Feeds

Crooks try to besmirch CastleCops with fraudulent donations

Take that

Choosing a cloud hosting partner with confidence

Miscreants are making fraudulent donations to CastleCops in a bid to discredit the volunteer security community.

Stolen credit card details are being used to fund PayPal accounts from which the fraudulent donations are made. CastleCops' work has made it a bête noire for black hats. As a result, its site is regularly subjected to denial of service attacks.

CastleCops has posted a note explaining that it has nothing to do with the fraudulent transactions.

Security observers reckon the switch of tactics - from flooding CastleCops' website to making fraudulent donations - could misfire against its perpetrators.

"If their purpose was to discredit the organisation in this way, then they appear to have been rather naïve. Perhaps, more importantly, they have unintentionally indicated their level of maturity and understanding of how people really perceive this threat," writes Gunter Ollmann, of IBM's ISS security division.

"I believe that the net result of their actions has been to strengthen outsiders' perception of CastleCops, and to publicly validate that more work needs to be done to make the internet a safer place."

The victims of credit card fraud stemming from the attack are more likely to blame fraudsters than CastleCops, he adds.

The use of fraudulent donations to charity sites is becoming more commonplace as a way for fraudsters to discover which card details are valid. A list of credit card details purchased on the black market is likely to include out of date records.

Online donation sites make the process of sorting the wheat from the chaff far more straightforward. Fraudsters avoid the need to bother dealing with shopping carts and inventory lookups when conducting transactions with such sites, which are built to deal with hundreds of card transactions per second. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.