Security team hit by electronic smear campaign

Security team hit by electronic smear campaign

Summary: Using compromised credit-card details, attackers donated funds to CastleCops' PayPal account in order to undermine its reputation

SHARE:
TOPICS: Security
0

A team of volunteers formed to help combat cybercrime has been subjected to an attack which has attempted to undermine its reputation.

CastleCops, a voluntary security community, has received money from victims into its PayPal account, according to Robin Laudanski, who co-runs the organisation.

She blogged that compromised credit-card details had been used to donate sums of money to CastleCops. She suggested that the idea is that, when victims find out their money has been taken, they will assume CastleCops is involved in the fraud.

"The problem is a number of people have had their personal information stolen and used to target us in an attempt to discredit what CastleCops and its volunteers do," blogged Laudanski. "Until this happened to us, I had never heard of anyone being targeted as the recipient of fraudulent charges. Given it has happened, I hope other organisations which fight against criminal activity on the net might want to take a look at their accounts to ensure the current transactions are legitimate."

Laudanski claims CastleCops had been being subjected to an attempted denial-of-service attack for two weeks when her suspicions were raised. She contacted PayPal and asked them to initiate an investigation into CastleCops' PayPal account.

"I explained that I believed most, if not all, of the transactions we'd received within a very short period of time were fraudulent in nature. As a result, our account was frozen so we could not receive any donations until it was determined that we were also a victim," wrote Laudanski.

Sentry Posts Blog

Sentry Posts Blog

Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

Read more

Andy Buss, a security analyst at Canalys, said the attack was "an interesting variation on an established method" in which attackers make small charity donations to test the validity of compromised credit-card details.

"It's an attack that's difficult to counter: attempting to turn a reputable site into a perceived negative site, and destroy its income and reputation," said Buss.

The analyst said the attack was an indication that fraud management needed to become more sophisticated.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion