Security & Privacy

Security researchers say they have identified a botnet that steals more than $6 million per month by generating fake customer clicks on online display ads.

Dubbed Chameleon, the botnet has infected more than 120,000 Windows-based computers in the U.S., mimicking human behavior on select Web sites to generate billions of ad impressions and fraudulent income for its creators, according to security firm Spider.io.

Click fraud costs Web advertisers in lost revenue by making them pay for illegitimate clicks. Spider.io reported that advertisers paid an average of 69 cents per one thousand impressions generated by the botnet. … Read more

The Obama Administration is headed to court today to argue that warrantless GPS tracking is just fine.

The administration will present its arguments before a federal appeals court today, despite the U.S. Supreme Court last year ruling that a warrant was needed to attach a GPS device to a suspected criminal's vehicle. According to Wired, which first reported on the story, the government believes that the high court's ruling does not account for all scenarios, and wants to see where its ruling should and shouldn't be held up.

The Supreme Court's ruling last year was … Read more

JP Morgan Chase denied this evening that it had suffered a hack that many customers claimed had suddenly reduced their checking account balances to zero.

After discovering the apparently empty accounts via the Internet or mobile devices, many Chase banking customers turned to Twitter to express their frustration and show screen shots of zero balances. Other users were greeted with messages that their bank account balances were unavailable.

But a spokesperson for the bank told CNET this evening that the problem was related to an internal issue and not a security breach.

"We have a technology problem regarding customers' … Read more

A researcher used a simple, binary technique to take control of more than 420,000 insecure devices including Webcams, routers, and printers running on the Internet -- and says that's just a hint of the potential for real trouble to get started.

In a SecLists posting yesterday, the unnamed researcher describes how he was able to take control of open, embedded devices on the Internet. The researcher did so by using either empty or default credentials such as "root:root" or "admin:admin", indicating how a surprisingly large number of devices connected to the Web … Read more

Two California men have been indicted for allegedly hacking point-of-sale terminals at Subway shops to steal at least $40,000.

Prosecutors accused Shahin Abdollahi, aka "Sean Holdt," and Jeffrey Thomas Wilkinson of hacking at least 13 point-of-sale (POS) terminals to install software that fraudulently loaded at least $40,000 onto Subway gift cards, according to an indictment unsealed in Boston on Friday (see below). The pair then allegedly used the cards to make purchases at Subway shops and sold them on eBay and Craigslist.

Abdollahi owned a Subway franchise in Southern California from 2005 to 2008 and later … Read more

"Swatting" is what you do to a fly that's buzzing around your head. But when that fly is respected security reporter Brian Krebs, swatting is what you do to him when you want to scare him and possibly cause him serious physical harm.

As recounted by Ars Technica this morning and later today by Krebs himself, the reporter was at home and cleaning his house when he opened his front door to come face-to-barrel with at least three guns, including a shotgun, handgun, and semiautomatic rifle; numerous police officers; and a half dozen police cars.

The term &… Read more

President Barack Obama had a digital agenda in his call to new Chinese President Xi Jinping congratulating him on his new position, according to a new report.

According to The New York Times, Obama and his Chinese counterpart spoke quite a bit about cyberattacks and their impact on each other's nations. The Times, which obtained the information from White House officials, didn't specifically say what was said during the conversation. But the fact that the presidents are having an open discussion on cyberattacks indicates just how far the issue has gone.

For years now, both China and the … Read more

When Matthew Keys allegedly handed over the passwords of his former employer to members of the hacker group Anonymous a couple of years ago, he probably didn't think it would lead to an indictment.

However, the U.S. Department of Justice announced today that Keys was being indicted on three counts: conspiracy to transmit information to damage a protected computer, transmitting information to damage a protected computer, and attempted transmission of information to damage a protected computer.

Keys, 26, currently works as a deputy social media editor at Reuters but used to be a Web producer for the Tribune … Read more

President Barack Obama met with 13 chief executives yesterday to dig deeper into cybersecurity.

According to The New York Times, which first reported on the meeting, the discussion took place in the White House Situation Room and was a "two-way" exchange of information between the president and the chief executives.

AT&T CEO Randall Stephenson, along with chief executives at Exxon Mobil, Bank of America, and JPMorgan Chase, were all in attendance, according to the Times.

Over the last several weeks, a slew of companies has been hit with cyberattacks. Online banking sites have also been targeted. … Read more