Happy 15th anniversary, KrebsOnSecurity! – Krebs on Security

KrebsOnSecurity.com turns 15 today! Perhaps it’s not fair to celebrate the birthday of a cybercrime blog that often publishes bad news, but happily most of the impressive security stories of 2024 were about bad things happening to bad people. It’s also an opportunity to note that despite my publishing fewer stories than ever this past year, we’ve somehow managed to attract record levels of reading (thank you!).

In case you missed any of them, here is a summary of the most read stories of 2024. In January, KrebsOnSecurity shared the story of a Canadian man who was falsely accused and lost his job after falling victim to a sophisticated e-commerce scam known as triangulation fraud. This can happen when you buy something online — from the seller onward Amazon or eBayfor example — but the seller is not the owner of the thing being sold. Instead, they purchase the item using stolen payment card data and your shipping address. In this scam, you get what you ordered, and the only person left to dispute the transaction is the owner of the stolen payment card.

March featured some investigation into the history of the various services of the broker’s search data. One story revealed that the CEO of a Belarusian privacy and data removal service OneRep in fact it had established a number of search services, including many that OneRep offered to remove people from for a fee. That story quickly prompted Mozilla to cut its relationship with OneRep, which Mozilla had bundled as a privacy option for Firefox users.

It’s a matter of digging into the seller of consumer data Radaris discovered that its CEO is a fake identity, and that the company’s founders were Russian brothers in Massachusetts who run a number of Russian-language dating services and related programs, in addition to a bewildering array of dating websites.

Radaris repeatedly threatened to sue KrebsOnSecurity unless the publication was retracted in its entirety, complaining that it was full of factual and egregious errors. Instead, we doubled down and published all the supporting evidence that was not included in the original story, leaving little room for doubt about its conclusions. Accordingly, Radaris is now pushing OneRep as a service when consumers request that their personal information be removed from a data vendor’s website.

Easily the longest story this year has been the investigation into Stark Industries Solutions, a large, mysterious new Internet holding company that took place during Russia’s invasion of Ukraine. That piece revealed how Stark was being used as a global proxy network to hide the true source of cyberattacks and assassination campaigns against Russia’s enemies.

Much of my summer was spent reporting the story of how advertising and marketing companies have created a free-for-all world where anyone can track the daily movements and movements of hundreds of millions of mobile devices, thanks to the abundance of mobile location data. widely available and inexpensive.

A study published in September examines the dark nexus between destructive groups and cybercriminal communities used for financial fraud. That analysis found an increasing number of young, Western cybercriminals are also members of fast-growing online gangs that exist solely to bully, blackmail, harass and extort vulnerable youth to harm themselves and others.

One such story was a Canadian hacker who used an alias Jewish. Identified by Mandiant as one of the most dangerous actors of 2024, Judische was responsible for the hack that exposed the confidential information of hundreds of millions of Americans. That story withheld Judische’s real name, but the reporting came in handy in late October when a 25-year-old Canadian man named Connor Riley Moucka was arrested and charged with 20 criminal charges in connection with the Snowflake data breach.

In November, KrebsOnSecurity published a profile of Judische’s partner – a hacker known as Cyberphant0m – explaining how Cyberphant0m has left a trail of clues that strongly suggest they are or have recently been a US Army soldier living in South Korea.

My reporting in December was largely split between two investigations. The first is the profile Cryptomusa mysterious cryptocurrency exchange allegedly based in Canada that has become a major payment processing and sanctions evasion platform for a number of Russian exchanges and cybercriminal services.

How to Lose a Fortune in Just One Bad Click told the harrowing stories of two victims of a cryptocurrency heist who were scammed out of six and seven figures after falling for sophisticated forms of social engineering over the phone. In this attack, fraudsters exploited at least four different Google services to trick targets into believing they were talking to a Google representative, and give the thieves control of their account with a single click. Look for a story here in early 2025 that will examine the inner workings of these ruthless and relentless phishing groups.

Before signing off on 2024, let me remind readers that the reporting we are able to provide here is made possible primarily by the advertisements you may see at the top of this website. If you currently do not see ads when loading this website, please consider enabling a different setting in your KrebsOnSecurity.com ad blocker. There is no third-party content on this website, other than a YouTube video embedded as part of a story. More importantly, all of our ads are still images or GIFs tested by me and served directly in-house.

Basically, my work is supported and developed by yours readingtips, encouragement and, yes, criticism. So thanks for that, and keep coming, please.

Here’s to a happy, healthy, wealthy and cautious 2025. I hope to see you again in the new year!