E-Skimming Getting Worse by The Day

FBI-Issues-Warming-About-E-Skimming-crimeshop

FBI Issues Warning 

Cristal M Clark

I’m sure you all know about card skimming at the fuel station, the market and just about anywhere you swipe a card, we also need to worry about E=Skimming which is not a new thing. 

E-Skimming-crimeshop

E-Skimming, is an internet based card fraud where malware is injected into the payment page of a website to steal consumers’ payment details which of course happens when the hackers have unleashed malware on the payment page of the website. They then collect  customer card data when customers pay during the checkout process. 

Of course this has been a small problem since online shopping became a thing however, it’s now getting worse as each year passes. In fact according to the FBI, millions consumers’ data has been compromised by this kind of online scheme over just the past 2 years, and that my friends is just a stab in the dark at just how many individuals have had card data stolen through an online store because the FBI is having a difficult time obtaining a more precise count. 

Hackers-Attack-online-shoppers-crimeshop

Unfortunately, consumers never see this or get a warning when any sites payment system has been compromised so, we can’t really tell. 

So what are we consumers to do here?

Experts suggest using a credit card for all online purchases over using a debit card because the money on a debit card comes out of your account right away and in some cases it can take a while to see the funds returned to the account. 

Consumers can also check with the bank that they use, most banks now have a feature included with most mobile banking apps that alert the user if a charge is run on his/her debit card and that alert is in real-time.

Banks are also really coming around in terms of fraudulent charges on cards, they don’t let the fund’s come right out before checking with the consumer in some cases where things seem off and they are getting faster at returning funds that were not authorized. 

Either way, the FBI does not see an end to this situation anytime soon, so when you shop online, keep an eye out for charges that don’t belong to you. 

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

Hacking High Tech Cars 

Tech-loaded-cars-crimeshop

Hackers Infiltrating Cars Since 2010

Cristal M Clark 

If you are anything like me, you love new tech, especially if we can access it hands free in our motorized transports. Let’s face it, technology makes our everyday lives easier. A new standard for new cars is to develop them and sell them full of modern technology which comes with a lot of risk because it actually gives cybercriminals endless ways to access the vehicle and take over your car.

IntSights-crimeshop

Cybersecurity firm IntSights recently released,Under The Hood: Cybercriminals Exploit Automotive Industry’s Software Features, which just so happens to be a study on how hackers are managing to get into cars and do a decent amount of damage.

What’s worse is that they have been doing just that since roughly 2010.

The report states; “The pressure to deliver products as fast as possible puts a big strain on vehicle security capabilities, manufacturing facilities, and automotive data. Industry leaders have since come to understand that cybercrime threats to cars were not as far-fetched as originally thought.”

That’s right, apparently originally no one actually took the threat as seriously as they should have. You see back in the day, cars were considered way, way, waaaay too difficult to hack into and not worth the amount of time and energy required. 

Hackers-CrimeShop

Welcome to 2019, where people are struggling worldwide, where you get paid more to break laws, as cars have added things like Wi-Fi, GPS, and other features, the amount of ways to attack have increased. The average car now includes thousands of pieces of hardware as well as millions of lines of code, giving cybercriminals ample opportunity to test their methods.

“IntSights discovered easy-fo-find online shops that sell car hacking tools on the clear web. These online shops sell services that disconnect automobile immobilizers, as well as services that sell code grabbers and forums that give bad actors a complete tutorial on how to steal vehicles.” 

And some of you think puffer laws are here to protect us, these days you don’t even need to leave your car running unattended for it to be stolen, all thanks to modern technology.

Car-Hacking-Crimeshop

The IntSights report also pointed out that most car hacking tools can in fact, be found on websites or forums like Omerta.cc, Sindikat, Nulled.to, Carmasters.org, Autoteamsforums.ru, ffffff.ru, and Dublikat, which provide a wealth of information, tools, code grabbers, and tutorials. There are also a bevy of Russian sites offering help like forum.grabbs.org, Migalki.pw, and Chipadla.ru. IntSights went onto say that the most popular method involves attacking a car’s CAN protocol, which can give a hacker full access to all of the vehicle’s functions.

“The biggest challenge for hackers attempting to exploit remote access points is the required proximity to do so. Attacking a moving car can be near impossible if the hacker needs to physically connect to it. However, there are ways to bypass this problem: Attacking a car via a cellular network, breaking into its Wi-Fi access points, or breaking in via the manufacturer’s backend system, to which many modern cars are connected.”

Hackers could gain access through car companies too, because those companies now communicate with vehicles through applications that send information to them. If there is a breach of the car company’s servers, like we see in the news for pretty much any company these days, a cybercriminal could easily access the information shared between the company servers and the vehicle’s brain. 

Hackers have also been able to load malware onto a car owner’s phone, through phishing campaigns or fake apps, and infect vehicles that way. Cybercriminals have even had success manipulating cellular networks through built in SIM cards, which car companies use to extract real-time information and update firmware. 

If you think that is bad, think again because cybercriminals have also been able to attack a car’s Remote Keyless System, which allows owners to open and start their vehicle without a key. The key fob technology used for this system is decades old and is considered tough to crack, but a new generation of code grabbers has allowed car thieves to either outright mimic the signals or intercept them. 

hacker

While all of this seems like an unimaginable nightmare, I can assure you that it is not. Like it or not, if you are connected with your car, refrigerator, coffee maker, security system, pretty much anything these days, you are at risk of being hacked. 

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

Hackers Hack Mobile Carriers – Could Shut Down Networks

dark-web-hackers-sell-doctor-information-crimeshop

Hackers Quietly infiltrated Over a Dozen Mobile Carriers

Cristal M Clark

Well here’s a delightful way to everyone’s Tuesday but on the downlow if you hackers hacked my mobile carrier could you do me a solid and shut it down for a stint? I mean I have a friend who is going through some drama and she sent me over 13 text within a span of 30 minutes yesterday and that was just for that 30 minutes, don’t get me started on the rest of the day, I need some downtime here.

hackers-hack-mobile-carriers-crimeshop

Hackers have quietly infiltrated more than a dozen mobile carriers around the world, gaining complete control of networks behind the companies’ backs, that is according to the companies. If they wanted to get ahead of the game however, they could have and would have.

According to Cybereason, a security company based in Boston, the attackers have been hacking the carriers over the last 7 (as opposed to just 1 or 2), years to steal sensitive data, but they have so much control that they could very well just shut down communications at any time they’d like.

hackers-mobile-carriers-crimeshop

Essentially, hackers targeted phone providers in Europe, Asia, Africa and the Middle East, they then infected multiple mobile carriers since 2012, gaining control and siphoning off hundreds of gigabytes of data on people.

A breech of this scale has the potential to affect millions of users globally with no warning whatsoever. Amit Serper, Cybereason’s head of security research: “They have all the usernames and passwords, and created a bunch of domain privileges for themselves, with more than one user, they can do whatever they want. Since they have such access, they could shut down the network tomorrow if they wanted to.” 

Hackers-sell-doctor-information-clinica-crimeshop.jpg

While the hackers had access to millions of people’s data, they had only stolen data from less than 100 highly targeted victims. The attackers likely targeted high-profile victims involved in government and the military. That’s of course after having gaining access to mobile carriers’ internal servers, the hackers would have access to call data records on hundreds of millions of customers. That would provide information like geolocation data, call logs and text message records.

Which as any researcher will tell you is the holy grail of data in terms of hacking, mobile carriers these days tend to have it all, for all of us.

The question everyone has, who is behind the hacks? Given the types of higher profile victims that have already been targeted in some of the attacks many suspect those behind these hackers is in fact a government entity.

Either way, don’t be surprised if at some point your entire mobile network comes crashing down for a bit.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

Hacker’s Selling MD Info on the Dark Web

Dark-Web-crimeshoop

Doctor’s Fall Prey to Hackers

Cristal M Clark

Everything seems to be for sale these days in terms of one’s identity and worldwide, governments are unable to both prevent it, let alone stop it once the proverbial ball starts rolling.

dark-web-hackers-sell-doctor-information-crimeshop

In what some are calling a deeply disturbing new trend, hackers are selling the identities of doctors for $500 on the dark web. The hackers are obtaining all the details needed to pose as a medical professional by targeting, employees, hospitals and other healthcare organizations, which possess all of the highly valuable data. In case you are wondering about the employee bit; employees are every organizations biggest liability and some cases employees are sending information through non secured email channels, texts, WhatsApp, in public and the like. Case in point, Clinica here in Colorado has a rather rampant issue with its medical staff sharing patient records, which include doctor information, utilizing the likes of Gmail rather than its internal email system as reported by employee BB, who is stationed in Lafayette, CO. Then we have as we all should be very well aware of, the hacking into and holding hostage of networks, which of course contain virtually all the needed information. Hackers compromises the corporate network of a healthcare provider to find administrative paperwork that would support a forged doctor’s identity and patient information. A process that becomes even easier once hackers see staff sharing information through non-secured email like in the case of Clinica.

The cyber criminals are then able to use the stolen information to forge the identities of doctors in order to submit fraudulent insurance claims or obtain prescriptions for controlled drugs like opioids that will in turn be sold on the black market or on the streets.

Hackers-sell-doctor-information-clinica-crimeshop.jpg

Documents on sale include malpractice insurance documents, medical diplomas, board recommendations, medical doctor licenses, and DEA licenses. This was uncovered by researchers at cyber security firm Carbon Black, who tracked the shifting patterns of cyberattacks towards medical organizations as well as personal medical records and hacked health insurance company login information.

Tom Kellermann, chief cyber security officer at Carbon Black: “This is a relatively new trend, the price is warranted when you consider what can be done with the data. Cyber criminals can use this information to facilitate insurance fraud, as well as submit prescriptions for controlled substances like opioids. These can then be sold on the black market at a steep profit.”

This information is generally cheaper to obtain, with forged prescriptions costing between $10 and $120 on the dark web and insurance login information costing as little as $3.25 per record.

doctor-credentialing-crimeshop

The researchers called for “extreme vigilance” on the part of security teams working to protect healthcare institutions. Which is desperately needed, honestly. The employee who informed me about medical staff sending patient records through Gmail also took it upon himself to share sensitive patient information with me on multiple occasions, the fact that the CFO of the organization fell for an email scam costing the organization thousands, and the inner workings of the software that they utilize. This type of information sharing with anyone is a cybercriminals wet dream if you will.

The world however, as in our worlds governments need to make it easier for all individuals to change ones credentialing if you will once someone’s identity has been compromised, new identification numbers, new licenses, etc. because by default, by keeping all of that information the same and simply flagging it, you still allow for the crimes under which the original licenses, identification numbers were committed, to continue on.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

https://www.instagram.com/crimeshop.cc/?hl=en

And https://gab.ai/thecrimeshop

Hackers – Hacking ATM’s?

Dollar Bills

ATM Cash-Out Goes World Wide

The Krebs Cybersecurity blog reported on Sunday of a new threat to the worlds banks.

Hackers are now able to hack bank or payment card processors and use the stolen information to withdraw large sums of cash from ATM’s pretty much everywhere.

Which can be done without the benefit of actual malware.

fbi-crimeshop

The FBI shared this information with the banking industry on Friday which they typically do from time to time as cyber threats come about, it’s known as a “private industry alert.”

wells-fargo-steals-from-customers-crimeshop

The FBI is not required to make a public PSA about such cybersecurity threats but with the way Wells Fargo rips off its customers from the inside, one would think that the FBI would at the very least inform consumers of the threat considering that it would take someone like Wells Fargo years to report that customer bank accounts had been wiped out by hackers.

Wells-Fargo-Protest-crimeshop

Not to mention refund it, they like to well let’s just say, sit on money.

Just throwing out facts based off of the way certain banks treat their customers.

brian-krebs-crimeshop

In the meantime, since the financial industry and the FBI did not send out a warning to consumers, thankfully Brian Krebs did.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

 

 

 

 

PGA Held for Ransom

PGA Championship - Preview Day 2

Hackers Hit PGA with Ransomware Attack

 

Not even golf is safe from the likes of ransomware, the PGA has been hit with an attack demanding a nice bitcoin payout.

ransomware-PGA-crimeshop

On Tuesday someone hacked into the PGA servers, days before the scheduled 8/9/2018 PGA Championship locking out the golf association.

Naturally, the hackers want some bitcoin should the PGA want to regain access to its servers, which may or may not mean that regardless of whether the PGA pays the ransom that they will ever be able to actually regain access to any and all files that were stored.

Yep, you read that right because typically this type of ransom attack renders whatever had been stored on the servers permanently inaccessible.

Have no fear tournament, the championship will still go on as planned.

It’s not a huge loss for the PGA as most of the information stored on the servers being held for ransom would don’t share private user data and its replaceable.

comcast-security-breach-crimeshop

All in all, it could be worse, Comcast gave a gift to their subscribers in that a recent security flaw ended up exposing partial addresses and the social security numbers of what is estimated to be 26M Comcast customers.

Funny how I never saw that on the channel lineup.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

Hackers Targeting Your Office Gossip?

ransomware-crimeshop.jpg

Those Instant Message Services Aren’t so Private

Traditionally, when you think of a hacker being able to obtain your information, you might think that you somehow ended up innocently installing some form of malware which in turn opened up your work or home network to hackers.

dark-web-crimeshop

Which is pretty true, and one type of service we rarely think about are those instant messaging services used by many within the corporate world these days.

The amount of information your employees share on those unmanaged services is actually a lot more critical to an organization’s inner workings that one might really think.

What that opens any organization up to is a ransomware attack.

Using intel gleaned from an instant messaging service, hackers can obtain some pretty important details about an organization’s inner workings, it’s projects, it’s client base, how much money is involved with particular contracts and deals and they can even obtain details with regards to both current past employees.

Many of these instant messaging programs used are more often than not are not entirely secure and not that, they are not managed by a member of management much less a member of IT if an organization has an IT department.

Truthfully and also sadly, employee’s who partake in the fine art of office gossip using these types of services do not think about the vast amount of information they are gossiping about or sharing with one another much less, that the information could potentially be used in some future ransomware attack on the organization, it’s employee, bank, customer, etc.

Hackers are no longer using stolen intel to just simply steal things like bank account information, they are using information in order to take an organization’s entire network for hostage.

WannaCry-ransomeware-crimeshop

Ransomware attacks saw a surge of 2,500% in just 2017 alone.

slack-crimeshop.jpeg

Slacks one of the most popular messaging services used in offices these days admitted back in March that they found and patched a vulnerability that would have given hackers full access to chat histories, shared files among other critical data. Chat logs from your workforce can be a valuable and rich source of intel to any hacker worth his weight in gold.

That is a pretty big deal, one which will continue to be a growing concern because hackers do not suddenly get stupid, fix one vulnerability and another will be found, usually by hackers first.

So how does an organization get around this type of situation?

Easy get rid of things like instant messaging programs in your office and force your employees to keeping that office gossip, at the water cooler.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

Hacking – Hackers Back, The US Government To Clear the Way for That?

 

computerhacking_crimeshop

 

Hackers Get Ready – It’s Going to Be All Out Hacking War

 

Sometimes I sit back and wonder how some individuals were able to manage to get into office anywhere here in the US, I mean we have a Donald Trump as our sitting President.

 

President Trump Hosts Ceremony Recognizing First Responders In The June 14 Congressional Baseball Shooting

 

I’ve been hearing rumors that some who hold office throughout the United States are pushing for an okay to, hacking, hackers back.

 

White-House-CyberSecurity-Council-Crimeshop

 

Of all of the stupid idea’s in today’s world, really, this one?

What’s truly worse is that hacking back has been highly discouraged for years, not to mention it doesn’t really do shit to the hacker by the time you’ve hacked them back.

So the idea is that it would clear users to hack the computer that hacked them back.

Not the brightest idea when you consider that sometimes, actually more often than not, hackers are in fact hacking you, from a hacked computer or network of computers.

Computers and networks that belong to innocent individuals and businesses.

 

hacking-US-Government-crimeshop

 

Representatives Tom Graves, R-Georgia, and Kyrsten Sinema, D-Arizona are attempting to allow for some exceptions to the Computer Fraud and Abuse Act, the U.S. anti-hacking statute, which pretty much makes it illegal to access computers that don’t belong to you without permission or some form of authorization.

This tweak of the bill would change that restriction and then allow companies to access computers that don’t belong to them in the name of self-defense or, as the bill calls it, “active defense.”

Here is a time when taking the time to bother oneself with your perception of the problem might come in handy because this change is really going to create more issues than it would actually solve.

This change merely changes the situation so as to allow for the hacking, that cycle, to keep going and growing.

These hackers, they are not as stupid as our government thinks either, they could potentially hack someone, write a line of code that would then destroy everything on a network or computer should that victim attempt to hack them back. I mean you don’t honestly think hackers haven’t already thought of this do you?

I can’t write code to save my life here, and I am no hacker here,  I can however without a doubt tell you that these hackers have already outsmarted you by about 10 paces if not more.

 

russia-hacking-the-us-election-crimeshop

 

Except for the Russian hackers, they can hack Hillary Clinton’s email server but they can’t manage to hack my Starbucks card and increase my allotted credit amount for my beloved coffees, which I have suggested many times in the past they do.

Yes Putin, I am looking in your general direction here, inform your hackers, thanks for nothing.

The problem is that our own government is not seeing the problem clearly, they are perceiving it incorrectly therefore they are not going to solve it until they do take a step back and start seeing it just as it is.  

When you start hacking back, launching DDoS attacks back, releasing malicious malware back, you only keep the vicious cycle going and you create nothing more, than more of an invitation to make the next hack or attack, bigger and better.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop

CIA Director & Other Top Law Enforcement Officials – Hacked

Crackas-With-Attitude-Crimeshop.jpg

Crackas With Attitude

In 2015, Crackas with Attitude was once an aspiring group of young hackers that sought to hack top US officials such as, former CIA chief John Brennan and James R. Clapper Jr., former director of national intelligence, just to name a couple.

Justin-Liverman-Crimeshop

For 23 year old Justin Liverman, just simply hacking top law enforcement officials was not enough. He would go on to harass and online stalk them, he even made threatening calls.

What’s worse is that Justin would also harass and call the families of his victims and harass them as well.

On Friday, Justin was sentenced to 5 years in federal prison.

A British teenager, known as “Cracka,” is the one who actually broke into those accounts by impersonating the officials or employees of their service providers.

Justin and his Cracka buddy Andrew Otto Boggs, who also 23, encouraged Cracka’s exploits so that they could in turn use the stolen information.

During Justin’s sentencing on Friday Judge Gerald Bruce Lee informed Justin that “These are no pranks, this computer hacking, Crackas With Attitude, caused chaos. Your intent was clear, and that was to wreak havoc.”

The most sickening part of this case is that Justin harassed the spouses of his victims and also threatened the children of several targets.

Justin in particular chose some of the victims and personally drove the harassment campaigns against them.

He actually paid out of his own pocket for an hourly month-long “phonebombing” campaign leaving threatening and explicit messages for former FBI deputy director Mark Giuliano who was not named in court documents however, officials who are familiar with the case have confirmed this.

Justin also texted the former FBI deputy directors phone, asking about his “slut wife” and warning that he would “keep a close eye on your family, especially your son!”

Using Mark Giuliano’s credentials, Cracka was able to gain access to the Law Enforcement Enterprise Portal, a computer system that gives agencies around the world access to unclassified but sensitive law enforcement information.

Justin requested personal details on Miami police officers, which he promptly then posted online.

“Liverman leveraged Cracka’s superior social engineering skills to his own ends — namely, to cause disruption/fear through harassment and to continue to perpetrate his online fraud of being an administrator of a hacking group and a successful hacker himself.” Special Assistant U.S. Attorney Joseph Longobardo wrote in his sentencing memorandum.

Justin also encouraged Cracka to call in a bomb threat to the Palm Beach County, Fla., sheriff’s office, saying, “Hopefully they will have a shootout and kill each other,” according to court records.

Justin sounds like a delightful individual.

I am no genius by any means here, I do know however that it takes a special kind of stupid to hack and then threaten anyone in law enforcement.

They have superior technology and can find out who you are…

Other victims include Amy Hess, at the time the FBI executive assistant director for science and technology; Gregory Mecher, who is married to then-White House Communications Director Jen Psaki; and Harold Rosenbaum, chief executive of CIA contractor Centra Technology.

And, in 2016 Justin claimed that he had hacked NASA, which NASA spent money on only to learn that Justin was not entirely honest, go figure.

Justin’s whole argument was that at the time he thought that he was was helping expose weaknesses in the private security of law enforcement members who guard the nation’s secrets, and that he was taking a stand against government overreach, according to the court filings.

This may just be me here but threatening these individuals and their families is a far cry from taking a stand against government overreach.

At any rate another member of Crackas plead guilty to his part in the hacks and Cracka, well he is being prosecuted in Britain since he not from the US.

Justin hopes to one day become a black hat type of good guy working in security to help protect people from individuals such as himself.

However, he has his 5 year prison sentence to really think about it and decide if that’s what he truly wants to become once released.

Cristal M Clark

IOS users can find The Crime Shop on Apple News

@thecrimeshop on twitter

And https://gab.ai/thecrimeshop