How virtual credit card skimmers successfully target blue-chip firms that should have the resources to repel their attacks
Despite the banking industry’s best efforts and the launch of a multitude of awareness-raising campaigns by law enforcement agencies across the globe, criminals are still able to use ATM machine and point-of-sale (POS) payment system skimmers to harvest consumers’ credit card details with relative ease. In just the past few weeks, a French-Brazilian man was handed a suspended jail sentence in Australia after being convicted of using an ATM skimmer to fleece victims of tens of thousands of dollars, while police in numerous states across the US have reported increased incidents of credit card skimming devices being found attached to payment consoles at petrol station pumps.
If it were not bad enough that the makers of cash machines and POS devices appear to be completely unable to prevent a scam that now seems relatively low-tech in nature, hackers are increasingly turning to a virtual version of credit card skimming that targets information entered by buyers during the checkout process on ecommerce platforms.
Earlier this week, Interpol revealed that it had supported an operation that resulted in the arrest of three suspects in Indonesia who are alleged to have used digital skimming code to steal the personal credit card information of consumers using multiple ecommerce platforms. The international law enforcement agency said the three suspects went on to use the card details they stole to buy electrical equipment before selling it on at a profit.
In collaboration with online security firm Group-IB, Interpol also identified several servers associated with this type of crime and a number of infected websites in six countries in the ASEAN region. The results of the operation demonstrated the relative ease with which virtual credit card skimmers can be deployed, highlighting the fact that they can be difficult to detect and can be bought and deployed by hackers easily for as little as $250.
In March of last year, Group-IB revealed that Magecart malware that took the form of just one line of code had comprised more than 800 websites, including one run in the UK by apparel maker FILA. With finding such code being like searching for a needle in a haystack, it seems likely that Magecart attacks will live as long and happy a life as physical credit card skimming.
Why you should worry about more than your device’s search history when viewing porn online
Many adult website users assume they can cover their tracks by turning to their web browser’s incognito mode whenever they want to view explicit pictures or videos online. While it is true that using this type of technology will keep visits to sites that host such material out of a user’s internet search history, pornography enthusiasts should be aware that their adult viewing activity will still be very far from secret.
The majority of porn fans will be smart enough to realise that their online viewing habits will be visible to their internet service provider even when a web browser’s incognito mode is being used, but it will be likely that few spend too much time worrying about this. Others might feel quite comfortable signing up for premium services from their adult entertainment purveyor of choice, and have no qualms about providing their email address and credit card details while doing so.
However, several recent and historic data breach incidents suggest that pornography fans would be well advised to put as much time and effort into worrying about how much information is recorded about their adult entertainment consumption in data centres across the globe as they do into threating about the personal search history on their devices.
Just last week, it was reported that researchers at cyber security firm TurgenSec had discovered that a database left unsecured by UK telecoms and entertainment giant Virgin Media contained information linking some of its customers to porn sites. Responding to Virgin’s initial claim that the database only contained “limited contact information”, TurgenSec issued a statement on its website explaining that the exposed information in fact linked customers to “[r]equests to block or unblock various pornographic, gore related and gambling websites, corresponding to full names and addresses”. Virgin said the information on the database had been accessed on at least one occasion by an unknown user, raising the prospect that the details on it could be used by hackers to target Virgin customers in sextortion scams.
Although such breaches are rare among major internet service providers and telecom firms, partly on account of how tightly regulated they are, information held by adult websites themselves can be much more vulnerable. Perhaps the most notorious breach of an adult website’s database came in 2015 when a hacking group obtained information relating to the users of Ashley Madison, an online dating site that facilitates affairs between married people and those in long-tern relationships.
While not a pornography website per se, people whose personal information was linked to the service found that the impact on their lives was devastating. Having threatened to do so for weeks, the cyber criminals behind the breach leaked the names of 32 million users of the site in August 2015, resulting in people losing their jobs, their relationships, and in some cases even taking their own lives. Soon after the exposure of the Ashley Madison database, sextortion fraudsters launched campaigns to exploit the fears of those who might have appeared on it.
Over the intervening years, numerous porn sites across the world have leaked their users’ details, potentially putting them at of these types of scams. In July 2019, researchers at Cornell University published a paper that revealed 93% of the adult websites they studied were leaking data to third-party entities, such as online advertisers or web analytics providers. “Everyone is at risk when such data is accessible without users’ consent, and thus can potentially be leveraged against them by malicious agents acting on moralistic claims of normative gender or sexuality,” the researchers wrote.
In January of this year, online security firm vpnMentor revealed that porn cam network PussyCash had exposed the details of thousands of “models”, leaking over 875,000 files that included photographs of amateur porn performers in which their faces could be seen alongside personal information including names, dates of birth and passport information. Back in 2016, the names of nearly 800,000 registered users of pornography website Brazzers were exposed in a data breach, with information relating to visitors’ sexual preferences and favourite adult performers posted by hackers online.
As well as exposing porn site users to embarrassment and potential blackmail, these types of data breaches have scuppered efforts to make the internet safer for children in some countries. UK proposals to force porn viewers to sign up to an age verification system before accessing their preferred adult content were dropped last year partly on account of privacy and security concerns. The upshot of all this is that anybody who is partial to watching pornography online should probably worry just as much about how much information about their viewing habits is being stored on databases around the world as they do about the information in their internet browser.
Scammers the world over are exploiting public fears over the coronavirus outbreak
Scammers across the globe are looking to profit from public fears over the coronavirus outbreak, with reports the world over highlighting how fraudsters are seeking to exploit the panic created by the spread of the disease.
On Wednesday, Kyodo News reported that authorities in China have seized more than 31 million counterfeit or substandard face masks as members of the public clamour for such products amid a countrywide shortage.
China’s Ministry of Public Safety said police in the country have dealt with 688 cases involving the manufacture and sale of fake and substandard protective materials, arresting over 1,560 people while doing so.
China’s state-backed Xinhua news agency quotes the ministry as saying that as of Monday, law enforcement officers across the country had dealt with some 22,000 criminal cases related to the coronavirus outbreak.
Addressing a press conference in Beijing this week, Vice Minister Du Hangwei revealed that a total of 4,260 suspects have been detained in relation to these alleged offences.
On Sunday, the UK’s People newspaper revealed that phishing scammers are sending elderly and vulnerable British citizens emails that purport to be from the country’s National Health Service in which they demand a payment of £169.99 ($216) for access to “rapid and effective treatment” for the disease.
Elsewhere, Business Insider reports that Facebook has announced that it will take down bogus adverts that guarantee a cure, create a sense of urgency or otherwise attempt to profit from the virus.
In a statement, the company said: “In the weeks after the World Health Organisation (WHO) declared a public health emergency, Facebook is working to support their work in multiple ways, including taking steps to stop ads for products that refer to the coronavirus and create a sense of urgency, like implying a limited supply, or guaranteeing a cure or prevention.
“For example, ads with claims like face masks are 100% guaranteed to prevent the spread of the virus will not be allowed.”
In a similar move, USA Today reports that online retail giant Amazon has warned third-party face mask sellers about marking up prices to take advantage of fears over the coronavirus outbreak.
While vendors on Amazon are generally allowed to change the price of their products within reason, the company’s policy states: “If we see pricing practices on a marketplace offer that harms customer trust, Amazon can remove… the offer, suspend the ship option, or, in serious or repeated cases, suspending or terminating selling privileges.”
In January, NutraIngredients-USA revealed that the US Natural Products Association (NPA) had asked federal authorities to monitor dietary supplement companies that claim their products can be used to treat the coronavirus.
NPA President and CEO Daniel Fabricant commented: “We have been in touch with some of the ecommerce organisations.
“We are urging them to take a look at how marketers that sell on their sites are tagging products.”
Earlier in February, the US Federal Tarde Commission warned that fraudsters are seeking to take advantage of fears surrounding the disease by setting up websites to sell bogus products targeting potential scam victims through misleading social media posts and phishing emails.
The commission warmed that such social media posts or phishing messages often appear to promote awareness of the disease and may include prevention tips.
They might also ask readers to donate to victims of the virus, or offer advice on unproven treatments, and will often include malware in the form of attachments or links to websites controlled by hackers designed to harvest victims’ personal and financial information.
Offering similar advice this month, UK anti-fraud organisation Cifas cautioned the British public to be on the lookout for scams designed to prey on fear and anxiety over the spreading of the virus.
In a statement, Cifas CEO Mike Haley said: “Fraudsters are always looking for new ways to prey on people’s fear and anxieties, and so it’s very likely that these scams will only increase as coronavirus spreads.
“My advice is to not let fraudsters scare or pressure you into making any hasty decisions. Take your time and do your research, and remember to never hand over personal or financial details – don’t let criminals benefit from this serious situation.”
Separately, the WHO, which is leading global efforts to control the outbreak, has warned that cyber criminals are using its name in a bid to steal money and personal information from victims online.
The UN agency said it would never ask people to log in to any website to view safety information related to the coronavirus, and would never email unsolicited attachments.
The WHO also noted it would never prompt people to visit a website other than its own, and would never charge money to apply for a job, register for a conference, or reserve a hotel.
“WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency,” the organisation said.
“Using this method, criminals can install malware or steal sensitive information.”
How America’s methamphetamine crackdown enriched Mexican drug cartels and made the country’s problem with the drug worse
Up until 2006, the overwhelming majority of methamphetamine consumed in the US was manufactured in domestic labs scattered across the country. Then, at what came to be considered the peak of the country’s meth use epidemic, new legislation was introduced that made it much more difficult for producers of the drug to get hold of the ingredients required to make it. The 2005 Combat Methamphetamine Epidemic Act included much stricter controls on the sale of ephedrine, pseudoephedrine and phenylpropanolamine, and resulted in a sharp fall in the amount of meth produced in the US.
Thanks to the introduction of laws such as these and numerous crackdowns on US methamphetamine manufacturers launched by the Drug Enforcement Administration (DEA), domestic production of the substance was almost eradicated during the latter part of the mid-2000s, save for small time producers using the highly dangerous so-called “shake-and-bake”. But rather than ending the country’s problem with the drug, these developments opened a huge opportunity for Mexican trafficking cartels, which have over the intervening years more than plugged the gap left in the market.
While the Combat Methamphetamine Epidemic Act did result in a fall in the number of meth users and hospital admissions related to use of the drug in the immediate aftermath of its introduction, the emergence of Mexican labs turning out huge quantities of what has come to be referred to as “super meth” soon began to reverse any gains. Having fallen to a low of 314,000 in 2008, the number of American’s using methamphetamine in 2018, the most recent year for which data is available, rose to 1.9 million, according to the 2018 National Survey on Drug Use and Health. This was equivalent to a rise from 0.1% of the US population to 0.7%. Experts agree that the drug’s extraordinary comeback is being driven almost exclusively by Mexican cartels skilful exploitation of US efforts to end domestic production of methamphetamine.
Unlike what was being produced in domestic labs, the meth coining into the US from Mexico is typically close to 100% pure and can cost as little as $5 a hit. The price of the drug has plummeted over recent years thanks to the sheer volumes the cartels are bringing into America, making it even more attractive to addicts looking to get as a long a high as possible for their money. In July of last year, federal drug data seen by NPR revealed that seizures of meth by US law enforcement agencies rose 142% between 2017 and 2018.
In November of last year, acting US Customs & Border Protection Commissioner Mark Morgan warned that super labs in Mexico were flooding America with ever cheaper and purer forms of meth. During a White House press briefing, Morgan said: “The illicit narcotics the transnational criminal organisations are flooding the US with are making their way to every town, city, and state in this country. It isn’t just a border issue. Make no mistake: If your city, town, or state has a meth problem, it came from the southwest border.”
Away from National Survey on Drug Use and Health data, other indicators suggest super meth is beginning to take its toll on users. At the end of January, the US Centres for Disease Control and Prevention revealed that between 2012 and 2018, the rate of drug overdose deaths involving psychostimulants such as methamphetamine increased nearly five-fold. Separately, a study published by Millennium Health in the JAMA Network journal this January revealed that use of methamphetamine is rocketing across the US, with the number of urine samples testing positive for the drug rising from about 1.4% in 2013 to around 8.4% last year. The findings of the study suggested that “methamphetamine-related overdose deaths [especially] may continue to increase”.
As part of its efforts to stem the flow of methamphetamine flooding into the country, the DEA last week launched Operation Crystal Shield, which will see the agency target major methamphetamine trafficking hubs in locations such as Atlanta, Dallas, El Paso, Houston, Los Angeles, New Orleans, Phoenix and the St Louis Division. The DEA said in a statement that these locations accounted for 75% of all methamphetamine seizures made in the US last year.
But with the Mexican cartels coming up with evermore ingenious methods of sneaking their products into the country, including bringing methamphetamine into the US in liquid form, the DEA will have its work cut out. While well intentioned, the mid-2000s crackdown on America’s methamphetamine crisis not only appears to have opened up an extremely lucrative new line of business for Mexican trafficking gangs, but may very well also have made the country’s already disastrous relationship with the drug much worse.
- Oligarques russes et pétrole vénézuélien
- Crooked vendors exploiting flaw in eBay’s feedback system to con buyers into purchasing bogus and dangerous items
- Major ‘lover boy’ prostitution gang broken up by coalition of European law enforcement agencies
- Taking cocaine will not cure people struck down with the coronavirus, French government warns public
- US politicians call for state action against Pornhub over allegations it hosted rape and child abuse videos