Monthly Archive

The size of the hacking/scamming/phishing criminals are increasing. We all know this. The size of the criminals available creates new market spaces. We know that too. Criminals tends lack ethics. We see evidence of that all the time! 

And here is a nice story to show you again the lack of ethics amongst the criminals - Mr. Brain offers his free phishing kit to aspiring scammers. Nice one, Mr. Brain! I bet they love it!

Only drawback - Mr. Brain gets a copy of all activities and all the information collected from the kits. And the scammers themselves get scammed!

Why Mr. Brain does it like this? We can only guess. What we do know is that it gets increasingly risky to run scams and phishing - as ISPs and law enforcement are now actively on the lookout. Thus, finding an ISP and running your scam yourself is no longer the best method.

Add to that the increasing number of dumb n00bs out there, wannabies who like to be Great Hackers, but lack skill, understanding and motivation. What do you get? A market for hacking tools. 

As with legitimate business, many different business models exists - selling tools and kits directly, revenue sharing - and now "information sharing" without consent.

I am quite sure that Mr. Brain have access to the infrastructure necessary to monetize on the information. And I am more sure that his clients - the wannabies above - have no or only little clue on how to monetize the same information.  And the poor n00b ends up scammed.

I must admit - I love it. 

I am ROFL imaging their faces when they realize they are 0wned.

I had decided against commenting on the terror act killing one member of the Norwegian delegation to Afghanistan. But then this old Pixies tune kicked in: Where is my mind? Click Play before continue the reading!

 

Regarding the delegation - they published their itinerary on the Internet, thus enabling everyone the opportunity to plan where and when to meet them (or in this case - attack them). The website even had detailed information on how they where to travel, and by what means. It even said "The press will travel in a minibus (not bulletproof)".

I just have to ask the Norwegian Foreign department to sing Pixies now - Where is my mind?

---

You may also remember I discussed about the Terra Securities shanghaiing a few municipalities late last year? As I stated back then - when a sales guy comes to you with a deal that sounds too good - it probably is. After all, the sales guy cares more for his bonus than he cares for your delivery.

So the next time you find yourself considering a "too-good-to-be-true" offer - do yourself a favour and join in on the singing!

Where is my mind?

Where is my mind?

Where is my mind?

Full lyrics.

Thanks Pixies!

Bruce Schneier covers corporate spying today - you know, when your employer or your shop uses spying methodology to learn to know you better. I only wish this was new - government trained security specialists have crossed over to private business since the dawn of time.

Since you do not have to work for the government to have a license to kill - it is enough to be a hired gun - and the number of specialists increases, it is only natural that some accepts tempting offers from the corporate world.

What is more - there is nothing strange in a company - big or small; to protect itself. The challenge is to be able to draw the line - where do you stop? Is it OK to have Wall-Mart or HP to install wiretaps on you (or someone else)? If not - when would it be OK? If you think it is just fine, when would it NOT be OK anymore?

We know that most companies today use computers to track everything related to it's production, logistics and sales. Why is it so chocking to read that they are using computers to analyze and track that information too? After all, Business Intelligent and Data warehousing is nothing new under the sky.

From the article:


The fact that they let you know some of their thresholds may raise a few eyebrows, but again - if you are a smart criminal, you would not use a clean ID to buy your batch of prepaid phones, now would you? Most likely you would use someone else's CC?

When your company is large enough, you start spending money on security. And security in this sense means you put into action counter-measures and information gathering. When your company is larger than some countries, it would be quite expected that you use some of the same measures to protect your assets.

I think it is unavoidable. We keep introducing tools that facilitate the collection, storing and analyzing of data. Obviously some will collect and analyze more data than others. Surely this will continue. And most importantly, most people do not care.

Anton brought my attention to this article over at CIO. If you the slightest interest in data protection, I recommend the read!