim, a blogger and spent thousands of hours advocating for identity theft victims before the his technology was launched.

He firmly believes in the basic information security principle that the less places information is stored, the less likely it is to be compromised. This is the reason that MyTruston never asks a person for any of their personal information.

Most identity theft protection services require you give them all your personal details and in some instances, a power of attorney. Given how information is bought and sold and with everything being outsourced to call centers that provide cheap labor, this is something that bears consideration.

Additionally, the prevention and "discovery" process is completely free-of-charge and the service only charges for using the software to recover from identity theft.

There is no long-term commitment to protect yourself.

Tom freely admits that a person can recover from identity theft, if they know how to do it and have the knowledge. One of the reasons there are so many players in the identity theft protection field is that most people find it confusing and difficult to get through all the red tape after becoming a victim.

What Truston provides is a free platform to discover the problem and an interactive means to effectively solve it without having to do a lot of research.

Marketwire press release on Truston's latest award, here.

If you want to test out the free portion (now includes a free trial) of MyTruston, here is a link.

Making bail with funny money complicates legal matters

I guess the moral of this story is that it's probably not a good idea to push matters after you've been arrested.

A Long Island man (Cyheam Forney) was arrested for driving on a suspended license, which is a misdemeanor. While attempting to make bail, he tried to pay with a counterfeit $50 bill.

The AP reports what occurred at this point:

Forney was arrested on a misdemeanor suspended license charge — until officers said he proffered the counterfeit currency as bail money. He was being held early Friday on a felony charge of possessing a forged instrument.
According to the AP, Mr. Forney could not be located for comment. Given that he is hard to locate -- drives on suspended licenses then tries to pay bail with funny money -- I wonder if he will appear on his designated court date?

With advancements in printer technology, counterfeit money has become a serious problem. This is the primary reason the U.S. Treasury has been issuing new series of bills with security features designed to make our currency harder to counterfeit.

If you want to learn how to tell good money from bad, the United States Secret Service has an excellent page on it. Additionally, more information (including training materials) can be obtained free of charge at

AP Story, here.

My last post on funny money also had a unusual, if not sick twist:

Girl Scouts get scammed with fake $100 bill