A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Credit to Author: BrianKrebs| Date: Mon, 18 Feb 2019 13:51:01 +0000

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy. This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers.

Read more

Got Robocalled? Don’t Get Mad; Get Busy.

Credit to Author: BrianKrebs| Date: Sun, 25 Jun 2017 15:24:16 +0000

Several times a week my cell phone receives the telephonic equivalent of spam: A robocall. On each occasion the call seems to come from a local number, but when I answer there is that telltale pause followed by an automated voice pitching some product or service. So when I heard from a reader who chose to hang on the line and see where one of these robocalls led him, I decided to dig deeper. This is the story of that investigation. Hopefully, it will inspire readers to do their own digging and help bury this annoying and intrusive practice.

Read more

Inside a Porn-Pimping Spam Botnet

Credit to Author: BrianKrebs| Date: Thu, 15 Jun 2017 14:35:27 +0000

For several months I’ve been poking at a decent-sized spam botnet that appears to be used mainly for promoting adult dating sites. Having hit a wall in my research, I decided it might be good to publish what I’ve unearthed so far to see if this dovetails with any other research out there. In late October 2016, an anonymous source shared with KrebsOnSecurity.com a list of nearly 100 URLs that — when loaded into a Firefox browser — each displayed what appeared to be a crude but otherwise effective “counter” designed to report in real time how many “bots” were reporting in for duty. Here’s a set of archived screenshots of those counters illustrating how these various botnet controllers keep a running tab of how many “activebots” — hacked servers set up to relay spam — are sitting idly by and waiting for instructions.

Read more

Tracing Spam: Diet Pills from Beltway Bandits

Credit to Author: BrianKrebs| Date: Wed, 19 Apr 2017 18:56:10 +0000

Reading junk spam messages isn’t exactly my idea of a good time, but sometimes fun can be had when you take a moment to check who really sent the email. Here’s the simple story of how a recent spam email advertising celebrity “diet pills” was traced back to a Washington, D.C.-area defense contractor that builds tactical communications systems for the U.S. military and intelligence communities.

Read more

Who Ran Leakedsource.com?

Credit to Author: BrianKrebs| Date: Wed, 15 Feb 2017 18:03:06 +0000

Late last month, multiple news outlets reported that unspecified law enforcement officials had seized the servers for Leakedsource.com, perhaps the largest online collection of usernames and passwords leaked or stolen in some of the worst data breaches — including billions of credentials for accounts at top sites like LinkedIn, Myspace, and Yahoo. In a development that may turn out to be deeply ironic, it seems that the real-life identity of Leakedsource’s principal owner may have been exposed by many of the same stolen databases he’s been peddling.

Read more