Ne’er-Do-Well News – Page 9 – PossibleThreat Articles

Thinking of Hiring or Running a Booter Service? Think Again.

January 17, 2023 0 Comments allison nixon, booter services, DDoS-for-hire, ipstresser, john dobbs, matthew gatrel, Ne'er-Do-Well News, stresser services, unit 221b

Credit to Author: BrianKrebs| Date: Wed, 18 Jan 2023 02:30:15 +0000

Most people who operate DDoS-for-hire services attempt to hide their true identities and location. Proprietors of these so-called “booter” or “stresser” services — designed to knock websites and users offline — have long operated in a legally murky area of cybercrime law. But until recently, their biggest concern wasn’t avoiding capture or shutdown by the feds: It was minimizing harassment from unhappy customers or victims, and insulating themselves against incessant attacks from competing DDoS-for-hire services. And then there are booter store operators like John Dobbs, a 32-year-old computer science graduate student living in Honolulu, Hawaii. For at least a decade until late last year, Dobbs openly operated IPStresser[.]com, a popular and powerful attack-for-hire service that he registered with the state of Hawaii using his real name and address. Likewise, the domain was registered in Dobbs’s name and hometown in Pennsylvania. The only work experience Dobbs listed on his resume was as a freelance developer from 2013 to the present day. Dobbs’s resume doesn’t name his booter service, but in it he brags about maintaining websites with half a million page views daily, and “designing server deployments for performance, high-availability and security.” In December 2022, the U.S. Department of Justice seized Dobbs’s IPStresser website and charged him with one count of aiding and abetting computer intrusions. Prosecutors say his service attracted more than two million registered users, and was responsible for launching a staggering 30 million distinct DDoS attacks.

Independent Krebs Security

Identity Thieves Bypassed Experian Security to View Credit Reports

January 9, 2023 0 Comments A Little Sunshine, annualcreditreport.com, Data Breaches, experian, jenya kushnir, Ne'er-Do-Well News, sen. ron wyden, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 09 Jan 2023 14:05:15 +0000

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.

Independent Krebs Security

Hacked Ring Cams Used to Record Swatting Victims

December 19, 2022 0 Comments aspertaine, chumlul, james thomas andrew mccarty, kya christian nelson, Ne'er-Do-Well News, SIM swapping, violence-as-a-service

Credit to Author: BrianKrebs| Date: Tue, 20 Dec 2022 01:24:10 +0000

Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then “swatting” them — falsely reporting a violent incident at the target’s address to trick local police into responding with force. Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arrived.

Independent Krebs Security

Six Charged in Mass Takedown of DDoS-for-Hire Sites

December 14, 2022 0 Comments DDoS-for-hire, Ne'er-Do-Well News

Credit to Author: BrianKrebs| Date: Wed, 14 Dec 2022 19:58:00 +0000

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.

Independent Krebs Security

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

December 5, 2022 0 Comments A Little Sunshine, dmitry starovikov, glupteba botnet, Google, halimah delaine prado, igor litvak, Ne'er-Do-Well News, royal hansen, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Mon, 05 Dec 2022 19:44:50 +0000

In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba, one of the Internet’s largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for tortious interference in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S. attorney to pay Google’s legal fees.

Independent Krebs Security

Disneyland Malware Team: It’s a Puny World After All

November 16, 2022 0 Comments A Little Sunshine, alex holden, disneyland team, gozi trojan, Hold Security, Ne'er-Do-Well News, Web Fraud 2.0, web injects

Credit to Author: BrianKrebs| Date: Wed, 16 Nov 2022 17:32:00 +0000

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic and Ukrainian.

Independent Krebs Security

Top Zeus Botnet Suspect “Tank” Arrested in Geneva

November 15, 2022 0 Comments jabberzeus, Ne'er-Do-Well News, tank, vyacheslav igorevich penchukov

Credit to Author: BrianKrebs| Date: Tue, 15 Nov 2022 15:38:20 +0000

Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources.

Independent Krebs Security

Hacker Charged With Extorting Online Psychotherapy Service

November 3, 2022 0 Comments A Little Sunshine, atti kurritu, hack the planet, julius kivimäki, Ne'er-Do-Well News, ransom_man, vastaamo, ville tapio, william ralston, wired, zbot, zeekill

Credit to Author: BrianKrebs| Date: Thu, 03 Nov 2022 14:43:22 +0000

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius “Zeekill” Kivimaki, a notorious hacker who — at the tender age of 17 — had been convicted of more than 50,000 cybercrimes, including data breaches, payment fraud, operating botnets, and calling in bomb threats.

Independent Krebs Security

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

October 31, 2022 0 Comments A Little Sunshine, alex jones, f. andino reynal, mark sokolovsky, Ne'er-Do-Well News, raccoon infostealer, raccoon stealer

Credit to Author: BrianKrebs| Date: Mon, 31 Oct 2022 20:53:27 +0000

A 26-year-old Ukrainian man is awaiting extradition to the United States on charges that he acted as a core developer for Raccoon, a “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion.

Independent Krebs Security

Fake CISO Profiles on LinkedIn Target Fortune 500s

September 29, 2022 0 Comments A Little Sunshine, fake cisos, LinkedIn, Ne'er-Do-Well News, rich mason, The Coming Storm, Web Fraud 2.0

Credit to Author: BrianKrebs| Date: Thu, 29 Sep 2022 20:52:43 +0000

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.