Security team hit by electronic smear campaign

Using compromised credit-card details, attackers donated funds to CastleCops' PayPal account in order to undermine its reputation

A team of volunteers formed to help combat cybercrime has been subjected to an attack which has attempted to undermine its reputation.

CastleCops, a voluntary security community, has received money from victims into its PayPal account, according to Robin Laudanski, who co-runs the organisation.

She blogged that compromised credit-card details had been used to donate sums of money to CastleCops. She suggested that the idea is that, when victims find out their money has been taken, they will assume CastleCops is involved in the fraud.

"The problem is a number of people have had their personal information stolen and used to target us in an attempt to discredit what CastleCops and its volunteers do," blogged Laudanski. "Until this happened to us, I had never heard of anyone being targeted as the recipient of fraudulent charges. Given it has happened, I hope other organisations which fight against criminal activity on the net might want to take a look at their accounts to ensure the current transactions are legitimate."

Laudanski claims CastleCops had been being subjected to an attempted denial-of-service attack for two weeks when her suspicions were raised. She contacted PayPal and asked them to initiate an investigation into CastleCops' PayPal account.

"I explained that I believed most, if not all, of the transactions we'd received within a very short period of time were fraudulent in nature. As a result, our account was frozen so we could not receive any donations until it was determined that we were also a victim," wrote Laudanski.

Andy Buss, a security analyst at Canalys, said the attack was "an interesting variation on an established method" in which attackers make small charity donations to test the validity of compromised credit-card details.

"It's an attack that's difficult to counter: attempting to turn a reputable site into a perceived negative site, and destroy its income and reputation," said Buss.

The analyst said the attack was an indication that fraud management needed to become more sophisticated.