Via SecurityFix Blog -
CastleCops.com is accustomed to being attacked by online crooks: The volunteer-led cybercrime-fighting group has endured nearly a month long siege by thousands of criminally-controlled PCs aimed at crippling its Web site. So when the latest attack failed to prevent legitimate users from visiting the site, the bad guys unveiled an unlikely secret weapon: bogus donations.
The unauthorized contributions all came in via PayPal, the online payment service owned by eBay. Some were sent via PayPal accounts that attackers had hijacked in phishing scams; others were submitted through PayPal's e-check option using compromised checking account numbers. A few donations were for as little as $1, while other fake donations ranged as high as $2,800.
To the victims of the stolen PayPal accounts, it looks as if CastleCops is the one stealing their money, when in reality, it's the attackers. Also, the fraudulent activity seeks to ruin their relationship with PayPal.
This attempt to smear the good name of a legitimate organization by tainting them with the stain of illegal activity - known as a "reputation attack" - came after more than three weeks of sustained distributed denial-of-service (DDoS) attacks against CastleCops.com. So-called DDoS attacks direct the Web traffic of thousands of "bots - compromised PCs that when grouped together are called "botnets" -- at a targeted site, with the aim of rendering it unreachable.
CastleCops is working with PayPal and the FBI to try to stem the fraudulent donations. So far, the organization has refunded 37 unauthorized contributions, but many more are still pending. Meanwhile, even more unwanted gifts keep rolling in.
CastleCops has been under fairly consistent DDoS attacks since early this year. The group's volunteers work with Internet service providers and other industry partners to combat a variety of criminal enterprises, from phishing schemes to spam to malicious software hosted on hacked Web sites or home computers. Many of those same partners have also stepped forward to help the group fend off the DDoS attacks.
When it became clear to attackers that this most recent frontal assault was no longer working, they changed their tactics, said CastleCops co-founder Paul Laudanski.
"Clearly someone's got it in for us and has been paying someone to try and take us out, but we're bringing discredit on the botnet masters because they're not succeeding," Laudanski said.
You know you've succeeded in angering some deep-pocketed criminals when they start burning stolen PayPal accounts by the dozen after botnet-for-hire attacks fail to work. One criminal organization that CastleCops has been particularly effective against - known as the Rock Group - stole more than $150 million worth of consumer data last year in phishing attacks, according to security giant Verisign.
-----------------------------------------
Wow, this is pretty crazy.
But since an unverified Paypal account with a couple hundred dollars in it can be purchased for between 15 - 50 dollars, the bad guys can throw almost 100% of their smaller stolen accounts at Castlecops and still make huge money off the larger accounts......scary.
Castlecops reports on tons of Paypal phishing attacks, so this reputation-based attack is doomed to fail from the corporate trust standpoint...and as the news get out to the general public, it is doomed to fail on the public level as well. But while the attack might not take Castlecops out of the game, it is forcing them to be defensive....which reduces the resources that can be used for the offensive fight against the bad guys.
Artists Against 419 claims to have been a victim of a very similar reputation-based attack as well.
If any group can weather this "storm", it is Castlecops. Good luck guys....keep those reports flowing.
No comments:
Post a Comment