14 DAY TRIAL // A fake news story claiming F-Secure chief research officer Mikko Hypponen and investigative security journalist Brian Krebs were indicted on credit card fraud charges made its way online yesterday.
The story was published on fraud-news.com and then made its way to Twitter. "I called Brian up. He had already seen the article and had a pretty good idea who had done it, too. We have no idea how it ended up on fraud-news.com though," said F-Secure's Hypponen.
The article is actually a modified version of a story Krebs wrote back in 2007 when he worked for the Washington Post.
The fake version claims that Krebs and Hypponen sold cloned credit cards created with data bought online from other criminals.
Whoever created it included a screenshot of a forum post allegedly showing Krebs (alias BlazinKrabz) selling credit card "dumps" and Hypponen (alias WhiteHippo) vouching for him.
Vouching is a common practice on criminal marketplaces, while dumps refers to data encoded on the magnetic strips of credit cards. Criminals can encode the dumps onto blank cards and in combination with stolen PINs can withdraw money fraudulently from other people's accounts.
The article also claims that the two security researchers are involved in a romantic relationship, which is obviously as fake as a the story itself. "I like Brian, but not like that," said Hypponen.
Unfortunately, some Twitter users fell for it and reposted the news raising some eyebrows. "So let me just state it for the record that I'm not arrested and I have not been involved in selling stolen credit cards," the F-Secure researcher stresses.
Of course this is not the first time when cyber criminals fabricate lies about security researchers. In August 2008, Zeus Tracker maintainer Roman Hüssy woke up with the police at his door after a fake suicide note in his name was circulated online to thousands of people.