Feeds

Crooks try to besmirch CastleCops with fraudulent donations

Take that

Secure remote control for conventional and virtual desktops

Miscreants are making fraudulent donations to CastleCops in a bid to discredit the volunteer security community.

Stolen credit card details are being used to fund PayPal accounts from which the fraudulent donations are made. CastleCops' work has made it a bête noire for black hats. As a result, its site is regularly subjected to denial of service attacks.

CastleCops has posted a note explaining that it has nothing to do with the fraudulent transactions.

Security observers reckon the switch of tactics - from flooding CastleCops' website to making fraudulent donations - could misfire against its perpetrators.

"If their purpose was to discredit the organisation in this way, then they appear to have been rather naïve. Perhaps, more importantly, they have unintentionally indicated their level of maturity and understanding of how people really perceive this threat," writes Gunter Ollmann, of IBM's ISS security division.

"I believe that the net result of their actions has been to strengthen outsiders' perception of CastleCops, and to publicly validate that more work needs to be done to make the internet a safer place."

The victims of credit card fraud stemming from the attack are more likely to blame fraudsters than CastleCops, he adds.

The use of fraudulent donations to charity sites is becoming more commonplace as a way for fraudsters to discover which card details are valid. A list of credit card details purchased on the black market is likely to include out of date records.

Online donation sites make the process of sorting the wheat from the chaff far more straightforward. Fraudsters avoid the need to bother dealing with shopping carts and inventory lookups when conducting transactions with such sites, which are built to deal with hundreds of card transactions per second. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.