I Was a Cybercrook for the FBI

I Was a Cybercrook for the FBI: "For 18 tense months, a computer-savvy grifter named David Thomas runs a thriving online crime hub for bank heists, identity theft and counterfeiting, with the FBI paying the bills. Part one of a three-part series by Kim Zetter."

Piége bancaire

Piège bancaire: "Quatre pirates arrété et jugé après avoir fait main basse sur des données de cartes bancaires."

Russian hacker cracks Stock Exchange

Russian hacker cracks Stock Exchange:
The US Securities and Exchange Commission (SEC) has frozen the New York Stock Exchange account of the Russian Evgeniy Gashichev and his company Grand Logistic.

The regulator suspects him of having cracked accounts of other exchange participants in order to manipulate share prices. The US authorities are accusing the Russian of having illegally earned US$354,000 by applying the famous pump-and-dump scheme.

SEC lawyers argue that Gashichev used stolen passwords to access accounts of three leading online brokerage firms - ETrade Securities, TD Ameritrade ¨ Scottrade.

The information he got helped him to manipulate shares of various companies, including small businesses he owned. According to SEC, Gashichev conducted 25 operations with shares of at least 21 companies from Aug., 28th to Oct., 13th, 2006. The case of the Russian hacker is being tried in a court.

TJX's stolen data is being used - 200,000 accounts identified, so far

TJX's stolen data is being used - 200,000 accounts identified, so far: "My guess is that the recent TJX data breach will prove to be the largest on record, and the data is already being used by criminals.

The Boston Globe is reporting:

The Massachusetts Bankers Association said yesterday that several banks reported fraud linked to debit and credit card numbers pilfered from TJX's computer system for unauthorized purchases made in Florida, Georgia, and Louisiana in"

Google Blacklists Phishing Sites and Steals Passwords in the Process

Google Blacklists Phishing Sites and Steals Passwords in the Process: "This morning Legionnaire sent me an email to a post that I thought was worth posting in case anyone else hadn�t seen it. Google is indexing blacklists for it�s anti-phishing technology, but in doing so is stealing usernames and passwords. Bummer! As if it isn�t hard enough to get people to adopt security now people can claim that Google�s built in security is spyware too (not that web accelerator isn�t spyware, but you get my drift).
There is a picture of this issue over on Finjan�s website that shows the accidental logging of the user�s credentials. You can see how Google is doing it, and it�s kinda scary. And the worst part is there really is no good way to insure that they aren�t in there other than either not allowing anything with a username/password pair in the blacklist (which could be used against them) or by trying to strip them out (which again, could be used against them). In these cases I doubt the phishers did anything special with those sites, but that�s not to say they couldn�t. Thanks for the link Legionnaire"

Start-up launches identity theft search service

Start-up launches identity theft search service: "StolenID's service is meant to let people check if their data is being traded online by criminals, but critics say it could be a boon for those same crooks."

Russians target Net bankers

Russians target Net bankers: "InfoSec News: Russians target Net bankers: http://www.thestar.co.za/index.php?fArticleId=3642294
By Lee Rondganger The Star January 24, 2007
A Russian cyber-criminal syndicate, specialising in the development of software to hack into bank accounts, is selling its software to South Africans.
And the banking industry is losing millions. [...]"

Russians attempting the $1 scam

Russians attempting the $1 scam: "��Give me $1 to unsubscribe�
That�s basically what the latest Russian spam says. �Let me get one thing straight for anyone that�s not had their coffee yet. Never pay spammers, ever. All the smart spammers have suckers lists. You have been warned! Etc Etc�
International spam�has been a growing problem for a�long time and with a world-wide network of�spam traps,�we see (and deal with) a lot of local spam. This rather interesting specimen group landed in the lap of a researcher this afternoon because�it was a little out of the ordinary.
Andrey Slabosnickiy from Rostov-on-Don was insightful enough to invite one of our international�spam-traps to unsubscribe from his general database for a buck.�
Take a look at the original
and our English translation.
By providing many ways to make the unsubscribe payment�(Web Money, Yandex, SMS, or Money@Mail.ru) Andrey will be leaving quite a money trail for the local authorities to follow should they wish to do so, though I doubt they will given the state of local anti-spam laws. Shame, we�d be happy to help"

Swedish bank hit by �600K internet fraud

Swedish bank hit by �600K internet fraud: "Swedish bank Nordea has suffered the biggest internet fraud in history after more than eight million kronor (around �576,000) disappeared as a result of tailor-made Trojans launched by Russian criminals. Up to 250 customers at Sweden?s largest bank are thought to have been hit by the attacks, which have taken place over three months. The attack worked by targeting Nordea?s customers, who were asked to download an anti-spam program. Anyone who downloaded the ?raking.zip? or ?raking.exe? files was infected by the ?haxdoor.ki? Trojan."

Blanchiment des capitaux, nouvelle tendance de la cybercriminalité en 2006

Blanchiment des capitaux, nouvelle tendance de la cybercriminalité en 2006: "Les autorités françaises témoignent du recrutement inquiétant de �mules� sur internet. Des intermédiaires qui réceptionnent puis transfèrent des capitaux via leur compte bancaire en ligne."