Wednesday, January 21, 2009

Quote of the day

Quote of the day

Until lions have their historians, tales of the hunt shall always glorify the hunter

African proverb

New IT Term of the day

New IT Term of the day

Trojan Horse

A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

Trojan horses are broken down in classification based on how they breach systems and the damage they cause. The seven main types of Trojan horses are:

* Remote Access Trojans

* Data Sending Trojans

* Destructive Trojans

* Proxy Trojans

* FTP Trojans

* security software disabler Trojans

* denial-of-service attack (DoS) Trojans

U.S. plots major upgrade to Internet router security

OVERHAUL : U.S. plots major upgrade to Internet router security

Millions to be spent adding cryptography to BGP

By Carolyn Duffy Marsan

Network World



The U.S. federal government is accelerating its efforts to secure the Internet's routing system, with plans this year for the Department of Homeland Security to quadruple its investment in research aimed at adding digital signatures to router communications.

DHS says its routing security effort will prevent routing hijack attacks as well as accidental misconfigurations of routing data. The effort is nicknamed BGPSEC because it will secure the Internet's core routing protocol known as the Border Gateway Protocol (BGP). (A separate federal effort is under way to bolster another Internet protocol, DNS, and it is called DNSSEC.)

Douglas Maughan, program manager for cybersecurity R&D in the DHS Science and Technology Directorate, says his department's spending on router security will rise from around $600,000 per year during the last three years to approximately $2.5 million per year starting in 2009. (Read about "4 open source BGP projects being funded.")

"BGPSEC is going to take a couple of years to go through the process of development and prototypes and standardization," Maughan says. "We're really talking . . . four years out, if not longer, before we see deployment."

Experts hailed the move, saying BGP is one of the Internet's weakest links.

"The reason BGP problems are so serious is that they attack the Internet infrastructure, rather than particular hosts. This is why it is a DHS-type of problem," says Steve Bellovin, a professor of computer science at Columbia University who has worked with DHS on routing security.

BGP is "one of the largest threats on the Internet. It's incredible -- the insecurity of the routing system," says Danny McPherson, CSO at Arbor Networks. "Over the last 15 years, the security of the Internet routing system has done nothing but deteriorate."

McPherson says routing security has been a chicken-and-egg problem for the Internet engineering community.

"There doesn't exist a formally verifiable source for who owns what address space on the Internet, and absent that you can't really validate the routing system," McPherson says.

With its extra funding, DHS hopes to develop ways to authenticate IP address allocations as well as router announcements about how to reach blocks of IP addresses.

"The hijacking attempts that have gone on with routing are much more nefarious than the ones in the DNS," says Mark Kosters, CTO of the American Registry for Internet Numbers (ARIN), adding that DNS attacks tend to get more press. "People don't realize how open for attack the BGP structure is. The DHS effort is trying to close that all up."

BGP security targeted in 2003

The U.S. federal government first discussed the vulnerability of the Internet's routing system in its "National Strategy to Secure Cyberspace," which was issued in 2003. The Presidential directive identified two Internet protocols -- BGP and DNS -- that require modifications to make them more secure and robust.

Since then, the feds have made progress on adding authentication to DNS. Last fall, the U.S. federal government announced that it would adopt DNS security extensions known as DNSSEC across its .gov domain by the end of 2009. The feds also are exploring ways to deploy DNSSEC on the DNS root servers.

The federal push for DNSSEC gained momentum last summer after a significant DNS vulnerability was discovered. Security researcher Dan Kaminsky discovered a DNS bug that allows for cache poisoning attacks, with which a hacker redirects traffic from a legitimate Web site to a fake one without the user knowing.

DNSSEC prevents hackers from hijacking Web traffic by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption

Now the feds are looking to add digital signatures and a public-key infrastructure to routing information, which is vulnerable to attack when it is shared between numbering registries, ISPs and enterprises.

New BGP security measures would prevent incidents such as when Pakistan Telecom blocked YouTube's traffic in February 2008.

Bellovin says most famous router-security breaches, including the Pakistan incident, were accidents.

"More and more of them, though, are malicious," Bellovin adds. "Every few weeks, there will be a posting to [the North American Network Operators Group] about some prefix hijacking."

DHS to fund multiple efforts

DHS is funding two key initiatives related to enhancing routing security: Resource Public Key Infrastructure (RPKI), which adds authentication to the delegation of IP address blocks by the registries to ISPs and enterprises; and BGPSEC, which adds digital signatures to BGP announcements. (Maughan says he's modeling the BGPSEC initiative after the agency's DNSSEC effort, which has involved the National Institute of Standards and Technology [NIST] and the Internet Engineering Task Force [IETF].)

Related Content

With RPKI, the regional Internet registries are putting together a public key infrastructure to authorize IP address delegations from the Internet Assigned Numbers Authority (IANA) to the five regional Internet registries, including ARIN. Then the registries would authenticate the assignment of IP addresses and IP routing prefixes known as autonomous systems that are used by network operators.

"The idea here is that you'd like the delegation of address space to be secure or signed so it is not forgeable," Maughan says, adding that the RPKI initiative deals with the administrative side of IP address delegation. "The reason that's important is that when you start to do the routing protocol [security], you want the registry or registrar or ISP to be able within the protocol to authenticate that the address space they're claiming to have is theirs."

APNIC, the Asia Pacific registry, and the European registry RIPE NCC are running RPKI prototypes. ARIN plans to offer a beta RPKI service in the second quarter, Kosters says.

Production-quality RPKI deployment is "still a couple of years out," Kosters adds.

"By the end of this year, the four biggest [registries] will be offering certificates to their members at least as a managed service," says Stephen Kent, chief scientist for information security at BBN Technologies. "The next big issue is getting the big ISPs who are their members involved. . . . The good news is that what we're talking about here requires no router hardware or software changes. That's an important thing to make it viable for the ISPs."

Despite its promise, RPKI is controversial because it gives unprecedented operational authority to IANA and the regional Internet registries. For example, RPKI opens up the possibility that the registries could purposefully stop routing traffic to a particular block of IP addresses from a rogue nation such as Iran or North Korea.

"If you use RPKI with BGP [security], you're fundamentally changing the Internet infrastructure. You're going from a distributed, autonomously operated routing structure to one with a root and authoritative sources," McPherson says. "We're going to have to accept that trade-off to secure the routing infrastructure.’’

The next step is securing BGP so that routing announcements are authorized. BGP maintains a table of IP routing prefixes that shows how blocks of IP addresses can be reached. Today, there is no way in BGP to tell whether a route announcement is real or spoofed.

BGP is used by ISPs as well as enterprises that multihome their networks, which involves using more than one carrier for continuity of operations.

At issue is how to add digital signatures to BGP so that ISPs and enterprises can authenticate BGP updates and prevent man-in-the-middle attacks that allow someone to redirect BGP traffic.

"Every instance of routing hijacks that have happened over the last several years are proof that [securing BGP] needs to be done," Maughan says. "The way that the bad guys can do this is essentially advertise that they own the address space, and if people have no way to prove otherwise, then the protocol supports the hijack."

The Internet engineering community needs to develop a standard for securing BGP that involves as little cryptographic overhead as possible. The two existing proposals -- Secure BGP (S-BGP) by BBN's Kent and Secure Origin BGP (SoBGP) by Cisco -- haven't been deployed because they require routers to manage too many layers of digital certificates, experts say.

Maughan says DHS plans to fund research related to S-BGP and SoBGP as well as new standards work within the IETF.

"There hasn't been any new work in BGP security in a few years," Kent says, adding that he hopes to receive some of the new DHS funding. "DHS is attempting to re-initiate this work."

A secure routing infrastructure will require enterprises to operate a certificate authority function so that they can digitally sign and certify that they own a particular IP address block and have the authority to subdelegate it, outsource it or make some other decisions about how its traffic is routed.

What securing BGP does is that "when somebody sends out an update that they are now routing traffic for a particular autonomous system, you can validate that because those BGP updates will be signed," Maughan says.

Major BGP attack needed?

Despite the federal efforts, some experts say the Internet engineering community needs a massive threat akin to the Kaminsky DNS bug before it will take action to secure BGP and the rest of the routing infrastructure.

"The real barrier to securing BGP is that we just haven't had a serious enough attack," Maughan says. "If people start losing significant money because there's some type of attack on the routing infrastructure, I think you'll see a whole lot more interest."

At last August's DEFCON show, a pair of security researchers detailed a BGP exploit that would allow an attacker to eavesdrop on unencrypted Internet traffic by tricking routers into re-directing traffic to the attacker's network. However, this type of BGP eavesdropping incident is rare.

"The most sophisticated attacks as was demonstrated at DEFCON are things that probably are not occurring very frequently because the bad guys have easier ways to accomplish what they are trying to do," Kent says.

The new BGPSEC funding falls under DHS’ Secure Protocols for Routing Infrastructure program. Maughan says the agency received an additional $12.5 million appropriation for cybersecurity R&D in the federal 2009 budget, and between $2 million and $3 million of that money will go to improving router security.

More Cyber-crime Advice for Obama

ADVICE : More Cyber-crime Advice for Obama

January 20, 2009


With President-elect Barack Obama readying to take the oath of office today, IT experts are lining up to offer their advice to the new Commander-In-Chief about what he needs to do to better address issues of cyber-security.

In December, a panel of security experts put together by the Center for Strategic and International Studies (CSIS) published a lengthy set of recommendations for the new administration dubbed "Securing Cyberspace in the 44th Presidency."

In a set of points issued by anti-botnet specialists FireEye, the company's CEO, Ashar Aziz, encourages the Obama administration to take many steps outlined in the CSIS paper, but also says the CSIS guidelines do not go far enough, or may not be sufficiently explicit.

"Critical government, military, and civilian networks have been repeatedly infiltrated to steal our intellectual property and national secrets. So, how do we build a modern, national cyber security policy as we enter into the 44th Presidency? The Center for Strategic and International Studies' report weighed in on this topic, but I think they missed the point in their technical recommendations," Aziz said in a blog post.

Aziz highlights the reality that botnets and the attacks they deliver pose, imploring that "stealth malware facilitates cyber crime in the form of millions of compromised PCs on the Internet and within enterprise networks. Infection is spread through weaknesses and vulnerabilities in widely used end-system software, such as operating systems, browsers and mainstream applications as well as social engineering tactics targeting human vulnerabilities and technical naiveté. Given the magnitude and severity of this problem, urgent federal government action and leadership is required."

FireEye officially framed its "Top 10 Recommendations for U.S. Cyber Security" as:

1. Create Cabinet-level Appointment - Create a Cabinet-level position and team to coordinate national efforts around cyber security. This cyber security team should conduct a comprehensive and immediate review of the state of cyber security for all Federal networks and computer systems.

2. Conduct a Federal Threat Assessment - NIST should create a high priority task force to review the technical requirements for both end point and network-based security to guard federal systems against the threat of stealthy malware and cyber crimes

3. Issue Presidential Mandate - All Federal government departments and agencies should be instructed to comply within one year to these NIST-developed anti-malware security standards.

4. Strengthen U.S. Cyber Military - There should be a review of the vulnerability of U.S. military's network to stealth malware attacks. The recent successful infiltration of malware into U.S. military systems around the world illustrates that military networks are quite vulnerable to malware attacks.

5. Protect Critical Infrastructure - Systems that control critical infrastructures, such as utilities, power grids, major financial services and stock trading systems should also be required to comply with these technical standards on protection from stealth malware cyber attacks.

6. Develop Certification Process - NIST should create a vendor neutral certification program to rate the ability of different vendors' products to protect from stealthy malware.

7. Bolster Cyber Law Enforcement - The President-elect should create an organization to actively combat cyber crime with much greater inclusion of cyber operations as an element of active cyber crime interdiction mechanisms.

8. Build Cyber Space Situational Awareness - The U.S. government should create a global cyber security situational awareness system to provide ongoing and real-time surveillance and insights into attacks in the cyber domain.

9. Secure Private Infrastructure - U.S. corporations, especially government contractors, risk divulging sensitive financial data and intellectual property risking national security as well as massive economic disruptions.

10. Involve Internet Service Providers - ISPs (and Network Service Providers) should be required to provide protections to consumers from the threat of malware infiltrations and associated cyber crimes.

Now, to my eye, these goals are pretty similar to those issued by the CSIS panel, and anyone who thinks they've scratched the surface on that report might want to check out its hundreds of pages of technical appendices, which get far more technical.

However, if Obama heeds the advice of CSIS, Aziz and others, we're sure to see a good deal of activity around cyber-security inside the White House over the next four years.

Based on what the research has been telling us for a long time, that would appear to be major step in helping law enforcers make inroads in fighting cyber-crime. Let's hope so.

Secure deletion - a single overwrite will do it

RESEARCH : Secure deletion - a single overwrite will do it

17 January 2009


The myth that to delete data really securely from a hard disk you have to overwrite it many times, using different patterns, has persisted for decades, despite the fact that even firms specialising in data recovery, openly admit that if a hard disk is overwritten with zeros just once, all of its data is irretrievably lost.

Craig Wright, a forensics expert, claims to have put this legend finally to rest. He and his colleagues ran a scientific study to take a close look at hard disks of various makes and different ages, overwriting their data under controlled conditions and then examining the magnetic surfaces with a magnetic-force microscope. They presented their paper at ICISS 2008 and it has been published by Springer AG in its Lecture Notes in Computer Science series (Craig Wright, Dave Kleiman, Shyaam Sundhar R. S.: Overwriting Hard Drive Data: The Great Wiping Controversy).

They concluded that, after a single overwrite of the data on a drive, whether it be an old 1-gigabyte disk or a current model (at the time of the study), the likelihood of still being able to reconstruct anything is practically zero. Well, OK, not quite: a single bit whose precise location is known can in fact be correctly reconstructed with 56 per cent probability (in one of the quoted examples). To recover a byte, however, correct head positioning would have to be precisely repeated eight times, and the probability of that is only 0.97 per cent. Recovering anything beyond a single byte is even less likely.

Nevertheless, that doesn't stop the vendors of data-wiping programs offering software that overwrites data up to 35 times, based on decades-old security standards that were developed for diskettes. Although this may give a data wiper the psychological satisfaction of having done a thorough job, it's a pure waste of time.

Something much more important, from a security point of view, is actually to overwrite all copies of the data that are to be deleted. If a sensitive document has been edited on a PC, overwriting the file is far from sufficient because, during editing, the data have been saved countless times to temporary files, back-ups, shadow copies, swap files ... and who knows where else? Really, to ensure that nothing more can be recovered from a hard disk, it has to be overwritten completely, sector by sector. Although this takes time, it costs nothing: the dd command in any Linux distribution will do the job perfectly.

Call centre manager arrested over British insurance scam

ARREST : Call centre manager arrested over British insurance scam

By Aislinn Simpson

20 Jan 2009


The manager of an Indian call centre handling the insurance details of hundreds of British customers has been arrested over fears of a major scam, according to police.

According to the police, Edward Burns, an Indian citizen, was working in the insurance claims division of Delhi-based EXL, which handled British insurance firm Aviva, the parent company of Norwich Union.

The 30-year-old is feared to have been using identities of British insurance customers to make false claims for up to two years.

He has admitted siphoning off nearly £57,000 to bank accounts in Britain but this is only in relation to 12 customers and police believe the scam could be much larger.

They also fear that other British firms who hold accounts with EXL may have been affected.

The local head of police, Ashok Kumar Chaturvedi, said police also plan to interrogate three people thought to be accomplices of Mr Burns in Britain.

He said: "As this has been going on for two years, we suspect a much bigger financial fraud to British customers."

It is not yet clear how Mr Burns is alleged to have perpetrated the fraud, but it is understood that police believe his accomplices in Britain would collect the insurance payout and take a cut out to him in India.

EXL Service has played down the scale of the alleged scam, saying it was a "small-scale isolated incident".

A spokesman for Aviva said: "We can confirm that, through our own control mechanisms, we have discovered an isolated case of fraud by an employee of one of our supplier partners. We are currently working with the local authorities to take the appropriate action. At no time was any policy holders' money at risk."

Monday, January 19, 2009

Quote of the day

Quote of the day

Nothing of great value in life comes easily. The things of highest value sometimes come hard. The gold that has the greatest value lies deepest in the earth, as do the diamonds.

New IT Term of the day

New IT Term of the day

Triple DES

Also referred to as 3DES, a mode of the DES encryption algorithm that encrypts data three times. Three 64-bit keys are used, instead of one, for an overall key length of 192 bits (the first encryption is encrypted with second key, and the resulting cipher text is again encrypted with a third key).

Russian Firm Offers Wi-Fi Encryption Cracker

THREAT : Russian Firm Offers Wi-Fi Encryption Cracker

John E. Dunn,


January 16, 2009


The Russian security company that caused a stir some months by talking up its cracking tool for recovering Wi-Fi encryption keys, has started selling its software to all-comers in a specially packaged product.

Normally, running a tool to do this on a conventional Intel Core 2 Duo desktop PC would take months to brute force even a single 8-character WPA/WPA2-PSK password, of which there are trillions of possible alpha-numeric combinations at that bit length.

Elcomsoft claims that Wireless Security Auditor 1.0 can perform the same function by capturing traffic from a Wi-Fi connection using a separate packet sniffer, processing the data through up to four high-end graphics cards in order to retrieve the password in a fraction of that time.

Although the software technique behind the software has been around for months, it now has a price - £599 for UK users (more than $975).

The software supports hardware from either of the leading companies in the field, Nvidia and ATI, specifically the super-fast GeForce 8, 9, and 200, as well as ATI's Radeon HD 3000, with a minimum of 256MB of dedicated onboard RAM, on any version of Windows. The extra processing power simply speeds up the basic dictionary attack method of such software, cycling through combinations at a faster rate.

The company stops short of specifying a time to retrieve a complex password of 8 characters - the minimum allowed by WPA - but admins might infer from running the tool for any length of time that their passwords are at least secure to a minimum standard. Longer passwords, even quite simple ones, would almost certainly be beyond this tool, but therein lies the auditing usefulness of the tool.

One obvious concern is the illegal use of the tool to actually hack Wi-Fi networks, not just 'test' them.

"Elcomsoft Wireless Security Auditor works completely in off-line, undetectable by the Wi-Fi network being probed, by analyzing a dump of network communications in order to attempt to retrieve the original WPA/WPA2-PSK passwords in plain text," says the company release, confirming the tool is designed to be used with invisible sniffers.

A disclaimer on the website makes this issue more explicit.

"The program that is licensed to you is absolutely legal and you can use it provided that you are the legal owner of all files or data you are going to recover through the use of our software or have permission from the legitimate owner to perform these acts. Any illegal use of our software will be solely your responsibility. Accordingly, you affirm that you have the legal right to access all data, information and files that have been hidden."

The answer is to make sure that the risibly weak WEP (wired equivalency protocol) encryption is not being used by Wi-Fi access points, and that WPA passphrases are more than 8 characters, preferably grown-up randomly-generated hashes created by dedicated tools. Hash generation tools typically exceed 20 characters. Admins should consider themselves warned.

Obama’s Cyber-Security Agenda

AGENDA : Obama’s Cyber-Security Agenda

By Ben Worthen

January 16, 2009


National security was a top issue during the presidential campaign. Cyber security was decidedly less so.

While the outgoing Bush administration took steps over the last two years to improve cyber security, “we don’t think it’s keeping pace with the progress necessary to keep the country safe,” says John Stewart, chief security officer for Cisco Systems.

Stewart was a member of a commission led by the Center for Strategic and International Studies that recently issued a [2] 96-page report recommending 25 steps that President-elect Barack Obama should take to secure cyberspace. Among them are creating a White House level cyber-security office with its own budget, rewriting criminal statutes to better punish cyber criminals, and more funding for security R&D.

One reason protecting computers and the information stored on them has never been a prominent issue is cyber attacks are largely invisible. It’s hard not to notice a bridge that blows up; victims of cyber attacks may never know an incident occurred.

Protecting cyberspace will require coordination between the private sector and the public sector, according to the commission. Because data get exchanged between the government and companies, just protecting federal computers and networks won’t be adequate, says Stewart. Also, much of the critical infrastructure that would result in the most damage if attacked—the power grid, for example, or the banking system—isn’t maintained by the government. The commission calls for President-elect Obama to appoint three groups to help facilitate collaboration between the public and private sector, and to make adequate security a requirement when awarding government contracts.

Another problem: Because the Internet is largely anonymous, it’s difficult to accurately trace cyber attacks. The commission proposes a using a credentialing system to verify the identities of people who access certain government and private-sector computer systems. Stewart says the goal isn’t to track where people go on the Internet, but rather to have a record of when and by whom key systems are accessed, which can help investigators determine who perpetrated an attack.

The Federal Trade Commission would ensure that businesses don’t require authentication for things that don’t warrant it. “We really want to be able to ensure that anonymous crime is reduced without reducing the constitutional rights that we have,” Stewart says.

Malaysia record 4,000 cyber crimes in two years

STATS : Malaysia record 4,000 cyber crimes in two years

January 18, 2009


JOHOR BARU: More than 4,000 complaints mostly concerning cyber crimes have been lodged with Cybersecurity Malaysia in the past two years.

Its chief executive officer Lt-Kol (R) Husin Jazri said the complaints related mostly to threats of hacking, fraud, denial of services and loss of files or virus infections.

“We received an average of 2,000 complaints a year since 2007.

“Last year alone, a total of 2,123 complaints were lodged with us,” he said after the presentation of five computers to a school in the Kampung Simpang Arang Orang Asli settlement.

Science, Technology and Innovation secretary-general Datuk Abdul Hanan Alang Endut presented the computers yesterday.

Lt-Kol Husin explained that the agency’s services catered to individuals as well as companies that experienced computer related problems.

“Our consultation services are free but we will charge any work that needs to be done such as repairs,” he said adding that the agency rarely charged students or those from the lower-income group.”

He said they also offered services in digital forensics, security assurance, security management and coming up with best practice management.

Lt-Kol Husin said the public could contact the agency at 03-89926888, fax 03-89453205 or email info@cybersecurity.my

“People can also contact our hotline at CYBER999 to report any problems.”

Manager dupes IT company

CHEAT : Manager dupes IT company




Pune: The owner of a software company received the shock of his life when he discovered that he had been duped by his most trusted employee.

Nilesh Dattatray Kedar, manager of Senate Technologies Pvt Ltd., along with a techie allegedly conned Bavdhan based IT company to the tune of Rs 28.91 crores by stealing source code of a software programme of the company.

And following the complaint filed by Sadeep Sarode, owner of company, Hinjewadi police has booked the duo for what they say was as sharply planned corporate crime.

According to the complaint, Kedar, a resident of Badlapur in Thane district, was working as a project manager with Senate Technologies Pvt Ltd. and had committed the crime between July 2008 and January 1, 2009.

Sarode, in his complaint, has said that Kedar won the confidence of company management while executing a software programme called 'Cost of Difference' and even convinced the company to set up an office in UK to tap the European market.

Also, he allegedly convinced the company to appoint an intermediate agency to contact prospective foreign clients and suggested the name of 24X7 RPF Limited.

Kedar then contacted the company officials from UK saying that a bank has approached the company to develop a software programme, which they can use to record their financial reports. "Accordingly, the company hired several software engineers to prepare the software as per the banks' requirement," said Sarode.

He added that when the software was ready, Kedar allegedly told the officials of the company that the bank has even issued a demand draft (DD). However, Sarode alleged that Kedar never showed the DD to the company.

Also, he asked the company officials in Pune to dispatch the software and its source code to which the company officials obliged.

"But later, Kedar told the company officials that the customer bank has rejected the project and have refused to return the software programme," said Sarode.

And to the utter disbelief of Senate Technologies officials, Kedar himself was the owner of 24X7 RPF Limited and had allegedly sold the software project as a product of 24X7 RPF Limited.

Incidentally, a few months ago, Brainvisa, a company involved in e-learning solutions, reported a similar case to the city police.

Sunday, January 18, 2009

Quote of the day

Quote of the day

The golden opportunity you are seeking is in yourself. It is not in your environment; it is not in luck or chance, or the help of others; it is in yourself alone.

Orison Swett Marden

(1850-1924, Founder of Success Magazine)

New IT Term of the day

New IT Term of the day


An anonymous Internet communication system based on a distributed network. Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you remain anonymous while Web browsing, instant messaging, using IRC, SSH, or other applications which use the TCP protocol. The Tor network takes a random pathway through several servers that cover your tracks so no observer at any single point can tell where the data came from or where it's going. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety and privacy features.

Tor was developed is supported by the Electronic Frontier Foundation.

National Skills Shortage in Computer Forensics

DEMAND : National Skills Shortage in Computer Forensics

Andy Frowen

14 Jan 2009


Computer Forensics, or Digital Forensics to give it another name, is something that in todays fast moving environment that has become as much part of policing as walking the beat or patrolling as part of a mobile unit.

As technology progresses and it does so extremely quickly these days, so to do the ways in which technology is applied to crime and its uses by the criminal. Whereas in the past when crime was much more straightforward and involved a physical presence, Computer Crime requires, in some instances, nothing more than a computer, access to the internet, and the personal information of an unwitting individual.

As this type of computer criminal becomes more and more common so too does the need for experts in the field of Computer Forensics Analysis. However in the United Kingdom at the present time there is a shortage of trained professionals in this field which leaves the computer criminal at a distinct advantage.

Computer Forensics is used in a variety of different ways and not simply as a means of producing an auditable trail of data. A Computer Forensics Analysis of a laptop or desktop machine can provide valuable information as to not only how the machine was used to perpetrate a crime, but also who used the machine to commit the crime.

As individuals we all have certain ways of typing and committing words to a page and this is all very much part and parcel of the Computer Forensics Experts job, identifying these common traits and using them to help produce a profile.

The role of Computer Forensics Analysis in a court case is vitally important especially if that case pertains to the use of computers as a means to defraud money or in the distribution of materials deemed illegal such as pornography and child pornography. An expert Computer Witness will be able to provide such analysis to members of the jury, the judge, and the defence and prosecution teams in a way that is both informative and yet easily enough understood so as not to muddy the waters.

Such a witness is invaluable in both the prosecution and defence of a case and can be utilised to provide expert Computer Forensic Analysis and also provide the jury, who are not necessarily familiar with such terms, with easily digestible and retainable information.

Indeed an expert witness may also be able to physically demonstrate to the court just how a criminal has managed to perpetrate a crime especially if this crime is committed over a distance.

As touched upon earlier there is a shortage of such personnel in the United Kingdom at the present time and this is in no small part due to the face that computer crime is on the increase and becoming more sophisticated. Such trained personnel are invaluable to a case and are fully conversant with ACPO (Association of Chief Police Officers) guidelines.

With such a shortage of trained personnel it is fair to say that the floodgates have been opened for the Computer Criminal. He, she or they (it is often common to find such individuals working in cells using complex networks and IT infrastructures) are more likely to evade a thorough investigation and subsequent prosecution without the assistance of trained Computer Expert Witnesses and their informed analysis.

These trained personnel are often in short supply because of the need for more than one discipline when it comes to Computer Forensics Analysis.

Network Forensics is often such that an Computer Forensics Expert will be required to examine the data on a large number of computers either networked together physically (hard-wired) or operating as satellites as part of a Wi-Fi network. This particular type of auditing is particularly useful and often provides vital information in the prosecution of computer crime especially when it is necessary to link together a number of individuals spread over a large geographical area.

It is important to remember also that the analysis provided by a Computer Expert Witness is not only used to help in the prosecution or defence of a case at a judicial level but also can be used in helping to identify and prevent further instances of Computer Crime. Moreover this is something that has, and will have, an impact when it comes to fighting ecrime in the future as the ecriminals and their methods become more sophisticated and harder to track.

419ers take Canadian for $150,000

VICTIM : 419ers take Canadian for $150,000

Textbook scam

By Lester Haines

15th January 2009


A Canadian man who fell for a 419 scam was taken for $150,000 by advance fee fraudsters who conducted a textbook operation to fleece their victim.

John Rempel of Leamington, Ontario, got an email back in 2007 from "someone claiming to be a lawyer with a client named David Rempel who died in a 2005 bomb attack in London", the Windsor Star reports. The email claimed the "deceased" had left $12.8m, and since he had no family "wanted to leave the money to a Rempel".

Rempel, 22, said: “It sounded all good so I called him. He sounded very happy and said God bless you.”

The 419er told Rempel he had to pay $2,500 to transfer the money into his name. He then had to stump for several more documents, some of which cost $5,000. The scammer told Rempel he had to open a bank account in London, with a minimum $5,000 deposit. He said some of the money had been transferred into the account for “safe keeping".

The scammers then upped the ante, sending an email from a "government department" claiming he owed $250,000 tax on his inheritance. Rempel's contact assured him he'd "negotiated the fee down to $25,000".

Rempel decided to travel to London to check that the deal was legit. He made his way to Mexico, where his farm-owning uncle gave him cash and money for a plane ticket. He said: “I had $10,000 in cash in my pocket and my uncle sent another $25,000 when I was over there.”

Once in London, Rempel met "some people" and handed over the $10k. The next day, the 419ers showed their target a suitcase they said contained $10.6m in shrink-wrapped US bills. Rempel demanded further proof, at which point one scammer extracted a bill and “cleansed” it with a liquid “formula" which "washed off some kind of stamp". The process converted the cash into “legal tender", Rempel was told.

Rempel said: “I was like holy crap, is that mine?” he said. “They said ‘yes sir, it’s yours.’ It all sounded legit.”

Rempel went back to his hotel room with the magic formula to wait for the 419ers "so they could cleanse all his money". They, of course, disappeared, later claiming they'd "been held up".

The victim then managed to drop the bottle containing the formula, breaking it. He rang his contact who said he'd get further supplies. Rempel flew back to Leamington and waited several weeks until a call which confirmed more formula was available for $120,000.

Rempel said: “I thought, ‘let’s work on it, nothing is impossible.’”

The 419ers told Rempel they "were willing to meet associates in different countries to get cash for the formula", but that they'd need several plane tickets, at $6,000 a pop.

The scammers subsequently confirmed they'd collected $100,000, but were still $20,000 short. Apparently, there was "a guy in Nigeria who had it, but another plane ticket was required". The contact then insisted he could only get $15,000 of the balance and “begged” Rempel for the remaining $5,000.

Rempel obliged, borrowing the money and defaulting on his credit card and car payments.

A week later, Rempel got the call he'd been waiting for - the cash was ready to go if he could just find an extra $6,900 for "travel costs and to rent trunks to ship the money".

The final contact between Rempel and the scammers was when they called to say they'd arrived at the airport in New York. However, there was a slight snag - security had stopped them and they needed $12,500 for a bribe.

Rempel, still none the wiser but substantially lighter in the wallet, told them: "No way, I’m cleaned out.”

In one last desperate act, Rempel drove to the airport with his parents and 10-year-old brother, but found no trace of his friends or the money. They then went home and called the police.

The final cost of Rempel's mix of greed and remarkable stupidity was $55,000 from his uncle in Mexico, $60,000 from his parents to "cover fees for transferring $12.8 million into his name", plus the money he personally lost - a total of $150,000.

He said: “They’re in it now because of me. If it wasn’t for me, nobody would be in this mess. You think things will work out, but it doesn’t. It’s a very bad feeling. I had lots of friends. I never get calls anymore from my friends. You know, a bad reputation.”

He concluded: “I really thought in my heart this was true."

FBI calls for global cooperation on cyber crime

CALL : FBI calls for global cooperation on cyber crime

International laws needed to combat global threat

Iain Thomson in San Francisco


14 Jan 2009



The FBI has called for greater international coordination in anti-hacking laws at the first International Conference on Cyber Security.

The conference was held last week at Fordham University in New York City and was co-sponsored by the FBI. It aimed to bring together commercial companies, law enforcement and private individuals with an interest in curbing online crime.

“The FBI’s goal of sponsoring this conference is to build and forge long-lasting relationships to combat terrorist and criminal use of the Internet,” said Joseph Demarest, head of the FBI’s New York Office.

“The conference is the beginning of greater cooperation on all cyber matters.”

As an example of how such cooperation would work the FBI highlighted the work of the new 24/7 computer intrusion investigation team, which now has 55 member states contributing resources.

The FBI showed an example of how the team responds to attacks, in this example involving an initial intrusion into a bank in Mexico City initially routed through a computer in New York. This was however controlled from a computer in South Korea which was in turn traced to a machine in Thailand, where local police made an arrest.

Thanks to inter-network cooperation the team could backtrace and make an arrest within hours, rather than the weeks and months that traditional online policing would have taken.

“The bottom line is to make sure there are consequences for criminal cyber actions and similar consequences everywhere,” explained Christopher Painter, deputy assistant director of the FBI’s Cyber Division.

“The bad guys need to know there is no free ride.”

Worm infects 3.5M Windows PCs in 2 days

SCALE : Worm infects 3.5M Windows PCs in 2 days

It would make 'one big badass botnet,' says Finnish security company

Gregg Keizer

January 14, 2009



The computer worm that exploits a months-old Windows bug has infected more than a million PCs in the past 24 hours, a security company said today.

Early Wednesday, Helsinki, Finland-based security firm F-Secure Corp. estimated that 3.5 million PCs have been compromised by the "Downadup" worm, an increase of more than 1.1 million since Tuesday.

"[And] we still consider this to be a conservative estimate," said Sean Sullivan, a researcher at F-Secure, in an entry to the company's Security Lab blog. Yesterday, F-Secure said the worm had infected an estimated 2.4 million machines.

The worm, which several security companies have described as surging dramatically during the past few days, exploits a bug in the Windows Server service used by all supported versions of Microsoft Corp.'s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008.

Microsoft issued an emergency patch in late October, fixing the flaw with one of its rare "out of cycle" updates.

The soaring number of infections by Downadup -- also called "Conficker" by some security companies -- prompted Microsoft to add detection for the worm to its Malicious Software Removal Tool (MSRT), the anti-malware utility that the company updates and redistributes each month to Windows machines on Patch Tuesday. The MSRT scans for known malware, then scrubs the system of any it finds.

Like researchers at firms such as Symantec Corp. and Panda Security, Microsoft blamed lackadaisical patching for the infections. "A number of our customers have contacted our support team for assistance with containment in environments that were, largely, not patched when the worm was released," said Cristian Craioveanu and Ziv Mador, two researchers at Microsoft's Malware Protection Center, in a Tuesday blog entry. "Either Security Update MS08-067 was not installed at all or was not installed on all the computers."

Craioveanu and Mador said that the highest number of infection reports had come from the U.S., Canada, Mexico, Korea and several European countries, including the U.K., France and Germany.

Yesterday, F-Secure also reported that it was spying on Downadup's command-and-control process by registering domains it thought the worm would try to use to download additional malware to infected PCs. The worm generates hundreds of possible domain names daily using a complex algorithm, said Mikko Hypponen, F-Secure's chief research officer.

"This makes it impossible and/or impractical for us good guys to shut them all down," acknowledged Hypponen in a blog entry. "The bad guys only need to predetermine one possible domain for tomorrow, register it and set up a Web site, and they then gain access to all of the infected machines. Pretty clever." Even so, F-Secure has registered some of the possible hosting domains so that it can eavesdrop on the attackers and get an idea of the number of infected PCs.

Other security firms have tried to preempt hackers by registering domains that they may use, but with mixed results. Last November, FireEye Inc. tried to stay ahead of criminals operating the "Srizbi" botnet by registering several hundred domains being used to resurrect the infected PC army, but had to give up the game when it got too costly.

"We have registered a couple hundred domains," said Fengmin Gong, chief security content officer at FireEye, at the time. "But we made the decision that we cannot afford to spend so much money to keep registering so many [domain] names."

As soon as FireEye conceded, the hackers were able to re-establish communication with their bots.

Microsoft recommended that Windows users install the October update, then run the January edition of the MSRT to clean up compromised computers.

It's not clear whether the hackers behind Downadup are building a botnet of their own, said Joe Stewart, a senior security researcher at SecureWorks Inc., in an interview today. For the moment, they seem satisfied with feeding victims fake security software, which pesters users with pop-ups until they pay for the worthless program.

However, F-Secure's Hypponen sounded worried about the possibility that machines infected with Downadup would be converted into bots. "It would make for one big badass botnet," he said.

This Day in History

Thanks for your Visit