911 Proxy Service Implodes After Disclosing Breach

Credit to Author: BrianKrebs| Date: Fri, 29 Jul 2022 19:34:45 +0000

911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy software with other titles, including “free” utilities and pirated software.

Read more

Massive Losses Define Epidemic of ‘Pig Butchering’

Credit to Author: BrianKrebs| Date: Thu, 21 Jul 2022 16:35:28 +0000

U.S. state and federal investigators are being inundated with reports from people who’ve lost hundreds of thousands or millions of dollars in connection with a complex investment scam known as “pig butchering,” wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.

Read more

A Deep Dive Into the Residential Proxy Service ‘911’

Credit to Author: BrianKrebs| Date: Mon, 18 Jul 2022 16:11:12 +0000

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route malicious traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. The proxy service says its network is made up entirely of users who voluntarily install the proxy software. But new research shows 911 has a long history of purchasing installations via shady “pay-per-install” affiliate marketing schemes, some of which 911 operated on its own.

Read more

Experian, You Have Some Explaining to Do

Credit to Author: BrianKrebs| Date: Mon, 11 Jul 2022 04:07:15 +0000

Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email address.

Read more

The Link Between AWM Proxy & the Glupteba Botnet

Credit to Author: BrianKrebs| Date: Tue, 28 Jun 2022 18:33:31 +0000

On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google.

Read more

KrebsOnSecurity in New Netflix Series on Cybercrime

Credit to Author: BrianKrebs| Date: Tue, 07 Jun 2022 14:58:56 +0000

Netflix has a new documentary series airing next week — “Web of Make Believe: Death, Lies & the Internet” — in which Yours Truly apparently has a decent amount of screen time. The debut episode explores the far-too-common harassment tactic of “swatting” — wherein fake bomb threats or hostage situations are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.

Read more

Fighting Fake EDRs With ‘Credit Ratings’ for Police

Credit to Author: BrianKrebs| Date: Wed, 27 Apr 2022 14:27:35 +0000

When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.

Read more

RaidForums Gets Raided, Alleged Admin Arrested

Credit to Author: BrianKrebs| Date: Tue, 12 Apr 2022 17:29:33 +0000

The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015. The DOJ also charged the alleged administrator of RaidForums — 21-year-old Diogo Santos Coelho, of Portugal — with six criminal counts, including conspiracy, access device fraud and aggravated identity theft.

Read more

Double-Your-Crypto Scams Share Crypto Scam Host

Credit to Author: BrianKrebs| Date: Mon, 11 Apr 2022 15:26:40 +0000

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. Here’s a closer look at hundreds of phony crypto investment schemes that are all connected through a hosting provider which caters to people running crypto scams.

Read more

Actions Target Russian Govt. Botnet, Hydra Dark Market

Credit to Author: BrianKrebs| Date: Thu, 07 Apr 2022 22:03:45 +0000

The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “Hydra,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups.

Read more