WISH YOU A HAPPY AND SECURE YEAR 2009

Friday, June 13, 2008

Quote of the day

Quote of the day

Most of the greatest evils that man has inflicted upon man have come through people feeling quite certain about something which, in fact, was false.

Bertrand Russell

New IT Term of the day

New IT Term of the day


phishing


(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.

Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

SCADA security bug exposes world's critical infrastructure

THREAT : SCADA security bug exposes world's critical infrastructure

By Dan Goodin in San Francisco

12th June 2008

http://www.theregister.co.uk/2008/06/12/scada_vuln_discovered/

Gasoline refineries, manufacturing plants and other industrial facilities that rely on computerized control systems could be vulnerable to a security flaw in a popular piece of software that in some cases allows attackers to remotely take control of critical operations and equipment.

The vulnerability resides in CitectSCADA, a software product used to manage industrial control mechanisms known as SCADA, or Supervisory Control And Data Acquisition, systems. As a result, companies in the aerospace, food, manufacturing and petroleum industries that rely on Citect's SCADA products may be exposing critical operations to outsiders or disgruntled employees, according to Core Security, which discovered the bug.

Citect and Computer Emergency Response Teams (CERTs) in the US, Argentina and Australia are urging organizations that rely on CitectSCADA to contact the manufacturer to receive a patch. In cases where installing a software update is impractical, organizations can implement workarounds.

In theory, the bug should be of little consequence, since there is general agreement that SCADA systems, remote terminal units and other critical industrial controls should never be exposed to the internet.

But "in the real world, in real scenarios, that's exactly what happens, because corporate data networks need to connect to SCADA systems to collect data that's relevant to running the business," said Ivan Arce, CTO of Core. "Those networks in turn may be connected to the internet."

Wireless access points also represent a weak link in the security chain, he said, by connecting to systems that are supposed to be off limits.

It's the second vulnerability Core has found in a SCADA system in as many months. In May, the security company warned of a flaw in monitoring software known as InTouch SuiteLink that put power plants at risk of being shut down by miscreants. Also last month, the organization that oversees the North American electrical grid took a drubbing by US lawmakers concerned it isn't doing enough to prevent cyber attacks that could cripple the country.

The scrutiny comes as more and more operators try to cut costs and boost efficiency by using SCADA systems to operate equipment using the internet or telephone lines. The technology has its benefits, but it may also make the critical infrastructure vulnerable to cyber attacks by extortionists, disgruntled employees and terrorists.

The flaw in CitectSCADA is related to a lack of proper length-checking that can result in a stack-based buffer overflow. Attackers who send specially crafted data packets can execute malicious code over the vulnerable system, according to Core, maker of the Core Impact penetration testing product.

Fraudsters pool data to beat plastic fraud checks

TECHNIQUE : Fraudsters pool data to beat plastic fraud checks

By John Leyden

11th June 2008

http://www.theregister.co.uk/2008/06/11/plastic_fraud/

Credit card conmen have developed a technique for making fraudulent purchases in the UK appear more legitimate.

The approach relies on subverting the address verification system (AVS), one of the main components used to verify card purchases. Address verification, along with the card security code number printed on the back of debit and credit cards and expiry dates, is commonly needed to make ecommerce purchases in the UK. The system is also used in the US and Canada but not in countries in mainland Europe.

The address verification system takes the numeric parts of a cardholder's billing address and checks this against that submitted during a transaction. For example if Joe Bloggs lives at 12 High Street, Walthamstow E17 7HQ, AVS will check 12 and 177.

The checks have the potential to flag up transactions where the shipping address differs from the billing address or the billing address submitted is wrong.

However fraudsters have begun exploiting the fact that many addresses can have the same AVS code. By making sure billing addresses and delivery addresses used in scams have the same code they make it more likely that purchases will go through.

Merchants will be none the wiser that anything is amiss until they get hit by chargeback charges after the legitimate card holders complain of fraudulent purchases.

Andrew Goodwill, of credit card fraud protection specialist The 3rd Man, said that it had detected 50 cases of fraudulent purchases made using the technique over the last month or so. Most of these cases came from London.

"Fraudsters have developed a massive cross reference database. It may be the information was drawn from fraudsters sharing data among themselves to the use of social engineering tricks to intimidate call centre staff into handing over details," Goodwill told El Reg. He added that defending against the approach may be very difficult.

Credit Card details stolen in web hack

HACK : Credit Card details stolen in web hack

BBC NEWS

2008/06/10

http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7446871.stm

The credit card details of up to 38,000 customers of clothing firm Cotton Traders were stolen following a hack of its website, BBC News has learned.

The firm has not confirmed the size of the breach but it has acknowledged the site was attacked early this year.

It said Barclaycard was contacted as soon as it learned of the attack, and most cards were stopped in January.

The payment industry's trade body said it was serious because hackers accessed details for "card not present" fraud.

Apacs, the trade association for the payment industry, said a specialist police force was investigating the case.

Cotton Traders was founded by ex-England rugby captains Fran Cotton and Steve Smith and has one million customers.

In a statement, Cotton Traders said all of its customers' credit card data was encrypted on the website.

'Security issue'

It said: "Earlier this year we identified a security issue. We immediately brought in industry security experts to resolve the problem.

"Cotton Traders have recently upgraded all security on their website which has been validated by leading Industry experts."

It added: "We would like to reassure all our customers that their data is secure and that the Cotton Traders website meets all leading Industry security standards."

BBC News has learned that customer addresses were also stolen in the hack.

The breach follows last year's attack on the website of TK Maxx, in which 45 million card details were lost.

In that case, data was accessed on the firm's computer systems over a 16-month period and covered transactions made by credit and debit cards dating as far back as December 2002.

The exact method used to hack the Cotton Traders website is not known.

The firm has said customers worried about their cards should contact their card provider.

Are you a customer of Cotton Traders? Do you think you might be affected by the security breach? Send us your comments using the form below.

U.S. Accuses Chinese Of Hacking Govt Computers

CHINA AGAIN : U.S. Accuses Chinese Of Hacking Govt Computers

By Stefanie Hoffman

ChannelWeb

Jun. 12, 2008

http://www.crn.com/security/208403765

Two U.S. Congressmen on Wednesday accused China of hacking into their office computers to possibly compromise sensitive information on Chinese dissidents.

U.S. Rep. Frank Wolf, a Republican from Virginia, during a speech presented on the floor of the House of Representatives, said that at least four his office computers had been infiltrated in August 2006 and that he was told by the FBI and other officials that the source of the attack appeared to be from China.

"In August 2006, four of the computers in my personal office were compromise by an outside source. This source first hacked into the computer of my foreign policy and human rights staff person, then the computer for my chief of staff, my legislative director and my judiciary staff person. On these computers was information about all of the casework I have done on behalf of political dissidents and human rights activists around the world," said Wolf in a prepared statement. "That kind of information, as well as everything else on my office computers -- emails, memos, correspondence, and district casework -- was open for outside eyes to see."

Wolf said that he believed he was the victim of an attack because of his "long history of speaking out about China's abysmal human rights record." During his speech, Wolf mentioned that he "had no information to confirm" his remarks.

In the face of the strong accusations, Chinese officials denied that the county's citizens were responsible for the attacks. Qin Gang, China's foreign Ministry spokesman, said that the Chinese did not have the technology to perpetrate a sophiticated cyber attack that could penetrate Congressional cyber defenses.

To combat what Wolf termed as a "threat to our national security," the Virginia Congressman said he planned to introduce a privileged resolution for greater protection of congressional computer and information systems, while calling on Congress to "take a lead in protecting" the country from attack.

"As a nation, we must decide when we are going to start considering this type of activity a threat to our national security, a threat that we must confront and from which we must protect ourselves," said Wolf. "The potential for massive and coordinated cyber attacks against the United states is no longer a futuristic problem. We must prepare ourselves now and develop procedures for responding to this threat."

His assertions were corroborated by Rep. Christopher Smith of New Jersey, who also echoed that his computer system had been the target of a cyber attack from China.

In a written statement issued on the House floor, Smith, a Republican, said that his Human Rights Subcommittee's computers were attacked by a virus that was executed to "take control of the computers" on two occasions, one in in December 2006 and the other in March 2007.

Smith said that the attackers broke into files that contained legislative proposals directly related to Beijing, including the Global Online Freedom Act and email correspondence with human rights groups regarding China and the names of Chinese dissidents.

"While this absolutely doesn't prove that Beijing was behind the attack, it raises very serious concern that it was,' said Smith.

During his speech, Smith asserted too that he has sponsored legislation that would prohibit U.S. companies from conducting business with secretive governments that restrict information about human rights and democracy on the Internet.

"Like Mr. Wolf, I too speak out often against the systematic abuse of human rights by the Chinese Communist government," he said. "So I was deeply concerned that the perpetrators of these crimes searched the China files on my computers."

In Beijing, Gang dismissed the allegations, citing frequent friendly exchanges between the U.S. and China. Gang implored the U.S. government officials not to be paranoid or sensationalistic, but to conduct relations in a way that is mutually beneficial to both nations.

"In recent years, China and the U.S. have had frequent exchanges. You should ask U.S. citizens in China whether their computers or their access to the Internet have been bugged," said Gang. "We urge the U.S. not to be paranoid and to do more that mutually benefits bilateral ties. China is a developing nation. Do you think we have that kind of technology? I don't believe so."

This is not the first time that the Chinese have been suspected of engaging in cyber espionage or illegal activity over the Internet. Last year, the Pentagon accused Chinese hackers of infiltrating an unclassified U.S. defense Department computer system.

In addition, a recent McAfee report indicated that Hong Kong followed by the People's Republic of China are ranked the number one and two respective most dangerous country domains for Web surfing.

The annual report classified Websites across international lines based on security risk of their country's domain. Altogether, the study compared and ranked the domains of 265 countries.

Despite indications that the location of the cyber attacks point to China, security experts say that a hacker could ostensibly own a Chinese domain but be conducting malicious activity from anywhere else in the world. Experts contend that the IP address belonging to a specific nation does not necessarily indicate that its citizens were conducting malicious activity over the Internet.

"It's just as likely that the bad guys are operating an identity theft ring out of the Ukraine." said Shane Keats, research analyst for McAfee and the study's author. "The speed and rapidity with which the bad guys move from one to the next neighborhood is surprising."

Thursday, June 12, 2008

Quote of the Day

Quote of the day

An error does not become truth by reason of multiplied propagation, nor does truth become error because nobody sees it

Mahatma Gandhi

New IT Term of the day

New IT Term of the day


pharming


Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.

Targets of Spying Get Smart

COUNTER-MEASURES : Targets of Spying Get Smart

By M.P. MCQUEEN

WALL STREET JOURNAL

June 11, 2008

http://online.wsj.com/public/article/SB121314159777262545-6dxXmClBQJW2Ji3Qov_BGfI4UfQ_20080710.html?mod=tff_main_tff_top

Tiny electronic-surveillance gadgets that James Bond could only dream of are increasingly turning up in boardrooms, bedrooms and bathrooms.

Crooks are parking vans outside people's homes to steal bank-account passwords and credit-card numbers, using programs that tap into Wi-Fi connections. Paparazzi hide cameras and microphones in private jets, hoping to record embarrassing celebrity video. Corporate spies plant keystroke-recording software in executives' laptops and listen in on phone conversations as they travel.

Now, people are deploying counter-spy technology to fight back. Some celebrities and corporate executives get regular sweeps of their offices, limos and private jets in search of hidden devices. Others hire security experts to safeguard their phones and home computers. And corporate security experts are advising businesspeople on how to keep company secrets safe while traveling abroad.

Demand for counterspy services has been heightened by a series of recent snooping incidents. Last month, Hollywood sleuth Anthony Pellicano, 64 years old, was convicted in federal court in Los Angeles of multiple counts of racketeering and illegal wiretapping. He worked on behalf of celebrities and moguls who were involved in personal or business disputes, including Bertram Fields, one of Hollywood's top entertainment lawyers; Brad Grey, now head of Viacom Inc.'s Paramount Pictures movie studio; and talent agent Michael Ovitz, according to the indictment. The three have denied any wrongdoing and haven't been charged with any crimes.

Actors Sylvester Stallone and Keith Carradine were among those who were wiretapped. Mr. Pellicano paid off phone-company workers and used a computer-software program to intercept the actors' phone calls, according to his indictment.

In April, car maker Porsche AG disclosed it had found a baby-monitoring device concealed behind the hotel sofa of its president and chief executive, Wendelin Wiedeking, last fall during his trip to Wolfsburg, Germany, for meetings with executives at Volkswagen AG. An investigation is continuing, said a company spokesman.

Kevin D. Murray, an Oldwick, N.J., counter-surveillance expert, said he received several calls from worried executives asking for sweeps of their offices and homes as soon as the Porsche incident surfaced. Mr. Murray said he handles 130 snooping investigations per year, generally charging between $4,600 and $24,000, depending on the scope of the case. His five-person operation finds devices in about 10% of the cases, a similar percentage to other firms.

Available, Affordable

The growing availability and affordability of digital surveillance equipment -- even primitive stuff such as baby monitors -- has caused mounting worries about spying, Mr. Murray says. Devices "that used to be super-duper a few years ago are ordinary now," he says. "There was a time when you had to know somebody or pay a lot of money to get the equipment. Now you can get a wireless camera for under $100 -- tiny ones, too."

Indeed, for less than $350 at spy shops and over the Internet, snoops can purchase a GPS-tracking device that is smaller than a pack of matches and includes a microphone. But because many telephones and computers are tied into network servers these days, some of the greatest threats come from malicious software and hacker attacks that reroute phone calls and steal computer passwords. Snoops install the software by sending messages with spyware attachments. Or they may steal sensitive data using programs or hardware to copy keystrokes entered onto a keyboard.

While there's anecdotal evidence that casual and malicious snooping is becoming more widespread, solid statistics are hard to come by. Many high-net-worth individuals and publicly traded companies try to keep incidents under wraps and don't report them to authorities, security experts say. The U.S. Department of Justice prosecutes only a handful of illegal-wiretapping cases annually.

Still, private-security companies say business is growing. Risk Control Strategies Inc., based in New York City, says sweeps have increased 25% in each of the past two years. It attributes the growth to a recent wave of mergers and plant closings that sometimes prompt attempts at insider trading and spying by anxious employees.

Companies also are increasingly worried about economic and industrial espionage by foreign governments and companies. Kroll Inc., a risk-control consulting company that is a unit of insurance brokerage Marsh & McLennan Cos. Inc., says inquiries in Japan have doubled in the past year. Associate Managing Director David Nagata, who is based in Tokyo, counsels visitors to have their hotel rooms swept for listening devices prior to check-in and make sure they're secured from unauthorized entry. For super-secret matters, he suggests closed-circuit cameras to monitor hallway traffic and an alarm that beeps when someone approaches the room.

Recorder in the Closet

Clyde Widrig, senior managing director for technical surveillance counter-measures at Risk Control Strategies, says his firm was hired recently by a Southern California law firm to sweep for stealth recording devices. In this case, an attorney had modified a conference-call telephone in the boardroom to pick up conversations and transmit them to a tape recorder hidden in a utility closet. Mr. Widrig, a former Los Angeles police detective, says the attorney was trying to discredit a rival in competition to become partner. Instead, the firm fired him after the recording device was discovered.

Security experts say there are some simple precautions that can be taken to prevent snooping. The easiest, of course, is to look for hidden cameras, which may be disguised as ordinary objects, such as fire sprinklers or smoke detectors. Also, don't leave cell phones and laptops where someone can take them to avoid tampering. Avoid using hotel telephones and wireless computer connections for sensitive communications. Finally, use the proper network firewalls and upgrade computers with the latest encryption and security software.

High-profile executives and celebrities may opt for counter-surveillance sweeps, but the service isn't cheap. Prices begin at about $3,000 to $5,000 for a private residence or small business, based on the complexity of the job.

During the sweeps, technicians inspect areas using thermal imaging cameras to search for hot spots that indicate concealed electronic circuits, such as transmitters hidden inside walls. They use spectrum analyzers to pick up video, voice and data transmissions. And they find eavesdropping equipment by using devices that flood an area with a high-frequency radio signal and listen for reflected signals from electronic components within the intercept device.

But sometimes, these elaborate measures are undone by executives chatting on unsecured cellphones with Bluetooth headsets and tapping on unencrypted laptops. Fred Burton, a counter-espionage expert at Stratfor Inc., suggests that companies tell executives, "You have to quit yakking on the cellphone because we're able to pick up what you're saying."

South African Civil servants in cyber crime syndicate

CORRUPT : South African Civil servants in cyber crime syndicate

Crime syndicate raking in millions

Nivashni Nair and Borrie la Grange

Jun 11, 2008

http://www.thetimes.co.za/News/Article.aspx?id=782731

Corrupt civil servants, in cahoots with a cyber crime syndicate, have robbed four provincial governments of more than R199-million in three years.

The KwaZulu-Natal, Eastern Cape, Limpopo and Mpumalanga provincial governments have all fallen victim to cyber criminals.

After identifying 27 instances in which millions were stolen from five of its departments, the KwaZulu- Natal finance and economic development department has its hands full dealing with what it calls “one of the easiest crimes to commit”.

Motlalepula Motaung, manager of KwaZulu-Natal’s internal audit services, yesterday explained the scam.

She said: “The syndicate approaches the departments’ suppliers and corrupt officials, who are asked to … download information that can help [the syndicate] get into secure [provincial government computer] sites without a pass- word so they can defraud the government.

“The corrupt government officials pocket their share.”

There has been a steady increase in the number of cyber crimes involving government departments in the province.

In 2006, eight cases were reported and last year a further 18 cases were being investigated.

The KwaZulu-Natal education department has been the hardest hit, losing about R43-million.

Cyber security expert Ian Melamed said criminals prefer to target procurement departments. They use information gleaned from spyware to create phoney user names and passwords in order to create new beneficiaries.

Melamed said: “This is only the tip of the iceberg. It is usually only when a supplier’s account details are being reconciled with payments that the fraud is picked up.”

Melamed rated the government’s ability to detect and deal with cyber crime at “minus one out of 10”.

“There is a massive shortage of trained cyber inspectors in South Africa and government department staff aren’t trained to be on the look-out for spyware, which could be slipped [into computer systems] using electronic birthday cards and even by leaving seemingly blank CDs in disc drives.”

Despite 32 arrests, the syndicate continues to milk government departments.

Melamed said more needed to be invested in cyber police.

Nigerian held for Internet fraud

TRAPPED : Nigerian held for Internet fraud

CYBERCRIME CATCH: Gang operates from UK or Nigeria, says Crime Branch

Express News Service

June 09, 2008

http://www.expressindia.com/latest-news/Nigerian-held-for-Internet-fraud/320441/

Chandigarh - “Congratulations! You have won the UK National Lottery worth one million pounds.”

Anybody will be excited to receive such an alluring e-mail and won’t mind paying £7,000 to 8,000 for receiving the huge sum of money.

This was the ploy used by Bright, a Nigerian national, the alleged kingpin of an overseas gang that cheats people through the Internet. The gang is suspected to be operating from the UK or Nigeria and has members in Punjab and other parts of India.

The Crime Branch of the Chandigarh Police arrested the 25-year-old Nigerian from the city railway station on Saturday where he had come to hand over the “prize” to one Balbir Singh, a local resident.

Bright is doing software engineering from Delhi, officers said.

Booked on charges of cheating, under Section 420 of the Indian Penal Code (IPC) and Section 14 of the Foreigner Act, he has been remanded in police custody till June 10.

The Crime Branch swung into action after it received a complaint from one Balbir Singh, a resident of Mohali, who was duped of around Rs 2 lakh.

Balbir had received an e-mail that said he had been selected as the lucky recipient of the £1 million UK National Lottery. “Balbir received the mail on May 9. He walked into the trap and ended up paying Rs 1.81 lakh,” said DSP (Crime Branch) K I P Singh.

Balbir would receive e-mails asking him to deposit money on account of courier charges, identification certificate, VAT etc in two international accounts of ICICI and Axis banks. “When I last received a call, demanding a payment of Rs 56,000 on account of government tax clearance charges, I got suspicious and approached the Crime Branch,” he said.

Balbir was advised to ask the caller to come and meet him personally. “We asked Balbir to tell them he cannot further deposit any money in the bank as he was left only with black money. We advised him to ask the caller to come to India and hand over the parcel. They refused initially, but later told Balbir to come to Delhi, to which he refused and it was finally decided that an agent will come to Chanidgarh,” said the DSP.

Accordingly, Bright came to Chandigarh and was arrested. A mobile phone was recovered from his possession. “We have found out that he was in touch with nearly 20 to 25 people from whom he was to receive money,” said K I P Singh.

The e-mails sent by the gang bore a corporate look, with warnings and notes advising the recipients not to get fooled, the police said.

The Crime Branch is yet to find out whether this gang operates from the UK or Nigeria, though the officers confirmed that the gang comprises members operating in Nigeria and India, particularly New Delhi.

The Chandigarh Police will write to the Nigerian government and the Ministry of Home Affairs soon to find out the details about other people involved.

The Central Bank of Nigeria has recently posted a message on its official website warning people not to fall in such traps.

How they trap you

v You will receive an alluring e-mail informing you that you have been randomly chosen for a huge cash prize

v If you respond, the gang will contact you through e-mails and telephone calls, demanding your identity proof, bank account number and other certificates to earn your confidence

v They will start demanding money on pretexts of airport clearance, VAT, courier charges, etc

v Within hours of your depositing the money in the specified international bank account, it is withdrawn

v You will receive a big parcel containing a box full of useless papers

Online crime threatens EU economy

THREAT : Online crime threatens EU economy

10 June 2008

http://www.ihotdesk.com/article/18632711/%60Online%20crime%20threatens%20EU%20economy%60

Cybercriminal activity threatens the economic interests of the European Union, according to a study.

Research carried out by IT security firm AVG Technologies indicates that 72 per cent of European PC users shop online, while 69 per cent use the internet for banking and 55 per cent for paying bills.

The analysis follows claims made by the European Network Information Security Agency (ENISA) at the end of May that online crime threatens the continent's economy.

Of those surveyed, 22 per cent said they had experienced some form of e-crime.

JR Smith, chief executive of AVG Technologies, said: "It's clear from both the ENISA report and our own research data that we all still have a considerable amount of work to do to protect computer users against cybercrime."

He added that as national borders disappear online, it is becoming increasingly essential for businesses and home users to know that they can safely conduct transactions online.

Last week, scientists at Ohio State University claimed they have discovered a new way to deal with internet worms.

Monday, June 9, 2008

Quote of the day

Quote of the day

Dignity consists not in possessing honors, but in the consciousness that we deserve them

Aristotle

New IT Term of the day

New IT Term of the day


personally identifiable information (PII)


Abbreviated as PII or pii, personally identifiable information is any information that can identify an individual. This type of information may be requested from users through online forms and can include your mailing address, credit card number, your IP address, phone number, e-mail address, Social Security number or any other unique identifier. Being cautious about the personally identifiable information you provide on the Internet can help reduce the risk of being a victim of identity theft. Also called personal data.

Ramsomware with 1024bit Key

HI-TECH : Ramsomware with 1024bit Key

Security firm asks for help cracking ransomware key

Gregg Keizer

Computerworld

June 08, 2008

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9094818

A security company on Friday asked for help cracking an encryption key central to an extortion scheme that demands money from users whose PCs have been infected by malware.

Kaspersky Lab, a Moscow-based antivirus firm, put out the call for assistance after it discovered a new variant of Gpcode, a Trojan horse that has been used in isolated "ransomware" attacks for the past two years.

In ransomware attacks, hackers plant malware that encrypts files and then displays a message demanding money to unlock the data. In the case of the newest Gpcode, 143 different file types are encrypted, including .bak, .doc, .jpg and .pdf. The encrypted files are marked by the addition of "_CRYPT" in their file names, and the original unencrypted files are deleted. As a camouflaging move, Gpcode also tries to erase itself.

Finally, the ransom note appears on-screen. "Your files are encrypted with RSA-1024 algorithm," it begins. "To recovery [sic] your files you need to buy our decryptor. To buy decrypting tool contact us at: xxxxx@yahoo.com."

Last Thursday, a Kaspersky analyst identified as "VitalyK" said that although the company had analyzed samples of Gpcode, it wasn't able to decrypt the files the malware encoded. "We can't currently decrypt files encrypted by Gpcode.ak," said VitalyK in an entry to the company's research blog. "The RSA encryption implemented in the malware uses a very strong, 1024-bit key."

According to Kaspersky's write-up, the key is created by Windows' built-in cryptographic component, Microsoft Enhanced Cryptographic Provider. Kaspersky has the public key in hand — it is included in the Trojan's code — but not the associated private key necessary to unlock the encrypted files.

Two days later, another Kaspersky researcher asked for help. "Along with antivirus companies around the world, we're faced with the task of cracking the RSA 1024-bit key," said Aleks Gostev, a senior virus analyst. "This is a huge cryptographic challenge. We estimate it would take around 15 million modern computers, running for about a year, to crack such a key." Gostev provided the public key in his posting.

"So we're calling on you: cryptographers, governmental and scientific institutions, antivirus companies, independent researchers," said Gostev. "Join with us to stop Gpcode."

One rival researcher, however, took exception to the call to arms. In a message posted to Kaspersky's support forum, Vesselin Bontchev, a Bulgarian researcher who works for Frisk Software, an Icelandic antivirus company, called it a stunt.

"What is proposed here is an unrealistic, useless waste of time that will fail," said Bontchev, who also charged that Kaspersky's estimate of the computing time it would take to break the key was optimistic. "The only use of this project is for generating free publicity for Kaspersky Labs."

A Kaspersky employee identified as "Codelancer" replied, thanking Bontchev for his opinion, but then closed the thread. Kaspersky Labs' U.S.-based public relations representative wasn't available Sunday for additional comment.

The company has had success in the past breaking Gpcode's encryption keys, however. Two years ago, when the ransomware Trojan first appeared, Kaspersky's researchers were able to crack the 660-bit key, but only because the malware's maker had made mistakes implementing the encryption algorithm. Gpcode also reappeared last summer, locking the encrypted files with what its maker claimed was a 4096-bit RSA key.

Kaspersky told users that backing up their data is the surest way to sidestep ransomware scams. "That way, if you do fall victim to Gpcode and your files get encrypted, at least you won't have lost any valuable information," said a third Kaspersky analyst, David Emm.

McAfee Names Most Dangerous Domains

DANGER : McAfee Names Most Dangerous Domains

New McAfee Research Names Hong Kong as Most Dangerous Country Domain; Finland is Safest

June 4, 2008

http://www.mcafee.com/us/about/press/corporate/2008/20080604_181010_g.html

SANTA CLARA, Calif. - Hong Kong (.hk) domain has jumped 28 places as the most dangerous place to surf and search on the web according to a new McAfee Inc. (NYSE: MFE) report called "Mapping the Mal Web Revisited" which is released today. Hong Kong takes the mantle from Tokelau, a tiny island of 1,500 inhabitants in the South Pacific.

"Just like the real world, the virtual threats and risks are constantly changing. As our research shows, Web sites that are safe today can be dangerous tomorrow. Surfing the Web based on conventional wisdom is not enough to avoid risk online," said Jeff Green, Senior Vice President of Product Development & Avert Labs.

The second annual McAfee "Mapping the Mal Web" report into the riskiest and safest places on the Web reveals that 19.2% of all Web sites ending in the ".hk" domain pose a security threat1 to Web users. China (.cn) is second this year with over 11%. By contrast, Finland (.fi) remains the safest online destination for the second year with 0.05%, followed by Japan (.jp).

The most risky generic domain from 2007's report became more dangerous with 11.8% of all sites ending in .info posing a security threat and is the third most dangerous domain overall while government websites (.gov) remained the safest generic domain. The most popular domain, .com, is the ninth riskiest overall.

Using McAfee SiteAdvisor technology, McAfee analyzed 9.9 million heavily trafficked Web sites found in 265 different country (those ending in country letters e.g. Brazil .br) and generic (those ending in .net or .info for example) domains.

The study compared the ratings of sites found in each of the 265 country and generic domains and ranked them by the number of risky Web sites found in each domain that contained adware, spyware, viruses, spam, excessive pop-ups, browser exploits or links to other red-rated sites.

Among country domains Romania (.ro) and Russia (.ru) remained in the top five most dangerous places with 6.75% and 6% of their Web sites ranked as risky while country domains like Japan (.jp) and Australia (.au) remained safe surfing environments.

Other key findings from McAfee "Mapping the Mal Web Revisited" report 2008 include:

v The chance of downloading spyware, adware, viruses or other unwanted software from surfing the Web increased 41.5% over 2007

v Sites which offer downloads such as ringtones and screen savers that are also loaded with viruses, spyware and adware increased over the last year from 3.3% to 4.7%

v The Philippines (.ph) experienced a 270% increase in overall riskiness

v Tokelau (.tk) and Samoa (.ws) were notably safer in 2008 dropping to 28th and 12th

v In Europe, Spain (.es) experienced a 91% increase in overall risk

Rankings are restricted to 74 heavily tested top level domains and based on percent of red and yellow sites.

The full McAfee "Mapping the Mal Web Revisited" report is available for download at www.mcafee.com/advice

Mumbai Cyber Police turn Hacker Victim

ANOTHER VICTIM : Mumbai Cyber Police turn Hacker Victim

TNN

6 Jun, 2008

http://economictimes.indiatimes.com/Infotech/Internet_/When_cyber_police_turn_a_hacker_victim/articleshow/3104678.cms


MUMBAI: In case you thought that working in the Commissioner of Police’s headquarters would ensure that your system would not be hacked, think again.

On (last) Monday, when Sanjay Mohite, DCP — Prevention, resumed work, he could not send any mails from his office computer. The reason. The man in-charge of cyber crime prevention in the city had a system that was hacked. “I have had to send out a mail to all my contacts informing them that my system has been hacked and that they may receive mail from my ID that I have not sent,” says Mr Mohite.

He adds though, that he has allowed the hacker to have access to his system so that he is able to trace him.

With more and more people taking to the internet for a variety of reasons and more banks offering internet-related services, the threat of such occurrences has only increased. Apart from the plethora of online shopping options available with the use of a credit card, almost every bank offers its customers services like e-banking. And this, in a way, makes things easier, for those wanting to play dirty.

Online shopping sites require absolutely no information about you, except your credit card number and expiry date. So, if someone has a good memory and has caught a glimpse of the number, you could very well receive a bill for things you never bought. “If the culprit is in India then we can trace them through the IP address and they will be caught. But if the culprit is someone abroad, it is a complicated process,” says Mr Mohite.

A case in point is the case registered in September 2007. Sub-inspector Kulkarni says, “The Maharashtra government’s website was hacked and the front page changed. We traced the IP address to the US, but nothing could be done as it needs to go through official channels. The case is still pending.” Mr Mohite adds, “First we need to see under what sections of our law is it a crime and then if it is considered a crime in other countries and under what law. It then becomes a judicial process and a letter is sent through the external affairs ministry. In most cases though, the police do not cooperate.”

Cyber theft is not something new as far as India is concerned, with numerous cases being registered. In January this year, Ms Kulkarni informs, a case was filed by a woman whose ICICI e-banking account was hacked and Rs 60,000 was transferred by the culprit. The culprit managed to get access to her username and password by sending her a phishing mail which then installed a keylogger software on her system.

The software then recorded her username and password when typed out and the money was later withdrawn. The DCP is quite sure that apart from phishing sites and mails, like the infamous case in 2006 which duped numerous customers of ICICI Bank of their e-banking details and later money as well, there are bound to be instances of bank websites being hacked.

This probably never see the light of day since banks are determined not to have their name tarnished. “Even when it comes to individuals, a lot of cases do not get reported since banks are willing to pay up to Rs. 25,000 per person as compensation as long as a case is not filed,” he adds.

Even once cases are solved, compensation is not immediate; victims usually get relief once the judiciary has gone through the findings and delivered a judgment. So the next time you decide to shop online or flash your card, remember that someone may just be making note of your details to have fun at your expense later.

Fraudsters hack into UK Home Office website

VICTIM : Fraudsters hack into UK Home Office website

By Ben Leach

08/06/2008

Telegraph, UK

http://www.telegraph.co.uk/news/uknews/2091958/Fraudsters-hack-into-Home-Office-website.html

Cunning computer hackers have hijacked the Home Office crime reduction website and used it to carry out an elaborate online scam.

The fraudsters set up a fake page on the website then sent millions of web users a "phishing" email purporting to be from an Italian bank, asking customers to visit the page and confirm their bank details.

Anyone who typed in their password left themselves open to money being stolen from their account.

The security breach began last Sunday and was not resolved until the following morning.

Jacques Erasmus, of internet security firm PrevX, who spotted the fraud, said: "This is very embarrassing for the Home Office. It is a bit like having a mugger hiding in the local police station nicking people's wallets when they come in."

He said the fraudsters might have targeted the crime reduction website in ordered to show off or "stick it to the man".

The Home Office is investigating. A spokeswoman said: "The Home Office takes security of its information very seriously and a review of the security of our websites is already underway."

This Day in History

Thanks for your Visit