What Passwords Do Fraudsters Use?

What Passwords Do Fraudsters Use?

Five years ago, Avast published a blog post that analyzed a database of 2,000 passwords used by hackers. It found that hackers use very easy to crack passwords just like most people. In fact, their most common password was hack! In this blog post, we follow-up on our previous post on 46M cracked passwords. This […]

Aftermath of the Takedown of a Major Carding Kingpin

Aftermath Of The Takedown Of A Major Carding Kingpin

We explained in a previous blog where stolen data goes. Last week, Brian Krebs reported that the Russians had shut down a huge card fraud ring. The FSB (Russian Federal Police) arrested 25 individuals connected with 90 online illicit markets. These websites specialized in the sale of stolen financial information. This provides us with a […]

Where Does Stolen Data Go?

Where Does The Stolen Data Go?

  The recent indictment of 4 Chinese nationals gives us an opportunity to talk about a topic that touches all the companies that have had the personal or account information they protect stolen: Where does stolen data go? The script kiddie Script kiddies are young, unsophisticated malicious actors. They purchase tools or download free ones […]

The Truth Behind Joker’s Stash / Wawa Announcement

The Truth Behind Joker's Stash

Over the past two weeks, all the leading news agency have reported that the millions of credit cards stolen at Wawa’s stores in the United States in 2019 have been put on sale on the dark web. While accurate in many ways, the news reports would benefit from a few corrections. Wawa’s stolen cards have […]

Trying Too Hard to Attract Buyers Can Backfire

Trying Too Hard to Attract Buyers Can Backfire

Malicious actors face a difficult task in online illicit markets. How can they convince others that they are offering a high quality service (ex. selling stolen credit card numbers) without exposing themselves to arrest or providing their victims (ex. financial institutions) with enough information to prevent further victimization? This blog post investigates how malicious actors […]

46M Cracked Passwords – Are People Getting Better at Securing Their Accounts?

46M cracked passwords - Are people getting better at securing their accounts?

A little over a year ago, malicious actors hacked the MyFitnessPal service. With 143 million users, this was one of the largest hack of credentials ever reported. Now, as Flare Systems is launching its leaked passwords check service, we present the three lessons we learned from analyzing this massive throve of passwords. Getting acquainted with […]

The Changing Costs of Cybercrime

The Changing Costs of Cybercrime

The Workshop on the Economics of Information Security generates year after year some of the best research on information security. This year is no different with the publication of a new paper on the costs of cybercrime. Here are the main takeaways for the financial industry. To measure the costs of cybercrime, we include: 1. […]

Extracting Intelligence From Criminal Complaints

Extracting Intelligence From Criminal Complaints

On May 3rd, law enforcement agencies announced that they had seized the servers that hosted the Wall Street darknet illicit market. They also arrested the market’s administrators. A copy of criminal complaint is now published publicly. Criminal complaints like these hold intelligence that is of high interest for many security professionals. As such, reading criminal […]

What Can We Learn From the Bitcoin Address of a Darknet Illicit Market

What Can We Learn From The Bitcoin Address of a Darknet Illicit Market

The researcher Caleb (@5auth) recently discovered the bitcoin address that the darknet illicit market (Wall Street) administrators used to manage all the purchases made on their market. This leak demonstrates just how much intelligence can be gathered using our BitCluster bitcoin intelligence tool as well as a simple bitcoin address. The wallet Caleb identified is […]

How Relevant Are Darknet Illicit Markets?

How Relevant Are Darknet Illicit Markets?

The lifespan of most darknet illicit markets is very limited. While some remain active for years, most only stay online for months. With the recent shutdown of Dreammarket and Wall Street, many people are currently asking themselves: are darknet illicit markets still relevant? We believe the answer is yes. Evolution of online illicit markets The […]