The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: cybercriminals

Russian Pleads Guilty to Running 'CardPlanet' to Sell Stolen Credit Cards

Russian Pleads Guilty to Running 'CardPlanet' to Sell Stolen Credit Cards
January 24, 2020Swati Khandelwal
Image credit: Times of Israel. Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud. The first website Burkov operated was an online marketplace for buying and selling stolen credit card and debit card numbers—called Cardplanet —which roughly hosted 150,000 payment card details between the years 2009 and 2013. Cardplanet marketplace offered stolen payment card details for anywhere between $2.50 and $10 a card, depending on the card type, country of origin, and the availability of card owner information. The carding website even offered a paid service that allowed buyers to instantly verify if a stolen payment card were still valid. "Many of the cards offered for sale belonged to U.S. citizens. The stolen credit card data from more than 150,000 compromised payment cards was allegedly sold on Burkov's site and

Hacker Ordered to Pay Back Nearly £1 Million to Phishing Victims

Hacker Ordered to Pay Back Nearly £1 Million to Phishing Victims
August 23, 2019Wang Wei
A prolific hacker who carried out phishing scams against hundreds of companies worldwide has been ordered to pay back more than $1.1 million (over £922,000) worth of cryptocurrencies to his victims. Grant West , a 27-year-old resident of Kent, England, targeted several well-known companies around the world since 2015 to obtain the financial data of tens of thousands of customers and then sold that data on underground forums in exchange for Bitcoins or other cryptocurrencies. West, who operated under the online moniker of 'Courvoisier,' stashed the resulting cryptocurrencies in multiple accounts and wallets, which was confiscated by the Metropolitan police after West's arrest in September 2017 following a two-year-long investigation code-named ' Operation Draba .' Metropolitan Police Cyber Crime Unit (MPCCU) also seized an SD card from West's home, which contained approximately 78 million individual usernames and passwords as well as 63,000 credit and de

Europol Shuts Down Two Major Illegal 'Dark Web' Trading Platforms

Europol Shuts Down Two Major Illegal 'Dark Web' Trading Platforms
May 03, 2019Wang Wei
Europol announced the shut down of two prolific dark web marketplaces— Wall Street Market and Silkkitie (also known as Valhalla)—in simultaneous global operations against underground websites for trading drugs, stolen credit card numbers, malicious software, and other illegal goods. Police in western Germany has also arrested three men who were allegedly running Wall Street Market, the world's second largest dark marketplace with more than a million users and 5,400 vendors. Besides this, the operation involving Europol , Dutch police and the FBI also led to the arrests of two major suppliers of narcotics via the Wall Street Market site in Los Angeles, the United States. According to the Europol, the police officers seized the computers used to run the illegal market place, along with more than €550 000 (£472,000 or $621,000) in cash, more than €1 Million in Bitcoin and Monero cryptocurrencies, expensive cars, and other evidence. In a press release published today, Eu

Suspected 'Big Bitcoin Heist' Mastermind Fled to Sweden On Icelandic PM's Plane

Suspected 'Big Bitcoin Heist' Mastermind Fled to Sweden On Icelandic PM's Plane
April 18, 2018Swati Khandelwal
Remember the " Big bitcoin heist " we reported last month when a group of thieves stole around 600 powerful bitcoin mining devices from Icelandic data centers? Icelandic Police had arrested 11 suspects as part of the investigation, one of which has escaped from prison and fled to Sweden on a passenger plane reportedly also carrying the Icelandic prime minister Katrin Jakobsdottir. Sindri Thor Stefansson , who is suspected of masterminding the whole theft of almost $2 million worth of cryptocurrency-mining equipment, traveled under a passport of someone else but identified through surveillance footage. Stefansson had recently been transferred to a low-security Sogn prison, located in rural southern Iceland (just 59 miles away from Iceland's international airport in Keflavik), from where he escaped through a window early Tuesday and boarded the flight to Sweden. Prime minister Jakobsdottir was on her way to Sweden to take part in India-Nordic Summit and meet Indi

How Hackers Cash Out Thousands of Bitcoins Received in Ransomware Attacks

How Hackers Cash Out Thousands of Bitcoins Received in Ransomware Attacks
July 28, 2017Swati Khandelwal
Digital currencies have emerged as a favourite tool for hackers and cyber criminals, as digital currency transactions are nearly anonymous, allowing cyber criminals to use it in underground markets for illegal trading, and to receive thousands of dollars in ransomware attacks— WannaCry , Petya , LeakerLocker , Locky and Cerber to name a few. Also, every other day we hear about some incidents of hacking of crypto currency exchange or digital wallets, in which hackers stole millions of dollars in Bitcoin or Ethereum. The latest back-to-back series of thefts of Ethereum —one of the most popular and increasingly valuable cryptocurrencies—in which around half a billion dollars in total were stolen is the recent example of how much hackers are after crypto currencies. It's obvious that after ripping off hundreds of thousands of cryptocurrencies from exchanges, wallets and ransomware victims, cyber criminals would not hold them in just digital form—the next step is to cash the

Bitcoin Exchange Operator Arrested For $4 Billion Money Laundering Scheme

Bitcoin Exchange Operator Arrested For $4 Billion Money Laundering Scheme
July 27, 2017Mohit Kumar
Greek  police have arrested a Russian man who is believed to have been the operator of the popular BTC-e Bitcoin exchange on charges of laundering more than $4 billion in bitcoin for culprits involved in hacking attacks, tax fraud and drug trafficking. A United States jury indicted 38-year-old Alexander Vinnik on Wednesday after his arrest in Greece on Tuesday at the request of US law enforcement authorities. The suspect is one of the operators of BTC-e, a service operational since 2011. Headquartered in Russia, the digital currency exchange has been offline since the arrest of Vinnik, and its homepage says, "Site is under maintenance. We apologize for the inconvenience.." According to a press release published by the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN), BTC-e ignored "know your customer" laws in an effort to serve criminals, and even hosted message boards buzzing with illegal activities. The FinCEN also announced a $110

Billion-Dollar Hacker Gang Now Using Google Services to Control Its Banking Malware

Billion-Dollar Hacker Gang Now Using Google Services to Control Its Banking Malware
January 19, 2017Mohit Kumar
Carbanak – One of the most successful cybercriminal gangs ever that's known for the theft of one billion dollars from over 100 banks across 30 countries back in 2015 – is back with a BANG! The Carbanak cyber gang has been found abusing various Google services to issue command and control (C&C) communications for monitoring and controlling the machines of unsuspecting malware victims. Forcepoint Security Labs researchers said Tuesday that while investigating an active exploit sent in phishing messages as an RTF attachment, they discovered that the Carbanak group has been hiding in plain site by using Google services for command and control. "The Carbanak actors continue to look for stealth techniques to evade detection," Forcepoint's senior security researcher Nicholas Griffin said in a blog post . "Using Google as an independent C&C channel is likely to be more successful than using newly created domains or domains with no reputation." Th

CryptoWall Ransomware raised $325 Million in Revenue for Its Developer

CryptoWall Ransomware raised $325 Million in Revenue for Its Developer
October 30, 2015Mohit Kumar
The Creators of the notorious CryptoWall ransomware virus have managed to raise more than $325 million (£212 million) in this past year alone. Ransomware has emerged as one of the biggest cyber threats to web users in recent times. Typically, hackers primarily gain access to a user's computer system using a ransomware malware, which encrypts all files with a strong cryptographic algorithm, and demand a ransom money to be paid in Bitcoin, typically between $200 and $10,000. In June 2014, researchers first discovered the CryptoWall ransomware attack, and currently, the latest CryptoWall version 3.0 (CW3) is the most sophisticated and complex family of this malware backed by a very robust back-end infrastructure. Must Read:   FBI Suggests Ransomware Victims — 'Just Pay the Ransom Money' According to the latest report  ( pdf ) published by Cyber Threat Alliance (CTA) , an industry group formed last year to study emerging threats, researchers have disco

'The Home Depot' Data Breach Put 56 Million Payment Cards at Risk

'The Home Depot' Data Breach Put 56 Million Payment Cards at Risk
September 19, 2014Wang Wei
Home Depot , the nation's largest home improvement retailer, announced on Thursday that a total of 56 million unique payment cards were likely compromised in a data breach at its stores, suggesting that the data breach on Home improvement chain was larger than the Target data breach that occurred last year during Christmas holidays. The data theft occurred between April and September at Home Depot stores in both the United States and Canada, but the confirmation comes less than a week after the retailer first disclosed the possibility of a breach. " We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges, " Home Depot CEO Frank Blake said in a statement. " From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so. " It is believe that the cybercriminals successfully compromised the

Russians selling access to private company servers in just $4

Russians selling access to private company servers in just $4
October 22, 2012Mohit Kumar
We have already seen vulnerability in Remote Desktop Protocol (RDP) is a potential dangers of desktop remote-access tools commonly used by IT departments to handle help-desk issues and by administrators to manage virtualized machines. According to reports from krebsonsecurity, A Russian company called " dedicated express " ( Dedicatexpress.com ) is selling access to private company servers for as little as $4. Cyber criminals have hacked around 17,000 computers worldwide using such insecure applications in server and selling them in underground markets. Although almost 300,000 compromised systems have passed through this service since its inception in early 2010. New customers who contact the service's owner via instant message and pay a $20 registration fee via WebMoney, a virtual currency. The price of any hacked server is calculated based on several qualities, including the speed of its processor and the number of processor cores, the machine's download and up

Spam campaign tricking thousands with shortened .gov URLs

Spam campaign tricking thousands with shortened .gov URLs
October 21, 2012Mohit Kumar
Symantec has reported an increase in spam messages containing .gov URLs. Cybercriminals are using 1.usa.gov links in their spam campaigns to trick users into thinking the links lead to genuine US government Web sites. Spammers have created these shortened URLs through a loophole in the URL shortening service provided by bit.ly. USA.gov and bit.ly have collaborated, enabling anyone to shorten a .gov or .mil URL into a trustworthy 1.usa.gov URL. The click rate of the campaign has been significant, redirecting more than 16,000 victims over a five day period to a malicious website designed to look like a CNBC news article pushing several work from home scams. According to researchers from security firm Symantec , they simply leveraged an open-redirect vulnerability present on the official government site of Vermont (Vermont.gov) . Therefore, something like 1.usa.gov/…/Rxpfn9 takes you to labor.vermont.gov/LinkClick.aspx?link=[spam site] which then redirects you to the sp

15000 Wordpress blogs hacked for making money from Survey

15000 Wordpress blogs hacked for making money from Survey
October 16, 2012Mohit Kumar
Wordpress Security Team is sending out warning messages to thousands of wordpress users that their account has been compromised recently. Warning message include " We recently detected suspicious activity on your WordPress.com account. To protect your identity and keep your site safe, we've reset your password. " Message continue " To reset your password and get access to your account and blog, please visit WordPress.com. Click on "Forgot password?" in the Login toolbar to get started. It is very important that your password be unique because using the same password across different web applications increases the risk of your account being hacked. " Note: Wordpress officially has not announce yet any security breach news on their website, but these warning mails are silently received by compromised account holders. Method of hack is still not confirmed. But hacking 15000 blogs from wordpress server and posting same article on all sites most obvious can

Think Like a Hacker for Better Security

Think Like a Hacker for Better Security
October 15, 2012Mohit Kumar
Computer hacking is truly an epidemic. It's not enough to apply the latest patches to your servers and workstations or otherwise defend yourself reactively. If you're in charge of your network's security, you must understand how hackers minds work and what tools they're using for their attacks.  Also one of the best ways to protect yourself is to think like a hacker. Evil hackers aren't just a threat to national security. They're a threat to your privacy and even your livelihood. Your personal information? Nothing more than a commodity in their billion-dollar black-market enterprise. There's no product that can prevent hackers from plastering passwords and usernames on the Web. But some white hat hackers are not only chasing these cybercriminals but also thwarting the attacks before they can be launched. Vulnerabilities appear in your environment every day. For example, everyone wants to use their tablet or smart phone to conduct business. A

US authorities : Iranian Hackers are Becoming a Real Pain

US authorities : Iranian Hackers are Becoming a Real Pain
October 14, 2012Mohit Kumar
The U.S. have admitted they believe a series of cyber attacks on domestic banks and some foreign oil companies carried out over the last year are the handy work of a group of hackers linked to the Iranian government. Defence Secretary Leon Panetta said the cyberthreat from Iran has grown, and declared that the Pentagon is prepared to take action if America is threatened by a computer-based assault. The hackers are apparently part of a group of less than 100 computer security specialists from Iranian universities and network security firms, according to an unnamed US government official. American officials have said they are able to discover the source of the recent cyberattacks. We do welcome this and announce our readiness for any international cooperation to find the source of the attacks. The Iranian official said Tehran has already offered help to boost the companies cybersecurity, as Iran has itself recently been the victim of cyberattacks on its offshore oil platforms. The c

FBI Warning : New Malware attacking Android smartphones

FBI Warning : New Malware attacking Android smartphones
October 13, 2012Mohit Kumar
Users should be aware that Cyber criminals are finding new ways to install malicious software on devices. The latest threat to Android phone users, according to the FBI , is a "work-at-home opportunity that promises a profitable payday just for sending out email." The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher .  Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number . FinFisher is a spyware capable of taking over the components of a mobile device. When in

Another Cyber attack Hit Regions Bank and SunTrust

Another Cyber attack Hit Regions Bank and SunTrust
October 11, 2012Mohit Kumar
As warned by Izz ad-Din al-Qassam Cyber Fighters They launched another distributed denial-of-service (DDOS) attack against the website of Regions Financial Corp (regions.com) and SunTrust. The computer attacks burden the bank websites with heavy traffic volume that causes slow service for the sites or makes them completely unavailable. In a Pastebin post dated Oct. 8, the hacktivist group announced the planned Oct. 9 attack against Capital One, the Oct. 10 attack against SunTrust and an Oct. 11 takedown date for Regions Financial Corp and THEY DID IT. SunTrust ( suntrust.com ) spokesman Michael McCoy confirmed SunTrust's site had been hit by an uptick in traffic. "We have seen increased online traffic today and experienced intermittent service availability of some online functions," he said. A couple of days ago, Regions representatives told Fox Business that the organization was aware of the threats. At the time, they claimed they were "taking every mea

Russian Web proxy with backdoors, Distributing malware

Russian Web proxy with backdoors, Distributing malware
October 09, 2012Mohit Kumar
Antivirus company Symantec has detected a malicious campaign in which hackers managed to deceive thousands of people allegedly signed by a paid proxy service. They expose that hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading malware and being ensnared into a botnet. Three months ago, Symantec researchers started an investigation into a piece of malware called Backdoor.Proxybox that has been known since 2010, but has shown increasing activity recently. " The malware is Backdoor.Proxybox, and our investigation has revealed an entire black hat operation, giving us interesting information on the operation and size of this botnet, and leading us to information that may identify the actual malware author ," Symantec. The service - ProxyBox - supposedly provides access to its entire list of thousands of proxies for only $40 a month, which is obviously too cheap a price for the provider to break eve
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.