Hackers using QR Codes to Push Malware

Always something new… As these kinds of codes are mainly used on mobile phones (or only used on mobile phones) the malware actually addresses smartphones “only” – in this case Android: Hackers using QR codes to push Android malware. If you use a code such as this (source: ZDnet Article referenced): You will be redirected…


Less Spam? Another Successful Botnet Takedown!

Our Digital Crimes Unit just took down another one: After Rustock and Waladec, now comes Kelihos. This is another great success in fighting criminals. If you want to read more: Microsoft Neutralizes Kelihos Botnet, Names Defendant in Case Roger


Mutual Authentication in Real Life–Launching a Nuclear Missile…

A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether we…


Libya Violence Exploited by Scammers

It is a repeating pattern but not the less disgusting. Whenever bad things happens on the globe, the criminals are not far. This happened during hurricane Katrina, the tsunami in Indonesia, the earthquake in Haiti and now, not surprisingly in Libya as you can read in this blog post by Sophos: Violence in Libya exploited…


Six “New” Attack Vectors

Reading this article Six New Hacks That Will Make Your CSO Cringe made me think as it has a few fairly interesting approaches: Fake Phone Networks: I am wondering how much work it takes to do it. If the effort is not too high, I am not (yet) too worried about it. But still, for…


The Wild West on the Internet… A Crime Story

A fairly interesting thriller on the Internet. It just shows that we need better ways to collaborate between private and public sector and to hunt criminals: How one man tracked down Anonymous—and paid a heavy price Scary… Roger


Cybercrime: A Recession-Proof Growth Industry

That’s obvious as people probably tend to want to trust more, the worse their situation is. Nevertheless it is even more disgusting going after the desperate! Cybercrime: A Recession-Proof Growth Industry Roger


Fighting Crime and Protecting Privacy–a Contradiction?

I was reading an article today called Does Your ISP Care About Protecting Your Privacy?. An interesting question. The ISPs in the article are even thinking of VPNing all the traffic to avoid the necessity for keeping the logs (or probably better, NATing the whole network). So it seems that the ISPs in this article…


Phishing still very effective: 35 cards in 5 hours

I just read this blog post by ESET laboratories: Inside a phishing attack: 35 credit cards in 5 hours. They analyzed a very poorly designed phishing attack and found that: The first access to the site was on January 20 at 10:01 pm (as seen in picture). The latest registered access was on the same…


Conclusion on UNODC: Open Ended Expert Group on Cybercrime

I told you that I will attend the UNODC: Open Ended Expert Group on Cybercrime, which is now slowly coming to an end. Let me draw a few conclusions on the meeting. It was not the first UN meeting I attended and – depending on the audience – the discussion can easily result an long…