Articles about Cybercrime

Headshot of Trojan horse

Banking trojan scourge gallops on, despite more fences

RSA 2015 Banking botnets persist as a threat despite recent high-profile takedowns which only achieve a temporary calming effect, according to a new study from Dell SecureWorks. Between mid-2014 and early 2015, coordinated efforts involving law enforcement and private-sector industry disrupted three of the most active banking botnets ( …
John Leyden, 23 Apr 2015

Pentagon 'network intruder', dozens more cuffed in British cops' cyber 'strike week'

A "strike week" against suspected hackers by the UK's National Crime Agency has resulted in 57 arrests. Those arrested are suspected of being involved in a wide variety of cybercrimes such as fraud and virus writing. The suspects – arrested in 25 operations across the UK – face charges including network intrusion and data theft …
John Leyden, 06 Mar 2015
teslacrypt

Hi! You've reached TeslaCrypt ransomware customer support. How may we fleece you?

The TeslaCrypt ransomware gang raked in $76,500 in around 10 weeks, according to new research into the scam. TeslaCrypt, which was distributed through the widely-used Angler browser exploit kit, was first spotted in February 2015 by security researchers at Dell SecureWorks. After encrypting popular file types on compromised …
John Leyden, 20 May 2015
The Register breaking news

Auction fraud complaints prop up declining US cybercrime reports

US complaints about internet fraud dropped 10 per cent last year. The Internet Crime Complaint Center (IC3) fielded 303,809 reports of cybercrime in 2010, down from 336,655. The agency – maintained by staff from by the FBI and the National White Collar Crime Center – said the reduced figures were still the second highest in its …
John Leyden, 25 Feb 2011
The Register breaking news

ZeuS cybercrime cookbook on sale in underground forums

Cybercrooks are offering what purports to be source code for the infamous ZeuS cybercrime toolkit through underground forums. The would-be seller, nicknamed IOO, has lent credibility to the offer by including screenshots of what appears to be portions of the source code for ZeuS to his sales pitch. IOO offers to discuss the sale …
John Leyden, 23 Mar 2011

Ashley Madison invites red-faced cheats to bolt stable door for free

Adulterous hook-up site Ashley Madison is allowing all members to fully delete their profiles without charge in the aftermath of a serious data breach that threatens the site' future. Previously, if users wanted to delete their records (profile, pictures and messages sent through the system) they were obliged to pay around $20 …
John Leyden, 21 Jul 2015
The Register breaking news

EU plans IP address snatch to battle cybercrime

An international cybercrime centre will be able to revoke domain names and IP addresses under new proposals by European governments. The EU Council of Ministers announced the plan yesterday. They want a new body, possibly based at Europol, the EU police agency, to take on an array of tasks to combat cybercrime. The most eye- …
The Register breaking news

Report: Hacking forum is a cybercrime academy

Certain underground hacking forums are acting as training academies and tech-support networks for cybercriminals as well as creating a marketplace for a vast array of cybercrime tools, say researchers. Database security firm Imperva has been keeping close tabs on an unnamed hacking message board with nearly 220,000 registered …
John Leyden, 19 Oct 2011
france

France enacts law to block terror and child sexual abuse sites

France has moved to implement the Internet-blocking regime that became law in October 2014 as part of a suite of anti-terrorism legislation. The 2014 law allowed administrative orders blocking sites hosting child pornography content, or advocating acts of terrorism. The law has now been gazetted, here, meaning it can now be …
The Register breaking news

Teen cybercrime forum boss jailed

A UK teenager who ran a prolific cybercrime forum from home has been jailed for five years. Nick Webber, 19, maintained the Ghostmarket.net market which boasted 8,000 memberships and facilitated a range of crimes including the sale of stolen credit card and personal details. Police recovered the details of thousands of credit …
John Leyden, 03 Mar 2011
The Register breaking news

Scotland Yard cuffs teens for role in cybercrime forum

Two teenagers have been arrested for their alleged involvement in the world's largest English-language cybercrime forum. The pair were detained by appointment in central London on Wednesday by the Police Central e-Crime Unit (PCeU), a national unit based at Scotland Yard. An eight-month investigation into the forum, which hasn' …

Dyre times ahead: Zeus-style trojan slurps your banking login creds

UK users of Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank and Santander are being targeted by cybercrooks slinging the Dyre banking trojan. Around 19,000 malicious emails have been sent in three days from spam servers worldwide, inviting users to download an archive containing a malicious .exe file posing as personal …
John Leyden, 08 Jul 2015
The Register breaking news

Symantec and Snoop Dogg launch cybercrime rap contest

Symantec has teamed up with rapper Snoop Dogg to launch a cybercrime rap contest. Participants are invited to bust some rhymes on the subject of malware, hacking and botnets for the chance to win an all expenses paid trip to LA to attend a Snoop gig and meet his people, if not the rapper himself. Winners get a Toshiba laptop …
John Leyden, 02 Sep 2010
The Register breaking news

Cybercrime talks end in failure

Plans to ratify an updated version of a global treaty against cybercrime have failed. Negotiations on modifying the Budapest Convention on Cybercrime to take into account third world objections and the move to cloud computing floundered after delegates attending an international conference in Brazil last week failed to reach an …
John Leyden, 22 Apr 2010
steam_dota_character_648

Unable to log on to online games? Blame cheap-rate DDoSers

Running botnets-for-hire to mount DDoS attacks has become cheaper and easier than ever, according to a new research. Imperva Incapsula reckons botnet-for-hire services might be acquired for for as little $19.99 per month, via underground forums and payable in Bitcoins. Short, single-vector attacks associated with botnet-for-hire …
John Leyden, 10 Jun 2015
Archer cracks the ISIS mainframe's password

Webmail password reset scam lays groundwork for serious aggro

Symantec has warned about a new password recovery scam that tricks users into handing over webmail account access, possibly setting the stage for more serious security issues. Crooks behind the social engineering ruse need only knowledge of a prospective mark’s email address and associated mobile phone number before attempting …
John Leyden, 19 Jun 2015
The Register breaking news

German cybercrime forum hacked

An underground cybercrime forum has been hacked, with once walled-off information uploaded onto file-sharing networks. The attack on German e-crime site Carders.cc has led to the wider disclosure of stolen credit card details and passwords from victims along with data on the forum's criminal denizens. A database file containing …
John Leyden, 19 May 2010
Flytrap

Use home networking kit? DDoS bot is BACK... and it has EVOLVED

A router-to-router bot first detected two years ago has evolved - and now has the capability to reconfigure the firewalls of its victims. The Lightaidra malware captured by security researcher TimelessP (@TimelessP) is an IRC-based mass router scanner/exploiter that's rare because it spreads through consumer network devices …
John Leyden, 09 Sep 2014
The Register breaking news

Bank insiders charged in ZeuS cybercrime smackdown

Six corrupt bank insiders turned ZeuS money mule suspects have been arrested in Moldova. All half dozen of the suspects worked in local banks in the east European country. Investigators reckon the suspects specialised in laundering Western Union and MoneyGram payments received from co-conspirators in the West that can ultimately …
John Leyden, 08 Nov 2010

Carders offer malware with the human touch to defeat fraud detection

A new cybercrime tool promises to use credit card numbers in a more human way that is less likely to attract the attention of fraud-detection systems, and therefore be more lucrative for those who seek to profit from events like the Target breach. The "Voxis Platform" is billed as "advanced cash out software" that promises to …
Darren Pauli, 30 Oct 2014

Nice SECURITY, 'Lizard Squad'. Your DDoS-for-hire service LEAKS

A DDoS-for-hire service purportedly set up by the Lizard Squad hacking crew exposes registered users' login credentials. The LizardStresser DDoS-on-demand service – a booter service powered by hacked home routers – is hopelessly insecure. Details of more than 14,000 prospective users - whose passwords and usernames were …
John Leyden, 19 Jan 2015

Not your father's spam: Trojan slingers attach badness to attachment WITHIN attachment

Cybercrooks are upping the ante by loading malware as an attachment inside another attachment in a bid to slip past security defences. A new variant of the Upatre Trojan comes bundled in spammed messages that imitate emails from known banks such as Lloyds Bank and Wells Fargo. The .MSG file of the malicious emails contains …
John Leyden, 08 Apr 2014
The Register breaking news

Cybercrime figures 'as true as sexual-conquest scores'

Microsoft researchers have rubbished figures from cyber-crime surveys, deeming them subject to the types of distortions that have long bedevilled sex surveys. It's well enough established that men claim to have more female sexual partners in sex surveys than women claim male partners, a discrepancy that can't be explained by …
John Leyden, 09 Jun 2011
Headshot of Trojan horse

Fareit trojan pwns punters with devious DNS devilry

DNS tricks used by the Fareit trojan mean users are tricked into downloading malware, seemingly from Google or Facebook The latest variants of Fareit are infecting systems via malicious DNS servers, Finnish security firm F-Secure warns. These servers push bogus Flash updates that actually come packed with malicious code, as a …
John Leyden, 06 Mar 2015
The Register breaking news

Alleged Muscovite cybercrime daddy hauled in to face US court

A suspected Russian cyber-crook has arrived in the US to face charges of security fraud, computer hacking and ID theft following his deportation from Switzerland. Vladimir Zdorovenin, 54, of Moscow, Russia, is alleged to have masterminded a series of credit card theft and stock manipulation scams in conjunction with his son, …
John Leyden, 18 Jan 2012

Possible Lizard Squad members claim hack of Oz travel insurer

Nearly 900,000 client records including names, addresses, and phone numbers have been stolen from travel insurer Aussie Travel Cover by a suspected member of the Lizard Squad hacking crew. The hacker released databases including those detailing customer policies and travel dates along with a list of partial credit card …
Darren Pauli, 20 Jan 2015
Disney's Beagle Boys

ID-stealing scammers had a bumper start to the year, reveals report

Incidences of identity fraud in the UK rose by more than 25 per cent in the first quarter of 2015, a new report has revealed. In total, 34,151 confirmed instances of identity fraud were recorded in the first quarter of 2015, a 27 per cent increase from Q1 2014. Identity fraud is when criminals abuse personal data to impersonate …
John Leyden, 27 May 2015
michael_oleary_ryanair_650

Ryanair stung after $5m Shanghai'd from online fuel account

Budget airline Ryanair has fallen victim to a $5m hacking scam. Crooks siphoned off money from an account earmarked for the payment of fuel bills via an electronic transfer to a bank in China last week. The transfer was subsequently blocked, but the funds – earmarked to pay for aviation fuel for Ryanair's 400-plus Boeing 737-800 …
John Leyden, 30 Apr 2015
The Register breaking news

UK.gov revamps cybercrime strategy

The government has announced a modest revamp of its strategy for fighting cybercrime. In a low-key statement to the House of Commons on Tuesday, junior Home Office minister Alan Campbell said the strategy aimed to build confidence in the provision of (government and private sector) services via the internet, tackle financial …
John Leyden, 31 Mar 2010
The Queen Mother by Phil Houghton

Sony-blasting Lizard Squad suspects quizzed by UK and Finnish cops

UK police have arrested a suspected member of the infamous Lizard Squad crew. The 22-year-old from Twickenham, south-west London, was arrested by police on Tuesday, and questioned about alleged fraud against PayPal as well as claims he is reportedly linked to Lizard Squad – a group of cyber-miscreants who made headlines …
John Leyden, 02 Jan 2015
Files

UK banks hook themselves up to real-time cop data feed

UK banks will receive real-time warnings about threats to their customers' accounts as well as the overall integrity of their banking systems from a new financial crime alert system. Financial Crime Alerts Service (FCAS), which is being rolled out by banking industry association BBA, is designed to allow financial crime …
John Leyden, 23 Sep 2014
grand_theft_auto_v_gta_5_648

Screech! Grand Theft Auto V malware mods warning

Cybercrooks are cooking up malware disguised as mods for the Grand Theft Auto V video game. GTA V allows players to modify their gaming environment with "mods" (modifications). It's all been good fun, but recently two of the mods – "Angry Planes" and "No Clip" – have generated warnings on forums frequented by fans of the game. …
John Leyden, 18 May 2015
Shaun of the dead zombies cricket bat movie still. Copyright Universal Pictures

Finnish bank takes cricket bat to wave after wave of DDoS varmints

Finnish bank OP is continuing to fight off a cascading series of distributed denial of service (DDoS) attacks that began on New Year's Eve. OP was forced to restrict access to its services from outside the Nordic country as a result of the attack. The motive for the attack, much less the perpetrators' identity, remain unclear. …
John Leyden, 05 Jan 2015
Blackmail

Ashley Madison hack: Site for people who can't be trusted can't be trusted

Ashley Madison, a popular website for married people wishing to cheat on their other halves, has been hacked with obviously serious implications for those whose details it held. Previously unknown hacking group The Impact Team posted online caches of personal data stolen from the website, whose motto is "Life is short. Have an …
John Leyden, 20 Jul 2015
The Register breaking news

Plug pulled Latvian cybercrime hub

Upstream providers have pulled the plug on Latvian ISP Real Host over allegations it maintained cybercrime servers linked to the Zeus botnet. Real Host was disconnected by its upstream provider, Junik, on Monday, after TeliaSonera told Junik to either cut the juice or face sanctions itself, according to reports by the FT and …
John Leyden, 05 Aug 2009
The Register breaking news

Senate bill seeks crack down on cybercrime havens

Foreign countries that turn a blind eye to cybercrime would lose US financial assistance and resources under a bill introduced Tuesday in the Senate. The International Cybercrime Reporting and Cooperation Act would require the President to identify "countries of cyber concern" and to plot a course to help each one get tougher …
Dan Goodin, 23 Mar 2010
Abbott and Costello dressed as policemen

NYPD cop in court for allegedly hacking into the FBI

A New York City Police Department auxiliary deputy inspector faces charges of hacking into a restricted NYPD computer and other law enforcement databases, including a system maintained by the FBI. Yehuda Katz, 45, of Brooklyn, New York, allegedly used the databases to obtain information about local traffic accident victims …
John Leyden, 20 Mar 2015

Report links alleged US, Israeli cybercrims with JPMorgan MEGAHACK

Federal authorities in America have charged five men who are being indirectly connected with the attack and data breach at JPMorgan Chase last summer, after the global bank, with total assets of $2.6tn, lost the contact data for millions of customers. The attack now appears to have been sourcing targets for a fraudulent …

Heart of Darkness: Mass of clone scam sites appear

Security watchers are warning about a fresh wave of cloned sites on the TOR network, evidence that cybercrooks are setting themselves up to fleece other ne'er-do-well on the so-called dark web. The latest attack of the clones marks the reappearance of an issue that cropped up before. For example, during Operation Ononymous, …
John Leyden, 07 Jul 2015

Nigerian prince swaps the sweet talk for keyloggers and exploits

Nigerian 419 scammers have taken to the crime-as-a-service model using cash to plug their technical capability shortfalls to build malware campaigns that could be making millions, according to FireEye researchers. Erye Hernandez, Daniel Regalado and Nart Villeneuv said that scammers, notorious for their attempts to fleece the …
Darren Pauli, 22 Jul 2015
Man in an orange jumpsuit clutches prison bars. Image by Shutterstock

Cuffing darknet-dwelling cyberscum is tricky. We'll 'disrupt' crims instead, warns top cop

Europe's top cyber-cop has called for a shift in focus from the prosecution of online crims to the disruption of their activities. This comes as crooks increasingly make use of the darknet – private peer-to-peer networks such as Tor – to stay hidden and anonymous; cops find it difficult to work out suspects' true identities and …
John Leyden, 29 Apr 2014
Meme of a dog "typing" at a computer, with the large font phrase "I have no idea what I'm doing' above him.

It's official: David Brents are the weakest link in phishing attacks

Middle management are increasingly becoming the focus of phishing attacks, according to a new study. Managers received more malicious emails and doubled their click rates year-on-year, according to a study by security company ProofPoint. Senior staff seemed more clued up about dodgy emails, meaning managers and staff clicked on …
John Leyden, 22 Apr 2015
The Register breaking news

Cybercrime police's budget slashed by 30%

Exclusive The national police unit responsible for fighting cybercrime faces a deep cut to its already stretched budget, counter to pre-election talk of an increased focus on the UK's digital security. According to senior Westminster sources, the coalition government has quietly and drastically trimmed the £3.5m that the Police Central …

Home routers co-opted into self-sustaining DDoS botnet

Hackers have established "self-sustaining" botnets of poorly secured routers, according to DDoS mitigation firm Incapsula. The hijacked routers – located mostly in Thailand and Brazil – were easy pickings for hackers because of the use of factory-default usernames and passwords. Knowledge of these login credentials allowed …
John Leyden, 13 May 2015

Brit teen who unleashed 'biggest ever distributed denial-of-service blast' walks free from court

An 18-year-old Brit dubbed a hacker-for-hire has been spared jail after launching crippling denial-of-service attacks against anti-spam outfit Spamhaus. At one point, the assault in early 2013 reached 300Gbps, somewhat straining the London Internet Exchange (LINX) and other interconnects. Seth Nolan-Mcdonagh, of Stockwell, …
John Leyden, 10 Jul 2015
The Register breaking news

EU mulls new central cybercrime agency

The European Commission will investigate the establishment of a new EU agency to tackle cybercrime. The new agency could be part of Europol, EU ministers have said. The Council of Ministers has asked the Commission to look at its agreed set of cybercrime objectives and investigate whether a new, centralised agency is a better …
OUT-LAW.COM, 29 Apr 2010
The Register breaking news

Police confirm cybercrime budget cut

The Metropolitan Police have confirmed their budget for battling cybercrime nationally has been slashed by the Home Office. The Register revealed on Friday that central government funding for the Police Central eCrime Unit (PCeU) had been quietly cut by 30 per cent. A spokeswoman for the Met said the PCeU had been targeted as …
homeless man with sign

Met chief fears Brit cybercrime gangs

Britain's most senior police officer has raised fears that home-grown organised gangs are waking up to the low risks and high rewards of cybercrime. Sir Paul Stephenson, Commissioner of the Metropolitan Police, issued the warning in a Sunday newspaper article highlighting the importance of specialist officers. Debate around …

Two in five Brits cough up for CryptoLocker ransomware's demands

Around two in five people who fall victim to CryptoLocker have agreed to pay a ransom of around £300 to recover their files, according to a survey of victims. Researchers from the University of Kent quizzed a total of 48 people who had been affected by CryptoLocker. Of the sample, 17 said they paid the ransom and 31 said they …
John Leyden, 28 Feb 2014

Carders punch holes through Staples

US office giant Staples is investigating a possible credit and debit card breach of its Northeastern stores. Evidence for the hack, reported by cybercrime and prolific breach blower Brian Krebs, is apparently based on a dozen fraud monitor sources within different US banks. Staples has contacted police and said it was …
Darren Pauli, 21 Oct 2014