Friday 29 March 2013

44 Arrested in giant credit card scam

Interpol has arrested 44 members of a globally based gang they suspect is responsible for the theft of 36,000 sets of credit card credentials.

Sometimes I wonder if I’m in the wrong business.

Anyway, these guys had the whole operation under control including malware implementation and the actual construction of card reading devices to be used on ATMs and other point of sale systems. Police believe the gang was based primarily out of Romania.

The gang used the stolen credit cards to make purchases in Argentina, Colombia, the Dominican Republic, Japan, Mexico, South Korea, Sri Lanka, Thailand and the United States.

“This case is another example of excellent police work and flawless cooperation and a proof of the fact that EU law enforcement co-operation continues to improve.” says Troels Oerting, head of the European Cybercrime Centre (EC3) at Europol. [V3]

Operation Pandora-Storm (could that name be more cliché?) involved 400 police officers from about 20 agencies across Europe, North America, and Australia.

Experts estimate the group is responsible for $2.5 million in fraudulent activity.

And while this is a big win for law enforcement, this gang only represents a drop in the bucket of global credit card fraud that is estimated at nearly $2 billion per year.

Wednesday 27 March 2013

Cyber-battle Slows Down the Whole Net

Internet been dragging lately? Don’t blame your ISP. A gigantic cyber attack is slowing things down for everyone.
It all started with a tiff between spam-fighting group Spamhaus and server company CyberBunker. Spamhaus is a non-profit that works with companies worldwide to help filter spam. CyberBunker is a server company with an ‘anything goes’ policy and allows for anything with the exception of child pornography or terrorism-related material.
You might see where this is going.
Basically, Spamhaus fights spam with a series of blocklists that contain companies and servers that host spam. And recently, Spamhaus added CyberBunker to their blocklists.
Though still unconfirmed, Spamhaus claims that CyberBunker is taking revenge for the block and is behind massive cyber attacks aimed at Spamhaus’s DNS servers.
If you weren't sure, CyberBunker is
literally in a bunker.
Spamhaus said that CyberBunker is affiliated with several criminal organisations in Russia and Eastern Europe and that they have launched massive DDoS attacks that are pushing 300 GB/s of data onto Spamhaus’s servers.
DDoS, distributed denial of service, attacks target systems by flooding them with traffic. To put the current 300 GB/s attacks in perspective, the previous DDoS record achieved only 100 GB/s. That’s right. The current onslaught has not only broken the previous record, but tripled it.
Steve Linford, chief executive for Spamhaus, said the attacks are strong enough to bring down even the most robust systems.
"If you aimed this at Downing Street they would be down instantly," he said. "They would be completely off the internet…. Normally when there are attacks against major banks, we're talking about 50 gb/s."
In fact, the attacks are so big, they are slowing down the rest of the internet. Prof Alan Woodward, a cybersecurity expert at the University of Surrey explained the size and scope of the attacks in an interview with the BBC.
"If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps…. With this attack, there's so much traffic it's clogging up the motorway itself."
Hopefully, we’ll see an end to this madness soon. But in the mean time, maybe think twice before ringing Vodafone with speed problems.

Try SumRando for free here.

Wednesday 20 March 2013

Chameleon Botnet Snags $6 Million per Month

Anyone who’s ever been involved with digital advertising knows the perils of fraud. To some degree, it’s unavoidable. But a massive new botnet called Chameleon has taken advertising fraud to a new level.

Chameleon bot distribution (courtesy of

A security researcher who goes by announced yesterday he has discovered a botnet responsible for as many as 9 billion fraudulent ad impressions. Chameleon targets 202 websites that, in total, only receive 14 billion impressions on ads. That means the botnet is responsible for about 64% of the impressions on these sites.

Good news for the site owners, bad news for the advertisers doling out 9 billion impressions worth of cash.

The botnet consists of more than 120,000 host machines running Windows 7. According to, 95% of the machines are based in the United States.

You may be thinking this is no big deal; a few extra ad clicks can’t be that bad, right? It turns out those fraudulent clicks add up to about $6 million per month. Ouch.

Chameleon is unique, and called Chameleon, because it’s so good at mimicking real visitors and fooling anti-bot measures.

Chameleon is a sophisticated botnet. Individual bots run Flash and execute JavaScript. Bots generate click traces indicative of normal users. Bots also generate client-side events indicative of normal user engagement. They click on ad impressions with an average click-through rate of 0.02%; and they surprisingly generate mouse traces across 11% of ad impressions. []

But despite such sophistication, revealed that as a group, the behavior of the bots was in fact quite homogenous and ultimately allowed the researcher to isolate the botnet.

Friday 15 March 2013

SumRando's Web Proxy is Still Fully Functional in Iran

Howzit Randos?

Over the past week, authorities in the Islamic Republic of Iran have implemented new methods of digital censorship that isolate and block virtual private network connections.

Already one of the most restrictive places on earth in terms of net freedom, the Iranian government has now disabled one of the few methods Iranians possess to access objective news and the free flow of information.

And while these latest developments are both discouraging and sad, the SumRando Team is proud to remind our Iranian friends that the SumRando Web Proxy is still fully functional in Iran and ready to deliver information and content from around the globe and within the Islamic Republic.

Freedom of expression is not a privilege. It’s a human right. Despite the draconian attempts of cowardly regimes, the flow of information cannot and will not be stopped.

We believe we speak in solidarity with the entire privacy community along with internet users around the globe when we address oppressive governments and censors and say:

“Please, shove it up your ass.”

Safe Surfing,
The SumRando Team

Wednesday 13 March 2013

U.S. confirms offensive cyber-war program

In case you weren’t totally convinced that cyber war is on like Donkey Kong, the Obama administration publicly confirmed today what we’ve all known for some time: The United States is actively developing offensive cyber-weapons to be used whenever they feel like it in wartime.

I know. It’s shocking.

While the announcement should be heeded as a heads up that digital warfare is on our doorstep, it shouldn’t be much of a surprise in light of devastating American-made malware like Stuxnet being unleashed on Iran’s refinement facilities and the U.S. Department of Defense quintupling their Cyber Command just a few months ago.
"I would like to be clear that this team, this defend-the-nation team, is not a defensive team," Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee on Tuesday. "This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone." [Ars Technica]