Fraud Intelligence Newsletter
September 2008
Upcoming Event Schedule
September 29 - October 1, Digital PhishNet 2008 Conference (by invitation only), San Diego, CA.
October 14 - 16, eCrime Researchers Summit 2008 and APWG General Meeting (members only), Atlanta, GA.
November 2 - 7, ICANN Meeting, Cairo, Egypt. Rod Rasmussen will again be attending as the Industry Liaison for the APWG.
Notorious criminal marketplace closes
The
computer criminal marketplace site DarkMarket.ws was shut down by its
operator, known online as Master Splynter, on September 16. Based on
comments posted by Master Splynter, scrutiny by law enforcement and
other law-abiders apparently forced the shut down of the site. The site
had been operating for the past three years as on online marketplace
where stolen identities, stolen credit cards, and the tools of the
trade were bought and sold.
Credit card data for sale - in your inbox
Apparently, there is more supply of stolen credit card data than the
online black market bazaars like DarkMarket can handle. In
mid-September, we started seeing spam messages offering to sell stolen
credit card information. The spam's opening lines read:
hi guys , I selling dmps (Visa & MC) (tr1+tr2) (tr2) Wellcome !!!Usa price list.
usa price :
Classik 25$
Gold / platinum / Purchaseng / corp 50$
Amex 20$
Discover 40$
The message also offered volume discounts. Potential buyers were
directed to contact the seller via ICQ or a Gmail account.
Grey hat ISP cut off by upstream provider
Atrivo, also called
Intercage, is a California-based ISP that has historically hosted a
disproportionately high volume of scam and malware distribution sites.
The ISP became unreachable on September 21 when its upstream
connectivity provider stopped routing traffic for it. The upstream
provider pulled the plug on Atrivo after being pressured to do so by
its customers and by several Internet watchdog groups, including
Knujon.org and Brian Krebs of the Washington post. Krebs provides the
details of the shut down on his blog.
Atrivo provided hosting for the domain registrar EstDomains, which is
notorious for its disproportionately high volume of fraud
registrations, and its past associations with the now defunct Russian
Business Network (RBN). The RBN was forced out of business several
months ago when its upstream connectivity providers ceased to provide
it with service. EstDomains has also recently been publicly
scrutinized by Knujon.org and Brian Krebs.
Beware of password retrieval risks
The personal Yahoo
e-mail account of Republican vice-presidential nominee Sarah Palin was
compromised when a hacker performed some basic online research
augmented by educated guessing to fool Yahoo's "forgot-my-password"
system into letting him change the password on Palin's account.
Most password help utilities rely on the concept of "shared secrets" to
authenticate the account holder - except that the shared information
isn't really a secret these days. In the age of Google, blogs and
online public records, very little demographic or historical
information about a person is really secret. Birthday, birth place,
hometown, mother's maiden name, high school, colleges attended, pet's
name...For most people, especially famous ones, this kind of
information can be found with a minimum of online sleuthing.
Phishing can be used to determine shared secrets as well. If a system
relies a limited set of shared secrets, phishers can create their
attacks to get the necessary secrets from their victims. For example,
Bank of America's Site Key system has been repeatedly attacked in this
manner.
October is National Cyber Security Awareness Month
The
Department of Homeland Security (DHS), the National Cyber Security
Alliance (NCSA) and others have joined together to support and promote
National Cyber Security Awareness Month during October. The goal of
National Cyber Security Awareness Month is to educate everyday Internet
users on how to "Protect Yourself Before You Connect Yourself", by
taking simple and effective steps.
This month provides an excellent opportunity to reach out to your
customers, members and employees with educational messages. The DHS website and NCSA website offer ideas, examples and resources for help in creating awareness campaigns and events.
If
you want to learn more about protecting your organization from phone
phishing, phishing, spear phishing, targeted malware and other attacks
against your customers, please contact Internet Identity.
|