DistroWatch

New TrueOS release cycle

DistroWatch
  • open
  • next
DistroWatch

Debian 9's release date

DistroWatch
  • open
  • next

HakTip 157 – Linux Terminal 201: Searching and Locating Files

Hak.5

In this HakTip, we’re learning how to search for files with the locate and find commands, as well as how to search within files with grep!

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

  • open
  • next
Schneier on Security

Friday Squid Blogging: Squid and Chips

Schneier on Security

The excellent Montreal chef Marc-Olivier Frappier, of Joe Beef fame, has created a squid and chips dish for Brit & Chips restaurant.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

  • open
  • next
Ars Technica

Uber, Lyft returning to Austin as driver-fingerprinting dispute ends

Ars Technica
image

Enlarge (credit: Alfredo Mendez)

Uber and Lyft are returning to Austin—the capital of Texas and home to the South by Southwest festival. The move comes one year after the ride-hailing services left the area over a driver-background check dispute with city regulators and voters.

The two companies are coming back now because state lawmakers passed legislation, which Gov. Greg Abbott is expected to sign Monday, that removes a controversial requirement that prospective drivers have their fingerprints run through an FBI database that tracks people's criminal activity over the course of their lives. Uber and Lyft claimed that the check was too onerous and should be reserved for security sensitive personnel.

The new legislation supersedes the city of Austin's regulations, paving the way for the companies' return to Austin possibly as early as this coming week. (The companies said they would return for business immediately following Abbott's signature.) Austin Mayor Steve Adler said he was "disappointed" with the new state regulations.

Read 3 remaining paragraphs | Comments

  • open
  • next
Schneier on Security

Forbes Names Beyond Fear as One of the "13 Books Technology Executives Should Have On Their Shelves"

Schneier on Security

It's a good list.

  • open
  • next
Ars Technica

Radio-controlled pacemakers aren’t as hard to hack as you (may) think

Ars Technica
image

Enlarge (credit: US Food and Drug Administration)

Pacemakers are devices that are implanted in the chest or abdomen to control life-threatening heartbeat abnormalities. Once they're in place, doctors use radio signals to adjust the pacemakers so that additional major surgeries aren't required. A study recently found that pacemakers from the four major manufacturers contain security weaknesses that make it possible for the devices to be stopped or adjusted in ways that could have dire effects on patients.

Chief among the concerns: radio frequency-enabled pacemaker programmers don't authenticate themselves to the implanted cardiac devices, making it possible for someone to remotely tamper with them.

"Any pacemaker programmer can reprogram any pacemaker from the same manufacturer," researchers from medical device security consultancy WhiteScope wrote in a summary of their findings. "This shows one of the areas where patient care influenced cybersecurity posture."

Read 4 remaining paragraphs | Comments

  • open
  • next
Schneier on Security

Hacking the Galaxy S8's Iris Biometric

Schneier on Security

It was easy:

The hackers took a medium range photo of their subject with a digital camera's night mode, and printed the infrared image. Then, presumably to give the image some depth, the hackers placed a contact lens on top of the printed picture.

  • open
  • next
Security Week

Organizations Concerned About Medical Device Attacks: Study

Security Week

Many manufacturers and healthcare delivery organizations (HDO) are concerned about medical device attacks, but only few have taken significant steps to address the threat, according to a study commissioned by electronic design automation solutions provider Synopsys.

read more

image image image image image image image image
  • open
  • next
Ars Technica

Memorial Day weekend means F1, the Indy 500, NASCAR, and the Nürburgring 24

Ars Technica
image

Enlarge (credit: Icon Sportswire/Shaun Botterill/Brian Lawdermilk/BMW)

As we prepare to head into Memorial Day weekend, there's a bumper crop of wheel-to-wheel action on offer for the motorsports fan. Both IndyCar and Formula 1 have their biggest races of the year this Sunday, NASCAR has its 600-mile race at Charlotte, and over in Germany hundreds of thousands of fans are camping around (and possibly setting fire to) the mighty Nürburgring.

Despite not being broadcast here in the US, the last of these is probably the easiest for you to watch. That's because the organizers have provided a free international livestream on YouTube:

The race starts at 11am ET (3pm CET) on Saturday (May 27) and runs for the next 24 hours. There's also English language commentary from the always-excellent team at Radio Le Mans.

Read 6 remaining paragraphs | Comments

  • open
  • next
Security Week

G7 Demands Internet Giants Crack Down on Extremist Content

Security Week

Taormina, Italy - The G7 nations on Friday demanded action from internet providers and social media firms against extremist content online, vowing to step up their fight against terrorism after the Manchester attack.

read more

image image image image image image image image
  • open
  • next
Security Week

Large Malvertising Campaign Delivers Array of Payloads

Security Week

A malvertising campaign that has been active for more than a year is using fingerprinting to target users with a variety of payloads, Malwarebytes security researchers warn.

read more

image image image image image image image image
  • open
  • next
Ars Technica

Uber walks away from Otto trademark

Ars Technica
image

(credit: Court documents)

At the heart of Uber's litigation with Waymo is another oddly-named self-driving startup called Otto. That's the company founded by Uber engineer Anthony Levandowski right after he left Google, the job at which he was accused of illegally downloading more than 14,000 files. Levandowski sold Otto to Uber within a few months.

While the legal action between Uber and Waymo rages on, Uber is quietly ending another legal fight over the name "Otto" itself. Back in August, just after Uber's acquisition for $680 million, Otto was sued (PDF) by Clearpath Robotics, a large installed-robotics company with a headquarters in Kitchener, Ontario. Clearpath already had a division called OTTO Motors, which manufactured OTTO, described as "the first self-driving warehouse robot."

Read 5 remaining paragraphs | Comments

  • open
  • next
Security Week

Researchers Release Patch for NSA-linked "EsteemAudit" Exploit

Security Week

Security researchers at enSilo have released a patch to keep vulnerable systems protected from a recently released Windows exploit allegedly used by the National Security Agency (NSA)-linked Equation Group.

read more

image image image image image image image image
  • open
  • next
Ars Technica

Comcast customer satisfaction drops 6% after TV price hikes, ACSI says

Ars Technica
image

Comcast’s customer satisfaction score for subscription TV service fell 6 percent in a new survey, putting the company near the bottom of rankings published by the American Customer Satisfaction Index (ACSI).

Comcast’s score fell from 62 to 58 on ACSI’s 100-point scale, a drop of more than 6 percent between 2016 and 2017. The ACSI’s 2017 report on telecommunications released this week attributed the decrease to “price hikes for Xfinity (Comcast) subscriptions.”

Satisfaction with pay-TV providers dropped industry-wide, tying the segment with Internet service (a product offered by the same companies) for last place in the ACSI’s rankings. The ACSI summarized the trend as follows:

Read 20 remaining paragraphs | Comments

  • open
  • next
Ars Technica

Viral video of girl snatched by sea lion raises “seal finger” awareness

Ars Technica
image

Enlarge (credit: WAVY TV 10)

When a video showing a six-year-old girl getting yanked into the sea by a feisty sea lion went viral this week, her parents quickly received international flak—and some potentially critical health information. The online fuss is raising awareness of a severe infection called seal finger, along with some of the other dangers of messing with sea lions.

The infection, which can lead to severe inflammation and amputations if not properly treated, is rare but well-known to marine life experts and fisherman. It’s caused by Mycoplasma phocacerebrale, a type of bacteria known to live in the mouths of seals and sea lions. Mycoplasma species have several notable features, but a critical one for seal finger is that they’re difficult to kill with many standard antibiotics—something the parents of the snatched six-year-old would clearly want to know. If it weren’t for the Internet, they might not.

The girl, who was swiftly retrieved from the harbor by her quick-thinking grandfather, is reported to have a 5-by-10 centimeter wound on her lower body from her sea lion encounter. Her parents were unaware of the risk of seal finger infection until media reports about the viral video included marine experts, who mentioned the danger. The parents have since consulted with marine experts and doctors. Though it’s not certain that she has the infection, she’s receiving antibiotics as a precaution.

Read 3 remaining paragraphs | Comments

  • open
  • next
Ars Technica

Destiny 2 moves to a more server-centric networking model

Ars Technica
image

Enlarge

With Destiny 2 moving the franchise to the PC for the first time, a lot of players were hoping Activision would use dedicated servers to ensure stability and reliability. The company mentioned last week that those hopes for a dedicated server wouldn't be fulfilled, but Destiny 2 Engineering Lead Mat Segur says the game's hybrid server model is a bit more complex than that announcements suggests.

Unlike the original Destiny, where matches were hosted on one player's console, "every activity in Destiny 2 is hosted by one of our servers," Segur said in a Bungie blog post yesterday. "That means you will never again suffer a host migration during your Raid attempt or Trials match."

But those servers won't handle all the data for every player in the game. While "the server is authoritative over how the game progresses... each player is authoritative over their own movement and abilities," Segur continued. "This allows us to give players the feeling of immediacy in all their moving and shooting—no matter where they live and no matter whom they choose to play with."

Read 3 remaining paragraphs | Comments

  • open
  • next
Ars Technica

Trump has an iPhone with one app: Twitter

Ars Technica
image

Enlarge (credit: Andrew Harrer/Bloomberg via Getty Images)

Early in March, President Donald Trump surrendered his personal Android phone—the phone from which scores of controversial Twitter posts had been launched. Based on Twitter metadata, Trump retired the Android device after expressing outrage over the DNC's failure to let the FBI search its servers and taunting Arnold Schwarzenegger on March 5. The next day, he replaced it with an iPhone.

image

According to a report from Axios' Mike Allen, Twitter is the only application running on Trump's new iPhone. And on his current overseas trip, staff have tried to limit his screen time in order to reduce the volume of his 140-character missives, Allen wrote:

Read 3 remaining paragraphs | Comments

  • open
  • next
Security Week

Draft Hacking Back Bill Gets Modifications Prior to Imminent Introduction

Security Week

Rep. Tom Graves (R-Ga.) has released an updated version (PDF) of his draft Active Cyber Defense Certainty (ACDC) Act, incorporating feedback from the business community, academia and cybersecurity policy experts.

read more

image image image image image image image image
  • open
  • next
Ars Technica

Calculating when your climate will start to seem weird

Ars Technica
image

Enlarge (credit: Pool Olortiga Ramirez)

Reducing greenhouse gas emissions may seem like taking responsibility for the sake of future generations. But the pace of climate change is certainly meaningful within a single lifetime.

One way to think about climate change, as explored in a new study led by Victoria University of Wellington’s Dave Frame, is that temperature patterns eventually move out of the range you’re accustomed to. Weather and climate are naturally variable, but if the climate shifts, unusual conditions can become the new normal. The “unusual” end of the spectrum gets replaced with more extreme conditions than before.

Defining the unknown

In this case, the researchers focus on the ratio of signal to noise—the warming change versus the normal range of variability. Specifically, starting with a bell curve distribution defined by the mean and the standard deviation, the researchers defined changes based on the average annual temperature by a standard deviation.

Read 10 remaining paragraphs | Comments

  • open
  • next
Ars Technica

Creator of SecurID sues Apple, Visa over digital payment patents

Ars Technica
image

The inventor of RSA's famous SecurID dongle has sued (PDF) Apple and Visa, alleging that both Apple Pay and Visa infringe four patents he owns.

Kenneth Weiss was the founder and CEO of Security Dynamics, the company that created the SecurID token used around the world to access secure computer networks. That company ultimately acquired RSA Security and took its name, then was bought by EMC.

Weiss left the company in 1996. By 2011, he had founded a new company, Universal Secure Registry, where he was working on mobile phone security.

Read 6 remaining paragraphs | Comments

  • open
  • next
Ars Technica

Far Cry 5 takes series to deadliest land of all: Disenfranchised America

Ars Technica
image

Enlarge / Next-to-last supper? (credit: Ubisoft Montreal)

LOS ANGELES—I leaned back in a hotel-suite chair and took in a bonkers video-game pitch from an Ubisoft producer while folding and unfolding the tiny American flag I'd been given moments before. The 13-year-old Far Cry gaming series returns once more in February 2018, and, at least conceptually, this might be its most intense entry yet. While Far Cry games traditionally drop players into exotic, international locales with only a gun and a prayer, this year's entry, Far Cry 5, lands in the U-S-of-A.

Specifically, the open, rural wilds of Montana. Your mission: invade a militarized cult's massive compound and take down its gun-toting, Jesus-invoking leader.

In another time and place, I might have looked at this pitch and thought about the bygone '90s era of David Koresh and Ted Kaczynski—some distant, fuzzy memory that is finally ready for an over-the-top virtual run-and-gun video game. But Ubisoft has picked a heated time to double down on something we rarely see in the gaming world: Americans fighting Americans over the concept of what "America" is. The promotional-swag flag in my hand kept reminding me that this Far Cry, no matter how it plays, certainly won't feel far away this time.

Read 23 remaining paragraphs | Comments

  • open
  • next
Ars Technica

During a hospital stay, all microbial hell breaks loose between you and the room

Ars Technica
image

Enlarge / Dr. Jack Gilbert, sampling a hospital room before the microbial mayhem begins. (credit: University of Chicago)

In the first few hours of a hospital stay, the microbes living on the walls and other surfaces of the hospital try to overthrow your skin microbiome. Then all hell breaks loose. Within 24 hours—and possibly as little as seven—your microbes rise up to beat back the invaders. Before the germ clouds settle, your microbiome has invaded the room.

At least, that seems to be the standard way of things, according to a new study in Science Translational Medicine. For the study, researchers at the University of Chicago, led by microbiologist Jack Gilbert, meticulously tracked the microbial comings and goings of a new hospital over the course of a year. They started from before the hospital opened and kept researching past when it was full of patients. The researchers set out to understand microbial dynamics so they can one day tweak them. Gilbert envisions future probiotics—not pills or lotions, but surface sprays and wall treatments—that can bulk up beneficial bacteria capable of ejecting deadly pathogens and even prime helpful immune defenses in patients.

image

The University of Chicago Medicine

Read 12 remaining paragraphs | Comments

  • open
  • next
Ars Technica

There’s a Strontium Dog fan film, and it’s very good

Ars Technica
image

Enlarge (credit: Irradiated Hound Entertainment)

News broke earlier in May that Rebellion—the games and publishing company that owns 2000AD, the world's greatest comic—has joined up with IM Global to bring more Judge Dredd to our screens. In interviews since, Rebellion's bosses have said that they hope to also adapt other 2000AD characters for live-action. But thanks to some very dedicated fans out there, we've got something to tide us over until that happens: Search/Destroy: A Strontium Dog Fan Film.

Judge Dredd may well be 2000AD's best-known character: a hard-assed lawman of the future who's more of an anti-hero than a role model. But readers of the comic will know that Strontium Dog's Johnny Alpha is at least his equal. Also created by John Wagner and Carlos Ezquerra (who were responsible for Judge Dredd), he's a mutant from about 60 years in Dredd's future.

Alpha works as a bounty hunter for the Search/Destroy agency. SD bounty hunters are all mutants, banished from an Earth that has been ravaged by more than one nuclear war in its time—hence, they're more commonly known as "Strontium Dogs"—and Alpha's radiation-induced gift are his glowing eyes, which can see through solid objects and even read the contents of someone's mind. Together with his partner (and Viking-out-of-time) Wolf Sternhammer, Alpha travels the galaxy (and sometimes through time) to do the dirty, difficult jobs no one else can manage.

Read 3 remaining paragraphs | Comments

  • open
  • next
Security Week

GDPR Industry Roundup: One Year to Go

Security Week

GDPR Roundup: New Products, Surveys and Industry Commentary

read more

image image image image image image image image
  • open
  • next
Ars Technica

How to build your own VPN if you’re (rightfully) wary of commercial options

Ars Technica
image

Enlarge (credit: Aurich / Thinkstock)

In the wake of this spring's Senate ruling nixing FCC privacy regulations imposed on ISPs, you may be (even more) worried about how your data is used, misused, and abused. There have been a lot of opinions on this topic since, ranging from "the sky is falling" to "move along, citizen, nothing to see here." The fact is, ISPs tend to be pretty unscrupulous, sometimes even ruthless, about how they gather and use their customers' data. You may not be sure how it's a problem if your ISP gives advertisers more info to serve ads you'd like to see—but what about when your ISP literally edits your HTTP traffic, inserting more ads and possibly breaking webpages?

With a Congress that has demonstrated its lack of interest in protecting you from your ISP, and ISPs that have repeatedly demonstrated a "whatever-we-can-get-away-with" attitude toward customers' data privacy and integrity, it may be time to look into how to get your data out from under your ISP's prying eyes and grubby fingers intact. To do that, you'll need a VPN.

The scope of the problem (and of the solution)

Before you can fix this problem, you need to understand it. That means knowing what your ISP can (and cannot) detect (and modify) in your traffic. HTTPS traffic is already relatively secure—or, at least, its content is. Your ISP can't actually read the encrypted traffic that goes between you and an HTTPS website (at least, they can't unless they convince you to install a MITM certificate, like Lenovo did to unsuspecting users of its consumer laptops in 2015). However, ISPs do know that you visited that website, when you visited it, how long you stayed there, and how much data went back and forth.

Read 81 remaining paragraphs | Comments

  • open
  • next
Security Week

Qbot Infects Thousands in New Campaign

Security Week

A recent distribution campaign resulted in thousands of machines being infected with the Qbot malware, Cylance security researchers warn.

read more

image image image image image image image image
  • open
  • next
Security Week

CISO Perspective: How Strategic Cyber Threat Intelligence Fits Into Your Security Program

Security Week

Security Professionals Can Use Strategic Threat Intelligence to Help Justify Security Spending Decisions and to Realign Budgets

read more

image image image image image image image image
  • open
  • next
Security Week

Nigerians Sentenced to Prison in U.S. Over Massive Fraud Scheme

Security Week

Three Nigerian nationals have been handed prison sentences totaling 235 years by a U.S. court for their role in a massive international online scheme that involved romance scams, identity theft, fraud and money laundering.

read more

image image image image image image image image
  • open
  • next
Security Week

Thousands of Third-Party Library Flaws Put Pacemakers at Risk

Security Week

Researchers have conducted a detailed analysis of pacemaker systems from four major vendors and discovered many potentially serious vulnerabilities.

read more

image image image image image image image image
  • open
  • next
OWASP

AppSec EU 2017 How To Lead Better Security Through Our Mini Hardening Project by Kazuki Tsubo

OWASP
  • open
  • next
OWASP

AppSec EU 2017 Conference Closing Address by Gary Robinson

OWASP
  • open
  • next
OWASP

AppSec EU 2017 Everything Is Quantum! by Jaya Baloo

OWASP
  • open
  • next
OWASP

AppSec EU 2017 On The (In-)Security Of JavaScript Object Signing And Encryption by Dennis Detering

OWASP
  • open
  • next
OWASP

AppSec EU 2017 Analysis And Detection Of Authentication Cross Site Request Forgery by Luca Compagna

OWASP
  • open
  • next
OWASP

AppSec EU 2017 Preventing 10 Common Security Mistakes In The MEAN Stack by David Bohannon

OWASP
  • open
  • next
OWASP

AppSec EU 2017 Exploiting CORS Misconfigurations For Bitcoins And Bounties by James Kettle

OWASP
  • open
  • next
OWASP

AppSec EU 2017 Pentesting Voice Biometrics Solutions by Jakub Kaluzny

OWASP
  • open
  • next
OWASP

AppSec EU 2017 How To Steal Mobile Wallet? by Wojtek Dworakowski and Slawomir Jasek

OWASP
  • open
  • next
OWASP

AppSec EU 2017 What The Kidnapping And Ransom Economy Teaches Us About Ransomware by J Grossman

OWASP
  • open
  • next
OWASP

AppSec EU 2017 Security Best Practices In Azure Cloud by Viktorija Almazova

OWASP
  • open
  • next
OWASP

AppSec EU 2017 Fixing Mobile AppSec: The OWASP Mobile Project by Bernhard Mueller and Sven Schleier

OWASP
  • open
  • next
OWASP

AppSec EU 2017 The Path Of Secure Software by Katy Anton

OWASP
  • open
  • next
OWASP

AppSec EU 2017 Combining The Security Risks Of Native And Web Development Hybrid Apps

OWASP
  • open
  • next
OWASP

AppSec EU 2017 DNS Hijacking Using Cloud Providers: No Verification Needed by Frans Rosén

OWASP
  • open
  • next
Linux Security News

Democracy-minded DEF CON hackers promise punishing probe on US election computers

Linux Security News
LinuxSecurity.com: Organizers at the DEF CON hacking conference in July are planning a mass cracking of US electronic election machines. The event, which for over 20 years has attracted the best and the brightest in the hacking community, will see a group hackathon against the voting machines that are used in every US election these days. The purpose is to check whether the machinery that underpins the electoral system is up to scratch.
  • open
  • next
Linux Security News

Samba exploit - not quite WannaCry for Linux, but patch anyway!

Linux Security News
LinuxSecurity.com: Samba is an open source project that is widely used on Linux and Unix computers so they can work with Windows file and print services. Samba can work as a client that lets you connect to Windows servers, and as a server that can accept connections from Windows clients.
  • open
  • next
Linux Security

openSUSE: 2017:1412-1: important: rpcbind

Linux Security
LinuxSecurity.com: An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
  • open
  • next
Krebs on Security

Trump’s Dumps: ‘Making Dumps Great Again’

Krebs on Security

It’s not uncommon for crooks who peddle stolen credit cards to seize on iconic American figures of wealth and power in the digital advertisements for their shops that run incessantly on various cybercrime forums. Exhibit A: McDumpals, a hugely popular carding site that borrows the Ronald McDonald character from McDonald’s and caters to bulk buyers. Exhibit B: Uncle Sam’s dumps shop, which wants YOU! to buy American. Today, we’ll look at an up-and-coming stolen credit card shop called Trump’s-Dumps, which invokes the 45th president’s likeness and promises to make credit card fraud great again.

trumpsdumps

One reason thieves who sell stolen credit cards like to use popular American figures in their ads may be that a majority of their clients are people in the United States. Very often we’re talking about street gang members in the U.S. who use their purchased “dumps” — the data copied from the magnetic stripes of cards swiped through hacked point-of-sale systems — to make counterfeit copies of the cards. They then use the counterfeit cards in big-box stores to buy merchandise that they can easily resell for cash, such as gift cards, Apple devices and gaming systems.

When most of your clientele are street thugs based in the United States, it helps to leverage a brand strongly associated with America because you gain instant brand recognition with your customers. Also, a great many of these card shops are run by Russians and hosted at networks based in Russia, and the abuse of trademarks closely tied to the U.S. economy is a not-so-subtle “screw you” to American consumers.

In some cases, the guys running these card shops are openly hostile to the United States. Loyal readers will recall the stolen credit card shop “Rescator” — which was the main source of cards stolen in the Target, Home Depot and Sally Beauty breaches (among others) — was tied to a Ukrainian man who authored a nationalistic, pro-Russian blog which railed against the United States and called for the collapse of the American economy.

In deconstructing the 2014 breach at Sally Beauty, I interviewed a former Sally Beauty corporate network administrator who said the customer credit cards being stolen with the help of card-stealing malware installed on Sally Beauty point-of-sale devices that phoned home to a domain called “anti-us-proxy-war[dot]com.”

Trump’s Dumps currently advertises more than 133,000 stolen credit and debit card dumps for sale. The prices range from just under $10 worth of Bitcoin to more than $40 in Bitcoin, depending on which bank issued the card, the cardholder’s geographic location, and whether the cards are tied to premium, prepaid, business or executive accounts.

A "state of the dumps" address on Trump's-Dumps.

A “state of the dumps” address on Trump’s-Dumps.

Trump’s Dumps is currently hosted on a Russian server that caters to a handful of other high-profile carding shops, including the long-running “Fe-shop” and “Monopoly” dumps stores.

Sites like Trump’s Dumps can be taken offline — by forcing a domain name registrar to revoke the domain — but the people responsible for running this shop have already registered a slew of similar domains and no doubt have fresh bulletproof hosting standing by in case their primary domain is somehow seized.

Also, like many other modern carding sites this one has versions of itself running on the Dark Web — sites that are only accessible using Tor and are far more difficult to force offline.

The home page of Trump’s Dumps takes some literary license with splices of President Trump’s inaugural address (see the above screenshot for the full text):

“WE, THE CITIZENS OF DARK WEB, ARE NOW JOINED IN A GREAT NATIONAL EFFORT TO REBUILD OUR COMMUNITY AND RESTORE ITS PROMISE FOR ALL OF OUR PEOPLE.”

TOGETHER, WE WILL DETERMINE THE COURSE OF CARDING AND THE BLACKHAT COMMUNITY FOR MANY, MANY YEARS TO COME. WE WILL FACE CHALLENGES. WE WILL CONFRONT HARDSHIPS. BUT WE WILL GET THE JOB DONE.”

The U.S. Secret Service, which has the dual role of protecting the President and busting up counterfeiters (including credit card theft rings), declined to comment for this story.

WHO RUNS TRUMP’S DUMPS?

For now, I’m disinclined to believe much about a dox supposedly listing the Trump’s Dumps administrator’s various contacts that was released by one of his competitors in the cybercrime underground. However, there are some interesting clues that tie Trump’s Dumps to a series of hacking attacks on e-commerce providers over the past year. Those clues suggest the criminals behind Trump’s Dumps are massively into stealing credit card data that fuels both card-present and online fraud.

In the “contacts” section of Trump’s Dumps the proprietors list three Jabber instant messenger IDs. All of them end in @trumplink[dot]su. That site is not currently active, but Web site registration records for the domain show it is tied to the email address “rudneva-y@mail.ua.”

A reverse WHOIS website registration record search ordered from domaintools.com [full disclosure: Domaintools is an advertiser on this blog] shows that this email address is associated with at least 15 other domains. Most of those domains appear to have been registered to look like legitimate Javascript calls that many e-commerce sites routinely make to process transactions, such as “js-link[dot]su,” “js-stat[dot]su,” and “js-mod[dot]su” (the full list is in this PDF).

A Google search on those domains produces a report from security firm RiskIQ, which explains how those domains featured prominently in a series of hacking campaigns against e-commerce websites dating back to March 2016. According to RiskIQ, the attacks targeted online stores running outdated and unpatched versions of shopping cart software from Magento, Powerfront and OpenCart.

These same domains showed up in an attack last October when it was revealed that hackers had compromised the Web site for the U.S. Senate GOP Senatorial Committee, among more than 5,900 other sites that accept credit cards. The intruders tinkered with the GOP Committee site’s HTML code to insert calls to domains like “jquery-cloud[dot]net” to hide the fact that they were stealing all credit card data that donors submitted via the Web site.

  • open
  • next
DistroWatch

PrimTux tests 64-bit build

DistroWatch
  • open
  • next
more
mark as read